X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=Configure;h=45be2e6ab745aead61c9d4d3a0509955aa0932a9;hb=1ee27238f7cdb935d38d21c925d1950b43d899fd;hp=a946b6a69ee864db1c2929d316a376f917a87297;hpb=831ffcb705eba9493d656720229891fedcbc93f0;p=oweals%2Fopenssl.git diff --git a/Configure b/Configure index a946b6a69e..45be2e6ab7 100755 --- a/Configure +++ b/Configure @@ -6,11 +6,13 @@ eval 'exec perl -S $0 ${1+"$@"}' ## require 5.000; -use strict; +eval 'use strict;'; + +print STDERR "Warning: perl module strict not found.\n" if ($@); # see INSTALL for instructions. -my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; +my $usage="Usage: Configure [no- ...] [enable- ...] [experimental- ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n"; # Options: # @@ -54,6 +56,8 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # [no-]zlib [don't] compile support for zlib compression. # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded in run-time by the OpenSSL library. +# enable-montasm 0.9.8 branch only: enable Montgomery x86 assembler backport +# from 0.9.9 # 386 generate 80386 code # no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 # no- build without specified algorithm (rsa, idea, rc5, ...) @@ -114,9 +118,9 @@ my $tlib="-lnsl -lsocket"; my $bits1="THIRTY_TWO_BIT "; my $bits2="SIXTY_FOUR_BIT "; -my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o"; -my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o"; -my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o"; +my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o MAYBE-MO86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o"; +my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o MAYBE-MO86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o"; +my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o"; my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::"; my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o::"; @@ -153,8 +157,10 @@ my %table=( "debug-ben-debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::::", "debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::", "debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", -"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", +"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}", "debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll", +"debug-steve64", "gcc:-m64 -DL_ENDIAN -DTERMIO -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wall -Werror -Wno-long-long -Wsign-compare -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", +"debug-steve32", "gcc:-m32 -DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -DOPENSSL_NO_DEPRECATED -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)", "debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-opt", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -O3 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared", "debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared", @@ -403,12 +409,12 @@ my %table=( #### IBM's AIX. "aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::", -"aix-gcc", "gcc:-O -DB_ENDIAN::-D_THREAD_SAFE:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-D_THREAD_SAFE:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", +"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64", # Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE # at build time. $OBJECT_MODE is respected at ./config stage! -"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", -"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", +"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32", +"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64", # # Cray T90 and similar (SDSC) @@ -479,15 +485,20 @@ my %table=( "Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", "debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a", -# NetWare from David Ward (dsward@novell.com) - requires MetroWerks NLM development tools +# NetWare from David Ward (dsward@novell.com) +# requires either MetroWerks NLM development tools, or gcc / nlmconv +# NetWare defaults socket bio to WinSock sockets. However, +# the builds can be configured to use BSD sockets instead. # netware-clib => legacy CLib c-runtime support -"netware-clib", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", +"netware-clib", "mwccnlm::::::${x86_gcc_opts}::", +"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::", +"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", +"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::", # netware-libc => LibC/NKS support -# NetWare defaults socket bio to WinSock sockets. However, the LibC build can be -# configured to use BSD sockets instead. "netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", "netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::", "netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", +"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::", # DJGPP "DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:", @@ -501,8 +512,9 @@ my %table=( ##### MacOS X (a.k.a. Rhapsody or Darwin) setup "rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::", "darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:ppccpuid_osx64.o:osx_ppc64.o osx_ppc64-mont.o:::::sha1-ppc_osx64.o sha256-ppc_osx64.o sha512-ppc_osx64.o:::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", -"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -fno-common::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc64.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", +"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK BF_PTR2 DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", "debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib", @@ -532,7 +544,9 @@ my %table=( my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A VC-NT VC-CE VC-WIN32 - BC-32 OS2-EMX netware-clib netware-libc netware-libc-bsdsock); + BC-32 OS2-EMX + netware-clib netware-clib-bsdsock + netware-libc netware-libc-bsdsock); my $idx = 0; my $idx_cc = $idx++; @@ -565,12 +579,18 @@ my $prefix=""; my $openssldir=""; my $exe_ext=""; my $install_prefix=""; +my $fipslibdir="/usr/local/ssl/fips-1.0/lib/"; +my $nofipscanistercheck=0; +my $fipsdso=0; +my $fipscanisterinternal="n"; +my $baseaddr="0xFB00000"; my $no_threads=0; my $threads=0; my $no_shared=0; # but "no-shared" is default my $zlib=1; # but "no-zlib" is default my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used my $no_rfc3779=1; # but "no-rfc3779" is default +my $montasm=1; # but "no-montasm" is default my $no_asm=0; my $no_dso=0; my $no_gmp=0; @@ -587,6 +607,7 @@ my $rc2 ="crypto/rc2/rc2.h"; my $bf ="crypto/bf/bf_locl.h"; my $bn_asm ="bn_asm.o"; my $des_enc="des_enc.o fcrypt_b.o"; +my $fips_des_enc="fips_des_enc.o"; my $aes_enc="aes_core.o aes_cbc.o"; my $bf_enc ="bf_enc.o"; my $cast_enc="c_enc.o"; @@ -598,29 +619,40 @@ my $rmd160_obj=""; my $processor=""; my $default_ranlib; my $perl; +my $fips=0; # All of the following is disabled by default (RC5 was enabled before 0.9.8): -my %disabled = ( # "what" => "comment" +my %disabled = ( # "what" => "comment" [or special keyword "experimental"] "camellia" => "default", + "capieng" => "default", + "cms" => "default", "gmp" => "default", + "jpake" => "experimental", "mdc2" => "default", + "montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9) "rc5" => "default", "rfc3779" => "default", "seed" => "default", "shared" => "default", - "tlsext" => "default", "zlib" => "default", "zlib-dynamic" => "default" ); +my @experimental = (); + +# This is what $depflags will look like with the above defaults +# (we need this to see if we should advise the user to run "make depend"): +my $default_depflags = " -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED"; -# Additional "no-..." options will be collected in %disabled. -# To remove something from %disabled, use e.g. "enable-rc5". -# For symmetry, "disable-..." is a synonym for "no-...". -# This is what $depflags will look like with the above default: -my $default_depflags = "-DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_GMP -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED -DOPENSSL_NO_TLSEXT "; +# Explicit "no-..." options will be collected in %disabled along with the defaults. +# To remove something from %disabled, use "enable-foo" (unless it's experimental). +# For symmetry, "disable-foo" is a synonym for "no-foo". + +# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable. +# We will collect such requests in @experimental. +# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO. my $no_sse2=0; @@ -629,6 +661,7 @@ my $no_sse2=0; my $flags; my $depflags; +my $openssl_experimental_defines; my $openssl_algorithm_defines; my $openssl_thread_defines; my $openssl_sys_defines=""; @@ -649,6 +682,7 @@ while($argv_unprocessed) { $flags=""; $depflags=""; + $openssl_experimental_defines=""; $openssl_algorithm_defines=""; $openssl_thread_defines=""; $openssl_sys_defines=""; @@ -674,25 +708,35 @@ PROCESS_ARGS: if (/^no-(.+)$/ || /^disable-(.+)$/) { - if ($1 eq "ssl") - { - $disabled{"ssl2"} = "option(ssl)"; - $disabled{"ssl3"} = "option(ssl)"; - } - elsif ($1 eq "tls") - { - $disabled{"tls1"} = "option(tls)" - } - else + if (!($disabled{$1} eq "experimental")) { - $disabled{$1} = "option"; + if ($1 eq "ssl") + { + $disabled{"ssl2"} = "option(ssl)"; + $disabled{"ssl3"} = "option(ssl)"; + } + elsif ($1 eq "tls") + { + $disabled{"tls1"} = "option(tls)" + } + else + { + $disabled{$1} = "option"; + } } } - elsif (/^enable-(.+)$/) + elsif (/^enable-(.+)$/ || /^experimental-(.+)$/) { - delete $disabled{$1}; + my $algo = $1; + if ($disabled{$algo} eq "experimental") + { + die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n" + unless (/^experimental-/); + push @experimental, $algo; + } + delete $disabled{$algo}; - $threads = 1 if ($1 eq "threads"); + $threads = 1 if ($algo eq "threads"); } elsif (/^--test-sanity$/) { @@ -723,12 +767,36 @@ PROCESS_ARGS: } elsif (/^386$/) { $processor=386; } + elsif (/^fips$/) + { + $fips=1; + } elsif (/^rsaref$/) { # No RSAref support any more since it's not needed. # The check for the option is there so scripts aren't # broken } + elsif (/^nofipscanistercheck$/) + { + $fips = 1; + $nofipscanistercheck = 1; + } + elsif (/^fipscanisterbuild$/) + { + $fips = 1; + $nofipscanistercheck = 1; + $fipslibdir=""; + $fipscanisterinternal="y"; + } + elsif (/^fipsdso$/) + { + $fips = 1; + $nofipscanistercheck = 1; + $fipslibdir=""; + $fipscanisterinternal="y"; + $fipsdso = 1; + } elsif (/^[-+]/) { if (/^-[lL](.*)$/) @@ -763,6 +831,14 @@ PROCESS_ARGS: { $withargs{"zlib-include"}="-I$1"; } + elsif (/^--with-fipslibdir=(.*)$/) + { + $fipslibdir="$1/"; + } + elsif (/^--with-baseaddr=(.*)$/) + { + $baseaddr="$1"; + } else { print STDERR $usage; @@ -870,6 +946,54 @@ print "Configuring for $target\n"; &usage if (!defined($table{$target})); +my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); +my $cc = $fields[$idx_cc]; +# Allow environment CC to override compiler... +if($ENV{CC}) { + $cc = $ENV{CC}; +} +my $cflags = $fields[$idx_cflags]; +my $unistd = $fields[$idx_unistd]; +my $thread_cflag = $fields[$idx_thread_cflag]; +my $sys_id = $fields[$idx_sys_id]; +my $lflags = $fields[$idx_lflags]; +my $bn_ops = $fields[$idx_bn_ops]; +my $cpuid_obj = $fields[$idx_cpuid_obj]; +my $bn_obj = $fields[$idx_bn_obj]; +my $des_obj = $fields[$idx_des_obj]; +my $aes_obj = $fields[$idx_aes_obj]; +my $bf_obj = $fields[$idx_bf_obj]; +my $md5_obj = $fields[$idx_md5_obj]; +my $sha1_obj = $fields[$idx_sha1_obj]; +my $cast_obj = $fields[$idx_cast_obj]; +my $rc4_obj = $fields[$idx_rc4_obj]; +my $rmd160_obj = $fields[$idx_rmd160_obj]; +my $rc5_obj = $fields[$idx_rc5_obj]; +my $dso_scheme = $fields[$idx_dso_scheme]; +my $shared_target = $fields[$idx_shared_target]; +my $shared_cflag = $fields[$idx_shared_cflag]; +my $shared_ldflag = $fields[$idx_shared_ldflag]; +my $shared_extension = $fields[$idx_shared_extension]; +my $ranlib = $fields[$idx_ranlib]; +my $arflags = $fields[$idx_arflags]; + +if ($fips) + { + delete $disabled{"shared"} if ($disabled{"shared"} eq "default"); + $disabled{"asm"}="forced" + if ($target !~ "VC\-.*" && + "$cpuid_obj:$bn_obj:$aes_obj:$des_obj:$sha1_obj" eq "::::"); + } + +foreach (sort @experimental) + { + my $ALGO; + ($ALGO = $_) =~ tr/[a-z]/[A-Z]/; + + # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined + $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n"; + $cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO"; + } foreach (sort (keys %disabled)) { @@ -885,6 +1009,8 @@ foreach (sort (keys %disabled)) { $no_shared = 1; } elsif (/^zlib$/) { $zlib = 0; } + elsif (/^montasm$/) + { $montasm = 0; } elsif (/^static-engine$/) { } elsif (/^zlib-dynamic$/) @@ -918,7 +1044,7 @@ foreach (sort (keys %disabled)) push @skip, $algo; print " (skip dir)"; - $depflags .="-DOPENSSL_NO_$ALGO "; + $depflags .= " -DOPENSSL_NO_$ALGO"; } } } @@ -926,14 +1052,26 @@ foreach (sort (keys %disabled)) print "\n"; } - my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds; $IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys()); +$no_shared = 0 if ($fipsdso && !$IsMK1MF); + $exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw"); +$exe_ext=".nlm" if ($target =~ /netware/); $exe_ext=".pm" if ($target =~ /vos/); -$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq ""); +if ($openssldir eq "" and $prefix eq "") + { + if ($fips) + { + $openssldir="/usr/local/ssl/fips"; + } + else + { + $openssldir="/usr/local/ssl"; + } + } $prefix=$openssldir if $prefix eq ""; $default_ranlib= &which("ranlib") or $default_ranlib="true"; @@ -941,7 +1079,7 @@ $perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl") or $perl="perl"; chop $openssldir if $openssldir =~ /\/$/; -chop $prefix if $prefix =~ /\/$/; +chop $prefix if $prefix =~ /.\/$/; $openssldir=$prefix . "/ssl" if $openssldir eq ""; $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/; @@ -949,33 +1087,6 @@ $openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/] print "IsMK1MF=$IsMK1MF\n"; -my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1); -my $cc = $fields[$idx_cc]; -my $cflags = $fields[$idx_cflags]; -my $unistd = $fields[$idx_unistd]; -my $thread_cflag = $fields[$idx_thread_cflag]; -my $sys_id = $fields[$idx_sys_id]; -my $lflags = $fields[$idx_lflags]; -my $bn_ops = $fields[$idx_bn_ops]; -my $cpuid_obj = $fields[$idx_cpuid_obj]; -my $bn_obj = $fields[$idx_bn_obj]; -my $des_obj = $fields[$idx_des_obj]; -my $aes_obj = $fields[$idx_aes_obj]; -my $bf_obj = $fields[$idx_bf_obj]; -my $md5_obj = $fields[$idx_md5_obj]; -my $sha1_obj = $fields[$idx_sha1_obj]; -my $cast_obj = $fields[$idx_cast_obj]; -my $rc4_obj = $fields[$idx_rc4_obj]; -my $rmd160_obj = $fields[$idx_rmd160_obj]; -my $rc5_obj = $fields[$idx_rc5_obj]; -my $dso_scheme = $fields[$idx_dso_scheme]; -my $shared_target = $fields[$idx_shared_target]; -my $shared_cflag = $fields[$idx_shared_cflag]; -my $shared_ldflag = $fields[$idx_shared_ldflag]; -my $shared_extension = $fields[$idx_shared_extension]; -my $ranlib = $fields[$idx_ranlib]; -my $arflags = $fields[$idx_arflags]; - # '%' in $lflags is used to split flags to "pre-" and post-flags my ($prelflags,$postlflags)=split('%',$lflags); if (defined($postlflags)) { $lflags=$postlflags; } @@ -1109,6 +1220,16 @@ if ($no_asm) { $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=""; $sha1_obj=$md5_obj=$rmd160_obj=""; + $cflags=~s/\-D[BL]_ENDIAN// if ($fips); + $thread_cflags=~s/\-D[BL]_ENDIAN// if ($fips); + } +if ($montasm) + { + $bn_obj =~ s/MAYBE-MO86-/mo86-/; + } +else + { + $bn_obj =~ s/MAYBE-MO86-[a-z.]*//; } if (!$no_shared) @@ -1139,7 +1260,7 @@ if ($zlib) my $shared_mark = ""; if ($shared_target eq "") { - $no_shared_warn = 1 if !$no_shared; + $no_shared_warn = 1 if !$no_shared && !$fips; $no_shared = 1; } if (!$no_shared) @@ -1228,8 +1349,14 @@ $bn_obj = $bn_asm unless $bn_obj ne ""; # bn86* is the only one implementing bn_*_part_words $cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/); $cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/); + $cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/); +if ($fips) + { + $openssl_other_defines.="#define OPENSSL_FIPS\n"; + } + $des_obj=$des_enc unless ($des_obj =~ /\.o$/); $bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/); $cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/); @@ -1314,10 +1441,12 @@ while () if ($sdirs) { my $dir; foreach $dir (@skip) { - s/([ ])$dir /\1/; + s/(\s)$dir\s/$1/; + s/\s$dir$//; } } $sdirs = 0 unless /\\$/; + s/fips // if (/^DIRS=/ && !$fips); s/^VERSION=.*/VERSION=$version/; s/^MAJOR=.*/MAJOR=$major/; s/^MINOR=.*/MINOR=$minor/; @@ -1335,7 +1464,7 @@ while () s/^CC=.*$/CC= $cc/; s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc"; s/^CFLAG=.*$/CFLAG= $cflags/; - s/^DEPFLAG=.*$/DEPFLAG= $depflags/; + s/^DEPFLAG=.*$/DEPFLAG=$depflags/; s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/; s/^EX_LIBS=.*$/EX_LIBS= $lflags/; s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/; @@ -1358,9 +1487,24 @@ while () s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/; s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/; s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/; + s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/; + if ($fipsdso) + { + s/^FIPSCANLIB=.*/FIPSCANLIB=libfips/; + s/^SHARED_FIPS=.*/SHARED_FIPS=libfips\$(SHLIB_EXT)/; + s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl fips/; + } + else + { + s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips; + s/^SHARED_FIPS=.*/SHARED_FIPS=/; + s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/; + } + s/^FIPSCANISTERINTERNAL=.*/FIPSCANISTERINTERNAL=$fipscanisterinternal/; + s/^BASEADDR=.*/BASEADDR=$baseaddr/; s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/; s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/; - s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); + s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_FIPS) \$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared); if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/) { my $sotmp = $1; @@ -1464,6 +1608,7 @@ print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configur print OUT "/* OpenSSL was configured with the following options: */\n"; my $openssl_algorithm_defines_trans = $openssl_algorithm_defines; +$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n# define OPENSSL_NO_$1\n# endif\n#endif/mg; $openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n# define $1\n# endif/mg; $openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; $openssl_algorithm_defines = " /* no ciphers excluded */\n" if $openssl_algorithm_defines eq ""; @@ -1472,8 +1617,10 @@ $openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/ $openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg; print OUT $openssl_sys_defines; print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n"; +print OUT $openssl_experimental_defines; +print OUT "\n"; print OUT $openssl_algorithm_defines; -print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n"; +print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n"; print OUT $openssl_thread_defines; print OUT $openssl_other_defines,"\n"; @@ -1624,7 +1771,7 @@ EOF } # create the ms/version32.rc file if needed -if ($IsMK1MF) { +if ($IsMK1MF && ($target !~ /^netware/)) { my ($v1, $v2, $v3, $v4); if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) { $v1=hex $1; @@ -1655,9 +1802,16 @@ BEGIN BEGIN BLOCK "040904b0" BEGIN +#if defined(FIPS) + VALUE "Comments", "WARNING: TEST VERSION ONLY ***NOT*** FIPS 140-2 VALIDATED.\\0" +#endif // Required: VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0" +#if defined(FIPS) + VALUE "FileDescription", "TEST UNVALIDATED FIPS140-2 DLL\\0" +#else VALUE "FileDescription", "OpenSSL Shared Library\\0" +#endif VALUE "FileVersion", "$version\\0" #if defined(CRYPTO) VALUE "InternalName", "libeay32\\0" @@ -1665,12 +1819,15 @@ BEGIN #elif defined(SSL) VALUE "InternalName", "ssleay32\\0" VALUE "OriginalFilename", "ssleay32.dll\\0" +#elif defined(FIPS) + VALUE "InternalName", "libosslfips\\0" + VALUE "OriginalFilename", "libosslfips.dll\\0" #endif VALUE "ProductName", "The OpenSSL Toolkit\\0" VALUE "ProductVersion", "$version\\0" // Optional: //VALUE "Comments", "\\0" - VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" + VALUE "LegalCopyright", "Copyright © 1998-2007 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0" //VALUE "LegalTrademarks", "\\0" //VALUE "PrivateBuild", "\\0" //VALUE "SpecialBuild", "\\0" @@ -1707,6 +1864,21 @@ libraries on this platform, they will at least look at it and try their best (but please first make sure you have tried with a current version of OpenSSL). EOF +print <<\EOF if ($fipscanisterinternal eq "y"); + +WARNING: OpenSSL has been configured using unsupported option(s) to internally +generate a fipscanister.o object module for TESTING PURPOSES ONLY; that +compiled module is NOT FIPS 140-2 validated and CANNOT be used to replace the +OpenSSL FIPS Object Module as identified by the CMVP +(http://csrc.nist.gov/cryptval/) in any application requiring the use of FIPS +140-2 validated software. + +This is an OpenSSL 0.9.8 test version. + +See the file README.FIPS for details of how to build a test library. + +EOF + exit(0); sub usage