A local copy of OpenSSL from GitHub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

661 lines
31 KiB

  1. Intro
  2. =====
  3. This directory contains a few sets of files that are used for
  4. configuration in diverse ways:
  5. *.conf Target platform configurations, please read
  6. 'Configurations of OpenSSL target platforms' for more
  7. information.
  8. *.tmpl Build file templates, please read 'Build-file
  9. programming with the "unified" build system' as well
  10. as 'Build info files' for more information.
  11. *.pm Helper scripts / modules for the main `Configure`
  12. script. See 'Configure helper scripts for more
  13. information.
  14. Configurations of OpenSSL target platforms
  15. ==========================================
  16. Configuration targets are a collection of facts that we know about
  17. different platforms and their capabilities. We organise them in a
  18. hash table, where each entry represent a specific target.
  19. Note that configuration target names must be unique across all config
  20. files. The Configure script does check that a config file doesn't
  21. have config targets that shadow config targets from other files.
  22. In each table entry, the following keys are significant:
  23. inherit_from => Other targets to inherit values from.
  24. Explained further below. [1]
  25. template => Set to 1 if this isn't really a platform
  26. target. Instead, this target is a template
  27. upon which other targets can be built.
  28. Explained further below. [1]
  29. sys_id => System identity for systems where that
  30. is difficult to determine automatically.
  31. enable => Enable specific configuration features.
  32. This MUST be an array of words.
  33. disable => Disable specific configuration features.
  34. This MUST be an array of words.
  35. Note: if the same feature is both enabled
  36. and disabled, disable wins.
  37. as => The assembler command. This is not always
  38. used (for example on Unix, where the C
  39. compiler is used instead).
  40. asflags => Default assembler command flags [4].
  41. cpp => The C preprocessor command, normally not
  42. given, as the build file defaults are
  43. usually good enough.
  44. cppflags => Default C preprocessor flags [4].
  45. defines => As an alternative, macro definitions may be
  46. given here instead of in 'cppflags' [4].
  47. If given here, they MUST be as an array of
  48. the string such as "MACRO=value", or just
  49. "MACRO" for definitions without value.
  50. includes => As an alternative, inclusion directories
  51. may be given here instead of in 'cppflags'
  52. [4]. If given here, the MUST be an array
  53. of strings, one directory specification
  54. each.
  55. cc => The C compiler command, usually one of "cc",
  56. "gcc" or "clang". This command is normally
  57. also used to link object files and
  58. libraries into the final program.
  59. cxx => The C++ compiler command, usually one of
  60. "c++", "g++" or "clang++". This command is
  61. also used when linking a program where at
  62. least one of the object file is made from
  63. C++ source.
  64. cflags => Defaults C compiler flags [4].
  65. cxxflags => Default C++ compiler flags [4]. If unset,
  66. it gets the same value as cflags.
  67. (linking is a complex thing, see [3] below)
  68. ld => Linker command, usually not defined
  69. (meaning the compiler command is used
  70. instead).
  71. (NOTE: this is here for future use, it's
  72. not implemented yet)
  73. lflags => Default flags used when linking apps,
  74. shared libraries or DSOs [4].
  75. ex_libs => Extra libraries that are needed when
  76. linking shared libraries, DSOs or programs.
  77. The value is also assigned to Libs.private
  78. in $(libdir)/pkgconfig/libcrypto.pc.
  79. shared_cppflags => Extra C preprocessor flags used when
  80. processing C files for shared libraries.
  81. shared_cflag => Extra C compiler flags used when compiling
  82. for shared libraries, typically something
  83. like "-fPIC".
  84. shared_ldflag => Extra linking flags used when linking
  85. shared libraries.
  86. module_cppflags
  87. module_cflags
  88. module_ldflags => Has the same function as the corresponding
  89. 'shared_' attributes, but for building DSOs.
  90. When unset, they get the same values as the
  91. corresponding 'shared_' attributes.
  92. ar => The library archive command, the default is
  93. "ar".
  94. (NOTE: this is here for future use, it's
  95. not implemented yet)
  96. arflags => Flags to be used with the library archive
  97. command. On Unix, this includes the
  98. command letter, 'r' by default.
  99. ranlib => The library archive indexing command, the
  100. default is 'ranlib' it it exists.
  101. unistd => An alternative header to the typical
  102. '<unistd.h>'. This is very rarely needed.
  103. shared_extension => File name extension used for shared
  104. libraries.
  105. obj_extension => File name extension used for object files.
  106. On unix, this defaults to ".o" (NOTE: this
  107. is here for future use, it's not
  108. implemented yet)
  109. exe_extension => File name extension used for executable
  110. files. On unix, this defaults to "" (NOTE:
  111. this is here for future use, it's not
  112. implemented yet)
  113. shlib_variant => A "variant" identifier inserted between the base
  114. shared library name and the extension. On "unixy"
  115. platforms (BSD, Linux, Solaris, MacOS/X, ...) this
  116. supports installation of custom OpenSSL libraries
  117. that don't conflict with other builds of OpenSSL
  118. installed on the system. The variant identifier
  119. becomes part of the SONAME of the library and also
  120. any symbol versions (symbol versions are not used or
  121. needed with MacOS/X). For example, on a system
  122. where a default build would normally create the SSL
  123. shared library as 'libssl.so -> libssl.so.1.1' with
  124. the value of the symlink as the SONAME, a target
  125. definition that sets 'shlib_variant => "-abc"' will
  126. create 'libssl.so -> libssl-abc.so.1.1', again with
  127. an SONAME equal to the value of the symlink. The
  128. symbol versions associated with the variant library
  129. would then be 'OPENSSL_ABC_<version>' rather than
  130. the default 'OPENSSL_<version>'. The string inserted
  131. into symbol versions is obtained by mapping all
  132. letters in the "variant" identifier to upper case
  133. and all non-alphanumeric characters to '_'.
  134. thread_scheme => The type of threads is used on the
  135. configured platform. Currently known
  136. values are "(unknown)", "pthreads",
  137. "uithreads" (a.k.a solaris threads) and
  138. "winthreads". Except for "(unknown)", the
  139. actual value is currently ignored but may
  140. be used in the future. See further notes
  141. below [2].
  142. dso_scheme => The type of dynamic shared objects to build
  143. for. This mostly comes into play with
  144. modules, but can be used for other purposes
  145. as well. Valid values are "DLFCN"
  146. (dlopen() et al), "DLFCN_NO_H" (for systems
  147. that use dlopen() et al but do not have
  148. fcntl.h), "DL" (shl_load() et al), "WIN32"
  149. and "VMS".
  150. asm_arch => The architecture to be used for compiling assembly
  151. source. This acts as a selector in build.info files.
  152. uplink_arch => The architecture to be used for compiling uplink
  153. source. This acts as a selector in build.info files.
  154. This is separate from asm_arch because it's compiled
  155. even when 'no-asm' is given, even though it contains
  156. assembler source.
  157. perlasm_scheme => The perlasm method used to create the
  158. assembler files used when compiling with
  159. assembler implementations.
  160. shared_target => The shared library building method used.
  161. This serves multiple purposes:
  162. - as index for targets found in shared_info.pl.
  163. - as linker script generation selector.
  164. To serve both purposes, the index for shared_info.pl
  165. should end with '-shared', and this suffix will be
  166. removed for use as a linker script generation
  167. selector. Note that the latter is only used if
  168. 'shared_defflag' is defined.
  169. build_scheme => The scheme used to build up a Makefile.
  170. In its simplest form, the value is a string
  171. with the name of the build scheme.
  172. The value may also take the form of a list
  173. of strings, if the build_scheme is to have
  174. some options. In this case, the first
  175. string in the list is the name of the build
  176. scheme.
  177. Currently recognised build scheme is "unified".
  178. For the "unified" build scheme, this item
  179. *must* be an array with the first being the
  180. word "unified" and the second being a word
  181. to identify the platform family.
  182. multilib => On systems that support having multiple
  183. implementations of a library (typically a
  184. 32-bit and a 64-bit variant), this is used
  185. to have the different variants in different
  186. directories.
  187. bn_ops => Building options (was just bignum options in
  188. the earlier history of this option, hence the
  189. name). This is a string of words that describe
  190. algorithms' implementation parameters that
  191. are optimal for the designated target platform,
  192. such as the type of integers used to build up
  193. the bignum, different ways to implement certain
  194. ciphers and so on. To fully comprehend the
  195. meaning, the best is to read the affected
  196. source.
  197. The valid words are:
  198. THIRTY_TWO_BIT bignum limbs are 32 bits,
  199. this is default if no
  200. option is specified, it
  201. works on any supported
  202. system [unless "wider"
  203. limb size is implied in
  204. assembly code];
  205. BN_LLONG bignum limbs are 32 bits,
  206. but 64-bit 'unsigned long
  207. long' is used internally
  208. in calculations;
  209. SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
  210. and sizeof(long) is 8;
  211. SIXTY_FOUR_BIT bignums limbs are 64 bits,
  212. but execution environment
  213. is ILP32;
  214. RC4_CHAR RC4 key schedule is made
  215. up of 'unsigned char's;
  216. RC4_INT RC4 key schedule is made
  217. up of 'unsigned int's;
  218. [1] as part of the target configuration, one can have a key called
  219. `inherit_from` that indicates what other configurations to inherit
  220. data from. These are resolved recursively.
  221. Inheritance works as a set of default values that can be overridden
  222. by corresponding key values in the inheriting configuration.
  223. Note 1: any configuration table can be used as a template.
  224. Note 2: pure templates have the attribute `template => 1` and
  225. cannot be used as build targets.
  226. If several configurations are given in the `inherit_from` array,
  227. the values of same attribute are concatenated with space
  228. separation. With this, it's possible to have several smaller
  229. templates for different configuration aspects that can be combined
  230. into a complete configuration.
  231. Instead of a scalar value or an array, a value can be a code block
  232. of the form `sub { /* your code here */ }`. This code block will
  233. be called with the list of inherited values for that key as
  234. arguments. In fact, the concatenation of strings is really done
  235. by using `sub { join(" ",@_) }` on the list of inherited values.
  236. An example:
  237. "foo" => {
  238. template => 1,
  239. haha => "ha ha",
  240. hoho => "ho",
  241. ignored => "This should not appear in the end result",
  242. },
  243. "bar" => {
  244. template => 1,
  245. haha => "ah",
  246. hoho => "haho",
  247. hehe => "hehe"
  248. },
  249. "laughter" => {
  250. inherit_from => [ "foo", "bar" ],
  251. hehe => sub { join(" ",(@_,"!!!")) },
  252. ignored => "",
  253. }
  254. The entry for "laughter" will become as follows after processing:
  255. "laughter" => {
  256. haha => "ha ha ah",
  257. hoho => "ho haho",
  258. hehe => "hehe !!!",
  259. ignored => ""
  260. }
  261. [2] OpenSSL is built with threading capabilities unless the user
  262. specifies `no-threads`. The value of the key `thread_scheme` may
  263. be `(unknown)`, in which case the user MUST give some compilation
  264. flags to `Configure`.
  265. [3] OpenSSL has three types of things to link from object files or
  266. static libraries:
  267. - shared libraries; that would be libcrypto and libssl.
  268. - shared objects (sometimes called dynamic libraries); that would
  269. be the modules.
  270. - applications; those are apps/openssl and all the test apps.
  271. Very roughly speaking, linking is done like this (words in braces
  272. represent the configuration settings documented at the beginning
  273. of this file):
  274. shared libraries:
  275. {ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
  276. foo/something.o foo/somethingelse.o {ex_libs}
  277. shared objects:
  278. {ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
  279. blah1.o blah2.o -lcrypto {ex_libs}
  280. applications:
  281. {ld} $(CFLAGS) {lflags} -o app \
  282. app1.o utils.o -lssl -lcrypto {ex_libs}
  283. [4] There are variants of these attribute, prefixed with `lib_`,
  284. `dso_` or `bin_`. Those variants replace the unprefixed attribute
  285. when building library, DSO or program modules specifically.
  286. Historically, the target configurations came in form of a string with
  287. values separated by colons. This use is deprecated. The string form
  288. looked like this:
  289. "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:
  290. {bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:
  291. {bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:
  292. {rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:
  293. {padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:
  294. {shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:
  295. {arflags}:{multilib}"
  296. Build info files
  297. ================
  298. The `build.info` files that are spread over the source tree contain the
  299. minimum information needed to build and distribute OpenSSL. It uses a
  300. simple and yet fairly powerful language to determine what needs to be
  301. built, from what sources, and other relationships between files.
  302. For every `build.info` file, all file references are relative to the
  303. directory of the `build.info` file for source files, and the
  304. corresponding build directory for built files if the build tree
  305. differs from the source tree.
  306. When processed, every line is processed with the perl module
  307. Text::Template, using the delimiters `{-` and `-}`. The hashes
  308. `%config` and `%target` are passed to the perl fragments, along with
  309. $sourcedir and $builddir, which are the locations of the source
  310. directory for the current `build.info` file and the corresponding build
  311. directory, all relative to the top of the build tree.
  312. `Configure` only knows inherently about the top `build.info` file. For
  313. any other directory that has one, further directories to look into
  314. must be indicated like this:
  315. SUBDIRS=something someelse
  316. On to things to be built; they are declared by setting specific
  317. variables:
  318. PROGRAMS=foo bar
  319. LIBS=libsomething
  320. MODULES=libeng
  321. SCRIPTS=myhack
  322. Note that the files mentioned for PROGRAMS, LIBS and MODULES *must* be
  323. without extensions. The build file templates will figure them out.
  324. For each thing to be built, it is then possible to say what sources
  325. they are built from:
  326. PROGRAMS=foo bar
  327. SOURCE[foo]=foo.c common.c
  328. SOURCE[bar]=bar.c extra.c common.c
  329. It's also possible to tell some other dependencies:
  330. DEPEND[foo]=libsomething
  331. DEPEND[libbar]=libsomethingelse
  332. (it could be argued that 'libsomething' and 'libsomethingelse' are
  333. source as well. However, the files given through SOURCE are expected
  334. to be located in the source tree while files given through DEPEND are
  335. expected to be located in the build tree)
  336. It's also possible to depend on static libraries explicitly:
  337. DEPEND[foo]=libsomething.a
  338. DEPEND[libbar]=libsomethingelse.a
  339. This should be rarely used, and care should be taken to make sure it's
  340. only used when supported. For example, native Windows build doesn't
  341. support building static libraries and DLLs at the same time, so using
  342. static libraries on Windows can only be done when configured
  343. `no-shared`.
  344. In some cases, it's desirable to include some source files in the
  345. shared form of a library only:
  346. SHARED_SOURCE[libfoo]=dllmain.c
  347. For any file to be built, it's also possible to tell what extra
  348. include paths the build of their source files should use:
  349. INCLUDE[foo]=include
  350. It's also possible to specify C macros that should be defined:
  351. DEFINE[foo]=FOO BAR=1
  352. In some cases, one might want to generate some source files from
  353. others, that's done as follows:
  354. GENERATE[foo.s]=asm/something.pl $(CFLAGS)
  355. GENERATE[bar.s]=asm/bar.S
  356. The value of each GENERATE line is a command line or part of it.
  357. Configure places no rules on the command line, except that the first
  358. item must be the generator file. It is, however, entirely up to the
  359. build file template to define exactly how those command lines should
  360. be handled, how the output is captured and so on.
  361. Sometimes, the generator file itself depends on other files, for
  362. example if it is a perl script that depends on other perl modules.
  363. This can be expressed using DEPEND like this:
  364. DEPEND[asm/something.pl]=../perlasm/Foo.pm
  365. There may also be cases where the exact file isn't easily specified,
  366. but an inclusion directory still needs to be specified. INCLUDE can
  367. be used in that case:
  368. INCLUDE[asm/something.pl]=../perlasm
  369. NOTE: GENERATE lines are limited to one command only per GENERATE.
  370. Finally, you can have some simple conditional use of the `build.info`
  371. information, looking like this:
  372. IF[1]
  373. something
  374. ELSIF[2]
  375. something other
  376. ELSE
  377. something else
  378. ENDIF
  379. The expression in square brackets is interpreted as a string in perl,
  380. and will be seen as true if perl thinks it is, otherwise false. For
  381. example, the above would have "something" used, since 1 is true.
  382. Together with the use of Text::Template, this can be used as
  383. conditions based on something in the passed variables, for example:
  384. IF[{- $disabled{shared} -}]
  385. LIBS=libcrypto
  386. SOURCE[libcrypto]=...
  387. ELSE
  388. LIBS=libfoo
  389. SOURCE[libfoo]=...
  390. ENDIF
  391. Build-file programming with the "unified" build system
  392. ======================================================
  393. "Build files" are called `Makefile` on Unix-like operating systems,
  394. `descrip.mms` for MMS on VMS, `makefile` for `nmake` on Windows, etc.
  395. To use the "unified" build system, the target configuration needs to
  396. set the three items `build_scheme`, `build_file` and `build_command`.
  397. In the rest of this section, we will assume that `build_scheme` is set
  398. to "unified" (see the configurations documentation above for the
  399. details).
  400. For any name given by `build_file`, the "unified" system expects a
  401. template file in `Configurations/` named like the build file, with
  402. `.tmpl` appended, or in case of possible ambiguity, a combination of
  403. the second `build_scheme` list item and the `build_file` name. For
  404. example, if `build_file` is set to `Makefile`, the template could be
  405. `Configurations/Makefile.tmpl` or `Configurations/unix-Makefile.tmpl`.
  406. In case both `Configurations/unix-Makefile.tmpl` and
  407. `Configurations/Makefile.tmpl` are present, the former takes precedence.
  408. The build-file template is processed with the perl module
  409. Text::Template, using `{-` and `-}` as delimiters that enclose the
  410. perl code fragments that generate configuration-dependent content.
  411. Those perl fragments have access to all the hash variables from
  412. configdata.pem.
  413. The build-file template is expected to define at least the following
  414. perl functions in a perl code fragment enclosed with `{-` and `-}`.
  415. They are all expected to return a string with the lines they produce.
  416. generatesrc - function that produces build file lines to generate
  417. a source file from some input.
  418. It's called like this:
  419. generatesrc(src => "PATH/TO/tobegenerated",
  420. generator => [ "generatingfile", ... ]
  421. generator_incs => [ "INCL/PATH", ... ]
  422. generator_deps => [ "dep1", ... ]
  423. generator => [ "generatingfile", ... ]
  424. incs => [ "INCL/PATH", ... ],
  425. deps => [ "dep1", ... ],
  426. intent => one of "libs", "dso", "bin" );
  427. 'src' has the name of the file to be generated.
  428. 'generator' is the command or part of command to
  429. generate the file, of which the first item is
  430. expected to be the file to generate from.
  431. generatesrc() is expected to analyse and figure out
  432. exactly how to apply that file and how to capture
  433. the result. 'generator_incs' and 'generator_deps'
  434. are include directories and files that the generator
  435. file itself depends on. 'incs' and 'deps' are
  436. include directories and files that are used if $(CC)
  437. is used as an intermediary step when generating the
  438. end product (the file indicated by 'src'). 'intent'
  439. indicates what the generated file is going to be
  440. used for.
  441. src2obj - function that produces build file lines to build an
  442. object file from source files and associated data.
  443. It's called like this:
  444. src2obj(obj => "PATH/TO/objectfile",
  445. srcs => [ "PATH/TO/sourcefile", ... ],
  446. deps => [ "dep1", ... ],
  447. incs => [ "INCL/PATH", ... ]
  448. intent => one of "lib", "dso", "bin" );
  449. 'obj' has the intended object file with '.o'
  450. extension, src2obj() is expected to change it to
  451. something more suitable for the platform.
  452. 'srcs' has the list of source files to build the
  453. object file, with the first item being the source
  454. file that directly corresponds to the object file.
  455. 'deps' is a list of explicit dependencies. 'incs'
  456. is a list of include file directories. Finally,
  457. 'intent' indicates what this object file is going
  458. to be used for.
  459. obj2lib - function that produces build file lines to build a
  460. static library file ("libfoo.a" in Unix terms) from
  461. object files.
  462. called like this:
  463. obj2lib(lib => "PATH/TO/libfile",
  464. objs => [ "PATH/TO/objectfile", ... ]);
  465. 'lib' has the intended library file name *without*
  466. extension, obj2lib is expected to add that. 'objs'
  467. has the list of object files to build this library.
  468. libobj2shlib - backward compatibility function that's used the
  469. same way as obj2shlib (described next), and was
  470. expected to build the shared library from the
  471. corresponding static library when that was suitable.
  472. NOTE: building a shared library from a static
  473. library is now DEPRECATED, as they no longer share
  474. object files. Attempting to do this will fail.
  475. obj2shlib - function that produces build file lines to build a
  476. shareable object library file ("libfoo.so" in Unix
  477. terms) from the corresponding object files.
  478. called like this:
  479. obj2shlib(shlib => "PATH/TO/shlibfile",
  480. lib => "PATH/TO/libfile",
  481. objs => [ "PATH/TO/objectfile", ... ],
  482. deps => [ "PATH/TO/otherlibfile", ... ]);
  483. 'lib' has the base (static) library ffile name
  484. *without* extension. This is useful in case
  485. supporting files are needed (such as import
  486. libraries on Windows).
  487. 'shlib' has the corresponding shared library name
  488. *without* extension. 'deps' has the list of other
  489. libraries (also *without* extension) this library
  490. needs to be linked with. 'objs' has the list of
  491. object files to build this library.
  492. obj2dso - function that produces build file lines to build a
  493. dynamic shared object file from object files.
  494. called like this:
  495. obj2dso(lib => "PATH/TO/libfile",
  496. objs => [ "PATH/TO/objectfile", ... ],
  497. deps => [ "PATH/TO/otherlibfile",
  498. ... ]);
  499. This is almost the same as obj2shlib, but the
  500. intent is to build a shareable library that can be
  501. loaded in runtime (a "plugin"...).
  502. obj2bin - function that produces build file lines to build an
  503. executable file from object files.
  504. called like this:
  505. obj2bin(bin => "PATH/TO/binfile",
  506. objs => [ "PATH/TO/objectfile", ... ],
  507. deps => [ "PATH/TO/libfile", ... ]);
  508. 'bin' has the intended executable file name
  509. *without* extension, obj2bin is expected to add
  510. that. 'objs' has the list of object files to build
  511. this library. 'deps' has the list of library files
  512. (also *without* extension) that the programs needs
  513. to be linked with.
  514. in2script - function that produces build file lines to build a
  515. script file from some input.
  516. called like this:
  517. in2script(script => "PATH/TO/scriptfile",
  518. sources => [ "PATH/TO/infile", ... ]);
  519. 'script' has the intended script file name.
  520. 'sources' has the list of source files to build the
  521. resulting script from.
  522. In all cases, file file paths are relative to the build tree top, and
  523. the build file actions run with the build tree top as current working
  524. directory.
  525. Make sure to end the section with these functions with a string that
  526. you thing is appropriate for the resulting build file. If nothing
  527. else, end it like this:
  528. ""; # Make sure no lingering values end up in the Makefile
  529. -}
  530. Configure helper scripts
  531. ========================
  532. Configure uses helper scripts in this directory:
  533. Checker scripts
  534. ---------------
  535. These scripts are per platform family, to check the integrity of the
  536. tools used for configuration and building. The checker script used is
  537. either `{build_platform}-{build_file}-checker.pm` or
  538. `{build_platform}-checker.pm`, where `{build_platform}` is the second
  539. `build_scheme` list element from the configuration target data, and
  540. `{build_file}` is `build_file` from the same target data.
  541. If the check succeeds, the script is expected to end with a non-zero
  542. expression. If the check fails, the script can end with a zero, or
  543. with a `die`.