leviathan
/
openssl
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b897b353df'
${ noResults }
openssl/Configure

3529 lines
129 KiB
Plaintext
Raw Normal View History Unescape Escape

Drop the old perl start magic and replace it with a normal shebang perlrun(1) leads the way. Reviewed-by: Matt Caswell <matt@openssl.org>
8 years ago
#! /usr/bin/env perl
Add perl modeline to Configure scripts Encourages GitHub to perform proper syntax highlighting. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
# -*- mode: perl; -*-
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
3 years ago
# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
Copyright consolidation; .pm and Configure Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
#
Following the license change, modify the boilerplates in last few [skip ci] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7836)
5 years ago
# Licensed under the Apache License 2.0 (the "License"). You may not use
Copyright consolidation; .pm and Configure Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
Drop the old perl start magic and replace it with a normal shebang perlrun(1) leads the way. Reviewed-by: Matt Caswell <matt@openssl.org>
8 years ago
Don't hard-code path to Perl interpreter on shebang line of Configure script. Instead use the usual Shell->Perl transition trick.
25 years ago
## Configure -- OpenSSL source tree configuration script
Add strictness, fix variable substition bugs.
25 years ago
Configure: use 5.10.0, don't require... Configure started with 'require 5.10.0', but if executed by older perl it failed with "might be runaway multi-line // string" instead of naturally expected "Perl v5.10.0 required--this is only v5.x.y". Reviewed-by: Richard Levitte <levitte@openssl.org>
6 years ago
use 5.10.0;
Add strictness, fix variable substition bugs.
25 years ago
use strict;
Trim config output With extensive help and feedback from Richard and Andy. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org>
7 years ago
use Config;
Consolidate the locations where we have our internal perl modules Instead of having perl modules under test/testlib, util and util/perl, consolidate them all to be inside util/perl. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4069)
6 years ago
use FindBin;
use lib "$FindBin::Bin/util/perl";
Move build config table to separate files. Move the build configuration table into separate files. The Configurations file is standard configs, and Configurations.team is for openssl-team members. Any other file, Configurations*, found in the same directory as the Configure script, is loaded. To add another file, use --config=FILE flags (which should probably be an absolute path). Written by Stefen Eissing <stefan.eissing@greenbytes.de> and Rich Salz <rsalz@openssl.org>, contributed by Akamai Technologies. Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
use File::Basename;
Build: make it possibly to specify subdirs in build.info This adds a keyword SUBDIRS for build.info, to be used like this: SUBDIRS=foo bar This tells Configure that it should look for 'build.info' in the relative subdirectories 'foo' and 'bar' as well. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7558)
5 years ago
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs splitdir/;
Use File::Path::mkpath rather than File::Path::make_path File::Path::make_path didn't show up before File::Path 2.06 / perl v5.10.1. Because we're trying to stay compatible with perl v5.10.0 and up, it's better to use the legacy interface. Reviewed-by: Andy Polyakov <appro@openssl.org>
7 years ago
use File::Path qw/mkpath/;
Rework the perl fallback functionality The module with_fallback.pm was kind of clunky and required a transfer module. This change replaces if with a much more generic pragma type module, which simply appends given directories to @INC (as opposed to the 'lib' pragma, which prepends the directories to @INC). This also supports having a file MODULES.txt with sub-directories to modules. This ensures that we don't have to spray individual module paths throughout our perl code, but can have them collected in one place. (do note that there is a 'fallback' module on CPAN. However, it isn't part of the core perl, and it has no support the any MODULES.txt kind of construct) Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9826)
4 years ago
use OpenSSL::fallback "$FindBin::Bin/external/perl/MODULES.txt";
File::Glob option ':bsd_glob' doesn't work everywhere, replace w/ a wrapper Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4069)
6 years ago
use OpenSSL::Glob;
confdata.pm.in: New template for configdata.pm To have the configdata.pm text embedded in Configure was kind of ugly, and becomes clearer if put into a template file, configdata.pm.in. We can then use OpenSSL::Template to generate it. We also modify configdata.pm to be the build file generator, and run it from Configure. The benefit with that is that developers who tinker and play with the build file can do a "factory reset" without having to go through the configuration process, i.e. they can re-use the config data the already have. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9693)
4 years ago
use OpenSSL::Template;
util/perl/OpenSSL/config.pm: refactor map_guess() map_guess() is now table driven, just like get_system(). Additionally, it now takes a config hash table and returns one of its own. This way, 'Configure' can pass whatever it has already found to OpenSSL::config::get_platform(), and easily merge the returned hash table into its %config. This also gets rid of variables that we no longer need. That includes $PERL and all the $__CNF_ environment variables. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11230)
3 years ago
use OpenSSL::config;
Add strictness, fix variable substition bugs.
25 years ago
Configure: change all references to INSTALL to INSTALL.md Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11657)
3 years ago
# see INSTALL.md for instructions.
New Configure option --openssldir to replace util/ssldir.pl.
24 years ago
Configure: print generic advice when dying On the same note, change the 'NASM not found' message to give specific advice on how to handle the failure. Fixes #6765 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6771)
5 years ago
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
Rework DSO API conditions and configuration option 'no-dso' is meaningless, as it doesn't get any macro defined. Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may be some odd platforms with no DSO scheme. For those, we generate the internal macro DSO_NONE aand use it. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/#8622)
4 years ago
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
New Configure option --openssldir to replace util/ssldir.pl.
24 years ago
Document additional Configure flags.
24 years ago
# Options:
Support INSTALL_PREFIX for packagers. Submitted by: Reviewed by: PR:
24 years ago
#
Move build config table to separate files. Move the build configuration table into separate files. The Configurations file is standard configs, and Configurations.team is for openssl-team members. Any other file, Configurations*, found in the same directory as the Configure script, is loaded. To add another file, use --config=FILE flags (which should probably be an absolute path). Written by Stefen Eissing <stefan.eissing@greenbytes.de> and Rich Salz <rsalz@openssl.org>, contributed by Akamai Technologies. Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
# --config add the given configuration file, which will be read after
# any "Configurations*" files that are found in the same
# directory as this script.
Refresh the thinking of --prefix and --openssldir --prefix is now exclusively used for software and manual installation. --openssldir is not exclusively used as a default location for certs, keys and the default openssl.cnf. This change is made to bring clarity, to have the two less intertwined, and to be more compatible with the usual ways of software installation. Please change your habits and scripts to use --prefix rather than --openssldir for installation location now. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
7 years ago
# --prefix prefix for the OpenSSL installation, which includes the
# directories bin, lib, include, share/man, share/doc/openssl
# This becomes the value of INSTALLTOP in Makefile
# (Default: /usr/local)
# --openssldir OpenSSL data area, such as openssl.cnf, certificates and keys.
# If it's a relative directory, it will be added on the directory
# given with --prefix.
# This becomes the value of OPENSSLDIR in Makefile and in C.
# (Default: PREFIX/ssl)
Support INSTALL_PREFIX for packagers. Submitted by: Reviewed by: PR:
24 years ago
#
Rudimentary support for cross-compiling.
17 years ago
# --cross-compile-prefix Add specified prefix to binutils components.
#
Change the logic and behaviour surrounding '--api' and 'no-deprecated' At some point in time, there was a 'no-deprecated' configuration option, which had the effect of hiding all declarations of deprecated stuff, i.e. make the public API look like they were all removed. At some point in time, there was a '--api' configuration option, which had the effect of having the public API look like it did in the version given as value, on a best effort basis. In practice, this was used to get different implementations of BN_zero(), depending on the desired API compatibility level. At some later point in time, '--api' was changed to mean the same as 'no-deprecated', but only for the deprecations up to and including the desired API compatibility level. BN_zero() has been set to the pre-1.0.0 implementation ever since, unless 'no-deprecation' has been given. This change turns these options back to their original meaning, but with the slight twist that when combined, i.e. both '--api' and 'no-deprecated' is given, the declarations that are marked deprecated up to an including the desired API compatibility level are hidden, simulating that they have been removed. If no desired API compatibility level has been given, then configuration sets the current OpenSSL version by default. Furthermore, the macro OPENSSL_API_LEVEL is now used exclusively to check what API compatibility level is desired. For checking in code if `no-deprecated` has been configured for the desired API compatibility level, macros for each supported level is generated, such as OPENSSL_NO_DEPRECATED_1_1_1, corresponding to the use of DEPRECATEDIN_ macros, such as DEPRECATEDIN_1_1_1(). Just like before, to set an API compatibility level when building an application, define OPENSSL_API_COMPAT with an appropriate value. If it's desirable to hide deprecated functions up to and including that level, additionally define OPENSSL_NO_DEPRECATED (the value is ignored). Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10364)
4 years ago
# --api One of 0.9.8, 1.0.0, 1.0.1, 1.0.2, 1.1.0, 1.1.1, or 3.0
# Define the public APIs as they were for that version
# including patch releases. If 'no-deprecated' is also
# given, do not compile support for interfaces deprecated
# up to and including the specified OpenSSL version.
Backwards-compatibility subject to OPENSSL_API_COMPAT Provide backwards-compatiblity for functions, macros and include files if OPENSSL_API_COMPAT is either not defined or defined less than the version number of the release in which the feature was deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
#
Merge the engine branch into the main trunk. All conflicts resolved. At the same time, add VMS support for Rijndael.
23 years ago
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
# are always compiled but return NULL if the hardware
# support isn't compiled.
# no-hw do not compile support for any crypto hardware.
New Configure options "threads" and "no-threads". For Solaris and Linux, "threads" (with proper compiler options) is the default. Submitted by: Reviewed by: PR:
24 years ago
# [no-]threads [don't] try to create a library that is suitable for
# multithreaded applications (default is "threads" if we
# know how to do it)
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
# [no-]shared [don't] try to create shared libraries when supported.
Introduce the "pic" / "no-pic" config option Building shared libraries or not is not the same as building position independent code or not. It's true that if you don't build PIC, you can't build shared libraries. However, you may very well want to build only static libraries but still want PIC code. Therefore, we introduce a new configuration option "pic", which is enabled by default or explicitely with "enable-pic", or disabled with "no-pic" or "disable-pic". Of course, if "pic" is disabled, "shared" and "dynamic-engine" are automatically disabled as well. Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
# [no-]pic [don't] try to build position independent code when supported.
Fix a few typos Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
# If disabled, it also disables shared and dynamic-engine.
Error in comment.
24 years ago
# no-asm do not use assembler
Add a no-egd option to disable EGD-related code The entropy-gathering daemon is used only on a small number of machines. Provide a configure knob so that EGD support can be disabled by default but re-enabled on those systems that do need it. Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
7 years ago
# no-egd do not compile support for the entropy-gathering daemon APIs
Add the possibility to specify the use of zlib compression and decompression. It can be set up to link at link time or to load the zlib library at run-time.
22 years ago
# [no-]zlib [don't] compile support for zlib compression.
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded in run-time by the OpenSSL library.
PR: 2535 Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de> Reviewed by: steve Add SCTP support for DTLS (RFC 6083).
12 years ago
# sctp include SCTP support
Improve the Windows OneCore target support. (Add targets for building libraries for Windows Store apps.) Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8917)
4 years ago
# no-uplink Don't build support for UPLINK interface.
Don't build RC4 ciphersuites into libssl by default RC4 based ciphersuites in libssl have been disabled by default. They can be added back by building OpenSSL with the "enable-weak-ssl-ciphers" Configure option at compile time. Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
# enable-weak-ssl-ciphers
Remove non-accurate description in Configure script For DES and 3DES based ciphers are also enabled by this option. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3707)
6 years ago
# Enable weak ciphers that are disabled by default.
INSTALL: clarify 386 and no-sse2 options. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
# 386 generate 80386 code in assembly modules
# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
# mentioned '386' option implies this one
Drop OPENSSL_NO_RSA everywhere The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13700)
2 years ago
# no-<cipher> build without specified algorithm (dsa, idea, rc5, ...)
Configure: accept Windows style compiler options Currently the Configure command only supports passing UNIX style options (`-opt`) to the compiler. Passing Windows style options (`/opt`) yields an error. Fortunately, the compiler accepts both types of options, nevertheless this commit fixes that discrimination of Windows users. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9961)
4 years ago
# -<xxx> +<xxx> All options which are unknown to the 'Configure' script are
# /<xxx> passed through to the compiler. Unix-style options beginning
# with a '-' or '+' are recognized, as well as Windows-style
# options beginning with a '/'. If the option contains arguments
# separated by spaces, then the URL-style notation %20 can be
# used for the space character in order to avoid having to quote
# the option. For example, -opt%20arg gets expanded to -opt arg.
# In fact, any ASCII character can be encoded as %xx using its
# hexadecimal encoding.
Configure: clarify and refine -static. Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
# -static while -static is also a pass-through compiler option (and
# as such is limited to environments where it's actually
# meaningful), it triggers a number configuration options,
Rework DSO API conditions and configuration option 'no-dso' is meaningless, as it doesn't get any macro defined. Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may be some odd platforms with no DSO scheme. For those, we generate the internal macro DSO_NONE aand use it. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/#8622)
4 years ago
# namely no-pic, no-shared and no-threads. It is
Configure: clarify and refine -static. Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
# argued that the only reason to produce statically linked
# binaries (and in context it means executables linked with
# -static flag, and not just executables linked with static
# libcrypto.a) is to eliminate dependency on specific run-time,
# a.k.a. libc version. The mentioned config options are meant
# to achieve just that. Unfortunately on Linux it's impossible
# to eliminate the dependency completely for openssl executable
# because of getaddrinfo and gethostbyname calls, which can
# invoke dynamically loadable library facility anyway to meet
# the lookup requests. For this reason on Linux statically
# linked openssl executable has rather debugging value than
# production quality.
This change will cause builds (by default) to not use different STACK structures and functions for each stack type. The previous behaviour can be enabled by configuring with the "-DDEBUG_SAFESTACK" option. This will also cause "make update" (mkdef.pl in particular) to update the libeay.num and ssleay.num symbol tables with the number of extra functions DEBUG_SAFESTACK creates. The way this change works is to accompany each DECLARE_STACK_OF() macro with a set of "#define"d versions of the sk_##type##_*** functions that ensures all the existing "type-safe" stack calls are precompiled into the underlying stack calls. The presence or abscence of the DEBUG_SAFESTACK symbol controls whether this block of "#define"s or the DECLARE_STACK_OF() macro is taking effect. The block of "#define"s is in turn generated and maintained by a perl script (util/mkstack.pl) that encompasses the block with delimiting C comments. This works in a similar way to the auto-generated error codes and, like the other such maintenance utilities, is invoked by the "make update" target. A long (but mundane) commit will follow this with the results of "make update" - this will include all the "#define" blocks for each DECLARE_STACK_OF() statement, along with stripped down libeay.num and ssleay.num files.
23 years ago
#
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
# BN_LLONG use the type 'long long' in crypto/bn/bn.h
# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
Add anchors for AES, SHA-256/-512 assembler modules and SSE2 code pathes. I also used this opportunity to clean up some out-of-date targets and re-group targets by OS.
19 years ago
# Following are set automatically by this script
#
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
# MD5_ASM use some extra md5 assembler,
# SHA1_ASM use some extra sha1 assembler, must define L_ENDIAN for x86
# RMD160_ASM use some extra ripemd160 assembler,
# SHA256_ASM sha256_block is implemented in assembler
# SHA512_ASM sha512_block is implemented in assembler
# AES_ASM AES_[en|de]crypt is implemented in assembler
Import of old SSLeay release: SSLeay 0.8.1b
25 years ago
Configure: Remove extra warning and sanitizer options from CXXFLAGS We add the extra warning and sanitizer options to check our code, which is entirely in C. We support C++ compilers uniquely for the sake of certain external test suites, and those projects can probably sanitize their own code themselves. [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9013)
4 years ago
# Minimum warning options... any contributions to OpenSSL should at least
# get past these. Note that we only use these with C compilers, not with
# C++ compilers.
Add a set of standard gcc warning options which are designed to be the minimum requirement for committed code. Added to debug-steve* config targets for now.
15 years ago
Clean-up *_DEBUG options. Since NDEBUG is defined unconditionally on command line for release builds, we can omit *_DEBUG options in favour of effective "all-on" in debug builds exercised though CI. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Emilia Käsper <emilia@openssl.org>
7 years ago
# DEBUG_UNUSED enables __owur (warn unused result) checks.
Add -Wno-parentheses-equality to dev-warnings. Also fix a block comment formatting glitch. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2327)
6 years ago
# -DPEDANTIC complements -pedantic and is meant to mask code that
# is not strictly standard-compliant and/or implementation-specific,
# e.g. inline assembly, disregards to alignment requirements, such
# that -pedantic would complain about. Incidentally -DPEDANTIC has
# to be used even in sanitized builds, because sanitizer too is
# supposed to and does take notice of non-standard behaviour. Then
# -pedantic with pre-C9x compiler would also complain about 'long
# long' not being supported. As 64-bit algorithms are common now,
# it grew impossible to resolve this without sizeable additional
# code, so we just tell compiler to be pedantic about everything
# but 'long long' type.
Configure: Remove extra warning and sanitizer options from CXXFLAGS We add the extra warning and sanitizer options to check our code, which is entirely in C. We support C++ compilers uniquely for the sake of certain external test suites, and those projects can probably sanitize their own code themselves. [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9013)
4 years ago
my @gcc_devteam_warn = qw(
-DDEBUG_UNUSED
-DPEDANTIC -pedantic -Wno-long-long
-Wall
-Wextra
-Wno-unused-parameter
-Wno-missing-field-initializers
-Wswitch
-Wsign-compare
-Wshadow
-Wformat
-Wtype-limits
-Wundef
-Werror
-Wmissing-prototypes
-Wstrict-prototypes
);
Add a set of standard gcc warning options which are designed to be the minimum requirement for committed code. Added to debug-steve* config targets for now.
15 years ago
Fix build on MacOS. Reviewed-by: Andy Polyakov
8 years ago
# These are used in addition to $gcc_devteam_warn when the compiler is clang.
# TODO(openssl-team): fix problems and investigate if (at least) the
Add -Wconditional-uninitialized to clang strict warnings. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
# following warnings can also be enabled:
Reformat warn variables for easier editing. Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
# -Wcast-align
Add -Wno-parentheses-equality to dev-warnings. Also fix a block comment formatting glitch. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2327)
6 years ago
# -Wunreachable-code -- no, too ugly/compiler-specific
Remove unused parameters from internal functions Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
# -Wlanguage-extension-token -- no, we use asm()
# -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
# -Wextended-offsetof -- no, needed in CMS ASN1 code
Configure: Remove extra warning and sanitizer options from CXXFLAGS We add the extra warning and sanitizer options to check our code, which is entirely in C. We support C++ compilers uniquely for the sake of certain external test suites, and those projects can probably sanitize their own code themselves. [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9013)
4 years ago
my @clang_devteam_warn = qw(
Configure: clang: move -Wno-unknown-warning-option to the front While gcc ignores unknown options of the type '-Wno-xxx', clang by default issues a warning [-Wunknown-warning-option] (see [3]), which together with '-Werror' causes the build to fail. This turned out to be a problem on the 1.0.2 stable branch in the case of the '-Wextended-offsetof' option, which was removed in version 6.0.0, but needs to be kept here in order to support older clang versions, too (see #9446). Incidentally, master and 1.1.1 branch already contained the -Wno-unknown-warning-option option. Due to its special role and its importance, this commit adds an explaining commit message and moves the option to the front. [extended tests] Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/9447)
4 years ago
-Wno-unknown-warning-option
Configure: Remove extra warning and sanitizer options from CXXFLAGS We add the extra warning and sanitizer options to check our code, which is entirely in C. We support C++ compilers uniquely for the sake of certain external test suites, and those projects can probably sanitize their own code themselves. [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9013)
4 years ago
-Wswitch-default
-Wno-parentheses-equality
-Wno-language-extension-token
-Wno-extended-offsetof
-Wconditional-uninitialized
-Wincompatible-pointer-types-discards-qualifiers
-Wmissing-variable-declarations
);
Add a clang build target for linux-x86_64 This change documents the world as-is, by turning all warnings on, and then turning warnings that trigger off again. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
9 years ago
Configure: Make --strict-warnings meaningful with MSVC cl We also add this to our x86_64 builds on appveyor Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10287)
4 years ago
my @cl_devteam_warn = qw(
/WX
);
Add new option --strict-warnings to Configure script. This is used to add in devteam warnings into other configurations.
14 years ago
my $strict_warnings = 0;
Fold a bunch of linux and *BSD targets into [linux|BSD]-generic[32|64]. Idea is to provide unified "fall-down" case for all rare platforms out there. ./config is free to enable some optimizations, such as endianness specification, specific -mcpu flags...
19 years ago
# As for $BSDthreads. Idea is to maintain "collective" set of flags,
Strip trailing whitespace from Configure.
9 years ago
# which would cover all BSD flavors. -pthread applies to them all,
Fold a bunch of linux and *BSD targets into [linux|BSD]-generic[32|64]. Idea is to provide unified "fall-down" case for all rare platforms out there. ./config is free to enable some optimizations, such as endianness specification, specific -mcpu flags...
19 years ago
# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
# which has to be accompanied by explicit -D_THREAD_SAFE and
# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
# seems to be sufficient?
Configure - Get rid of the special thread_cflag, replace with thread_scheme The thread_cflag setting filled a double role, as kinda sorta an indicator of thread scheme, and as cflags. Some configs also added lflags and ex_libs for multithreading regardless of if threading would be enabled or not. Instead of this, add threading cflags among in the cflag setting, threading lflags in the lflag setting and so on if and only if threads are enabled (which they are by default). Also, for configs where there are no special cflags for threading (the VMS configs are of that kind), this makes it possible to still clearly mention what thread scheme is used. The exact value of thread scheme is currently ignored except when it's "(unknown)", and thereby only serves as a flag to tell if we know how to build for multi-threading in a particular config. Yet, the currently used values are "(unknown)", "pthreads", "uithreads" (a.k.a solaris threads) and "winthreads". Reviewed-by: Andy Polyakov <appro@openssl.org>
7 years ago
our $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
Import of old SSLeay release: SSLeay 0.8.1b
25 years ago
Backwards-compatibility subject to OPENSSL_API_COMPAT Provide backwards-compatiblity for functions, macros and include files if OPENSSL_API_COMPAT is either not defined or defined less than the version number of the release in which the feature was deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
#
Spelling... and more spelling Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1245)
7 years ago
# API compatibility name to version number mapping.
Backwards-compatibility subject to OPENSSL_API_COMPAT Provide backwards-compatiblity for functions, macros and include files if OPENSSL_API_COMPAT is either not defined or defined less than the version number of the release in which the feature was deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
#
my $apitable = {
Change the logic and behaviour surrounding '--api' and 'no-deprecated' At some point in time, there was a 'no-deprecated' configuration option, which had the effect of hiding all declarations of deprecated stuff, i.e. make the public API look like they were all removed. At some point in time, there was a '--api' configuration option, which had the effect of having the public API look like it did in the version given as value, on a best effort basis. In practice, this was used to get different implementations of BN_zero(), depending on the desired API compatibility level. At some later point in time, '--api' was changed to mean the same as 'no-deprecated', but only for the deprecations up to and including the desired API compatibility level. BN_zero() has been set to the pre-1.0.0 implementation ever since, unless 'no-deprecation' has been given. This change turns these options back to their original meaning, but with the slight twist that when combined, i.e. both '--api' and 'no-deprecated' is given, the declarations that are marked deprecated up to an including the desired API compatibility level are hidden, simulating that they have been removed. If no desired API compatibility level has been given, then configuration sets the current OpenSSL version by default. Furthermore, the macro OPENSSL_API_LEVEL is now used exclusively to check what API compatibility level is desired. For checking in code if `no-deprecated` has been configured for the desired API compatibility level, macros for each supported level is generated, such as OPENSSL_NO_DEPRECATED_1_1_1, corresponding to the use of DEPRECATEDIN_ macros, such as DEPRECATEDIN_1_1_1(). Just like before, to set an API compatibility level when building an application, define OPENSSL_API_COMPAT with an appropriate value. If it's desirable to hide deprecated functions up to and including that level, additionally define OPENSSL_NO_DEPRECATED (the value is ignored). Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10364)
4 years ago
# This table expresses when API additions or changes can occur.
# The numbering used changes from 3.0 and on because we updated
# (solidified) our version numbering scheme at that point.
Configure: fix minor typo in apitable comment Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12398)
3 years ago
# From 3.0 and on, we internalise the given version number in decimal
Change the logic and behaviour surrounding '--api' and 'no-deprecated' At some point in time, there was a 'no-deprecated' configuration option, which had the effect of hiding all declarations of deprecated stuff, i.e. make the public API look like they were all removed. At some point in time, there was a '--api' configuration option, which had the effect of having the public API look like it did in the version given as value, on a best effort basis. In practice, this was used to get different implementations of BN_zero(), depending on the desired API compatibility level. At some later point in time, '--api' was changed to mean the same as 'no-deprecated', but only for the deprecations up to and including the desired API compatibility level. BN_zero() has been set to the pre-1.0.0 implementation ever since, unless 'no-deprecation' has been given. This change turns these options back to their original meaning, but with the slight twist that when combined, i.e. both '--api' and 'no-deprecated' is given, the declarations that are marked deprecated up to an including the desired API compatibility level are hidden, simulating that they have been removed. If no desired API compatibility level has been given, then configuration sets the current OpenSSL version by default. Furthermore, the macro OPENSSL_API_LEVEL is now used exclusively to check what API compatibility level is desired. For checking in code if `no-deprecated` has been configured for the desired API compatibility level, macros for each supported level is generated, such as OPENSSL_NO_DEPRECATED_1_1_1, corresponding to the use of DEPRECATEDIN_ macros, such as DEPRECATEDIN_1_1_1(). Just like before, to set an API compatibility level when building an application, define OPENSSL_API_COMPAT with an appropriate value. If it's desirable to hide deprecated functions up to and including that level, additionally define OPENSSL_NO_DEPRECATED (the value is ignored). Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10364)
4 years ago
# as MAJOR * 10000 + MINOR * 100 + 0
"3.0.0" => 30000,
"3.0" => 30000,
# Note that before 3.0, we didn't have the same version number scheme.
# Still, the numbering we use here covers what we need.
"1.1.1" => 10101,
"1.1.0" => 10100,
"1.0.2" => 10002,
"1.0.1" => 10001,
"1.0.0" => 10000,
"0.9.8" => 908,
Backwards-compatibility subject to OPENSSL_API_COMPAT Provide backwards-compatiblity for functions, macros and include files if OPENSSL_API_COMPAT is either not defined or defined less than the version number of the release in which the feature was deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
};
Configure: pick up options from older 'config' These options were coded in util/perl/OpenSSL/config.pm, but that got removed when the OpenSSL::config::main() function was removed. We're not putting them back, but in 'Configure'. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11230)
3 years ago
# For OpenSSL::config::get_platform
my %guess_opts = ();
my $dryrun = 0;
Refactor config - move templates and template docs to Configurations Move the documentation of the target configuration form to Configurations/README. Move initial assembler object templates to Configurations/00-BASE-templates.conf. Furthermore, remove all variables containing the names of the non-assembler object files and make a BASE template of them instead. The values from this templates are used as defaults as is. The remaining manipulation of data when assembler modules are used is done only when $no_asm is false. While doing this, clean out some other related variables that aren't used anywhere. Also, we had to move the resolution of the chosen target a bit, or the function 'asm' would never catch a true $no_asm... this hasn't mattered before we've moved it all to the BASE template, but now it does. At the same time, add the default for the 'unistd' key to the BASE template. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
our %table = ();
Refactor file writing - introduce template driven file writing apps/CA.pl and tools/c_rehash are built from template files. So far, this was done by Configure, which created its own problems as it forced everyone to reconfigure just because one of the template files had changed. Instead, have those files created as part of the normal build in apps/ and in tools/. Furthermore, this prepares for a future where Configure may produce entirely other build files than Makefile, and the latter can't be guaranteed to be the holder of all information for other scripts. Instead, configdata.pm (described below) becomes the center of configuration information. This introduces a few new things: %config a hash table to hold all kinds of configuration data that can be used by any other script. configdata.pm a perl module that Configure writes. It currently holds the hash tables %config and %target. util/dofile.pl a script that takes a template on STDIN and outputs the result after applying configuration data on it. It's supposed to be called like this: perl -I$(TOP) -Mconfigdata < template > result or perl -I$(TOP) -Mconfigdata templ1 templ2 ... > result Note: util/dofile.pl requires Text::Template. As part of this changed, remove a number of variables that are really just copies of entries in %target, and use %target directly. The exceptions are $target{cflags} and $target{lflags}, they do get copied to $cflags and $lflags. The reason for this is that those variable potentially go through a lot of changes and would rather deserve a place in %config. That, however, is for another commit. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
our %config = ();
Configure - move the addition of the zlib / libz lib to configs Configure had the Unix centric addition of -lz when linking with zlib is enabled, which doesn't work on other platforms. Therefore, we move it to the BASE_unix config template and add corresponding ones in the other BASE_* config templates. The Windows one is probably incomplete, but that doesn't matter for the moment, as mk1mf does it's own thing anyway. This required making the %withargs table global, so perl snippets in the configs can use it. Reviewed-by: Andy Polyakov <appro@openssl.org>
7 years ago
our %withargs = ();
Configure: make LIST command work with dynamic 15-android.conf. This is quick-n-dirty ad-hoc solution, the problem asks for more elegant one... Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5755)
5 years ago
our $now_printing; # set to current entry's name in print_table_entry
# (todo: right thing would be to encapsulate name
# into %target [class] and make print_table_entry
# a method)
Add the configuration target VxWorks.
22 years ago
Refactor config - split read_config into read_config and resolve_config Split the read_config function into read_config that ONLY reads the configuration files but doesn't try to resolve any of the inheritances, and resolve_config which resolves the inheritance chain of a given target. Move them to the bottom of Configure, with the rest of the helpers. Have a new small hash table, %target, which will hold the values for the target the user requested. This also means that all access to the current target data can be reduced from '$table{$target}->{key}' to a mere '$target{key}'. While we're at it, the old string formatted configurations are getting obsolete, so they may as well get deprecated entirely. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
# Forward declarations ###############################################
Configure: fold related configurations more aggressively and clean-up. Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
Refactor config - split read_config into read_config and resolve_config Split the read_config function into read_config that ONLY reads the configuration files but doesn't try to resolve any of the inheritances, and resolve_config which resolves the inheritance chain of a given target. Move them to the bottom of Configure, with the rest of the helpers. Have a new small hash table, %target, which will hold the values for the target the user requested. This also means that all access to the current target data can be reduced from '$table{$target}->{key}' to a mere '$target{key}'. While we're at it, the old string formatted configurations are getting obsolete, so they may as well get deprecated entirely. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
# read_config(filename)
#
# Reads a configuration file and populates %table with the contents
# (which the configuration file places in %targets).
sub read_config;
Add base template processing. Base templates are templates that are used to inherit from. They can loosely be compared with parent class inheritance in object orientation. They can be used for the same purpose as the variables with multi-field strings are used in old-style string configurations. Base templates are declared with the base_templates configuration attribute, like so: "example_target" => { base_templates => [ "x86_asm", ... ] ... } Note: The value of base_templates MUST be an array reference (an array enclosed in square brackets). Any configuration target can be used as a base template by another. It is also possible to have a target that's a pure template and not meant to be used directly as a configuration target. Such a target is marked with the template configuration attribute, like so: "example_template" => { template => 1, cc => "mycc", ... }, As part of this commit, all variables with multi-field strings have been translated to pure templates. The variables currently remain since we can't expect people to shift to hash table configurations immediately. Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years ago
Refactor config - split read_config into read_config and resolve_config Split the read_config function into read_config that ONLY reads the configuration files but doesn't try to resolve any of the inheritances, and resolve_config which resolves the inheritance chain of a given target. Move them to the bottom of Configure, with the rest of the helpers. Have a new small hash table, %target, which will hold the values for the target the user requested. This also means that all access to the current target data can be reduced from '$table{$target}->{key}' to a mere '$target{key}'. While we're at it, the old string formatted configurations are getting obsolete, so they may as well get deprecated entirely. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
# resolve_config(target)
#
various spelling fixes Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
7 years ago
# Resolves all the late evaluations, inheritances and so on for the
Refactor config - split read_config into read_config and resolve_config Split the read_config function into read_config that ONLY reads the configuration files but doesn't try to resolve any of the inheritances, and resolve_config which resolves the inheritance chain of a given target. Move them to the bottom of Configure, with the rest of the helpers. Have a new small hash table, %target, which will hold the values for the target the user requested. This also means that all access to the current target data can be reduced from '$table{$target}->{key}' to a mere '$target{key}'. While we're at it, the old string formatted configurations are getting obsolete, so they may as well get deprecated entirely. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
# chosen target and any target it inherits from.
sub resolve_config;
Add base template processing. Base templates are templates that are used to inherit from. They can loosely be compared with parent class inheritance in object orientation. They can be used for the same purpose as the variables with multi-field strings are used in old-style string configurations. Base templates are declared with the base_templates configuration attribute, like so: "example_target" => { base_templates => [ "x86_asm", ... ] ... } Note: The value of base_templates MUST be an array reference (an array enclosed in square brackets). Any configuration target can be used as a base template by another. It is also possible to have a target that's a pure template and not meant to be used directly as a configuration target. Such a target is marked with the template configuration attribute, like so: "example_template" => { template => 1, cc => "mycc", ... }, As part of this commit, all variables with multi-field strings have been translated to pure templates. The variables currently remain since we can't expect people to shift to hash table configurations immediately. Reviewed-by: Andy Polyakov <appro@openssl.org>
8 years ago
Update from 1.0.0-stable
14 years ago
Refactor file writing - Remake Makefile.org into a template It is time for Makefile.org to fold into the new regime and have a run through util/dofile.pl. This forces some information out of there and into Configure, which isn't a bad thing, it makes Configure increasingly the center of build information, which is as it should be. A few extra defaults were needed in the BASE template to get rid of warnings about missing values. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years ago
# Information collection #############################################
unified build scheme: a first introduction The "unified" build scheme revolves around small information files, build.info, which each describe their own bit of everything that needs to be built, using a mini-language described in Configurations/README. The information in build.info file contain references to source files and final result. Object files are not mentioned at all, they are simply from source files. Because of this, all the *_obj items in Configurations/*.conf are renamed to *_asm_src and the files listed in the values are change from object files to their corresponding source files. For the sake of the other build schemes, Configure generates corresponding *_obj entries in %target. Furthermore, the "unified" build scheme supports having a build directory tree separate from the source directry tree. All paths in a build.info file is assumed to be relative to its location, either within the source tree or within the build tree. Reviewed-by: Andy Polyakov <appro@openssl.org>
7 years ago
# Unified build supports separate build dir
Use rel2abs() on VMS, rather than realpath() It seems realpath() is quite buggy on VMS, or will at least give quite surprising results. On the other hand, realpath() is the better on Unix to clean out clutter like foo/../bar on Unix. So we make out own function to get the absolute directory for a given input, and use rel2abs() or realpath() depending on the platform Configure runs on. Issue reported by Steven M. Schweda <sms@antinode.info> Reviewed-by: Andy Polyakov <appro@openssl.org>
7 years ago
my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax
my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax
Configure: Check source and build dir equality a little more thoroughly 'absolutedir' does a thorough job ensuring that we have a "real" path to both source and build directory, unencumbered by symbolic links. However, that isn't enough on case insensitive file systems on Unix flavored platforms, where it's possible to stand in, for example, /PATH/TO/Work/openssl, and then do this: perl ../../work/openssl/Configure ... and thereby having it look like the source directory and the build directory aren't the same. We solve this by having a closer look at the computed source and build directories, and making sure they are exactly the same strings if they are in fact the same directory. This is especially important when making symbolic links based on this directories, but may have other ramifications as well. Fixes #12323 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12337)
3 years ago
# File::Spec::Unix doesn't detect case insensitivity, so we make sure to
# check if the source and build directory are really the same, and make
# them so. This avoids all kinds of confusion later on.
# We must check @File::Spec::ISA rather than using File::Spec->isa() to
# know if File::Spec ended up loading File::Spec::Unix.
$srcdir = $blddir
if (grep(/::Unix$/, @File::Spec::ISA)
&& samedir($srcdir, $blddir));
unified build scheme: a first introduction The "unified" build scheme revolves around small information files, build.info, which each describe their own bit of everything that needs to be built, using a mini-language described in Configurations/README. The information in build.info file contain references to source files and final result. Object files are not mentioned at all, they are simply from source files. Because of this, all the *_obj items in Configurations/*.conf are renamed to *_asm_src and the files listed in the values are change from object files to their corresponding source files. For the sake of the other build schemes, Configure generates corresponding *_obj entries in %target. Furthermore, the "unified" build scheme supports having a build directory tree separate from the source directry tree. All paths in a build.info file is assumed to be relative to its location, either within the source tree or within the build tree. Reviewed-by: Andy Polyakov <appro@openssl.org>
7 years ago
my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl"));
Add the possibility to have an extra local OpenSSL configs directory The environment variable OPENSSL_LOCAL_CONFIG_DIR is used to indicate that there's a local directory with extra configuration files. Reviewed-by: Stephen Henson <steve@openssl.org>
7 years ago
my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR';
Configure: Check source and build dir equality a little more thoroughly 'absolutedir' does a thorough job ensuring that we have a "real" path to both source and build directory, unencumbered by symbolic links. However, that isn't enough on case insensitive file systems on Unix flavored platforms, where it's possible to stand in, for example, /PATH/TO/Work/openssl, and then do this: perl ../../work/openssl/Configure ... and thereby having it look like the source directory and the build directory aren't the same. We solve this by having a closer look at the computed source and build directories, and making sure they are exactly the same strings if they are in fact the same directory. This is especially important when making symbolic links based on this directories, but may have other ramifications as well. Fixes #12323 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12337)
3 years ago
$config{sourcedir} = abs2rel($srcdir, $blddir);
$config{builddir} = abs2rel($blddir, $blddir);
Add --fips-key configuration parameter to fipsinstall application. Change default FIPS HMAC KEY from all-zero's Use default FIPSKEY if not given on command line. Make all -macopt in fipsinstall optional Make all tests, except fipsinstall, use the default -macopt and -mac_name flags. Define and use FIPSDIR variable on VMS/MMS. Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12235)
3 years ago
# echo -n 'holy hand grenade of antioch' | openssl sha256
$config{FIPSKEY} =
'f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813';
unified build scheme: a first introduction The "unified" build scheme revolves around small information files, build.info, which each describe their own bit of everything that needs to be built, using a mini-language described in Configurations/README. The information in build.info file contain references to source files and final result. Object files are not mentioned at all, they are simply from source files. Because of this, all the *_obj items in Configurations/*.conf are renamed to *_asm_src and the files listed in the values are change from object files to their corresponding source files. For the sake of the other build schemes, Configure generates corresponding *_obj entries in %target. Furthermore, the "unified" build scheme supports having a build directory tree separate from the source directry tree. All paths in a build.info file is assumed to be relative to its location, either within the source tree or within the build tree. Reviewed-by: Andy Polyakov <appro@openssl.org>
7 years ago
Configure: save away the value of OPENSSL_LOCAL_CONFIG_DIR for reconf Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
# Collect reconfiguration information if needed
my @argvcopy=@ARGV;
if (grep /^reconf(igure)?$/, @argvcopy) {
Configure: die if there are other arguments with 'reconf' It's better to inform the user about this than silently ignoring something that the user might expect to work, somehow. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4818)
6 years ago
die "reconfiguring with other arguments present isn't supported"
if scalar @argvcopy > 1;
Configure: save away the value of OPENSSL_LOCAL_CONFIG_DIR for reconf Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
if (-f "./configdata.pm") {
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
my $file = "./configdata.pm";
unless (my $return = do $file) {
die "couldn't parse $file: $@" if $@;
Configure: save away the value of OPENSSL_LOCAL_CONFIG_DIR for reconf Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
die "couldn't do $file: $!" unless defined $return;
die "couldn't run $file" unless $return;
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
}
Configure: save away the value of OPENSSL_LOCAL_CONFIG_DIR for reconf Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
@argvcopy = defined($configdata::config{perlargv}) ?
@{$configdata::config{perlargv}} : ();
die "Incorrect data to reconfigure, please do a normal configuration\n"
if (grep(/^reconf/,@argvcopy));
$config{perlenv} = $configdata::config{perlenv} // {};
Configure: save away the value of OPENSSL_LOCAL_CONFIG_DIR for reconf Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
} else {
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
die "Insufficient data to reconfigure, please do a normal configuration\n";
Configure: save away the value of OPENSSL_LOCAL_CONFIG_DIR for reconf Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
}
}
$config{perlargv} = [ @argvcopy ];
config, Configure: move the check of removed crypto/ sub-systems The 'config' script checked for a bunch of crypto/ sub-system directories, and added 'no-' options if they weren't there. We move it to 'Configure' in an effort to simplify 'config' for further work. Note: this is pretty much a historical thing. In modern OpenSSL, it's much simpler to edit the SUBDIRS statement in crypto/build.info. However, it's been claimed the there are those who still remove some of these sub-system sources. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11217)
3 years ago
# Historical: if known directories in crypto/ have been removed, it means
# that those sub-systems are disabled.
# (the other option would be to removed them from the SUBDIRS statement in
# crypto/build.info)
# We reverse the input list for cosmetic purely reasons, to compensate that
# 'unshift' adds at the front of the list (i.e. in reverse input order).
foreach ( reverse sort( 'aes', 'aria', 'bf', 'camellia', 'cast', 'des', 'dh',
'dsa', 'ec', 'hmac', 'idea', 'md2', 'md5', 'mdc2',
Drop OPENSSL_NO_RSA everywhere The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13700)
2 years ago
'rc2', 'rc4', 'rc5', 'ripemd', 'seed', 'sha',
config, Configure: move the check of removed crypto/ sub-systems The 'config' script checked for a bunch of crypto/ sub-system directories, and added 'no-' options if they weren't there. We move it to 'Configure' in an effort to simplify 'config' for further work. Note: this is pretty much a historical thing. In modern OpenSSL, it's much simpler to edit the SUBDIRS statement in crypto/build.info. However, it's been claimed the there are those who still remove some of these sub-system sources. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11217)
3 years ago
'sm2', 'sm3', 'sm4') ) {
unshift @argvcopy, "no-$_" if ! -d catdir($srcdir, 'crypto', $_);
}
Refactor file writing - Remake Makefile.org into a template It is time for Makefile.org to fold into the new regime and have a run through util/dofile.pl. This forces some information out of there and into Configure, which isn't a bad thing, it makes Configure increasingly the center of build information, which is as it should be. A few extra defaults were needed in the BASE template to get rid of warnings about missing values. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years ago
# Collect version numbers
Configure: get version from the file 'VERSION' instead of 'opensslv.h' 'VERSION' is a very easy file to parse, as opposed to a header file. We also have the benefit of holding the version information in one very well known place and can then generate all other version texts as we see fit, for example opensslv.h. Fixes #10203 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10205)
4 years ago
my %version = ();
Refactor file writing - Remake Makefile.org into a template It is time for Makefile.org to fold into the new regime and have a run through util/dofile.pl. This forces some information out of there and into Configure, which isn't a bad thing, it makes Configure increasingly the center of build information, which is as it should be. A few extra defaults were needed in the BASE template to get rid of warnings about missing values. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years ago
collect_information(
Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12109)
3 years ago
collect_from_file(catfile($srcdir,'VERSION.dat')),
Configure: get version from the file 'VERSION' instead of 'opensslv.h' 'VERSION' is a very easy file to parse, as opposed to a header file. We also have the benefit of holding the version information in one very well known place and can then generate all other version texts as we see fit, for example opensslv.h. Fixes #10203 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10205)
4 years ago
qr/\s*(\w+)\s*=\s*(.*?)\s*$/ =>
sub {
# Only define it if there is a value at all
Configure: Allow quoted values in VERSION Fixes #11618 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11624)
3 years ago
if ($2 ne '') {
my $k = $1;
my $v = $2;
# Some values are quoted. Trim the quotes
$v = $1 if $v =~ /^"(.*)"$/;
$version{uc $k} = $v;
}
Configure: get version from the file 'VERSION' instead of 'opensslv.h' 'VERSION' is a very easy file to parse, as opposed to a header file. We also have the benefit of holding the version information in one very well known place and can then generate all other version texts as we see fit, for example opensslv.h. Fixes #10203 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10205)
4 years ago
},
"OTHERWISE" =>
Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12109)
3 years ago
sub { die "Something wrong with this line:\n$_\nin $srcdir/VERSION.dat" },
Refactor file writing - Remake Makefile.org into a template It is time for Makefile.org to fold into the new regime and have a run through util/dofile.pl. This forces some information out of there and into Configure, which isn't a bad thing, it makes Configure increasingly the center of build information, which is as it should be. A few extra defaults were needed in the BASE template to get rid of warnings about missing values. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years ago
);
Configure: get version from the file 'VERSION' instead of 'opensslv.h' 'VERSION' is a very easy file to parse, as opposed to a header file. We also have the benefit of holding the version information in one very well known place and can then generate all other version texts as we see fit, for example opensslv.h. Fixes #10203 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10205)
4 years ago
$config{major} = $version{MAJOR} // 'unknown';
$config{minor} = $version{MINOR} // 'unknown';
$config{patch} = $version{PATCH} // 'unknown';
$config{prerelease} =
defined $version{PRE_RELEASE_TAG} ? "-$version{PRE_RELEASE_TAG}" : '';
$config{build_metadata} =
defined $version{BUILD_METADATA} ? "+$version{BUILD_METADATA}" : '';
$config{shlib_version} = $version{SHLIB_VERSION} // 'unknown';
$config{release_date} = $version{RELEASE_DATE} // 'xx XXX xxxx';
Refactor file writing - Remake Makefile.org into a template It is time for Makefile.org to fold into the new regime and have a run through util/dofile.pl. This forces some information out of there and into Configure, which isn't a bad thing, it makes Configure increasingly the center of build information, which is as it should be. A few extra defaults were needed in the BASE template to get rid of warnings about missing values. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years ago
Configure: fix the version string in the configure output Since `$config{version}` and `$config{version_num}` were removed in commit 3a63dbef15b6, the configure output displays an empty version number string in parentheses instead of the version number. This pull request fixes that by adding new config variables `version` and `full_version`, analogous to `OPENSSL_VERSION_STR` and `OPENSSL_FULL_VERSION_STR`. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7841)
5 years ago
$config{version} = "$config{major}.$config{minor}.$config{patch}";
$config{full_version} = "$config{version}$config{prerelease}$config{build_metadata}";
Rename NOTES*, README*, VERSION, HACKING, LICENSE to .md or .txt Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12109)
3 years ago
die "erroneous version information in VERSION.dat: ",
Configure: get version from the file 'VERSION' instead of 'opensslv.h' 'VERSION' is a very easy file to parse, as opposed to a header file. We also have the benefit of holding the version information in one very well known place and can then generate all other version texts as we see fit, for example opensslv.h. Fixes #10203 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10205)
4 years ago
"$config{version}, $config{shlib_version}\n"
unless (defined $version{MAJOR}
&& defined $version{MINOR}
&& defined $version{PATCH}
&& defined $version{SHLIB_VERSION});
Refactor file writing - Remake Makefile.org into a template It is time for Makefile.org to fold into the new regime and have a run through util/dofile.pl. This forces some information out of there and into Configure, which isn't a bad thing, it makes Configure increasingly the center of build information, which is as it should be. A few extra defaults were needed in the BASE template to get rid of warnings about missing values. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years ago
# Collect target configurations
Use a simpler method to build a glob than splitpath and catpath It turns out that the combination splitpath() could return an empty string for the directory part. This doesn't play well with catdir(). Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
my $pattern = catfile(dirname($0), "Configurations", "*.conf");
Configure,test/recipes: "pin" glob to File::Glob::glob. As it turns out default glob's behaviour for quoted argument varies from version to version, making it impossible to Configure or run tests in some cases. The reason for quoting globs was to accommodate source path with spaces in its name, which was treated by default glob as multiple paths. File::Glob::glob on the other hand doesn't consider spaces as delimiters and therefore works with unquoted patterns. [Unfortunaltely File::Glob::glob, being too csh-ly, doesn't work on VMS, hence the "pinning" is conditional.] Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
foreach (sort glob($pattern)) {
Move build config table to separate files. Move the build configuration table into separate files. The Configurations file is standard configs, and Configurations.team is for openssl-team members. Any other file, Configurations*, found in the same directory as the Configure script, is loaded. To add another file, use --config=FILE flags (which should probably be an absolute path). Written by Stefen Eissing <stefan.eissing@greenbytes.de> and Rich Salz <rsalz@openssl.org>, contributed by Akamai Technologies. Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
&read_config($_);
}
Import of old SSLeay release: SSLeay 0.8.1b
25 years ago
Save away the environment variables we rely on There are cases when we overwrite %ENV values, and while this is perfectly fine on some platforms, it isn't on others, because the Configure script isn't necessarely run in a separate process, and thus, changing %ENV may very well change the environment of the calling shell. VMS is such a platform. Furthermore, saving away values that we use also allow us to save them in configdata.pm in an effective way, and recall those values just as effectively when reconfiguring. Also, this makes sure that we do use the saved away values when reconfiguring, when the actual environment variables might otherwise affect us. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4818)
6 years ago
if (defined env($local_config_envname)) {
Add the possibility to have an extra local OpenSSL configs directory The environment variable OPENSSL_LOCAL_CONFIG_DIR is used to indicate that there's a local directory with extra configuration files. Reviewed-by: Stephen Henson <steve@openssl.org>
7 years ago
if ($^O eq 'VMS') {
# VMS environment variables are logical names,
# which can be used as is
$pattern = $local_config_envname . ':' . '*.conf';
} else {
Save away the environment variables we rely on There are cases when we overwrite %ENV values, and while this is perfectly fine on some platforms, it isn't on others, because the Configure script isn't necessarely run in a separate process, and thus, changing %ENV may very well change the environment of the calling shell. VMS is such a platform. Furthermore, saving away values that we use also allow us to save them in configdata.pm in an effective way, and recall those values just as effectively when reconfiguring. Also, this makes sure that we do use the saved away values when reconfiguring, when the actual environment variables might otherwise affect us. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4818)
6 years ago
$pattern = catfile(env($local_config_envname), '*.conf');
Add the possibility to have an extra local OpenSSL configs directory The environment variable OPENSSL_LOCAL_CONFIG_DIR is used to indicate that there's a local directory with extra configuration files. Reviewed-by: Stephen Henson <steve@openssl.org>
7 years ago
}
Configure,test/recipes: "pin" glob to File::Glob::glob. As it turns out default glob's behaviour for quoted argument varies from version to version, making it impossible to Configure or run tests in some cases. The reason for quoting globs was to accommodate source path with spaces in its name, which was treated by default glob as multiple paths. File::Glob::glob on the other hand doesn't consider spaces as delimiters and therefore works with unquoted patterns. [Unfortunaltely File::Glob::glob, being too csh-ly, doesn't work on VMS, hence the "pinning" is conditional.] Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
foreach (sort glob($pattern)) {
Add the possibility to have an extra local OpenSSL configs directory The environment variable OPENSSL_LOCAL_CONFIG_DIR is used to indicate that there's a local directory with extra configuration files. Reviewed-by: Stephen Henson <steve@openssl.org>
7 years ago
&read_config($_);
}
}
Have configdata.pm display information on perl Specifically, the specific perl that was used to run Configure Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5247)
5 years ago
# Save away perl command information
$config{perl_cmd} = $^X;
$config{perl_version} = $Config{version};
$config{perl_archname} = $Config{archname};
Refactor file writing - introduce template driven file writing apps/CA.pl and tools/c_rehash are built from template files. So far, this was done by Configure, which created its own problems as it forced everyone to reconfigure just because one of the template files had changed. Instead, have those files created as part of the normal build in apps/ and in tools/. Furthermore, this prepares for a future where Configure may produce entirely other build files than Makefile, and the latter can't be guaranteed to be the holder of all information for other scripts. Instead, configdata.pm (described below) becomes the center of configuration information. This introduces a few new things: %config a hash table to hold all kinds of configuration data that can be used by any other script. configdata.pm a perl module that Configure writes. It currently holds the hash tables %config and %target. util/dofile.pl a script that takes a template on STDIN and outputs the result after applying configuration data on it. It's supposed to be called like this: perl -I$(TOP) -Mconfigdata < template > result or perl -I$(TOP) -Mconfigdata templ1 templ2 ... > result Note: util/dofile.pl requires Text::Template. As part of this changed, remove a number of variables that are really just copies of entries in %target, and use %target directly. The exceptions are $target{cflags} and $target{lflags}, they do get copied to $cflags and $lflags. The reason for this is that those variable potentially go through a lot of changes and would rather deserve a place in %config. That, however, is for another commit. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
$config{prefix}="";
$config{openssldir}="";
Refactor file writing - rewrite crypto/opensslconf.h.in as template The turn has come to have crypto/opensslconf.h.in get run through util/dofile.pl. The consequence is that a large number of variables get moved to the %config table. Also, the string variables $openssl_*, which were populated with cpp lines, all being of the form "#define SOMETHING", were converted into ARRAY refs in %config values, containing just the list of macros to be defined. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
$config{processor}="";
Refactor file writing - Remake Makefile.org into a template It is time for Makefile.org to fold into the new regime and have a run through util/dofile.pl. This forces some information out of there and into Configure, which isn't a bad thing, it makes Configure increasingly the center of build information, which is as it should be. A few extra defaults were needed in the BASE template to get rid of warnings about missing values. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years ago
$config{libdir}="";
Configure - Get rid of the special thread_cflag, replace with thread_scheme The thread_cflag setting filled a double role, as kinda sorta an indicator of thread scheme, and as cflags. Some configs also added lflags and ex_libs for multithreading regardless of if threading would be enabled or not. Instead of this, add threading cflags among in the cflag setting, threading lflags in the lflag setting and so on if and only if threads are enabled (which they are by default). Also, for configs where there are no special cflags for threading (the VMS configs are of that kind), this makes it possible to still clearly mention what thread scheme is used. The exact value of thread scheme is currently ignored except when it's "(unknown)", and thereby only serves as a flag to tell if we know how to build for multi-threading in a particular config. Yet, the currently used values are "(unknown)", "pthreads", "uithreads" (a.k.a solaris threads) and "winthreads". Reviewed-by: Andy Polyakov <appro@openssl.org>
7 years ago
my $auto_threads=1; # enable threads automatically? true by default
Workaround for solaris64 linking problem (explicit "ar rs" is needed to create a symbol table). Sun patches such as 109147-06 probably fix this problem, but we can easily avoid it.
23 years ago
my $default_ranlib;
Refactor file writing - Remake Makefile.org into a template It is time for Makefile.org to fold into the new regime and have a run through util/dofile.pl. This forces some information out of there and into Configure, which isn't a bad thing, it makes Configure increasingly the center of build information, which is as it should be. A few extra defaults were needed in the BASE template to get rid of warnings about missing values. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years ago
Support disabling any or all TLS or DTLS versions Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just TLS 1.2. In the future they might want to disable TLS 1.2 and enable just TLS 1.3, ... This commit makes it possible to disable any or all of the TLS or DTLS protocols. It also considerably simplifies the SSL/TLS tests, by auto-generating the min/max version tests based on the set of supported protocols (425 explicitly written out tests got replaced by two loops that generate all 425 tests if all protocols are enabled, fewer otherwise). Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
# Known TLS and DTLS protocols
Update Configure to know about tls1_3 Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is because this is a WIP and will not be interoperable with any other TLS1.3 implementation. Finally, we fix some tests that started failing when TLS1.3 was disabled by default. Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);
Support disabling any or all TLS or DTLS versions Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just TLS 1.2. In the future they might want to disable TLS 1.2 and enable just TLS 1.3, ... This commit makes it possible to disable any or all of the TLS or DTLS protocols. It also considerably simplifies the SSL/TLS tests, by auto-generating the min/max version tests based on the set of supported protocols (425 explicitly written out tests got replaced by two loops that generate all 425 tests if all protocols are enabled, fewer otherwise). Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
my @dtls = qw(dtls1 dtls1_2);
various spelling fixes Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/952)
7 years ago
# Explicitly known options that are possible to disable. They can
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
# be regexps, and will be used like this: /^no-${option}$/
# For developers: keep it sorted alphabetically
my @disablables = (
Add ACVP fips module tests For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests. This PR uses a hardwired subset of these test vectors to perform similiar operations, to show the usage and prove that the API's are able to perform the required operations. It may also help with communication with the lab (i.e- The lab could add a test here to show a unworking use case - which we can then address). The EVP layer performs these tests instead of calling lower level API's as was done in the old FOM. Some of these tests require access to internals that are not normally allowed/required. The config option 'acvp_tests' (enabled by default) has been added so that this access may be removed. The mechanism has been implemented as additional OSSL_PARAM values that can be set and get. A callback mechanism did not seem to add any additional benefit. These params will not be added to the gettables lists. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11572)
3 years ago
"acvp_tests",
Disable afalg when engine is disabled. Also make it possible to disable afalg separately. we still need to update config again Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
"afalgeng",
Implementation of the ARIA cipher as described in RFC 5794. This implementation is written in endian agnostic C code. No attempt at providing machine specific assembly code has been made. This implementation expands the evptests by including the test cases from RFC 5794 and ARIA official site rather than providing an individual test case. Support for ARIA has been integrated into the command line applications, but not TLS. Implemented modes are CBC, CFB1, CFB8, CFB128, CTR, ECB and OFB128. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2337)
6 years ago
"aria",
Add fuzzing! Reviewed-by: Emilia Käsper <emilia@openssl.org>
7 years ago
"asan",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"asm",
Add option to disable async Add no-async option to Configure that forces ASYNC_NULL. Related to RT1979 An embedded system or replacement C library (e.g. musl or uClibc) may not support the *context APIs that are needed for async operation. Compiles with musl. Ran unit tests, async tests skipped as expected. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
7 years ago
"async",
Provide framework for auto initialise/deinitialise of the library This commit provides the basis and core code for an auto initialisation and deinitialisation framework for libcrypto and libssl. The intention is to remove the need (in many circumstances) to call explicit initialise and deinitialise functions. Explicit initialisation will still be an option, and if non-default initialisation is needed then it will be required. Similarly for de-initialisation (although this will be a lot easier since it will bring all de-initialisation into a single function). Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
"autoalginit",
Add an OPENSSL_NO_AUTOERRINIT option This option disables automatic loading of the crypto/ssl error strings in order to keep statically linked executable file size down Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
"autoerrinit",
Add a config option to disable automatic config loading ./config no-autoload-config Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5959)
5 years ago
"autoload-config",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"bf",
Add blake2 support. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
"blake2",
Configure: make C++ build tests optional and configurable Disabled by default Fixes #8360 Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8370)
4 years ago
"buildtest-c++",
{.travis,ci,appveyor}.yml: Make minimal config consistent, add no-deprecated no-ec no-ktls no-siv This works nicely by addin a new no-bulk option to Configure. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13110)
3 years ago
"bulk",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"camellia",
"capieng",
"cast",
Configure: make no-chacha and no-poly1305 work. Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
"chacha",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"cmac",
Clear CRMF vs CMP confusion In the development of the CRMF sub-system, there seems to have been some confusion as to what configuration option should be used. 'no-crmf' was added, but the C macro guards were using OPENSSL_NO_CMP rather than OPENSSL_NO_CRMF... In fact, we want 'no-cmp', but since the CRMF code is part of CMP, we need 'no-crmf' to depend on 'no-cmp'. We do this by making 'crmf' a silent "option" that get affected by 'cmp' by way of %disable_cascades. This allows options to be "aliases" for a set of other ones, silent or not. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8897)
4 years ago
"cmp",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"cms",
"comp",
Adds crypto-mdebug as a valid option Adds crypto-mdebug as a valid option. Fixes https://github.com/openssl/openssl/issues/537 Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
7 years ago
"crypto-mdebug",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"ct",
"deprecated",
"des",
Add new /dev/crypto engine Based on cryptodev-linux Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3744)
6 years ago
"devcryptoeng",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"dgram",
"dh",
"dsa",
Fix building statically without any dso support Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9895)
4 years ago
"dso",
Use OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1 Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
"dtls",
Build dynamic engines even if configured "no-shared" Until now, the engines in engines/ were only built as dynamicaly loadable ones if shared libraries were built. We not dissociate the two and can build dynamicaly loadable engines even if we only build static libcrypto and libssl. This is controlled with the option (enable|disable|no)-static-engine, defaulting to no-static-engine. Note that the engines in crypto/engine/ (dynamic and cryptodev) will always be built into libcrypto. Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
"dynamic-engine",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"ec",
"ec2m",
Support disabling any or all TLS or DTLS versions Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just TLS 1.2. In the future they might want to disable TLS 1.2 and enable just TLS 1.3, ... This commit makes it possible to disable any or all of the TLS or DTLS protocols. It also considerably simplifies the SSL/TLS tests, by auto-generating the min/max version tests based on the set of supported protocols (425 explicitly written out tests got replaced by two loops that generate all 425 tests if all protocols are enabled, fewer otherwise). Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
"ecdh",
"ecdsa",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"ec_nistp_64_gcc_128",
If egd is disabled by default, it should be possible to enable Reviewed-by: Andy Polyakov <appro@openssl.org>
7 years ago
"egd",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"engine",
RT4310: Fix varous no-XXX builds When OPENSSL_NO_ASYNC is set, make ASYNC_{un,}block_pause() do nothing. This prevents md_rand.c from failing to build. Probably better to do it this way than to wrap every instance in an explicit #ifdef. A bunch of new socket code got added to a new file crypto/bio/b_addr.c. Make it all go away if OPENSSL_NO_SOCK is defined. Allow configuration with no-ripemd, no-ts, no-ui We use these for the UEFI build. Also remove the 'Really???' comment from no-err and no-locking. We use those too. We need to drop the crypto/engine directory from the build too, and also set OPENSSL_NO_ENGINE Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
7 years ago
"err",
Control building of ossl_shim through Configure Don't build ossl_shim by default. Switch it on through enable-external-tests. Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
"external-tests",
RT3628: Allow filenames to be eliminated from compiled library Although I explicitly don't care about the tinfoil-hat reason given in the initial opening of RT#3628, that "paths usually contain private information", there *are* situations where it's useful to eliminate the filenames from the compiled binary. The two reasons we do care about in the context of firmware such as EDK2 are that it allows for a smaller footprint, and it is also a necessary component of a binary-reproducible build. To that end, introduce OPENSSL_FILE and OPENSSL_LINE macros, defining them to __FILE__ and __LINE__ respectively in the normal case, but to "" and 0 when OPENSSL_NO_FILENAMES is set. This is mostly a naïve invocation of $ sed 's/__\([FL]I[NL]E\)__/OPENSSL_\1/g' -i `git grep -l __LINE__` but with a few instances change to just print the function name instead (although those probably need to die anyway) and test cases left untouched. Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
8 years ago
"filenames",
Add a no-fips Configure option Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8537)
4 years ago
"fips",
Add 'fips-securitychecks' option and plumb this into the actual fips checks Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12745)
3 years ago
"fips-securitychecks",
Add support for fuzzing with AFL Reviewed-by: Ben Laurie <ben@links.org> MR: #2740
7 years ago
"fuzz-libfuzzer",
"fuzz-afl",
Fix no-gost Configure had the wrong name for the no-gost option. Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
"gost",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"idea",
Deprecate most of debug-memory Fixes #8322 The leak-checking (and backtrace option, on some platforms) provided by crypto-mdebug and crypto-mdebug-backtrace have been mostly neutered; only the "make malloc fail" capability remains. OpenSSL recommends using the compiler's leak-detection instead. The OPENSSL_DEBUG_MEMORY environment variable is no longer used. CRYPTO_mem_ctrl(), CRYPTO_set_mem_debug(), CRYPTO_mem_leaks(), CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return a failure code. CRYPTO_mem_debug_{malloc,realloc,free}() have been removed. All of the above are now deprecated. Merge (now really small) mem_dbg.c into mem.c Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10572)
4 years ago
"ktls",
Add a legacy provider and put MD2 in it Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8541)
4 years ago
"legacy",
Add the configure option 'no-makedepend' If no makedepend program or equaly capable compiler is present, 'makedepend' gets disabled automatically. Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
"makedepend",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"md2",
"md4",
"mdc2",
Configuration / build: make it possible to disable building of modules While we're at it, sort out inconsistencies with the build of modules: - not building shared libraries means not building dynamic engines. However, other modules may still be built. - not having DSO functionality doesn't mean not to build modules (even though we can't use them from apps linked with libraries that are built this way). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8623)
4 years ago
"module",
Add memory sanitizer config, and run on travis. Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
"msan",
Fix building without multiblock support Not all platforms support multiblock. Building without it fails prior to this fix. RT#4396 Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
"multiblock",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"nextprotoneg",
Introduce a no-pinshared option This option prevents OpenSSL from pinning itself in memory. Fixes #7598 [extended tests] Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7647)
5 years ago
"pinshared",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"ocb",
"ocsp",
Deprecate the "hw" configuration options, make "padlockeng" disablable The "hw" and "hw-.*" style options are historical artifacts, sprung from the time when ENGINE was first designed, with hardware crypto accelerators and HSMs in mind. Today, these options have largely lost their value, replaced by options such as "no-{foo}eng" and "no-engine". This completes the transition by making "hw" and "hw-.*" deprecated, but automatically translated into more modern variants of the same. In the process, we get rid of the last regular expression in Configure's @disablables, a feature that was ill supported anyway. Also, padlock now gets treated just as every other engine. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8380)
4 years ago
"padlockeng",
Introduce the "pic" / "no-pic" config option Building shared libraries or not is not the same as building position independent code or not. It's true that if you don't build PIC, you can't build shared libraries. However, you may very well want to build only static libraries but still want PIC code. Therefore, we introduce a new configuration option "pic", which is enabled by default or explicitely with "enable-pic", or disabled with "no-pic" or "disable-pic". Of course, if "pic" is disabled, "shared" and "dynamic-engine" are automatically disabled as well. Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
"pic",
Configure: make no-chacha and no-poly1305 work. Reviewed-by: Richard Levitte <levitte@openssl.org>
8 years ago
"poly1305",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"posix-io",
"psk",
"rc2",
"rc4",
"rc5",
"rdrand",
"rfc3779",
"rmd160",
"scrypt",
"sctp",
Make secure-memory be a config option Adding support for "no-secure-memory" was simple, a one-liner. Fixing all the "ifdef OPENSSL_SECURE_MEMORY" to be "ifndef NO_xxx" was a bit more work. My original goof, for not following the OpenSSL pattern "ifndef NO_" used everywhere else. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/11023)
3 years ago
"secure-memory",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"seed",
"shared",
Add support for parameterized SipHash The core SipHash supports either 8 or 16-byte output and a configurable number of rounds. The default behavior, as added to EVP, is to use 16-byte output and 2,4 rounds, which matches the behavior of most implementations. There is an EVP_PKEY_CTRL that can control the output size. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2216)
6 years ago
"siphash",
Add RFC5297 AES-SIV support Based originally on github.com/dfoxfranke/libaes_siv This creates an SIV128 mode that uses EVP interfaces for the CBC, CTR and CMAC code to reduce complexity at the cost of perfomance. The expected use is for short inputs, not TLS-sized records. Add multiple AAD input capacity in the EVP tests. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/3540)
6 years ago
"siv",
Fix no-sm2 Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5673)
5 years ago
"sm2",
SM3: Add SM3 hash function SM3 is a secure hash function which is part of the Chinese "Commercial Cryptography" suite of algorithms which use is required for certain commercial applications in China. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4616)
6 years ago
"sm3",
SM4: Add SM4 block cipher to EVP Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/4552)
6 years ago
"sm4",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"sock",
"srp",
"srtp",
"sse2",
"ssl",
"ssl-trace",
"static-engine",
"stdio",
Make it possible to disable building and running tests Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1514)
7 years ago
"tests",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"threads",
"tls",
Make it possible to disable the TRACE API This disabled the tracing functionality by making functions do nothing, and making convenience macros produce dead code. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8198)
5 years ago
"trace",
RT4310: Fix varous no-XXX builds When OPENSSL_NO_ASYNC is set, make ASYNC_{un,}block_pause() do nothing. This prevents md_rand.c from failing to build. Probably better to do it this way than to wrap every instance in an explicit #ifdef. A bunch of new socket code got added to a new file crypto/bio/b_addr.c. Make it all go away if OPENSSL_NO_SOCK is defined. Allow configuration with no-ripemd, no-ts, no-ui We use these for the UEFI build. Also remove the 'Really???' comment from no-err and no-locking. We use those too. We need to drop the crypto/engine directory from the build too, and also set OPENSSL_NO_ENGINE Signed-off-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
7 years ago
"ts",
Add fuzzing! Reviewed-by: Emilia Käsper <emilia@openssl.org>
7 years ago
"ubsan",
Remove the possibility to disable the UI module entirely Instead, make it possible to disable the console reader that's part of the UI module. This makes it possible to use the UI API and other UI methods in environments where the console reader isn't useful. To disable the console reader, configure with 'no-ui-console' / 'disable-ui-console'. 'no-ui' / 'disable-ui' is now an alias for 'no-ui-console' / 'disable-ui-console'. Fixes #3806 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3820)
6 years ago
"ui-console",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"unit-test",
Improve the Windows OneCore target support. (Add targets for building libraries for Windows Store apps.) Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8917)
4 years ago
"uplink",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"whirlpool",
Don't build RC4 ciphersuites into libssl by default RC4 based ciphersuites in libssl have been disabled by default. They can be added back by building OpenSSL with the "enable-weak-ssl-ciphers" Configure option at compile time. Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
"weak-ssl-ciphers",
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
"zlib",
"zlib-dynamic",
);
Support disabling any or all TLS or DTLS versions Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just TLS 1.2. In the future they might want to disable TLS 1.2 and enable just TLS 1.3, ... This commit makes it possible to disable any or all of the TLS or DTLS protocols. It also considerably simplifies the SSL/TLS tests, by auto-generating the min/max version tests based on the set of supported protocols (425 explicitly written out tests got replaced by two loops that generate all 425 tests if all protocols are enabled, fewer otherwise). Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
foreach my $proto ((@tls, @dtls))
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
{
push(@disablables, $proto);
push(@disablables, "$proto-method") unless $proto eq "tls1_3";
}
Add an explicit list of options that can be disabled, enabled, ... Configure has, so far, had no control at all of which 'no-' options it can be given. This means that, for example, someone could configure with something absurd like 'no-stack' and then watch the build crumble to dust... or file a bug report. This introduces some sanity into the possible choices. The added list comes from looking for the explicit ones used in Configure, and from grepping after OPENSSL_NO_ in all source files. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
Clear CRMF vs CMP confusion In the development of the CRMF sub-system, there seems to have been some confusion as to what configuration option should be used. 'no-crmf' was added, but the C macro guards were using OPENSSL_NO_CMP rather than OPENSSL_NO_CRMF... In fact, we want 'no-cmp', but since the CRMF code is part of CMP, we need 'no-crmf' to depend on 'no-cmp'. We do this by making 'crmf' a silent "option" that get affected by 'cmp' by way of %disable_cascades. This allows options to be "aliases" for a set of other ones, silent or not. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8897)
4 years ago
# Internal disablables, for aliasing purposes. They serve no special
# purpose here, but allow scripts to get to know them through configdata.pm,
# where these are merged with @disablables.
# The actual aliasing mechanism is done via %disable_cascades
my @disablables_int = qw(
crmf
);
no-ripemd is an alias for no-rmd160 mkdef.pl was failing to understand no-ripemd. This is a deprecated option which should act as an alias for no-rmd160. Reviewed-by: Richard Levitte <levitte@openssl.org>
7 years ago
my %deprecated_disablables = (
"ssl2" => undef,
"buf-freelists" => undef,
Deprecated crypto-mdebug-backtrace Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/10572)
4 years ago
"crypto-mdebug-backtrace" => undef,
Deprecate the "hw" configuration options, make "padlockeng" disablable The "hw" and "hw-.*" style options are historical artifacts, sprung from the time when ENGINE was first designed, with hardware crypto accelerators and HSMs in mind. Today, these options have largely lost their value, replaced by options such as "no-{foo}eng" and "no-engine". This completes the transition by making "hw" and "hw-.*" deprecated, but automatically translated into more modern variants of the same. In the process, we get rid of the last regular expression in Configure's @disablables, a feature that was ill supported anyway. Also, padlock now gets treated just as every other engine. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8380)
4 years ago
"hw" => "hw", # causes cascade, but no macro
"hw-padlock" => "padlockeng",
Remove the possibility to disable the UI module entirely Instead, make it possible to disable the console reader that's part of the UI module. This makes it possible to use the UI API and other UI methods in environments where the console reader isn't useful. To disable the console reader, configure with 'no-ui-console' / 'disable-ui-console'. 'no-ui' / 'disable-ui' is now an alias for 'no-ui-console' / 'disable-ui-console'. Fixes #3806 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3820)
6 years ago
"ripemd" => "rmd160",
"ui" => "ui-console",
Restore the "heartbeats" configuration option among the deprecated Removing the option entirely would break builds unnecessarily, so let's make it deprecated. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8632)
4 years ago
"heartbeats" => undef,
Get back "ssl2" as a deprecated disablable option Preserved for now for those who have scripts with the option "no-ssl2". We warn that it's deprecated, and ignore it otherwise. In response to RT#4330 Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
);
Fix minor typo in comment in Configure Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5825)
5 years ago
# All of the following are disabled by default:
Change ./Configure so that certain algorithms can be disabled by default. This is now the case for RC5. As a side effect, the OPTIONS in the Makefile will usually look a little different now, but they are essentially only for information anyway.
19 years ago
Expose %disables to the perl fragments in build.info files. This way, we can use them as conditions instead of relying to more or less obscure aliases in %config or variables directly in Configure. Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
our %disabled = ( # "what" => "comment"
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
"asan" => "default",
"buildtest-c++" => "default",
"crypto-mdebug" => "default",
"crypto-mdebug-backtrace" => "default",
"devcryptoeng" => "default",
"ec_nistp_64_gcc_128" => "default",
"egd" => "default",
"external-tests" => "default",
"fuzz-libfuzzer" => "default",
"fuzz-afl" => "default",
"md2" => "default",
Add memory sanitizer config, and run on travis. Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
"msan" => "default",
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
"rc5" => "default",
"sctp" => "default",
"ssl-trace" => "default",
"ssl3" => "default",
"ssl3-method" => "default",
"trace" => "default",
"ubsan" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"zlib-dynamic" => "default",
"ktls" => "default",
);
Change ./Configure so that certain algorithms can be disabled by default. This is now the case for RC5. As a side effect, the OPTIONS in the Makefile will usually look a little different now, but they are essentially only for information anyway.
19 years ago
Refactor config - consolidate handling of disabled stuff It's time to refactor the handling of %disabled so that all information of value is in the same place. We have so far had a few cascading disable rules in form of code, far away from %disabled. Instead, bring that information to the array @disable_cascade, which is a list of pairs of the form 'test => descendents'. The test part can be a string, and it's simply checked if that string is a key in %disabled, or it can be a CODEref to do a more complex test. If the test comes true, then all descendents are disabled. This check is performed until there are no more things that need to be disabled. Also, $default_depflags is constructed from the information in %disabled instead of being a separate string. While a string of its own is visually appealing, it's much too easy to forget to update it when something is changed in %disabled. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years ago
# Note: => pair form used for aesthetics, not to truly make a hash table
my @disable_cascades = (
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
# "what" => [ "cascade", ... ]
GitHub CI: Separate no-deprecated job from minimal job Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13706)
2 years ago
"bulk" => [ "shared", "dso",
{.travis,ci,appveyor}.yml: Make minimal config consistent, add no-deprecated no-ec no-ktls no-siv This works nicely by addin a new no-bulk option to Configure. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13110)
3 years ago
"aria", "async", "autoload-config",
"blake2", "bf", "camellia", "cast", "chacha",
"cmac", "cms", "cmp", "comp", "ct",
"des", "dgram", "dh", "dsa",
"ec", "engine",
"filenames",
"idea", "ktls",
"md4", "multiblock", "nextprotoneg",
"ocsp", "ocb", "poly1305", "psk",
"rc2", "rc4", "rmd160",
"seed", "siphash", "siv",
"sm3", "sm4", "srp",
"srtp", "ssl3-method",
"ts", "ui-console", "whirlpool",
"fips-securitychecks" ],
Refactor file writing - rewrite crypto/opensslconf.h.in as template The turn has come to have crypto/opensslconf.h.in get run through util/dofile.pl. The consequence is that a large number of variables get moved to the %config table. Also, the string variables $openssl_*, which were populated with cpp lines, all being of the form "#define SOMETHING", were converted into ARRAY refs in %config values, containing just the list of macros to be defined. Reviewed-by: Rich Salz <rsalz@openssl.org>
8 years ago
sub { $config{processor} eq "386" }
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
=> [ "sse2" ],
"ssl" => [ "ssl3" ],
"ssl3-method" => [ "ssl3" ],
"zlib" => [ "zlib-dynamic" ],
"des" => [ "mdc2" ],
{.travis,ci,appveyor}.yml: Make minimal config consistent, add no-deprecated no-ec no-ktls no-siv This works nicely by addin a new no-bulk option to Configure. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13110)
3 years ago
"ec" => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost" ],
Fix no-ec with no-dh Make sure that the combination of no-ec with no-dh builds successfully. If neither ec or dh are available then TLSv1.3 is not possible. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9156)
4 years ago
sub { $disabled{"ec"} && $disabled{"dh"} }
=> [ "tls1_3" ],
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
"dgram" => [ "dtls", "sctp" ],
"sock" => [ "dgram" ],
"dtls" => [ @dtls ],
If all versions of a proto are disabled, disabled the proto as well For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls' Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2670)
6 years ago
sub { 0 == scalar grep { !$disabled{$_} } @dtls }
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
=> [ "dtls" ],
Refactor config - consolidate handling of disabled stuff It's time to refactor the handling of %disabled so that all information of value is in the same place. We have so far had a few cascading disable rules in form of code, far away from %disabled. Instead, bring that information to the array @disable_cascade, which is a list of pairs of the form 'test => descendents'. The test part can be a string, and it's simply checked if that string is a key in %disabled, or it can be a CODEref to do a more complex test. If the test comes true, then all descendents are disabled. This check is performed until there are no more things that need to be disabled. Also, $default_depflags is constructed from the information in %disabled instead of being a separate string. While a string of its own is visually appealing, it's much too easy to forget to update it when something is changed in %disabled. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years ago
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
"tls" => [ @tls ],
If all versions of a proto are disabled, disabled the proto as well For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls' Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2670)
6 years ago
sub { 0 == scalar grep { !$disabled{$_} } @tls }
Configure: untabify indentation The indentation in the Configure file is currently very strange when viewed in an editor with a tab width of four spaces, because it has mixed tab-and-whitespace indentation, which was apparently done with a tab width of eight spaces. This commit converts all tabs to spaces using expand(1) with default settings. To verify that there are only whitespace changes, use git show --ignore-space-change <this commit> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8492)
4 years ago
=> [ "tls" ],
Refactor config - consolidate handling of disabled stuff It's time to refactor the handling of %disabled so that all information of value is in the same place. We have so far had a few cascading disable rules in form of code, far away from %disabled. Instead, bring that information to the array @disable_cascade, which is a list of pairs of the form 'test => descendents'. The test part can be a string, and it's simply checked if that string is a key in %disabled, or it can be a CODEref to do a more complex test. If the test comes true, then all descendents are disabled. This check is performed until there are no more things that need to be disabled. Also, $default_depflags is constructed from the information in %disabled instead of being a separate string. While a string of its own is visually appealing, it's much too easy to forget to update it when something is changed in %disabled. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
8 years ago
Make the use of mdebug backtrace a separate option To force it on anyone using --strict-warnings was the wrong move, as this is an option best left to those who know what they're doing. Use with care! Reviewed-by: Andy Polyakov <appro@openssl.org>
7 years ago
"crypto-mdebug" => [ "crypto-mdebug-backtrace" ],
Build dynamic engines even if configured "no-shared" Until now, the engines in engines/ were only built as dynamicaly loadable ones if shared libraries were built. We not dissociate the two and can build dynamicaly loadable engines even if we only build static libcrypto and libssl. This is controlled with the option (enable|disable|no)-static-engine, defaulting to no-static-engine. Note that the engines in crypto/engine/ (dynamic and cryptodev) will always be built into libcrypto. Reviewed-by: Rich Salz <rsalz@openssl.org>
7 years ago
Configuration / build: make it possible to disable building of modules While we're at it, sort out inconsistencies with the build of modules: - not building shared libraries means not building dynamic engines. However, other modules may still be built. - not having DSO functionality doesn't mean not to build modules (even though we can't use them from apps linked with libraries that are built this way). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8623)
4 years ago
# If no modules, then no dynamic engines either
"module" => [ "dynamic-engine" ],
# Without shared libraries, dynamic engines aren't possible.
# This is due to them having to link with libcrypto and register features
# using the ENGINE functionality, and since that relies on global tables,
# those *have* to be exacty the same as the ones accessed from the app,
# which cannot be guaranteed if shared libraries aren't present.
# (note that even with shared libraries, both the app and dynamic engines
# must be linked with the same library)
Improve the Windows OneCore target support. (Add targets for building libraries for Windows Store apps.) Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8917)
4 years ago
"shared" => [ "dynamic-engine", "uplink" ],
Fix building statically without any dso support Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9895)
4 years ago
"dso" => [ "dynamic-engine", "module" ],
Configuration / build: make it possible to disable building of modules While we're at it, sort out inconsistencies with the build of modules: - not building shared libraries means not building dynamic engines. However, other modules may still be built. - not having DSO functionality doesn't mean not to build modules (even though we can't use them from apps linked with libraries that are built this way). Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/8623)
4 years ago
# Other modules don't necessarily have to link with libcrypto, so shared
# libraries do not have to be a condition to produce those.