Commit Graph

1259 Commits

Author SHA1 Message Date
Richard Levitte
2b6b606c7b Added build.info debugging capability to Configure
This is only enabled when the environment variable
CONFIGURE_DEBUG_BUILDINFO is defined.  This will cause every line in
every build.info file to be displayed, along with the content of the
skip stack before and after parsing.  This can be a very powerful tool
to see that all conditions are working as expected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-17 19:08:16 +01:00
Matt Caswell
68dc37c126 Disable AFALG when cross-compiling
We don't currently support cross-compiling of the afalg engine. However
we were failing to explicitly mark it as disabled during Configure leading
to a failed build.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-16 10:08:53 +00:00
Richard Levitte
3e19b07f14 static-engine is no longer an internal keyword, remove it from %disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-15 14:05:35 +01:00
Emilia Kasper
c91a0a8343 Disable afalg when engine is disabled.
Also make it possible to disable afalg separately.

we still need to update config again

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 17:03:53 +01:00
Richard Levitte
9f519addc0 Enforce the demand for Perl 5.10.0 as a minimum.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-14 11:21:35 +01:00
Richard Levitte
01d9997659 Fix a few Configure errors
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-14 11:21:35 +01:00
Bill Cox
2d0b441267 Add blake2 support.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Andy Polyakov
d0db7ee0b1 Configure: remove dependency on 'head'.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 15:26:55 +01:00
Richard Levitte
0069806128 Don't build dynamic engines unless configured "shared"
Experience has shown that dynamic engines with their own copy of
libcrypto is problematic, so we disable that possibility.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-11 12:58:15 +01:00
Richard Levitte
39affe19dc Configure - don't trust $1 to stick around, save its value away
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-03-10 20:13:01 +01:00
Richard Levitte
c5798e0eb5 Correct slight logic error in processing IF in build.info
This corrects a fault where the inner IF in this example was still
being acted upon:

  IF[0]
    ...whatever...
    IF[1]
      ...whatever more...
    ENDIF
  ENDIF

With this change, the inner IF is skipped over.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 23:58:44 +01:00
Richard Levitte
c471884996 Comment away the extra checks in Configure
The "extra checks" is a debugging tool to check the config resolving
mechanism.  It uses Perl's smart match, which is experimental and
therefore always causes Perl to give out a warning, and it causes
older Perl versions to fail entirely.

So, it gets commented away, but stays otherwise in place, as it may be
useful again.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 17:59:14 +01:00
Richard Levitte
635bd409b3 In build.info, an IF within a clause that's skipped over shouldn't apply
If we find an IF within a clause that's skipped over, set it to be
skipped as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 14:53:30 +01:00
Matt Caswell
2e52e7df51 Remove the old threading API
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.

There is now no longer a need to set locking callbacks!!

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 12:41:39 +00:00
Richard Levitte
79fff39d71 Don't check the conditions to build e_afalg if configured "no-engine"
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 12:51:07 +01:00
Richard Levitte
63ee7129f1 Have Configure display the value of SHARED_CFLAG
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 12:33:23 +01:00
Richard Levitte
30752dd7df Check gcc version to see if it supports -MM and friends
According to manuals found here: https://gcc.gnu.org/onlinedocs/, GNU
C version 3 and on support the dependency generation options.  We
therefore need to check the gcc version to see if we're going to use
it or makedepend for dependency generation.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 12:09:30 +01:00
Richard Levitte
09aa263a14 Add the configure option 'no-makedepend'
If no makedepend program or equaly capable compiler is present,
'makedepend' gets disabled automatically.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 01:57:52 +01:00
Richard Levitte
dc3365f729 Add the Configure option --classic, to fall back on classic build schemes
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-08 10:48:25 +01:00
Richard Levitte
39b25ee244 Revert "unified build scheme: Try to nudge users to try the "unified" build"
This reverts commit 242ffb05a2.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-08 10:48:25 +01:00
Matt Caswell
fa22f98f19 Fix building without multiblock support
Not all platforms support multiblock. Building without it fails prior to
this fix.

RT#4396

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-08 08:52:45 +00:00
Richard Levitte
8a67946e5b Unified - Add the build.info command OVERRIDE, to avoid build file clashes
Should it be needed because the recipes within a RAW section might
clash with those generated by Configure, it's possible to tell it
not to generate them with the use of OVERRIDES, for example:

    SOURCE[libfoo]=foo.c bar.c

    OVERRIDES=bar.o
    BEGINRAW[Makefile(unix)]
    bar.o: bar.c
        $(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
    ENDRAW[Makefile(unix)]

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 18:25:56 +01:00
Richard Levitte
ae4c745075 Unified - Add the build.info command GENERATE, to generate source files
In some cases, one might want to generate some source files from
others, that's done as follows:

    GENERATE[foo.s]=asm/something.pl $(CFLAGS)
    GENERATE[bar.s]=asm/bar.S

The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except the the first
item muct be the generator file.  It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 18:25:56 +01:00
Matt Caswell
8da00a38cd Misc afalg build fixes
Misc afalg build fixes as suggested by Richard Levitte for the latest
Configure changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 13:36:17 +00:00
clucey
6cba4a6661 Rework based on feedback:
1. Cleaned up eventfd handling
2. Reworked socket setup code to allow other algorithms to be added in
   future
3. Fixed compile errors for static build
4. Added error to error stack in all cases of ALG_PERR/ALG_ERR
5. Called afalg_aes_128_cbc() from bind() to avoid race conditions
6. Used MAX_INFLIGHT define in io_getevents system call
7. Coding style fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
clucey
7f458a48ff ALG: Add AFALG engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
Richard Levitte
6928b6171a Change names of ordinals and libs, libeay => libcrypto and ssleay => libssl
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-05 09:02:33 +01:00
Kurt Roeckx
9829b5ab52 Disable SSLv3 by default
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Kasper <emilia@openssl.org>

MR: #2203
2016-03-04 18:48:06 +01:00
Matt Caswell
8b1a5af389 Don't build RC4 ciphersuites into libssl by default
RC4 based ciphersuites in libssl have been disabled by default. They can
be added back by building OpenSSL with the "enable-weak-ssl-ciphers"
Configure option at compile time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:04:06 +00:00
Richard Levitte
25004db793 Restore the zlib / zlib-dynamic logic
The proper logic is that both zlib and zlib-dynamic are disabled by
default and that enabling zlib-dynamic would enable zlib.  Somewhere
along the way, the logic got changed, zlib-dynamic was enabled by
default and zlib didn't get automatically enabled.

This change restores the original logic.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 05:22:22 +01:00
Richard Levitte
2952b9b811 Don't copy from %target to %config so much, see %config as a complement
We copied $target{cflags}, $target{defines} and a few more to %config,
just to add to the entries.  Avoid doing so, and let the build templates
deal with combining the two.

There are a few cases where we still fiddle with %target, but that's
acceptable.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
9c62a279fe Configure - Get rid of the special thread_cflag, replace with thread_scheme
The thread_cflag setting filled a double role, as kinda sorta an
indicator of thread scheme, and as cflags.  Some configs also added
lflags and ex_libs for multithreading regardless of if threading would
be enabled or not.

Instead of this, add threading cflags among in the cflag setting,
threading lflags in the lflag setting and so on if and only if threads
are enabled (which they are by default).

Also, for configs where there are no special cflags for threading (the
VMS configs are of that kind), this makes it possible to still clearly
mention what thread scheme is used.

The exact value of thread scheme is currently ignored except when it's
"(unknown)", and thereby only serves as a flag to tell if we know how
to build for multi-threading in a particular config.  Yet, the
currently used values are "(unknown)", "pthreads", "uithreads" (a.k.a
solaris threads) and "winthreads".

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
8864f0de7b Configure - get rid of the special debug_ and release_ settings
Instead, make the build type ("debug" or "release") available through
$config{build_type} and let the configs themselves figure out what the
usual settings (such as "cflags", "lflags" and so on) should be
accordingly.

The benefit with this is that we can now have debug and release
variants of any setting, not just those Configure supports, and may
also involve other factors (the MSVC flags /MD[d] and /MT[d] involve
both build type and whether threading is enabled or not)

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
940a09bad4 Minimize copied config settings
$target{lflags} and $target{plib_flag} were copied to %config for no
good reason.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
98fdbce091 Configure - move the addition of the zlib / libz lib to configs
Configure had the Unix centric addition of -lz when linking with zlib
is enabled, which doesn't work on other platforms.  Therefore, we move
it to the BASE_unix config template and add corresponding ones in the
other BASE_* config templates.  The Windows one is probably incomplete,
but that doesn't matter for the moment, as mk1mf does it's own thing
anyway.

This required making the %withargs table global, so perl snippets in
the configs can use it.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
d2b2221a04 Configure - Rename BASE to DEFAULTS and add a few inheritable BASEs
These BASE templates are intended to hold values that are common for
all configuration variants for whole families of configurations.

So far, three "families" are identified: Unix, Windows and VMS, mostly
characterised by the build system they currently use.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
b0b92a5bb5 Configure - Allow CODErefs and ARRAYrefs in configuration setting arrays
This provides for more powerful lazy evaluation and buildup of the
setting contents.  For example, something like this becomes possible:

    defines => [ sub { $config{thisorthat} ? "FOO" : () } ]

Any undefined result of such functions (such as 'undef' or the empty
list) will be ignored.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
b0a1e8bf3e Configure - make the use of environment variables for overrides consistent
We allow some commands to be overriden, but didn't handle that in a
consistent manner.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 14:46:03 +01:00
Richard Levitte
b756967d28 Make uplink auxiliary source separate from cpuid source
There are cases, for example when configuring no-asm, that the added
uplink source files got in the way of the cpuid ones.  The best way to
solve this is to separate the two.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 14:45:02 +01:00
Richard Levitte
2e0956ba6d Unified - have configdata.pm depend on a few more things
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-01 06:39:16 +01:00
Richard Levitte
e5ed5f6a59 Remove last remains of old config strings
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-27 21:32:24 +01:00
Richard Levitte
79302211cc Apply default after having checked the given config target is valid
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-27 14:27:25 +01:00
Richard Levitte
cb212f239a Make the table entry printer in Configure aware of ARRAYs
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 17:38:39 +01:00
Richard Levitte
a26d8be953 Forgotten change of add() call in Configure
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-26 16:05:41 +01:00
Richard Levitte
bdcd83e127 Configure - neater looking add() and add_before()
They now default to " " as separator, but that can be overridden by
having a hash with parameters as last argument.  The only currently
recognised parameter is `separator'.

The special separator `undef' will force the result to become a list
rather than a concatenated string.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-26 09:00:25 +01:00
Richard Levitte
4f16039efe Add OPENSSL_PIC back
In the earlier change, where static libraries get built with position
independent code, OPENSSL_PIC was removed by mistake.  This adds it
back.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-22 20:41:42 +01:00
Rich Salz
a773b52a61 Remove unused parameters from internal functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-22 13:39:44 -05:00
Richard Levitte
58163021e2 The build files use %disabled, make sure to pass it to them
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 19:26:49 +01:00
Matt Caswell
316fae2a94 Partial revert of 1288f26 and fix for no-async
The commit 1288f26 says that it fixes no-async, but instead seems to break
it. Therefore revert that change and fix no-async.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:48:09 +00:00
Richard Levitte
721f9058b3 Clean away $no_dso since with have $disabled{dso}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:37:46 +01:00
Richard Levitte
00b0d6632b Clean away $no_asm since with have $disabled{asm}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:37:46 +01:00
Richard Levitte
93e3d3f3ff Clean away $no_rfc3779 since we don't appear to use it at all
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:37:46 +01:00
Richard Levitte
36a3090904 Clean away $zlib since with have $disabled{zlib}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:37:46 +01:00
Richard Levitte
22bfe05efd Clean away $no_threads since we have $disabled{threads}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:36:58 +01:00
Richard Levitte
84af1bae68 Clean away $config{no_shared} since we have $disabled{shared}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:36:58 +01:00
Richard Levitte
9e04edf2f3 Expose %disables to the perl fragments in build.info files.
This way, we can use them as conditions instead of relying to more or
less obscure aliases in %config or variables directly in Configure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:33:55 +01:00
Richard Levitte
45b71abe70 Fix a few typos
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:10:33 +01:00
Richard Levitte
e80381e1a3 Get back "ssl2" as a deprecated disablable option
Preserved for now for those who have scripts with the option
"no-ssl2".  We warn that it's deprecated, and ignore it otherwise.

In response to RT#4330

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 15:42:15 +01:00
Richard Levitte
ae48242c81 Introduce the "pic" / "no-pic" config option
Building shared libraries or not is not the same as building position
independent code or not.  It's true that if you don't build PIC, you
can't build shared libraries.  However, you may very well want to
build only static libraries but still want PIC code.

Therefore, we introduce a new configuration option "pic", which is
enabled by default or explicitely with "enable-pic", or disabled with
"no-pic" or "disable-pic".  Of course, if "pic" is disabled, "shared"
and "dynamic-engine" are automatically disabled as well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 14:38:31 +01:00
Richard Levitte
19ab579060 Use $disabled{"dynamic-engine"} internally
We were kinda sorta using a mix of $disabled{"static-engine" and
$disabled{"dynamic-engine"} in Configure.  Let's avoid confusion,
choose one of them and stick to it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 14:38:31 +01:00
Richard Levitte
343ec2b083 Build dynamic engines even if configured "no-shared"
Until now, the engines in engines/ were only built as dynamicaly
loadable ones if shared libraries were built.

We not dissociate the two and can build dynamicaly loadable engines
even if we only build static libcrypto and libssl.  This is controlled
with the option (enable|disable|no)-static-engine, defaulting to
no-static-engine.

Note that the engines in crypto/engine/ (dynamic and cryptodev) will
always be built into libcrypto.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-20 16:51:31 +01:00
Richard Levitte
45502bfe19 Always build library object files with shared library cflags
This takes us away from the idea that we know exactly how our static
libraries are going to get used.  Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.

On the other hand, we also have greater control of when the shared
library cflags.  They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.

With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-20 16:51:31 +01:00
Richard Levitte
f99f91f121 Misc small fixes.
Better libclean that removes the exact files that have been built,
nothing more and nothing less.

Corrected typo

A couple of editorial changes.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-19 11:52:15 +01:00
Richard Levitte
e987f9f271 Let Configure figure out the diverse shared library and DSO extensions
Then it can pass around the information where it belongs.  The
Makefile templates pick it up along with other target data, the
DSO module gets to pick up the information through
crypto/include/internal/dso_conf.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-19 11:51:23 +01:00
Richard Levitte
3a55c92bba Rethink the uplink / applink story
Adding uplink and applink to some builds was done by "magic", the
configuration for "mingw" only had a macro definition, the Configure
would react to its presence by adding the uplink source files to
cpuid_asm_src, and crypto/build.info inherited dance to get it
compiled, and Makefile.shared made sure applink.o would be
appropriately linked in.  That was a lot under the hood.

To replace this, we create a few template configurations in
Configurations/00-base-templates.conf, inherit one of them in the
"mingw" configuration, the rest is just about refering to the
$target{apps_aux_src} / $target{apps_obj} in the right places.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-19 11:06:54 +01:00
Richard Levitte
ce192ebed0 Remove all special make depend flags, as well as OPENSSL_DOING_MAKEDEPEND
All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was.  Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-18 23:43:09 +01:00
Rich Salz
d63a5e5e7d Remove outdated DEBUG flags.
Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
  DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
  RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-18 17:14:50 -05:00
Rich Salz
e4ef2e25f1 Remove "experimental" in code and comments, too.
Thanks to Viktor for additional review.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-17 21:12:30 -05:00
Richard Levitte
4277cf9091 Get conditional priorities right
"or" has lower priority than "||" and works better to have Perl less
confused.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-17 22:23:09 +01:00
David Woodhouse
02f7114a7f RT3628: Allow filenames to be eliminated from compiled library
Although I explicitly don't care about the tinfoil-hat reason given in
the initial opening of RT#3628, that "paths usually contain private
information", there *are* situations where it's useful to eliminate the
filenames from the compiled binary.

The two reasons we do care about in the context of firmware such as EDK2
are that it allows for a smaller footprint, and it is also a necessary
component of a binary-reproducible build.

To that end, introduce OPENSSL_FILE and OPENSSL_LINE macros, defining
them to __FILE__ and __LINE__ respectively in the normal case, but to
"" and 0 when OPENSSL_NO_FILENAMES is set.

This is mostly a naïve invocation of
 $ sed 's/__\([FL]I[NL]E\)__/OPENSSL_\1/g' -i `git grep -l __LINE__`
but with a few instances change to just print the function name instead
(although those probably need to die anyway) and test cases left untouched.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 14:19:46 -05:00
Richard Levitte
95b2ebdf99 When someone configures an out-of-source build, switch to unified
For example, this works instead of giving a big error message (note
the lack of '--unified'):

    mkdir ../_build
    (cd ../_build/; ../openssl-src/config; make)

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-17 20:09:33 +01:00
Richard Levitte
d918f9cb2d Fix check of -DOPENSSL_USE_APPLINK in $config{cflags}
The previous fix wasn't right.

Also, change all (^|\s) and (\s|$) constructs to (?:^|\s) and (?:\s|$).
Perl seems to like that better.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-17 20:07:06 +01:00
Rich Salz
1288f26fb9 RT4310: Fix varous no-XXX builds
When OPENSSL_NO_ASYNC is set, make ASYNC_{un,}block_pause() do nothing.
This prevents md_rand.c from failing to build. Probably better to do it
this way than to wrap every instance in an explicit #ifdef.

A bunch of new socket code got added to a new file crypto/bio/b_addr.c.
Make it all go away if OPENSSL_NO_SOCK is defined.

Allow configuration with no-ripemd, no-ts, no-ui
We use these for the UEFI build.

Also remove the 'Really???' comment from no-err and no-locking. We use
those too.

We need to drop the crypto/engine directory from the build too, and also
set OPENSSL_NO_ENGINE

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-17 13:33:51 -05:00
Rich Salz
dba3177745 Remove JPAKE
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-17 09:46:10 -05:00
Richard Levitte
432c7a50f2 Check for OPENSSL_USE_APPLINK in $config{cflags} as well
Macro definitions "should" be found in $config{defines}, but some
configs haven't transfered macro definitions from their 'cflags'
settings (which isn't mandatory anyway), so check both places.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-16 16:49:29 +01:00
Richard Levitte
a583fc45fa Don't check for gcc or clang on VMS
This check is meaningless on VMS and only produce an error because the
underlying shell (DCL) doesn't understand sh syntax such as '2>&1'.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-16 16:23:47 +01:00
Richard Levitte
7c55e22c69 Lowercase configuration arguments on VMS
Depending on user preferences, Configure might get something like
--PREFIX=blah just as well as --prefix=blah, or "SHARED" just as well
as "shared".  On VMS, let's therefore lowercase at least the portion
of the argument before a possible equal sign.

For good measure, we lowercase the arguments to be checked in
config.com as well.  The original argument is sent on to Configure,
however.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-16 16:10:06 +01:00
Richard Levitte
ef8ca6bd54 Make the use of mdebug backtrace a separate option
To force it on anyone using --strict-warnings was the wrong move, as
this is an option best left to those who know what they're doing.

Use with care!

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-14 17:22:42 +01:00
Rich Salz
8bccbce52a Reformat warn variables for easier editing.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-13 12:39:24 -05:00
Richard Levitte
63994098d5 Rethink the method to place user cflags last
The previous method had some unfortunate consequences with
--strict-warnings.  To counteract, revert part of the previous change
and move down the block of code that adds the user cflags and defines.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-13 14:06:40 +01:00
Richard Levitte
3c65577f1a Rename INSTALL_PREFIX to DESTDIR, remove option --install_prefix
INSTALL_PREFIX is a confusing name, as there's also --prefix.
Instead, tag along with the rest of the open source world and adopt
the Makefile variable DESTDIR to designate the desired staging
directory.

The Configure option --install_prefix is removed, the only way to
designate a staging directory is with the Makefile variable (this is
also implemented for VMS' descrip.mms et al).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-12 21:54:07 +01:00
Rich Salz
2b91ec7575 Put user flags last for priority.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-12 15:42:33 -05:00
Richard Levitte
04f171c096 Remove last chomps
In the previous commit to change all chomp to a more flexible regexp,
Configure was forgotten.  This completes the change.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-12 13:04:32 +01:00
Rich Salz
22e3dcb780 Remove TLS heartbeat, disable DTLS heartbeat
To enable heartbeats for DTLS, configure with enable-heartbeats.
Heartbeats for TLS have been completely removed.

This addresses RT 3647

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:57:26 -05:00
Rich Salz
f3f1cf8444 Move to REF_DEBUG, for consistency.
Add utility macros REF_ASSERT_NOT and REF_PRINT_COUNT
This is also RT 4181

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-11 12:40:32 -05:00
Richard Levitte
64c443e3f0 Add support for shared_rcflag, useful for windres (Cygwin and Mingw)
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 16:50:01 +01:00
Richard Levitte
68ab559a50 Modernise the mingw cflags and ldflags
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 16:50:01 +01:00
Richard Levitte
e737d7b197 Unified build: Keep track of generated header files
If someone runs a mixed unixmake / unified environment (the unified
build tree would obviously be out of the source tree), the unified
build will pick up on the unixmake crypto/buildinf.h because of
assumptions made around this sort of declaration (found in
crypto/build.info):

    DEPENDS[cversion.o]=buildinf.h

The assumption was that if such a header could be found in the source
tree, that was the one to depend on, otherwise it would assume it
should be in the build tree.

This change makes sure that sort of mix-up won't happen again.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 16:48:32 +01:00
Richard Levitte
d20bb611d9 Remove the "make depend" message
It's not necessary for a pristine source, and a developer that makes
changes usually knows what to do.

Also, there was this mechanism that would do a "make depend"
automatically which hasn't been used for so many years.  Removed as
well.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-11 16:47:36 +01:00
Richard Levitte
f4a748a17d Produce buildinf.h on Windows the same way as on Unix
Because ENGINESDIR and OPENSSLDIR typically contains backslashes, they
need to be escaped just right.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 19:36:48 +01:00
Richard Levitte
242ffb05a2 unified build scheme: Try to nudge users to try the "unified" build
This commit SHALL be reverted before final release.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:36:04 +01:00
Richard Levitte
5482dac9f4 Configure et al: move the installation directory logic to Makefiles
The logic to figure out the combinations of --prefix and --openssldir
has stayed in Configure so far, with Unix paths as defaults.

However, since we're making Configure increasingly platform agnostic,
these defaults need to change and adapt to the platform, along with
the logic to combine them.

The easiest to provide for this is to move the logic and the defaults
away from Configure and into the build files.

This also means that the definition of the macros ENGINESDIR and
OPENSSLDIR move away from include/openssl/opensslconf.h and into the
build files.

Makefile.in is adapted accordingly.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:34:06 +01:00
Richard Levitte
bcb1977b7f Configure et al: treat C defines separately
With some compilers, C macros are defined differently on the command
line than on Unix.  It could be that the flad to define them isn't -D,
it could also be that they need to be grouped together and not be mixed
in with the other compiler flags (that's how it's done on VMS, for
example).

On Unix family platform configurations, we can continue to have macro
definitions mixed in with the rest of the flags, so the changes in
Configurations/*.conf are kept to an absolute minimum.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 14:34:06 +01:00
Rich Salz
7984f082d5 Remove store.
Rebased and merged by me, with Ben's approval.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Laurie <ben@openssl.org>
2016-02-10 07:56:26 -05:00
Richard Levitte
2e963849b7 Make the processing of build.info files more aware of absolute dirs
There were cases where some input was absolute, and concatenating it
to the diretory to the source or build top could fail spectacularly.
Let's check the input first to see if it's absolute.

And while we're on the subject of checking if a file or dir spec is
absolute using file_name_is_absolute() has its own quirks on VMS,
where a logical name is considered absolute under most circumstances.
This is perfectly correct from a VMS point of view, but when parsing
the build.info files, we want single word file or directory names to
only be checked syntactically.  A function isabsolute() that does the
right thing is the solution.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-10 05:09:39 +01:00
Mat
7839b735d8 GH649: Fix: version32.rc was not created on Windows
version32.rc was not created on Windows. The if condition has been corrected.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-09 17:51:22 -05:00
Matt Caswell
498abff0ae Add an OPENSSL_NO_AUTOERRINIT option
This option disables automatic loading of the crypto/ssl error strings in
order to keep statically linked executable file size down

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Matt Caswell
b184e3ef73 Provide framework for auto initialise/deinitialise of the library
This commit provides the basis and core code for an auto initialisation
and deinitialisation framework for libcrypto and libssl. The intention is
to remove the need (in many circumstances) to call explicit initialise and
deinitialise functions. Explicit initialisation will still be an option,
and if non-default initialisation is needed then it will be required.
Similarly for de-initialisation (although this will be a lot easier since
it will bring all de-initialisation into a single function).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Richard Levitte
ec182ef044 Use rel2abs() on VMS, rather than realpath()
It seems realpath() is quite buggy on VMS, or will at least give quite
surprising results.  On the other hand, realpath() is the better on
Unix to clean out clutter like foo/../bar on Unix.

So we make out own function to get the absolute directory for a given
input, and use rel2abs() or realpath() depending on the platform
Configure runs on.

Issue reported by Steven M. Schweda <sms@antinode.info>

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-09 13:14:33 +01:00
Richard Levitte
ddf1847dc8 unified build scheme: add and document the "unified" driving engine
common.tmpl will be used together with the template build file, and is
the engine that connects the information gathered from all the
build.info files with making the build file itself.

This file expects there to be a template section in the build file
template that defines a number perl functions designed to return
strings with appropriate lines for the build system at hand.  The
exact functions, what they can expect as arguments and what output
they're expected to produce is documented in Configurations/README.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-02-09 01:25:00 +01:00
Richard Levitte
dca99383c2 Use File::Path::mkpath rather than File::Path::make_path
File::Path::make_path didn't show up before File::Path 2.06 / perl v5.10.1.
Because we're trying to stay compatible with perl v5.10.0 and up,
it's better to use the legacy interface.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-08 17:03:37 +01:00
Richard Levitte
c86ddbe613 Enhance and clear the support of linker flags
Some time ago, we had a ex_libs configuration setting that could be
divided into lflags and ex_libs.  These got divided in two settings,
lflags and ex_libs, and the former was interpreted to be general
linking flags.

Unfortunately, that conclusion wasn't entirely accurate.  Most of
those linking were meant to end up in a very precise position on the
linking command line, just before the spec of libraries the linking
depends on.

Back to the drawing board, we're diving things further, now having
lflags, which are linking flags that aren't depending on command line
position, plib_lflags, which are linking flags that should show up just
before the spec of libraries to depend on, and finally ex_libs, which
is the spec of extra libraries to depend on.

Also, documentation is changed in Configurations/README.  This was
previously forgotten.

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-02-06 17:57:19 +01:00
Todd Short
52739e40cc Add option to disable async
Add no-async option to Configure that forces ASYNC_NULL.
Related to RT1979
An embedded system or replacement C library (e.g. musl or uClibc)
may not support the *context APIs that are needed for async operation.

Compiles with musl. Ran unit tests, async tests skipped as expected.

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-04 12:07:50 -05:00
Richard Levitte
b31feae6de If egd is disabled by default, it should be possible to enable
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-04 16:46:37 +01:00
Michael Lee
20a5819f13 [Configure] Make --with-zlib-* work with configdata.pm
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-03 18:23:08 +01:00
Richard Levitte
85152ca4a1 Use a simpler method to build a glob than splitpath and catpath
It turns out that the combination splitpath() could return an empty
string for the directory part.  This doesn't play well with catdir().

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-02 20:07:44 +01:00
Rich Salz
f1f07a2367 Better check for gcc/clang
Iteratively improved with Richard and Andy.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-01 09:42:10 -05:00
Richard Levitte
9fe2bb77c4 unified build scheme: a first introduction
The "unified" build scheme revolves around small information files,
build.info, which each describe their own bit of everything that needs
to be built, using a mini-language described in Configurations/README.

The information in build.info file contain references to source files
and final result.  Object files are not mentioned at all, they are
simply from source files.  Because of this, all the *_obj items in
Configurations/*.conf are renamed to *_asm_src and the files listed
in the values are change from object files to their corresponding
source files.  For the sake of the other build schemes, Configure
generates corresponding *_obj entries in %target.

Furthermore, the "unified" build scheme supports having a build
directory tree separate from the source directry tree.

All paths in a build.info file is assumed to be relative to its
location, either within the source tree or within the build tree.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-01 12:46:58 +01:00
Andy Polyakov
46d4d86577 Configure: restore original logic for -DWHIRLPOOL_ASM.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-31 22:43:29 +01:00
Richard Levitte
0e87e05816 Remove the extra checks for Intel's C compiler
When the target is {something}-icc, we're doing some extra checks of
the icc compiler.  However, all such targets were cleaned away in
March 2015, so this Configure section is dead code.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-31 19:51:33 +01:00
Richard Levitte
fb36ca1290 Don't go into dotted directories when copying Makefile.in to Makefile
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-31 12:49:36 +01:00
Rich Salz
94af0cd7f3 Move more BN internals to bn_lcl.h
There was an unused macro in ssl_locl.h that used an internal
type, so I removed it.
Move bio_st from bio.h to ossl_type.h

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-30 16:54:35 -05:00
Richard Levitte
421e30ec67 Configure: Clarify the handling of $thread_cflags
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-30 07:53:02 +01:00
Rich Salz
826e9e5446 Missed rc2_int from before.
Also remove $Makefile variable :)

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-29 17:22:38 -05:00
Rich Salz
ced2c2c598 Templatize util/domd
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-29 16:56:07 -05:00
Richard Levitte
1740c16265 Configure et al: split up the lflags configuration item into two
The lflags configuration had a weird syntax with a % as separator.  If
it was present, whatever came before ended up as PEX_LIBS in Makefile
(usually, this is LDFLAGS), while whatever came after ended up as
EX_LIBS.

This change splits that item into lflags and ex_libs, making their use
more explicit.

Also, PEX_LIBS in all the Makefiles are renamed to LDFLAGS.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-29 18:36:57 +01:00
Richard Levitte
f8206c8e24 Revert "Don't replace cflags with thread_cflags, only append the latter"
This reverts commit a450326ee0.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-29 18:00:45 +01:00
Richard Levitte
a450326ee0 Don't replace cflags with thread_cflags, only append the latter
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-29 17:32:31 +01:00
Rich Salz
a01dab9462 Remove x86_gcc_des,x86_gcc_opts
This is a followin from !1738, we no longer need those variables.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-29 10:30:57 -05:00
Rich Salz
78d6a74a6c Missed part of b4f35e
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-28 13:40:33 -05:00
Rich Salz
b4f35e5e07 Remove EIGHT_BIT and SIXTEEN_BIT
Also cleaned up bn_prime.pl to current coding style.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-27 19:10:13 -05:00
Rich Salz
3e9e810f2e Remove outdated legacy crypto options
Many options for supporting optimizations for legacy crypto on legacy
platforms have been removed.  This simplifies the source code and
does not really penalize anyone.
        DES_PTR (always on)
        DES_RISC1, DES_RISC2 (always off)
        DES_INT (always 'unsigned int')
        DES_UNROLL (always on)
        BF_PTR (always on) BF_PTR2 (removed)
        MD2_CHAR, MD2_LONG (always 'unsigned char')
        IDEA_SHORT, IDEA_LONG (always 'unsigned int')
        RC2_SHORT, RC2_LONG (always 'unsigned int')
        RC4_LONG (only int and char (for assembler) are supported)
        RC4_CHUNK (always long), RC_CHUNK_LL (removed)
        RC4_INDEX (always on)
And also make D_ENCRYPT macro more clear (@appro)

This is done in consultation with Andy.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-01-27 19:05:50 -05:00
Richard Levitte
8ed40b83ec Fix check of what makedepprog should be
A mistake was made and the setting of this config variable got
reverted to an older behavior.  This restores the latest.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-01-27 19:03:13 +01:00
Richard Levitte
97ad487029 SHARED_LIBS_LINK_EXTS is no longer used, remove it completely
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-26 19:48:36 +01:00
Richard Levitte
96d2d7bc71 Use Configure's @disablables and %disabled through configdata.pm
Enhances the routines in OpenSSL::Test::Utils for checking disabled
stuff to get their information directly from Configure instead of
'openssl list -disabled'.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-26 09:53:36 +01:00
Richard Levitte
f0bd468675 Small cleanups in Configure
- Small rearrangement of the TABLE and HASH printouts, and adding
  printout of the "build_scheme" item
- Renamed "engines_obj" to "padlock_obj"
- Moved the runs of dofile down...  it didn't quite make sense to have
  that in the middle of a printout

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 21:51:22 +01:00
Richard Levitte
9ab6fc5936 Generate warning text
Now that we're using templates, we should warn people not to edit the
resulting file.  We do it through util/dofile.pl, which is enhanced
with an option to tell what file it was called from.  We also change
the calls so the template files are on the command line instead of
being redirected through standard input.  That way, we can display
something like this (example taken from include/openssl/opensslconf.h):

    /* WARNING: do not edit! */
    /* Generated by Configure from include/openssl/opensslconf.h.in */

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 21:19:59 +01:00
Richard Levitte
52cdc9970d Misc fixups
The goal is Makefile, not Makefile.new
Remove the second generation of opensslconf.h

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 20:36:43 +01:00
Richard Levitte
971a725be4 Revert merge error
There are two versions of print_table_entry() in Configure.  Remove
the older.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 20:18:22 +01:00
Richard Levitte
9e4d6fbf3d Remove GOST again
The config for the removed GOST engine reappeared by mistake.  Now
removed again.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-25 19:07:11 +01:00
Richard Levitte
107b5792b2 Refactor file writing - Remake Makefile.org into a template
It is time for Makefile.org to fold into the new regime and have a run
through util/dofile.pl.  This forces some information out of there and
into Configure, which isn't a bad thing, it makes Configure
increasingly the center of build information, which is as it should
be.

A few extra defaults were needed in the BASE template to get rid of
warnings about missing values.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-25 19:07:11 +01:00
Richard Levitte
83365051f5 Make tests use configdata.pm rather than parsing Makefile
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-25 17:53:55 +01:00
Rich Salz
dc193c9c5e Move & split opensslconf.h.in
Move opensslconf.h.in to include/openssl.
Split off DES,BN,RC4 stuff into separate header file
templates in crypto/include/internal/*_conf.h.in

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-25 09:44:08 -05:00
Richard Levitte
642a613809 Refactor file writing - make configdata.pm the info center for "reconf"
Now that configdata.pm is the centre of information, use that instead
of Makefile to figure out reconfiguration parameters.  This will help
future development with different Makefile file names.

The code to read necessary configuration data from Makefile is retained
for an easy transition to configdata.pm based information gathering.  It
will be removed later on.

This change includes moving the variable $cross_compile_prefix to %config.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-23 22:43:20 +01:00
Ben Laurie
b427401cb6 Disable jpake if psk is disabled.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-23 09:45:42 +00:00
Richard Levitte
7d130f68fc Refactor file writing - rewrite crypto/opensslconf.h.in as template
The turn has come to have crypto/opensslconf.h.in get run through
util/dofile.pl.  The consequence is that a large number of variables
get moved to the %config table.

Also, the string variables $openssl_*, which were populated with cpp
lines, all being of the form "#define SOMETHING", were converted into
ARRAY refs in %config values, containing just the list of macros to be
defined.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-23 09:37:39 +01:00
Richard Levitte
3fa04f0d72 Refactor file writing - Adapt util/mkdef.pl to use configdata.pm
For this adaptation, the variables $options and $version needed to
move to %config in Configure, and why not move all other variables
holding diverse version numbers at the same time?

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-22 23:21:30 +01:00
Richard Levitte
291e94df90 Refactor file writing - introduce template driven file writing
apps/CA.pl and tools/c_rehash are built from template files.  So far,
this was done by Configure, which created its own problems as it
forced everyone to reconfigure just because one of the template files
had changed.
Instead, have those files created as part of the normal build in apps/
and in tools/.

Furthermore, this prepares for a future where Configure may produce
entirely other build files than Makefile, and the latter can't be
guaranteed to be the holder of all information for other scripts.
Instead, configdata.pm (described below) becomes the center of
configuration information.

This introduces a few new things:

%config         a hash table to hold all kinds of configuration data
                that can be used by any other script.
configdata.pm   a perl module that Configure writes.  It currently
                holds the hash tables %config and %target.
util/dofile.pl  a script that takes a template on STDIN and outputs
                the result after applying configuration data on it.
                It's supposed to be called like this:

                        perl -I$(TOP) -Mconfigdata < template > result

                or

                        perl -I$(TOP) -Mconfigdata templ1 templ2 ... > result

                Note: util/dofile.pl requires Text::Template.

As part of this changed, remove a number of variables that are really
just copies of entries in %target, and use %target directly.  The
exceptions are $target{cflags} and $target{lflags}, they do get copied
to $cflags and $lflags.  The reason for this is that those variable
potentially go through a lot of changes and would rather deserve a
place in %config.  That, however, is for another commit.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-22 23:12:22 +01:00
Richard Levitte
00ae96caf7 Refactor config - consolidate and refresh print_table_entry
It's time for print_table_entry to get a bit of refreshment.  The way it
was put together, we needed to maintain the list of known configuration
keys of interest twice, in different shapes.  This is error prone, so
move the list of strings to a common list for all printing cases, and
use simple formatting of lines to do the actual printout based on that
list.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-22 23:10:34 +01:00
Richard Levitte
88087414de Refactor config - @MK1MF_Builds out, general build scheme in
Time to get rid of @MK1MF_Builds and introduce a more flexible
'build_scheme' configuration key.  Its value may be a string or an
array of strings, meaning we need to teach resolve_config how to
handle ARRAY referenses.

The build scheme is a word that selects a function to create the
appropriate result files for a certain configuration.  Currently valid
build schemes aer "mk1mf" and "unixmake", the plan is however to add
at least one other for a more universal build scheme.

Incidently, this also adds the functions 'add' and 'add_before', which
can be used in a configuration, so instead of having to repeatedly
write a sub like this:

	key1 => sub { join(" ", @_, "myvalues"); },
	key2 => sub { join(" ", "myvalues", @_); },

one could write this:

	key1 => add(" ", "myvalues"),
	key2 => add_before(" ", "myvalues"),

The good point with 'add' and 'add_before' is that they handle
inheritances where the values are a misture of scalars and ARRAYs.  If
there are any ARRAY to be found, the resulting value will be an ARRAY,
otherwise it will be a scalar with all the incoming valued joined
together with the separator given as first argument to add/add_before.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-22 00:58:56 +01:00
Richard Levitte
9e0724a180 Refactor config - move templates and template docs to Configurations
Move the documentation of the target configuration form to
Configurations/README.

Move initial assembler object templates to
Configurations/00-BASE-templates.conf.

Furthermore, remove all variables containing the names of the
non-assembler object files and make a BASE template of them instead.
The  values from this templates are used as defaults as is.  The
remaining manipulation of data when assembler modules are used is done
only when $no_asm is false.

While doing this, clean out some other related variables that aren't
used anywhere.

Also, we had to move the resolution of the chosen target a bit, or the
function 'asm' would never catch a true $no_asm...  this hasn't
mattered before we've moved it all to the BASE template, but now it
does.

At the same time, add the default for the 'unistd' key to the BASE
template.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-22 00:55:44 +01:00
Richard Levitte
d74dfafd8b Refresh the thinking of --prefix and --openssldir
--prefix is now exclusively used for software and manual installation.
--openssldir is not exclusively used as a default location for certs,
keys and the default openssl.cnf.

This change is made to bring clarity, to have the two less
intertwined, and to be more compatible with the usual ways of software
installation.

Please change your habits and scripts to use --prefix rather than
--openssldir for installation location now.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-22 00:52:31 +01:00
Richard Levitte
7fccf05d26 Refactor config - throw away the last remains of '--test-sanity'
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-21 07:04:47 +01:00
Richard Levitte
c569e206d2 Refactor config - consolidate handling of disabled stuff
It's time to refactor the handling of %disabled so that all
information of value is in the same place.  We have so far had a few
cascading disable rules in form of code, far away from %disabled.
Instead, bring that information to the array @disable_cascade, which
is a list of pairs of the form 'test => descendents'.  The test part
can be a string, and it's simply checked if that string is a key in
%disabled, or it can be a CODEref to do a more complex test.  If the
test comes true, then all descendents are disabled.  This check is
performed until there are no more things that need to be disabled.

Also, $default_depflags is constructed from the information in
%disabled instead of being a separate string.  While a string of its
own is visually appealing, it's much too easy to forget to update it
when something is changed in %disabled.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-21 07:04:47 +01:00
Richard Levitte
fe05264e32 Refactor config - rewrite handling of "reconf"
The way the "reconf"/"reconfigure" argument is handled is overly
complicated.  Just grep for it first, and if it is there in the
current arguments, get the old command line arguments from Makefile.

While we're at it, make the Makefile variable CONFIGURE_ARGS hold the
value as a perl list of strings.  This makes things much safer in case
one of the arguments would contain a space.  Since CONFIGURE_ARGS is
used for nothing else, there's no harm in this.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-21 07:04:47 +01:00
Richard Levitte
bd5192b101 Refactor config - split read_config into read_config and resolve_config
Split the read_config function into read_config that ONLY reads the
configuration files but doesn't try to resolve any of the
inheritances, and resolve_config which resolves the inheritance chain
of a given target.  Move them to the bottom of Configure, with the
rest of the helpers.

Have a new small hash table, %target, which will hold the values for
the target the user requested.  This also means that all access to the
current target data can be reduced from '$table{$target}->{key}' to a
mere '$target{key}'.

While we're at it, the old string formatted configurations are getting
obsolete, so they may as well get deprecated entirely.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-20 22:07:59 +01:00
Richard Levitte
bb56561adb Refactor config - throw away '--test-sanity'
Get rid of the --test-sanity option.  Since we no longer have string
based configurations, we don't have the problem with miscounting
colons any more.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-20 20:51:38 +01:00
Richard Levitte
76ffb43d1a Refactor config - a small cosmetic touchup of Configure
Start simple, removed some unused variables and change all '<<EOF' to
'<<"EOF"'.  The latter is because some code colorizers (notably, in
emacs) cannot recognise the here document end marker unless it's
quoted and therefore assume the rest of the file is part of the here
document.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-20 20:46:38 +01:00
Matt Caswell
a8eda4312d Remove the GOST engine
The GOST engine is now out of date and is removed by this commit. An up
to date GOST engine is now being maintained in an external repository.

See:
https://wiki.openssl.org/index.php/Binaries

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-19 22:29:32 +00:00
Richard Levitte
c64879d3f3 Fix BSD -rpath parameter
For BSD systems, Configure adds a shared_ldflags including a reference
to the Makefile variable LIBRPATH, but since it must be passed down to
Makefile.shared, care must be taken so the value of LIBRPATH doesn't
get expanded too early, or it ends up giving an empty string.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-19 20:58:27 +01:00
Viktor Dukhovni
6b01bed206 Support disabling any or all TLS or DTLS versions
Some users want to disable SSL 3.0/TLS 1.0/TLS 1.1, and enable just
TLS 1.2.  In the future they might want to disable TLS 1.2 and
enable just TLS 1.3, ...

This commit makes it possible to disable any or all of the TLS or
DTLS protocols.  It also considerably simplifies the SSL/TLS tests,
by auto-generating the min/max version tests based on the set of
supported protocols (425 explicitly written out tests got replaced
by two loops that generate all 425 tests if all protocols are
enabled, fewer otherwise).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-19 09:57:15 -05:00
Richard Levitte
1de8e63f86 Small fixup, an extra line slipped in
The previous 'Relax the requirements for a debug build' commit had
an extra line of code that shouldn't have been there.  This fixes it.

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-14 22:05:09 +01:00
Benjamin Kaduk
0423f812dc Add a no-egd option to disable EGD-related code
The entropy-gathering daemon is used only on a small number of machines.
Provide a configure knob so that EGD support can be disabled by default
but re-enabled on those systems that do need it.

Reviewed-by: Dr. Stephen Henson <steve@openssl.org>
2016-01-14 13:02:51 -05:00
Richard Levitte
8e8b883f6b Relax the requirements for a debug build
We required that a target be named 'debug-something' or to have at
least one of the configuration items debug_cflags and debug_lflags for
--debug to be accepted.

However, there are targets with no such markings but that will still
have debugging capabilities.  This is particularly true for mk1mf
builds, where the extra flags for debugging are figured out later on
by util/mk1mf.pl.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-14 17:42:38 +01:00
Viktor Dukhovni
bdb1d0c24b Fix DES_LONG breakage
For some strange reason opensslconf.h was only defining DES_LONG
when included via des.h, but that's exceedingly fragile (as a
result of include guards the include via des.h might not actually
process the content again).

Ripped out the nesting constraint, now always define OSSL_DES_LONG
if not already defined.  Note, this could just be DES_LONG, but
trying to avoid exposing DES_LONG in places where it has never been
seen before, so it is up to des.h to actually define DES_LONG as
OSSL_DES_LONG.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-01-13 12:37:48 -05:00
Rich Salz
ef30a6845a Fix typo in error message
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-01-12 17:35:22 -05:00
Rich Salz
d10dac1187 Move Makefiles to Makefile.in
Create Makefile's from Makefile.in
Rename Makefile.org to Makefile.in
Rename Makefiles to Makefile.in
Address review feedback from Viktor and Richard

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-12 16:26:56 -05:00
Richard Levitte
ccf73257f6 Adjust $default_depflags to changes in Configure
We use $default_depflags to check if a 'make depend' is needed after
configuring, so it needs to be kept up to date.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-01-11 11:06:28 +01:00
Viktor Dukhovni
c2e27310c7 Enable/disable crypto-mdebug just like other features
Also always abort() on leak failure.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-01-11 02:41:16 +00:00
Mat
3e45d39347 Adds crypto-mdebug as a valid option
Adds crypto-mdebug as a valid option. Fixes https://github.com/openssl/openssl/issues/537

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-01-09 19:02:41 -05:00
Mat
85d7bdf036 Fix build failure on Windows
Fixes https://github.com/openssl/openssl/issues/530

Signed-off-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-01-09 18:11:07 -05:00
Viktor Dukhovni
98186eb4e4 Backwards-compatibility subject to OPENSSL_API_COMPAT
Provide backwards-compatiblity for functions, macros and include
files if OPENSSL_API_COMPAT is either not defined or defined less
than the version number of the release in which the feature was
deprecated.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 20:53:18 -05:00
Rich Salz
bbd86bf542 mem functions cleanup
Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
        (Thanks to Jakob Bohm for the suggestion!)
Make the "change wrapper functions" be the only paradigm.
Wrote documentation!
Format the 'set func' functions so their paramlists are legible.
Format some multi-line comments.
Remove ability to get/set the "memory debug" functions at runtme.
Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
Add CRYPTO_mem_debug(int flag) function.
Add test/memleaktest.
Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-01-07 15:14:18 -05:00
Andy Polyakov
91cf7551a1 Configure: refine 'reconf' logic.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-22 10:32:08 +01:00
Rich Salz
2503af2684 Fix typo.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 17:58:32 -05:00
Rich Salz
2e31ef0366 Provide better "make depend" warning.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-16 17:43:41 -05:00
Ben Laurie
a7a14a23a9 Fix no-dgram.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 21:31:56 +00:00
Rich Salz
2ab9687479 Remove GMP engine.
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-12-15 07:59:56 -05:00
Andy Polyakov
22c2e80f89 Configure: add framework for ChaCha and Poly1305 assembly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-13 20:56:50 +01:00
Andy Polyakov
0c14d44254 Configure: 'reconf' to respect CROSS_COMPILE and CC.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-13 20:54:22 +01:00
Kurt Roeckx
a5ecdc6af8 Use OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-12 12:07:14 +01:00
Andy Polyakov
48f1484555 Configure: make no-chacha and no-poly1305 work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:05:50 +01:00
Ben Laurie
28cbe2ab4a Link library for backtrace() on BSD...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-09 13:37:30 +00:00
Richard Levitte
16b6081e0d Fix ./Configure reconf
'./Configure reconf' hasn't been working for a while, because a perl
lable needs to be immediately followed by a block.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-12-02 19:39:36 +01:00
Richard Levitte
a1d3f3d1d0 Move the backtrace memleak options to a separate variable
The contents of this variable ($memleak_devteam_backtrace) is added to
$cflags unless we build for a platform we know doesn't support gcc's
-rdynamic och backtrace() and friends.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-12-02 19:20:45 +01:00
Richard Levitte
012c540850 Add backtrace to memory leak output
This is an option for builds with gcc and --strict-warnings.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-02 16:49:08 +01:00
Richard Levitte
de17db915e Drop the old perl start magic and replace it with a normal shebang
perlrun(1) leads the way.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-24 14:06:45 +01:00
Jacob Bandes-Storch
f4d8f03755 Add perl modeline to Configure scripts
Encourages GitHub to perform proper syntax highlighting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-24 13:12:57 +01:00
Richard Levitte
6703c4ea87 Make the match for previous cflags a bit more strict
./Configure [target] --strict-warnings -Wno-pedantic-ms-format
would not add '-pedantic' because it matches '-Wno-pedantic-ms-format',
which was added first.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-09 09:50:56 +01:00
Richard Levitte
489eb74090 Make Configure die when unsupported options are given
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-22 17:37:10 +02:00
Richard Levitte
8b527be2db Add an explicit list of options that can be disabled, enabled, ...
Configure has, so far, had no control at all of which 'no-' options it
can be given.  This means that, for example, someone could configure
with something absurd like 'no-stack' and then watch the build crumble
to dust...  or file a bug report.

This introduces some sanity into the possible choices.

The added list comes from looking for the explicit ones used in
Configure, and from grepping after OPENSSL_NO_ in all source files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-22 17:37:10 +02:00
Emilia Kasper
58dd1ce91a make depend: prefer clang over makedepend
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-14 17:10:20 +02:00
Alessandro Ghedini
f386742cfb GH429: Add clang to travis
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-13 14:04:53 -04:00
David Woodhouse
984d6c6052 Fix no-stdio build
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>

   +Replace FILE BIO's with dummy ops that fail.
   +Include <stdio.h> for sscanf() even with no-stdio (since the declaration
    is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
    variable, since it can be larger than a 'long'. And we don't rely on the
    availability of strtoull().
   +Remove OPENSSL_stderr(); not used.
   +Make OPENSSL_showfatal() do nothing (currently without stdio there's
    nothing we can do).
   +Remove file-based functionality from ssl/. The function
    prototypes were already gone, but not the functions themselves.
   +Remove unviable conf functionality via SYS_UEFI
   +Add fallback definition of BUFSIZ.
   +Remove functions taking FILE * from header files.
   +Add missing DECLARE_PEM_write_fp_const
   +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
    so remove its prototype.
   +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
   +Eliminate SRP_VBASE_init() and supporting functions. Users will need to
    build the verifier manually instead.
   +Eliminate compiler warning for unused do_pk8pkey_fp().
   +Disable TEST_ENG_OPENSSL_PKEY.
   +Disable GOST engine as is uses [f]printf all over the place.
   +Eliminate compiler warning for unused send_fp_chars().

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-29 21:59:19 -04:00
Andy Polyakov
51cbee3516 Update year in Windows builds.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-28 15:32:38 +02:00
Ben Laurie
df2ee0e27d Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11 04:51:55 +01:00
Richard Levitte
fd9ad2300b Adapt mk1mf.pl and helpers to the new testing framework.
With the new testing framework, building a test target with mk1mf.pl
becomes a very simple thing.  And especially, no more need to do the
amount of hackery in unix.pl we did.

Also, some tests need a working apps/CA.pl as well as rehashed certs
in certs/demo.  So, move the code creating those files so it gets done
regardless, not just in non-mk1mf environments.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-07 16:10:58 +02:00
David Woodhouse
47bbaa5b60 Revert "OPENSSL_NO_xxx cleanup: RFC3779"
This reverts the non-cleanup parts of commit c73ad69017. We do actually
have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI
build, since we don't have a strspn() function in our runtime environment
and we don't want the RFC3779 functionality anyway.

In addition, it changes the default behaviour of the Configure script so
that RFC3779 support isn't disabled by default. It was always disabled
from when it was first added in 2006, right up until the point where
OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the
Configure script was left *trying* to disable it, but not actually
working.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03 16:31:09 -04:00
Ben Laurie
480405e4a9 Add -Wconditional-uninitialized to clang strict warnings.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-02 02:45:44 +01:00
Ben Laurie
d237a2739c Build with --strict-warnings on FreeBSD.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-02 02:21:46 +01:00
Matt Caswell
e481f9b90b Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-22 23:10:51 +01:00
Matt Caswell
e36827f6d1 Remove remaining Kerberos references
Following on from the removal of libcrypto and libssl support for Kerberos
this commit removes all remaining references to Kerberos.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:08:10 +01:00
Ben Laurie
190c8c60c1 Fix build on MacOS.
Reviewed-by: Andy Polyakov
2015-05-01 17:46:17 +01:00
Andy Polyakov
c3b9bd11f9 Engage ec/asm/ecp_nistz256-sparcv9 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-21 09:39:52 +02:00
Andy Polyakov
cc98b998b8 Configure: Engage ecp_nistz256-armv8 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-20 14:58:01 +02:00
Andy Polyakov
2c6343bfa3 Configure: engage ARMv8 Montgomery multiplication module.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-20 14:41:10 +02:00
Emilia Kasper
13efe9d17e Use -Wall -Wextra with clang
The disabled set of -Weverything is hard to maintain across versions.
Use -Wall -Wextra but also document other useful warnings that currently trigger.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-17 18:17:50 +02:00
Dr. Stephen Henson
c954448f2c Add -Wtype-limits to strict warnings.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-15 13:57:51 +01:00
Richard Levitte
04958e84d8 Appease clang -Wgnu-statement-expression
We use GNU statement expressions in crypto/md32_common.h, surrounded
by checks that GNU C is indeed used to compile.  It seems that clang,
at least on Linux, pretends to be GNU C, therefore finds the statement
expressions and then warns about them.

The solution is to have clang be quiet about it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-04 17:06:35 +02:00
Richard Levitte
dee502be89 Stop symlinking, move files to intended directory
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Andy Polyakov
33b188a8e8 Engage vpaes-armv8 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-28 15:42:12 +01:00
Andy Polyakov
1818572d83 Configure: remove unused variables.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-28 15:36:40 +01:00
Matt Caswell
913f1042b3 Add -DDEBUG_UNUSED to --strict-warnings
In order to receive warnings on unused function return values the flag
-DDEBUG_UNUSED must be passed to the compiler. This change adds that for the
--strict-warnings Configure option.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-23 15:22:36 +00:00
Richard Levitte
9b956beccd Refer to $table{$target} rather than $table{$t}.
Using $t is an artifact from the earlier changes in Configure and was
unfortunately forgotten as is.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-03-22 00:57:09 +01:00
Richard Levitte
21ab123770 If the target is an old style debug- target, it will not have debugging [cl]flags
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-03-19 22:49:51 +01:00
Andy Polyakov
7ead0c8918 Configure: fold related configurations more aggressively and clean-up.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-18 16:27:00 +01:00
Richard Levitte
9e43c6b5c2 Correct the request of debug builds
./config would translate -d into having the target get a 'debug-'
prefix, and then run './Configure LIST' to find out if such a
debugging target exists or not.

With the recent changes, the separate 'debug-foo' targets are
disappearing, and we're giving the normal targets debugging
capabilities instead.  Unfortunately, './config' wasn't changed to
match this new behavior.

This change introduces the arguments '--debug' and '--release' - the
latter just for orthogonality - to ./Configure, and ./config now
treats -d by adding '--debug' to the options for ./Configure.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-17 17:01:31 +01:00
Richard Levitte
5e1b23536a Change all the main configurations to the new format.
As part of this, remove some levitte examples that never were relevant.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-16 22:16:30 +01:00
Richard Levitte
b124552999 Rethink templates.
Because base templates express inheritance of values, the attribute is
renamed to 'inherit_from', and texts about this talk about 'inheritance(s)'
rather than base templates.

As they were previously implemented, base templates that were listed
together would override one another, the first one acting as defaults for
the next and so on.

However, it was pointed out that a strength of inheritance would be to
base configurations on several templates - for example one for CPU, one
for operating system and one for compiler - and that requires a different
way of combining those templates.  With this change, inherited values
from several inheritances are concatenated by default (keep on reading).

Also, in-string templates with the double-curly syntax are removed,
replaced with the possibility to have a configuration value be a coderef
(i.e. a 'sub { /* your code goes here */ }') that gets the list of values
from all inheritances as the list @_.  The result of executing such a
coderef on a list of values is assumed to become a string.  ANY OTHER
FORM OF VALUE WILL CURRENTLY BREAK.

As a matter of fact, an attribute in the current config with no value is
assumed to have this coderef as value:

    sub { join(' ', @_) }

While we're at it, rename debug-[cl]flags to debug_[cl]flags and
nodebug-[cl]flags to release_[cl]flags.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-16 22:16:30 +01:00
Richard Levitte
7d46b9426f Add base template processing.
Base templates are templates that are used to inherit from.  They can
loosely be compared with parent class inheritance in object orientation.
They can be used for the same purpose as the variables with multi-field
strings are used in old-style string configurations.

Base templates are declared with the base_templates configuration
attribute, like so:

	"example_target" => {
		base_templates => [ "x86_asm", ... ]
		...
	}

Note: The value of base_templates MUST be an array reference (an array
enclosed in square brackets).

Any configuration target can be used as a base template by another.  It
is also possible to have a target that's a pure template and not meant to
be used directly as a configuration target.  Such a target is marked with
the template configuration attribute, like so:

	"example_template" => {
		template => 1,
		cc => "mycc",
		...
	},

As part of this commit, all variables with multi-field strings have been
translated to pure templates.  The variables currently remain since we
can't expect people to shift to hash table configurations immediately.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-16 22:16:30 +01:00
Richard Levitte
09816a2e33 Add template reference processing.
Template references are words with double brackets, and refer to the
same field in the target pointed at the the double bracketed word.

For example, if a target's configuration has the following entry:

    'cflags' => '-DFOO {{x86_debug}}'

... then {{x86_debug}} will be replaced with the 'cflags' value from
target 'x86_debug'.

Note: template references are resolved recursively, and circular
references are not allowed

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-16 22:16:30 +01:00
Richard Levitte
aaf878cc97 Rewrite Configure to handle the target values as hash tables.
The reasoning is that configuration strings are hard to read and error
prone, and that a better way would be for them to be key => value hashes.

Configure is made to be able to handle target configuration values as a
string as well as a hash.  It also does the best it can to combine a
"debug-foo" target with a "foo" target, given that they are similar
except for the cflags and lflags values.  The latter are spliced into
options that are common for "debug-foo" and "foo", options that exist
only with "debug-foo" and options that exist only with "foo", and make
them into combinable attributes that holds common cflags, extra cflags
for debuggin and extra cflags for non-debugging configurations.

The next step is to make it possible to have template configurations.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-16 22:16:30 +01:00
Richard Levitte
97a0cc5281 Move Configurations* out of the way and rename them.
Configure would load the glob "Configurations*".  The problem with
this is that it also loads all kinds of backups of those
configurations that some editors do, like emacs' classic
'Configurations~'.  The solution is to give them an extension, such as
'.conf', and make sure to end the glob with that.

Also, because 'Configurations.conf' makes for a silly name, and
because a possibly large number of configurations will become clutter,
move them to a subdirectory 'Configurations/', and rename them to
something more expressive, as well as something that sets up some form
of sorting order.  Thus:

    Configurations	->	Configurations/10-main.conf
    Configurations.team	->	Configurations/90-team.conf

Finally, make sure that Configure sorts the list of files that 'glob'
produces, and adapt Makefile.org.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-11 12:07:25 +01:00
Rich Salz
f09e7ca94b Move build config table to separate files.
Move the build configuration table into separate files.  The Configurations
file is standard configs, and Configurations.team is for openssl-team
members.  Any other file, Configurations*, found in the same directory
as the Configure script, is loaded.

To add another file, use --config=FILE flags (which should probably be
an absolute path).

Written by Stefen Eissing <stefan.eissing@greenbytes.de> and Rich Salz
<rsalz@openssl.org>, contributed by Akamai Technologies.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-24 17:40:22 -05:00
Richard Levitte
ba4bdee718 Restore -DTERMIO/-DTERMIOS on Windows platforms.
The previous defaulting to TERMIOS took away -DTERMIOS / -DTERMIO a
bit too enthusiastically.  Windows/DOSish platforms of all sorts get
identified as OPENSSL_SYS_MSDOS, and they get a different treatment
altogether UNLESS -DTERMIO or -DTERMIOS is explicitely given with the
configuration.  The answer is to restore those macro definitions for
the affected configuration targets.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-22 08:27:36 +01:00
Richard Levitte
64e6bf64b3 Assume TERMIOS is default, remove TERMIO on all Linux.
The rationale for this move is that TERMIOS is default, supported by
POSIX-1.2001, and most definitely on Linux.  For a few other systems,
TERMIO may still be the termnial interface of preference, so we keep
-DTERMIO on those in Configure.

crypto/ui/ui_openssl.c is simplified in this regard, and will define
TERMIOS for all systems except a select few exceptions.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-21 23:51:05 +01:00
Andy Polyakov
7b4a4b71b5 Engage ecp_nistz256-armv4 module.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-11 20:36:55 +01:00
Andy Polyakov
ea5f8411cd Configure: disable warning C4090 in Windows builds.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-02-10 22:02:54 +01:00
Matt Caswell
a8b4e057b3 Remove -DOPENSSL_NO_DEPRECATED from --strict-warnings flags.
In master OPENSSL_NO_DEPRECATED is the default anyway. By including it in
--strict-warnings as well this means you cannot combine enable-deprecated
with --strict-warnings.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-10 14:32:29 +00:00
Andy Polyakov
79ee5afa26 Engage ecp_nistz256-x86 module.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2015-02-09 23:21:11 +01:00
Dr. Stephen Henson
a479d72dba fix windows build
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-02-04 22:51:01 +00:00
Dr. Stephen Henson
5496cd3e5d More unused FIPS module code.
Remove fips_algvs.c

Remove unused fips module build code from Configure and Makefile.org
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-02-04 18:54:36 +00:00
Ben Laurie
4de8385796 Build correctly for me on FreeBSD 10.
Reviewed-by: Rich Salz

Don't debug.
2015-01-30 22:23:17 +00:00
Andy Polyakov
2a4af9478d Configure: addendum to OPENSSL_NO_[RMD160|RIPEMD] harmonization.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-01-27 12:23:42 +01:00
Rich Salz
68b00c2372 ifdef cleanup part 3: OPENSSL_SYSNAME
Rename OPENSSL_SYSNAME_xxx to OPENSSL_SYS_xxx
Remove MS_STATIC; it's a relic from platforms <32 bits.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-23 11:58:26 -05:00
Andy Polyakov
9b05cbc33e Add assembly support to ios64-cross.
Fix typos in ios64-cross config line.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-23 15:38:41 +01:00
Corinna Vinschen
732c5a6b92 Drop redundant and outdated __CYGWIN32__ tests.
Change OPENSSL_SYSNAME_CYGWIN32 to OPENSSL_SYSNAME_CYGWIN.
Drop outdated Cygwin targets.

RT#3605
Signed-off-by: Corinna Vinschen <vinschen@redhat.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-01-22 12:55:25 +01:00
Rich Salz
fcf64ba0ac RT3548: Remove some unsupported platforms.
This commit removes NCR, Tandem, Cray.
Regenerates TABLE.
Removes another missing BEOS fluff.
The last platform remaining on this ticket is WIN16.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-12 10:40:00 -05:00
Emilia Kasper
cb2bc0543a Add a clang build target for linux-x86_64
This change documents the world as-is, by turning all warnings on,
and then turning warnings that trigger off again.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-01-05 13:46:26 +01:00
Andy Polyakov
c1669e1c20 Remove inconsistency in ARM support.
This facilitates "universal" builds, ones that target multiple
architectures, e.g. ARMv5 through ARMv7. See commentary in
Configure for details.

Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-01-04 23:45:08 +01:00
Rich Salz
32dfde1076 RT3548: Remove unsupported platforms
This commit removes DG-UX.
It also flushes out some left-behinds in config.
And regenerates TABLE from Configure (hadn't been done in awhile).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-28 01:17:52 -05:00
Rich Salz
6c23ca0cbb RT3548: unsupported platforms
This commit removes Sinix/ReliantUNIX RM400
(And a missed piece of BEOS fluff)

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-25 16:16:29 -05:00
Rich Salz
f231941444 RT3548: Remvoe unsupported platforms
This commit removes SunOS (a sentimental favorite of mine).

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-21 23:18:02 -05:00
Matt Caswell
c0fc27f88e Made it an error to define OPENSSL_USE_DEPRECATED if OpenSSL has been built
with OPENSSL_NO_DEPRECATED defined

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:57:44 +00:00
Matt Caswell
07c4c14c47 Turn on OPENSSL_NO_DEPRECATED by default.
Also introduce OPENSSL_USE_DEPRECATED. If OPENSSL_NO_DEPRECATED is
defined at config stage then OPENSSL_USE_DEPRECATED has no effect -
deprecated functions are not available.
If OPENSSL_NO_DEPRECATED is not defined at config stage then
applications must define OPENSSL_USE_DEPRECATED in order to access
deprecated functions.
Also introduce compiler warnings for gcc for applications using
deprecated functions

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-12-18 19:56:31 +00:00
Rich Salz
59ff1ce061 RT3548: Remove some obsolete platforms
This commit removes Sony NEWS4

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-18 14:17:33 -05:00
Dr. Stephen Henson
78c990c156 Remove fipscanister from Configure, delete fips directory
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-12-08 13:18:43 +00:00
Kurt Roeckx
45f55f6a5b Remove SSLv2 support
The only support for SSLv2 left is receiving a SSLv2 compatible client hello.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-12-04 11:55:03 +01:00
Dr. Stephen Henson
3881d8106d New option no-ssl3-method which removes SSLv3_*method
When no-ssl3 is set only make SSLv3 disabled by default. Retain -ssl3
options for s_client/s_server/ssltest.

When no-ssl3-method is set SSLv3_*method() is removed and all -ssl3
options.

We should document this somewhere, e.g. wiki, FAQ or manual page.
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2014-11-19 18:11:37 +00:00
Mike Bland
a4b8457db9 {,darwin64-}debug-test-64-clang Configure targets
These are based on debug-ben-debug-64-clang and is intended to produce
consistent settings for folks involved in the unit testing effort detailed at:

http://wiki.openssl.org/index.php/Unit_Testing

-fsanitize has been removed from the set of clang flags for now. Apparently
clang 3.1, which ships with FreeBSD 9.1, completely ignores -fsanitize. Clang
3.3, which ships with FreeBSD 9.2, compiles with it, but fails to link due to
the absence of libasan:

http://lists.freebsd.org/pipermail/freebsd-hackers/2013-December/043995.html
https://www.mail-archive.com/cfe-commits@cs.uiuc.edu/msg92260.html
http://reviews.llvm.org/D2644

We need -Wno-error=unused-const-variable because of this error:
.../crypto/ec/ec_lib.c:74:19: error: unused variable 'EC_version' [-Werror,-Wunused-const-variable]
static const char EC_version[] = "EC" OPENSSL_VERSION_PTEXT;

Change-Id: I2cba53537137186114c083049ea1233550a741f9
Signed-off-by: Mike Bland <mbland@acm.org>
Signed-off-by: Geoff Thorpe <geoff@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2014-11-16 16:44:37 -05:00
Andy Polyakov
b06f7d9ac0 Configure: add ios64 target.
Reviewed-by: Steve Marquess <marquess@openssl.org>
2014-10-23 16:04:01 +02:00
Rich Salz
008bef521c RT3544: Must update TABLE after Configure change
Also add comment to Configure reminding people to do that.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-09-25 13:18:22 -04:00
Rich Salz
92c7846372 RT3544: Remove MWERKS support
The following #ifdef tests were all removed:
	__MWERKS__
	MAC_OS_pre_X
	MAC_OS_GUSI_SOURCE
	MAC_OS_pre_X
	OPENSSL_SYS_MACINTOSH_CLASSIC
	OPENSSL_SYS_MACOSX_RHAPSODY

Reviewed-by: Andy Polyakov <appro@openssl.org>
2014-09-24 18:07:29 -04:00
Andy Polyakov
847147908b Configure: engage ECP_NISTZ256.
RT: 3149

Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-09-12 00:38:57 +02:00
Andy Polyakov
6019cdd327 Configure: add configuration for crypto/ec/asm extensions.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2014-08-30 19:22:51 +02:00
Rich Salz
17e80c6bd0 RT2308: Add extern "C" { ... } wrapper
Add the wrapper to all public header files (Configure
generates one).  Don't bother for those that are just
lists of #define's that do renaming.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-08-27 21:35:32 -04:00
nnposter@users.sourceforge.net
cde8ad1a28 PR 719: Configure not exiting with child status
If subcommand fails, just die.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
2014-08-12 14:45:49 -04:00
Bodo Moeller
a46149c672 Update $default_depflags to match current defaults. 2014-08-01 19:02:10 +02:00
Dr. Stephen Henson
e0fc7961c4 Add conditional unit testing interface.
Don't call internal functions directly call them through
SSL_test_functions(). This also makes unit testing work on
Windows and platforms that don't export internal functions
from shared libraries.

By default unit testing is not enabled: it requires the compile
time option "enable-unit-test".
Reviewed-by: Geoff Thorpe <geoff@openssl.org>
2014-07-24 19:41:29 +01:00
Andy Polyakov
0e716d9207 Engage GHASH for PowerISA 2.0.7.
[and split ppccap.c to ppccap.c and ppc_arch.h]

Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2014-07-20 14:16:31 +02:00