We're hitting problems that the 'ar' command line becomes too long for
some 'make' versions, or the shell it uses.
We therefore change the way we create a static library by doing so one
object file at a time. This is slower, but has better guarantees to
work properly on limited systems.
Fixes#12116
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/12706)
From this point on, this engine must be specifically specified.
To replace the internal EMBEDDED hack with something unique for the
new module, functions to create application specific OSSL_STORE_INFO
types were added.
Furthermore, the following function had to be exported:
ossl_do_blob_header()
ossl_do_PVK_header()
asn1_d2i_read_bio()
Finally, evp_pkcs82pkey_int() has become public under a new name,
EVP_PKCS82PKEY_with_libctx()
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12587)
Documentation files were treated as programs when assigning to the
make variables HTMLDOCS{1,3,5,7} and MANDOCS{1,3,5,7}, which is is
incorrect on POSIX sub-systems where executables have an extension
(.exe).
Fixes#11937
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12374)
Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in fipsinstall optional
Make all tests, except fipsinstall, use the default -macopt and
-mac_name flags.
Define and use FIPSDIR variable on VMS/MMS.
Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12235)
The binder of the AIX linker needs to be told which functions to call on
loading and initializing a shared object. Therefore another configuration
variable shared_fipsflag is introduced, which is appended to shared_defflag
when the providers/fips module gets configured.
It was suggested to refactor the line in the build file template to become
more generic and less magic. There is, however, currently no suggestion how
to actually achive this, so we leave a TODO comment.
The possible shared_fipsflag must only be appended to the shared_def iff
this code is acting on behalf of the fips provider module build.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11950)
Also fix a nit in recent CHANGES.md update.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11770)
With MANSUFFIX=A the statement '$$fn$(MANSUFFIX)' is reaplaces with
'$fnA' and left empty because the `fnA' variables is not recognized
within the shell.
With {} around fn it is then bocomes ${fn}A and works as expected.
While here, add the MANSUFFIX to the ECHO line so it is properly printed
during build.
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11643)
The fips.so and legacy.so providers were not being installed because of
a typo in the makefile templates.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11615)
The erroneously introduced names grasshopper-* replaced with
kuznyechik-* according to official algorithm name translation.
Too long symbolic names replaced with human-enterable ones.
Also the mechanism of deprecating names in objects.txt is implemented
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11440)
libssl code uses EVP_PKEY_get0_EC_KEY() to extract certain basic data
from the EC_KEY. We replace that with internal EVP_PKEY functions.
This may or may not be refactored later on.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11358)
util/progs.pl depends on the build tree (on configdata.pm,
specifically), so it needs to be run from the build tree. But why
stop there? We might as well generate apps/progs.c and apps/progs.h
when building.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Since we've now switched to use util/wrap.pl to wrap uninstalled
programs everywhere, there's no need to set the environment variables
OPENSSL_ENGINES and OPENSSL_MODULES globally for the tests.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/11110)
Remove unused util/process_docs.pl
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10856)
We had all tests run with test/test-runs/ as working directory, and
tests cleaned up after themselves... which is well and good, until
you want to have a look at what went wrong when a complex test fails,
and you have to recreate everything it does manually.
To remedy this, we have OpenSSL::Test create the result directory
dynamically (and cleaning it up first if it's already there) and let
the test recipe have that as working directory.
Test recipes are now encouraged to name their diverse output files
uniquely, and not to clean them up, to allow a developer to have a
look at the files that were produced.
With continuous integration that allows this, the result directories
could also be archived and be left as a build artifact.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11080)
Because we generate an increasing number of POD files, some of them
end up in the build tree. This makes it difficult for find-doc-nits
to work as desired when the build tree is separate from the source
tree.
The best supported way to make it work in such an environment is to
run it from the build tree and let it use the build information from
configdata.pm to find all the POD files. To make this smooth enough,
we add a function 'files' that returns an array of file names
corresponding to criteria from the caller.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11045)
Add cmd-nits make target.
Listing options should stop when it hits the "parameters" separator.
Add missing .pod.in files to doc/man1/build.info
Tweak find-doc-nits to try openssl-XXX before XXX for POD files and
change an error messavge to be more useful.
Fix the following pages: ca, cms, crl, dgst, enc,
engine, errstr, gendsa, genrsa, list, ocsp, passwd, pkcs7, pkcs12, rand,
rehash, req, rsautil, s_server, speed, s_time,
sess_id, smime, srp, ts, x509.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/10873)
Replace "=for openssl foreign manuals" with simpler syntax, it looks
like the "=for openssl ifdef" construct.
Fix some broken L<> links; add some missing foreign references and fixed
some typo's.
The WARNINGS in dhparam referred to non-existant commands so reword it.
Fixes#10109
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10256)
When generating html or manpages from POD files, we used $< or $? to
get the file name to process. It turns out, though, that some make
implementations only define $< with implicit rules, so its expansion
remains empty in explicit rules. $? is a fine replacement, but only
as long as we have one dependency, so it may cause problems in the
future.
The final solution seems to be to use explicit POD file names
instead. That leaves no doubts.
Fixes#10817
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/10849)
For some reason, we didn't use some of the possible target attributes
in the Unix Makefile template, and there was a similar but much
smaller lack of use in the Windows makefile template as well.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10753)
Fixes#8322
The leak-checking (and backtrace option, on some platforms) provided
by crypto-mdebug and crypto-mdebug-backtrace have been mostly neutered;
only the "make malloc fail" capability remains. OpenSSL recommends using
the compiler's leak-detection instead.
The OPENSSL_DEBUG_MEMORY environment variable is no longer used.
CRYPTO_mem_ctrl(), CRYPTO_set_mem_debug(), CRYPTO_mem_leaks(),
CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return a failure code.
CRYPTO_mem_debug_{malloc,realloc,free}() have been removed. All of the
above are now deprecated.
Merge (now really small) mem_dbg.c into mem.c
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10572)
The `./pyca-cryptography/.travis/downstream.d` subdirectory that causes the `rm` command to fail (albeit harmlessly, but with a warning from `make` nonetheless).
>rm -f `find . -name '*.d' \! -name '.*' -print`
>rm: cannot remove './pyca-cryptography/.travis/downstream.d': Is a directory
>make: [Makefile:1910: clean] Error 1 (ignored)
Exclude directories from being matched by the `find` commands.
CLA: trivial
Reviewed-by: Patrick Steuer <patrick.steuer@de.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10264)
For files GENERATEd from templates (.in files), any perl module (.pm
file) that the file depends on will automatically be used.
This means that these two lines:
GENERATE[foo]=foo.in
DEPEND[foo]=whatever.pm
will emit this command in a Makefile (or corresponding):
foo: foo.in whatever.pm configdata.pm
$(PERL) -I. -Ipathto -Mwhatever -Mconfigdata $(SRCDIR)/util/dofile.pl \\
foo.in > foo
Note that configdata.pm is automatically added, since util/dofile.pl
itself depends on it.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10162)
Added functionality to use static libraries as source for other
libraries. When done this way, the target library will use the object
files from the sourced static libraries, making the sourced libraries
work as "containers" for object files.
We also need to make sure that the Unix Makefile template knows how to
deal with shared libraries and modules that depend on static libraries.
That's new situation we haven't had before.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
The build.info grammar's regular expressions were a horrible read.
By assigning certain sub-expressions to variables, we hope to make
it a little more readable.
Also, the handling of build.info attributes is reworked to use a
common function instead of having copies of the same code.
Finally, the attributes are reorganized to specify if they belong with
programs, libraries, modules or scripts. This will enable more
intricate attribute assignment in changes to come.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
Use err() for find-doc-nits -e output
Doing this meant we could remove the -s flag, so we do so; move
option/help stuff to top of script.
Add a CHANGES entry.
Rename missing to other.syms
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10039)
Filter all output to a new &err() routine, which sets the global
exit status, $status.
Also, fix all subroutine definitions and references to be consistent:
no prototypes, no & before function calls.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
(Merged from https://github.com/openssl/openssl/pull/9733)
- Make the last argument always be the output file.
- Make the first argument always be the flavour, even if there is no
flavour (i.e. it might become the empty string).
- Make the next to last argument to be $(PROCESSOR) if that one has a
value.
- Remaining arguments are C prepropressor arguments.
Perl scripts that should handle this may use the following code:
$output = pop;
$flavour = shift;
if ($ARGV[$#ARGV] eq '386') {
# Do 386 specific things
} else {
# Do whatever else, with the knowledge the @ARGV contains
# C preprocessor arguments
}
Some scripts don't care about anything than $output, and that's ok.
Some scripts do care, but handle it a little differently, and that's
ok too (notably, the x86 scripts call asm_init() with the first and
the last argument after having popped $output).
As long as they handle the argument order right, they are going to
be fine.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9884)
A local 'make clean' did some sweeping removals of files execpt for
the .git directory. This is a little too sweeping, as other dotted
files might be cleaned away if they happen to match the pattern that's
searched for.
An example is a symlink .dir-locals.el that would keep disappearing if
you build in the source tree and do a make clean...
So we change this to leave all dotted files alone. Our builds do not
produce such files anyway, so this is a harmless (or rather, less
harmful) change.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9573)
This makes for a cleaner apps/progs.h as well as as cleaner
apps/build.info.
We also break out the type declarations to apps/include/function.h
apps/progs.c and apps/progs.h are NOT regenerated when 'apps' is
disabled.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9340)
After avoiding OPENSSL_memcmp for EC curve comparison, there are no remaining
uses in the source code. The function is only defined in an internal header
and thus should be safe to remove for 3.0.0.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/9207)
We create lists of undocumented functions and macros as they are now so
that find-doc-nits can check for newly introduced functions/macros that
are undocumented.
This works in a similar way to the -u and -d options to find-doc-nits.
These count undocumented symbols and print a detailed list of undocumented
symbols repsectively. This commit adds the -v and -e options to restrict
the count/detailed list to newly added undocumented symbols only.
There is also a new -s option that does the same as -e except that it
produces no output if there are no newly undocumented symbols.
We also amend "make doc-nits" to add the -s option which should cause
travis to fail if a PR adds undocumented symbols.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9094)
These will be used to point out general OpenSSL modules directory.
ENGINE modules are kept apart for backward compatibility.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8287)
The only thing that makes an ENGINE module special is its entry
points. Other than that, it's a normal dynamically loadable module,
nothing special about it. This change has us stop pretending anything
else.
We retain using ENGINE as a term for installation, because it's
related to a specific installation directory, and we therefore also
mark ENGINE modules specifically as such with an attribute in the
build.info files.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/8147)
Trim trailing whitespace. It doesn't match OpenSSL coding standards,
AFAICT, and it can cause problems with git tooling.
Trailing whitespace remains in test data and external source.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8092)
We have two classes of scripts to be installed, those that are
installed as "normal" programs, and those that are installed as "misc"
scripts. These classes are installed in different locations, so the
build file templates must pay attention.
Because we didn't have the tools to indicate what scripts go where, we
had these scripts hard coded in the build template files, with the
maintenance issues that may cause. Now that we have attributes, those
can be used to classify the installed scripts, and have the build file
templates simply check the attributes to know what's what.
Furthermore, the 'tsget.pl' script exists both as 'tsget.pl' and
'tsget', which is done by installing a symbolic link (or copy). This
link name is now given through an attribute, which results in even
less hard coding in the Unix Makefile template.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7581)
This means that all PROGRAMS_NO_INST, LIBS_NO_INST, ENGINES_NO_INST
and SCRIPTS_NO_INST are changed to be PROGRAM, LIBS, ENGINES and
SCRIPTS with the associated attribute 'noinst'.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7581)
Add platform::Unix, which is a generic Unix module to support product
name and extensions functionlity. However, this isn't quite enough,
as mingw and Cygwin builds are done using the same templates, but
since shared libraries work as on Windows and are named accordingly,
platform::mingw and platform::Cygwin were also added to provide the
necessary tweaks.
This reworks Configurations/unix-Makefile.tmpl to work out product
names in platform::Unix et al terms. In this one, we currently do
care about the *_extension config attributes, and the modules adapt
accordingly where it matters.
This change also affected crypto/include/internal/dso_conf.h.in, since
the DSO extension is meant to be the same as the short shared library
extension, which isn't '.so' everywhere.
'shared_extension' attributes that had the value
'.so.\$(SHLIB_VERSION_NUMBER)' are removed, platform::Unix provides
an extension where the shared library version number is hard-coded
instead.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7473)
Since `$config{version}` and `$config{version_num}` were removed
in commit 3a63dbef15, the configure output displays an empty
version number string in parentheses instead of the version number.
This pull request fixes that by adding new config variables
`version` and `full_version`, analogous to `OPENSSL_VERSION_STR`
and `OPENSSL_FULL_VERSION_STR`.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7841)
We're strictly use version numbers of the form MAJOR.MINOR.PATCH.
Letter releases are things of days past.
The most central change is that we now express the version number with
three macros, one for each part of the version number:
OPENSSL_VERSION_MAJOR
OPENSSL_VERSION_MINOR
OPENSSL_VERSION_PATCH
We also provide two additional macros to express pre-release and build
metadata information (also specified in semantic versioning):
OPENSSL_VERSION_PRE_RELEASE
OPENSSL_VERSION_BUILD_METADATA
To get the library's idea of all those values, we introduce the
following functions:
unsigned int OPENSSL_version_major(void);
unsigned int OPENSSL_version_minor(void);
unsigned int OPENSSL_version_patch(void);
const char *OPENSSL_version_pre_release(void);
const char *OPENSSL_version_build_metadata(void);
Additionally, for shared library versioning (which is out of scope in
semantic versioning, but that we still need):
OPENSSL_SHLIB_VERSION
We also provide a macro that contains the release date. This is not
part of the version number, but is extra information that we want to
be able to display:
OPENSSL_RELEASE_DATE
Finally, also provide the following convenience functions:
const char *OPENSSL_version_text(void);
const char *OPENSSL_version_text_full(void);
The following macros and functions are deprecated, and while currently
existing for backward compatibility, they are expected to disappear:
OPENSSL_VERSION_NUMBER
OPENSSL_VERSION_TEXT
OPENSSL_VERSION
OpenSSL_version_num()
OpenSSL_version()
Also, this function is introduced to replace OpenSSL_version() for all
indexes except for OPENSSL_VERSION:
OPENSSL_info()
For configuration, the option 'newversion-only' is added to disable all
the macros and functions that are mentioned as deprecated above.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7724)
Mingw and Cygwin builds install the DLLs in the application directory,
not the library directory, so ensure that one is created for them when
installing the DLLs.
Fixes#7653
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7654)
We only had the main 'install' target depend on 'all'. This changes
the dependencies so targets like install_dev, install_runtime_libs,
install_engines and install_programs depend on build targets that are
correspond to them more specifically. This increases the parallel
possibilities.
Fixes#7466
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7583)
When trying 'make -j{n} install', you may occasionally run into
trouble because to sub-targets (install_dev and install_runtime) try
to install the same shared libraries. That makes parallel install
difficult.
This is solved by dividing install_runtime into two parts, one for
libraries and one for programs, and have install_dev depend on
install_runtime_libs instead of installing the shared runtime
libraries itself.
Fixes#7466
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/7583)
This makes sure that any resulting directory target in the build files
also depend on object files meant for shared libraries.
As a side effect, we move the production of the dirinfo structure from
common.tmpl to Configure, to make it easier to check the result.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7452)
We only had targets for the "simple" shared library names (libfoo.so
and not libfoo.so.x.y on Unix, import library libfoo.lib but not
libfoo.dll on Windows). This has created some confusion why it wasn't
possible to rebuild the less "simple" name directly (just as an
example, someone who mistook the import library on Windows for a
static library, removed the DLL and then found it was difficult to
rebuild directly), so we change the target to include all possible
names.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7451)
When looking at configured macro definitions, we must look at both
what comes from the config target AND what comes from user
configuration.
Fixes#7396
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7402)
Rewrite util/mknum.pl to become cleaner, and to use the separate
generic C header parsing module, as well as the separate ordinals
manipulation module.
Adapt the build files.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
Move the .num updating functionality to util/mknum.pl.
Rewrite util/mkdef.pl to create .def / .map / .opt files exclusively,
using the separate ordinals reading module.
Adapt the build files.
Adapt the symbol presence test.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7191)
The generation of linker scripts was badly balanced, as all sorts of
platform dependent stuff went into the top build.info, when that part
should really be made as simply and generic as possible.
Therefore, we move a lot of the "magic" to the build files templates,
since they are the place for platform dependent things. What remains
is to parametrize just enough in the build.info file to generate the
linker scripts correctly for each associated library.
"linker script" is a term usually reserved for certain Unix linkers.
However, we only use them to say what symbols should be exported, so
we use the term loosely for all platforms. The internal extension is
'.ld', and is changed by the build file templates as appropriate for
each target platform.
Note that this adds extra meaning to the value of the shared_target
attribute.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7333)
The possibility to do this was killed when we started producing object
file names with encoded intention (and possibly different builds), and
leads to build errors.
With that, 'libobj2shlib' is renamed to 'obj2shlib' to reflect this
design change. The old name is still used if the new one isn't
available, for the sake of backward compatibility.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7198)
This is in preparation for having separate CFLAGS variables for static
and for shared library builds.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7159)
-path is non-portable extension, fortunately it's possible to express
.git subdirectory exclusion with -prune.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7004)
The result is that we don't have to produce different names on
different platforms, and we won't have confusion on Windows depending
on if the script was built with mingw or with MSVC.
Partial fix for #3254
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6764)
OpenSSL 1.1.0 supports the use of this environment variable for
passing to the build files. For the sake of backward compatibility,
we keep it.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/6668)
AIX treats its shared libraries in unique manner, by placing multiple
shared objects of different versions and bitnesses, into .a file.
So far we have been naively linking with version-less libcrypto|ssl.so,
which poses long-term maintenance problems. One could choose to link
straight with libcrypto.so.X.Y [or libcrypto.X.Y.so], but it would be
inconsistent with the way AIX [or Unix] does things.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6487)
- Print positive feedback in the case when 'make doc-nits' finds no errors.
- Other than before, keep the 'doc-nits' output file only in case of errors
and remove it if it is empty.
- Declare 'doc-nits' as a phony make target to facilitate rerunning
'make doc-nits' without having to remove the output file first.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6517)
Configurations/90-team.conf isn't for public consumption, so we rename
it to 90-team.norelease.conf and make sure 'make dist' and 'make tar'
don't include it in the tarball.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5836)
Purpose of build_all_generated is to execute all the rules that require
perl, so that one can copy the tree to system with compiler but without
perl. This commit removes last dependencies on perl.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5929)
Computing the value of the GENERATED variable in the build file
templates is somewhat overcomplicated, and because of possible
duplication errors, changes are potentially error prone.
Looking more closely at how this list is determined, it can be
observed that the exact list of files to check is consistently
available in all the values found in the %unified_info tables
'depends', 'sources' and 'shared_sources', and all that's needed is to
filter those values so only those present as keys in the 'generate'
table are left.
This computation is also common for all build files, so due to its
apparent complexity, we move it to common0.tmpl, with the result left
in a global variable (@generated), to be consumed by all build file
templates.
common0.tmpl is included among the files to process when creating
build files, but unlike common.tmpl, it comes first of all.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5930)
We started using $(CPP) instead of $(CC) -E, with the assumption that
CPP would be predefined. This is, however, not always true, and
rather depends on the 'make' implementation. Furthermore, on
platforms where CPP=cpp or something else other than '$(CC) -E',
there's a risk that it won't understand machine specific flags that we
pass to it. So it turns out that trying to use $(CPP) was a mistake,
and we therefore revert that use back to using $(CC) -E directly.
Fixes#5867
Note: this affects config targets that use Alpha, ARM, IA64, MIPS,
s390x or SPARC assembler modules.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5872)
.res files weren't treated consistently. They weren't included at all
in the build of a shared library, and were named inconsistently; .res
sometimes, and .res.o otherwise. Now we standardise it to .res.o,
which is the recommended way with GNU tools.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5730)
In the end, it's more efficient to only have one perl instance (that
loads configdata.pm) dealing with dependency files than running one
(that still loads configdata.pm) for each such file.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5631)
It seems that only gcc -MMD produces dependency files that are "sane"
for our needs. For all other methods, some post processing is needed:
- 'makedepend' (Unix) insists that object files are located in the
same spot as the source file.
- 'cl /Zs /showIncludes' (Visual C) has "Note: including file: " where
we'd like to see the object.
- 'CC/DECC' (VMS) insists that the object file is located in the
current directory, i.e. it strips away all directory information.
So far, we've managed this (except for the VMS case) with individual
uncommented perl command lines directly in the build file template.
We're now collecting these diverse hacks into one perl script that
takes an argument to tell what kind of input to expect and that
massages whatever it gets on STDIN and outputs the result on STDOUT.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5591)
With the help of the perl script util/add-depends.pl, which takes all
its information directly from configdata.pm, the dependency adding
procedure can be streamlined for all support platforms.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5606)
So far assembly modules were built as .pl->.S->.s followed by .s->.o.
This posed a problem in build_all_generated rule if it was executed
on another computer. So we change rule sequence to .pl->.S and then
.S->.s->.o.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5573)
Travis-ci log output is huge and overflows internal travis-ci view,
which makes it hard to find errors.
Redirect some output to a file and dump it only if it fails.
Remove "v" option from tar that builds and extracts the srcdist.
While running the tests manually, some non-POSIX (bashisms) with ==
vs = came to light.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5555)
With the support of "make variables" comes the possibility for the
user to override them. However, we need to make a difference between
defaults that we use (and that should be overridable by the user) and
flags that are crucial for building OpenSSL (should not be
overridable).
Typically, overridable flags are those setting optimization levels,
warnings levels, that kind of thing, while non-overridable flags are,
for example, macros that indicate aspects of how the config target
should be treated, such as L_ENDIAN and B_ENDIAN.
We do that differentiation by allowing upper case attributes in the
config targets, named exactly like the "make variables" we support,
and reserving the lower case attributes for non-overridable project
flags.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5534)
We have never used these variables with the Unix Makefile, and there's
no reason for us to change this, so to avoid confusion, we remove them.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5545)
With this, we introduce the make variable 'libdir', which differs from
'LIBDIR' not only in casing, but also by being the absolute path to
the library installation directory. This variable is intentionally
compatible with the GNU coding standards.
When --libdir is given an absolute path, it is considered as a value
according to GNU coding standards, and the variables LIBDIR and libdir
will be this:
LIBDIR=
libdir=/absolute/path
When --libdir is given a relative path (just the name of the desired
library directory), or not given at all, it is considered as a
"traditional" OpenSSL value, and the variables LIBDIR and libdir will
be this:
LIBDIR=relativepath
libdir=$(INSTALLTOP)/$(LIBDIR)
Fixes#5398
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5446)
The reason for this is that some of the C flags affect built in macros
that we may depend on.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5436)
If the configured value is the empty string, give them a sane default.
Otherwise, give them the configured value prefix with $(CROSS_COMPILE)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5247)
It was inconsistent to see this specific command have
'$(CROSS_COMPILE)' in its value when no other command did.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5247)
The make variables LIB_CFLAGS, DSO_CFLAGS and so on were used in
addition to CFLAGS and so on. This works without problem on Unix and
Windows, where options with different purposes (such as -D and -I) can
appear anywhere on the command line and get accumulated as they come.
This is not necessarely so on VMS. For example, macros must all be
collected and given through one /DEFINE, and the same goes for
inclusion directories (/INCLUDE).
So, to harmonize all platforms, we repurpose make variables starting
with LIB_, DSO_ and BIN_ to be all encompassing variables that
collects the corresponding values from CFLAGS, CPPFLAGS, DEFINES,
INCLUDES and so on together with possible config target values
specific for libraries DSOs and programs, and use them instead of the
general ones everywhere.
This will, for example, allow VMS to use the exact same generators for
generated files that go through cpp as all other platforms, something
that has been impossible to do safely before now.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5357)
Instead of having the knowledge of the exact flags to run the C
preprocessor only and have it output on standard output in the deeper
recesses of the build file template, make it a config parameter, or
rely on build CPP in value ('$(CC) -E' on Unix).
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5356)
It was a bit absurd to have this being specially handled in the build
file templates, especially that we have the 'includes' attribute.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5296)
If a module is disablable (i.e. can be configured with 'no-FOO'), the
resulting header file needs to be guarded with a check of the
corresponding OPENSSL_NO_FOO. While this seem fairly innocuous, it
has an impact on the information in util/*.num, generated by mkdef.pl.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5275)
C++ flags got the same config target value as C flags, but then
nothing else happened while C flags get all kinds of stuff added to
them (especially when --strict-warnings is used).
Now, C++ flags get the exact same treatment as C flags. However, this
only happens when a C++ compiler is specified, to avoid confusing
messages about added C++ flags.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5181)
Support the following "make variables":
AR (GNU compatible)
ARFLAGS (GNU Compatible)
AS (GNU Compatible)
ASFLAGS (GNU Compatible)
CC (GNU Compatible)
CFLAGS (GNU Compatible)
CXX (GNU Compatible)
CXXFLAGS (GNU Compatible)
CPP (GNU Compatible)
CPPFLAGS (GNU Compatible)
CPPDEFINES List of CPP macro definitions. Alternative for -D
CPPINCLUDES List of CPP inclusion directories. Alternative for -I
HASHBANGPERL Perl invocation to be inserted after '#!' in public
perl scripts.
LDFLAGS (GNU Compatible)
LDLIBS (GNU Compatible)
RANLIB Program to generate library archive index
RC Program to manipulate Windows resources
RCFLAGS Flags for $(RC)
RM (GNU Compatible)
Setting one of these overrides the corresponding data from our config
targets. However, flags given directly on the configuration command
line are additional, and are therefore added to the flags coming from
one of the variables above or the config target.
Fixes#2420
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5177)
C preprocessor flags get separated from C flags, which has the
advantage that we don't get loads of macro definitions and inclusion
directory specs when linking shared libraries, DSOs and programs.
This is a step to add support for "make variables" when configuring.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5177)
Since libssl requires libcrypto and libcrypto.pc already has
Libs.private set exactly the same, there's no reason to repeat it in
libssl.pc.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/5134)
So far, we've placed all extra library related flags together, ending
up in the make variable EX_LIBS. This turns out to be problematic, as
for example, some compilers don't quite agree with something like
this:
cc -o foo foo.o -L/whatever -lsomething
They prefer this:
cc -L/whatever -o foo foo.o -lsomething
IBM's compiler on OS/390 is such a compiler that we know of, and we
have previously handled that as a previous case.
The answer here is to make a more general solution, where linking
options are divided in two parts, where one ends up in LDFLAGS and
the other in EX_LIBS (they corresponds to what is called LDFLAGS and
LDLIBS in the GNU world)
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5033)
Ignore libssl.map/libcrypto.map instead of ssl.map/crypto.map
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4932)
Because this also includes handling all sorts of non-object files when
linking a program, shared library or DSO, this also includes allowing
general recognition of files such as .res files (compiled from .rc
files), or .def / .map / .opt files (for export and possibly
versioning of public symbols only).
This does mean that there's a tangible change for all build file
templates: they must now recognise and handle the `.o` extension,
which is used internally to recognise object files internally. This
extension was removed by common.tmpl before this change, but would
mean that the platform specific templates wouldn't know if "foo.map"
was originally "foo.map.o" (i.e. an object file in its own right) or
"foo.map" (an export definition file that should be treated as such,
not as an object file).
For the sake of simplifying things, we also modify util/mkdef.pl to
produce .def (Windows) and .opt (VMS) files that don't need additional
hackery.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4840)
This will replace the use of Makefile.shared
This also means a small adjustment on how the attributes dso_cflags,
dso_cxxflags and dso_lflags are treated. They were previously treated
as an extension to shared_cflag, shared_cxxflag and shared_ldflag, but
they should really be regarded as alternatives instead, for example
for darwin, where -dynamiclib is used for shared libraries and -bundle
for DSOs.
We take the opportunity to clean out things that are redundant or
otherwise superfluous (for example the check of GNU ld on platforms
where it never existed).
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4840)
This small change in the Unix template and shared library build
scripts enables building "variant" shared libraries. A "variant"
shared library has a non-default SONAME, and non default symbol
versions. This makes it possible to build (say) an OpenSSL 1.1.0
library that can coexist without conflict in the same process address
space as the system's default OpenSSL library which may be OpenSSL
1.0.2.
Such "variant" shared libraries make it possible to link applications
against a custom OpenSSL library installed in /opt/openssl/1.1 or
similar location, and not risk conflict with an indirectly loaded
OpenSSL runtime that is required by some other dependency.
Variant shared libraries have been fully tested under Linux, and
build successfully on MacOS/X producing variant DYLD names. MacOS/X
Darwin has no symbol versioning, but has a non-flat library namespace.
Variant libraries may therefore support multiple OpenSSL libraries
in the same address space also with MacOS/X, despite lack of symbol
versions, but this has not been verified.
Variant shared libraries are optional and off by default.
Reviewed-by: Richard Levitte <levitte@openssl.org>
HP-UX make doesn't recognize $< in explict target rules, only in
inference ones such as .c.o.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4697)
It turns out that (some?) fuzzers can read a dictionary of OIDs,
so we generate one as part of the usual 'make update'.
Fixes#4615
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4637)
RESULT_D can be used to provide a separate directory for test results.
Let's use that to separate them from other files.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4507)
We changed directory to the wrong directory.
This change also separates the preparation phase from the tarball
building phase.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4179)
submodules are directories that we don't want in our tarballs, so
avoid them.
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4178)
$(SHLIB_MAJOR).$(SHLIB_MINOR) is really a synonym for
$(SHLIB_VERSION_NUMBER), and is therefore an added complexity,
so better to use $(SHLIB_VERSION_NUMBER) directly. SHLIB_MAJOR and
SHLIB_MINOR are now unused, but are kept around purely as information
in case someone relies on their existence.
At the same time, add support for custom shared library extensions
with the three new Makefile variables SHLIB_EXT, SHLIB_EXT_SIMPLE and
SHLIB_EXT_IMPORT. By default, they hold the variants of shared
library extensions we support. On mingw and cygwin, SHLIB_EXT_IMPORT
is defined; on all other Unix platforms, it's empty.
An example to get shared libraries with a slightly different SOVER name:
$ make SHLIB_EXT='.$(SHLIB_VERSION_NUMBER).so'
Fixes#3902
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3964)
Makefile.shared was designed to figure out static library names,
shared library names, library version compatibility, import library
names and the like on its own. This was a design for pre-1.1.0
OpenSSL because the main Makefile didn't have all that knowledge.
With 1.1.0, the situation isn't the same, a lot more knowledge is
included in the main Makefile, and while Makefile.shared did things
right most of the time (there are some corner cases, such as the
choice of .sl or .so as DSO extension on some HPUX versions), there's
still an inherent fragility when one has to keep an eye on
Makefile.shared to make sure it produces what the main Makefile
produces.
This change simplifies Makefile.shared by removing all its
"intelligence" and have it depend entirely on the input from the main
Makefile instead. That way, all the naming is driven from
configuration data.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3983)
This new target is used to build all generated files and only that.
This can be used to prepare everything that requires things like perl
for a system that lacks perl and then move everything to that system
and do the rest of the build there.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3695)
Because apps/progs.h isn't configuration agnostic, it's not at all
suited for 'make update' or being versioned, so change it to be
dynamically generated.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3688)
Fix test for "documenting private functions"
And add -p flag to doc-nits recipe
Mark when things were deprecated, if doc'd as such
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3624)
Run perltidy on util/mkerr
Change some mkerr flags, write some doc comments
Make generated tables "const" when genearting lib-internal ones.
Add "state" file for mkerr
Renerate error tables and headers
Rationalize declaration of ERR_load_XXX_strings
Fix out-of-tree build
Add -static; sort flags/vars for options.
Also tweak code output
Moved engines/afalg to engines (from master)
Use -static flag
Standard engine #include's of errors
Don't linewrap err string tables unless necessary
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3392)
Add 2017 copyright year
Add missing typedef to NAME
Remove ec(7) and bn(7) doc links
Remove .pod link errors, bogus links, make a few typo corrections
Fix some typo's in links and some missing items.
Don't link to C runtime functions (See OPENSSL_malloc for example/precedent)
Document ASN1_tag2str(), add a few typedef's that were missing from NAME
Update doc-nits target; addresses
https://github.com/openssl/openssl/pull/1900#issuecomment-259943891,
Merge check-doc-links into find-doc-nits; if run regularly, would have found
https://github.com/openssl/openssl/pull/2825
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2862)
Very simply, support having the .a extension to denote depending on
static libraries. Note that this is not supported on native Windows
when building shared libraries, as there is not static library then,
just an import library with the same name.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1889)
For consistency, it's better to use the perl that was specified to
Configure last time it was called.
Use case:
perl v5.8.8 was first along $PATH, perl v5.22.2 was available and
specified as: PERL=/opt/local/bin/perl ./config. When make wanted to
reconfigure and called './Configure reconf', configuration broke down,
complaining about a perl that's too old.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1884)
Pre 1.1.0, 'make test' would set the environment variable
OPENSSL_DEBUG_MEMORY to "on". This got lost when translating the old
build files to the new templates. This changes reintroduces that
variable.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1840)
Move manpages to manX directories
Add Windows/VMS install fix from Richard Levitte
Update README
Fix typo's
Remove some duplicates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Make Configure recognise -rpath and -R to support user added rpaths
for OSF1 and Solaris. For convenience, add a variable LIBRPATH in the
Unix Makefile, which the users can use as follows:
./config [options] -Wl,-rpath,\$(LIBRPATH)
Reviewed-by: Rich Salz <rsalz@openssl.org>
Before OpenSSL 1.1.0, binaries were installed in a non-standard
location by default, and runpath directories were therefore added in
those binaries, to make sure the executables would be able to find the
shared libraries they were linked with.
With OpenSSL 1.1.0 and on, binaries are installed in standard
directories by default, and the addition of runpath directories is
therefore not needed any more.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Note that it relies on a trick from Configure, where file names for
object files made from C++ source get '.cc' replaced with '_cc.o' to
recognise them. This is needed so the correct compiler is used when
linking binaries.
Reviewed-by: Rich Salz <rsalz@openssl.org>
