CMake's older package finder, FindOpenSSL.cmake, does a best guess effort
and doesn't always get it right.
By CMake's own documentation, that's what such modules are (best effort
attempts), and package producers are (strongly) encouraged to help out by
producing and installing <PackageName>Config.cmake files to get a more
deterministic configuration.
The resulting OpenSSLConfig.cmake tries to mimic the result from CMake's
FindOpenSSL.cmake, by using the same variable and imported target names.
It also adds a few extra variables of its own, such as:
OPENSSL_MODULES_DIR Indicates the default installation directory
for OpenSSL loadable modules, such as providers.
OPENSSL_RUNTIME_DIR Indicates the default runtime directory, where
for example the openssl program is located.
OPENSSL_PROGRAM Is the full directory-and-filename of the
openssl program.
The imported targets OpenSSL::Crypto and OpenSSL::SSL are as precisely
specified as possible, so for example, they are specified with the both the
import library and the DLL on Windows, which should make life easier on that
platform.
For the moment, one of the following must be done in your CMake project for
this CMake configuration to take priority over CMake's FindOpenSSL.cmake:
- The variable CMAKE_FIND_PACKAGE_PREFER_CONFIG must be set to true prior
to the 'find_package(OpenSSL)' call.
- The 'find_package' call itself must use the "Full Signature". If you
don't know any better, simply add the 'CONFIG' option, i.e. from this
example:
find_package(OpenSSL 3.0 REQUIRED)
to this:
find_package(OpenSSL 3.0 REQUIRED CONFIG)
Just as with the 'pkg-config' exporters, two variants of the .cmake files
are produced:
- Those in 'exporters/' are installed in the location that 'pkg-config'
itself prefers for installed packages.
- Those in the top directory are to be used when it's desirable to build
directly against an OpenSSL build tree.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20878)
The pkg-config exporters were a special hack, all in
Configurations/unix-Makefile.tmpl, and this was well and good as long
as that was the only main package interface configuration system that we
cared about.
Things have changed, though, so we move the pkg-config production to be
templatable in a more flexible manner. Additional templates for other
interface configuration systems can then be added fairly easily.
Two variants of the .pc files are produced:
- Those in 'exporters/' are installed in the location that 'pkg-config'
itself prefers for installed packages.
- Those in the top directory are to be used when it's desirable to build
directly against an OpenSSL build tree.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20878)
This fix also separates the FLOSS from SPT configurations which should not
have been conflated in the 3.0 series.
Related-to: #22588
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22697)
(cherry picked from commit e3c3875960)
GCC toolchains on linux are not able to build libcrypto without linking
to libatomic as it does not have all needed atomics implemented as
intrinsics
Fixes errors like
| ld: ./libcrypto.so: undefined reference to `__atomic_is_lock_free'
CLA: trivial
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22460)
Fixes#4668 (on unix-like platforms)
Testing:
rm -rf "$HOME/tmp/beforespace afterspace"
./Configure -Werror --strict-warnings --prefix="$HOME/tmp/beforespace afterspace"
make -j6 update
make -j6
make install
make test
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21821)
The body of the "md-nits" Makefile target assumed an in source build tree.
This change ensures that it works correctly when called from an out-of-source
build tree as well.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22240)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22019)
This is done using the define __NSK_OPTIONAL_TYPES__ and is specific to the
NonStop platform builds.
Fixes: #22002
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22005)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21959)
Fixes: #21358
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21391)
This also upgrades flags similarly to the Linux configuration.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20896)
Typos in doc/man* will be fixed in a different commit.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20910)
The DEPEND statement, when applied on files generated with GENERATE, may
be used to specify script modules that the template to be generated from
depends on. In short, this sort of depend:
DEPEND[generated]=util/perl/OpenSSL/something.pm
... would generate a perl run that has the inclusion directory
'util/perl/OpenSSL' and 'something' as the module to be loaded. However,
the package name for this module is 'OpenSSL::something', so to load it the
way it's expected, the inclusion directory should be 'util/perl', and the
module to be loaded should be specified as 'OpenSSL/something' (to be
massaged into a proper module name by the build file template).
To allow this, we introduce a file syntax, where a single '|' is used as a
directory separator, to delineate what part should be used as the inclustion
directory, and which part the module name to be loaded should be derived
from:
DEPEND[generated]=util/perl|OpenSSL/something.pm
Fixes#21112
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21117)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/21079)
SHLIB_EXT is a variable that exists on OpenSSL build file templates before
version 3.0, for which much of the logic for figuring out file names and
such was moved to the 'platform' set of routines.
But, it seems that one (now useless) reference remained on the VMS specific
descrip.mms.tmpl. We replace it with an explicit '.EXE', which is the
default extension for shared libraries on VMS.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21007)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20949)
A native x86_64 C compiler has appeared.
We preserve the previous config target with a new name to indicate that it's
for cross compilation, at least for the time being.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20983)
This script requires Universal Ctags 6.0.0 or newer.
Usage:
./util/ctags.sh [...options passed to ctags...]
Fixing #10251
Running the script in "tags" make target is suggested by
Dmitry Belyavskiy <beldmit@gmail.com>.
The falling back action for running older ctags if u-ctags 6 is not
available is suggested
by Dr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com>.
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20960)
I have no experience with building on Windows, so I don't know the
effect of fixing this typo. I guess that this will fix a bug at worst.
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20911)
This reverts commit 2c61a670eb.
Not all OneCore based SKUs (or editions) of Windows (Server, XBOX, etc) require /APPCONTAINER. The /APPCONTAINER link option is only relevant for Universal Windows Platform (UWP) apps for which there are already dedicated configurations (VC-WIN32-UWP, VC-WIN64A-UWP, etc) where the /APPCONTAINER link option is added.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20872)
Reasons:
- The patch was missing the linker flag /guard:cf
As a result no binary with CFG was ever built
- /guard:cf is incompatible with NASM
If the linker flag is added, the resulting binary fails with this exception:
Unhandled exception at 0x00007FFFB8B93C90 (ntdll.dll) in openssl.exe: Indirect call guard check detected invalid control transfer.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20807)
These typos caused failed propagation of the 'cflags' attribute from
Configurations/10-main.conf.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20737)
Based on kubernetes controller Makefile help.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20407)
inclusing quic/quic_local.h from ssl/ssl_lib.c presented another challenge
for the current VMS C. Since ssl/quic/quic_local.h in turn includes
../ssl_local.h, we compensated for with the usual whack-a-mole in
Configurations/descrip.mms.tmpl.
As far as my personal tests go, this seems to be the last fix of this sort,
so far.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20196)
to avoid inheriting Linux's linker flags (ie -Wl,-z,defs)
now targetting OpenBSD.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13393)
This change parallels the implementation of multilib and initially
only applies to the NonStop platform's DLL loader limitations.
Fixes: #16460
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16472)
an assembler for Windows on Arm builds and also clang-cl as the compiler
as well. Make appropriate changes to armcap source and peralsm scripts.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19523)
Including things in ../ssl/record/methods from sources in test/ presented
another challenge for the current VMS C. This is compensated for with the
usual whack-a-mole in Configurations/descrip.mms.tmpl.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19708)
NOTE: Not Configurations/unix-Makefile.tmpl, as that was done 4 years
ago, in commit a23f03166e.
So far assembly modules were intended to be built as .pl->.S->.{asmext}
followed by .{asmext}->.o. This posed a problem in build_all_generated
rule if it was executed on another computer, and also turned out to be
buggy, as .S was also translated to .{asmext} on Windows and VMS.
Both issues are fixed by changing the rule sequence to .pl->.S and then
.S->.s->.o, with the added benefit that the Windows and VMS build file
templates are more in sync with unix-Makefile.tmpl and slightly simpler.
Fixes#19594
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19598)
Loongarch64 architecture defines 128 bit vector extension lsx and 256 bit
vector extension lasx. The cpucfg instruction can be used to obtain whether
the CPU has a corresponding extension. This part of code is added to prepare
for the subsequent addition of corresponding vector instruction optimization.
Signed-off-by: zhuchen <zhuchen@loongson.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19364)
Mostly revamped from #16712
- fall thru -> fall through
- time stamp -> timestamp
- host name -> hostname
- ipv6 -> IPv6
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19059)
The way it was implemented didn't play well with perl's join(), so it's
reimplemented a bit differently.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19347)
VMS linking complains a lot about multiply defined symbols unless told
otherwise, especially when shareable images are involved. For example, this
involves the legacy provider, where there are overriding implementations of
certain ERR functions.
To quiet the linker down, we need to say that symbols should be searched
selectively in shareable images.
However, that's not quite enough. The order in which the VMS linker
processes files isn't necessarily top to bottom as given on the command line
or the option file(s), which may result in some symbols appearing undefined,
even though they are. To remedy that, it's necessary to explicitly include
all object files and object libraries into a cluster, thus ensuring that
they will be processed first. This allows the search for remaining symbol
references to be done in the as desired in the shareable images that follow.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19327)
The IRIX mips64-cpu, n32-abi configurations include SIXTY_FOUR_BIT in bn_ops,
but it is missing from mips64*-linux-*abin32 (which OpenSSL calls
"linux-mips64"). This causes heap corruption when verifying TLS certificates
(which tend to be RSA-signed) with openssl 1.1.1q:
```
nix@oak:~$ /nix/store/4k04dh6a1zs6hxiacwcg4a4nvxvgli2j-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443free(): invalid pointer
Aborted
```
and a slightly different failure with current HEAD:
```
nix@oak:~$ /nix/store/9bqxharxajsl9fid0c8ls6fb9wxp8kdc-openssl-mips64el-unknown-linux-gnuabin32-1.1.1q-bin/bin/openssl s_client -host www.google.com -port 443
Connecting to 142.250.180.4
CONNECTED(00000003)
Fatal glibc error: malloc assertion failure in sysmalloc: (old_top == initial_top (av) && old_size == 0) || ((unsigned long) (old_size) >= MINSIZE && prev_inuse (old_top) && ((unsigned long) old_end & (pagesize - 1)) == 0)
Aborted
```
Applying this patch and recompiling produces the expected output instead of a
crash.
Note that Gentoo (and to my knowledge all other other distributions which
support mips64n32) use the `linux-generic32` configuration, which uses only
32-bit arithmetic (rather than full 64-bit arithmetic) and lacks assembler
implementations for the SHA hash functions:
https://gitweb.gentoo.org/repo/gentoo.git/tree/dev-libs/openssl/files/gentoo.config-1.0.2#n102
For support in nixpkgs we would like to use the full 64-bit integer registers
and perlasm routines, so I'm submitting this upstream as well.
Fixes#19319
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19320)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15913)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15913)
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/15913)
