Commit graph

1353 commits

Author SHA1 Message Date
Ronald Tse
f19a5ff9ab SM4: Add SM4 block cipher to EVP
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4552)
2017-10-31 15:19:14 +10:00
Andy Polyakov
6d50589c04 Configure: add -Wmisleading-indentation to strict warnings flags.
The warning flag in question was added in GCC version 6, hence
addition has to be conditional.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4401)
2017-09-22 22:08:35 +02:00
Andy Polyakov
3a1548643f Configure: unify clang's -Qunused-arguments option treatment.
Detect clang even if it's disguised, e.g. cross-compiler or invoked by
explicit path name, and add the option based on that.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4383)
2017-09-21 22:33:46 +02:00
Richard Levitte
15a1bd0ab2 Disable the EGD seeding meachanism when stdio is disabled
crypto/rand/rand_egd.c makes extensive use of stdio functions.  When
they are disabled, it makes sense to disable egd as well.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4358)
2017-09-12 08:03:32 +02:00
Andy Polyakov
54cf3b981a Configure: base compiler-specific decisions on pre-defines.
The commit subject is a bit misleading in sense that decisions affect
only gcc and gcc-alikes, like clang, recent icc...

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4281)
2017-08-30 15:03:47 +02:00
Andy Polyakov
e295d046dc Revert "Allow --strict-warnings with the icc compiler as well"
This reverts commit a610934c3b.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4281)
2017-08-30 15:02:39 +02:00
Richard Levitte
302eba3f6d If 'tests' is disabled, then so should 'external-tests'
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4274)
2017-08-28 16:48:47 +02:00
Meena Vyas
a610934c3b Allow --strict-warnings with the icc compiler as well
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4250)
2017-08-25 08:05:13 +02:00
Richard Levitte
8d2214c0a4 File::Glob option ':bsd_glob' doesn't work everywhere, replace w/ a wrapper
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)
2017-08-15 11:31:18 +02:00
Richard Levitte
cb6afcd6ee Consolidate the locations where we have our internal perl modules
Instead of having perl modules under test/testlib, util and util/perl,
consolidate them all to be inside util/perl.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)
2017-08-15 11:30:47 +02:00
Richard Levitte
102c9e1296 Perl: Use File::Glob::bsd_glob rather than File::Glob::glob
File::Glob::glob is deprecated, it's use generates this kind of
message:

    File::Glob::glob() will disappear in perl 5.30. Use File::Glob::bsd_glob() instead. at ../master/Configure line 277.

So instead, use a construction that makes the caller glob() use
File::Glob::bsd_glob().

Note that we're still excluding VMS, as it's directory specs use '['
and ']', which have a different meaning with bsd_glob and would need
some extra quoting.  This might change, but later.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4040)
2017-07-28 14:45:17 +02:00
Richard Levitte
d445302418 Simplify the handling of shared library version numbers
$(SHLIB_MAJOR).$(SHLIB_MINOR) is really a synonym for
$(SHLIB_VERSION_NUMBER), and is therefore an added complexity,
so better to use $(SHLIB_VERSION_NUMBER) directly.  SHLIB_MAJOR and
SHLIB_MINOR are now unused, but are kept around purely as information
in case someone relies on their existence.

At the same time, add support for custom shared library extensions
with the three new Makefile variables SHLIB_EXT, SHLIB_EXT_SIMPLE and
SHLIB_EXT_IMPORT.  By default, they hold the variants of shared
library extensions we support.  On mingw and cygwin, SHLIB_EXT_IMPORT
is defined; on all other Unix platforms, it's empty.

An example to get shared libraries with a slightly different SOVER name:

    $ make SHLIB_EXT='.$(SHLIB_VERSION_NUMBER).so'

Fixes #3902

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3964)
2017-07-26 22:53:03 +02:00
Rich Salz
8389ec4b49 Add --with-rand-seed
Add a new config param to specify how the CSPRNG should be seeded.
Illegal values or nonsensical combinations (e.g., anything other
than "os" on VMS or HP VOS etc) result in build failures.
Add RDSEED support.
Add RDTSC but leave it disabled for now pending more investigation.

Refactor and reorganization all seeding files (rand_unix/win/vms) so
that they are simpler.

Only require 128 bits of seeding material.

Many document improvements, including why to not use RAND_add() and the
limitations around using load_file/write_file.
Document RAND_poll().

Cleanup Windows RAND_poll and return correct status

More completely initialize the default DRBG.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3965)
2017-07-22 14:00:07 -04:00
Richard Levitte
48feaceb53 Remove the possibility to disable the UI module entirely
Instead, make it possible to disable the console reader that's part of
the UI module.  This makes it possible to use the UI API and other UI
methods in environments where the console reader isn't useful.

To disable the console reader, configure with 'no-ui-console' /
'disable-ui-console'.

'no-ui' / 'disable-ui' is now an alias for  'no-ui-console' /
'disable-ui-console'.

Fixes #3806

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3820)
2017-07-03 07:51:04 +02:00
Matt Caswell
d8c66f5e09 Drop support for OPENSSL_NO_TLS1_3_METHOD
There are no public TLSv1_3_*method() functions so
OPENSSL_NO_TLS1_3_METHOD doesn't make any sense and should be removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3800)
2017-06-30 09:41:46 +01:00
Richard Levitte
71a5516dcc Add the STORE module
This STORE module adds the following functionality:

- A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close()
  that accesses a URI and helps loading the supported objects (PKEYs,
  CERTs and CRLs for the moment) from it.
- An opaque type OSSL_STORE_INFO that holds information on each loaded
  object.
- A few functions to retrieve desired data from a OSSL_STORE_INFO
  reference.
- Functions to register and unregister loaders for different URI
  schemes.  This enables dynamic addition of loaders from applications
  or from engines.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
619eb33a0c Add new /dev/crypto engine
Based on cryptodev-linux

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Richard Levitte
906eb3d031 Configure: give config targets the possibility to enable or disable features
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3745)
2017-06-22 01:24:54 +02:00
Paul Yang
edcdf38bd0 Remove non-accurate description in Configure script
For DES and 3DES based ciphers are also enabled by this option.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3707)
2017-06-17 22:22:40 +08:00
Richard Levitte
6411927172 Reorder Configure output
"Configuring..." was displayed with './Configure LIST'.  This reorders
the display of that line to happen after the "targets" LIST, TABLE and
HASH have been checked.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3702)
2017-06-16 23:18:41 +02:00
Benjamin Kaduk
96db26919d Remove duplicates from clang_devteam_warnings
Since the clang_devteam_warnings are appended to the gcc_devteam_warnings
when strict-warnings are requested, any items present in both the gcc
and clang variables will be duplicated in the cflags used for clang builds.
Remove the extra copy from the clang-specific flags in favor of the
gcc_devteam_warnings that are used for all strict-warnings builds.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)
2017-05-01 14:23:28 -04:00
Benjamin Kaduk
560ad13c74 Add -Wextra to gcc devteam warnings
clang already has it; let's flip the switch and deal with the fallout.
Exclude -Wunused-parameter, as we have many places where we keep unused
parameters to conform to a uniform vtable-like interface.
Also exclude -Wmissing-field-initializers; it's okay to rely on
the standard-mandated behavior of filling out with 0/NULL.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)
2017-05-01 14:23:28 -04:00
Richard Levitte
331058180a Make it possible to build static-only libraries
The trick is to use the .a extension explicitely in the build.info files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
2017-04-24 18:09:01 +02:00
Andy Polyakov
b7438b430b Configure: recognize -framework as linker option [on Apple OSes].
This is handy for internal iOS tests, when you have to make it work
in sandbox.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-04-04 23:13:17 +02:00
Andy Polyakov
d83112b7fd Configure: use 5.10.0, don't require...
Configure started with 'require 5.10.0', but if executed by older perl
it failed with "might be runaway multi-line // string" instead of
naturally expected "Perl v5.10.0 required--this is only v5.x.y".

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-04-01 15:50:12 +02:00
FdaSilvaYY
69687aa829 More typo fixes
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-29 07:14:29 +02:00
Matt Caswell
3556b83ea2 Make the TLSv1.3 downgrade mechanism a configurable option
Make it disabled by default. When TLSv1.3 is out of draft we can remove
this option and have it enabled all the time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)
2017-03-24 14:07:11 +00:00
Richard Levitte
d192a3aaeb Add a platform specific configuration checker
For each platform, we may need to perform some basic checks to see
that available tools perform as we expect them.

For the moment, the added checkers test that Perl gives the expected
path format.  This should help MingW users to see if they run an
appropriate Perl implementation, for example.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2851)
2017-03-06 16:42:46 +01:00
Emilia Kasper
8a05d6bb26 More Configure cleanup. Remove
- util/incore
- util/fipslink.pl
- the unused "baseaddr" configure switch

Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 15:26:56 +01:00
Emilia Kasper
b53338cbf8 Clean up references to FIPS
This removes the fips configure option. This option is broken as the
required FIPS code is not available.

FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.

Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 15:26:25 +01:00
Bernd Edlinger
01b76c2c5d Add -Wundef to --strict-warnings options.
Avoid a -Wundef warning in refcount.h
Avoid a -Wundef warning in o_str.c
Avoid a -Wundef warning in testutil.h
Include internal/cryptlib.h before openssl/stack.h
to avoid use of undefined symbol OPENSSL_API_COMPAT.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2712)
2017-02-24 09:21:59 +01:00
Bernd Edlinger
7c6335a6c7 Remove -Wno-parentheses-equality from gcc --strict-warnings options.
There has never been any gcc option of that kind.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2705)
2017-02-22 14:21:18 -05:00
Pauli
d42d0a4dc7 Implementation of the ARIA cipher as described in RFC 5794.
This implementation is written in endian agnostic C code. No attempt
at providing machine specific assembly code has been made. This
implementation expands the evptests by including the test cases from
RFC 5794 and ARIA official site rather than providing an individual
test case. Support for ARIA has been integrated into the command line
applications, but not TLS. Implemented modes are CBC, CFB1, CFB8,
CFB128, CTR, ECB and OFB128.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2337)
2017-02-21 11:51:45 +01:00
Richard Levitte
343a7467c2 If all versions of a proto are disabled, disabled the proto as well
For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls'

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2670)
2017-02-17 21:28:41 +01:00
Todd Short
3f5616d734 Add support for parameterized SipHash
The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)
2017-02-01 14:14:36 -05:00
Rich Salz
7730533866 Add -Wno-parentheses-equality to dev-warnings.
Also fix a block comment formatting glitch.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2327)
2017-01-31 16:35:11 -05:00
Matt Caswell
3cf96e88b7 Fix compilation with no-ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)
2016-12-29 13:32:54 +00:00
Kurt Roeckx
7cb58c0ffa Also set the CXXFLAG to the user supplied flags
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #2025
2016-12-05 21:12:07 +01:00
Kurt Roeckx
0282aeb690 Move libfuzzer sanitizer options to README
This is something you might want to change depending on the version to
use, there is no point in us fixing this to something.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
3a85d05fb3 Use 8bit-counters when using libfuzzer
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Andy Polyakov
5ae5dc9661 INSTALL: clarify 386 and no-sse2 options.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-25 17:34:28 +01:00
Richard Levitte
7b176a549e Only build the body of e_padlock when there are lower level routines
engines/e_padlock.c assumes that for all x86 and x86_64 platforms, the
lower level routines will be present.  However, that's not always
true, for example for solaris-x86-cc, and that leads to build errors.

The better solution is to have configure detect if the lower level
padlock routines are being built, and define the macro PADLOCK_ASM if
they are, and use that macro in our C code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1510)
2016-11-15 15:14:15 +01:00
Richard Levitte
93880ce133 Make it possible to disable building and running tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1514)
2016-11-15 15:00:56 +01:00
Richard Levitte
b612799a80 Revert "Remove heartbeats completely"
Done too soon, this is for future OpenSSL 1.2.0

This reverts commit 6c62f9e163.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-15 14:53:33 +01:00
Richard Levitte
6c62f9e163 Remove heartbeats completely
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1669)
2016-11-15 10:45:21 +01:00
Richard Levitte
186a31e510 Building: make it possible to force linking with static OpenSSL libs
Very simply, support having the .a extension to denote depending on
static libraries.  Note that this is not supported on native Windows
when building shared libraries, as there is not static library then,
just an import library with the same name.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1889)
2016-11-10 15:51:42 +01:00
Matt Caswell
ce2596d404 Control building of ossl_shim through Configure
Don't build ossl_shim by default. Switch it on through
enable-external-tests.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04 10:38:54 +00:00
Richard Levitte
cfa7697986 Integrate ossl_shim into the build
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-04 10:38:54 +00:00
Richard Levitte
ab6e147c49 Allow indented comments in build.info
Reviewed-by: Emilia Käsper <emilia@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-03 13:13:31 +01:00
Matt Caswell
84a6833658 Update Configure to know about tls1_3
Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is
because this is a WIP and will not be interoperable with any other TLS1.3
implementation.

Finally, we fix some tests that started failing when TLS1.3 was disabled by
default.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-02 13:08:21 +00:00
Rich Salz
42e22c7c4f Revert "Disable MDC2 by default."
This reverts commit ca1574cec2.
Not suitabled for a minor release as it breaks the ABI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-01 10:43:05 -04:00
Rich Salz
ca1574cec2 Disable MDC2 by default.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-31 15:06:06 -04:00
Richard Levitte
83bd048e9d Fix C++ support: set $target{cxx} correctly
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-14 17:52:22 +02:00
Vitezslav Cizek
35a498e431 Configure: remove superfluous 0x
The number is taken from the OPENSSL_VERSION_NUMBER which is already
in the hex form.

CLA: trivial

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1706)
2016-10-13 15:36:03 -04:00
Richard Levitte
fad599f7f1 Remove automatic RPATH - add user rpath support
Make Configure recognise -rpath and -R to support user added rpaths
for OSF1 and Solaris.  For convenience, add a variable LIBRPATH in the
Unix Makefile, which the users can use as follows:

    ./config [options] -Wl,-rpath,\$(LIBRPATH)

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-13 02:21:51 +02:00
Richard Levitte
ea24195850 Add support for C++ in Configure
A note: this will form object file names by changing '.cc' to
'_cc.o'.  This will permit other configuration code to recognise these
object files were built for C++ rather than C.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-12 16:37:54 +02:00
Rich Salz
f3b3d7f003 Add -Wswitch-enum
Change code so when switching on an enumeration, have case's for all
enumeration values.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-22 08:36:26 -04:00
Richard Levitte
66fe388aa4 Have the configuration options 'no-err' and 'no-async' work again
In an earlier attempt to simplify the processing of disabled options,
'no-err' and 'no-async' stopped working properly.  'err' and 'async'
are directories under 'crypto/', but they are special insofar that
they can't be simply skipped, like all the algorithm directories can,
so they need special treatment among the disablable things.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-09-17 21:57:29 +02:00
Richard Levitte
1967a42eb5 Rearrange the storage of build file template names in %config
They are now relative paths as well

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-16 11:52:50 +02:00
Richard Levitte
ee9b0bbb4c Register the name of the config file each config target was found in
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-16 11:52:50 +02:00
Andy Polyakov
35c11bfc69 Configure: detect gcc's dependency generation capability more accurately.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 14:03:36 +02:00
Andy Polyakov
758baa3dc2 Configure: impose ^X on whole build procedure.
Traditionally Configure passed $ENV{PERL} to Makefile. But this
resulted in ambiguilty as Configure script could be executed by
interpreter different from one executing remaining scripts. Since
we separate compile- and run-time interpreters with HASHBANGPERL
variable, there is no reason to segment the build procedure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 13:22:28 +02:00
Rich Salz
141d7325e7 Trim config output
With extensive help and feedback from Richard and Andy.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-09 10:07:11 -04:00
Richard Levitte
342a1a2379 Allow asan, msan and ubsan to be configured with shared libraries
The background story is that util/shlib_wrap.sh was setting LD_PRELOAD
or similar platform dependent variables, just in case the shared
libraries were built with -rpath.  Unfortunately, this doesn't work
too well with asan, msan or ubsan.

So, the solution is to forbid the combination of shared libraries,
-rpath and any of the sanity analyzers we can configure.

This changes util/shlib_wrap.sh so it only contains the code that sets
LD_PRELOAD when -rpath has been used when configuring.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-07 21:53:45 +02:00
Richard Levitte
3e2dd30d66 Configure: Reorganise the checking of disabled options
The way we figured out what options are crypto algorithms and what are
something other was somewhat sketchy.  This change bases the
distinction on available sdirs instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-07 17:27:33 +02:00
Andy Polyakov
047d97afd9 Configure: clarify and refine -static.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-09-03 10:27:32 +02:00
Richard Levitte
a5e1f1230e Revert "Make it possible to disable fuzz testing"
This reverts commit eb40eaed72.

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-09-01 20:58:40 +02:00
Richard Levitte
d63c12c697 Have Configure's HASH or TABLE produce complete lists
Because some targets execute perl code that might die, we risk
incomplete lists.  Make it so dying doesn't happen when we're listing
targets.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-31 19:47:35 +02:00
Richard Levitte
0c0d78b88d Configure's print_table_entry printed incorrect information
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-31 19:47:08 +02:00
Richard Levitte
eb40eaed72 Make it possible to disable fuzz testing
These tests take a very long time on some platforms, and arent't
always strictly necessary.  This makes it possible to turn them
off.  The necessary binaries are still built, though, in case
someone still wants to do a manual run.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-31 17:43:51 +02:00
Richard Levitte
f879d5ff38 The Perl interpreter might be in a path with spaces, so maybe quote it
Note: some shells do not like the command verb to be quoted, so we avoid
it unless it's actually necessary.

RT#4665

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-31 16:43:26 +02:00
Richard Levitte
ee4cdb7fdb Configure: save away the value of OPENSSL_LOCAL_CONFIG_DIR for reconf
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-30 05:13:11 +02:00
Richard Levitte
79822c3cd5 Configure: Redo the logic for finding build file templates
Build file templates would be looked up like this if the user gave us
an additional directory to look for configuration files and build file
templates:

    $OPENSSL_LOCAL_CONFIG_DIR/$OSTYPE-Makefile.tmpl
    $SOURCEDIR/Configurations/$OSTYPE-Makefile.tmpl
    $OPENSSL_LOCAL_CONFIG_DIR/Makefile.tmpl
    $SOURCEDIR/Configurations/Makefile.tmpl

So for example, if the user created his own Makefile.tmpl and tried to
use it with a unixly config, it would never be user because we have a
unix-Makefile.tmpl in our Configurations directory.  This is clearly
wrong, and this change makes it look in this order instead:

    $OPENSSL_LOCAL_CONFIG_DIR/$OSTYPE-Makefile.tmpl
    $OPENSSL_LOCAL_CONFIG_DIR/Makefile.tmpl
    $SOURCEDIR/Configurations/$OSTYPE-Makefile.tmpl
    $SOURCEDIR/Configurations/Makefile.tmpl

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-30 05:13:11 +02:00
Richard Levitte
acc63c7d6d Configure: clean away temporary section of code
We've done away with Makefile as source of information and now use
configdata.pm exclusively.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-30 05:13:11 +02:00
Richard Levitte
8b5156d188 Make it possible for the user to specify a different default build file
Make sure the information is kept for reconfiguration too.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-30 05:13:11 +02:00
Richard Levitte
216e8d9103 Improve the definition of STITCHED_CALL in e_rc4_hmac_md5.c
The definition of STITCHED_CALL relies on OPENSSL_NO_ASM.  However,
when a configuration simply lacks the assembler implementation for RC4
(which is where we have implemented the stitched call), OPENSSL_NO_ASM
isn't implemented.  Better, then, to rely on specific macros that
indicated that RC4 (and MD5) are implemented in assembler.

For this to work properly, we must also make sure Configure adds the
definition of RC4_ASM among the C flags.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-08-26 12:41:07 +02:00
Richard Levitte
a66234bc86 Configure: Properly cache the configured compiler command
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-22 16:12:42 +02:00
Benjamin Kaduk
a9c27fe19f Sort %disabled in Configure
@disablables is sorted, but these were just added at the end of
%disabled in commits c2e27310 and 22e3dcb7.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-08-19 10:51:21 +01:00
Andy Polyakov
9d46752dfe Configure: recognize -static as link option and disable incompatible options.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-16 12:45:51 +02:00
Richard Levitte
25d498c176 The capi engine uses stdio, so don't build it when configuring 'no-stdio'
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-08-05 21:18:15 +02:00
Emilia Kasper
29df3061b3 Add memory sanitizer config, and run on travis.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-28 21:43:27 +02:00
Richard Levitte
7f5af79728 build.info: implement PROGRAM_NO_INST, and dito for ENGINES, SCRIPTS, LIBS
PROGRAM_NO_INST, ENGINES_NO_INST, SCRIPTS_NO_INST and LIBS_NO_INST are
to be used to specify program, engines, scripts and libraries that are
not to be installed in the system.  Fuzzers, test programs, that sort
of things are of the _NO_INST type, for example.

For the benefit of build file templates and other templates that use
data from configdata.pm, a new hash table $unified_info{install} is
created.  It contains a set of subhashes, one for each type of
installable, each having an array of file names as values.  For
example, it can look like this:

    "install" =>
        {
            "engines" =>
                [
                    "engines/afalg/afalg",
                    "engines/capi",
                    "engines/dasync",
                    "engines/padlock",
                ],
            "libraries" =>
                [
                    "libcrypto",
                    "libssl",
                ],
            "programs" =>
                [
                    "apps/openssl",
                ],
            "scripts" =>
                [
                    "apps/CA.pl",
                    "apps/tsget",
                    "tools/c_rehash",
                ],
        },

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-18 20:49:54 +02:00
Richard Levitte
878f42251b Make fuzzer and fuzz tester builds less magic
Instead of having fuzz/build.info.fuzz magically and conditionally
included along with the other build.info files, incorporate it in
fuzz/build.info and add the conditions there instead.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-16 19:37:50 +02:00
Richard Levitte
d513369bfa perl: Separate compile-time environment from runtime environment
Make it possible to have a separate and different perl command string
for installable scripts than we use when building, with the
environment variable HASHBANGPERL.  Its value default to the same as
the environment PERL if it's defined, otherwise '/usr/bin/env perl'.

Note: this is only relevant for Unix-like environments.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
2016-07-04 15:40:31 +02:00
Richard Levitte
4748f89022 Make build.info INCLUDE stmts be both source and build tree relative
INCLUDE statements in build.info files were source tree centric.  That
meant that to get include directory specs in the build tree, we had to
resort to perl fragments that specified the build tree include paths
as absolute ones.

This change has the INCLUDE statement consider both the source and
build tree for any include directory.  It means that there may be some
extra unnecessary include paths, but it also makes life simpler for
anyone who makes changes in the build.info files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 18:34:21 +02:00
Ben Laurie
90d28f0519 Run the fuzzing corpora as tests.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-07-01 13:45:45 +01:00
FdaSilvaYY
f430ba31ac Spelling... and more spelling
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1245)
2016-06-22 00:26:10 +02:00
Petr Vaněk
28bd8e945f Fix typo
Reviewed-by: Kurt Roeckx <kurt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1241)
2016-06-21 14:40:06 -04:00
Matt Caswell
2b1343b914 no-ripemd is an alias for no-rmd160
mkdef.pl was failing to understand no-ripemd. This is a deprecated option
which should act as an alias for no-rmd160.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-16 20:05:37 +01:00
Richard Levitte
27ffb86c20 Move the Configure generated header files to the top build.info
This turns these headers into build file generated ones.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 22:11:38 +02:00
Richard Levitte
4f858293a9 Configure: Make it possible to generate mandatory header files
'DEPEND[]=file.h' becomes a special way to say that 'file.h' must be
generated before anything else is built.  It's likely that a number
of source files depend on these header files, this provides a simple
way to make sure they are always generated even it the dependency data
hasn't been added to the build file yet.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-14 22:11:38 +02:00
Richard Levitte
65cc6d5c0a Configure: complete the changed fuzz option checks
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-06-05 21:38:59 +02:00
Richard Levitte
a9936b5a12 Clean away the last unixmake vestiges
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-06-04 23:21:43 +02:00
Kurt Roeckx
f59d0131cb Add support for fuzzing with AFL
Reviewed-by: Ben Laurie <ben@links.org>

MR: #2740
2016-06-04 14:39:24 +02:00
Rich Salz
44c8a5e2b9 Add final(?) set of copyrights.
Add copyright to missing assembler files.
Add copyrights to missing test/* files.
Add copyrights
Various source and misc files.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-06-01 11:27:25 -04:00
Richard Levitte
23049aa52e perl: use the 'if' module to conditionally load File::Glob
Trying to use normal perl conditions to conditionally 'use' a perl
module didn't quite work.  Using the 'if' module to do so does work.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-05-30 11:55:46 +02:00
Andy Polyakov
9785555616 Configure,test/recipes: "pin" glob to File::Glob::glob.
As it turns out default glob's behaviour for quoted argument varies
from version to version, making it impossible to Configure or run
tests in some cases. The reason for quoting globs was to accommodate
source path with spaces in its name, which was treated by default glob
as multiple paths. File::Glob::glob on the other hand doesn't consider
spaces as delimiters and therefore works with unquoted patterns.

[Unfortunaltely File::Glob::glob, being too csh-ly, doesn't work
on VMS, hence the "pinning" is conditional.]

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-29 14:12:35 +02:00
Richard Levitte
a3a08f8125 Configure: handle spaces in source directory spec
RT#4486

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-27 17:41:32 +02:00
Andy Polyakov
656bbdc68c Configure: pull 'which' back.
At earlier point 'which' was replaced with IPC::Cmd::can_run call.
Unfortunately on RPM-based systems it is a separate package and it's
not given that it's installed. Resurrected 'which' provides
poor-man fallback for IPC::Cmd::can_run.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-25 23:50:40 +02:00
Richard Levitte
223516eadc Don't clean away headers generated by Configure
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-25 21:18:57 +02:00
Richard Levitte
4639c68b97 Make sure crypto-mdebug-backtrace must be enabled explicitely
As it was until now, crypto-mdebug-backtrace was enabled by default
and only disabled if crypto-mdebug was disabled.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-25 15:42:15 +02:00
Richard Levitte
ce9598124e Configure: To allow file names with spaces, tokenize with respect for quotes
For parsing build.info files.

RT#4492

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-25 11:50:23 +02:00
Richard Levitte
05a7aee0e2 Communicate Configure generated header files to build files
Add Configure generated header files to $unified_info{generate}.  This
makes sure the build files will pick them up with the rest for the
GENERATED macro, and thereby make sure they get cleaned away by 'make
clean'

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-05-25 00:46:00 +02:00
Todd Short
050a36a9a1 Add buf-freelists to deprecated options
The buf-freelists option was removed in master. There may be some
things that try to disable it, so don't error out.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-05-23 20:07:41 +01:00
Richard Levitte
8f41ff2d53 Add support for RC / WINDRES env variables
RT#2558

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-05-16 18:03:40 +02:00
Andy Polyakov
6646f69f31 Configure: replace which() with IPC::Cmd::can_run.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 20:22:39 +02:00
Andy Polyakov
f58a0acb79 Configure: adhere to $(CROSS_COMPILE)ranlib.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 09:15:10 +02:00
Andy Polyakov
c145d19771 Configure: make it work with Perl 5.10.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-05-10 09:13:05 +02:00
Ben Laurie
c38bb72797 Add fuzzing!
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-05-07 18:13:54 +01:00
Richard Levitte
38add2300f Add the possibility for local build file templates
Use the environment variable OPENSSL_LOCAL_CONFIG_DIR to find build
file templates as well.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-02 20:19:41 +02:00
Richard Levitte
b5293d4c8d Add the possibility to have an extra local OpenSSL configs directory
The environment variable OPENSSL_LOCAL_CONFIG_DIR is used to indicate
that there's a local directory with extra configuration files.

Reviewed-by: Stephen Henson <steve@openssl.org>
2016-05-02 20:19:41 +02:00
FdaSilvaYY
8483a003bf various spelling fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/952)
2016-04-28 14:22:26 -04:00
Benjamin Kaduk
42a9f38613 Remove the never-functional no-sct
It was added as part of 2df84dd329
but has never actually been used for anything; presumably it was
a typo for one of SCTP or CT.

This removes the last '??' entry from INSTALL.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-26 08:32:10 -04:00
Richard Levitte
8d34daf0ce Build system: add include directories and dependencies for generators
In the case of generating a file like this:

    GENERATE[foo.S]=mkfoo.pl arg1 arg2

the 'mkfoo.pl' generator itself might need to include other files,
such as perl modules within our source tree.  We can reuse already
existing syntax for it, like this:

    INCLUDE[mkfoo.pl]=module/path

or:

    DEPEND[mkfoo.pl]=modules/mymodule.pm

This change implements the support for such constructs, and for the
DEPEND statement, for any value that indicates a perl module (.pm
file), it will automatically infer an INCLUDE statement for its
directory, just like it does for C header files, so you won't have do
write this:

    DEPEND[mkfoo.pl]=modules/mymodule.pm
    INCLUDE[mkfoo.pl]=modules

Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-25 18:06:06 +02:00
Richard Levitte
ddc606c914 Warn when doing an out-of-source build and finding in-source build artifacts
The reason to warn is that configuration *may* pick up on
configuration header files that are in the source tree, that might be
for a wildly different configuration than what is expected in the
current out-of-source configuration.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-22 18:20:47 +02:00
Rich Salz
ac3d0e1377 Copyright consolidation; .pm and Configure
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-20 10:40:05 -04:00
Richard Levitte
45c6e23c97 Remove --classic build entirely
The Unix build was the last to retain the classic build scheme.  The
new unified scheme has matured enough, even though some details may
need polishing.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 16:04:56 +02:00
Matt Caswell
505f74ca34 Cascade no-dgram from no-sock in Configure not e_os.h
e_os.h was defining OPENSSL_NO_DGRAM if OPENSSL_NO_SOCK was defined.
This causes link problems on Windows because the generated .def files
still contain the DGRAM symbols even though they have not been compiled.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-20 14:52:46 +01:00
Matt Caswell
ce942199db Make "shared" builds the default
In most cases we expect that people will be using shared libraries not
static ones, therefore we make that the default.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-14 22:23:12 +01:00
Matt Caswell
d90a6beb0e Fix no-stdio and no-autoalginit
no-stdio does not work with the apps. Since the tests also need the apps
it doesn't support that either. Therefore we disable building of both.

no-autoalginit is not compatible with the apps because it requires explicit
loading of the algorithms, and the apps don't do that. Therefore we disable
building the apps for this option. Similarly the tests depend on the apps
so we also disable the tests. Finally the whole point about no-autoalginit
is to avoid excessive executable sizes when doing static linking. Therefore
we disable "shared" if this option is selected.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-14 16:41:03 +01:00
Matt Caswell
7ec8de16fe Remove no-aes, no-rsa, no-sha, no-md5 and no-hmac
These algorithms are fundamental and extensively used. The "no-" options
do not work either in 1.1.0 or in other released branches. Therefore the
ability to disable them should be removed.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-04-13 21:25:24 +01:00
Richard Levitte
da430a5555 Fix the handling of --with-zlib-include
The handling was Unix centric, already in Configure.  Change that to
just collect the value and let the build file templates figure out
what to do with it.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-04-13 11:36:46 +02:00
Andy Polyakov
463a7b8cb0 Clean-up *_DEBUG options.
Since NDEBUG is defined unconditionally on command line for release
builds, we can omit *_DEBUG options in favour of effective "all-on"
in debug builds exercised though CI.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-07 21:18:00 +02:00
Richard Levitte
2110febb11 Perl cleanup: don't create lists unnecessarily
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-06 15:21:27 +02:00
Andy Polyakov
ad7c9c9faf Configure: add BLAKE_DEBUG to --strict-warnings set.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-06 12:29:02 +02:00
Rich Salz
e771eea6d8 Revert "various spelling fixes"
This reverts commit 620d540bd4.
It wasn't reviewed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 16:11:43 -04:00
FdaSilvaYY
620d540bd4 various spelling fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-04-04 15:06:32 -04:00
Richard Levitte
488e2b0f5a Add the C macro NDEBUG when configuring for release
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
2016-04-01 22:48:12 +02:00
Richard Levitte
5902821d81 Make the use of perl more consistent
- In Configure, register the perl interpreter used to run Configure,
  so that's the one being used throughout instead of something else
  that Configure happens to find.  This is helpful for using a perl
  version that's not necessarely first in $PATH:

    /opt/perl/5.22.1/bin/perl ./Configure

- Make apps/tsget a generated file, just like apps/CA.pl, so the
  perl interpreter registered by Configure becomes the hashbang path
  instead of a hardcoded /usr/bin/perl

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-04-01 07:24:04 +02:00
Ben Laurie
686c86a430 More things that don't work together.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-30 12:14:56 +01:00
Richard Levitte
2a08d1a05d Make it possible to specify source files that will only be used for shared libs
There are rare cases when an object file will only be used when
building a shared library.  To enable this, we introduce
SHARED_SOURCE:

    SHARED_SOURCE[libfoo]=dllmain.c

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-30 11:22:15 +02:00
Kurt Roeckx
c5c7700c9a When using no-dtls create OPENSSL_NO_DTLS
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>

MR: #2452
2016-03-28 01:12:43 +02:00
Ben Laurie
b8ce6dda36 Fix enable-zlib no-comp.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 11:15:38 +00:00
Ben Laurie
3fd4d211ae sctp requires dgram.
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-22 11:14:28 +00:00
Matt Caswell
168c3b737e Fix no-gost
Configure had the wrong name for the no-gost option.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-21 16:28:40 +00:00
Matt Caswell
dc110177de Remove the no-rijndael option
Rijndael is an old name for AES.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
2016-03-21 14:40:05 +00:00
Richard Levitte
007c80eae4 Remove the remainder of util/mk1mf.pl and companion scripts
This removes all scripts that deal with MINFO as well, since that's
only used by mk1mf.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-21 11:02:00 +01:00
Richard Levitte
0ef1ce49ee Remove generation of ms/version32.rc from Configure, use util/mkrc.pl
utils/mkrc.pl was added a while ago as a better generator for the
Windows DLL resource file.  Finalize the change by removing the
ms/version32.rc generator from Configure and adding resource file
support using mkrc.pl in Configurations/windows-makefile.pl

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-21 11:00:21 +01:00
Richard Levitte
3850f8cb15 Make apps/progs.pl more flexible
Make Configure write @disablables to configdata.pm and have
apps/progs.pl use that data.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 01:49:31 +01:00
Richard Levitte
d4037cea3c Correct the export list when writing configdata.pm
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 01:31:48 +01:00
Richard Levitte
da1f2104c7 Correct the check of files to depend on against known generated ones
The check was erroneously inversed

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-19 01:29:01 +01:00
Richard Levitte
1f2e1cd5e8 Make picker, thread and combine standard config helper functions
Document them as well

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-17 22:46:14 +01:00
Rich Salz
1fbab1dc6f Remove Netware and OS/2
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-17 17:06:57 -04:00
Richard Levitte
014267f68c Disallow --classic for Windows
With all the config changes, mk1mf is broken on Windows.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-17 21:35:31 +01:00
Richard Levitte
2b6b606c7b Added build.info debugging capability to Configure
This is only enabled when the environment variable
CONFIGURE_DEBUG_BUILDINFO is defined.  This will cause every line in
every build.info file to be displayed, along with the content of the
skip stack before and after parsing.  This can be a very powerful tool
to see that all conditions are working as expected.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-17 19:08:16 +01:00
Matt Caswell
68dc37c126 Disable AFALG when cross-compiling
We don't currently support cross-compiling of the afalg engine. However
we were failing to explicitly mark it as disabled during Configure leading
to a failed build.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-16 10:08:53 +00:00
Richard Levitte
3e19b07f14 static-engine is no longer an internal keyword, remove it from %disabled
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-15 14:05:35 +01:00
Emilia Kasper
c91a0a8343 Disable afalg when engine is disabled.
Also make it possible to disable afalg separately.

we still need to update config again

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-14 17:03:53 +01:00
Richard Levitte
9f519addc0 Enforce the demand for Perl 5.10.0 as a minimum.
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-14 11:21:35 +01:00
Richard Levitte
01d9997659 Fix a few Configure errors
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-14 11:21:35 +01:00
Bill Cox
2d0b441267 Add blake2 support.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-11 10:39:10 -05:00
Andy Polyakov
d0db7ee0b1 Configure: remove dependency on 'head'.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-11 15:26:55 +01:00
Richard Levitte
0069806128 Don't build dynamic engines unless configured "shared"
Experience has shown that dynamic engines with their own copy of
libcrypto is problematic, so we disable that possibility.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-11 12:58:15 +01:00
Richard Levitte
39affe19dc Configure - don't trust $1 to stick around, save its value away
Reviewed-by: Stephen Henson <steve@openssl.org>
2016-03-10 20:13:01 +01:00
Richard Levitte
c5798e0eb5 Correct slight logic error in processing IF in build.info
This corrects a fault where the inner IF in this example was still
being acted upon:

  IF[0]
    ...whatever...
    IF[1]
      ...whatever more...
    ENDIF
  ENDIF

With this change, the inner IF is skipped over.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 23:58:44 +01:00
Richard Levitte
c471884996 Comment away the extra checks in Configure
The "extra checks" is a debugging tool to check the config resolving
mechanism.  It uses Perl's smart match, which is experimental and
therefore always causes Perl to give out a warning, and it causes
older Perl versions to fail entirely.

So, it gets commented away, but stays otherwise in place, as it may be
useful again.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 17:59:14 +01:00
Richard Levitte
635bd409b3 In build.info, an IF within a clause that's skipped over shouldn't apply
If we find an IF within a clause that's skipped over, set it to be
skipped as well.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 14:53:30 +01:00
Matt Caswell
2e52e7df51 Remove the old threading API
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.

There is now no longer a need to set locking callbacks!!

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-09 12:41:39 +00:00
Richard Levitte
79fff39d71 Don't check the conditions to build e_afalg if configured "no-engine"
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-09 12:51:07 +01:00
Richard Levitte
63ee7129f1 Have Configure display the value of SHARED_CFLAG
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 12:33:23 +01:00
Richard Levitte
30752dd7df Check gcc version to see if it supports -MM and friends
According to manuals found here: https://gcc.gnu.org/onlinedocs/, GNU
C version 3 and on support the dependency generation options.  We
therefore need to check the gcc version to see if we're going to use
it or makedepend for dependency generation.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-09 12:09:30 +01:00
Richard Levitte
09aa263a14 Add the configure option 'no-makedepend'
If no makedepend program or equaly capable compiler is present,
'makedepend' gets disabled automatically.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-09 01:57:52 +01:00
Richard Levitte
dc3365f729 Add the Configure option --classic, to fall back on classic build schemes
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-08 10:48:25 +01:00
Richard Levitte
39b25ee244 Revert "unified build scheme: Try to nudge users to try the "unified" build"
This reverts commit 242ffb05a2.

Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-08 10:48:25 +01:00
Matt Caswell
fa22f98f19 Fix building without multiblock support
Not all platforms support multiblock. Building without it fails prior to
this fix.

RT#4396

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-08 08:52:45 +00:00
Richard Levitte
8a67946e5b Unified - Add the build.info command OVERRIDE, to avoid build file clashes
Should it be needed because the recipes within a RAW section might
clash with those generated by Configure, it's possible to tell it
not to generate them with the use of OVERRIDES, for example:

    SOURCE[libfoo]=foo.c bar.c

    OVERRIDES=bar.o
    BEGINRAW[Makefile(unix)]
    bar.o: bar.c
        $(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
    ENDRAW[Makefile(unix)]

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 18:25:56 +01:00
Richard Levitte
ae4c745075 Unified - Add the build.info command GENERATE, to generate source files
In some cases, one might want to generate some source files from
others, that's done as follows:

    GENERATE[foo.s]=asm/something.pl $(CFLAGS)
    GENERATE[bar.s]=asm/bar.S

The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except the the first
item muct be the generator file.  It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-07 18:25:56 +01:00
Matt Caswell
8da00a38cd Misc afalg build fixes
Misc afalg build fixes as suggested by Richard Levitte for the latest
Configure changes.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-03-07 13:36:17 +00:00
clucey
6cba4a6661 Rework based on feedback:
1. Cleaned up eventfd handling
2. Reworked socket setup code to allow other algorithms to be added in
   future
3. Fixed compile errors for static build
4. Added error to error stack in all cases of ALG_PERR/ALG_ERR
5. Called afalg_aes_128_cbc() from bind() to avoid race conditions
6. Used MAX_INFLIGHT define in io_getevents system call
7. Coding style fixes

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
clucey
7f458a48ff ALG: Add AFALG engine
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-03-07 13:36:17 +00:00
Richard Levitte
6928b6171a Change names of ordinals and libs, libeay => libcrypto and ssleay => libssl
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-05 09:02:33 +01:00
Kurt Roeckx
9829b5ab52 Disable SSLv3 by default
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Emilia Kasper <emilia@openssl.org>

MR: #2203
2016-03-04 18:48:06 +01:00
Matt Caswell
8b1a5af389 Don't build RC4 ciphersuites into libssl by default
RC4 based ciphersuites in libssl have been disabled by default. They can
be added back by building OpenSSL with the "enable-weak-ssl-ciphers"
Configure option at compile time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 10:04:06 +00:00
Richard Levitte
25004db793 Restore the zlib / zlib-dynamic logic
The proper logic is that both zlib and zlib-dynamic are disabled by
default and that enabling zlib-dynamic would enable zlib.  Somewhere
along the way, the logic got changed, zlib-dynamic was enabled by
default and zlib didn't get automatically enabled.

This change restores the original logic.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-03-04 05:22:22 +01:00
Richard Levitte
2952b9b811 Don't copy from %target to %config so much, see %config as a complement
We copied $target{cflags}, $target{defines} and a few more to %config,
just to add to the entries.  Avoid doing so, and let the build templates
deal with combining the two.

There are a few cases where we still fiddle with %target, but that's
acceptable.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
9c62a279fe Configure - Get rid of the special thread_cflag, replace with thread_scheme
The thread_cflag setting filled a double role, as kinda sorta an
indicator of thread scheme, and as cflags.  Some configs also added
lflags and ex_libs for multithreading regardless of if threading would
be enabled or not.

Instead of this, add threading cflags among in the cflag setting,
threading lflags in the lflag setting and so on if and only if threads
are enabled (which they are by default).

Also, for configs where there are no special cflags for threading (the
VMS configs are of that kind), this makes it possible to still clearly
mention what thread scheme is used.

The exact value of thread scheme is currently ignored except when it's
"(unknown)", and thereby only serves as a flag to tell if we know how
to build for multi-threading in a particular config.  Yet, the
currently used values are "(unknown)", "pthreads", "uithreads" (a.k.a
solaris threads) and "winthreads".

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
8864f0de7b Configure - get rid of the special debug_ and release_ settings
Instead, make the build type ("debug" or "release") available through
$config{build_type} and let the configs themselves figure out what the
usual settings (such as "cflags", "lflags" and so on) should be
accordingly.

The benefit with this is that we can now have debug and release
variants of any setting, not just those Configure supports, and may
also involve other factors (the MSVC flags /MD[d] and /MT[d] involve
both build type and whether threading is enabled or not)

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
940a09bad4 Minimize copied config settings
$target{lflags} and $target{plib_flag} were copied to %config for no
good reason.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
98fdbce091 Configure - move the addition of the zlib / libz lib to configs
Configure had the Unix centric addition of -lz when linking with zlib
is enabled, which doesn't work on other platforms.  Therefore, we move
it to the BASE_unix config template and add corresponding ones in the
other BASE_* config templates.  The Windows one is probably incomplete,
but that doesn't matter for the moment, as mk1mf does it's own thing
anyway.

This required making the %withargs table global, so perl snippets in
the configs can use it.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
d2b2221a04 Configure - Rename BASE to DEFAULTS and add a few inheritable BASEs
These BASE templates are intended to hold values that are common for
all configuration variants for whole families of configurations.

So far, three "families" are identified: Unix, Windows and VMS, mostly
characterised by the build system they currently use.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
b0b92a5bb5 Configure - Allow CODErefs and ARRAYrefs in configuration setting arrays
This provides for more powerful lazy evaluation and buildup of the
setting contents.  For example, something like this becomes possible:

    defines => [ sub { $config{thisorthat} ? "FOO" : () } ]

Any undefined result of such functions (such as 'undef' or the empty
list) will be ignored.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 19:15:42 +01:00
Richard Levitte
b0a1e8bf3e Configure - make the use of environment variables for overrides consistent
We allow some commands to be overriden, but didn't handle that in a
consistent manner.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 14:46:03 +01:00
Richard Levitte
b756967d28 Make uplink auxiliary source separate from cpuid source
There are cases, for example when configuring no-asm, that the added
uplink source files got in the way of the cpuid ones.  The best way to
solve this is to separate the two.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-02 14:45:02 +01:00
Richard Levitte
2e0956ba6d Unified - have configdata.pm depend on a few more things
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-03-01 06:39:16 +01:00
Richard Levitte
e5ed5f6a59 Remove last remains of old config strings
Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-27 21:32:24 +01:00
Richard Levitte
79302211cc Apply default after having checked the given config target is valid
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-27 14:27:25 +01:00
Richard Levitte
cb212f239a Make the table entry printer in Configure aware of ARRAYs
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-26 17:38:39 +01:00
Richard Levitte
a26d8be953 Forgotten change of add() call in Configure
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-02-26 16:05:41 +01:00
Richard Levitte
bdcd83e127 Configure - neater looking add() and add_before()
They now default to " " as separator, but that can be overridden by
having a hash with parameters as last argument.  The only currently
recognised parameter is `separator'.

The special separator `undef' will force the result to become a list
rather than a concatenated string.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-26 09:00:25 +01:00
Richard Levitte
4f16039efe Add OPENSSL_PIC back
In the earlier change, where static libraries get built with position
independent code, OPENSSL_PIC was removed by mistake.  This adds it
back.

Reviewed-by: Tim Hudson <tjh@openssl.org>
2016-02-22 20:41:42 +01:00
Rich Salz
a773b52a61 Remove unused parameters from internal functions
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-22 13:39:44 -05:00
Richard Levitte
58163021e2 The build files use %disabled, make sure to pass it to them
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 19:26:49 +01:00
Matt Caswell
316fae2a94 Partial revert of 1288f26 and fix for no-async
The commit 1288f26 says that it fixes no-async, but instead seems to break
it. Therefore revert that change and fix no-async.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:48:09 +00:00
Richard Levitte
721f9058b3 Clean away $no_dso since with have $disabled{dso}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:37:46 +01:00
Richard Levitte
00b0d6632b Clean away $no_asm since with have $disabled{asm}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:37:46 +01:00
Richard Levitte
93e3d3f3ff Clean away $no_rfc3779 since we don't appear to use it at all
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:37:46 +01:00
Richard Levitte
36a3090904 Clean away $zlib since with have $disabled{zlib}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:37:46 +01:00
Richard Levitte
22bfe05efd Clean away $no_threads since we have $disabled{threads}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:36:58 +01:00
Richard Levitte
84af1bae68 Clean away $config{no_shared} since we have $disabled{shared}
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:36:58 +01:00
Richard Levitte
9e04edf2f3 Expose %disables to the perl fragments in build.info files.
This way, we can use them as conditions instead of relying to more or
less obscure aliases in %config or variables directly in Configure.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-02-22 16:33:55 +01:00