The environment variable OPENSSL_LOCAL_CONFIG_DIR is used to indicate
that there's a local directory with extra configuration files.
Reviewed-by: Stephen Henson <steve@openssl.org>
It was added as part of 2df84dd329
but has never actually been used for anything; presumably it was
a typo for one of SCTP or CT.
This removes the last '??' entry from INSTALL.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
In the case of generating a file like this:
GENERATE[foo.S]=mkfoo.pl arg1 arg2
the 'mkfoo.pl' generator itself might need to include other files,
such as perl modules within our source tree. We can reuse already
existing syntax for it, like this:
INCLUDE[mkfoo.pl]=module/path
or:
DEPEND[mkfoo.pl]=modules/mymodule.pm
This change implements the support for such constructs, and for the
DEPEND statement, for any value that indicates a perl module (.pm
file), it will automatically infer an INCLUDE statement for its
directory, just like it does for C header files, so you won't have do
write this:
DEPEND[mkfoo.pl]=modules/mymodule.pm
INCLUDE[mkfoo.pl]=modules
Reviewed-by: Emilia Käsper <emilia@openssl.org>
The reason to warn is that configuration *may* pick up on
configuration header files that are in the source tree, that might be
for a wildly different configuration than what is expected in the
current out-of-source configuration.
Reviewed-by: Matt Caswell <matt@openssl.org>
The Unix build was the last to retain the classic build scheme. The
new unified scheme has matured enough, even though some details may
need polishing.
Reviewed-by: Rich Salz <rsalz@openssl.org>
e_os.h was defining OPENSSL_NO_DGRAM if OPENSSL_NO_SOCK was defined.
This causes link problems on Windows because the generated .def files
still contain the DGRAM symbols even though they have not been compiled.
Reviewed-by: Rich Salz <rsalz@openssl.org>
In most cases we expect that people will be using shared libraries not
static ones, therefore we make that the default.
Reviewed-by: Richard Levitte <levitte@openssl.org>
no-stdio does not work with the apps. Since the tests also need the apps
it doesn't support that either. Therefore we disable building of both.
no-autoalginit is not compatible with the apps because it requires explicit
loading of the algorithms, and the apps don't do that. Therefore we disable
building the apps for this option. Similarly the tests depend on the apps
so we also disable the tests. Finally the whole point about no-autoalginit
is to avoid excessive executable sizes when doing static linking. Therefore
we disable "shared" if this option is selected.
Reviewed-by: Richard Levitte <levitte@openssl.org>
These algorithms are fundamental and extensively used. The "no-" options
do not work either in 1.1.0 or in other released branches. Therefore the
ability to disable them should be removed.
Reviewed-by: Richard Levitte <levitte@openssl.org>
The handling was Unix centric, already in Configure. Change that to
just collect the value and let the build file templates figure out
what to do with it.
Reviewed-by: Matt Caswell <matt@openssl.org>
Since NDEBUG is defined unconditionally on command line for release
builds, we can omit *_DEBUG options in favour of effective "all-on"
in debug builds exercised though CI.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Emilia Käsper <emilia@openssl.org>
- In Configure, register the perl interpreter used to run Configure,
so that's the one being used throughout instead of something else
that Configure happens to find. This is helpful for using a perl
version that's not necessarely first in $PATH:
/opt/perl/5.22.1/bin/perl ./Configure
- Make apps/tsget a generated file, just like apps/CA.pl, so the
perl interpreter registered by Configure becomes the hashbang path
instead of a hardcoded /usr/bin/perl
Reviewed-by: Andy Polyakov <appro@openssl.org>
There are rare cases when an object file will only be used when
building a shared library. To enable this, we introduce
SHARED_SOURCE:
SHARED_SOURCE[libfoo]=dllmain.c
Reviewed-by: Andy Polyakov <appro@openssl.org>
utils/mkrc.pl was added a while ago as a better generator for the
Windows DLL resource file. Finalize the change by removing the
ms/version32.rc generator from Configure and adding resource file
support using mkrc.pl in Configurations/windows-makefile.pl
Reviewed-by: Andy Polyakov <appro@openssl.org>
This is only enabled when the environment variable
CONFIGURE_DEBUG_BUILDINFO is defined. This will cause every line in
every build.info file to be displayed, along with the content of the
skip stack before and after parsing. This can be a very powerful tool
to see that all conditions are working as expected.
Reviewed-by: Rich Salz <rsalz@openssl.org>
We don't currently support cross-compiling of the afalg engine. However
we were failing to explicitly mark it as disabled during Configure leading
to a failed build.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Experience has shown that dynamic engines with their own copy of
libcrypto is problematic, so we disable that possibility.
Reviewed-by: Matt Caswell <matt@openssl.org>
This corrects a fault where the inner IF in this example was still
being acted upon:
IF[0]
...whatever...
IF[1]
...whatever more...
ENDIF
ENDIF
With this change, the inner IF is skipped over.
Reviewed-by: Matt Caswell <matt@openssl.org>
The "extra checks" is a debugging tool to check the config resolving
mechanism. It uses Perl's smart match, which is experimental and
therefore always causes Perl to give out a warning, and it causes
older Perl versions to fail entirely.
So, it gets commented away, but stays otherwise in place, as it may be
useful again.
Reviewed-by: Matt Caswell <matt@openssl.org>
All OpenSSL code has now been transferred to use the new threading API,
so the old one is no longer used and can be removed. We provide some compat
macros for removed functions which are all no-ops.
There is now no longer a need to set locking callbacks!!
Reviewed-by: Richard Levitte <levitte@openssl.org>
According to manuals found here: https://gcc.gnu.org/onlinedocs/, GNU
C version 3 and on support the dependency generation options. We
therefore need to check the gcc version to see if we're going to use
it or makedepend for dependency generation.
Reviewed-by: Andy Polyakov <appro@openssl.org>
Should it be needed because the recipes within a RAW section might
clash with those generated by Configure, it's possible to tell it
not to generate them with the use of OVERRIDES, for example:
SOURCE[libfoo]=foo.c bar.c
OVERRIDES=bar.o
BEGINRAW[Makefile(unix)]
bar.o: bar.c
$(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
ENDRAW[Makefile(unix)]
Reviewed-by: Rich Salz <rsalz@openssl.org>
In some cases, one might want to generate some source files from
others, that's done as follows:
GENERATE[foo.s]=asm/something.pl $(CFLAGS)
GENERATE[bar.s]=asm/bar.S
The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except the the first
item muct be the generator file. It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.
Reviewed-by: Rich Salz <rsalz@openssl.org>
1. Cleaned up eventfd handling
2. Reworked socket setup code to allow other algorithms to be added in
future
3. Fixed compile errors for static build
4. Added error to error stack in all cases of ALG_PERR/ALG_ERR
5. Called afalg_aes_128_cbc() from bind() to avoid race conditions
6. Used MAX_INFLIGHT define in io_getevents system call
7. Coding style fixes
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
RC4 based ciphersuites in libssl have been disabled by default. They can
be added back by building OpenSSL with the "enable-weak-ssl-ciphers"
Configure option at compile time.
Reviewed-by: Rich Salz <rsalz@openssl.org>
The proper logic is that both zlib and zlib-dynamic are disabled by
default and that enabling zlib-dynamic would enable zlib. Somewhere
along the way, the logic got changed, zlib-dynamic was enabled by
default and zlib didn't get automatically enabled.
This change restores the original logic.
Reviewed-by: Rich Salz <rsalz@openssl.org>
We copied $target{cflags}, $target{defines} and a few more to %config,
just to add to the entries. Avoid doing so, and let the build templates
deal with combining the two.
There are a few cases where we still fiddle with %target, but that's
acceptable.
Reviewed-by: Andy Polyakov <appro@openssl.org>
The thread_cflag setting filled a double role, as kinda sorta an
indicator of thread scheme, and as cflags. Some configs also added
lflags and ex_libs for multithreading regardless of if threading would
be enabled or not.
Instead of this, add threading cflags among in the cflag setting,
threading lflags in the lflag setting and so on if and only if threads
are enabled (which they are by default).
Also, for configs where there are no special cflags for threading (the
VMS configs are of that kind), this makes it possible to still clearly
mention what thread scheme is used.
The exact value of thread scheme is currently ignored except when it's
"(unknown)", and thereby only serves as a flag to tell if we know how
to build for multi-threading in a particular config. Yet, the
currently used values are "(unknown)", "pthreads", "uithreads" (a.k.a
solaris threads) and "winthreads".
Reviewed-by: Andy Polyakov <appro@openssl.org>
Instead, make the build type ("debug" or "release") available through
$config{build_type} and let the configs themselves figure out what the
usual settings (such as "cflags", "lflags" and so on) should be
accordingly.
The benefit with this is that we can now have debug and release
variants of any setting, not just those Configure supports, and may
also involve other factors (the MSVC flags /MD[d] and /MT[d] involve
both build type and whether threading is enabled or not)
Reviewed-by: Andy Polyakov <appro@openssl.org>
Configure had the Unix centric addition of -lz when linking with zlib
is enabled, which doesn't work on other platforms. Therefore, we move
it to the BASE_unix config template and add corresponding ones in the
other BASE_* config templates. The Windows one is probably incomplete,
but that doesn't matter for the moment, as mk1mf does it's own thing
anyway.
This required making the %withargs table global, so perl snippets in
the configs can use it.
Reviewed-by: Andy Polyakov <appro@openssl.org>
These BASE templates are intended to hold values that are common for
all configuration variants for whole families of configurations.
So far, three "families" are identified: Unix, Windows and VMS, mostly
characterised by the build system they currently use.
Reviewed-by: Andy Polyakov <appro@openssl.org>
This provides for more powerful lazy evaluation and buildup of the
setting contents. For example, something like this becomes possible:
defines => [ sub { $config{thisorthat} ? "FOO" : () } ]
Any undefined result of such functions (such as 'undef' or the empty
list) will be ignored.
Reviewed-by: Andy Polyakov <appro@openssl.org>
There are cases, for example when configuring no-asm, that the added
uplink source files got in the way of the cpuid ones. The best way to
solve this is to separate the two.
Reviewed-by: Andy Polyakov <appro@openssl.org>
They now default to " " as separator, but that can be overridden by
having a hash with parameters as last argument. The only currently
recognised parameter is `separator'.
The special separator `undef' will force the result to become a list
rather than a concatenated string.
Reviewed-by: Andy Polyakov <appro@openssl.org>
In the earlier change, where static libraries get built with position
independent code, OPENSSL_PIC was removed by mistake. This adds it
back.
Reviewed-by: Tim Hudson <tjh@openssl.org>
The commit 1288f26 says that it fixes no-async, but instead seems to break
it. Therefore revert that change and fix no-async.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This way, we can use them as conditions instead of relying to more or
less obscure aliases in %config or variables directly in Configure.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Preserved for now for those who have scripts with the option
"no-ssl2". We warn that it's deprecated, and ignore it otherwise.
In response to RT#4330
Reviewed-by: Rich Salz <rsalz@openssl.org>
Building shared libraries or not is not the same as building position
independent code or not. It's true that if you don't build PIC, you
can't build shared libraries. However, you may very well want to
build only static libraries but still want PIC code.
Therefore, we introduce a new configuration option "pic", which is
enabled by default or explicitely with "enable-pic", or disabled with
"no-pic" or "disable-pic". Of course, if "pic" is disabled, "shared"
and "dynamic-engine" are automatically disabled as well.
Reviewed-by: Rich Salz <rsalz@openssl.org>
We were kinda sorta using a mix of $disabled{"static-engine" and
$disabled{"dynamic-engine"} in Configure. Let's avoid confusion,
choose one of them and stick to it.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Until now, the engines in engines/ were only built as dynamicaly
loadable ones if shared libraries were built.
We not dissociate the two and can build dynamicaly loadable engines
even if we only build static libcrypto and libssl. This is controlled
with the option (enable|disable|no)-static-engine, defaulting to
no-static-engine.
Note that the engines in crypto/engine/ (dynamic and cryptodev) will
always be built into libcrypto.
Reviewed-by: Rich Salz <rsalz@openssl.org>
This takes us away from the idea that we know exactly how our static
libraries are going to get used. Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.
On the other hand, we also have greater control of when the shared
library cflags. They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.
With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).
Reviewed-by: Rich Salz <rsalz@openssl.org>
