Commit graph

1310 commits

Author SHA1 Message Date
Sebastian Andrzej Siewior
9e381e8a01 Configure: allow to enable afalgeng if target does not start with Linux
The Debian build system uses a `debian' target which sets CFLAGS and
then we have for instance debian-amd64 which inherits from
linux-x86_64 and debian [0]. So far so good.

Unless there are different suggestions how to do this, I would keep it.
However since the target name does not start with `linux', the build
system does not enable the afalg engine. So in order to get enabled, I
added a
	`enable           => [ "afalgeng" ],'
to the generic linux config which sets it explicit (as suggested by
Richard Levitte). Having this set, we can check for it instead matching
the target name.

[0] https://sources.debian.org/src/openssl/1.1.0g-2/Configurations/20-debian.conf/
Signed-off-by: Sebastian Andrzej Siewior <sebastian@breakpoint.cc>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5169)
2018-03-15 11:59:08 +01:00
Richard Levitte
846e4c4d65 Configure: catch the build tree configdata.pm
There are things depending on configdata.pm.  However, it's perfectly
possible that there is one in the source directory from a previous
build, and that might disrupt an out of source build.  To avoid this
conflict, make sure never to use the source tree configdata.pm in that
case, i.e. make the hard assumption that it's a generated file in the
build tree, which it is.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5546)
2018-03-10 09:51:17 +01:00
Richard Levitte
906032d5a0 Configure: don't mangle the directory again when checking DEPEND inclusion
When generating the correct inclusion directory for DEPEND, we mangled
it to be relative to the build or the source directory.  However, the
value we handle already come with a correct directory, so we only need
to use it as is.

Fixes #5543

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5546)
2018-03-10 09:51:17 +01:00
Richard Levitte
68b8bcf49c Configure et al: Move the definition of library only flags
We're currently using the attributes 'defines', 'cppflags', 'cflags'
etc quite liberally, with no regard for where that ends up.  Quite a
few of those flags are actually only relevant for the libraries
(mostly libcrypto), so it's safe to say that those could be applied to
the libraries only.

So, we move some of those flags to 'lib_defines', 'lib_cppflags',
'lib_cflags', etc.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5560)
2018-03-09 14:07:59 +01:00
Richard Levitte
fb174faaf5 Configure: correct the check of env vars vs command line flags
The check to detect if env / make variables conflicted with compiler /
linker flags on the configure command line went a little too far, and
would stop the configuration process if any such command line flag was
given, with no regard for the env / make variables at all.

This change refines the check so the stop only gets triggered if any
such flags were given AND any of the corresponding variables are set.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5561)
2018-03-08 20:26:40 +01:00
Richard Levitte
b92013602b Configure: disallow the mixture of compiling flags and env / make variables
Note that this might give surprising results if someone forgets an environment
variable that has been set previously.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5534)
2018-03-08 17:24:02 +01:00
Richard Levitte
150624bcf5 Configure et al: get rid of last traces of plib_lflags / PLIB_LDFLAGS
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5534)
2018-03-08 17:24:02 +01:00
Richard Levitte
2ab92ae9dc config: Pass diverse flags to Configure via the environment
Passing flags "discovered" by 'config' on the command line to
'Configure' mixes them up with flags given by the user.  That is
contrary to their intention, so they need to be passed in a different
manner.

Enter the environment variables __CNF_CPPDEFINES, __CNF_CPPINCLUDES,
__CNF_CPPFLAGS, __CNF_CFLAGS, __CNF_CXXFLAGS, __CNF_LDFLAGS, and
__CNF_LDLIBS, initialised by 'config', and then used by Configure to
initialise these %config values: defines, includes, cppflags, cflags,
cxxflags, lflags, and ex_libs.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5534)
2018-03-08 17:24:02 +01:00
Richard Levitte
abe256e795 Make "make variables" config attributes for overridable flags
With the support of "make variables" comes the possibility for the
user to override them.  However, we need to make a difference between
defaults that we use (and that should be overridable by the user) and
flags that are crucial for building OpenSSL (should not be
overridable).

Typically, overridable flags are those setting optimization levels,
warnings levels, that kind of thing, while non-overridable flags are,
for example, macros that indicate aspects of how the config target
should be treated, such as L_ENDIAN and B_ENDIAN.

We do that differentiation by allowing upper case attributes in the
config targets, named exactly like the "make variables" we support,
and reserving the lower case attributes for non-overridable project
flags.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5534)
2018-03-08 17:24:02 +01:00
Richard Levitte
48dcca265c Configure et al: rename all dso_* to module_* in shared-info.pl
Because there are already attributes with the dso_ prefix that are
used instead of the corresponding lib_ attributes rather than in
addition to them, it gets confusing to have similar or exactly the
same attributes working with different semantics on Unix.

So we rename those by changing the prefix dso_ to module_, and having
those work just like the shared_ attributes, but for DSOs.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5534)
2018-03-08 17:24:02 +01:00
Richard Levitte
ed504a2084 Configure: fix small spelling error
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5533)
2018-03-06 21:18:33 +01:00
Richard Levitte
b700bc5966 configdata.pm: ensure $prefix is defined
Fixes #5471

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5472)
2018-02-27 21:17:57 +01:00
Richard Levitte
820e414d28 Replace the message about configdata.pm as a script
The new message is geared toward issue reports

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5247)
2018-02-22 14:57:40 +01:00
Richard Levitte
047f0292d5 Add a comment in configdata.pm regarding script-only variables
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5247)
2018-02-22 14:57:40 +01:00
Richard Levitte
f729ba5537 Make CROSS_COMPILE another supported "make variable" in Configure
No more special casing for that one, and this means it gets displayed
by 'perl configdata.pm --make-variables' among all the others.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5247)
2018-02-22 14:57:40 +01:00
Richard Levitte
d5fa7035cb Have configdata.pm display information on perl
Specifically, the specific perl that was used to run Configure

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5247)
2018-02-22 14:57:21 +01:00
Andy Polyakov
0e5c8d5660 Configure: engage x25519 assembly support.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5408)
2018-02-21 10:14:09 +01:00
Richard Levitte
1d2c6b7d4a Configure: avoid uninit data in configdata.pm
Fixes #5394

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5399)
2018-02-17 07:33:17 +01:00
Richard Levitte
51cf8e0b50 Configure: move down the treatment of seed sources
Most of all, this is so it doesn't output mysterious text when we're
treating the phony config targets LISH, HASH and TABLE

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5383)
2018-02-15 23:13:08 +01:00
Benjamin Kaduk
0b80103bfa Auto-size more of configdata.pm "disabled features"
configdata.pm -d prints out a lot of information, including a table
of what features are disabled, why, and the effect of that disablement
(in terms of preprocessor symbols defined and directories skipped).
The first column is already auto-sized, to easily accomodate future
disableable features with long names.  Also auto-size the second column,
to accomodate future reasons for disablement with long names as well.

Failing to take such precautions results in stderr spew from
configdata.pm -d when such long reasons are in use:

   Negative repeat count does nothing at ./configdata.pm line 14504.

Such output is pretty distracting from the actual desired output,
so try to avoid it if possible.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5371)
2018-02-14 13:15:21 -06:00
Richard Levitte
9b7e82f8d9 Configure: if a file is generated, never assume it's in the source dir
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5355)
2018-02-13 21:11:44 +01:00
Richard Levitte
fd87700995 Fix check of cpuid_asm_src config attribute
The contents of that attribute is C file names, not object file names.
This went undetected because quite a lot of systems have assembler
implementations anyway, so setting OPENSSL_CPUID_OBJ was correct for
them.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5291)
2018-02-09 10:06:29 +01:00
Matt Caswell
f518cef40c Enable TLSv1.3 by default
[extended tests]

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5266)
2018-02-07 21:34:18 +00:00
Pauli
2ad2281a80 Make the OPENSSL_CPUID_OBJ define internal.
Patch by @levitte.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5231)
2018-02-07 10:08:15 +10:00
Richard Levitte
50ea9d2b35 Have configdata.pm also display the contents of %target
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5243)
2018-02-02 12:43:36 +01:00
Rich Salz
67c836e860 Shorten output by a line
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5238)
2018-02-01 13:18:32 -05:00
Peter Meerwald-Stadler
85d6ad34aa Configure: Fix configdata.pm shorthand for --dump, should be -d
INSTALL: Mention 'aria' algorithm for no-<alg>

Signed-off-by: Peter Meerwald-Stadler <pmeerw@pmeerw.net>

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5215)
2018-01-31 10:16:51 +10:00
Richard Levitte
9be64336d8 Fix small typo (parenthesis missing)
Fixes #5207 (another PR)

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/5210)
2018-01-30 19:13:57 +01:00
Richard Levitte
26f0340d49 Configure: when checking user input, check both %user and %useradd
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5207)
2018-01-30 19:08:49 +01:00
Richard Levitte
63468812bd Configure: add configure command line C flags after the configured C flags
Fixes #5203

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5207)
2018-01-30 19:08:49 +01:00
Richard Levitte
7187f0e1ea To make it less surprising and confusing, leave a message on configdata.pm
This message will ONLY be visible in OpenSSL 1.1.1, it will not show
in 1.1.1a or any other release or update.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5185)
2018-01-29 21:56:48 +01:00
Richard Levitte
ca3724142a Move the display of disabled features to configdata.pm as well.
The additional possibility is:

perl configdata.pm --options            Display the features, both
                                        enabled and disabled, and
                                        display defined macro and
                                        skipped directories where
                                        applicable.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5185)
2018-01-29 21:56:47 +01:00
Richard Levitte
b1fafff631 Make configdata.pm runnable and move all display of information there
The "make variable" information displayed by Configure was selective
and incomplete, and possibly undesirable (too verbose).

Instead, we make configdata.pm and have the user run it to get the
information they desire, and also make it possible to have it perform
a reconfiguration.

Possibilities so far:

perl configdata.pm --dump               Displays everything (i.e. the
                                        combined output from
                                        --command-line, --environment,
                                        --make-variables and
                                        --build-parameters.
perl configdata.pm --command-line       Displays the config command
                                        line.
perl configdata.pm --envirnoment        Displays the recorded
                                        environment variables.
perl configdata.pm --make-variables     Displays the configured "make
                                        variables".
perl configdata.pm --build-parameters   Displays the build file and
                                        the template files to create
                                        it.
perl configdata.pm --reconfigure        Re-runs the configuration with
                                        the recorded environment
                                        variables.

--verbose can be used to have --reconfigure be a bit more verbose.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5185)
2018-01-29 21:56:47 +01:00
Richard Levitte
711a8b999e Don't define OPENSSL_NO_ERR for the command line
It's already in opensslconf.h, which is included where this is relevant.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5188)
2018-01-29 15:26:04 +01:00
Richard Levitte
0d59958c49 Remove $no_sse2, as it's just a 'copy' of $disabled{sse2}
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5188)
2018-01-29 15:26:04 +01:00
Richard Levitte
fa153b57a3 Treat C++ flags more like C flags, and only if C++ compiler specified
C++ flags got the same config target value as C flags, but then
nothing else happened while C flags get all kinds of stuff added to
them (especially when --strict-warnings is used).

Now, C++ flags get the exact same treatment as C flags.  However, this
only happens when a C++ compiler is specified, to avoid confusing
messages about added C++ flags.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5181)
2018-01-28 16:22:40 +01:00
Richard Levitte
085ed4f15a Stop having Unix defaults in Configure (partial)
Default values belong in the DEFAULT config target template, in
Configurations/00-base-templates.conf.

This isn't a complete move, but takes care of the most blatant
examples.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5177)
2018-01-28 07:26:11 +01:00
Richard Levitte
5b18235a18 Processing GNU-style "make variables" - implementation
Support the following "make variables":

AR              (GNU compatible)
ARFLAGS         (GNU Compatible)
AS              (GNU Compatible)
ASFLAGS         (GNU Compatible)
CC              (GNU Compatible)
CFLAGS          (GNU Compatible)
CXX             (GNU Compatible)
CXXFLAGS        (GNU Compatible)
CPP             (GNU Compatible)
CPPFLAGS        (GNU Compatible)
CPPDEFINES      List of CPP macro definitions.  Alternative for -D
CPPINCLUDES     List of CPP inclusion directories.  Alternative for -I
HASHBANGPERL    Perl invocation to be inserted after '#!' in public
                perl scripts.
LDFLAGS         (GNU Compatible)
LDLIBS          (GNU Compatible)
RANLIB          Program to generate library archive index
RC              Program to manipulate Windows resources
RCFLAGS         Flags for $(RC)
RM              (GNU Compatible)

Setting one of these overrides the corresponding data from our config
targets.  However, flags given directly on the configuration command
line are additional, and are therefore added to the flags coming from
one of the variables above or the config target.

Fixes #2420

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5177)
2018-01-28 07:26:11 +01:00
Richard Levitte
8c3bc594e0 Processing GNU-style "make variables" - separate CPP flags from C flags
C preprocessor flags get separated from C flags, which has the
advantage that we don't get loads of macro definitions and inclusion
directory specs when linking shared libraries, DSOs and programs.

This is a step to add support for "make variables" when configuring.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5177)
2018-01-28 07:26:10 +01:00
Richard Levitte
e431bcfabd Configure: ensure that a DEPEND generates the correct inclusion directory
We incorrectly assumed that explicit dependencies meant that the
source directory would be added for inclusion.  However, if the
dependent file is generated, it's stored in the build directory, and
that should be used for inclusion rather than the source directory.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5153)
2018-01-24 15:54:01 +01:00
Richard Levitte
1b5ad51fc9 Configure: let INCLUDEs set on binaries "trickle down" to the objects
This ensures that only one set of includes is associated with each
object file, reagardless of where it's used.

For example, if apps/build.info has this:

    SOURCE[openssl]=foo.c
    INCLUDE[openssl]=.. ../include

and test/build.info has this:

    SOURCE[footest]=../apps/foo.c
    INCLUDE[footest]=../include

The inclusion directories used for apps/foo.o would differ depending
on which program's dependencies get generated first in the build file.

With this change, all those INCLUDEs get combined into one set of
inclusion directories tied to the object file.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5153)
2018-01-24 15:54:01 +01:00
Richard Levitte
48e5119a6b Copyright update of more files that have changed this year
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/5110)
2018-01-19 13:34:03 +01:00
Richard Levitte
225f980d22 Configure: try to make sure every config target name is unique
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5047)
2018-01-09 19:51:19 +01:00
Richard Levitte
47eeaf45b5 Separate general linking flags from extra libraries
So far, we've placed all extra library related flags together, ending
up in the make variable EX_LIBS.  This turns out to be problematic, as
for example, some compilers don't quite agree with something like
this:

    cc -o foo foo.o -L/whatever -lsomething

They prefer this:

    cc -L/whatever -o foo foo.o -lsomething

IBM's compiler on OS/390 is such a compiler that we know of, and we
have previously handled that as a previous case.

The answer here is to make a more general solution, where linking
options are divided in two parts, where one ends up in LDFLAGS and
the other in EX_LIBS (they corresponds to what is called LDFLAGS and
LDLIBS in the GNU world)

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/5033)
2018-01-08 14:38:29 +01:00
Richard Levitte
d201dbc9a4 Ignore ORDINALS in build.info files, and remove its documentation
Following the changes that removed Makefile.shared, we also changed
the generation of .def / .map / .opt files from ordinals more
explicit, removing the need to the "magic" ORDINALS declaration.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4993)
2017-12-28 22:52:02 +01:00
Pauli
a93ccf9158 Enable the ARIA ciphers by default.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4950)
2017-12-18 08:49:53 +10:00
Richard Levitte
fe191b49b3 Restore makedepend capabilities for Windows and VMS
This got lost somehow.  The methods to do makedepend on Windows and
VMS are hard coded for cl (Windows) and CC/DECC (VMS), because that's
what we currently support natively.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4907)
2017-12-12 17:21:46 +01:00
Richard Levitte
ccce3e1db5 Configure: Recognise .rc and .def / .map / .opt as source files
This makes it possible to add build.info statements for using resource
files as well as linker scripts (.def for Windows, .map for Unix, and
.opt for VMS) is if they were source files.  This requires changes in
the build file templates.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4840)
2017-12-12 17:18:07 +01:00
Richard Levitte
793077d0be Configure: Read in extra information to help create shared libraries
This will replace the use of Makefile.shared

This also means a small adjustment on how the attributes dso_cflags,
dso_cxxflags and dso_lflags are treated.  They were previously treated
as an extension to shared_cflag, shared_cxxflag and shared_ldflag, but
they should really be regarded as alternatives instead, for example
for darwin, where -dynamiclib is used for shared libraries and -bundle
for DSOs.

We take the opportunity to clean out things that are redundant or
otherwise superfluous (for example the check of GNU ld on platforms
where it never existed).

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4840)
2017-12-12 17:18:07 +01:00
Richard Levitte
3b6c4b0736 Configure: Add read_eval_file, a general purpose perl file reader/evaluator
It will return the last expression from the input file.

We also use this in read_config, which slightly changes what's
expected of Configurations/*.conf.  They do not have to assign
%targets specifically.  On the other hand, the table of configs MUST
be the last expression in each of those files.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4840)
2017-12-12 17:18:07 +01:00
Richard Levitte
6d75a83c07 Configure: move the processing of predefined macros to a function
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4899)
2017-12-11 15:51:02 +01:00
Richard Levitte
99aeeecb9f Configure: die if there are other arguments with 'reconf'
It's better to inform the user about this than silently ignoring
something that the user might expect to work, somehow.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4818)
2017-12-08 00:36:21 +01:00
Richard Levitte
89bea0830d Make it possible to add env var assignments as Configure options
In other words, make the following possible:

    ./config CC=clang

or

    ./Configure CC=clang linux-x86_64

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4818)
2017-12-08 00:36:21 +01:00
Richard Levitte
7ecdf18d80 Save away the environment variables we rely on
There are cases when we overwrite %ENV values, and while this is
perfectly fine on some platforms, it isn't on others, because the
Configure script isn't necessarely run in a separate process, and
thus, changing %ENV may very well change the environment of the
calling shell.  VMS is such a platform.

Furthermore, saving away values that we use also allow us to save them
in configdata.pm in an effective way, and recall those values just as
effectively when reconfiguring.  Also, this makes sure that we do use
the saved away values when reconfiguring, when the actual environment
variables might otherwise affect us.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4818)
2017-12-08 00:36:21 +01:00
Josh Soref
46f4e1bec5 Many spelling fixes/typo's corrected.
Around 138 distinct errors found and fixed; thanks!

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3459)
2017-11-11 19:03:10 -05:00
Richard Levitte
89635075d8 Configure: cleanup @disable_cascade
'rsa', 'sha' and 'tlsext' can't be disabled, not even as a consequence
of other conditions, so having cascading disables that depend on them
is futile.  Clean up!

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4693)
2017-11-07 16:29:09 +01:00
Jack Lloyd
a0c3e4fa90 SM3: Add SM3 hash function
SM3 is a secure hash function which is part of the Chinese
"Commercial Cryptography" suite of algorithms which use is
required for certain commercial applications in China.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4616)
2017-11-06 07:21:11 +08:00
Ronald Tse
f19a5ff9ab SM4: Add SM4 block cipher to EVP
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/4552)
2017-10-31 15:19:14 +10:00
Andy Polyakov
6d50589c04 Configure: add -Wmisleading-indentation to strict warnings flags.
The warning flag in question was added in GCC version 6, hence
addition has to be conditional.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4401)
2017-09-22 22:08:35 +02:00
Andy Polyakov
3a1548643f Configure: unify clang's -Qunused-arguments option treatment.
Detect clang even if it's disguised, e.g. cross-compiler or invoked by
explicit path name, and add the option based on that.

Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4383)
2017-09-21 22:33:46 +02:00
Richard Levitte
15a1bd0ab2 Disable the EGD seeding meachanism when stdio is disabled
crypto/rand/rand_egd.c makes extensive use of stdio functions.  When
they are disabled, it makes sense to disable egd as well.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4358)
2017-09-12 08:03:32 +02:00
Andy Polyakov
54cf3b981a Configure: base compiler-specific decisions on pre-defines.
The commit subject is a bit misleading in sense that decisions affect
only gcc and gcc-alikes, like clang, recent icc...

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4281)
2017-08-30 15:03:47 +02:00
Andy Polyakov
e295d046dc Revert "Allow --strict-warnings with the icc compiler as well"
This reverts commit a610934c3b.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4281)
2017-08-30 15:02:39 +02:00
Richard Levitte
302eba3f6d If 'tests' is disabled, then so should 'external-tests'
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/4274)
2017-08-28 16:48:47 +02:00
Meena Vyas
a610934c3b Allow --strict-warnings with the icc compiler as well
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4250)
2017-08-25 08:05:13 +02:00
Richard Levitte
8d2214c0a4 File::Glob option ':bsd_glob' doesn't work everywhere, replace w/ a wrapper
Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)
2017-08-15 11:31:18 +02:00
Richard Levitte
cb6afcd6ee Consolidate the locations where we have our internal perl modules
Instead of having perl modules under test/testlib, util and util/perl,
consolidate them all to be inside util/perl.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4069)
2017-08-15 11:30:47 +02:00
Richard Levitte
102c9e1296 Perl: Use File::Glob::bsd_glob rather than File::Glob::glob
File::Glob::glob is deprecated, it's use generates this kind of
message:

    File::Glob::glob() will disappear in perl 5.30. Use File::Glob::bsd_glob() instead. at ../master/Configure line 277.

So instead, use a construction that makes the caller glob() use
File::Glob::bsd_glob().

Note that we're still excluding VMS, as it's directory specs use '['
and ']', which have a different meaning with bsd_glob and would need
some extra quoting.  This might change, but later.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/4040)
2017-07-28 14:45:17 +02:00
Richard Levitte
d445302418 Simplify the handling of shared library version numbers
$(SHLIB_MAJOR).$(SHLIB_MINOR) is really a synonym for
$(SHLIB_VERSION_NUMBER), and is therefore an added complexity,
so better to use $(SHLIB_VERSION_NUMBER) directly.  SHLIB_MAJOR and
SHLIB_MINOR are now unused, but are kept around purely as information
in case someone relies on their existence.

At the same time, add support for custom shared library extensions
with the three new Makefile variables SHLIB_EXT, SHLIB_EXT_SIMPLE and
SHLIB_EXT_IMPORT.  By default, they hold the variants of shared
library extensions we support.  On mingw and cygwin, SHLIB_EXT_IMPORT
is defined; on all other Unix platforms, it's empty.

An example to get shared libraries with a slightly different SOVER name:

    $ make SHLIB_EXT='.$(SHLIB_VERSION_NUMBER).so'

Fixes #3902

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3964)
2017-07-26 22:53:03 +02:00
Rich Salz
8389ec4b49 Add --with-rand-seed
Add a new config param to specify how the CSPRNG should be seeded.
Illegal values or nonsensical combinations (e.g., anything other
than "os" on VMS or HP VOS etc) result in build failures.
Add RDSEED support.
Add RDTSC but leave it disabled for now pending more investigation.

Refactor and reorganization all seeding files (rand_unix/win/vms) so
that they are simpler.

Only require 128 bits of seeding material.

Many document improvements, including why to not use RAND_add() and the
limitations around using load_file/write_file.
Document RAND_poll().

Cleanup Windows RAND_poll and return correct status

More completely initialize the default DRBG.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/3965)
2017-07-22 14:00:07 -04:00
Richard Levitte
48feaceb53 Remove the possibility to disable the UI module entirely
Instead, make it possible to disable the console reader that's part of
the UI module.  This makes it possible to use the UI API and other UI
methods in environments where the console reader isn't useful.

To disable the console reader, configure with 'no-ui-console' /
'disable-ui-console'.

'no-ui' / 'disable-ui' is now an alias for  'no-ui-console' /
'disable-ui-console'.

Fixes #3806

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3820)
2017-07-03 07:51:04 +02:00
Matt Caswell
d8c66f5e09 Drop support for OPENSSL_NO_TLS1_3_METHOD
There are no public TLSv1_3_*method() functions so
OPENSSL_NO_TLS1_3_METHOD doesn't make any sense and should be removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3800)
2017-06-30 09:41:46 +01:00
Richard Levitte
71a5516dcc Add the STORE module
This STORE module adds the following functionality:

- A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close()
  that accesses a URI and helps loading the supported objects (PKEYs,
  CERTs and CRLs for the moment) from it.
- An opaque type OSSL_STORE_INFO that holds information on each loaded
  object.
- A few functions to retrieve desired data from a OSSL_STORE_INFO
  reference.
- Functions to register and unregister loaders for different URI
  schemes.  This enables dynamic addition of loaders from applications
  or from engines.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-29 11:55:31 +02:00
Richard Levitte
619eb33a0c Add new /dev/crypto engine
Based on cryptodev-linux

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-28 12:54:33 +02:00
Richard Levitte
906eb3d031 Configure: give config targets the possibility to enable or disable features
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3745)
2017-06-22 01:24:54 +02:00
Paul Yang
edcdf38bd0 Remove non-accurate description in Configure script
For DES and 3DES based ciphers are also enabled by this option.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3707)
2017-06-17 22:22:40 +08:00
Richard Levitte
6411927172 Reorder Configure output
"Configuring..." was displayed with './Configure LIST'.  This reorders
the display of that line to happen after the "targets" LIST, TABLE and
HASH have been checked.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3702)
2017-06-16 23:18:41 +02:00
Benjamin Kaduk
96db26919d Remove duplicates from clang_devteam_warnings
Since the clang_devteam_warnings are appended to the gcc_devteam_warnings
when strict-warnings are requested, any items present in both the gcc
and clang variables will be duplicated in the cflags used for clang builds.
Remove the extra copy from the clang-specific flags in favor of the
gcc_devteam_warnings that are used for all strict-warnings builds.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)
2017-05-01 14:23:28 -04:00
Benjamin Kaduk
560ad13c74 Add -Wextra to gcc devteam warnings
clang already has it; let's flip the switch and deal with the fallout.
Exclude -Wunused-parameter, as we have many places where we keep unused
parameters to conform to a uniform vtable-like interface.
Also exclude -Wmissing-field-initializers; it's okay to rely on
the standard-mandated behavior of filling out with 0/NULL.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3239)
2017-05-01 14:23:28 -04:00
Richard Levitte
331058180a Make it possible to build static-only libraries
The trick is to use the .a extension explicitely in the build.info files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3243)
2017-04-24 18:09:01 +02:00
Andy Polyakov
b7438b430b Configure: recognize -framework as linker option [on Apple OSes].
This is handy for internal iOS tests, when you have to make it work
in sandbox.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-04-04 23:13:17 +02:00
Andy Polyakov
d83112b7fd Configure: use 5.10.0, don't require...
Configure started with 'require 5.10.0', but if executed by older perl
it failed with "might be runaway multi-line // string" instead of
naturally expected "Perl v5.10.0 required--this is only v5.x.y".

Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-04-01 15:50:12 +02:00
FdaSilvaYY
69687aa829 More typo fixes
Fix some comments too
[skip ci]

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-29 07:14:29 +02:00
Matt Caswell
3556b83ea2 Make the TLSv1.3 downgrade mechanism a configurable option
Make it disabled by default. When TLSv1.3 is out of draft we can remove
this option and have it enabled all the time.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3022)
2017-03-24 14:07:11 +00:00
Richard Levitte
d192a3aaeb Add a platform specific configuration checker
For each platform, we may need to perform some basic checks to see
that available tools perform as we expect them.

For the moment, the added checkers test that Perl gives the expected
path format.  This should help MingW users to see if they run an
appropriate Perl implementation, for example.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2851)
2017-03-06 16:42:46 +01:00
Emilia Kasper
8a05d6bb26 More Configure cleanup. Remove
- util/incore
- util/fipslink.pl
- the unused "baseaddr" configure switch

Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 15:26:56 +01:00
Emilia Kasper
b53338cbf8 Clean up references to FIPS
This removes the fips configure option. This option is broken as the
required FIPS code is not available.

FIPS_mode() and FIPS_mode_set() are retained for compatibility, but
FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to
turn FIPS mode off.

Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28 15:26:25 +01:00
Bernd Edlinger
01b76c2c5d Add -Wundef to --strict-warnings options.
Avoid a -Wundef warning in refcount.h
Avoid a -Wundef warning in o_str.c
Avoid a -Wundef warning in testutil.h
Include internal/cryptlib.h before openssl/stack.h
to avoid use of undefined symbol OPENSSL_API_COMPAT.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2712)
2017-02-24 09:21:59 +01:00
Bernd Edlinger
7c6335a6c7 Remove -Wno-parentheses-equality from gcc --strict-warnings options.
There has never been any gcc option of that kind.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2705)
2017-02-22 14:21:18 -05:00
Pauli
d42d0a4dc7 Implementation of the ARIA cipher as described in RFC 5794.
This implementation is written in endian agnostic C code. No attempt
at providing machine specific assembly code has been made. This
implementation expands the evptests by including the test cases from
RFC 5794 and ARIA official site rather than providing an individual
test case. Support for ARIA has been integrated into the command line
applications, but not TLS. Implemented modes are CBC, CFB1, CFB8,
CFB128, CTR, ECB and OFB128.

Reviewed-by: Andy Polyakov <appro@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2337)
2017-02-21 11:51:45 +01:00
Richard Levitte
343a7467c2 If all versions of a proto are disabled, disabled the proto as well
For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls'

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2670)
2017-02-17 21:28:41 +01:00
Todd Short
3f5616d734 Add support for parameterized SipHash
The core SipHash supports either 8 or 16-byte output and a configurable
number of rounds.
The default behavior, as added to EVP, is to use 16-byte output and
2,4 rounds, which matches the behavior of most implementations.
There is an EVP_PKEY_CTRL that can control the output size.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2216)
2017-02-01 14:14:36 -05:00
Rich Salz
7730533866 Add -Wno-parentheses-equality to dev-warnings.
Also fix a block comment formatting glitch.

Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2327)
2017-01-31 16:35:11 -05:00
Matt Caswell
3cf96e88b7 Fix compilation with no-ec
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2153)
2016-12-29 13:32:54 +00:00
Kurt Roeckx
7cb58c0ffa Also set the CXXFLAG to the user supplied flags
Reviewed-by: Rich Salz <rsalz@openssl.org>

GH: #2025
2016-12-05 21:12:07 +01:00
Kurt Roeckx
0282aeb690 Move libfuzzer sanitizer options to README
This is something you might want to change depending on the version to
use, there is no point in us fixing this to something.

Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:15 +01:00
Kurt Roeckx
3a85d05fb3 Use 8bit-counters when using libfuzzer
Reviewed-by: Rich Salz <rsalz@openssl.org>
GH: #2023
2016-12-03 00:14:14 +01:00
Andy Polyakov
5ae5dc9661 INSTALL: clarify 386 and no-sse2 options.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-25 17:34:28 +01:00
Richard Levitte
7b176a549e Only build the body of e_padlock when there are lower level routines
engines/e_padlock.c assumes that for all x86 and x86_64 platforms, the
lower level routines will be present.  However, that's not always
true, for example for solaris-x86-cc, and that leads to build errors.

The better solution is to have configure detect if the lower level
padlock routines are being built, and define the macro PADLOCK_ASM if
they are, and use that macro in our C code.

Reviewed-by: Andy Polyakov <appro@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1510)
2016-11-15 15:14:15 +01:00
Richard Levitte
93880ce133 Make it possible to disable building and running tests
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1514)
2016-11-15 15:00:56 +01:00