Configure

:
eval 'exec perl -S $0 ${1+"$@"}'
    if $running_under_some_shell;
##
##  Configure -- OpenSSL source tree configuration script
##  If editing this file, run this command before committing
##	make -f Makefile.org TABLE
##

require 5.000;
use strict;
use File::Basename;
use File::Spec::Functions;

# see INSTALL for instructions.

my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n";

# Options:
#
# --config      add the given configuration file, which will be read after
#               any "Configurations*" files that are found in the same
#               directory as this script.
# --openssldir  install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
#               --prefix option is given; /usr/local/ssl otherwise)
# --prefix      prefix for the OpenSSL include, lib and bin directories
#               (Default: the OPENSSLDIR directory)
#
# --install_prefix  Additional prefix for package builders (empty by
#               default).  This needn't be set in advance, you can
#               just as well use "make INSTALL_PREFIX=/whatever install".
#
# --with-krb5-dir  Declare where Kerberos 5 lives.  The libraries are expected
#		to live in the subdirectory lib/ and the header files in
#		include/.  A value is required.
# --with-krb5-lib  Declare where the Kerberos 5 libraries live.  A value is
#		required.
#		(Default: KRB5_DIR/lib)
# --with-krb5-include  Declare where the Kerberos 5 header files live.  A
#		value is required.
#		(Default: KRB5_DIR/include)
# --with-krb5-flavor  Declare what flavor of Kerberos 5 is used.  Currently
#		supported values are "MIT" and "Heimdal".  A value is required.
#
# --test-sanity Make a number of sanity checks on the data in this file.
#               This is a debugging tool for OpenSSL developers.
#
# --cross-compile-prefix Add specified prefix to binutils components.
#
# no-hw-xxx     do not compile support for specific crypto hardware.
#               Generic OpenSSL-style methods relating to this support
#               are always compiled but return NULL if the hardware
#               support isn't compiled.
# no-hw         do not compile support for any crypto hardware.
# [no-]threads  [don't] try to create a library that is suitable for
#               multithreaded applications (default is "threads" if we
#               know how to do it)
# [no-]shared	[don't] try to create shared libraries when supported.
# no-asm        do not use assembler
# no-dso        do not compile in any native shared-library methods. This
#               will ensure that all methods just return NULL.
# no-krb5       do not compile in any KRB5 library or code.
# [no-]zlib     [don't] compile support for zlib compression.
# zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared
#		library and will be loaded in run-time by the OpenSSL library.
# sctp          include SCTP support
# 386           generate 80386 code
# no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
# no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
#
# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
#		provided to stack calls. Generates unique stack functions for
#		each possible stack type.
# DES_PTR	use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
# DES_RISC1	use different DES_ENCRYPT macro that helps reduce register
#		dependancies but needs to more registers, good for RISC CPU's
# DES_RISC2	A different RISC variant.
# DES_UNROLL	unroll the inner DES loop, sometimes helps, somtimes hinders.
# DES_INT	use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
#		This is used on the DEC Alpha where long is 8 bytes
#		and int is 4
# BN_LLONG	use the type 'long long' in crypto/bn/bn.h
# MD2_CHAR	use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
# MD2_LONG	use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
# IDEA_SHORT	use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
# IDEA_LONG	use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
# RC2_SHORT	use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
# RC2_LONG	use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
# RC4_CHAR	use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
# RC4_LONG	use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
# RC4_INDEX	define RC4_INDEX in crypto/rc4/rc4_locl.h.  This turns on
#		array lookups instead of pointer use.
# RC4_CHUNK	enables code that handles data aligned at long (natural CPU
#		word) boundary.
# RC4_CHUNK_LL	enables code that handles data aligned at long long boundary
#		(intended for 64-bit CPUs running 32-bit OS).
# BF_PTR	use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
# BF_PTR2	intel specific version (generic version is more efficient).
#
# Following are set automatically by this script
#
# MD5_ASM	use some extra md5 assember,
# SHA1_ASM	use some extra sha1 assember, must define L_ENDIAN for x86
# RMD160_ASM	use some extra ripemd160 assember,
# SHA256_ASM	sha256_block is implemented in assembler
# SHA512_ASM	sha512_block is implemented in assembler
# AES_ASM	ASE_[en|de]crypt is implemented in assembler

# Minimum warning options... any contributions to OpenSSL should at least get
# past these.

my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK";

my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";

my $strict_warnings = 0;

my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";

# MD2_CHAR slags pentium pros
my $x86_gcc_opts="RC4_INDEX MD2_INT";

# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
# Don't worry about these normally

my $tcc="cc";
my $tflags="-fast -Xa";
my $tbn_mul="";
my $tlib="-lnsl -lsocket";
#$bits1="SIXTEEN_BIT ";
#$bits2="THIRTY_TWO_BIT ";
my $bits1="THIRTY_TWO_BIT ";
my $bits2="SIXTY_FOUR_BIT ";

my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:ecp_nistz256.o ecp_nistz256-x86.o:des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:e_padlock-x86.o";
my $x86_asm_nocast=$x86_asm;$x86_asm_nocast=~s/cast\-586\.o//;

my $x86_elf_asm="$x86_asm:elf";
my $android_x86_elf_asm="$x86_asm:android";

my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:e_padlock-x86_64.o";
my $win_x86_64_asm=$x86_asm;$win_x86_64_asm=~s/x86_64-gcc\.o/bn_asm.o/;
my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void";
my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void";
my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void";
my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//;
my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
my $s390x_32_asm=$s390x_asm;$s390x_32_asm=~s/bn\-s390x\.o/bn_asm.o/;
my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:ecp_nistz256.o ecp_nistz256-armv4.o::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void";
my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:";
my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
my $parisc20_64_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
my $parisc20_32_asm=$parisc20_64_asm;$parisc20_32_asm=~s/2W\./2\./;$parisc20_32_asm=~s/:64/:32/;
my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:";
my $ppc32_asm=$ppc64_asm;

# As for $BSDthreads. Idea is to maintain "collective" set of flags,
# which would cover all BSD flavors. -pthread applies to them all,
# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
# which has to be accompanied by explicit -D_THREAD_SAFE and
# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
# seems to be sufficient?
my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";


# table of known configurations, read in from files
#
# The content of each entry can take one of two forms:
#
# - old style config-string, colon seperated fields with exactly the
#   following structure.:
#
#	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $perlasm_scheme : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
#
#   We use the stringtohash function - defined below - to combine with the
#   fields and form a proper hash table from the string.
#
# - direct transfer of old style config string to hash table, using the names
#   of the fields as keys:
#
#	{
#	  cc => $cc,
#	  cflags => $cflags,
#	  unistd => $unistd,
#	  thread_cflag => $thread_cflag,
#	  sys_id => $sys_id,
#	  lflags => $lflags,
#	  bn_ops => $bn_ops,
#	  cpuid_obj => $cpuid_obj,
#	  bn_obj => $bn_obj,
#	  ec_obj => $ec_obj,
#	  des_obj => $des_obj,
#	  aes_obj => $aes_obj,
#	  bf_obj => $bf_obj,
#	  md5_obj => $md5_obj,
#	  sha1_obj => $sha1_obj,