Newer
Older
:
if $running_under_some_shell;
##
## Configure -- OpenSSL source tree configuration script
## If editing this file, run this command before committing
## make -f Makefile.org TABLE
##
use File::Basename;
use File::Spec::Functions;
# see INSTALL for instructions.
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n";
# --config add the given configuration file, which will be read after
# any "Configurations*" files that are found in the same
# directory as this script.
# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
# --prefix option is given; /usr/local/ssl otherwise)
# --prefix prefix for the OpenSSL include, lib and bin directories
# (Default: the OPENSSLDIR directory)
#
# --install_prefix Additional prefix for package builders (empty by
# default). This needn't be set in advance, you can
# just as well use "make INSTALL_PREFIX=/whatever install".
#
Richard Levitte
committed
# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
# to live in the subdirectory lib/ and the header files in
# include/. A value is required.
# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is
# required.
Richard Levitte
committed
# (Default: KRB5_DIR/lib)
# --with-krb5-include Declare where the Kerberos 5 header files live. A
# value is required.
Richard Levitte
committed
# (Default: KRB5_DIR/include)
# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
# supported values are "MIT" and "Heimdal". A value is required.
Richard Levitte
committed
#
# --test-sanity Make a number of sanity checks on the data in this file.
# This is a debugging tool for OpenSSL developers.
#
# --cross-compile-prefix Add specified prefix to binutils components.
#
# no-hw-xxx do not compile support for specific crypto hardware.
# Generic OpenSSL-style methods relating to this support
# are always compiled but return NULL if the hardware
# support isn't compiled.
# no-hw do not compile support for any crypto hardware.
# [no-]threads [don't] try to create a library that is suitable for
# multithreaded applications (default is "threads" if we
# know how to do it)
# [no-]shared [don't] try to create shared libraries when supported.
# no-dso do not compile in any native shared-library methods. This
# will ensure that all methods just return NULL.
Richard Levitte
committed
# no-krb5 do not compile in any KRB5 library or code.
# [no-]zlib [don't] compile support for zlib compression.
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded in run-time by the OpenSSL library.
# 386 generate 80386 code
# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
#
# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
# provided to stack calls. Generates unique stack functions for
# each possible stack type.
# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register
# dependancies but needs to more registers, good for RISC CPU's
# DES_RISC2 A different RISC variant.
# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders.
# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
# This is used on the DEC Alpha where long is 8 bytes
# and int is 4
# BN_LLONG use the type 'long long' in crypto/bn/bn.h
# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on
# array lookups instead of pointer use.
# RC4_CHUNK enables code that handles data aligned at long (natural CPU
# word) boundary.
# RC4_CHUNK_LL enables code that handles data aligned at long long boundary
# (intended for 64-bit CPUs running 32-bit OS).
# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
# BF_PTR2 intel specific version (generic version is more efficient).
#
# Following are set automatically by this script
#
# MD5_ASM use some extra md5 assember,
# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86
# RMD160_ASM use some extra ripemd160 assember,
# SHA256_ASM sha256_block is implemented in assembler
# SHA512_ASM sha512_block is implemented in assembler
# AES_ASM ASE_[en|de]crypt is implemented in assembler
# Minimum warning options... any contributions to OpenSSL should at least get
my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK";
my $clang_disabled_warnings = "-Wno-language-extension-token -Wno-extended-offsetof -Wno-padded -Wno-shorten-64-to-32 -Wno-format-nonliteral -Wno-missing-noreturn -Wno-unused-parameter -Wno-sign-conversion -Wno-unreachable-code -Wno-conversion -Wno-documentation -Wno-missing-variable-declarations -Wno-cast-align -Wno-incompatible-pointer-types-discards-qualifiers -Wno-missing-variable-declarations -Wno-missing-field-initializers -Wno-unused-macros -Wno-disabled-macro-expansion -Wno-conditional-uninitialized -Wno-switch-enum";
Dr. Stephen Henson
committed
my $strict_warnings = 0;
my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
# MD2_CHAR slags pentium pros
my $x86_gcc_opts="RC4_INDEX MD2_INT";
# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
# Don't worry about these normally
my $tcc="cc";
my $tflags="-fast -Xa";
my $tbn_mul="";
my $tlib="-lnsl -lsocket";
#$bits1="SIXTEEN_BIT ";
#$bits2="THIRTY_TWO_BIT ";
my $bits1="THIRTY_TWO_BIT ";
my $bits2="SIXTY_FOUR_BIT ";
my $x86_asm="x86cpuid.o:bn-586.o co-586.o x86-mont.o x86-gf2m.o:ecp_nistz256.o ecp_nistz256-x86.o:des-586.o crypt586.o:aes-586.o vpaes-x86.o aesni-x86.o:bf-586.o:md5-586.o:sha1-586.o sha256-586.o sha512-586.o:cast-586.o:rc4-586.o:rmd-586.o:rc5-586.o:wp_block.o wp-mmx.o:cmll-x86.o:ghash-x86.o:e_padlock-x86.o";
my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o:ecp_nistz256.o ecp_nistz256-x86_64.o::aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o::rc4-x86_64.o rc4-md5-x86_64.o:::wp-x86_64.o:cmll-x86_64.o cmll_misc.o:ghash-x86_64.o aesni-gcm-x86_64.o:e_padlock-x86_64.o";
my $ia64_asm="ia64cpuid.o:bn-ia64.o ia64-mont.o:::aes_core.o aes_cbc.o aes-ia64.o::md5-ia64.o:sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o:::::ghash-ia64.o::void";
my $sparcv9_asm="sparcv9cap.o sparccpuid.o:bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o::des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o:aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o::md5-sparcv9.o:sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o::::::camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o:ghash-sparcv9.o::void";
my $sparcv8_asm=":sparcv8.o::des_enc-sparc.o fcrypt_b.o:::::::::::::void";
my $alpha_asm="alphacpuid.o:bn_asm.o alpha-mont.o::::::sha1-alpha.o:::::::ghash-alpha.o::void";
my $mips64_asm=":bn-mips.o mips-mont.o:::aes_cbc.o aes-mips.o:::sha1-mips.o sha256-mips.o sha512-mips.o::::::::";
my $mips32_asm=$mips64_asm; $mips32_asm =~ s/\s*sha512\-mips\.o//;
my $s390x_asm="s390xcap.o s390xcpuid.o:bn-s390x.o s390x-mont.o s390x-gf2m.o:::aes-s390x.o aes-ctr.o aes-xts.o:::sha1-s390x.o sha256-s390x.o sha512-s390x.o::rc4-s390x.o:::::ghash-s390x.o:";
my $armv4_asm="armcap.o armv4cpuid.o:bn_asm.o armv4-mont.o armv4-gf2m.o:ecp_nistz256.o ecp_nistz256-armv4.o::aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o:::sha1-armv4-large.o sha256-armv4.o sha512-armv4.o:::::::ghash-armv4.o ghashv8-armx.o::void";
my $aarch64_asm="armcap.o arm64cpuid.o mem_clr.o::::aes_core.o aes_cbc.o aesv8-armx.o:::sha1-armv8.o sha256-armv8.o sha512-armv8.o:::::::ghashv8-armx.o:";
my $parisc11_asm="pariscid.o:bn_asm.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::32";
my $parisc20_asm="pariscid.o:pa-risc2W.o parisc-mont.o:::aes_core.o aes_cbc.o aes-parisc.o:::sha1-parisc.o sha256-parisc.o sha512-parisc.o::rc4-parisc.o:::::ghash-parisc.o::64";
my $ppc64_asm="ppccpuid.o ppccap.o:bn-ppc.o ppc-mont.o ppc64-mont.o:::aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o:::sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o:::::::ghashp8-ppc.o:";
my $ppc32_asm=$ppc64_asm;
# As for $BSDthreads. Idea is to maintain "collective" set of flags,
# which would cover all BSD flavors. -pthread applies to them all,
# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
# which has to be accompanied by explicit -D_THREAD_SAFE and
# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
# seems to be sufficient?
my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
# table of known configurations, read in from files
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
#
# The content of each entry can take one of two forms:
#
# - old style config-string, colon seperated fields with exactly the
# following structure.:
#
# $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $perlasm_scheme : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
#
# We use the stringtohash function - defined below - to combine with the
# fields and form a proper hash table from the string.
#
# - direct transfer of old style config string to hash table, using the names
# of the fields as keys:
#
# {
# cc => $cc,
# cflags => $cflags,
# unistd => $unistd,
# thread_cflag => $thread_cflag,
# sys_id => $sys_id,
# lflags => $lflags,
# bn_ops => $bn_ops,
# cpuid_obj => $cpuid_obj,
# bn_obj => $bn_obj,
# ec_obj => $ec_obj,
# des_obj => $des_obj,
# aes_obj => $aes_obj,
# bf_obj => $bf_obj,
# md5_obj => $md5_obj,
# sha1_obj => $sha1_obj,
# cast_obj => $cast_obj,
# rc4_obj => $rc4_obj,
# rmd160_obj => $rmd160_obj,
# rc5_obj => $rc5_obj,
# wp_obj => $wp_obj,
# cmll_obj => $cmll_obj,
# modes_obj => $modes_obj,
# engines_obj => $engines_obj,
# perlasm_scheme => $perlasm_scheme,
# dso_scheme => $dso_scheme,
# shared_target => $shared_target,
# shared_cflag => $shared_cflag,
# shared_ldflag => $shared_ldflag,
# shared_extension => $shared_extension,
# ranlib => $ranlib,
# arflags => $arflags,
# multilib => $multilib
# }
#
# - new style config hash table, which has additional attributes for debug
# and non-debug flags to be added to the common flags, for cflags and lflags:
#
# {
# cc => $cc,
# cflags => $cflags,
# "debug-cflags" => $debug_cflags,
# "nodebug-cflags" => $nodebug_cflags,
# unistd => $unistd,
# thread_cflag => $thread_cflag,
# sys_id => $sys_id,
# lflags => $lflags,
# "debug-lflags" => $debug_lflags,
# "nodebug-lflags" => $nodebug_lflags,
# bn_ops => $bn_ops,
# cpuid_obj => $cpuid_obj,
# bn_obj => $bn_obj,
# ec_obj => $ec_obj,
# des_obj => $des_obj,
# aes_obj => $aes_obj,
# bf_obj => $bf_obj,
# md5_obj => $md5_obj,
# sha1_obj => $sha1_obj,
# cast_obj => $cast_obj,
# rc4_obj => $rc4_obj,
# rmd160_obj => $rmd160_obj,
# rc5_obj => $rc5_obj,
# wp_obj => $wp_obj,
# cmll_obj => $cmll_obj,
# modes_obj => $modes_obj,
# engines_obj => $engines_obj,
# dso_scheme => $dso_scheme,
# shared_target => $shared_target,
# shared_cflag => $shared_cflag,
# shared_ldflag => $shared_ldflag,
# shared_extension => $shared_extension,
# ranlib => $ranlib,
# arflags => $arflags,
# multilib => $multilib
# }
#
# The configuration reader will do what it can to translate everything into
# new style config hash tables, including merging $target and debug-$target
# if they are similar enough.
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
sub stringtohash {
my $in = shift @_;
if (ref($in) eq "HASH") {
return $in;
}
my @stringsequence = (
"cc",
"cflags",
"unistd",
"thread_cflag",
"sys_id",
"lflags",
"bn_ops",
"cpuid_obj",
"bn_obj",
"ec_obj",
"des_obj",
"aes_obj",
"bf_obj",
"md5_obj",
"sha1_obj",
"cast_obj",
"rc4_obj",
"rmd160_obj",
"rc5_obj",
"wp_obj",
"cmll_obj",
"modes_obj",
"engines_obj",
"perlasm_scheme",
"dso_scheme",
"shared_target",
"shared_cflag",
"shared_ldflag",
"shared_extension",
"ranlib",
"arflags",
"multilib",
);
# return a ref to a hash, that's what the outer braces are for.
return { map { shift @stringsequence => $_ } split /:/, $in };
};
# Read configuration target stanzas from a file, so that people can have
# local files with their own definitions
sub read_config {
my $fname = shift;
open(CONFFILE, "< $fname")
or die "Can't open configuration file '$fname'!\n";
my $x = $/;
undef $/;
my $content = <CONFFILE>;
$/ = $x;
close(CONFFILE);
my %targets = ();
eval $content;
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
# Make sure we have debug- targets first
my @keys =
sort {
my $a_nd = $a =~ m/^debug-/ ? $' :$a;
my $b_nd = $b =~ m/^debug-/ ? $' :$b;
my $res = 0;
if (($a_nd == $a) == ($b_nd == $b)) {
# they are both debug- or not, compare them as they are
$res = $a cmp $b;
} elsif ($a_nd != $a) {
# $a is debug-, make it lesser
$res = -1;
} else {
# $b is debug-, make $a greater
$res = 1;
}
$res;
} keys %targets;
foreach (@keys) {
if (ref($targets{$_}) ne "HASH") {
# Value is assumed to be a string. Split it up to
# become a hash table of parameters. Also, try to
# merge debug- variants with the non-debug target.
# Start with converting the value from a string to a
# standardised hash of fields. Using $tohash is safe,
# if the input is already a hash ref, it's just returned
# back.
$targets{$_} = stringtohash($targets{$_});
# If the current target is a debug target, there might
# be a corresponding non-debug target that we can merge
# with. If it isn't a debug- target, we've already done
# as much merging as we can and do not need to bother
# with that any more.
if ($_ =~ m/^debug-/) {
my $debugkey = $_;
my $nondebugkey = $';
my $debug = $targets{$debugkey};
my $nondebug;
if ($targets{$nondebugkey}) {
$nondebug = stringtohash($targets{$nondebugkey});
}
if ($nondebug) {
# There's both a debug and non-debug variant of
# this target, so we should try to merge them
# together.
# First, check that the non-debug variant isn't
# already built up with all it should have.
if ($nondebug->{debug_cflags}
|| $nondebug->{nodebug_cflags}
|| $nondebug->{debug_lflags}
|| $nondebug->{nodebug_lflags}) {
warn "there's a debug target $debugkey to be merged with a target $nondebugkey, but the latter seems to already have both nodebug and debug information. This requires human intervention. Skipping $debugkey...";
next;
}
# Now, check similarity.
# For keys they have in common, support that
# cflags and lflags can differ, otherwise they
# must have exactly the same values for them
# to be merged into one.
my $similarenough = 1;
for (keys %{$debug}) {
if ($nondebug->{$_} ne $debug->{$_}
&& $_ !~ m/^[cl]flags$/) {
$similarenough = 0;
last;
}
}
if ($similarenough) {
# Here's where the magic happens, split the
# options in the debug and non-debug variants
# cflags and ldflags into three strings each,
# one with common flags, one with extra debug
# flags and one with extra non-debug flags.
# The result ends up in %h_nondebug, which
# becomes the merged variant when we're done.
# for each of cflags and lflags, they are
# replaced with cflags, debug_cflags,
# nodebug_cflags and similar for lflags.
#
# The purpose is that 'cflags' should be
# used together with 'debug_cflags' or
# 'nodebug_cflags' depending on what the
# user asks for.
foreach (("cflags", "lflags")) {
my @list_d = split /\s+/, $debug->{$_};
my @list_nd = split /\s+/, $nondebug->{$_};
my %presence = (); # bitmap
# 1: present in @list_d
# 2: present in @list_nd
# 3: present in both
map { $presence{$_} += 1; } @list_d;
map { $presence{$_} += 2; } @list_nd;
delete $nondebug->{$_};
# Note: we build from the original lists to
# preserve order, it might be important
$nondebug->{"debug-".$_} =
join(" ",
grep { $presence{$_} == 1 } @list_d);
$nondebug->{"nodebug-".$_} =
join(" ",
grep { $presence{$_} == 2 } @list_nd);
$nondebug->{$_} =
join(" ",
grep { $presence{$_} == 3 } @list_d);
}
$targets{$nondebugkey} = $nondebug;
delete $targets{$debugkey};
}
}
}
}
}
%table = (%table, %targets);
}
my ($vol, $dir, $dummy) = File::Spec->splitpath($0);
my $pattern = File::Spec->catpath($vol, $dir, "Configurations/*.conf");
foreach (sort glob($pattern) ) {
my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
debug-VC-WIN64I debug-VC-WIN64A
VC-NT VC-CE VC-WIN32 debug-VC-WIN32
netware-clib netware-clib-bsdsock
netware-libc netware-libc-bsdsock);
my $openssldir="";
my $exe_ext="";
my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $fipslibdir="/usr/local/ssl/fips-2.0/lib/";
Dr. Stephen Henson
committed
my $nofipscanistercheck=0;
my $baseaddr="0xFB00000";
my $no_threads=0;
my $threads=0;
my $no_shared=0; # but "no-shared" is default
my $zlib=1; # but "no-zlib" is default
my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used
my $no_rfc3779=1; # but "no-rfc3779" is default
Dr. Stephen Henson
committed
my $no_gmp=0;
my $des_locl="crypto/des/des_locl.h";
my $des ="crypto/des/des.h";
my $bn ="crypto/bn/bn.h";
my $md2 ="crypto/md2/md2.h";
my $rc4 ="crypto/rc4/rc4.h";
my $rc4_locl="crypto/rc4/rc4_locl.h";
my $idea ="crypto/idea/idea.h";
my $rc2 ="crypto/rc2/rc2.h";
my $bf ="crypto/bf/bf_locl.h";
my $bn_asm ="bn_asm.o";
my $des_enc="des_enc.o fcrypt_b.o";
my $aes_enc="aes_core.o aes_cbc.o";
my $bf_enc ="bf_enc.o";
my $cast_enc="c_enc.o";
my $rc4_enc="rc4_enc.o rc4_skey.o";
my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
my $default_ranlib;
Dr. Stephen Henson
committed
my $fips=0;
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
Dr. Stephen Henson
committed
"gmp" => "default",
"jpake" => "experimental",
"md2" => "default",
"rc5" => "default",
"ssl-trace" => "default",
"zlib" => "default",
"zlib-dynamic" => "default"
);
my @experimental = ();
# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";
# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
# For symmetry, "disable-foo" is a synonym for "no-foo".
# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
# We will collect such requests in @experimental.
# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
my $no_sse2=0;
&usage if ($#ARGV < 0);
my $flags;
my $depflags;
my $openssl_experimental_defines;
my $openssl_algorithm_defines;
my $openssl_thread_defines;
my $openssl_sys_defines="";
my $openssl_other_defines;
my $libs;
my $libkrb5="";
my $target;
my $options;
my $symlink;
Richard Levitte
committed
my %withargs=();
my @argvcopy=@ARGV;
my $argvstring="";
my $argv_unprocessed=1;
while($argv_unprocessed)
$flags="";
$depflags="";
$openssl_experimental_defines="";
$openssl_algorithm_defines="";
$openssl_thread_defines="";
$openssl_sys_defines="";
$openssl_other_defines="";
$libs="";
$target="";
$options="";
$symlink=1;
$argv_unprocessed=0;
$argvstring=join(' ',@argvcopy);
PROCESS_ARGS:
foreach (@argvcopy)
s /^-no-/no-/; # some people just can't read the instructions
# rewrite some options in "enable-..." form
s /^-?-?shared$/enable-shared/;
s /^threads$/enable-threads/;
s /^zlib$/enable-zlib/;
s /^zlib-dynamic$/enable-zlib-dynamic/;
if (/^no-(.+)$/ || /^disable-(.+)$/)
if (!($disabled{$1} eq "experimental"))
if ($1 eq "ssl")
{
$disabled{"ssl3"} = "option(ssl)";
}
elsif ($1 eq "tls")
{
$disabled{"tls1"} = "option(tls)"
}
elsif ($1 eq "ssl3-method")
{
$disabled{"ssl3-method"} = "option(ssl)";
$disabled{"ssl3"} = "option(ssl)";
}
else
{
$disabled{$1} = "option";
}
}
elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
{
my $algo = $1;
if ($disabled{$algo} eq "experimental")
{
die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
unless (/^experimental-/);
push @experimental, $algo;
}
delete $disabled{$algo};
$threads = 1 if ($algo eq "threads");
}
elsif (/^--test-sanity$/)
{
exit(&test_sanity());
Dr. Stephen Henson
committed
elsif (/^--strict-warnings/)
{
$strict_warnings = 1;
}
elsif (/^reconfigure/ || /^reconf/)
if (open(IN,"<$Makefile"))
{
while (<IN>)
{
chomp;
if (/^CONFIGURE_ARGS=(.*)/)
{
$argvstring=$1;
@argvcopy=split(' ',$argvstring);
die "Incorrect data to reconfigure, please do a normal configuration\n"
if (grep(/^reconf/,@argvcopy));
print "Reconfiguring with: $argvstring\n";
$argv_unprocessed=1;
close(IN);
last PROCESS_ARGS;
}
}
close(IN);
}
die "Insufficient data to reconfigure, please do a normal configuration\n";
elsif (/^386$/)
{ $processor=386; }
Dr. Stephen Henson
committed
elsif (/^fips$/)
{
$fips=1;
elsif (/^rsaref$/)
Ralf S. Engelschall
committed
{
# No RSAref support any more since it's not needed.
# The check for the option is there so scripts aren't
# broken
Dr. Stephen Henson
committed
elsif (/^nofipscanistercheck$/)
{
$fips = 1;
$nofipscanistercheck = 1;
}
elsif (/^[-+]/)
if (/^--prefix=(.*)$/)
{
$prefix=$1;
}
elsif (/^--openssldir=(.*)$/)
{
$openssldir=$1;
}
elsif (/^--install.prefix=(.*)$/)
{
$install_prefix=$1;
}
Richard Levitte
committed
elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
{
$withargs{"krb5-".$1}=$2;
}
elsif (/^--with-zlib-lib=(.*)$/)
$withargs{"zlib-lib"}=$1;
}
elsif (/^--with-zlib-include=(.*)$/)
{
$withargs{"zlib-include"}="-I$1";
elsif (/^--with-fipslibdir=(.*)$/)
{
$fipslibdir="$1/";
}
elsif (/^--with-baseaddr=(.*)$/)
{
$baseaddr="$1";
}
elsif (/^--cross-compile-prefix=(.*)$/)
{
$cross_compile_prefix=$1;
}
elsif (/^--config=(.*)$/)
{
read_config $1;
}
elsif (/^-[lL](.*)$/ or /^-Wl,/)
$libs.=$_." ";
}
else # common if (/^[-+]/), just pass down...
{
$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
$flags.=$_." ";
Ralf S. Engelschall
committed
}
elsif ($_ =~ /^([^:]+):(.+)$/)
eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
$target=$1;
die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
$target=$_;
}
unless ($_ eq $target || /^no-/ || /^disable-/)
{
# "no-..." follows later after implied disactivations
# have been derived. (Don't take this too seroiusly,
# we really only write OPTIONS to the Makefile out of
# nostalgia.)
if ($options eq "")
{ $options = $_; }
else
{ $options .= " ".$_; }
if ($processor eq "386")
{
$disabled{"sse2"} = "forced";
}
if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "")
{
$disabled{"krb5"} = "krb5-flavor not specified";
}
if (!defined($disabled{"zlib-dynamic"}))
{
# "zlib-dynamic" was specifically enabled, so enable "zlib"
delete $disabled{"zlib"};
}
if (defined($disabled{"rijndael"}))
{
$disabled{"aes"} = "forced";
}
if (defined($disabled{"des"}))
{
$disabled{"mdc2"} = "forced";
}
if (defined($disabled{"ec"}))
{
$disabled{"ecdsa"} = "forced";
$disabled{"ecdh"} = "forced";
}
# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
if (defined($disabled{"md5"}) || defined($disabled{"sha"})
|| (defined($disabled{"rsa"})
&& (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
{
$disabled{"ssl3"} = "forced";
$disabled{"tls1"} = "forced";
}
if (defined($disabled{"tls1"}))
{
$disabled{"tlsext"} = "forced";
}
if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
|| defined($disabled{"dh"}))
{
$disabled{"gost"} = "forced";
}
# SRP and HEARTBEATS require TLSEXT
if (defined($disabled{"tlsext"}))
{
$disabled{"srp"} = "forced";
$disabled{"heartbeats"} = "forced";
if ($target eq "TABLE") {
foreach $target (sort keys %table) {
print_table_entry($target, "TABLE");
if ($target eq "LIST") {
foreach (sort keys %table) {
print;
print "\n";
}
exit 0;
}
if ($target eq "HASH") {
print "%table = (\n";
foreach (sort keys %table) {
print_table_entry($_, "HASH");
}
exit 0;
}
if ($target =~ m/^CygWin32(-.*)$/) {
$target = "Cygwin".$1;
}
print "Configuring for $target\n";
my ($d, $t) = $target =~ m/^(debug-)?(.*)$/;
my $debug_prefix = "nodebug-";
if ($d) {
$debug_prefix = "debug-";
# If we do not find debug-foo in the table, the target is set to foo,
# but only if the foo target has a noon-empty debug-cflags or debug-lflags
# attribute.
if (!$table{$target} && ($table{$t}->{"debug-cflags"}
|| $table{$t}->{"debug-lflags"})) {
$target = $t;
}
}
&usage if (!defined($table{$target}));
Dr. Stephen Henson
committed
if ($fips)
{
delete $disabled{"shared"} if ($disabled{"shared"} eq "default");
}
foreach (sort (keys %disabled))
{
$options .= " no-$_";
printf " no-%-12s %-10s", $_, "[$disabled{$_}]";
if (/^dso$/)
{ $no_dso = 1; }
elsif (/^threads$/)
{ $no_threads = 1; }
elsif (/^shared$/)
{ $no_shared = 1; }
elsif (/^zlib$/)
{ $zlib = 0; }
elsif (/^zlib-dynamic$/)
{ }
elsif (/^symlinks$/)
{ $symlink = 0; }
elsif (/^sse2$/)
{ $no_sse2 = 1; }
else
{
my ($ALGO, $algo);
($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/;
if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
{
$openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n";
print " OPENSSL_NO_$ALGO";
if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
elsif (/^asm$/) { $no_asm = 1; }
}
else
{
($ALGO,$algo) = ("RMD160","rmd160") if ($algo eq "ripemd");
$openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n";
print " OPENSSL_NO_$ALGO";
if (/^krb5$/)
{ $no_krb5 = 1; }
else
{
push @skip, $algo;
$skip[$#skip]="whrlpool" if $algo eq "whirlpool";
$skip[$#skip]="ripemd" if $algo eq "rmd160";
print " (skip dir)";
$depflags .= " -DOPENSSL_NO_$ALGO";
}
}
}
print "\n";
}
my $exp_cflags = "";
foreach (sort @experimental)
{
my $ALGO;
($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
# opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
$openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
$exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
}
my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
$exe_ext=".pm" if ($target =~ /vos/);
$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
$prefix=$openssldir if $prefix eq "";
$default_ranlib= &which("ranlib") or $default_ranlib="true";
$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
or $perl="perl";
Dr. Stephen Henson
committed
$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
Dr. Stephen Henson
committed
chop $openssldir if $openssldir =~ /\/$/;
$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
my $cc = $ENV{CC} || $table{$t}->{cc};
# For cflags and lflags, add the debug- or nodebug- attributes
# Do it in such a way that no spurious space is appended (hence the grep).
my $cflags = join(" ",
grep { $_ } ($table{$t}->{cflags},
$table{$t}->{$debug_prefix."cflags"}));
my $lflags = join(" ",
grep { $_ } ($table{$t}->{lflags},
$table{$t}->{$debug_prefix."lflags"}));
my $unistd = $table{$t}->{unistd};
my $thread_cflag = $table{$t}->{thread_cflag};
my $sys_id = $table{$t}->{sys_id};
my $bn_ops = $table{$t}->{bn_ops};
my $cpuid_obj = $table{$t}->{cpuid_obj};
my $bn_obj = $table{$t}->{bn_obj};
my $ec_obj = $table{$t}->{ec_obj};
my $des_obj = $table{$t}->{des_obj};
my $aes_obj = $table{$t}->{aes_obj};
my $bf_obj = $table{$t}->{bf_obj};
my $md5_obj = $table{$t}->{md5_obj};
my $sha1_obj = $table{$t}->{sha1_obj};
my $cast_obj = $table{$t}->{cast_obj};
my $rc4_obj = $table{$t}->{rc4_obj};
my $rmd160_obj = $table{$t}->{rmd160_obj};
my $rc5_obj = $table{$t}->{rc5_obj};
my $wp_obj = $table{$t}->{wp_obj};
my $cmll_obj = $table{$t}->{cmll_obj};
my $modes_obj = $table{$t}->{modes_obj};
my $engines_obj = $table{$t}->{engines_obj};
my $perlasm_scheme = $table{$t}->{perlasm_scheme};
my $dso_scheme = $table{$t}->{dso_scheme};
my $shared_target = $table{$t}->{shared_target};
my $shared_cflag = $table{$t}->{shared_cflag};
my $shared_ldflag = $table{$t}->{shared_ldflag};
my $shared_extension = $table{$t}->{shared_extension};
my $ranlib = $ENV{'RANLIB'} || $table{$t}->{ranlib};