4 This directory contains a few sets of files that are used for
5 configuration in diverse ways:
7 *.conf Target platform configurations, please read
8 'Configurations of OpenSSL target platforms' for more
10 *.tmpl Build file templates, please read 'Build-file
11 programming with the "unified" build system' as well
12 as 'Build info files' for more information.
13 *.pm Helper scripts / modules for the main `Configure`
14 script. See 'Configure helper scripts for more
18 Configurations of OpenSSL target platforms
19 ==========================================
21 Target configurations are a collection of facts that we know about
22 different platforms and their capabilities. We organise them in a
23 hash table, where each entry represent a specific target.
25 In each table entry, the following keys are significant:
27 inherit_from => Other targets to inherit values from.
28 Explained further below. [1]
29 template => Set to 1 if this isn't really a platform
30 target. Instead, this target is a template
31 upon which other targets can be built.
32 Explained further below. [1]
34 sys_id => System identity for systems where that
35 is difficult to determine automatically.
37 enable => Enable specific configuration features.
38 This MUST be an array of words.
39 disable => Disable specific configuration features.
40 This MUST be an array of words.
41 Note: if the same feature is both enabled
42 and disabled, disable wins.
44 cc => The C compiler command, usually one of "cc",
45 "gcc" or "clang". This command is normally
46 also used to link object files and
47 libraries into the final program.
48 cxx => The C++ compiler command, usually one of
49 "c++", "g++" or "clang++". This command is
50 also used when linking a program where at
51 least one of the object file is made from
53 cflags => Flags that are used at all times when
54 compiling C object files.
55 cxxflags => Flags that are used at all times when
56 compiling C++ object files. If unset, it
57 gets the same value as cflags.
58 defines => As an alternative, macro definitions may be
59 present here instead of in `cflags'. If
60 given here, they MUST be as an array of the
61 string such as "MACRO=value", or just
62 "MACRO" for definitions without value.
63 shared_cflag => Extra compilation flags used when
64 compiling for shared libraries, typically
65 something like "-fPIC".
67 (linking is a complex thing, see [3] below)
68 ld => Linker command, usually not defined
69 (meaning the compiler command is used
71 (NOTE: this is here for future use, it's
73 lflags => Flags that are used when linking apps.
74 shared_ldflag => Flags that are used when linking shared
76 plib_lflags => Extra linking flags to appear just before
77 the libraries on the command line.
78 ex_libs => Extra libraries that are needed when
81 ar => The library archive command, the default is
83 (NOTE: this is here for future use, it's
85 arflags => Flags to be used with the library archive
88 ranlib => The library archive indexing command, the
89 default is 'ranlib' it it exists.
91 unistd => An alternative header to the typical
92 '<unistd.h>'. This is very rarely needed.
94 shared_extension => File name extension used for shared
96 obj_extension => File name extension used for object files.
97 On unix, this defaults to ".o" (NOTE: this
98 is here for future use, it's not
100 exe_extension => File name extension used for executable
101 files. On unix, this defaults to "" (NOTE:
102 this is here for future use, it's not
104 shlib_variant => A "variant" identifier inserted between the base
105 shared library name and the extension. On "unixy"
106 platforms (BSD, Linux, Solaris, MacOS/X, ...) this
107 supports installation of custom OpenSSL libraries
108 that don't conflict with other builds of OpenSSL
109 installed on the system. The variant identifier
110 becomes part of the SONAME of the library and also
111 any symbol versions (symbol versions are not used or
112 needed with MacOS/X). For example, on a system
113 where a default build would normally create the SSL
114 shared library as 'libssl.so -> libssl.so.1.1' with
115 the value of the symlink as the SONAME, a target
116 definition that sets 'shlib_variant => "-abc"' will
117 create 'libssl.so -> libssl-abc.so.1.1', again with
118 an SONAME equal to the value of the symlink. The
119 symbol versions associated with the variant library
120 would then be 'OPENSSL_ABC_<version>' rather than
121 the default 'OPENSSL_<version>'. The string inserted
122 into symbol versions is obtained by mapping all
123 letters in the "variant" identifier to upper case
124 and all non-alphanumeric characters to '_'.
126 thread_scheme => The type of threads is used on the
127 configured platform. Currently known
128 values are "(unknown)", "pthreads",
129 "uithreads" (a.k.a solaris threads) and
130 "winthreads". Except for "(unknown)", the
131 actual value is currently ignored but may
132 be used in the future. See further notes
134 dso_scheme => The type of dynamic shared objects to build
135 for. This mostly comes into play with
136 engines, but can be used for other purposes
137 as well. Valid values are "DLFCN"
138 (dlopen() et al), "DLFCN_NO_H" (for systems
139 that use dlopen() et al but do not have
140 fcntl.h), "DL" (shl_load() et al), "WIN32"
142 perlasm_scheme => The perlasm method used to created the
143 assembler files used when compiling with
144 assembler implementations.
145 shared_target => The shared library building method used.
146 This is a target found in Makefile.shared.
147 build_scheme => The scheme used to build up a Makefile.
148 In its simplest form, the value is a string
149 with the name of the build scheme.
150 The value may also take the form of a list
151 of strings, if the build_scheme is to have
152 some options. In this case, the first
153 string in the list is the name of the build
155 Currently recognised build scheme is "unified".
156 For the "unified" build scheme, this item
157 *must* be an array with the first being the
158 word "unified" and the second being a word
159 to identify the platform family.
161 multilib => On systems that support having multiple
162 implementations of a library (typically a
163 32-bit and a 64-bit variant), this is used
164 to have the different variants in different
167 bn_ops => Building options (was just bignum options in
168 the earlier history of this option, hence the
169 name). This is a string of words that describe
170 algorithms' implementation parameters that
171 are optimal for the designated target platform,
172 such as the type of integers used to build up
173 the bignum, different ways to implement certain
174 ciphers and so on. To fully comprehend the
175 meaning, the best is to read the affected
179 THIRTY_TWO_BIT bignum limbs are 32 bits,
180 this is default if no
181 option is specified, it
182 works on any supported
183 system [unless "wider"
184 limb size is implied in
186 BN_LLONG bignum limbs are 32 bits,
187 but 64-bit 'unsigned long
188 long' is used internally
190 SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
191 and sizeof(long) is 8;
192 SIXTY_FOUR_BIT bignums limbs are 64 bits,
193 but execution environment
195 RC4_CHAR RC4 key schedule is made
196 up of 'unsigned char's;
197 RC4_INT RC4 key schedule is made
198 up of 'unsigned int's;
199 EXPORT_VAR_AS_FN for shared libraries,
203 apps_extra_src => Extra source to build apps/openssl, as
204 needed by the target.
205 cpuid_asm_src => assembler implementation of cpuid code as
206 well as OPENSSL_cleanse().
208 bn_asm_src => Assembler implementation of core bignum
211 ec_asm_src => Assembler implementation of core EC
213 des_asm_src => Assembler implementation of core DES
214 encryption functions.
215 Defaults to 'des_enc.c fcrypt_b.c'
216 aes_asm_src => Assembler implementation of core AES
218 Defaults to 'aes_core.c aes_cbc.c'
219 bf_asm_src => Assembler implementation of core BlowFish
221 Defaults to 'bf_enc.c'
222 md5_asm_src => Assembler implementation of core MD5
224 sha1_asm_src => Assembler implementation of core SHA1,
225 functions, and also possibly SHA256 and
227 cast_asm_src => Assembler implementation of core CAST
229 Defaults to 'c_enc.c'
230 rc4_asm_src => Assembler implementation of core RC4
232 Defaults to 'rc4_enc.c rc4_skey.c'
233 rmd160_asm_src => Assembler implementation of core RMD160
235 rc5_asm_src => Assembler implementation of core RC5
237 Defaults to 'rc5_enc.c'
238 wp_asm_src => Assembler implementation of core WHIRLPOOL
240 cmll_asm_src => Assembler implementation of core CAMELLIA
242 Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
243 modes_asm_src => Assembler implementation of cipher modes,
244 currently the functions gcm_gmult_4bit and
246 padlock_asm_src => Assembler implementation of core parts of
247 the padlock engine. This is mandatory on
248 any platform where the padlock engine might
252 [1] as part of the target configuration, one can have a key called
253 'inherit_from' that indicate what other configurations to inherit
254 data from. These are resolved recursively.
256 Inheritance works as a set of default values that can be overridden
257 by corresponding key values in the inheriting configuration.
259 Note 1: any configuration table can be used as a template.
260 Note 2: pure templates have the attribute 'template => 1' and
261 cannot be used as build targets.
263 If several configurations are given in the 'inherit_from' array,
264 the values of same attribute are concatenated with space
265 separation. With this, it's possible to have several smaller
266 templates for different configuration aspects that can be combined
267 into a complete configuration.
269 instead of a scalar value or an array, a value can be a code block
270 of the form 'sub { /* your code here */ }'. This code block will
271 be called with the list of inherited values for that key as
272 arguments. In fact, the concatenation of strings is really done
273 by using 'sub { join(" ",@_) }' on the list of inherited values.
281 ignored => "This should not appear in the end result",
290 inherit_from => [ "foo", "bar" ],
291 hehe => sub { join(" ",(@_,"!!!")) },
295 The entry for "laughter" will become as follows after processing:
304 [2] OpenSSL is built with threading capabilities unless the user
305 specifies 'no-threads'. The value of the key 'thread_scheme' may
306 be "(unknown)", in which case the user MUST give some compilation
309 [3] OpenSSL has three types of things to link from object files or
312 - shared libraries; that would be libcrypto and libssl.
313 - shared objects (sometimes called dynamic libraries); that would
315 - applications; those are apps/openssl and all the test apps.
317 Very roughly speaking, linking is done like this (words in braces
318 represent the configuration settings documented at the beginning
322 {ld} $(CFLAGS) {shared_ldflag} -shared -o libfoo.so \
323 -Wl,--whole-archive libfoo.a -Wl,--no-whole-archive \
324 {plib_lflags} -lcrypto {ex_libs}
327 {ld} $(CFLAGS) {shared_ldflag} -shared -o libeng.so \
328 blah1.o blah2.o {plib_lflags} -lcrypto {ex_libs}
331 {ld} $(CFLAGS) {lflags} -o app \
332 app1.o utils.o {plib_lflags} -lssl -lcrypto {ex_libs}
335 Historically, the target configurations came in form of a string with
336 values separated by colons. This use is deprecated. The string form
339 "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
345 The build.info files that are spread over the source tree contain the
346 minimum information needed to build and distribute OpenSSL. It uses a
347 simple and yet fairly powerful language to determine what needs to be
348 built, from what sources, and other relationships between files.
350 For every build.info file, all file references are relative to the
351 directory of the build.info file for source files, and the
352 corresponding build directory for built files if the build tree
353 differs from the source tree.
355 When processed, every line is processed with the perl module
356 Text::Template, using the delimiters "{-" and "-}". The hashes
357 %config and %target are passed to the perl fragments, along with
358 $sourcedir and $builddir, which are the locations of the source
359 directory for the current build.info file and the corresponding build
360 directory, all relative to the top of the build tree.
362 To begin with, things to be built are declared by setting specific
371 Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
372 without extensions. The build file templates will figure them out.
374 For each thing to be built, it is then possible to say what sources
378 SOURCE[foo]=foo.c common.c
379 SOURCE[bar]=bar.c extra.c common.c
381 It's also possible to tell some other dependencies:
383 DEPEND[foo]=libsomething
384 DEPEND[libbar]=libsomethingelse
386 (it could be argued that 'libsomething' and 'libsomethingelse' are
387 source as well. However, the files given through SOURCE are expected
388 to be located in the source tree while files given through DEPEND are
389 expected to be located in the build tree)
391 It's also possible to depend on static libraries explicitly:
393 DEPEND[foo]=libsomething.a
394 DEPEND[libbar]=libsomethingelse.a
396 This should be rarely used, and care should be taken to make sure it's
397 only used when supported. For example, native Windows build doesn't
398 support build static libraries and DLLs at the same time, so using
399 static libraries on Windows can only be done when configured
402 One some platforms, shared libraries come with a name that's different
403 from their static counterpart. That's declared as follows:
405 SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
407 The example is from Cygwin, which has a required naming convention.
409 Sometimes, it makes sense to rename an output file, for example a
412 RENAME[libfoo]=libbar
414 That lines has "libfoo" get renamed to "libbar". While it makes no
415 sense at all to just have a rename like that (why not just use
416 "libbar" everywhere?), it does make sense when it can be used
417 conditionally. See a little further below for an example.
419 In some cases, it's desirable to include some source files in the
420 shared form of a library only:
422 SHARED_SOURCE[libfoo]=dllmain.c
424 For any file to be built, it's also possible to tell what extra
425 include paths the build of their source files should use:
429 In some cases, one might want to generate some source files from
430 others, that's done as follows:
432 GENERATE[foo.s]=asm/something.pl $(CFLAGS)
433 GENERATE[bar.s]=asm/bar.S
435 The value of each GENERATE line is a command line or part of it.
436 Configure places no rules on the command line, except that the first
437 item must be the generator file. It is, however, entirely up to the
438 build file template to define exactly how those command lines should
439 be handled, how the output is captured and so on.
441 Sometimes, the generator file itself depends on other files, for
442 example if it is a perl script that depends on other perl modules.
443 This can be expressed using DEPEND like this:
445 DEPEND[asm/something.pl]=../perlasm/Foo.pm
447 There may also be cases where the exact file isn't easily specified,
448 but an inclusion directory still needs to be specified. INCLUDE can
449 be used in that case:
451 INCLUDE[asm/something.pl]=../perlasm
453 NOTE: GENERATE lines are limited to one command only per GENERATE.
455 As a last resort, it's possible to have raw build file lines, between
456 BEGINRAW and ENDRAW lines as follows:
458 BEGINRAW[Makefile(unix)]
459 haha.h: {- $builddir -}/Makefile
460 echo "/* haha */" > haha.h
461 ENDRAW[Makefile(unix)]
463 The word within square brackets is the build_file configuration item
464 or the build_file configuration item followed by the second word in the
465 build_scheme configuration item for the configured target within
466 parenthesis as shown above. For example, with the following relevant
469 build_file => "build.ninja"
470 build_scheme => [ "unified", "unix" ]
472 ... these lines will be considered:
474 BEGINRAW[build.ninja]
475 build haha.h: echo "/* haha */" > haha.h
478 BEGINRAW[build.ninja(unix)]
479 build hoho.h: echo "/* hoho */" > hoho.h
480 ENDRAW[build.ninja(unix)]
482 Should it be needed because the recipes within a RAW section might
483 clash with those generated by Configure, it's possible to tell it
484 not to generate them with the use of OVERRIDES, for example:
486 SOURCE[libfoo]=foo.c bar.c
489 BEGINRAW[Makefile(unix)]
491 $(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
492 ENDRAW[Makefile(unix)]
494 See the documentation further up for more information on configuration
497 Finally, you can have some simple conditional use of the build.info
498 information, looking like this:
508 The expression in square brackets is interpreted as a string in perl,
509 and will be seen as true if perl thinks it is, otherwise false. For
510 example, the above would have "something" used, since 1 is true.
512 Together with the use of Text::Template, this can be used as
513 conditions based on something in the passed variables, for example:
515 IF[{- $disabled{shared} -}]
517 SOURCE[libcrypto]=...
525 # VMS has a cultural standard where all libraries are prefixed.
526 # For OpenSSL, the choice is 'ossl_'
527 IF[{- $config{target} =~ /^vms/ -}]
528 RENAME[libcrypto]=ossl_libcrypto
529 RENAME[libssl]=ossl_libssl
533 Build-file programming with the "unified" build system
534 ======================================================
536 "Build files" are called "Makefile" on Unix-like operating systems,
537 "descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
539 To use the "unified" build system, the target configuration needs to
540 set the three items 'build_scheme', 'build_file' and 'build_command'.
541 In the rest of this section, we will assume that 'build_scheme' is set
542 to "unified" (see the configurations documentation above for the
545 For any name given by 'build_file', the "unified" system expects a
546 template file in Configurations/ named like the build file, with
547 ".tmpl" appended, or in case of possible ambiguity, a combination of
548 the second 'build_scheme' list item and the 'build_file' name. For
549 example, if 'build_file' is set to "Makefile", the template could be
550 Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
551 In case both Configurations/unix-Makefile.tmpl and
552 Configurations/Makefile.tmpl are present, the former takes
555 The build-file template is processed with the perl module
556 Text::Template, using "{-" and "-}" as delimiters that enclose the
557 perl code fragments that generate configuration-dependent content.
558 Those perl fragments have access to all the hash variables from
561 The build-file template is expected to define at least the following
562 perl functions in a perl code fragment enclosed with "{-" and "-}".
563 They are all expected to return a string with the lines they produce.
565 generatesrc - function that produces build file lines to generate
566 a source file from some input.
568 It's called like this:
570 generatesrc(src => "PATH/TO/tobegenerated",
571 generator => [ "generatingfile", ... ]
572 generator_incs => [ "INCL/PATH", ... ]
573 generator_deps => [ "dep1", ... ]
574 generator => [ "generatingfile", ... ]
575 incs => [ "INCL/PATH", ... ],
576 deps => [ "dep1", ... ],
577 intent => one of "libs", "dso", "bin" );
579 'src' has the name of the file to be generated.
580 'generator' is the command or part of command to
581 generate the file, of which the first item is
582 expected to be the file to generate from.
583 generatesrc() is expected to analyse and figure out
584 exactly how to apply that file and how to capture
585 the result. 'generator_incs' and 'generator_deps'
586 are include directories and files that the generator
587 file itself depends on. 'incs' and 'deps' are
588 include directories and files that are used if $(CC)
589 is used as an intermediary step when generating the
590 end product (the file indicated by 'src'). 'intent'
591 indicates what the generated file is going to be
594 src2obj - function that produces build file lines to build an
595 object file from source files and associated data.
597 It's called like this:
599 src2obj(obj => "PATH/TO/objectfile",
600 srcs => [ "PATH/TO/sourcefile", ... ],
601 deps => [ "dep1", ... ],
602 incs => [ "INCL/PATH", ... ]
603 intent => one of "lib", "dso", "bin" );
605 'obj' has the intended object file *without*
606 extension, src2obj() is expected to add that.
607 'srcs' has the list of source files to build the
608 object file, with the first item being the source
609 file that directly corresponds to the object file.
610 'deps' is a list of explicit dependencies. 'incs'
611 is a list of include file directories. Finally,
612 'intent' indicates what this object file is going
615 obj2lib - function that produces build file lines to build a
616 static library file ("libfoo.a" in Unix terms) from
621 obj2lib(lib => "PATH/TO/libfile",
622 objs => [ "PATH/TO/objectfile", ... ]);
624 'lib' has the intended library file name *without*
625 extension, obj2lib is expected to add that. 'objs'
626 has the list of object files (also *without*
627 extension) to build this library.
629 libobj2shlib - function that produces build file lines to build a
630 shareable object library file ("libfoo.so" in Unix
631 terms) from the corresponding static library file
636 libobj2shlib(shlib => "PATH/TO/shlibfile",
637 lib => "PATH/TO/libfile",
638 objs => [ "PATH/TO/objectfile", ... ],
639 deps => [ "PATH/TO/otherlibfile", ... ]);
641 'lib' has the intended library file name *without*
642 extension, libobj2shlib is expected to add that.
643 'shlib' has the corresponding shared library name
644 *without* extension. 'deps' has the list of other
645 libraries (also *without* extension) this library
646 needs to be linked with. 'objs' has the list of
647 object files (also *without* extension) to build
650 This function has a choice; it can use the
651 corresponding static library as input to make the
652 shared library, or the list of object files.
654 obj2dso - function that produces build file lines to build a
655 dynamic shared object file from object files.
659 obj2dso(lib => "PATH/TO/libfile",
660 objs => [ "PATH/TO/objectfile", ... ],
661 deps => [ "PATH/TO/otherlibfile",
664 This is almost the same as libobj2shlib, but the
665 intent is to build a shareable library that can be
666 loaded in runtime (a "plugin"...). The differences
667 are subtle, one of the most visible ones is that the
668 resulting shareable library is produced from object
671 obj2bin - function that produces build file lines to build an
672 executable file from object files.
676 obj2bin(bin => "PATH/TO/binfile",
677 objs => [ "PATH/TO/objectfile", ... ],
678 deps => [ "PATH/TO/libfile", ... ]);
680 'bin' has the intended executable file name
681 *without* extension, obj2bin is expected to add
682 that. 'objs' has the list of object files (also
683 *without* extension) to build this library. 'deps'
684 has the list of library files (also *without*
685 extension) that the programs needs to be linked
688 in2script - function that produces build file lines to build a
689 script file from some input.
693 in2script(script => "PATH/TO/scriptfile",
694 sources => [ "PATH/TO/infile", ... ]);
696 'script' has the intended script file name.
697 'sources' has the list of source files to build the
698 resulting script from.
700 In all cases, file file paths are relative to the build tree top, and
701 the build file actions run with the build tree top as current working
704 Make sure to end the section with these functions with a string that
705 you thing is appropriate for the resulting build file. If nothing
706 else, end it like this:
708 ""; # Make sure no lingering values end up in the Makefile
712 Configure helper scripts
713 ========================
715 Configure uses helper scripts in this directory:
720 These scripts are per platform family, to check the integrity of the
721 tools used for configuration and building. The checker script used is
722 either {build_platform}-{build_file}-checker.pm or
723 {build_platform}-checker.pm, where {build_platform} is the second
724 'build_scheme' list element from the configuration target data, and
725 {build_file} is 'build_file' from the same target data.
727 If the check succeeds, the script is expected to end with a non-zero
728 expression. If the check fails, the script can end with a zero, or