# see INSTALL for instructions.
+my $orig_death_handler = $SIG{__DIE__};
+$SIG{__DIE__} = \&death_handler;
+
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
# Options:
. " -Wswitch"
. " -Wsign-compare"
. " -Wmissing-prototypes"
+ . " -Wstrict-prototypes"
. " -Wshadow"
. " -Wformat"
. " -Wtype-limits"
our %table = ();
our %config = ();
our %withargs = ();
+our $now_printing; # set to current entry's name in print_table_entry
+ # (todo: right thing would be to encapsulate name
+ # into %target [class] and make print_table_entry
+ # a method)
# Forward declarations ###############################################
"objects",
"md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3",
"des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes",
- "bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
+ "bn", "ec", "rsa", "dsa", "dh", "sm2", "dso", "engine",
"buffer", "bio", "stack", "lhash", "rand", "err",
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
"async",
"autoalginit",
"autoerrinit",
+ "autoload-config",
"bf",
"blake2",
"camellia",
"seed",
"shared",
"siphash",
+ "sm2",
"sm3",
"sm4",
"sock",
"tests",
"threads",
"tls",
- "tls13downgrade",
"ts",
"ubsan",
"ui-console",
"ui" => "ui-console",
);
-# All of the following is disabled by default (RC5 was enabled before 0.9.8):
+# All of the following are disabled by default:
our %disabled = ( # "what" => "comment"
- "asan" => "default",
+ "asan" => "default",
"crypto-mdebug" => "default",
"crypto-mdebug-backtrace" => "default",
"devcryptoeng" => "default",
"ssl3" => "default",
"ssl3-method" => "default",
"ubsan" => "default",
- "tls13downgrade" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"apps" => [ "tests" ],
"tests" => [ "external-tests" ],
"comp" => [ "zlib" ],
- "ec" => [ "tls1_3" ],
+ "ec" => [ "tls1_3", "sm2" ],
+ "sm3" => [ "sm2" ],
sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
sub { !$disabled{"msan"} } => [ "asm" ],
{ VMS => qr/(?<!\^),/,
MSWin32 => qr/(?<!\\);/ } -> {$^O} // qr/(?<!\\)[:\s]/;
# All the "make variables" we support
+# Some get pre-populated for the sake of backward compatibility
+# (we supported those before the change to "make variable" support.
my %user = (
- AR => undef,
+ AR => env('AR'),
ARFLAGS => [],
AS => undef,
ASFLAGS => [],
- CC => undef,
+ CC => env('CC'),
CFLAGS => [],
- CXX => undef,
+ CXX => env('CXX'),
CXXFLAGS => [],
CPP => undef,
CPPFLAGS => [], # -D, -I, -Wp,
CPPDEFINES => [], # Alternative for -D
CPPINCLUDES => [], # Alternative for -I
- CROSS_COMPILE => undef,
- HASHBANGPERL=> undef,
+ CROSS_COMPILE => env('CROSS_COMPILE'),
+ HASHBANGPERL=> env('HASHBANGPERL') || env('PERL'),
LD => undef,
LDFLAGS => [], # -L, -Wl,
LDLIBS => [], # -l
MT => undef,
MTFLAGS => [],
- RANLIB => undef,
- RC => undef,
+ PERL => env('PERL') || ($^O ne "VMS" ? $^X : "perl"),
+ RANLIB => env('RANLIB'),
+ RC => env('RC') || env('WINDRES'),
RCFLAGS => [],
RM => undef,
);
);
# Initialisers coming from 'config' scripts
-$config{defines} = [ split(/$list_separator_re/, env('__CNF_CPPDEFINES')) ],
-$config{includes} = [ split(/$list_separator_re/, env('__CNF_CPPINCLUDES')) ],
-$config{cppflags} = [ env('__CNF_CPPFLAGS') || () ],
-$config{cflags} = [ env('__CNF_CFLAGS') || () ],
-$config{cxxflags} = [ env('__CNF_CXXFLAGS') || () ],
-$config{lflags} = [ env('__CNF_LDFLAGS') || () ],
-$config{ex_libs} = [ env('__CNF_LDLIBS') || () ],
+$config{defines} = [ split(/$list_separator_re/, env('__CNF_CPPDEFINES')) ];
+$config{includes} = [ split(/$list_separator_re/, env('__CNF_CPPINCLUDES')) ];
+$config{cppflags} = [ env('__CNF_CPPFLAGS') || () ];
+$config{cflags} = [ env('__CNF_CFLAGS') || () ];
+$config{cxxflags} = [ env('__CNF_CXXFLAGS') || () ];
+$config{lflags} = [ env('__CNF_LDFLAGS') || () ];
+$config{ex_libs} = [ env('__CNF_LDLIBS') || () ];
$config{openssl_api_defines}=[];
$config{openssl_algorithm_defines}=[];
$config{build_type} = "release";
my $target="";
+my %cmdvars = (); # Stores FOO='blah' type arguments
my %unsupported_options = ();
my %deprecated_options = ();
# If you change this, update apps/version.c
# Support env variable assignments among the options
if (m|^(\w+)=(.+)?$|)
{
- $config{perlenv}->{$1} = $2;
+ $cmdvars{$1} = $2;
# Every time a variable is given as a configuration argument,
# it acts as a reset if the variable.
if (exists $user{$1})
{
s/^([^=]*)/lc($1)/e;
}
- s /^-no-/no-/; # some people just can't read the instructions
+
+ # some people just can't read the instructions, clang people have to...
+ s/^-no-(?!integrated-as)/no-/;
# rewrite some options in "enable-..." form
s /^-?-?shared$/enable-shared/;
{
read_config $1;
}
- elsif (/^-L(.*)$/)
- {
- push @{$useradd{LDFLAGS}}, $_;
- }
- elsif (/^-l(.*)$/ or /^-Wl,/)
+ elsif (/^-l(.*)$/)
{
push @{$useradd{LDLIBS}}, $_;
}
{
push @{$useradd{LDLIBS}}, $_, shift(@argvcopy);
}
+ elsif (/^-L(.*)$/ or /^-Wl,/)
+ {
+ push @{$useradd{LDFLAGS}}, $_;
+ }
elsif (/^-rpath$/ or /^-R$/)
# -rpath is the OSF1 rpath flag
# -R is the old Solaris rpath flag
else
{ $config{options} .= " ".$_; }
}
+ }
- if (defined($config{api}) && !exists $apitable->{$config{api}}) {
- die "***** Unsupported api compatibility level: $config{api}\n",
- }
+if (defined($config{api}) && !exists $apitable->{$config{api}}) {
+ die "***** Unsupported api compatibility level: $config{api}\n",
+}
- if (keys %deprecated_options)
- {
- warn "***** Deprecated options: ",
- join(", ", keys %deprecated_options), "\n";
- }
- if (keys %unsupported_options)
- {
- die "***** Unsupported options: ",
- join(", ", keys %unsupported_options), "\n";
- }
+if (keys %deprecated_options)
+ {
+ warn "***** Deprecated options: ",
+ join(", ", keys %deprecated_options), "\n";
+ }
+if (keys %unsupported_options)
+ {
+ die "***** Unsupported options: ",
+ join(", ", keys %unsupported_options), "\n";
}
-# If any %useradd entry has been set, we must check that the environment
-# variables haven't been set. We start by checking of any %useradd entry
+# If any %useradd entry has been set, we must check that the "make
+# variables" haven't been set. We start by checking of any %useradd entry
# is set.
if (grep { scalar @$_ > 0 } values %useradd) {
# Hash of env / make variables names. The possible values are:
- # 1 - environment set
+ # 1 - "make vars"
# 2 - %useradd entry set
# 3 - both set
- my %detected_env =
+ my %detected_vars =
map { my $v = 0;
- $v += 1 if env($_);
+ $v += 1 if $cmdvars{$_};
$v += 2 if @{$useradd{$_}};
$_ => $v }
keys %useradd;
- # If any of the corresponding environment variables is set, we error
- if (grep { $_ & 1 } values %detected_env) {
- my $names = join(', ', grep { $detected_env{$_} > 0 }
- sort keys %detected_env);
+ # If any of the corresponding "make variables" is set, we error
+ if (grep { $_ & 1 } values %detected_vars) {
+ my $names = join(', ', grep { $detected_vars{$_} > 0 }
+ sort keys %detected_vars);
die <<"_____";
-***** Mixing env / make variables and additional compiler/linker flags as
+***** Mixing make variables and additional compiler/linker flags as
***** configure command line option is not permitted.
-***** Affected env / make variables: $names
+***** Affected make variables: $names
_____
}
}
+# Check through all supported command line variables to see if any of them
+# were set, and canonicalise the values we got. If no compiler or linker
+# flag or anything else that affects %useradd was set, we also check the
+# environment for values.
+my $anyuseradd =
+ grep { defined $_ && (ref $_ ne 'ARRAY' || @$_) } values %useradd;
foreach (keys %user) {
- my $value = env($_);
- $value //= defined $user_synonyms{$_} ? env($user_synonyms{$_}) : undef;
+ my $value = $cmdvars{$_};
+ $value //= env($_) unless $anyuseradd;
+ $value //=
+ defined $user_synonyms{$_} ? $cmdvars{$user_synonyms{$_}} : undef;
+ $value //= defined $user_synonyms{$_} ? env($user_synonyms{$_}) : undef
+ unless $anyuseradd;
if (defined $value) {
if (ref $user{$_} eq 'ARRAY') {
}
}
-if (grep { $_ =~ /(^|\s)-Wl,-rpath,/ } ($user{LDLIBS} ? @{$user{LDLIBS}} : ())
+if (grep { /-rpath\b/ } ($user{LDFLAGS} ? @{$user{LDFLAGS}} : ())
&& !$disabled{shared}
&& !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) {
die "***** Cannot simultaneously use -rpath, shared libraries, and\n",
print "Using os-specific seed configuration\n";
push @seed_sources, 'os';
}
-die "Cannot seed with none and anything else"
- if scalar(grep { $_ eq 'none' } @seed_sources) > 0
- && scalar(@seed_sources) > 1;
+if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) {
+ die "Cannot seed with none and anything else" if scalar(@seed_sources) > 1;
+ warn <<_____ if scalar(@seed_sources) == 1;
+You have selected the --with-rand-seed=none option, which effectively disables
+automatic reseeding of the OpenSSL random generator. All operations depending
+on the random generator such as creating keys will not work unless the random
+generator is seeded manually by the application.
+
+Please read the 'Note on random number generation' section in the INSTALL
+instructions and the RAND_DRBG(7) manual page for more details.
+_____
+}
push @{$config{openssl_other_defines}},
map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" }
@seed_sources;
$target = $t;
}
}
+
+&usage if !$table{$target} || $table{$target}->{template};
+
$config{target} = $target;
my %target = resolve_config($target);
-&usage if (!%target || $target{template});
-
foreach (keys %target_attr_translate) {
$target{$target_attr_translate{$_}} = $target{$_}
if $target{$_};
$target{exe_extension}=".pm" if ($config{target} =~ /vos/);
($target{shared_extension_simple}=$target{shared_extension})
- =~ s|\.\$\(SHLIB_VERSION_NUMBER\)||;
-$target{dso_extension}=$target{shared_extension_simple};
+ =~ s|\.\$\(SHLIB_VERSION_NUMBER\)||
+ unless defined($target{shared_extension_simple});
+$target{dso_extension}//=$target{shared_extension_simple};
($target{shared_import_extension}=$target{shared_extension_simple}.".a")
if ($config{target} =~ /^(?:Cygwin|mingw)/);
-# Allow overriding the names of some tools. USE WITH CARE
-# Note: only Unix cares about HASHBANGPERL... that explains
-# the default string.
-$config{perl} = ($^O ne "VMS" ? $^X : "perl");
+# Fill %config with values from %user, and in case those are undefined or
+# empty, use values from %target (acting as a default).
foreach (keys %user) {
my $ref_type = ref $user{$_};
unshift @{$config{cxxflags}}, $value if $config{CXX};
}
-# The DSO code currently always implements all functions so that no
-# applications will have to worry about that from a compilation point
-# of view. However, the "method"s may return zero unless that platform
-# has support compiled in for them. Currently each method is enabled
-# by a define "DSO_<name>" ... we translate the "dso_scheme" config
-# string entry into using the following logic;
-if (!$disabled{dso} && $target{dso_scheme} ne "")
- {
- $target{dso_scheme} =~ tr/[a-z]/[A-Z]/;
- if ($target{dso_scheme} eq "DLFCN")
- {
- unshift @{$config{lib_defines}}, "DSO_DLFCN", "HAVE_DLFCN_H";
- }
- elsif ($target{dso_scheme} eq "DLFCN_NO_H")
- {
- unshift @{$config{lib_defines}}, "DSO_DLFCN";
- }
- else
- {
- unshift @{$config{lib_defines}}, "DSO_$target{dso_scheme}";
- }
- }
-
# If threads aren't disabled, check how possible they are
unless ($disabled{threads}) {
if ($auto_threads) {
push @{$config{lib_defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/);
push @{$config{lib_defines}}, "SHA512_ASM" if ($target{sha1_asm_src} =~ /sha512/);
}
+ if ($target{keccak1600_asm_src} ne $table{DEFAULTS}->{keccak1600_asm_src}) {
+ push @{$config{lib_defines}}, "KECCAK1600_ASM";
+ }
if ($target{rc4_asm_src} ne $table{DEFAULTS}->{rc4_asm_src}) {
push @{$config{lib_defines}}, "RC4_ASM";
}
}
}
-my %predefined = compiler_predefined($config{CC});
+my %predefined = compiler_predefined($config{CROSS_COMPILE}.$config{CC});
# Check for makedepend capabilities.
if (!$disabled{makedepend}) {
# For VC- and vms- targets, there's nothing more to do here. The
# functionality is hard coded in the corresponding build files for
# cl (Windows) and CC/DECC (VMS).
- } elsif ($predefined{__GNUC__} >= 3) {
+ } elsif (($predefined{__GNUC__} // -1) >= 3
+ && !($predefined{__APPLE_CC__} && !$predefined{__clang__})) {
# We know that GNU C version 3 and up as well as all clang
- # versions support dependency generation
+ # versions support dependency generation, but Xcode did not
+ # handle $cc -M before clang support (but claims __GNUC__ = 3)
$config{makedepprog} = "\$(CROSS_COMPILE)$config{CC}";
} else {
# In all other cases, we look for 'makedepend', and disable the
}
}
+if (!$disabled{asm} && !$predefined{__MACH__} && $^O ne 'VMS') {
+ # probe for -Wa,--noexecstack option...
+ if ($predefined{__clang__}) {
+ # clang has builtin assembler, which doesn't recognize --help,
+ # but it apparently recognizes the option in question on all
+ # supported platforms even when it's meaningless. In other words
+ # probe would fail, but probed option always accepted...
+ push @{$config{cflags}}, "-Wa,--noexecstack", "-Qunused-arguments";
+ } else {
+ my $cc = $config{CROSS_COMPILE}.$config{CC};
+ open(PIPE, "$cc -Wa,--help -c -o null.$$.o -x assembler /dev/null 2>&1 |");
+ while(<PIPE>) {
+ if (m/--noexecstack/) {
+ push @{$config{cflags}}, "-Wa,--noexecstack";
+ last;
+ }
+ }
+ close(PIPE);
+ unlink("null.$$.o");
+ }
+}
# Deal with bn_ops ###################################################
push @{$config{defines}}, $apiflag;
}
-if (defined($predefined{__clang__}) && !$disabled{asm}) {
- push @{$config{cflags}}, "-Qunused-arguments";
- push @{$config{cxxflags}}, "-Qunused-arguments" if $config{CXX};
-}
-
if ($strict_warnings)
{
my $wopt;
die "ERROR --strict-warnings requires gcc[>=4] or gcc-alike"
unless $gccver >= 4;
- $gcc_devteam_warn .= " -Wmisleading-indentation" if $gccver >= 6;
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
push @{$config{cflags}}, $wopt
unless ($disabled{afalgeng}) {
$config{afalgeng}="";
- if ($target =~ m/^linux/) {
+ if (grep { $_ eq 'afalgeng' } @{$target{enable}}) {
my $minver = 4*10000 + 1*100 + 0;
if ($config{CROSS_COMPILE} eq "") {
my $verstr = `uname -r`;
die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n";
}
$config{build_file_templates}
- = [ $build_file_template,
+ = [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"),
+ $blddir),
+ $build_file_template,
cleanfile($srcdir, catfile("Configurations", "common.tmpl"),
$blddir) ];
$o = cleanfile($buildd, $o, $blddir);
$unified_info{sources}->{$ddest}->{$o} = 1;
$unified_info{sources}->{$o}->{$s} = 1;
+ } elsif ($s =~ /\.rc$/) {
+ # We also recognise resource files
+ my $o = $_;
+ $o =~ s/\.rc$/.res/; # Resource configuration
+ my $o = cleanfile($buildd, $o, $blddir);
+ $unified_info{sources}->{$ddest}->{$o} = 1;
+ $unified_info{sources}->{$o}->{$s} = 1;
} else {
$unified_info{sources}->{$ddest}->{$s} = 1;
}
if ($dump || $cmdline) {
print "\nCommand line (with current working directory = $here):\n\n";
print ' ',join(' ',
- $config{perl},
+ $config{PERL},
catfile($config{sourcedir}, 'Configure'),
@{$config{perlargv}}), "\n";
print "\nPerl information:\n\n";
$builders{$builder}->($builder_platform, @builder_opts);
+$SIG{__DIE__} = $orig_death_handler;
+
print <<"EOF" if ($disabled{threads} eq "unavailable");
The library could not be configured for supporting multi-threaded
# Helpers and utility functions
#
+# Death handler, to print a helpful message in case of failure #######
+#
+sub death_handler {
+ die @_ if $^S; # To prevent the added message in eval blocks
+ my $build_file = $target{build_file} // "build file";
+ my @message = ( <<"_____", @_ );
+
+Failure! $build_file wasn't produced.
+Please read INSTALL and associated NOTES files. You may also have to look over
+your available compiler tool chain or change your configuration.
+
+_____
+
+ # Dying is terminal, so it's ok to reset the signal handler here.
+ $SIG{__DIE__} = $orig_death_handler;
+ die @message;
+}
+
# Configuration file reading #########################################
# Note: All of the helper functions are for lazy evaluation. They all
return sub { add($disabled{threads} ? () : @flags)->(); }
}
-
+sub shared {
+ my @flags = @_;
+ return sub { add($disabled{shared} ? () : @flags)->(); }
+}
our $add_called = 0;
# Helper function to implement adding values to already existing configuration
foreach (@templates) {
die "Can't open $_, $!" unless -f $_;
}
- my $perlcmd = (quotify("maybeshell", $config{perl}))[0];
+ my $perlcmd = (quotify("maybeshell", $config{PERL}))[0];
my $cmd = "$perlcmd \"-I.\" \"-Mconfigdata\" \"$dofile\" -o\"Configure\" \"".join("\" \"",@templates)."\" > \"$out.new\"";
#print STDERR "DEBUG[run_dofile]: \$cmd = $cmd\n";
system($cmd);
sub compiler_predefined {
state %predefined;
- my $default_compiler = shift;
+ my $cc = shift;
return () if $^O eq 'VMS';
- die 'compiler_predefined called without a default compiler'
- unless $default_compiler;
+ die 'compiler_predefined called without a compiler command'
+ unless $cc;
- if (! $predefined{$default_compiler}) {
- my $cc = "$config{CROSS_COMPILE}$default_compiler";
+ if (! $predefined{$cc}) {
- $predefined{$default_compiler} = {};
+ $predefined{$cc} = {};
# collect compiler pre-defines from gcc or gcc-alike...
open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |");
while (my $l = <PIPE>) {
$l =~ m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
- $predefined{$default_compiler}->{$1} = $2 // '';
+ $predefined{$cc}->{$1} = $2 // '';
}
close(PIPE);
}
- return %{$predefined{$default_compiler}};
+ return %{$predefined{$cc}};
}
sub which
sub env
{
my $name = shift;
+ my %opts = @_;
- # Note that if $ENV{$name} doesn't exist or is undefined,
- # $config{perlenv}->{$name} will be created with the value
- # undef. This is intentional.
+ unless ($opts{cacheonly}) {
+ # Note that if $ENV{$name} doesn't exist or is undefined,
+ # $config{perlenv}->{$name} will be created with the value
+ # undef. This is intentional.
- $config{perlenv}->{$name} = $ENV{$name}
- if ! exists $config{perlenv}->{$name};
+ $config{perlenv}->{$name} = $ENV{$name}
+ if ! exists $config{perlenv}->{$name};
+ }
return $config{perlenv}->{$name};
}
sub print_table_entry
{
- my $target = shift;
- my %target = resolve_config($target);
+ local $now_printing = shift;
+ my %target = resolve_config($now_printing);
my $type = shift;
# Don't print the templates
if ($type eq "TABLE") {
print "\n";
- print "*** $target\n";
+ print "*** $now_printing\n";
foreach (@sequence) {
if (ref($target{$_}) eq "ARRAY") {
printf "\$%-12s = %s\n", $_, join(" ", @{$target{$_}});
} elsif ($type eq "HASH") {
my $largest =
length((sort { length($a) <=> length($b) } @sequence)[-1]);
- print " '$target' => {\n";
+ print " '$now_printing' => {\n";
foreach (@sequence) {
if ($target{$_}) {
if (ref($target{$_}) eq "ARRAY") {