diff options
Diffstat (limited to 'Configure')
| -rwxr-xr-x | Configure | 28 |
1 files changed, 24 insertions, 4 deletions
@@ -171,7 +171,6 @@ my @gcc_devteam_warn = qw( -Wshadow -Wformat -Wno-type-limits - -Wno-tautological-constant-out-of-range-compare -Wundef -Werror -Wmissing-prototypes @@ -188,11 +187,11 @@ my @gcc_devteam_warn = qw( # -Wextended-offsetof -- no, needed in CMS ASN1 code my @clang_devteam_warn = qw( -Wno-unknown-warning-option - -Wswitch-default -Wno-parentheses-equality -Wno-language-extension-token -Wno-extended-offsetof -Wno-missing-braces + -Wno-tautological-constant-out-of-range-compare -Wconditional-uninitialized -Wincompatible-pointer-types-discards-qualifiers -Wmissing-variable-declarations @@ -472,11 +471,13 @@ my @disablables = ( "filenames", "fips", "fips-securitychecks", + "fips-post", "fuzz-afl", "fuzz-libfuzzer", "gost", "http", "idea", + "jitter", "ktls", "legacy", "loadereng", @@ -587,6 +588,7 @@ our %disabled = ( # "what" => "comment" "fuzz-afl" => "default", "fuzz-libfuzzer" => "default", "pie" => "default", + "jitter" => "default", "ktls" => "default", "md2" => "default", "msan" => "default", @@ -687,7 +689,7 @@ my @disable_cascades = ( "cmp" => [ "crmf" ], - "fips" => [ "fips-securitychecks", "acvp-tests" ], + "fips" => [ "fips-securitychecks", "fips-post", "acvp-tests" ], "threads" => [ "thread-pool" ], "thread-pool" => [ "default-thread-pool" ], @@ -756,6 +758,7 @@ my %user = ( RANLIB => env('RANLIB'), RC => env('RC') || env('WINDRES'), RCFLAGS => [ env('RCFLAGS') || () ], + OBJCOPY => undef, RM => undef, ); # Info about what "make variables" may be prefixed with the cross compiler @@ -1020,6 +1023,14 @@ while (@argvcopy) { $config{openssldir}=$1; } + elsif (/^--with-jitter-include=(.*)$/) + { + $withargs{jitter_include}=$1; + } + elsif (/^--with-jitter-lib=(.*)$/) + { + $withargs{jitter_lib}=$1; + } elsif (/^--with-zlib-lib=(.*)$/) { $withargs{zlib_lib}=$1; @@ -1312,11 +1323,15 @@ if (scalar(grep { $_ eq 'none' } @seed_sources) > 0) { ============================== WARNING =============================== You have selected the --with-rand-seed=none option, which effectively -disables automatic reseeding of the OpenSSL random generator. +disables automatic reseeding of the OpenSSL SEED-SRC random generator. All operations depending on the random generator such as creating keys will not work unless the random generator is seeded manually by the application. +Instead of manually seeding, a different random generator can be set +at runtime in openssl.cnf or configured at build time with +-DOPENSSL_DEFAULT_SEED_SRC. + Please read the 'Note on random number generation' section in the INSTALL.md instructions and the RAND_DRBG(7) manual page for more details. @@ -1328,6 +1343,11 @@ push @{$config{openssl_feature_defines}}, map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" } @seed_sources; +my $provider_string = $disabled{"fips-post"} ? "non-compliant FIPS Provider" : "FIPS Provider"; + +$config{FIPS_VENDOR} = + (defined $version{FIPS_VENDOR} ? "$version{FIPS_VENDOR} $provider_string for OpenSSL" : "OpenSSL $provider_string"); + # Backward compatibility? if ($target =~ m/^CygWin32(-.*)$/) { $target = "Cygwin".$1; |