summaryrefslogtreecommitdiffstats
path: root/Configure
AgeCommit message (Collapse)Author
2017-08-15File::Glob option ':bsd_glob' doesn't work everywhere, replace w/ a wrapperRichard Levitte
Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4069)
2017-08-15Consolidate the locations where we have our internal perl modulesRichard Levitte
Instead of having perl modules under test/testlib, util and util/perl, consolidate them all to be inside util/perl. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4069)
2017-07-28Perl: Use File::Glob::bsd_glob rather than File::Glob::globRichard Levitte
File::Glob::glob is deprecated, it's use generates this kind of message: File::Glob::glob() will disappear in perl 5.30. Use File::Glob::bsd_glob() instead. at ../master/Configure line 277. So instead, use a construction that makes the caller glob() use File::Glob::bsd_glob(). Note that we're still excluding VMS, as it's directory specs use '[' and ']', which have a different meaning with bsd_glob and would need some extra quoting. This might change, but later. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/4040)
2017-07-26Simplify the handling of shared library version numbersRichard Levitte
$(SHLIB_MAJOR).$(SHLIB_MINOR) is really a synonym for $(SHLIB_VERSION_NUMBER), and is therefore an added complexity, so better to use $(SHLIB_VERSION_NUMBER) directly. SHLIB_MAJOR and SHLIB_MINOR are now unused, but are kept around purely as information in case someone relies on their existence. At the same time, add support for custom shared library extensions with the three new Makefile variables SHLIB_EXT, SHLIB_EXT_SIMPLE and SHLIB_EXT_IMPORT. By default, they hold the variants of shared library extensions we support. On mingw and cygwin, SHLIB_EXT_IMPORT is defined; on all other Unix platforms, it's empty. An example to get shared libraries with a slightly different SOVER name: $ make SHLIB_EXT='.$(SHLIB_VERSION_NUMBER).so' Fixes #3902 Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3964)
2017-07-22Add --with-rand-seedRich Salz
Add a new config param to specify how the CSPRNG should be seeded. Illegal values or nonsensical combinations (e.g., anything other than "os" on VMS or HP VOS etc) result in build failures. Add RDSEED support. Add RDTSC but leave it disabled for now pending more investigation. Refactor and reorganization all seeding files (rand_unix/win/vms) so that they are simpler. Only require 128 bits of seeding material. Many document improvements, including why to not use RAND_add() and the limitations around using load_file/write_file. Document RAND_poll(). Cleanup Windows RAND_poll and return correct status More completely initialize the default DRBG. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/3965)
2017-07-03Remove the possibility to disable the UI module entirelyRichard Levitte
Instead, make it possible to disable the console reader that's part of the UI module. This makes it possible to use the UI API and other UI methods in environments where the console reader isn't useful. To disable the console reader, configure with 'no-ui-console' / 'disable-ui-console'. 'no-ui' / 'disable-ui' is now an alias for 'no-ui-console' / 'disable-ui-console'. Fixes #3806 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3820)
2017-06-30Drop support for OPENSSL_NO_TLS1_3_METHODMatt Caswell
There are no public TLSv1_3_*method() functions so OPENSSL_NO_TLS1_3_METHOD doesn't make any sense and should be removed. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3800)
2017-06-29Add the STORE moduleRichard Levitte
This STORE module adds the following functionality: - A function OSSL_STORE_open(), OSSL_STORE_load() and OSSL_STORE_close() that accesses a URI and helps loading the supported objects (PKEYs, CERTs and CRLs for the moment) from it. - An opaque type OSSL_STORE_INFO that holds information on each loaded object. - A few functions to retrieve desired data from a OSSL_STORE_INFO reference. - Functions to register and unregister loaders for different URI schemes. This enables dynamic addition of loaders from applications or from engines. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3542)
2017-06-28Add new /dev/crypto engineRichard Levitte
Based on cryptodev-linux Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3744)
2017-06-22Configure: give config targets the possibility to enable or disable featuresRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3745)
2017-06-17Remove non-accurate description in Configure scriptPaul Yang
For DES and 3DES based ciphers are also enabled by this option. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3707)
2017-06-16Reorder Configure outputRichard Levitte
"Configuring..." was displayed with './Configure LIST'. This reorders the display of that line to happen after the "targets" LIST, TABLE and HASH have been checked. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3702)
2017-05-01Remove duplicates from clang_devteam_warningsBenjamin Kaduk
Since the clang_devteam_warnings are appended to the gcc_devteam_warnings when strict-warnings are requested, any items present in both the gcc and clang variables will be duplicated in the cflags used for clang builds. Remove the extra copy from the clang-specific flags in favor of the gcc_devteam_warnings that are used for all strict-warnings builds. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3239)
2017-05-01Add -Wextra to gcc devteam warningsBenjamin Kaduk
clang already has it; let's flip the switch and deal with the fallout. Exclude -Wunused-parameter, as we have many places where we keep unused parameters to conform to a uniform vtable-like interface. Also exclude -Wmissing-field-initializers; it's okay to rely on the standard-mandated behavior of filling out with 0/NULL. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3239)
2017-04-24Make it possible to build static-only librariesRichard Levitte
The trick is to use the .a extension explicitely in the build.info files. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3243)
2017-04-04Configure: recognize -framework as linker option [on Apple OSes].Andy Polyakov
This is handy for internal iOS tests, when you have to make it work in sandbox. Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-04-01Configure: use 5.10.0, don't require...Andy Polyakov
Configure started with 'require 5.10.0', but if executed by older perl it failed with "might be runaway multi-line // string" instead of naturally expected "Perl v5.10.0 required--this is only v5.x.y". Reviewed-by: Richard Levitte <levitte@openssl.org>
2017-03-29More typo fixesFdaSilvaYY
Fix some comments too [skip ci] Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3069)
2017-03-24Make the TLSv1.3 downgrade mechanism a configurable optionMatt Caswell
Make it disabled by default. When TLSv1.3 is out of draft we can remove this option and have it enabled all the time. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/3022)
2017-03-06Add a platform specific configuration checkerRichard Levitte
For each platform, we may need to perform some basic checks to see that available tools perform as we expect them. For the moment, the added checkers test that Perl gives the expected path format. This should help MingW users to see if they run an appropriate Perl implementation, for example. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2851)
2017-02-28More Configure cleanup. RemoveEmilia Kasper
- util/incore - util/fipslink.pl - the unused "baseaddr" configure switch Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-28Clean up references to FIPSEmilia Kasper
This removes the fips configure option. This option is broken as the required FIPS code is not available. FIPS_mode() and FIPS_mode_set() are retained for compatibility, but FIPS_mode() always returns 0, and FIPS_mode_set() can only be used to turn FIPS mode off. Reviewed-by: Stephen Henson <steve@openssl.org>
2017-02-24Add -Wundef to --strict-warnings options.Bernd Edlinger
Avoid a -Wundef warning in refcount.h Avoid a -Wundef warning in o_str.c Avoid a -Wundef warning in testutil.h Include internal/cryptlib.h before openssl/stack.h to avoid use of undefined symbol OPENSSL_API_COMPAT. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2712)
2017-02-22Remove -Wno-parentheses-equality from gcc --strict-warnings options.Bernd Edlinger
There has never been any gcc option of that kind. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2705)
2017-02-21Implementation of the ARIA cipher as described in RFC 5794.Pauli
This implementation is written in endian agnostic C code. No attempt at providing machine specific assembly code has been made. This implementation expands the evptests by including the test cases from RFC 5794 and ARIA official site rather than providing an individual test case. Support for ARIA has been integrated into the command line applications, but not TLS. Implemented modes are CBC, CFB1, CFB8, CFB128, CTR, ECB and OFB128. Reviewed-by: Andy Polyakov <appro@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2337)
2017-02-17If all versions of a proto are disabled, disabled the proto as wellRichard Levitte
For example, 'no-dtls1 no-dtls1_2' will imply 'no-dtls' Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2670)
2017-02-01Add support for parameterized SipHashTodd Short
The core SipHash supports either 8 or 16-byte output and a configurable number of rounds. The default behavior, as added to EVP, is to use 16-byte output and 2,4 rounds, which matches the behavior of most implementations. There is an EVP_PKEY_CTRL that can control the output size. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2216)
2017-01-31Add -Wno-parentheses-equality to dev-warnings.Rich Salz
Also fix a block comment formatting glitch. Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2327)
2016-12-29Fix compilation with no-ecMatt Caswell
Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2153)
2016-12-05Also set the CXXFLAG to the user supplied flagsKurt Roeckx
Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2025
2016-12-03Move libfuzzer sanitizer options to READMEKurt Roeckx
This is something you might want to change depending on the version to use, there is no point in us fixing this to something. Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2023
2016-12-03Use 8bit-counters when using libfuzzerKurt Roeckx
Reviewed-by: Rich Salz <rsalz@openssl.org> GH: #2023
2016-11-25INSTALL: clarify 386 and no-sse2 options.Andy Polyakov
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-15Only build the body of e_padlock when there are lower level routinesRichard Levitte
engines/e_padlock.c assumes that for all x86 and x86_64 platforms, the lower level routines will be present. However, that's not always true, for example for solaris-x86-cc, and that leads to build errors. The better solution is to have configure detect if the lower level padlock routines are being built, and define the macro PADLOCK_ASM if they are, and use that macro in our C code. Reviewed-by: Andy Polyakov <appro@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1510)
2016-11-15Make it possible to disable building and running testsRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1514)
2016-11-15Revert "Remove heartbeats completely"Richard Levitte
Done too soon, this is for future OpenSSL 1.2.0 This reverts commit 6c62f9e1639a7d1a879f363a99882920104dfedb. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-15Remove heartbeats completelyRichard Levitte
Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1669)
2016-11-10Building: make it possible to force linking with static OpenSSL libsRichard Levitte
Very simply, support having the .a extension to denote depending on static libraries. Note that this is not supported on native Windows when building shared libraries, as there is not static library then, just an import library with the same name. Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1889)
2016-11-04Control building of ossl_shim through ConfigureMatt Caswell
Don't build ossl_shim by default. Switch it on through enable-external-tests. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-11-04Integrate ossl_shim into the buildRichard Levitte
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-11-03Allow indented comments in build.infoRichard Levitte
Reviewed-by: Emilia Käsper <emilia@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1789)
2016-11-02Update Configure to know about tls1_3Matt Caswell
Also we disable TLS1.3 by default (use enable-tls1_3 to re-enable). This is because this is a WIP and will not be interoperable with any other TLS1.3 implementation. Finally, we fix some tests that started failing when TLS1.3 was disabled by default. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-01Revert "Disable MDC2 by default."Rich Salz
This reverts commit ca1574cec20589885000d039eed3a9375fb29a0d. Not suitabled for a minor release as it breaks the ABI. Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-10-31Disable MDC2 by default.Rich Salz
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-14Fix C++ support: set $target{cxx} correctlyRichard Levitte
Reviewed-by: Matt Caswell <matt@openssl.org>
2016-10-13Configure: remove superfluous 0xVitezslav Cizek
The number is taken from the OPENSSL_VERSION_NUMBER which is already in the hex form. CLA: trivial Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1706)
2016-10-13Remove automatic RPATH - add user rpath supportRichard Levitte
Make Configure recognise -rpath and -R to support user added rpaths for OSF1 and Solaris. For convenience, add a variable LIBRPATH in the Unix Makefile, which the users can use as follows: ./config [options] -Wl,-rpath,\$(LIBRPATH) Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-10-12Add support for C++ in ConfigureRichard Levitte
A note: this will form object file names by changing '.cc' to '_cc.o'. This will permit other configuration code to recognise these object files were built for C++ rather than C. Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-22Add -Wswitch-enumRich Salz
Change code so when switching on an enumeration, have case's for all enumeration values. Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-09-17Have the configuration options 'no-err' and 'no-async' work againRichard Levitte
In an earlier attempt to simplify the processing of disabled options, 'no-err' and 'no-async' stopped working properly. 'err' and 'async' are directories under 'crypto/', but they are special insofar that they can't be simply skipped, like all the algorithm directories can, so they need special treatment among the disablable things. Reviewed-by: Tim Hudson <tjh@openssl.org>