Commit Graph

896 Commits

Author SHA1 Message Date
Andy Polyakov
91cf7551a1 Configure: refine 'reconf' logic.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-22 10:32:08 +01:00
Rich Salz
2503af2684 Fix typo.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 17:58:32 -05:00
Rich Salz
2e31ef0366 Provide better "make depend" warning.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-12-16 17:43:41 -05:00
Ben Laurie
a7a14a23a9 Fix no-dgram.
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-12-16 21:31:56 +00:00
Rich Salz
2ab9687479 Remove GMP engine.
Reviewed-by: Ben Laurie <ben@openssl.org>
2015-12-15 07:59:56 -05:00
Andy Polyakov
22c2e80f89 Configure: add framework for ChaCha and Poly1305 assembly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-13 20:56:50 +01:00
Andy Polyakov
0c14d44254 Configure: 'reconf' to respect CROSS_COMPILE and CC.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-13 20:54:22 +01:00
Kurt Roeckx
a5ecdc6af8 Use OPENSSL_NO_DTLS instead of OPENSSL_NO_DTLS1
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-12 12:07:14 +01:00
Andy Polyakov
48f1484555 Configure: make no-chacha and no-poly1305 work.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-12-10 12:05:50 +01:00
Ben Laurie
28cbe2ab4a Link library for backtrace() on BSD...
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-09 13:37:30 +00:00
Richard Levitte
16b6081e0d Fix ./Configure reconf
'./Configure reconf' hasn't been working for a while, because a perl
lable needs to be immediately followed by a block.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-12-02 19:39:36 +01:00
Richard Levitte
a1d3f3d1d0 Move the backtrace memleak options to a separate variable
The contents of this variable ($memleak_devteam_backtrace) is added to
$cflags unless we build for a platform we know doesn't support gcc's
-rdynamic och backtrace() and friends.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-12-02 19:20:45 +01:00
Richard Levitte
012c540850 Add backtrace to memory leak output
This is an option for builds with gcc and --strict-warnings.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-12-02 16:49:08 +01:00
Richard Levitte
de17db915e Drop the old perl start magic and replace it with a normal shebang
perlrun(1) leads the way.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-24 14:06:45 +01:00
Jacob Bandes-Storch
f4d8f03755 Add perl modeline to Configure scripts
Encourages GitHub to perform proper syntax highlighting.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-11-24 13:12:57 +01:00
Richard Levitte
6703c4ea87 Make the match for previous cflags a bit more strict
./Configure [target] --strict-warnings -Wno-pedantic-ms-format
would not add '-pedantic' because it matches '-Wno-pedantic-ms-format',
which was added first.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-11-09 09:50:56 +01:00
Richard Levitte
489eb74090 Make Configure die when unsupported options are given
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-22 17:37:10 +02:00
Richard Levitte
8b527be2db Add an explicit list of options that can be disabled, enabled, ...
Configure has, so far, had no control at all of which 'no-' options it
can be given.  This means that, for example, someone could configure
with something absurd like 'no-stack' and then watch the build crumble
to dust...  or file a bug report.

This introduces some sanity into the possible choices.

The added list comes from looking for the explicit ones used in
Configure, and from grepping after OPENSSL_NO_ in all source files.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-22 17:37:10 +02:00
Emilia Kasper
58dd1ce91a make depend: prefer clang over makedepend
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-10-14 17:10:20 +02:00
Alessandro Ghedini
f386742cfb GH429: Add clang to travis
Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-10-13 14:04:53 -04:00
David Woodhouse
984d6c6052 Fix no-stdio build
Much related/similar work also done by
Ivan Nestlerode <ivan.nestlerode@sonos.com>

   +Replace FILE BIO's with dummy ops that fail.
   +Include <stdio.h> for sscanf() even with no-stdio (since the declaration
    is there). We rely on sscanf() to parse the OPENSSL_ia32cap environment
    variable, since it can be larger than a 'long'. And we don't rely on the
    availability of strtoull().
   +Remove OPENSSL_stderr(); not used.
   +Make OPENSSL_showfatal() do nothing (currently without stdio there's
    nothing we can do).
   +Remove file-based functionality from ssl/. The function
    prototypes were already gone, but not the functions themselves.
   +Remove unviable conf functionality via SYS_UEFI
   +Add fallback definition of BUFSIZ.
   +Remove functions taking FILE * from header files.
   +Add missing DECLARE_PEM_write_fp_const
   +Disable X509_LOOKUP_hash_dir(). X509_LOOKUP_file() was already compiled out,
    so remove its prototype.
   +Use OPENSSL_showfatal() in CRYPTO_destroy_dynlockid().
   +Eliminate SRP_VBASE_init() and supporting functions. Users will need to
    build the verifier manually instead.
   +Eliminate compiler warning for unused do_pk8pkey_fp().
   +Disable TEST_ENG_OPENSSL_PKEY.
   +Disable GOST engine as is uses [f]printf all over the place.
   +Eliminate compiler warning for unused send_fp_chars().

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-29 21:59:19 -04:00
Andy Polyakov
51cbee3516 Update year in Windows builds.
Reviewed-by: Matt Caswell <matt@openssl.org>
2015-09-28 15:32:38 +02:00
Ben Laurie
df2ee0e27d Enable -Wmissing-variable-declarations and
-Wincompatible-pointer-types-discards-qualifiers (the latter did not require
any code changes).

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-11 04:51:55 +01:00
Richard Levitte
fd9ad2300b Adapt mk1mf.pl and helpers to the new testing framework.
With the new testing framework, building a test target with mk1mf.pl
becomes a very simple thing.  And especially, no more need to do the
amount of hackery in unix.pl we did.

Also, some tests need a working apps/CA.pl as well as rehashed certs
in certs/demo.  So, move the code creating those files so it gets done
regardless, not just in non-mk1mf environments.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-09-07 16:10:58 +02:00
David Woodhouse
47bbaa5b60 Revert "OPENSSL_NO_xxx cleanup: RFC3779"
This reverts the non-cleanup parts of commit c73ad69017. We do actually
have a reasonable use case for OPENSSL_NO_RFC3779 in the EDK2 UEFI
build, since we don't have a strspn() function in our runtime environment
and we don't want the RFC3779 functionality anyway.

In addition, it changes the default behaviour of the Configure script so
that RFC3779 support isn't disabled by default. It was always disabled
from when it was first added in 2006, right up until the point where
OPENSSL_NO_RFC3779 was turned into a no-op, and the code in the
Configure script was left *trying* to disable it, but not actually
working.

Signed-off-by: Rich Salz <rsalz@akamai.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
2015-09-03 16:31:09 -04:00
Ben Laurie
480405e4a9 Add -Wconditional-uninitialized to clang strict warnings.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-02 02:45:44 +01:00
Ben Laurie
d237a2739c Build with --strict-warnings on FreeBSD.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-08-02 02:21:46 +01:00
Matt Caswell
e481f9b90b Remove support for OPENSSL_NO_TLSEXT
Given the pervasive nature of TLS extensions it is inadvisable to run
OpenSSL without support for them. It also means that maintaining
the OPENSSL_NO_TLSEXT option within the code is very invasive (and probably
not well tested). Therefore it is being removed.

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-05-22 23:10:51 +01:00
Matt Caswell
e36827f6d1 Remove remaining Kerberos references
Following on from the removal of libcrypto and libssl support for Kerberos
this commit removes all remaining references to Kerberos.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-05-13 15:08:10 +01:00
Ben Laurie
190c8c60c1 Fix build on MacOS.
Reviewed-by: Andy Polyakov
2015-05-01 17:46:17 +01:00
Andy Polyakov
c3b9bd11f9 Engage ec/asm/ecp_nistz256-sparcv9 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-21 09:39:52 +02:00
Andy Polyakov
cc98b998b8 Configure: Engage ecp_nistz256-armv8 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-04-20 14:58:01 +02:00
Andy Polyakov
2c6343bfa3 Configure: engage ARMv8 Montgomery multiplication module.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-20 14:41:10 +02:00
Emilia Kasper
13efe9d17e Use -Wall -Wextra with clang
The disabled set of -Weverything is hard to maintain across versions.
Use -Wall -Wextra but also document other useful warnings that currently trigger.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-17 18:17:50 +02:00
Dr. Stephen Henson
c954448f2c Add -Wtype-limits to strict warnings.
Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-15 13:57:51 +01:00
Richard Levitte
04958e84d8 Appease clang -Wgnu-statement-expression
We use GNU statement expressions in crypto/md32_common.h, surrounded
by checks that GNU C is indeed used to compile.  It seems that clang,
at least on Linux, pretends to be GNU C, therefore finds the statement
expressions and then warns about them.

The solution is to have clang be quiet about it.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-04-04 17:06:35 +02:00
Richard Levitte
dee502be89 Stop symlinking, move files to intended directory
Rather than making include/openssl/foo.h a symlink to
crypto/foo/foo.h, this change moves the file to include/openssl/foo.h
once and for all.

Likewise, move crypto/foo/footest.c to test/footest.c, instead of
symlinking it there.

Originally-by: Geoff Thorpe <geoff@openssl.org>

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-31 20:16:01 +02:00
Andy Polyakov
33b188a8e8 Engage vpaes-armv8 module.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-28 15:42:12 +01:00
Andy Polyakov
1818572d83 Configure: remove unused variables.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-28 15:36:40 +01:00
Matt Caswell
913f1042b3 Add -DDEBUG_UNUSED to --strict-warnings
In order to receive warnings on unused function return values the flag
-DDEBUG_UNUSED must be passed to the compiler. This change adds that for the
--strict-warnings Configure option.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-23 15:22:36 +00:00
Richard Levitte
9b956beccd Refer to $table{$target} rather than $table{$t}.
Using $t is an artifact from the earlier changes in Configure and was
unfortunately forgotten as is.

Reviewed-by: Stephen Henson <steve@openssl.org>
2015-03-22 00:57:09 +01:00
Richard Levitte
21ab123770 If the target is an old style debug- target, it will not have debugging [cl]flags
Reviewed-by: Stephen Henson <steve@openssl.org>
2015-03-19 22:49:51 +01:00
Andy Polyakov
7ead0c8918 Configure: fold related configurations more aggressively and clean-up.
Reviewed-by: Richard Levitte <levitte@openssl.org>
2015-03-18 16:27:00 +01:00
Richard Levitte
9e43c6b5c2 Correct the request of debug builds
./config would translate -d into having the target get a 'debug-'
prefix, and then run './Configure LIST' to find out if such a
debugging target exists or not.

With the recent changes, the separate 'debug-foo' targets are
disappearing, and we're giving the normal targets debugging
capabilities instead.  Unfortunately, './config' wasn't changed to
match this new behavior.

This change introduces the arguments '--debug' and '--release' - the
latter just for orthogonality - to ./Configure, and ./config now
treats -d by adding '--debug' to the options for ./Configure.

Reviewed-by: Matt Caswell <matt@openssl.org>
2015-03-17 17:01:31 +01:00
Richard Levitte
5e1b23536a Change all the main configurations to the new format.
As part of this, remove some levitte examples that never were relevant.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-16 22:16:30 +01:00
Richard Levitte
b124552999 Rethink templates.
Because base templates express inheritance of values, the attribute is
renamed to 'inherit_from', and texts about this talk about 'inheritance(s)'
rather than base templates.

As they were previously implemented, base templates that were listed
together would override one another, the first one acting as defaults for
the next and so on.

However, it was pointed out that a strength of inheritance would be to
base configurations on several templates - for example one for CPU, one
for operating system and one for compiler - and that requires a different
way of combining those templates.  With this change, inherited values
from several inheritances are concatenated by default (keep on reading).

Also, in-string templates with the double-curly syntax are removed,
replaced with the possibility to have a configuration value be a coderef
(i.e. a 'sub { /* your code goes here */ }') that gets the list of values
from all inheritances as the list @_.  The result of executing such a
coderef on a list of values is assumed to become a string.  ANY OTHER
FORM OF VALUE WILL CURRENTLY BREAK.

As a matter of fact, an attribute in the current config with no value is
assumed to have this coderef as value:

    sub { join(' ', @_) }

While we're at it, rename debug-[cl]flags to debug_[cl]flags and
nodebug-[cl]flags to release_[cl]flags.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-16 22:16:30 +01:00
Richard Levitte
7d46b9426f Add base template processing.
Base templates are templates that are used to inherit from.  They can
loosely be compared with parent class inheritance in object orientation.
They can be used for the same purpose as the variables with multi-field
strings are used in old-style string configurations.

Base templates are declared with the base_templates configuration
attribute, like so:

	"example_target" => {
		base_templates => [ "x86_asm", ... ]
		...
	}

Note: The value of base_templates MUST be an array reference (an array
enclosed in square brackets).

Any configuration target can be used as a base template by another.  It
is also possible to have a target that's a pure template and not meant to
be used directly as a configuration target.  Such a target is marked with
the template configuration attribute, like so:

	"example_template" => {
		template => 1,
		cc => "mycc",
		...
	},

As part of this commit, all variables with multi-field strings have been
translated to pure templates.  The variables currently remain since we
can't expect people to shift to hash table configurations immediately.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-16 22:16:30 +01:00
Richard Levitte
09816a2e33 Add template reference processing.
Template references are words with double brackets, and refer to the
same field in the target pointed at the the double bracketed word.

For example, if a target's configuration has the following entry:

    'cflags' => '-DFOO {{x86_debug}}'

... then {{x86_debug}} will be replaced with the 'cflags' value from
target 'x86_debug'.

Note: template references are resolved recursively, and circular
references are not allowed

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-16 22:16:30 +01:00
Richard Levitte
aaf878cc97 Rewrite Configure to handle the target values as hash tables.
The reasoning is that configuration strings are hard to read and error
prone, and that a better way would be for them to be key => value hashes.

Configure is made to be able to handle target configuration values as a
string as well as a hash.  It also does the best it can to combine a
"debug-foo" target with a "foo" target, given that they are similar
except for the cflags and lflags values.  The latter are spliced into
options that are common for "debug-foo" and "foo", options that exist
only with "debug-foo" and options that exist only with "foo", and make
them into combinable attributes that holds common cflags, extra cflags
for debuggin and extra cflags for non-debugging configurations.

The next step is to make it possible to have template configurations.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2015-03-16 22:16:30 +01:00
Richard Levitte
97a0cc5281 Move Configurations* out of the way and rename them.
Configure would load the glob "Configurations*".  The problem with
this is that it also loads all kinds of backups of those
configurations that some editors do, like emacs' classic
'Configurations~'.  The solution is to give them an extension, such as
'.conf', and make sure to end the glob with that.

Also, because 'Configurations.conf' makes for a silly name, and
because a possibly large number of configurations will become clutter,
move them to a subdirectory 'Configurations/', and rename them to
something more expressive, as well as something that sets up some form
of sorting order.  Thus:

    Configurations	->	Configurations/10-main.conf
    Configurations.team	->	Configurations/90-team.conf

Finally, make sure that Configure sorts the list of files that 'glob'
produces, and adapt Makefile.org.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2015-03-11 12:07:25 +01:00