mirror of
https://github.com/openssl/openssl.git
synced 2026-01-15 21:49:45 +00:00
Compare commits
1 Commits
feature/ac
...
SSLeay_0_9
| Author | SHA1 | Date | |
|---|---|---|---|
|
162d5f30be |
@@ -1,11 +0,0 @@
|
||||
#
|
||||
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
#
|
||||
|
||||
# Allow ctags to load configuration file under the sub directories.
|
||||
--optlib-dir=+./.ctags.d
|
||||
@@ -1,13 +0,0 @@
|
||||
#
|
||||
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
#
|
||||
|
||||
# List file names or patterns you want ctags to ignore.
|
||||
--exclude=.ctags.d
|
||||
--exclude=test
|
||||
--exclude=check-format-test-positives.c
|
||||
@@ -1,18 +0,0 @@
|
||||
#
|
||||
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
#
|
||||
|
||||
# This file is only for extracting macro definitions.
|
||||
--langmap=C:+.h
|
||||
-o -
|
||||
--sort=no
|
||||
--languages=C
|
||||
-R
|
||||
|
||||
--fields-C=+{macrodef}
|
||||
--fields=+{signature}
|
||||
1
.ctags.d/openssl-stage2/.gitignore
vendored
1
.ctags.d/openssl-stage2/.gitignore
vendored
@@ -1 +0,0 @@
|
||||
*macro-definitons.ctags
|
||||
@@ -1,9 +0,0 @@
|
||||
#
|
||||
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
#
|
||||
--param-CPreProcessor._expand=1
|
||||
@@ -1,2 +0,0 @@
|
||||
# Run util/openssl-format-source -v -c .
|
||||
0f113f3ee4d629ef9a4a30911b22b224772085e5
|
||||
19
.gitattributes
vendored
19
.gitattributes
vendored
@@ -1,19 +0,0 @@
|
||||
*.bin binary
|
||||
*.der binary
|
||||
/fuzz/corpora/** binary
|
||||
*.pfx binary
|
||||
test/recipes/15-test_ml_dsa_codecs_data/*.dat binary
|
||||
test/recipes/15-test_ml_kem_codecs_data/*.dat binary
|
||||
|
||||
# For git archive
|
||||
fuzz/corpora/** export-ignore
|
||||
Configurations/*.norelease.conf export-ignore
|
||||
# We generally avoid anything with a name starting with a period.
|
||||
# However, .ctags.d is precious, so we don't ignore that.
|
||||
.* export-ignore
|
||||
.ctags.d !export-ignore
|
||||
util/mktar.sh export-ignore
|
||||
krb5 export-ignore
|
||||
pyca-cryptography export-ignore
|
||||
dev export-ignore
|
||||
gost-engine export-ignore
|
||||
1
.github/FUNDING.yml
vendored
1
.github/FUNDING.yml
vendored
@@ -1 +0,0 @@
|
||||
github: openssl
|
||||
27
.github/ISSUE_TEMPLATE.md
vendored
27
.github/ISSUE_TEMPLATE.md
vendored
@@ -1,27 +0,0 @@
|
||||
<!--
|
||||
NOTE:
|
||||
|
||||
If you're asking about how to use OpenSSL, this isn't the right
|
||||
forum. Please see our User Support resources:
|
||||
https://github.com/openssl/openssl/blob/master/SUPPORT.md
|
||||
|
||||
If relevant, please remember to tell us in what OpenSSL version you
|
||||
found the issue.
|
||||
|
||||
Please remember to put ``` lines before and after any commands plus
|
||||
output and code, like this:
|
||||
|
||||
```
|
||||
$ echo output output output
|
||||
output output output
|
||||
```
|
||||
|
||||
```
|
||||
#include <stdio.h>
|
||||
|
||||
int main() {
|
||||
int foo = 1;
|
||||
printf("%d\n", foo);
|
||||
}
|
||||
```
|
||||
-->
|
||||
53
.github/ISSUE_TEMPLATE/bug_report.md
vendored
53
.github/ISSUE_TEMPLATE/bug_report.md
vendored
@@ -1,53 +0,0 @@
|
||||
---
|
||||
name: Bug report
|
||||
labels: 'issue: bug report'
|
||||
about: Report a defect in the software
|
||||
|
||||
---
|
||||
|
||||
<!--
|
||||
Thank you for your bug report. If this is your first one,
|
||||
please take the time to read the following lines before posting it.
|
||||
|
||||
NOTE:
|
||||
|
||||
If you're asking about how to use OpenSSL, this isn't the right
|
||||
forum. Please see our User Support resources:
|
||||
https://github.com/openssl/openssl/blob/master/SUPPORT.md
|
||||
|
||||
Please remember to tell us in what OpenSSL version you found the issue.
|
||||
|
||||
For build issues:
|
||||
|
||||
If this is a build issue, please include the configuration output
|
||||
as well as a log of all errors. Don't forget to include the exact
|
||||
commands you typed.
|
||||
|
||||
With OpenSSL before 1.1.1, the configuration output comes from the
|
||||
configuration command. With OpenSSL 1.1.1 and on, it's the output
|
||||
of `perl configdata.pm --dump`
|
||||
|
||||
For other issues:
|
||||
|
||||
If it isn't a build issue, example code or commands to reproduce
|
||||
the issue is highly appreciated.
|
||||
Also, please remember to tell us if you worked with your own
|
||||
OpenSSL build or if it is system provided.
|
||||
|
||||
Please remember to put ``` lines before and after any commands plus
|
||||
output and code, like this:
|
||||
|
||||
```
|
||||
$ echo output output output
|
||||
output output output
|
||||
```
|
||||
|
||||
```
|
||||
#include <stdio.h>
|
||||
|
||||
int main() {
|
||||
int foo = 1;
|
||||
printf("%d\n", foo);
|
||||
}
|
||||
```
|
||||
-->
|
||||
14
.github/ISSUE_TEMPLATE/documentation.md
vendored
14
.github/ISSUE_TEMPLATE/documentation.md
vendored
@@ -1,14 +0,0 @@
|
||||
---
|
||||
name: Documentation
|
||||
labels: 'issue: documentation'
|
||||
about: Report an error in (or missing) documentation
|
||||
---
|
||||
|
||||
<!--
|
||||
Thank you for taking the time to report a documentation issue.
|
||||
|
||||
Please remember to tell us which OpenSSL version you are using and then
|
||||
briefly describe the documentation error and where you encountered it
|
||||
(e.g., in which manual page). If you are missing the documentation for a
|
||||
certain command or API function, please tell us its name.
|
||||
-->
|
||||
34
.github/ISSUE_TEMPLATE/feature_request.md
vendored
34
.github/ISSUE_TEMPLATE/feature_request.md
vendored
@@ -1,34 +0,0 @@
|
||||
---
|
||||
name: Feature request
|
||||
labels: 'issue: feature request'
|
||||
about: Propose a feature you would like to see added in the software
|
||||
|
||||
---
|
||||
|
||||
<!--
|
||||
Thank you for your feature request. If this is your first one,
|
||||
please take the time to read the following lines before posting it.
|
||||
|
||||
NOTE:
|
||||
|
||||
If you're asking about how to use OpenSSL, this isn't the right
|
||||
forum. Please see our User Support resources:
|
||||
https://github.com/openssl/openssl/blob/master/SUPPORT.md
|
||||
|
||||
Please remember to put ``` lines before and after any commands plus
|
||||
output and code, like this:
|
||||
|
||||
```
|
||||
$ echo output output output
|
||||
output output output
|
||||
```
|
||||
|
||||
```
|
||||
#include <stdio.h>
|
||||
|
||||
int main() {
|
||||
int foo = 1;
|
||||
printf("%d\n", foo);
|
||||
}
|
||||
```
|
||||
-->
|
||||
10
.github/ISSUE_TEMPLATE/question.md
vendored
10
.github/ISSUE_TEMPLATE/question.md
vendored
@@ -1,10 +0,0 @@
|
||||
---
|
||||
name: Question
|
||||
labels: 'issue: question'
|
||||
about: Please use Q&A in Discussions instead
|
||||
---
|
||||
|
||||
Please do NOT use issues to ask questions about OpenSSL.
|
||||
|
||||
Instead, please use the [Q&A category in Discussions](<https://github.com/openssl/openssl/discussions/new?category=q-a>)
|
||||
to ask your question.
|
||||
14
.github/PULL_REQUEST_TEMPLATE.md
vendored
14
.github/PULL_REQUEST_TEMPLATE.md
vendored
@@ -1,14 +0,0 @@
|
||||
<!--
|
||||
Thank you for your pull request. Please review these requirements:
|
||||
|
||||
Contributors guide: https://github.com/openssl/openssl/blob/master/CONTRIBUTING.md
|
||||
|
||||
Other than that, provide a description above this comment if there isn't one already
|
||||
|
||||
If this fixes a GitHub issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message.
|
||||
-->
|
||||
|
||||
##### Checklist
|
||||
<!-- Remove items that do not apply. For completed items, change [ ] to [x]. -->
|
||||
- [ ] documentation is added or updated
|
||||
- [ ] tests are added or updated
|
||||
15
.github/dependabot.yml
vendored
15
.github/dependabot.yml
vendored
@@ -1,15 +0,0 @@
|
||||
version: 2
|
||||
updates:
|
||||
- package-ecosystem: "github-actions"
|
||||
directory: "/"
|
||||
schedule:
|
||||
interval: "daily"
|
||||
commit-message:
|
||||
prefix: "Dependabot update\n\nCLA: trivial\n\n"
|
||||
include: "scope"
|
||||
labels:
|
||||
- "dependencies"
|
||||
- "cla: trivial"
|
||||
- "approval: review pending"
|
||||
reviewers:
|
||||
- "openssl/committers"
|
||||
@@ -1,26 +0,0 @@
|
||||
name: "Build openssl interop container from master"
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '40 02 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
update_quay_container:
|
||||
if: github.repository == 'openssl/openssl'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: "log in to quay.io"
|
||||
run: |
|
||||
docker login -u openssl-ci+machine -p ${{ secrets.QUAY_IO_PASSWORD }} quay.io
|
||||
- name: "Build container"
|
||||
run: |
|
||||
cd test/quic-openssl-docker/
|
||||
docker build -t quay.io/openssl-ci/openssl-quic-interop:latest .
|
||||
- name: "Push to quay"
|
||||
run: |
|
||||
docker push quay.io/openssl-ci/openssl-quic-interop:latest
|
||||
|
||||
715
.github/workflows/ci.yml
vendored
715
.github/workflows/ci.yml
vendored
@@ -1,715 +0,0 @@
|
||||
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: GitHub CI
|
||||
|
||||
on: [pull_request, push]
|
||||
|
||||
# for some reason, this does not work:
|
||||
# variables:
|
||||
# BUILDOPTS: "-j4"
|
||||
# HARNESS_JOBS: "${HARNESS_JOBS:-4}"
|
||||
|
||||
# for some reason, this does not work:
|
||||
# before_script:
|
||||
# - make="make -s"
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
OSSL_RUN_CI_TESTS: 1
|
||||
|
||||
jobs:
|
||||
check_update:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: install unifdef
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured enable-fips && perl configdata.pm --dump
|
||||
- name: make build_generated
|
||||
run: make -s build_generated
|
||||
- name: make update
|
||||
run: make update
|
||||
- name: git diff
|
||||
run: git diff --exit-code
|
||||
|
||||
check_docs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured enable-fips && perl configdata.pm --dump
|
||||
- name: make build_generated
|
||||
run: make -s build_generated
|
||||
- name: make doc-nits
|
||||
run: make doc-nits
|
||||
- name: make help
|
||||
run: make help
|
||||
- name: make md-nits
|
||||
run: |
|
||||
sudo gem install mdl
|
||||
make md-nits
|
||||
|
||||
# This checks that we use ANSI C language syntax and semantics.
|
||||
# We are not as strict with libraries, but rather adapt to what's
|
||||
# expected to be available in a certain version of each platform.
|
||||
check-ansi:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: config
|
||||
run: CPPFLAGS='-ansi -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L' ./config --strict-warnings --banner=Configured enable-sslkeylog no-asm no-secure-memory no-makedepend enable-buildtest-c++ enable-fips && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
|
||||
basic_gcc:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: localegen
|
||||
run: sudo locale-gen tr_TR.UTF-8
|
||||
- name: fipsvendor
|
||||
# Make one fips build use a customized FIPS vendor
|
||||
run: echo "FIPS_VENDOR=CI" >> VERSION.dat
|
||||
- name: config
|
||||
# enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere
|
||||
run: CC=gcc ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-sslkeylog enable-fips enable-quic && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test
|
||||
- name: check fipsvendor
|
||||
run: |
|
||||
util/wrap.pl -fips apps/openssl list -providers | grep 'name: CI FIPS Provider for OpenSSL$'
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@basic-gcc"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
basic_clang:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: CC=clang ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-fips && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@basic-clang"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
linux-arm64:
|
||||
runs-on: ${{ github.repository == 'openssl/openssl' && 'linux-arm64' || 'ubuntu-24.04-arm' }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: config
|
||||
run: ./config --strict-warnings enable-demos enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@linux-arm64"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
freebsd-x86_64:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: config
|
||||
uses: cross-platform-actions/action@v0.26.0
|
||||
with:
|
||||
operating_system: freebsd
|
||||
version: "13.4"
|
||||
shutdown_vm: false
|
||||
run: |
|
||||
sudo pkg install -y gcc perl5
|
||||
./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
|
||||
- name: config dump
|
||||
uses: cross-platform-actions/action@v0.26.0
|
||||
with:
|
||||
operating_system: freebsd
|
||||
version: "13.4"
|
||||
shutdown_vm: false
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
uses: cross-platform-actions/action@v0.26.0
|
||||
with:
|
||||
operating_system: freebsd
|
||||
version: "13.4"
|
||||
shutdown_vm: false
|
||||
run: make -j4
|
||||
- name: make test
|
||||
uses: cross-platform-actions/action@v0.26.0
|
||||
with:
|
||||
operating_system: freebsd
|
||||
version: "13.4"
|
||||
run: |
|
||||
./util/opensslwrap.sh version -c
|
||||
.github/workflows/make-test
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@BSD-x86_64"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
minimal:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-bulk no-pic no-asm -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -j4 # verbose, so no -s here
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@minimal"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
no-deprecated:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-deprecated enable-fips && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@no-deprecated"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
no-shared-ubuntu:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@no-shared-ubuntu"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
no-shared-macos:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
os: [macos-13, macos-14]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
sysctl machdep.cpu
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@no-shared-${{ matrix.os }}"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
non-caching:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: Adjust ASLR for sanitizer
|
||||
run: |
|
||||
sudo cat /proc/sys/vm/mmap_rnd_bits
|
||||
sudo sysctl -w vm.mmap_rnd_bits=28
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@non-caching"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
address_ub_sanitizer:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: Adjust ASLR for sanitizer
|
||||
run: |
|
||||
sudo cat /proc/sys/vm/mmap_rnd_bits
|
||||
sudo sysctl -w vm.mmap_rnd_bits=28
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@address_ub_sanitizer"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
fuzz_tests:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: Adjust ASLR for sanitizer
|
||||
run: |
|
||||
sudo cat /proc/sys/vm/mmap_rnd_bits
|
||||
sudo sysctl -w vm.mmap_rnd_bits=28
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*"
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@fuzz_tests"
|
||||
path: artifacts.tar.gz
|
||||
if-no-files-found: ignore
|
||||
|
||||
memory_sanitizer:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: Adjust ASLR for sanitizer
|
||||
run: |
|
||||
sudo cat /proc/sys/vm/mmap_rnd_bits
|
||||
sudo sysctl -w vm.mmap_rnd_bits=28
|
||||
- name: config
|
||||
# --debug -O1 is to produce a debug build that runs in a reasonable amount of time
|
||||
run: CC=clang ./config --strict-warnings --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips no-slh-dsa && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@memory_sanitizer"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
threads_sanitizer:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: Adjust ASLR for sanitizer
|
||||
run: |
|
||||
sudo cat /proc/sys/vm/mmap_rnd_bits
|
||||
sudo sysctl -w vm.mmap_rnd_bits=28
|
||||
- name: config
|
||||
run: CC=clang ./config --strict-warnings --banner=Configured no-shared no-fips -g -fsanitize=thread && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test V=1 TESTS="test_lhash test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@threads_sanitizer"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
enable_non-default_options:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: modprobe tls
|
||||
run: sudo modprobe tls
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips no-threads && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@enable_non-default_options"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
full_featured:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: modprobe tls
|
||||
run: sudo modprobe tls
|
||||
- name: Enable sctp
|
||||
run: sudo modprobe sctp
|
||||
- name: Enable auth in sctp
|
||||
run: sudo sysctl -w net.sctp.auth_enable=1
|
||||
- name: install extra config support
|
||||
run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-zlib enable-zstd && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@full_featured"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
no-legacy:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-legacy enable-fips && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@no-legacy"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
legacy:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured --debug no-afalgeng enable-demos enable-h3demo no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: .github/workflows/make-test
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@legacy"
|
||||
path: artifacts.tar.gz
|
||||
|
||||
# out-of-source-and-install checks multiple things at the same time:
|
||||
# - That building, testing and installing works from an out-of-source
|
||||
# build tree
|
||||
# - That building, testing and installing works with a read-only source
|
||||
# tree
|
||||
out-of-readonly-source-and-install-ubuntu:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
path: ./source
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
working-directory: ./source
|
||||
- name: make source read-only
|
||||
run: chmod -R a-w ./source
|
||||
- name: create build and install directories
|
||||
run: |
|
||||
mkdir ./build
|
||||
mkdir ./install
|
||||
- name: config
|
||||
run: |
|
||||
../source/config --banner=Configured enable-demos enable-h3demo enable-fips enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
|
||||
perl configdata.pm --dump
|
||||
working-directory: ./build
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
working-directory: ./build
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
working-directory: ./build
|
||||
- name: make test
|
||||
run: ../source/.github/workflows/make-test
|
||||
working-directory: ./build
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@out-of-readonly-source-and-install-ubuntu"
|
||||
path: build/artifacts.tar.gz
|
||||
- name: make install
|
||||
run: make install
|
||||
working-directory: ./build
|
||||
|
||||
out-of-readonly-source-and-install-macos:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
os: [macos-13, macos-14]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
path: ./source
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
working-directory: ./source
|
||||
- name: make source read-only
|
||||
run: chmod -R a-w ./source
|
||||
- name: create build and install directories
|
||||
run: |
|
||||
mkdir ./build
|
||||
mkdir ./install
|
||||
- name: config
|
||||
run: |
|
||||
../source/config --banner=Configured enable-fips enable-demos enable-h3demo enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
|
||||
perl configdata.pm --dump
|
||||
working-directory: ./build
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
working-directory: ./build
|
||||
- name: get cpu info
|
||||
run: |
|
||||
sysctl machdep.cpu
|
||||
./util/opensslwrap.sh version -c
|
||||
working-directory: ./build
|
||||
- name: make test
|
||||
run: ../source/.github/workflows/make-test
|
||||
working-directory: ./build
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "ci@out-of-readonly-source-and-install-${{ matrix.os }}"
|
||||
path: build/artifacts.tar.gz
|
||||
- name: make install
|
||||
run: make install
|
||||
working-directory: ./build
|
||||
|
||||
external-tests-misc:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
submodules: recursive
|
||||
- name: package installs
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy gdb
|
||||
- name: install cpanm and Test2::V0 for gost_engine testing
|
||||
uses: perl-actions/install-with-cpanm@stable
|
||||
with:
|
||||
install: Test2::V0
|
||||
- name: setup hostname workaround
|
||||
run: sudo hostname localhost
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured --debug no-afalgeng enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- uses: dtolnay/rust-toolchain@stable
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: test external gost-engine
|
||||
run: make test TESTS="test_external_gost_engine"
|
||||
- name: test external krb5
|
||||
run: make test TESTS="test_external_krb5"
|
||||
- name: test external tlsfuzzer
|
||||
run: make test TESTS="test_external_tlsfuzzer"
|
||||
- name: test external Cloudflare quiche
|
||||
run: make test TESTS="test_external_cf_quiche" VERBOSE=1
|
||||
- name: test ability to produce debuginfo files
|
||||
run: |
|
||||
make debuginfo
|
||||
gdb < <(echo -e "file ./libcrypto.so.3\nquit") > ./results
|
||||
grep -q "Reading symbols from.*libcrypto\.so\.3\.debug" results
|
||||
|
||||
external-tests-providers:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
submodules: recursive
|
||||
- name: package installs
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq install meson pkg-config gnutls-bin libnss3-tools libnss3-dev libsofthsm2 opensc expect
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured --debug enable-external-tests && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: test external oqs-provider
|
||||
run: make test TESTS="test_external_oqsprovider"
|
||||
# Disabled temporarily: https://github.com/latchset/pkcs11-provider/pull/525#discussion_r1982805969
|
||||
# - name: test external pkcs11-provider
|
||||
# run: make test TESTS="test_external_pkcs11_provider" VERBOSE=1
|
||||
|
||||
external-tests-pyca:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
matrix:
|
||||
PYTHON:
|
||||
- 3.9
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
submodules: recursive
|
||||
- name: package installs
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq install pkgconf libssl-dev
|
||||
- name: Configure OpenSSL
|
||||
run: ./config --strict-warnings --banner=Configured --debug enable-external-tests && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: Setup Python
|
||||
uses: actions/setup-python@v5.3.0
|
||||
with:
|
||||
python-version: ${{ matrix.PYTHON }}
|
||||
- uses: dtolnay/rust-toolchain@stable
|
||||
with:
|
||||
toolchain: stable
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: test external pyca
|
||||
run: make test TESTS="test_external_pyca" VERBOSE=1
|
||||
118
.github/workflows/compiler-zoo.yml
vendored
118
.github/workflows/compiler-zoo.yml
vendored
@@ -1,118 +0,0 @@
|
||||
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: Compiler Zoo CI
|
||||
|
||||
on: [push]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
compiler:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
zoo: [
|
||||
{
|
||||
cc: gcc-9,
|
||||
distro: ubuntu-22.04
|
||||
}, {
|
||||
cc: gcc-10,
|
||||
distro: ubuntu-22.04
|
||||
}, {
|
||||
cc: gcc-11,
|
||||
distro: ubuntu-22.04
|
||||
}, {
|
||||
cc: gcc-12,
|
||||
distro: ubuntu-22.04
|
||||
}, {
|
||||
cc: gcc-13,
|
||||
distro: ubuntu-22.04,
|
||||
gcc-ppa-name: ubuntu-toolchain-r/test
|
||||
}, {
|
||||
cc: clang-11,
|
||||
distro: ubuntu-22.04
|
||||
}, {
|
||||
cc: clang-12,
|
||||
distro: ubuntu-22.04
|
||||
}, {
|
||||
cc: clang-13,
|
||||
distro: ubuntu-22.04
|
||||
}, {
|
||||
cc: clang-14,
|
||||
distro: ubuntu-22.04
|
||||
}, {
|
||||
cc: clang-15,
|
||||
distro: ubuntu-22.04,
|
||||
llvm-ppa-name: jammy
|
||||
}, {
|
||||
cc: clang-16,
|
||||
distro: ubuntu-22.04,
|
||||
llvm-ppa-name: jammy
|
||||
}, {
|
||||
cc: clang-17,
|
||||
distro: ubuntu-22.04,
|
||||
llvm-ppa-name: jammy
|
||||
}
|
||||
]
|
||||
# We set per-compiler now to allow testing with both older and newer sets
|
||||
# Often, the full range of oldest->newest compilers we want aren't available
|
||||
# in a single version of Ubuntu.
|
||||
runs-on: ${{ matrix.zoo.distro }}
|
||||
steps:
|
||||
- name: install packages
|
||||
run: |
|
||||
gcc_ppa_name="${{ matrix.zoo.gcc-ppa-name }}"
|
||||
llvm_ppa_name="${{ matrix.zoo.llvm-ppa-name }}"
|
||||
|
||||
# In the Matrix above:
|
||||
# - we set gcc-ppc-name if the GCC version isn't part of the Ubuntu version we're using (see https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test).
|
||||
# - we set llvm-ppa-name if an LLVM version isn't part of the Ubuntu version we're using (see https://apt.llvm.org/).
|
||||
# This is especially needed because even new Ubuntu LTSes aren't available
|
||||
# until a while after release on Github Actions.
|
||||
if [[ -n ${gcc_ppa_name} ]] ; then
|
||||
sudo add-apt-repository ppa:ubuntu-toolchain-r/test
|
||||
sudo apt-get update
|
||||
elif [[ -n ${llvm_ppa_name} ]] ; then
|
||||
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key |\
|
||||
gpg --dearmor |\
|
||||
sudo tee /usr/share/keyrings/llvm-snapshot.gpg.key > /dev/null
|
||||
|
||||
clang_version="${{ matrix.zoo.cc }}"
|
||||
clang_version="${clang_version/clang-}"
|
||||
|
||||
echo "deb [signed-by=/usr/share/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/${{ matrix.zoo.llvm-ppa-name }}/ llvm-toolchain-${{ matrix.zoo.llvm-ppa-name }}-${clang_version} main" \
|
||||
| sudo tee /etc/apt/sources.list.d/llvm.list
|
||||
echo "deb-src [signed-by=/usr/share/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/${{ matrix.zoo.llvm-ppa-name }}/ llvm-toolchain-${{ matrix.zoo.llvm-ppa-name }}-${clang_version} main" \
|
||||
| sudo tee -a /etc/apt/sources.list.d/llvm.list
|
||||
|
||||
cat /etc/apt/sources.list.d/llvm.list
|
||||
fi
|
||||
|
||||
sudo apt-get update
|
||||
sudo apt-get -y install ${{ matrix.zoo.cc }}
|
||||
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
|
||||
- name: config
|
||||
run: |
|
||||
CC=${{ matrix.zoo.cc }} ./config --strict-warnings --banner=Configured \
|
||||
no-shared enable-fips
|
||||
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
126
.github/workflows/coveralls.yml
vendored
126
.github/workflows/coveralls.yml
vendored
@@ -1,126 +0,0 @@
|
||||
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: Coverage
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '15 02 * * *'
|
||||
workflow_dispatch:
|
||||
inputs:
|
||||
branch:
|
||||
description: Branch to measure coverage
|
||||
required: true
|
||||
default: master
|
||||
extra_config:
|
||||
description: Extra options for configuration script
|
||||
default: ""
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
define-matrix:
|
||||
runs-on: ubuntu-latest
|
||||
outputs:
|
||||
branches: ${{ steps.branches.outputs.branches }}
|
||||
steps:
|
||||
- name: Define branches
|
||||
id: branches
|
||||
run: |
|
||||
if [ "${{ github.event_name}}" = "workflow_dispatch" ]; then
|
||||
MATRIX=$(cat << EOF
|
||||
[{
|
||||
"branch": "${{ github.event.inputs.branch }}",
|
||||
"extra_config": "${{ github.event.inputs.extra_config }}"
|
||||
}]
|
||||
EOF
|
||||
)
|
||||
else
|
||||
MATRIX=$(cat << EOF
|
||||
[{
|
||||
"branch": "openssl-3.5",
|
||||
"extra_config": "no-afalgeng enable-fips enable-tfo"
|
||||
},{
|
||||
"branch": "openssl-3.4",
|
||||
"extra_config": "no-afalgeng enable-fips enable-tfo"
|
||||
}, {
|
||||
"branch": "openssl-3.3",
|
||||
"extra_config": "no-afalgeng enable-fips enable-tfo"
|
||||
}, {
|
||||
"branch": "openssl-3.2",
|
||||
"extra_config": "no-afalgeng enable-fips enable-tfo"
|
||||
}, {
|
||||
"branch": "openssl-3.1",
|
||||
"extra_config": "no-afalgeng enable-fips"
|
||||
}, {
|
||||
"branch": "openssl-3.0",
|
||||
"extra_config": "no-afalgeng enable-fips"
|
||||
}, {
|
||||
"branch": "master",
|
||||
"extra_config": "no-afalgeng enable-fips enable-tfo"
|
||||
}]
|
||||
EOF
|
||||
)
|
||||
fi
|
||||
echo "branches<<EOF"$'\n'"$MATRIX"$'\n'EOF >> "$GITHUB_OUTPUT"
|
||||
|
||||
coverage:
|
||||
needs: define-matrix
|
||||
permissions:
|
||||
checks: write # for coverallsapp/github-action to create new checks
|
||||
contents: read # for actions/checkout to fetch code
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
branches: ${{ fromJSON(needs.define-matrix.outputs.branches) }}
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
submodules: recursive
|
||||
ref: ${{ matrix.branches.branch }}
|
||||
- name: cache commit id
|
||||
run: |
|
||||
echo "githubid=`/usr/bin/git log -1 --format='%H'`" >>$GITHUB_ENV
|
||||
- name: package installs
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq install lcov
|
||||
sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
|
||||
- name: install Test2::V0 for gost_engine testing
|
||||
uses: perl-actions/install-with-cpanm@stable
|
||||
with:
|
||||
install: Test2::V0
|
||||
- name: setup hostname workaround
|
||||
run: sudo hostname localhost
|
||||
- name: config
|
||||
run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-buildtest-c++ enable-ssl-trace enable-trace
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test TESTS='-test_external_krb5' EVP_TEST_EXTENDED=1
|
||||
- name: generate coverage info
|
||||
run: lcov -d . -c
|
||||
--exclude "${PWD}/test/*"
|
||||
--exclude "${PWD}/fuzz/*"
|
||||
--exclude "/usr/include/*"
|
||||
--ignore-errors mismatch
|
||||
-o ./lcov.info
|
||||
- name: Coveralls upload
|
||||
uses: coverallsapp/github-action@v2.3.2
|
||||
with:
|
||||
github-token: ${{ secrets.github_token }}
|
||||
git-branch: ${{ matrix.branches.branch }}
|
||||
git-commit: ${{ env.githubid }}
|
||||
path-to-lcov: ./lcov.info
|
||||
233
.github/workflows/cross-compiles.yml
vendored
233
.github/workflows/cross-compiles.yml
vendored
@@ -1,233 +0,0 @@
|
||||
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: Cross Compile
|
||||
|
||||
on: [pull_request, push]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
cross-compilation:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
# The platform matrix specifies:
|
||||
# arch: the architecture to build for, this defines the tool-chain
|
||||
# prefix {arch}- and the Debian compiler package gcc-{arch}
|
||||
# name.
|
||||
# libs: the Debian package for the necessary link/runtime libraries.
|
||||
# target: the OpenSSL configuration target to use, this is passed
|
||||
# directly to the config command line.
|
||||
# fips: set to "no" to disable building FIPS, leave unset to
|
||||
# build the FIPS provider.
|
||||
# tests: omit this to run all the tests using QEMU, set it to "none"
|
||||
# to never run the tests, otherwise its value is passed to
|
||||
# the "make test" command to allow selective disabling of
|
||||
# tests.
|
||||
# qemucpu: optional; string that describes CPU properties.
|
||||
# The string will be used to set the QEMU_CPU variable.
|
||||
# opensslcapsname: optional; string that describes the postfix of the
|
||||
# OpenSSL environment variable that defines CPU
|
||||
# capabilities. E.g. "foo" will result in an
|
||||
# environment variable with the name OPENSSL_foo.
|
||||
# opensslcaps: optional; if opensslcapsname (see above) is set, then
|
||||
# this string will be used as content for the OpenSSL
|
||||
# capabilities variable.
|
||||
# ppa: Launchpad PPA repository to download packages from.
|
||||
platform: [
|
||||
{
|
||||
arch: i386-pc-msdosdjgpp,
|
||||
libs: libc-djgpp-dev libwatt-djgpp-dev djgpp-utils,
|
||||
target: no-threads 386 DJGPP,
|
||||
tests: none,
|
||||
ppa: jwt27/djgpp-toolchain
|
||||
}, {
|
||||
arch: aarch64-linux-gnu,
|
||||
libs: libc6-dev-arm64-cross,
|
||||
target: linux-aarch64,
|
||||
fips: no
|
||||
}, {
|
||||
arch: alpha-linux-gnu,
|
||||
libs: libc6.1-dev-alpha-cross,
|
||||
target: linux-alpha-gcc,
|
||||
fips: no
|
||||
}, {
|
||||
arch: arm-linux-gnueabi,
|
||||
libs: libc6-dev-armel-cross,
|
||||
target: linux-armv4,
|
||||
fips: no,
|
||||
tests: -test_includes -test_store -test_x509_store
|
||||
}, {
|
||||
arch: arm-linux-gnueabihf,
|
||||
libs: libc6-dev-armhf-cross,
|
||||
target: linux-armv4,
|
||||
fips: no,
|
||||
tests: -test_includes -test_store -test_x509_store
|
||||
}, {
|
||||
# gcc hppa seems to have some potential compiler issues
|
||||
# with -O2 on this platform, reduce optimization to -01
|
||||
arch: hppa-linux-gnu,
|
||||
libs: libc6-dev-hppa-cross,
|
||||
target: -static -O1 linux-generic32,
|
||||
fips: no,
|
||||
tests: -test_includes -test_store -test_x509_store
|
||||
}, {
|
||||
arch: m68k-linux-gnu,
|
||||
libs: libc6-dev-m68k-cross,
|
||||
target: -static -m68040 linux-latomic -Wno-stringop-overflow,
|
||||
fips: no,
|
||||
tests: -test_includes -test_store -test_x509_store
|
||||
}, {
|
||||
arch: mips-linux-gnu,
|
||||
libs: libc6-dev-mips-cross,
|
||||
target: -static linux-mips32,
|
||||
fips: no,
|
||||
tests: -test_includes -test_store -test_x509_store
|
||||
}, {
|
||||
arch: mips64-linux-gnuabi64,
|
||||
libs: libc6-dev-mips64-cross,
|
||||
target: -static linux64-mips64,
|
||||
fips: no
|
||||
}, {
|
||||
arch: mipsel-linux-gnu,
|
||||
libs: libc6-dev-mipsel-cross,
|
||||
target: linux-mips32,
|
||||
fips: no,
|
||||
tests: -test_includes -test_store -test_x509_store
|
||||
}, {
|
||||
arch: powerpc64le-linux-gnu,
|
||||
libs: libc6-dev-ppc64el-cross,
|
||||
target: linux-ppc64le,
|
||||
fips: no
|
||||
}, {
|
||||
arch: riscv64-linux-gnu,
|
||||
libs: libc6-dev-riscv64-cross,
|
||||
target: linux64-riscv64,
|
||||
fips: no
|
||||
}, {
|
||||
arch: s390x-linux-gnu,
|
||||
libs: libc6-dev-s390x-cross,
|
||||
target: linux64-s390x -Wno-stringop-overflow,
|
||||
fips: no
|
||||
}, {
|
||||
arch: sh4-linux-gnu,
|
||||
libs: libc6-dev-sh4-cross,
|
||||
target: no-async linux-latomic,
|
||||
fips: no,
|
||||
tests: -test_includes -test_store -test_x509_store
|
||||
},
|
||||
|
||||
# These build with shared libraries but they crash when run
|
||||
# They mirror static builds above in order to cover more of the
|
||||
# code base.
|
||||
{
|
||||
arch: hppa-linux-gnu,
|
||||
libs: libc6-dev-hppa-cross,
|
||||
target: linux-generic32,
|
||||
tests: none
|
||||
}, {
|
||||
arch: m68k-linux-gnu,
|
||||
libs: libc6-dev-m68k-cross,
|
||||
target: -mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic,
|
||||
tests: none
|
||||
}, {
|
||||
arch: mips-linux-gnu,
|
||||
libs: libc6-dev-mips-cross,
|
||||
target: linux-mips32,
|
||||
tests: none
|
||||
}, {
|
||||
arch: mips64-linux-gnuabi64,
|
||||
libs: libc6-dev-mips64-cross,
|
||||
target: linux64-mips64,
|
||||
tests: none
|
||||
},
|
||||
|
||||
# This build doesn't execute either with or without shared libraries.
|
||||
{
|
||||
arch: sparc64-linux-gnu,
|
||||
libs: libc6-dev-sparc64-cross,
|
||||
target: linux64-sparcv9,
|
||||
tests: none
|
||||
}
|
||||
]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: install package repository
|
||||
if: matrix.platform.ppa != ''
|
||||
run: |
|
||||
sudo add-apt-repository ppa:${{ matrix.platform.ppa }}
|
||||
- name: install packages
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq --force-yes install \
|
||||
gcc-${{ matrix.platform.arch }} \
|
||||
${{ matrix.platform.libs }}
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
|
||||
- name: config with FIPS
|
||||
if: matrix.platform.fips != 'no'
|
||||
run: |
|
||||
./config --banner=Configured --strict-warnings enable-fips \
|
||||
--cross-compile-prefix=${{ matrix.platform.arch }}- \
|
||||
${{ matrix.platform.target }}
|
||||
- name: config without FIPS
|
||||
if: matrix.platform.fips == 'no'
|
||||
run: |
|
||||
./config --banner=Configured --strict-warnings \
|
||||
--cross-compile-prefix=${{ matrix.platform.arch }}- \
|
||||
${{ matrix.platform.target }}
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
|
||||
- name: install qemu
|
||||
if: matrix.platform.tests != 'none'
|
||||
run: sudo apt-get -yq --force-yes install qemu-user
|
||||
|
||||
- name: Set QEMU environment
|
||||
if: matrix.platform.qemucpu != ''
|
||||
run: echo "QEMU_CPU=${{ matrix.platform.qemucpu }}" >> $GITHUB_ENV
|
||||
|
||||
- name: Set OpenSSL caps environment
|
||||
if: matrix.platform.opensslcapsname != ''
|
||||
run: echo "OPENSSL_${{ matrix.platform.opensslcapsname }}=\
|
||||
${{ matrix.platform.opensslcaps }}" >> $GITHUB_ENV
|
||||
|
||||
- name: get cpu info
|
||||
run: cat /proc/cpuinfo
|
||||
|
||||
- name: make all tests
|
||||
if: github.event_name == 'push' && matrix.platform.tests == ''
|
||||
run: |
|
||||
.github/workflows/make-test \
|
||||
TESTS="-test_afalg" \
|
||||
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
|
||||
- name: make some tests
|
||||
if: github.event_name == 'push' && matrix.platform.tests != 'none' && matrix.platform.tests != ''
|
||||
run: |
|
||||
.github/workflows/make-test \
|
||||
TESTS="${{ matrix.platform.tests }} -test_afalg" \
|
||||
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
|
||||
- name: make evp tests
|
||||
if: github.event_name == 'pull_request' && matrix.platform.tests != 'none'
|
||||
run: |
|
||||
.github/workflows/make-test \
|
||||
TESTS="test_evp*" \
|
||||
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
|
||||
- name: save artifacts
|
||||
if: success() || failure()
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: "cross-compiles@${{ matrix.platform.arch }}"
|
||||
path: artifacts.tar.gz
|
||||
if-no-files-found: ignore
|
||||
24
.github/workflows/deploy-docs-openssl-org.yml
vendored
24
.github/workflows/deploy-docs-openssl-org.yml
vendored
@@ -1,24 +0,0 @@
|
||||
name: "Trigger docs.openssl.org deployment"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- "openssl-3.[0-9]+"
|
||||
- "master"
|
||||
paths:
|
||||
- "doc/man*/**"
|
||||
|
||||
jobs:
|
||||
trigger:
|
||||
if: github.repository == 'openssl/openssl'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: "Trigger deployment workflow"
|
||||
run: |
|
||||
gh workflow run -f branch=${{ github.ref_name }} deploy-site.yaml
|
||||
sleep 3
|
||||
RUN_ID=$(gh run list -w deploy-site.yaml -L 1 --json databaseId -q ".[0].databaseId")
|
||||
gh run watch ${RUN_ID} --exit-status
|
||||
env:
|
||||
GH_REPO: "openssl/openssl-docs"
|
||||
GH_TOKEN: ${{ secrets.OPENSSL_MACHINE_TOKEN }}
|
||||
119
.github/workflows/fips-checksums.yml
vendored
119
.github/workflows/fips-checksums.yml
vendored
@@ -1,119 +0,0 @@
|
||||
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: FIPS Check and ABIDIFF
|
||||
on: [pull_request]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
compute-checksums:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: install unifdef
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install unifdef
|
||||
- name: create build dirs
|
||||
run: |
|
||||
mkdir ./build-pristine
|
||||
mkdir ./source-pristine
|
||||
mkdir ./build
|
||||
mkdir ./source
|
||||
mkdir ./artifact
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ github.event.pull_request.base.repo.full_name }}
|
||||
ref: ${{ github.event.pull_request.base.ref }}
|
||||
path: source-pristine
|
||||
- name: config pristine
|
||||
run: ../source-pristine/config enable-fips
|
||||
working-directory: ./build-pristine
|
||||
- name: config pristine dump
|
||||
run: ./configdata.pm --dump
|
||||
working-directory: ./build-pristine
|
||||
- name: make build_generated pristine
|
||||
run: make -s build_generated
|
||||
working-directory: ./build-pristine
|
||||
- name: make fips-checksums pristine
|
||||
run: make fips-checksums
|
||||
working-directory: ./build-pristine
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
path: source
|
||||
- name: config
|
||||
run: ../source/config enable-fips
|
||||
working-directory: ./build
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
working-directory: ./build
|
||||
- name: make build_generated
|
||||
run: make -s build_generated
|
||||
working-directory: ./build
|
||||
- name: make fips-checksums
|
||||
run: make fips-checksums
|
||||
working-directory: ./build
|
||||
- name: update checksums
|
||||
run: |
|
||||
cp -a build-pristine/providers/fips.module.sources.new source/providers/fips.module.sources
|
||||
cp -a build-pristine/providers/fips-sources.checksums.new source/providers/fips-sources.checksums
|
||||
cp -a build-pristine/providers/fips.checksum.new source/providers/fips.checksum
|
||||
- name: make diff-fips-checksums
|
||||
run: make diff-fips-checksums && touch ../artifact/fips_unchanged || ( touch ../artifact/fips_changed ; echo FIPS CHANGED )
|
||||
working-directory: ./build
|
||||
- name: save PR number
|
||||
run: echo ${{ github.event.number }} > ./artifact/pr_num
|
||||
- name: save artifact
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: fips_checksum
|
||||
path: artifact/
|
||||
|
||||
compute-abidiff:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
BUILD_OPTS: -g --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd
|
||||
steps:
|
||||
- name: create build dirs
|
||||
run: |
|
||||
mkdir ./build-pristine
|
||||
mkdir ./source-pristine
|
||||
mkdir ./build
|
||||
mkdir ./source
|
||||
mkdir ./artifact
|
||||
- name: install extra config support
|
||||
run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
repository: ${{ github.event.pull_request.base.repo.full_name }}
|
||||
ref: ${{ github.event.pull_request.base.ref }}
|
||||
path: source-pristine
|
||||
- name: config pristine
|
||||
run: ../source-pristine/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
|
||||
working-directory: ./build-pristine
|
||||
- name: make pristine
|
||||
run: make -s -j4
|
||||
working-directory: ./build-pristine
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
path: source
|
||||
- name: config
|
||||
run: ../source/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
|
||||
working-directory: ./build
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
working-directory: ./build
|
||||
- name: abidiff
|
||||
run: abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libcrypto.so ./build/libcrypto.so && abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libssl.so ./build/libssl.so && touch ./artifact/abi_unchanged || ( touch ./artifact/abi_changed ; echo ABI CHANGED )
|
||||
- name: save PR number
|
||||
run: echo ${{ github.event.number }} > ./artifact/pr_num
|
||||
- name: save artifact
|
||||
uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: abidiff
|
||||
path: artifact/
|
||||
141
.github/workflows/fips-label.yml
vendored
141
.github/workflows/fips-label.yml
vendored
@@ -1,141 +0,0 @@
|
||||
# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: FIPS and ABI Changed Label
|
||||
on:
|
||||
workflow_run:
|
||||
workflows: ["FIPS Check and ABIDIFF"]
|
||||
types:
|
||||
- completed
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
apply-label:
|
||||
permissions:
|
||||
actions: read
|
||||
pull-requests: write
|
||||
runs-on: ubuntu-latest
|
||||
if: ${{ github.event.workflow_run.event == 'pull_request' }}
|
||||
steps:
|
||||
- name: 'Download fipscheck artifact'
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
||||
uses: actions/github-script@v7
|
||||
with:
|
||||
script: |
|
||||
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
run_id: ${{github.event.workflow_run.id }},
|
||||
});
|
||||
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
|
||||
return artifact.name == "fips_checksum"
|
||||
})[0];
|
||||
var download = await github.rest.actions.downloadArtifact({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
artifact_id: matchArtifact.id,
|
||||
archive_format: 'zip',
|
||||
});
|
||||
var fs = require('fs');
|
||||
fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
|
||||
- run: unzip artifact.zip
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
||||
- name: 'Check artifact and apply'
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
||||
uses: actions/github-script@v7
|
||||
with:
|
||||
github-token: ${{secrets.GITHUB_TOKEN}}
|
||||
script: |
|
||||
var fs = require('fs');
|
||||
var pr_num = Number(fs.readFileSync('./pr_num'));
|
||||
if ( fs.existsSync('./fips_changed') ) {
|
||||
github.rest.issues.addLabels({
|
||||
issue_number: pr_num,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
labels: ['severity: fips change']
|
||||
});
|
||||
} else if ( fs.existsSync('./fips_unchanged') ) {
|
||||
var labels = await github.rest.issues.listLabelsOnIssue({
|
||||
issue_number: pr_num,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo
|
||||
});
|
||||
|
||||
for ( var label in labels.data ) {
|
||||
if (labels.data[label].name == 'severity: fips change') {
|
||||
github.rest.issues.removeLabel({
|
||||
issue_number: pr_num,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
name: 'severity: fips change'
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
- name: 'Cleanup artifact'
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
||||
run: rm artifact.zip pr_num
|
||||
|
||||
- name: 'Download abidiff artifact'
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
||||
uses: actions/github-script@v7
|
||||
with:
|
||||
script: |
|
||||
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
run_id: ${{github.event.workflow_run.id }},
|
||||
});
|
||||
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
|
||||
return artifact.name == "abidiff"
|
||||
})[0];
|
||||
var download = await github.rest.actions.downloadArtifact({
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
artifact_id: matchArtifact.id,
|
||||
archive_format: 'zip',
|
||||
});
|
||||
var fs = require('fs');
|
||||
fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
|
||||
- run: unzip artifact.zip
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
||||
- name: 'Check artifact and apply'
|
||||
if: ${{ github.event.workflow_run.conclusion == 'success' }}
|
||||
uses: actions/github-script@v7
|
||||
with:
|
||||
github-token: ${{secrets.GITHUB_TOKEN}}
|
||||
script: |
|
||||
var fs = require('fs');
|
||||
var pr_num = Number(fs.readFileSync('./pr_num'));
|
||||
if ( fs.existsSync('./abi_changed') ) {
|
||||
github.rest.issues.addLabels({
|
||||
issue_number: pr_num,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
labels: ['severity: ABI change']
|
||||
});
|
||||
} else if ( fs.existsSync('./abi_unchanged') ) {
|
||||
var labels = await github.rest.issues.listLabelsOnIssue({
|
||||
issue_number: pr_num,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo
|
||||
});
|
||||
|
||||
for ( var label in labels.data ) {
|
||||
if (labels.data[label].name == 'severity: ABI change') {
|
||||
github.rest.issues.removeLabel({
|
||||
issue_number: pr_num,
|
||||
owner: context.repo.owner,
|
||||
repo: context.repo.repo,
|
||||
name: 'severity: ABI change'
|
||||
});
|
||||
}
|
||||
}
|
||||
}
|
||||
79
.github/workflows/fuzz-checker.yml
vendored
79
.github/workflows/fuzz-checker.yml
vendored
@@ -1,79 +0,0 @@
|
||||
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: Fuzz-checker CI
|
||||
|
||||
on: [push]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
fuzz-checker:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
fuzzy: [
|
||||
{
|
||||
name: AFL,
|
||||
config: enable-fuzz-afl no-module,
|
||||
install: afl++,
|
||||
cc: afl-clang-fast
|
||||
}, {
|
||||
name: libFuzzer,
|
||||
config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function,
|
||||
libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
|
||||
install: libfuzzer-18-dev,
|
||||
cc: clang-18,
|
||||
linker: clang++-18,
|
||||
tests: -test_memleak
|
||||
}, {
|
||||
name: libFuzzer+,
|
||||
config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
|
||||
libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
|
||||
extra: enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
|
||||
install: libfuzzer-18-dev,
|
||||
cc: clang-18,
|
||||
linker: clang++-18,
|
||||
tests: -test_memleak
|
||||
}
|
||||
]
|
||||
runs-on: ubuntu-24.04
|
||||
steps:
|
||||
- name: install packages
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq --force-yes install ${{ matrix.fuzzy.install }}
|
||||
- name: Adjust ASLR for sanitizer
|
||||
run: |
|
||||
sudo cat /proc/sys/vm/mmap_rnd_bits
|
||||
sudo sysctl -w vm.mmap_rnd_bits=28
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: config
|
||||
run: |
|
||||
CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
|
||||
${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
|
||||
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make with explicit linker
|
||||
if: matrix.fuzzy.linker != ''
|
||||
run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
|
||||
- name: make sans explicit linker
|
||||
if: matrix.fuzzy.linker == ''
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test restricted
|
||||
if: matrix.fuzzy.tests != ''
|
||||
run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
|
||||
- name: make test all
|
||||
if: matrix.fuzzy.tests == ''
|
||||
run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
55
.github/workflows/interop-tests.yml
vendored
55
.github/workflows/interop-tests.yml
vendored
@@ -1,55 +0,0 @@
|
||||
# Notes:
|
||||
# /__w/openssl is the path that github bind-mounts into the container so the ci
|
||||
# filesystem for this job can be reached. Please note that any changes made to
|
||||
# this job involving file system paths should be made prefixed with, or relative
|
||||
# to that directory
|
||||
name: Interoperability tests with GnuTLS and NSS
|
||||
on:
|
||||
schedule:
|
||||
- cron: '55 02 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
test:
|
||||
runs-on: ubuntu-22.04
|
||||
container:
|
||||
image: docker.io/fedora:40
|
||||
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0
|
||||
timeout-minutes: 90
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
COMPONENT: [gnutls, nss]
|
||||
env:
|
||||
COMPONENT: ${{ matrix.COMPONENT }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: Display environment
|
||||
run: export
|
||||
- name : Install needed tools
|
||||
run: |
|
||||
dnf -y install perl gcc rpmdevtools dnf-utils make tmt-all beakerlib \
|
||||
fips-mode-setup crypto-policies-scripts
|
||||
- name: install interop tests
|
||||
run: |
|
||||
cd ${GITHUB_WORKSPACE}
|
||||
git clone --branch=openssl-v0.1 --depth=1 https://gitlab.com/redhat-crypto/tests/interop.git
|
||||
- name: build openssl as an rpm
|
||||
run: |
|
||||
mkdir -p /build/SPECS && cd /build && echo -e "%_topdir /build\n%_lto_cflags %{nil}" >~/.rpmmacros && rpmdev-setuptree
|
||||
cd /build && cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.spec SPECS/ && \
|
||||
cd SPECS/ && source ${GITHUB_WORKSPACE}/VERSION.dat && \
|
||||
sed -i "s/^Version: .*\$/Version: $MAJOR.$MINOR.$PATCH/" openssl.spec && \
|
||||
sed -i 's/^Release: .*$/Release: dev/' openssl.spec
|
||||
yum-builddep -y /build/SPECS/openssl.spec # just for sure nothing is missing
|
||||
mkdir -p /build/SOURCES
|
||||
tar --transform "s/^__w\/openssl\/openssl/openssl-$MAJOR.$MINOR.$PATCH/" -czf /build/SOURCES/openssl-$MAJOR.$MINOR.$PATCH.tar.gz /__w/openssl/openssl/
|
||||
rpmbuild -bb /build/SPECS/openssl.spec
|
||||
dnf install -y /build/RPMS/x86_64/openssl-*
|
||||
cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.cnf /etc/pki/tls/openssl.cnf
|
||||
- name: Run interop tests
|
||||
run: |
|
||||
cd interop
|
||||
tmt run -av plans -n interop tests -f "tag: interop-openssl & tag: interop-$COMPONENT" provision -h local --feeling-safe execute -h tmt --interactive
|
||||
openssl version
|
||||
echo "Finished - important to prevent unwanted output truncating"
|
||||
33
.github/workflows/main.yml
vendored
33
.github/workflows/main.yml
vendored
@@ -1,33 +0,0 @@
|
||||
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: CIFuzz
|
||||
on: [pull_request, push]
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
Fuzzing:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Build Fuzzers
|
||||
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
|
||||
with:
|
||||
oss-fuzz-project-name: 'openssl'
|
||||
dry-run: false
|
||||
- name: Run Fuzzers
|
||||
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
|
||||
with:
|
||||
oss-fuzz-project-name: 'openssl'
|
||||
fuzz-seconds: 600
|
||||
dry-run: false
|
||||
- name: Upload Crash
|
||||
uses: actions/upload-artifact@v4
|
||||
if: failure()
|
||||
with:
|
||||
name: artifacts
|
||||
path: ./out/artifacts
|
||||
42
.github/workflows/make-release.yml
vendored
42
.github/workflows/make-release.yml
vendored
@@ -1,42 +0,0 @@
|
||||
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: "Make release"
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "openssl-*"
|
||||
|
||||
jobs:
|
||||
release:
|
||||
runs-on: "releaser"
|
||||
steps:
|
||||
- name: "Checkout"
|
||||
uses: "actions/checkout@v4"
|
||||
with:
|
||||
fetch-depth: 1
|
||||
ref: ${{ github.ref_name }}
|
||||
github-server-url: "https://github.openssl.org/"
|
||||
repository: "openssl/openssl"
|
||||
token: ${{ secrets.GHE_TOKEN }}
|
||||
path: ${{ github.ref_name }}
|
||||
- name: "Prepare assets"
|
||||
run: |
|
||||
cd ${{ github.ref_name }}
|
||||
./util/mktar.sh
|
||||
mkdir assets && mv ${{ github.ref_name }}.tar.gz assets/ && cd assets
|
||||
openssl sha1 -r ${{ github.ref_name }}.tar.gz > ${{ github.ref_name }}.tar.gz.sha1
|
||||
openssl sha256 -r ${{ github.ref_name }}.tar.gz > ${{ github.ref_name }}.tar.gz.sha256
|
||||
gpg -u ${{ vars.signing_key_uid }} -o ${{ github.ref_name }}.tar.gz.asc -sba ${{ github.ref_name }}.tar.gz
|
||||
- name: "Create release"
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
|
||||
run: |
|
||||
VERSION=$(echo ${{ github.ref_name }} | cut -d "-" -f 2-)
|
||||
PRE_RELEASE=$([[ ${{ github.ref_name }} =~ alpha|beta ]] && echo "-p" || echo "")
|
||||
gh release create ${{ github.ref_name }} $PRE_RELEASE -t "OpenSSL $VERSION" -d --notes " " -R ${{ github.repository }} ${{ github.ref_name }}/assets/*
|
||||
43
.github/workflows/make-test
vendored
43
.github/workflows/make-test
vendored
@@ -1,43 +0,0 @@
|
||||
#!/usr/bin/env bash
|
||||
set -eo pipefail
|
||||
|
||||
cleanup() {
|
||||
# Remove if nothing was generated.
|
||||
[ -d artifacts ] && find artifacts -type d -empty -delete
|
||||
}
|
||||
trap cleanup EXIT
|
||||
|
||||
# Make a central directory to store all output artifacts of our test run to
|
||||
# avoid having to configure multiple upload-artifacts steps in the workflow
|
||||
# file.
|
||||
OSSL_CI_ARTIFACTS_PATH="artifacts/"
|
||||
if [ -n "${GITHUB_RUN_NUMBER}" ]; then
|
||||
OSSL_CI_ARTIFACTS_PATH="artifacts/github-${GITHUB_JOB}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ID}/"
|
||||
fi
|
||||
mkdir -p "$OSSL_CI_ARTIFACTS_PATH"
|
||||
export OSSL_CI_ARTIFACTS_PATH="$(cd "$OSSL_CI_ARTIFACTS_PATH"; pwd)"
|
||||
|
||||
# Run the tests. This might fail, but we need to capture artifacts anyway.
|
||||
set +e
|
||||
make test HARNESS_JOBS=${HARNESS_JOBS:-4} "$@"
|
||||
RESULT=$?
|
||||
set -e
|
||||
|
||||
# Move an interesting subset of the test-runs data we want into the artifacts
|
||||
# staging directory.
|
||||
for test_name in quic_multistream; do
|
||||
if [ -d "test-runs/test_${test_name}" ]; then
|
||||
mv "test-runs/test_${test_name}" "$OSSL_CI_ARTIFACTS_PATH/"
|
||||
fi
|
||||
done
|
||||
|
||||
# Log the artifact tree.
|
||||
echo "::group::List of artifact files generated"
|
||||
echo "Test suite exited with $RESULT, artifacts path is $OSSL_CI_ARTIFACTS_PATH"
|
||||
(cd "$OSSL_CI_ARTIFACTS_PATH"; find . -type f | sort)
|
||||
echo "::endgroup::"
|
||||
|
||||
echo "Archive artifacts"
|
||||
tar -czf artifacts.tar.gz $OSSL_CI_ARTIFACTS_PATH
|
||||
|
||||
exit $RESULT
|
||||
265
.github/workflows/os-zoo.yml
vendored
265
.github/workflows/os-zoo.yml
vendored
@@ -1,265 +0,0 @@
|
||||
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: OS Zoo CI
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '50 02 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
alpine:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
tag: [edge, latest]
|
||||
cc: [gcc, clang]
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: docker.io/library/alpine:${{ matrix.tag }}
|
||||
env:
|
||||
# See https://www.openwall.com/lists/musl/2022/02/16/14
|
||||
# for the reason why -Wno-sign-compare is needed with clang
|
||||
# -Wno-stringop-overflow is needed to silence a bogus
|
||||
# warning on new fortify-headers with gcc
|
||||
EXTRA_CFLAGS: ${{ matrix.cc == 'clang' && '-Wno-sign-compare' || matrix.tag == 'edge' && '-Wno-stringop-overflow' || '' }}
|
||||
CC: ${{ matrix.cc }}
|
||||
steps:
|
||||
- name: install packages
|
||||
run: apk --no-cache add build-base perl linux-headers ${{ matrix.cc }}
|
||||
- uses: actions/checkout@v4
|
||||
- name: config
|
||||
run: |
|
||||
./config --strict-warnings --banner=Configured no-shared enable-fips \
|
||||
${EXTRA_CFLAGS}
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
linux:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
zoo:
|
||||
- image: docker.io/library/debian:10
|
||||
install: apt-get update && apt-get install -y gcc make perl
|
||||
- image: docker.io/library/debian:11
|
||||
install: apt-get update && apt-get install -y gcc make perl
|
||||
- image: docker.io/library/debian:12
|
||||
install: apt-get update && apt-get install -y gcc make perl
|
||||
- image: docker.io/library/ubuntu:20.04
|
||||
install: apt-get update && apt-get install -y gcc make perl
|
||||
- image: docker.io/library/ubuntu:22.04
|
||||
install: apt-get update && apt-get install -y gcc make perl
|
||||
- image: docker.io/library/fedora:38
|
||||
install: dnf install -y gcc make perl-core
|
||||
- image: docker.io/library/fedora:39
|
||||
install: dnf install -y gcc make perl-core
|
||||
- image: docker.io/library/centos:8
|
||||
install: |
|
||||
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && \
|
||||
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* && \
|
||||
dnf install -y gcc make perl-core
|
||||
- image: docker.io/library/rockylinux:8
|
||||
install: dnf install -y gcc make perl-core
|
||||
- image: docker.io/library/rockylinux:9
|
||||
install: dnf install -y gcc make perl-core
|
||||
runs-on: ubuntu-latest
|
||||
container: ${{ matrix.zoo.image }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: install packages
|
||||
run: ${{ matrix.zoo.install }}
|
||||
- name: config
|
||||
run: ./config
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
macos:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
os: [macos-13, macos-14, macos-15]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured enable-fips
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
sysctl machdep.cpu
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
windows:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
os: [windows-2019, windows-2022]
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- uses: ilammy/msvc-dev-cmd@v1
|
||||
- name: install nasm
|
||||
run: |
|
||||
choco install nasm
|
||||
"C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
|
||||
- name: prepare the build directory
|
||||
run: mkdir _build
|
||||
- name: config
|
||||
working-directory: _build
|
||||
run: perl ..\Configure --banner=Configured no-makedepend enable-fips
|
||||
- name: config dump
|
||||
working-directory: _build
|
||||
run: ./configdata.pm --dump
|
||||
- name: build
|
||||
working-directory: _build
|
||||
run: nmake /S
|
||||
- name: download coreinfo
|
||||
uses: suisei-cn/actions-download-file@v1.6.0
|
||||
with:
|
||||
url: "https://download.sysinternals.com/files/Coreinfo.zip"
|
||||
target: _build/coreinfo/
|
||||
- name: get cpu info
|
||||
working-directory: _build
|
||||
run: |
|
||||
7z.exe x coreinfo/Coreinfo.zip
|
||||
./Coreinfo64.exe -accepteula -f
|
||||
apps/openssl.exe version -c
|
||||
- name: test
|
||||
working-directory: _build
|
||||
run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4
|
||||
|
||||
linux-arm64:
|
||||
runs-on: linux-arm64
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: config
|
||||
run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -j4
|
||||
- name: get cpu info
|
||||
run: ./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
linux-ppc64le:
|
||||
runs-on: linux-ppc64le
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: config
|
||||
run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
linux-s390x:
|
||||
runs-on: linux-s390x
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: config
|
||||
run: ./config --strict-warnings -Wno-stringop-overflow enable-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
linux-riscv64:
|
||||
runs-on: linux-riscv64
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: config
|
||||
run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -j8
|
||||
- name: get cpu info
|
||||
run: ./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
env:
|
||||
OPENSSL_riscvcap: ZBA_ZBB_ZBC_ZBS_ZKT
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
freebsd-x86_64:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: config
|
||||
uses: cross-platform-actions/action@v0.26.0
|
||||
with:
|
||||
operating_system: freebsd
|
||||
version: "13.4"
|
||||
shutdown_vm: false
|
||||
run: |
|
||||
sudo pkg install -y gcc perl5
|
||||
./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
|
||||
- name: config dump
|
||||
uses: cross-platform-actions/action@v0.26.0
|
||||
with:
|
||||
operating_system: freebsd
|
||||
version: "13.4"
|
||||
shutdown_vm: false
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
uses: cross-platform-actions/action@v0.26.0
|
||||
with:
|
||||
operating_system: freebsd
|
||||
version: "13.4"
|
||||
shutdown_vm: false
|
||||
run: make -j4
|
||||
- name: make test
|
||||
uses: cross-platform-actions/action@v0.26.0
|
||||
with:
|
||||
operating_system: freebsd
|
||||
version: "13.4"
|
||||
run: |
|
||||
./util/opensslwrap.sh version -c
|
||||
.github/workflows/make-test
|
||||
272
.github/workflows/prov-compat-label.yml
vendored
272
.github/workflows/prov-compat-label.yml
vendored
@@ -1,272 +0,0 @@
|
||||
# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
# This verifies that FIPS and legacy providers built against some earlier
|
||||
# released versions continue to run against the current branch.
|
||||
|
||||
name: Provider compatibility for PRs
|
||||
|
||||
on: [pull_request]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
|
||||
|
||||
jobs:
|
||||
fips-releases:
|
||||
if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
|
||||
strategy:
|
||||
matrix:
|
||||
release: [
|
||||
# Formally released versions should be added here.
|
||||
# `dir' it the directory inside the tarball.
|
||||
# `tgz' is the name of the tarball.
|
||||
# `url' is the download URL.
|
||||
{
|
||||
dir: openssl-3.0.0,
|
||||
tgz: openssl-3.0.0.tar.gz,
|
||||
url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz",
|
||||
},
|
||||
{
|
||||
dir: openssl-3.0.8,
|
||||
tgz: openssl-3.0.8.tar.gz,
|
||||
url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz",
|
||||
},
|
||||
{
|
||||
dir: openssl-3.0.9,
|
||||
tgz: openssl-3.0.9.tar.gz,
|
||||
url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz",
|
||||
},
|
||||
{
|
||||
dir: openssl-3.1.2,
|
||||
tgz: openssl-3.1.2.tar.gz,
|
||||
url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz",
|
||||
},
|
||||
]
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: create download directory
|
||||
run: mkdir downloads
|
||||
- name: download release source
|
||||
run: wget --no-verbose ${{ matrix.release.url }}
|
||||
working-directory: downloads
|
||||
- name: unpack release source
|
||||
run: tar xzf downloads/${{ matrix.release.tgz }}
|
||||
|
||||
- name: localegen
|
||||
run: sudo locale-gen tr_TR.UTF-8
|
||||
|
||||
- name: config release
|
||||
run: |
|
||||
./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
|
||||
working-directory: ${{ matrix.release.dir }}
|
||||
- name: config dump release
|
||||
run: ./configdata.pm --dump
|
||||
working-directory: ${{ matrix.release.dir }}
|
||||
|
||||
- name: make release
|
||||
run: make -s -j4
|
||||
working-directory: ${{ matrix.release.dir }}
|
||||
|
||||
- name: create release artifacts
|
||||
run: |
|
||||
tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }}
|
||||
|
||||
- name: show module versions from release
|
||||
run: |
|
||||
./util/wrap.pl -fips apps/openssl list -provider-path providers \
|
||||
-provider base \
|
||||
-provider default \
|
||||
-provider fips \
|
||||
-provider legacy \
|
||||
-providers
|
||||
working-directory: ${{ matrix.release.dir }}
|
||||
|
||||
- uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: ${{ matrix.release.tgz }}
|
||||
path: ${{ matrix.release.tgz }}
|
||||
retention-days: 7
|
||||
|
||||
development-branches:
|
||||
if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
|
||||
strategy:
|
||||
matrix:
|
||||
branch: [
|
||||
# Currently supported FIPS capable branches should be added here.
|
||||
# `name' is the branch name used to checkout out.
|
||||
# `dir' directory that will be used to build and test in.
|
||||
# `tgz' is the name of the tarball use to keep the artifacts of
|
||||
# the build.
|
||||
{
|
||||
name: '',
|
||||
dir: PR,
|
||||
tgz: PR.tar.gz,
|
||||
}, {
|
||||
name: openssl-3.0,
|
||||
dir: branch-3.0,
|
||||
tgz: branch-3.0.tar.gz,
|
||||
}, {
|
||||
name: openssl-3.2,
|
||||
dir: branch-3.2,
|
||||
tgz: branch-3.2.tar.gz,
|
||||
}, {
|
||||
name: openssl-3.3,
|
||||
dir: branch-3.3,
|
||||
tgz: branch-3.3.tar.gz,
|
||||
}, {
|
||||
name: openssl-3.4,
|
||||
dir: branch-3.4,
|
||||
tgz: branch-3.4.tar.gz,
|
||||
}, {
|
||||
name: openssl-3.5,
|
||||
dir: branch-3.5,
|
||||
tgz: branch-3.5.tar.gz,
|
||||
}, {
|
||||
name: master,
|
||||
dir: branch-master,
|
||||
tgz: branch-master.tar.gz,
|
||||
},
|
||||
]
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
path: ${{ matrix.branch.dir }}
|
||||
repository: openssl/openssl
|
||||
ref: ${{ matrix.branch.name }}
|
||||
- name: localegen
|
||||
run: sudo locale-gen tr_TR.UTF-8
|
||||
|
||||
- name: config branch
|
||||
run: |
|
||||
./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
|
||||
working-directory: ${{ matrix.branch.dir }}
|
||||
- name: config dump current
|
||||
run: ./configdata.pm --dump
|
||||
working-directory: ${{ matrix.branch.dir }}
|
||||
|
||||
- name: make branch
|
||||
run: make -s -j4
|
||||
working-directory: ${{ matrix.branch.dir }}
|
||||
|
||||
- name: create branch artifacts
|
||||
run: |
|
||||
tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }}
|
||||
|
||||
- name: show module versions from branch
|
||||
run: |
|
||||
./util/wrap.pl -fips apps/openssl list -provider-path providers \
|
||||
-provider base \
|
||||
-provider default \
|
||||
-provider fips \
|
||||
-provider legacy \
|
||||
-providers
|
||||
working-directory: ${{ matrix.branch.dir }}
|
||||
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
working-directory: ${{ matrix.branch.dir }}
|
||||
|
||||
- uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: ${{ matrix.branch.tgz }}
|
||||
path: ${{ matrix.branch.tgz }}
|
||||
retention-days: 7
|
||||
|
||||
cross-testing:
|
||||
if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
|
||||
needs: [fips-releases, development-branches]
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
# These can't be figured out earlier and included here as a variable
|
||||
# substitution.
|
||||
#
|
||||
# Note that releases are not used as a test environment for
|
||||
# later providers. Problems in these situations ought to be
|
||||
# caught by cross branch testing before the release.
|
||||
tree_a: [ branch-3.5, branch-3.4, branch-3.3, branch-3.2, branch-3.0,
|
||||
openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
|
||||
tree_b: [ PR ]
|
||||
include:
|
||||
- tree_a: PR
|
||||
tree_b: branch-master
|
||||
- tree_a: PR
|
||||
tree_b: branch-3.5
|
||||
- tree_a: PR
|
||||
tree_b: branch-3.4
|
||||
- tree_a: PR
|
||||
tree_b: branch-3.3
|
||||
- tree_a: PR
|
||||
tree_b: branch-3.2
|
||||
- tree_a: PR
|
||||
tree_b: branch-3.0
|
||||
steps:
|
||||
- name: early exit checks
|
||||
id: early_exit
|
||||
run: |
|
||||
if [ "${{ matrix.tree_a }}" = "${{ matrix.tree_b }}" ]; \
|
||||
then \
|
||||
echo "Skipping because both are the same version"; \
|
||||
exit 1; \
|
||||
fi
|
||||
continue-on-error: true
|
||||
|
||||
- uses: actions/download-artifact@v4.1.8
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
with:
|
||||
name: ${{ matrix.tree_a }}.tar.gz
|
||||
- name: unpack first build
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
run: tar xzf "${{ matrix.tree_a }}.tar.gz"
|
||||
|
||||
- uses: actions/download-artifact@v4.1.8
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
with:
|
||||
name: ${{ matrix.tree_b }}.tar.gz
|
||||
- name: unpack second build
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
run: tar xzf "${{ matrix.tree_b }}.tar.gz"
|
||||
|
||||
- name: set up cross validation of FIPS from A with tree from B
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
run: |
|
||||
cp providers/fips.so ../${{ matrix.tree_b }}/providers/
|
||||
cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/
|
||||
working-directory: ${{ matrix.tree_a }}
|
||||
|
||||
- name: show module versions from cross validation
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
run: |
|
||||
./util/wrap.pl -fips apps/openssl list -provider-path providers \
|
||||
-provider base \
|
||||
-provider default \
|
||||
-provider fips \
|
||||
-provider legacy \
|
||||
-providers
|
||||
working-directory: ${{ matrix.tree_b }}
|
||||
|
||||
- name: get cpu info
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
working-directory: ${{ matrix.tree_b }}
|
||||
|
||||
- name: run cross validation tests of FIPS from A with tree from B
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
run: |
|
||||
make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
working-directory: ${{ matrix.tree_b }}
|
||||
266
.github/workflows/provider-compatibility.yml
vendored
266
.github/workflows/provider-compatibility.yml
vendored
@@ -1,266 +0,0 @@
|
||||
# Copyright 2023-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
# This verifies that FIPS and legacy providers built against some earlier
|
||||
# released versions continue to run against the current branch.
|
||||
|
||||
name: Provider compatibility across versions
|
||||
|
||||
# Please note there is no point in running this job on PR as the tests
|
||||
# will always run against the tips of the branches in the main repository
|
||||
# and not the branch from the PR.
|
||||
# Use the `extended tests` label to run provider compatibility checks
|
||||
# on PRs.
|
||||
on:
|
||||
schedule:
|
||||
- cron: '10 02 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
|
||||
|
||||
jobs:
|
||||
fips-releases:
|
||||
strategy:
|
||||
matrix:
|
||||
release: [
|
||||
# Formally released versions should be added here.
|
||||
# `dir' it the directory inside the tarball.
|
||||
# `tgz' is the name of the tarball.
|
||||
# `url' is the download URL.
|
||||
{
|
||||
dir: openssl-3.0.0,
|
||||
tgz: openssl-3.0.0.tar.gz,
|
||||
url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz",
|
||||
},
|
||||
{
|
||||
dir: openssl-3.0.8,
|
||||
tgz: openssl-3.0.8.tar.gz,
|
||||
url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz",
|
||||
},
|
||||
{
|
||||
dir: openssl-3.0.9,
|
||||
tgz: openssl-3.0.9.tar.gz,
|
||||
url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz",
|
||||
},
|
||||
{
|
||||
dir: openssl-3.1.2,
|
||||
tgz: openssl-3.1.2.tar.gz,
|
||||
url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz",
|
||||
},
|
||||
]
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: create download directory
|
||||
run: mkdir downloads
|
||||
- name: download release source
|
||||
run: wget --no-verbose ${{ matrix.release.url }}
|
||||
working-directory: downloads
|
||||
- name: unpack release source
|
||||
run: tar xzf downloads/${{ matrix.release.tgz }}
|
||||
|
||||
- name: localegen
|
||||
run: sudo locale-gen tr_TR.UTF-8
|
||||
|
||||
- name: config release
|
||||
run: |
|
||||
./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
|
||||
working-directory: ${{ matrix.release.dir }}
|
||||
- name: config dump release
|
||||
run: ./configdata.pm --dump
|
||||
working-directory: ${{ matrix.release.dir }}
|
||||
|
||||
- name: make release
|
||||
run: make -s -j4
|
||||
working-directory: ${{ matrix.release.dir }}
|
||||
|
||||
- name: create release artifacts
|
||||
run: |
|
||||
tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }}
|
||||
|
||||
- name: show module versions from release
|
||||
run: |
|
||||
./util/wrap.pl -fips apps/openssl list -provider-path providers \
|
||||
-provider base \
|
||||
-provider default \
|
||||
-provider fips \
|
||||
-provider legacy \
|
||||
-providers
|
||||
working-directory: ${{ matrix.release.dir }}
|
||||
|
||||
- uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: ${{ matrix.release.tgz }}
|
||||
path: ${{ matrix.release.tgz }}
|
||||
retention-days: 7
|
||||
|
||||
development-branches:
|
||||
strategy:
|
||||
matrix:
|
||||
branch: [
|
||||
# Currently supported FIPS capable branches should be added here.
|
||||
# `name' is the branch name used to checkout out.
|
||||
# `dir' directory that will be used to build and test in.
|
||||
# `tgz' is the name of the tarball use to keep the artifacts of
|
||||
# the build.
|
||||
{
|
||||
name: openssl-3.0,
|
||||
dir: branch-3.0,
|
||||
tgz: branch-3.0.tar.gz,
|
||||
}, {
|
||||
name: openssl-3.2,
|
||||
dir: branch-3.2,
|
||||
tgz: branch-3.2.tar.gz,
|
||||
}, {
|
||||
name: openssl-3.3,
|
||||
dir: branch-3.3,
|
||||
tgz: branch-3.3.tar.gz,
|
||||
}, {
|
||||
name: openssl-3.4,
|
||||
dir: branch-3.4,
|
||||
tgz: branch-3.4.tar.gz,
|
||||
}, {
|
||||
name: openssl-3.5,
|
||||
dir: branch-3.5,
|
||||
tgz: branch-3.5.tar.gz,
|
||||
}, {
|
||||
name: master,
|
||||
dir: branch-master,
|
||||
tgz: branch-master.tar.gz,
|
||||
},
|
||||
]
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
path: ${{ matrix.branch.dir }}
|
||||
repository: openssl/openssl
|
||||
ref: ${{ matrix.branch.name }}
|
||||
- name: localegen
|
||||
run: sudo locale-gen tr_TR.UTF-8
|
||||
|
||||
- name: config branch
|
||||
run: |
|
||||
./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
|
||||
working-directory: ${{ matrix.branch.dir }}
|
||||
- name: config dump current
|
||||
run: ./configdata.pm --dump
|
||||
working-directory: ${{ matrix.branch.dir }}
|
||||
|
||||
- name: make branch
|
||||
run: make -s -j4
|
||||
working-directory: ${{ matrix.branch.dir }}
|
||||
|
||||
- name: create branch artifacts
|
||||
run: |
|
||||
tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }}
|
||||
|
||||
- name: show module versions from branch
|
||||
run: |
|
||||
./util/wrap.pl -fips apps/openssl list -provider-path providers \
|
||||
-provider base \
|
||||
-provider default \
|
||||
-provider fips \
|
||||
-provider legacy \
|
||||
-providers
|
||||
working-directory: ${{ matrix.branch.dir }}
|
||||
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
working-directory: ${{ matrix.branch.dir }}
|
||||
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
working-directory: ${{ matrix.branch.dir }}
|
||||
|
||||
- uses: actions/upload-artifact@v4
|
||||
with:
|
||||
name: ${{ matrix.branch.tgz }}
|
||||
path: ${{ matrix.branch.tgz }}
|
||||
retention-days: 7
|
||||
|
||||
cross-testing:
|
||||
needs: [fips-releases, development-branches]
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
# These can't be figured out earlier and included here as a variable
|
||||
# substitution.
|
||||
#
|
||||
# Note that releases are not used as a test environment for
|
||||
# later providers. Problems in these situations ought to be
|
||||
# caught by cross branch testing before the release.
|
||||
tree_a: [ branch-master, branch-3.5, branch-3.4, branch-3.3,
|
||||
branch-3.2, branch-3.0,
|
||||
openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
|
||||
tree_b: [ branch-master, branch-3.5, branch-3.4, branch-3.3,
|
||||
branch-3.2, branch-3.0 ]
|
||||
steps:
|
||||
- name: early exit checks
|
||||
id: early_exit
|
||||
run: |
|
||||
if [ "${{ matrix.tree_a }}" = "${{ matrix.tree_b }}" ]; \
|
||||
then \
|
||||
echo "Skipping because both are the same version"; \
|
||||
exit 1; \
|
||||
fi
|
||||
continue-on-error: true
|
||||
|
||||
- uses: actions/download-artifact@v4.1.8
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
with:
|
||||
name: ${{ matrix.tree_a }}.tar.gz
|
||||
- name: unpack first build
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
run: tar xzf "${{ matrix.tree_a }}.tar.gz"
|
||||
|
||||
- uses: actions/download-artifact@v4.1.8
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
with:
|
||||
name: ${{ matrix.tree_b }}.tar.gz
|
||||
- name: unpack second build
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
run: tar xzf "${{ matrix.tree_b }}.tar.gz"
|
||||
|
||||
- name: set up cross validation of FIPS from A with tree from B
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
run: |
|
||||
cp providers/fips.so ../${{ matrix.tree_b }}/providers/
|
||||
cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/
|
||||
working-directory: ${{ matrix.tree_a }}
|
||||
|
||||
- name: show module versions from cross validation
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
run: |
|
||||
./util/wrap.pl -fips apps/openssl list -provider-path providers \
|
||||
-provider base \
|
||||
-provider default \
|
||||
-provider fips \
|
||||
-provider legacy \
|
||||
-providers
|
||||
working-directory: ${{ matrix.tree_b }}
|
||||
|
||||
- name: get cpu info
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
working-directory: ${{ matrix.tree_b }}
|
||||
|
||||
- name: run cross validation tests of FIPS from A with tree from B
|
||||
if: steps.early_exit.outcome == 'success'
|
||||
run: |
|
||||
make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
working-directory: ${{ matrix.tree_b }}
|
||||
65
.github/workflows/run-checker-ci.yml
vendored
65
.github/workflows/run-checker-ci.yml
vendored
@@ -1,65 +0,0 @@
|
||||
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
# Jobs run per pull request submission
|
||||
name: Run-checker CI
|
||||
on: [pull_request, push]
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
env:
|
||||
OSSL_RUN_CI_TESTS: 1
|
||||
|
||||
jobs:
|
||||
run-checker:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
opt: [
|
||||
no-cmp,
|
||||
no-cms,
|
||||
no-dgram,
|
||||
no-dh,
|
||||
no-dtls,
|
||||
no-ec,
|
||||
no-ecx,
|
||||
no-ml-dsa,
|
||||
no-ml-kem,
|
||||
no-http,
|
||||
no-legacy,
|
||||
no-sock,
|
||||
no-ssl-trace,
|
||||
no-stdio,
|
||||
no-threads,
|
||||
no-thread-pool,
|
||||
no-default-thread-pool,
|
||||
no-tls,
|
||||
no-tls1_2,
|
||||
no-tls1_3,
|
||||
enable-trace enable-fips,
|
||||
no-ui,
|
||||
no-quic
|
||||
]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }}
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
|
||||
- name: Check platform symbol usage
|
||||
run: ./util/checkplatformsyms.pl ./util/platform_symbols/unix-symbols.txt ./libcrypto.so ./libssl.so
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
367
.github/workflows/run-checker-daily.yml
vendored
367
.github/workflows/run-checker-daily.yml
vendored
@@ -1,367 +0,0 @@
|
||||
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: Run-checker daily
|
||||
# Jobs run daily
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '30 02 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
run-checker:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
opt: [
|
||||
386,
|
||||
no-afalgeng,
|
||||
no-apps,
|
||||
no-aria,
|
||||
no-asan,
|
||||
no-asm,
|
||||
no-async,
|
||||
no-atexit,
|
||||
no-autoalginit,
|
||||
no-autoerrinit,
|
||||
no-autoload-config,
|
||||
no-bf,
|
||||
no-blake2,
|
||||
no-buildtest-c++,
|
||||
no-bulk,
|
||||
no-cached-fetch,
|
||||
no-camellia,
|
||||
no-capieng,
|
||||
no-cast,
|
||||
no-chacha,
|
||||
no-cmac,
|
||||
no-comp,
|
||||
enable-crypto-mdebug,
|
||||
enable-crypto-mdebug-backtrace,
|
||||
no-ct,
|
||||
enable-demos,
|
||||
no-deprecated,
|
||||
no-des,
|
||||
# enable-devcryptoeng, # Cannot work on Linux
|
||||
no-docs,
|
||||
no-dsa,
|
||||
no-dtls1,
|
||||
no-dtls1_2,
|
||||
no-dtls1_2-method,
|
||||
no-dtls1-method,
|
||||
no-ecdh,
|
||||
no-ecdsa,
|
||||
enable-ec_nistp_64_gcc_128,
|
||||
enable-egd,
|
||||
no-engine,
|
||||
# enable-external-tests, # Requires extra setup
|
||||
enable-fips,
|
||||
enable-fips enable-acvp-tests,
|
||||
enable-fips no-tls1_3,
|
||||
enable-fips no-des no-dsa no-ec2m,
|
||||
# enable-fuzz-afl, # Requires extra setup
|
||||
# enable-fuzz-libfuzzer, # Requires extra setup
|
||||
no-gost,
|
||||
enable-h3demo,
|
||||
enable-heartbeats,
|
||||
enable-hqinterop,
|
||||
no-hw,
|
||||
no-hw-padlock,
|
||||
no-idea,
|
||||
no-makedepend,
|
||||
enable-md2,
|
||||
no-md4,
|
||||
no-mdc2,
|
||||
no-msan,
|
||||
no-multiblock,
|
||||
no-nextprotoneg,
|
||||
no-ocb,
|
||||
no-padlockeng,
|
||||
no-pic,
|
||||
no-poly1305,
|
||||
no-posix-io,
|
||||
no-psk,
|
||||
no-rc2,
|
||||
enable-rc5,
|
||||
no-rdrand,
|
||||
no-rfc3779,
|
||||
no-ripemd,
|
||||
no-rmd160,
|
||||
no-scrypt,
|
||||
no-secure-memory,
|
||||
no-seed,
|
||||
no-shared,
|
||||
no-siphash,
|
||||
no-siv,
|
||||
no-sm2,
|
||||
no-sm2-precomp,
|
||||
no-sm3,
|
||||
no-sm4,
|
||||
no-sock,
|
||||
no-sse2,
|
||||
no-ssl,
|
||||
enable-ssl3,
|
||||
enable-ssl3-method,
|
||||
enable-sslkeylog,
|
||||
no-static-engine no-shared,
|
||||
no-tests,
|
||||
enable-tfo,
|
||||
no-tls1,
|
||||
no-tls1_1,
|
||||
no-tls1_1-method,
|
||||
no-tls1_2-method,
|
||||
no-tls1-method,
|
||||
enable-trace,
|
||||
no-ubsan,
|
||||
no-ui-console,
|
||||
enable-unit-test,
|
||||
no-uplink,
|
||||
no-weak-ssl-ciphers,
|
||||
no-whirlpool,
|
||||
enable-zlib-dynamic,
|
||||
-DOPENSSL_PEDANTIC_ZEROIZATION,
|
||||
-DOPENSSL_PEDANTIC_ZEROIZATION enable-fips,
|
||||
-DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING,
|
||||
-DSSL3_ALIGN_PAYLOAD=4,
|
||||
-DOPENSSL_TLS_SECURITY_LEVEL=0
|
||||
]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: CC=clang ./config --strict-warnings --banner=Configured --strict-warnings ${{ matrix.opt }}
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
run-checker-sctp:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: Install Dependencies for sctp option
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq install lksctp-tools libsctp-dev
|
||||
|
||||
- name: Check SCTP and enable auth
|
||||
id: sctp_auth
|
||||
continue-on-error: true
|
||||
run: |
|
||||
checksctp
|
||||
sudo sysctl -w net.sctp.auth_enable=1
|
||||
|
||||
- name: config
|
||||
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
|
||||
run: CC=clang ./config --strict-warnings --banner=Configured enable-sctp
|
||||
|
||||
- name: config dump
|
||||
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
|
||||
run: ./configdata.pm --dump
|
||||
|
||||
- name: make
|
||||
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
|
||||
run: make -s -j4
|
||||
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
|
||||
- name: make test
|
||||
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
enable_brotli_dynamic:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: install brotli
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
|
||||
- name: checkout openssl
|
||||
uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: ./config --strict-warnings enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
enable_zstd_dynamic:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: install zstd
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
|
||||
- name: checkout openssl
|
||||
uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: ./config --strict-warnings enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
enable_brotli_and_zstd_dynamic:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: install brotli and zstd
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
|
||||
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
|
||||
- name: checkout openssl
|
||||
uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: ./config --strict-warnings enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
enable_brotli_and_asan_ubsan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: install brotli
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install brotli libbrotli1 libbrotli-dev
|
||||
- name: checkout openssl
|
||||
uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: Adjust ASLR for sanitizer
|
||||
run: |
|
||||
sudo cat /proc/sys/vm/mmap_rnd_bits
|
||||
sudo sysctl -w vm.mmap_rnd_bits=28
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DPEDANTIC && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
|
||||
|
||||
enable_zstd_and_asan_ubsan:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: install zstd
|
||||
run: |
|
||||
sudo apt-get update
|
||||
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install zstd libzstd1 libzstd-dev
|
||||
- name: checkout openssl
|
||||
uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: Adjust ASLR for sanitizer
|
||||
run: |
|
||||
sudo cat /proc/sys/vm/mmap_rnd_bits
|
||||
sudo sysctl -w vm.mmap_rnd_bits=28
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DPEDANTIC && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
|
||||
|
||||
enable_tfo:
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ ubuntu-latest, macos-13, macos-14 ]
|
||||
runs-on: ${{matrix.os}}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: CC=gcc ./config --strict-warnings --banner=Configured enable-tfo && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: ./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
enable_buildtest:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: ./config --strict-warnings --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips -D_DEFAULT_SOURCE && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
memory_sanitizer_slh_dsa:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: Adjust ASLR for sanitizer
|
||||
run: |
|
||||
sudo cat /proc/sys/vm/mmap_rnd_bits
|
||||
sudo sysctl -w vm.mmap_rnd_bits=28
|
||||
- name: config
|
||||
# --debug -O1 is to produce a debug build that runs in a reasonable amount of time
|
||||
run: CC=clang ./config --strict-warnings --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
|
||||
107
.github/workflows/run-checker-merge.yml
vendored
107
.github/workflows/run-checker-merge.yml
vendored
@@ -1,107 +0,0 @@
|
||||
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: Run-checker merge
|
||||
# Jobs run per merge to master
|
||||
|
||||
on: [push]
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
run-checker:
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
opt: [
|
||||
enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function,
|
||||
no-dso,
|
||||
no-dynamic-engine,
|
||||
no-ec2m enable-fips,
|
||||
no-engine no-shared,
|
||||
no-err,
|
||||
no-filenames,
|
||||
enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function,
|
||||
no-module,
|
||||
no-ocsp,
|
||||
no-pinshared,
|
||||
no-srp,
|
||||
no-srtp,
|
||||
no-ts,
|
||||
no-integrity-only-ciphers,
|
||||
enable-weak-ssl-ciphers,
|
||||
enable-zlib,
|
||||
enable-pie,
|
||||
]
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Adjust ASLR for sanitizer
|
||||
run: |
|
||||
sudo cat /proc/sys/vm/mmap_rnd_bits
|
||||
sudo sysctl -w vm.mmap_rnd_bits=28
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: CC=clang ./config --strict-warnings --banner=Configured ${{ matrix.opt }}
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
jitter:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: checkout openssl
|
||||
uses: actions/checkout@v4
|
||||
- name: checkout jitter
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
repository: smuellerDD/jitterentropy-library
|
||||
ref: v3.5.0
|
||||
path: jitter
|
||||
- name: build jitter
|
||||
run: make -C jitter/
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: config
|
||||
run: ./config --with-rand-seed=none enable-jitter enable-fips-jitter --with-jitter-include=jitter/ --with-jitter-lib=jitter/ -DOPENSSL_DEFAULT_SEED_SRC=JITTER && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
|
||||
|
||||
threads_sanitizer_atomic_fallback:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- name: Adjust ASLR for sanitizer
|
||||
run: |
|
||||
sudo cat /proc/sys/vm/mmap_rnd_bits
|
||||
sudo sysctl -w vm.mmap_rnd_bits=28
|
||||
- name: config
|
||||
run: CC=clang ./config --strict-warnings --banner=Configured no-shared no-fips -g -fsanitize=thread -DBROKEN_CLANG_ATOMICS && perl configdata.pm --dump
|
||||
- name: make
|
||||
run: make -s -j4
|
||||
- name: get cpu info
|
||||
run: |
|
||||
cat /proc/cpuinfo
|
||||
./util/opensslwrap.sh version -c
|
||||
- name: make test
|
||||
run: make test V=1 TESTS="test_lhash test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"
|
||||
71
.github/workflows/run_quic_interop.yml
vendored
71
.github/workflows/run_quic_interop.yml
vendored
@@ -1,71 +0,0 @@
|
||||
name: "Run openssl quic interop testing"
|
||||
|
||||
on:
|
||||
workflow_run:
|
||||
workflows: ["Build openssl interop container from master"]
|
||||
types: [completed]
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
run_quic_interop_openssl_client:
|
||||
strategy:
|
||||
matrix:
|
||||
tests: [http3, transfer, handshake, retry, chacha20, resumption, multiplexing, ipv6]
|
||||
servers: [quic-go, ngtcp2, mvfst, quiche, nginx, msquic, haproxy]
|
||||
exclude:
|
||||
- servers: msquic
|
||||
tests: retry
|
||||
fail-fast: false
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
repository: 'quic-interop/quic-interop-runner'
|
||||
fetch-depth: 0
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
pip install -r requirements.txt
|
||||
sudo add-apt-repository ppa:wireshark-dev/stable
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y tshark
|
||||
- name: Patch implementations file
|
||||
run: |
|
||||
jq '.openssl = { image: "quay.io/openssl-ci/openssl-quic-interop"
|
||||
, url: "https://github.com/openssl/openssl"
|
||||
, role: "both"
|
||||
}' ./implementations.json > ./implementations.tmp
|
||||
mv ./implementations.tmp implementations.json
|
||||
- name: "run interop with openssl client"
|
||||
run: |
|
||||
python3 ./run.py -c openssl -t ${{ matrix.tests }} -s ${{ matrix.servers }} --log-dir ./logs-client -d
|
||||
run_quic_interop_openssl_server:
|
||||
strategy:
|
||||
matrix:
|
||||
tests: [http3, transfer, handshake, retry, chacha20, resumption, amplificationlimit, ipv6]
|
||||
clients: [quic-go, ngtcp2, mvfst, quiche, msquic, openssl, chrome]
|
||||
exclude:
|
||||
- clients: mvfst
|
||||
tests: amplificationlimit
|
||||
fail-fast: false
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
repository: 'quic-interop/quic-interop-runner'
|
||||
fetch-depth: 0
|
||||
- name: Install dependencies
|
||||
run: |
|
||||
pip install -r requirements.txt
|
||||
sudo add-apt-repository ppa:wireshark-dev/stable
|
||||
sudo apt-get update
|
||||
sudo apt-get install -y tshark
|
||||
- name: Patch implementations file
|
||||
run: |
|
||||
jq '.openssl = { image: "quay.io/openssl-ci/openssl-quic-interop"
|
||||
, url: "https://github.com/openssl/openssl"
|
||||
, role: "both"
|
||||
}' ./implementations.json > ./implementations.tmp
|
||||
mv ./implementations.tmp implementations.json
|
||||
- name: "run interop with openssl server"
|
||||
run: |
|
||||
python3 ./run.py -s openssl -t ${{ matrix.tests }} -c ${{ matrix.clients }} --log-dir ./logs-server -d
|
||||
40
.github/workflows/static-analysis-on-prem.yml
vendored
40
.github/workflows/static-analysis-on-prem.yml
vendored
@@ -1,40 +0,0 @@
|
||||
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: Static Analysis On Prem
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '25 02 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
coverity-analysis:
|
||||
if: github.repository == 'openssl/openssl'
|
||||
runs-on: ubuntu-latest
|
||||
container: quay.io/openssl-ci/coverity-analysis:2024.3.1
|
||||
steps:
|
||||
- name: Put license
|
||||
run: echo ${{ secrets.COVERITY_LICENSE }} | base64 -d > /opt/coverity-analysis/bin/license.dat
|
||||
- name: Put auth key file
|
||||
run: |
|
||||
echo ${{ secrets.COVERITY_AUTH_KEY }} | base64 -d > /auth_key_file.txt
|
||||
chmod 0600 /auth_key_file.txt
|
||||
- uses: actions/checkout@v4
|
||||
- name: Config
|
||||
run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
|
||||
- name: Config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: Make
|
||||
run: cov-build --dir cov-int make -s -j4
|
||||
- name: Analyze
|
||||
run: cov-analyze --dir cov-int --strip-path $(pwd)
|
||||
- name: Commit defects
|
||||
run: cov-commit-defects --url https://coverity.openssl.org:443 --stream OpenSSL --dir cov-int --auth-key-file /auth_key_file.txt
|
||||
47
.github/workflows/static-analysis.yml
vendored
47
.github/workflows/static-analysis.yml
vendored
@@ -1,47 +0,0 @@
|
||||
# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: Static Analysis
|
||||
|
||||
#Run once a day
|
||||
on:
|
||||
schedule:
|
||||
- cron: '20 02 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
coverity:
|
||||
if: github.repository == 'openssl/openssl'
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: tool download
|
||||
run: |
|
||||
wget https://scan.coverity.com/download/linux64 \
|
||||
--post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
|
||||
--progress=dot:giga -O coverity_tool.tgz
|
||||
- name: config
|
||||
run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
|
||||
- name: config dump
|
||||
run: ./configdata.pm --dump
|
||||
- name: tool install
|
||||
run: tar xzf coverity_tool.tgz
|
||||
- name: make
|
||||
run: ./cov-analysis*/bin/cov-build --dir cov-int make -s -j4
|
||||
- name: archive
|
||||
run: tar czvf openssl.tgz cov-int
|
||||
- name: Coverity upload
|
||||
run: |
|
||||
curl --form token="${{ secrets.COVERITY_TOKEN }}" \
|
||||
--form email=openssl-commits@openssl.org \
|
||||
--form file=@openssl.tgz \
|
||||
--form version="`date -u -I` `git rev-parse --short HEAD`" \
|
||||
--form description="analysis of `git branch --show-current`" \
|
||||
https://scan.coverity.com/builds?project=openssl%2Fopenssl
|
||||
52
.github/workflows/style-checks.yml
vendored
52
.github/workflows/style-checks.yml
vendored
@@ -1,52 +0,0 @@
|
||||
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: Coding style validation
|
||||
|
||||
on: [pull_request]
|
||||
|
||||
env:
|
||||
PR_NUMBER: ${{ github.event.number }}
|
||||
GH_TOKEN: ${{ github.token }}
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
check-style:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
with:
|
||||
fetch-depth: 0
|
||||
path: openssl
|
||||
- name: check style for each commit
|
||||
working-directory: openssl
|
||||
shell: bash
|
||||
run: |
|
||||
ERRORS_FOUND=0
|
||||
git fetch origin $GITHUB_BASE_REF:$GITHUB_BASE_REF
|
||||
REFSTART=$(git rev-parse $GITHUB_BASE_REF)
|
||||
REFEND=$(git rev-parse HEAD)
|
||||
echo "Checking from $REFSTART to $REFEND"
|
||||
echo "::group::Style report for commits $REFSTART..$REFEND"
|
||||
set +e
|
||||
./util/check-format-commit.sh $REFSTART..$REFEND
|
||||
if [ $? -ne 0 ]
|
||||
then
|
||||
ERRORS_FOUND=1
|
||||
fi
|
||||
set -e
|
||||
echo "::endgroup::"
|
||||
SKIP_TEST=$(gh pr view $PR_NUMBER --json labels --jq '.labels[] | select(.name == "style: waived") | .name')
|
||||
if [ -z "$SKIP_TEST" ]
|
||||
then
|
||||
exit $ERRORS_FOUND
|
||||
else
|
||||
echo "PR $PR_NUMBER is marked with style: waived, waiving style check errors"
|
||||
exit 0
|
||||
fi
|
||||
203
.github/workflows/windows.yml
vendored
203
.github/workflows/windows.yml
vendored
@@ -1,203 +0,0 @@
|
||||
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: Windows GitHub CI
|
||||
|
||||
on: [pull_request, push]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
shared:
|
||||
# Run a job for each of the specified target architectures:
|
||||
strategy:
|
||||
matrix:
|
||||
platform:
|
||||
- arch: win64
|
||||
os: windows-2019
|
||||
config: enable-fips
|
||||
- arch: win64
|
||||
os: windows-2022
|
||||
config: enable-fips no-thread-pool no-quic
|
||||
- arch: win32
|
||||
os: windows-2022
|
||||
config: --strict-warnings no-fips
|
||||
runs-on: ${{ matrix.platform.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- uses: ilammy/msvc-dev-cmd@v1
|
||||
with:
|
||||
arch: ${{ matrix.platform.arch }}
|
||||
- name: install nasm
|
||||
run: |
|
||||
choco install nasm ${{ matrix.platform.arch == 'win32' && '--x86' || '' }}
|
||||
"C:\Program Files${{ matrix.platform.arch == 'win32' && ' (x86)' || '' }}\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
|
||||
- name: prepare the build directory
|
||||
run: mkdir _build
|
||||
- name: config
|
||||
working-directory: _build
|
||||
run: |
|
||||
perl ..\Configure --banner=Configured no-makedepend -DOSSL_WINCTX=openssl ${{ matrix.platform.config }}
|
||||
perl configdata.pm --dump
|
||||
- name: build
|
||||
working-directory: _build
|
||||
run: nmake /S
|
||||
- name: download coreinfo
|
||||
uses: suisei-cn/actions-download-file@v1.6.0
|
||||
with:
|
||||
url: "https://download.sysinternals.com/files/Coreinfo.zip"
|
||||
target: _build/coreinfo/
|
||||
- name: Gather openssl version info
|
||||
working-directory: _build
|
||||
run: |
|
||||
apps/openssl.exe version -v
|
||||
apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
|
||||
apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
|
||||
echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
|
||||
- name: Set registry keys
|
||||
working-directory: _build
|
||||
run: |
|
||||
echo ${Env:OSSL_VERSION}
|
||||
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
|
||||
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
|
||||
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
|
||||
reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
|
||||
- name: get cpu info
|
||||
working-directory: _build
|
||||
continue-on-error: true
|
||||
run: |
|
||||
7z.exe x coreinfo/Coreinfo.zip
|
||||
./Coreinfo64.exe -accepteula -f
|
||||
./apps/openssl.exe version -c
|
||||
- name: Check platform symbol usage
|
||||
working-directory: _build
|
||||
run: perl ../util/checkplatformsyms.pl ../util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll
|
||||
- name: test
|
||||
working-directory: _build
|
||||
run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4
|
||||
- name: install
|
||||
# Run on 64 bit only as 32 bit is slow enough already
|
||||
if: ${{ matrix.platform.arch == 'win64' }}
|
||||
run: |
|
||||
mkdir _dest
|
||||
nmake install DESTDIR=_dest
|
||||
working-directory: _build
|
||||
plain:
|
||||
strategy:
|
||||
matrix:
|
||||
os:
|
||||
# Reducing CI footprint - windows-2019
|
||||
- windows-2022
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- uses: ilammy/msvc-dev-cmd@v1
|
||||
- name: prepare the build directory
|
||||
run: mkdir _build
|
||||
- name: config
|
||||
working-directory: _build
|
||||
run: |
|
||||
perl ..\Configure --banner=Configured enable-demos no-makedepend no-shared no-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-crypto-mdebug -DOSSL_WINCTX=openssl VC-WIN64A-masm
|
||||
perl configdata.pm --dump
|
||||
- name: build
|
||||
working-directory: _build
|
||||
run: nmake /S
|
||||
- name: download coreinfo
|
||||
uses: suisei-cn/actions-download-file@v1.6.0
|
||||
with:
|
||||
url: "https://download.sysinternals.com/files/Coreinfo.zip"
|
||||
target: _build/coreinfo/
|
||||
- name: get cpu info
|
||||
working-directory: _build
|
||||
continue-on-error: true
|
||||
run: |
|
||||
7z.exe x coreinfo/Coreinfo.zip
|
||||
./Coreinfo64.exe -accepteula -f
|
||||
./apps/openssl.exe version -c
|
||||
- name: test
|
||||
working-directory: _build
|
||||
run: nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4
|
||||
minimal:
|
||||
strategy:
|
||||
matrix:
|
||||
os:
|
||||
- windows-2019
|
||||
# Reducing CI footprint - windows-2022
|
||||
runs-on: ${{ matrix.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- uses: ilammy/msvc-dev-cmd@v1
|
||||
- name: prepare the build directory
|
||||
run: mkdir _build
|
||||
- name: config
|
||||
working-directory: _build
|
||||
run: |
|
||||
perl ..\Configure --banner=Configured enable-demos no-makedepend no-bulk no-deprecated no-fips no-asm no-threads -DOPENSSL_SMALL_FOOTPRINT -DOSSL_WINCTX=openssl
|
||||
perl configdata.pm --dump
|
||||
- name: build
|
||||
working-directory: _build
|
||||
run: nmake # verbose, so no /S here
|
||||
- name: download coreinfo
|
||||
uses: suisei-cn/actions-download-file@v1.6.0
|
||||
with:
|
||||
url: "https://download.sysinternals.com/files/Coreinfo.zip"
|
||||
target: _build/coreinfo/
|
||||
- name: get cpu info
|
||||
working-directory: _build
|
||||
continue-on-error: true
|
||||
run: |
|
||||
7z.exe x coreinfo/Coreinfo.zip
|
||||
./Coreinfo64.exe -accepteula -f
|
||||
./apps/openssl.exe version -c
|
||||
- name: test
|
||||
working-directory: _build
|
||||
run: nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4
|
||||
cygwin:
|
||||
# Run a job for each of the specified target architectures:
|
||||
strategy:
|
||||
matrix:
|
||||
os:
|
||||
- windows-2019
|
||||
# really worth while running, too? cygwin should mask this
|
||||
# - windows-2022
|
||||
platform:
|
||||
- arch: win64
|
||||
config: -DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips
|
||||
# are we really learning sth new from win32? So let's save some CO2 for now disabling this
|
||||
# - arch: win32
|
||||
# config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips
|
||||
runs-on: ${{ matrix.os }}
|
||||
env:
|
||||
CYGWIN_NOWINPATH: 1
|
||||
SHELLOPTS: igncr
|
||||
# Don't overwhelm github CI VMs:
|
||||
MAKE_PARAMS: -j 4
|
||||
steps:
|
||||
# Checkout before cygwin can mess with PATH...
|
||||
- uses: actions/checkout@v4
|
||||
- uses: cygwin/cygwin-install-action@master
|
||||
with:
|
||||
packages: perl git make gcc-core
|
||||
- name: Check repo
|
||||
run: cygcheck -V
|
||||
- name: Full cygcheck status
|
||||
run: cygcheck -s -v -r -h
|
||||
# Activate this if checkout action fails:
|
||||
# - name: Clone repo
|
||||
# run: bash -c "pwd && git clone --branch ${{ github.ref_name }} --depth 1 https://github.com/${{ github.repository }}.git"
|
||||
- name: Full build
|
||||
run: bash -c "gcc --version && ./config ${{ matrix.platform.config }} && make $MAKE_PARAMS"
|
||||
# Disable testing for now. TBD: Need local cygwin installation to debug .
|
||||
# - name: Run openssl tests
|
||||
# run: bash -c "cd openssl && make V=1 test"
|
||||
143
.github/workflows/windows_comp.yml
vendored
143
.github/workflows/windows_comp.yml
vendored
@@ -1,143 +0,0 @@
|
||||
# Copyright 2022-2024 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
name: Windows Compression GitHub CI
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- 'crypto/comp/*.c'
|
||||
- '.github/workflows/windows_comp.yml'
|
||||
push:
|
||||
paths:
|
||||
- '**.c'
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
zstd:
|
||||
runs-on: windows-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- uses: ilammy/msvc-dev-cmd@v1
|
||||
- name: install nasm
|
||||
run: |
|
||||
choco install nasm
|
||||
"C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
|
||||
- name: prepare the build directory
|
||||
run: mkdir _build
|
||||
- name: Get zstd
|
||||
working-directory: _build
|
||||
run: |
|
||||
vcpkg install zstd:x64-windows
|
||||
- name: config
|
||||
working-directory: _build
|
||||
run: |
|
||||
perl ..\Configure enable-comp enable-zstd --with-zstd-include=C:\vcpkg\packages\zstd_x64-windows\include --with-zstd-lib=C:\vcpkg\packages\zstd_x64-windows\lib\zstd.lib no-makedepend -DOSSL_WINCTX=openssl VC-WIN64A
|
||||
perl configdata.pm --dump
|
||||
- name: build
|
||||
working-directory: _build
|
||||
run: nmake
|
||||
- name: Gather openssl version info
|
||||
working-directory: _build
|
||||
run: |
|
||||
$env:Path+=";C:\vcpkg\packages\zstd_x64-windows\bin"
|
||||
apps/openssl.exe version -v
|
||||
apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
|
||||
apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
|
||||
echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
|
||||
- name: Set registry keys
|
||||
working-directory: _build
|
||||
run: |
|
||||
echo ${Env:OSSL_VERSION}
|
||||
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
|
||||
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
|
||||
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
|
||||
reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
|
||||
- name: download coreinfo
|
||||
uses: suisei-cn/actions-download-file@v1.6.0
|
||||
with:
|
||||
url: "https://download.sysinternals.com/files/Coreinfo.zip"
|
||||
target: _build/coreinfo/
|
||||
- name: get cpu info
|
||||
working-directory: _build
|
||||
continue-on-error: true
|
||||
run: |
|
||||
$env:Path+=";C:\vcpkg\packages\zstd_x64-windows\bin"
|
||||
7z.exe x coreinfo/Coreinfo.zip
|
||||
./Coreinfo64.exe -accepteula -f
|
||||
./apps/openssl.exe version -c
|
||||
- name: Check platform symbol usage
|
||||
run: |
|
||||
perl ./util/checkplatformsyms.pl ./util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll
|
||||
- name: test
|
||||
working-directory: _build
|
||||
run: |
|
||||
$env:Path+=";C:\vcpkg\packages\zstd_x64-windows\bin"
|
||||
nmake test VERBOSE_FAILURE=yes TESTS="-test_fuzz* -test_fipsload" HARNESS_JOBS=4
|
||||
brotli:
|
||||
runs-on: windows-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
- name: checkout fuzz/corpora submodule
|
||||
run: git submodule update --init --depth 1 fuzz/corpora
|
||||
- uses: ilammy/msvc-dev-cmd@v1
|
||||
- name: install nasm
|
||||
run: |
|
||||
choco install nasm
|
||||
"C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
|
||||
- name: prepare the build directory
|
||||
run: mkdir _build
|
||||
- name: Get brotli
|
||||
working-directory: _build
|
||||
run: |
|
||||
vcpkg install brotli:x64-windows
|
||||
- name: config
|
||||
working-directory: _build
|
||||
run: |
|
||||
perl ..\Configure enable-comp enable-brotli --with-brotli-include=C:\vcpkg\packages\brotli_x64-windows\include --with-brotli-lib=C:\vcpkg\packages\brotli_x64-windows\lib no-makedepend -DOSSL_WINCTX=openssl VC-WIN64A
|
||||
perl configdata.pm --dump
|
||||
- name: build
|
||||
working-directory: _build
|
||||
run: nmake
|
||||
- name: Gather openssl version info
|
||||
working-directory: _build
|
||||
run: |
|
||||
$env:Path+=";C:\vcpkg\packages\brotli_x64-windows\bin"
|
||||
apps/openssl.exe version -v
|
||||
apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
|
||||
apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
|
||||
echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
|
||||
- name: Set registry keys
|
||||
working-directory: _build
|
||||
run: |
|
||||
echo ${Env:OSSL_VERSION}
|
||||
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
|
||||
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v ENGINESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
|
||||
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
|
||||
reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
|
||||
- name: download coreinfo
|
||||
uses: suisei-cn/actions-download-file@v1.6.0
|
||||
with:
|
||||
url: "https://download.sysinternals.com/files/Coreinfo.zip"
|
||||
target: _build/coreinfo/
|
||||
- name: get cpu info
|
||||
working-directory: _build
|
||||
continue-on-error: true
|
||||
run: |
|
||||
$env:Path+=";C:\vcpkg\packages\brotli_x64-windows\bin"
|
||||
7z.exe x coreinfo/Coreinfo.zip
|
||||
./Coreinfo64.exe -accepteula -f
|
||||
./apps/openssl.exe version -c
|
||||
- name: test
|
||||
working-directory: _build
|
||||
run: |
|
||||
$env:Path+=";C:\vcpkg\packages\brotli_x64-windows\bin"
|
||||
nmake test VERBOSE_FAILURE=yes TESTS="-test_fuzz* -test_fipsload" HARNESS_JOBS=4
|
||||
329
.gitignore
vendored
329
.gitignore
vendored
@@ -1,329 +0,0 @@
|
||||
# Ignore editor artefacts
|
||||
/.dir-locals.el
|
||||
|
||||
# Top level excludes
|
||||
/Makefile.in
|
||||
/Makefile
|
||||
/MINFO
|
||||
/TABLE
|
||||
/rehash.time
|
||||
/inc.*
|
||||
/makefile.*
|
||||
/out.*
|
||||
/tmp.*
|
||||
/configdata.pm
|
||||
/builddata.pm
|
||||
/installdata.pm
|
||||
|
||||
# Exporters
|
||||
/*.pc
|
||||
/OpenSSLConfig*.cmake
|
||||
/exporters/*.pc
|
||||
/exporters/OpenSSLConfig*.cmake
|
||||
|
||||
# Links under apps
|
||||
/apps/CA.pl
|
||||
/apps/tsget
|
||||
/apps/tsget.pl
|
||||
/apps/md4.c
|
||||
|
||||
# Auto generated headers
|
||||
/crypto/buildinf.h
|
||||
/include/crypto/*_conf.h
|
||||
/include/openssl/asn1.h
|
||||
/include/openssl/asn1t.h
|
||||
/include/openssl/bio.h
|
||||
/include/openssl/cmp.h
|
||||
/include/openssl/cms.h
|
||||
/include/openssl/comp.h
|
||||
/include/openssl/conf.h
|
||||
/include/openssl/configuration.h
|
||||
/include/openssl/crmf.h
|
||||
/include/openssl/crypto.h
|
||||
/include/openssl/ct.h
|
||||
/include/openssl/err.h
|
||||
/include/openssl/ess.h
|
||||
/include/openssl/fipskey.h
|
||||
/include/openssl/lhash.h
|
||||
/include/openssl/ocsp.h
|
||||
/include/openssl/opensslv.h
|
||||
/include/openssl/pkcs12.h
|
||||
/include/openssl/pkcs7.h
|
||||
/include/openssl/safestack.h
|
||||
/include/openssl/srp.h
|
||||
/include/openssl/ssl.h
|
||||
/include/openssl/ui.h
|
||||
/include/openssl/x509.h
|
||||
/include/openssl/x509v3.h
|
||||
/include/openssl/x509_acert.h
|
||||
/include/openssl/x509_vfy.h
|
||||
/include/openssl/core_names.h
|
||||
/include/internal/param_names.h
|
||||
|
||||
# Auto generated parameter name files
|
||||
/crypto/params_idx.c
|
||||
|
||||
# Auto generated doc files
|
||||
doc/man1/openssl-*.pod
|
||||
|
||||
# Auto generated der files
|
||||
providers/common/der/der_slh_dsa_gen.c
|
||||
providers/common/der/der_digests_gen.c
|
||||
providers/common/der/der_dsa_gen.c
|
||||
providers/common/der/der_ec_gen.c
|
||||
providers/common/der/der_ecx_gen.c
|
||||
providers/common/der/der_rsa_gen.c
|
||||
providers/common/der/der_wrap_gen.c
|
||||
providers/common/der/der_sm2_gen.c
|
||||
providers/common/der/der_ml_dsa_gen.c
|
||||
providers/common/include/prov/der_slh_dsa.h
|
||||
providers/common/include/prov/der_dsa.h
|
||||
providers/common/include/prov/der_ec.h
|
||||
providers/common/include/prov/der_ecx.h
|
||||
providers/common/include/prov/der_rsa.h
|
||||
providers/common/include/prov/der_digests.h
|
||||
providers/common/include/prov/der_wrap.h
|
||||
providers/common/include/prov/der_sm2.h
|
||||
providers/common/include/prov/der_ml_dsa.h
|
||||
|
||||
# error code files
|
||||
/crypto/err/openssl.txt.old
|
||||
/engines/e_afalg.txt.old
|
||||
/engines/e_capi.txt.old
|
||||
/engines/e_dasync.txt.old
|
||||
/engines/e_ossltest.txt.old
|
||||
|
||||
# Executables
|
||||
/apps/openssl
|
||||
/test/sha256t
|
||||
/test/sha512t
|
||||
/test/gost2814789t
|
||||
/test/ssltest_old
|
||||
/test/*test
|
||||
/test/fips_aesavs
|
||||
/test/fips_desmovs
|
||||
/test/fips_dhvs
|
||||
/test/fips_drbgvs
|
||||
/test/fips_dssvs
|
||||
/test/fips_ecdhvs
|
||||
/test/fips_ecdsavs
|
||||
/test/fips_rngvs
|
||||
/test/fips_test_suite
|
||||
/test/ssltest_old
|
||||
/test/x509aux
|
||||
/test/v3ext
|
||||
/test/versions
|
||||
/test/ossl_shim/ossl_shim
|
||||
/test/rsa_complex
|
||||
/test/confdump
|
||||
/test/bio_prefix_text
|
||||
/test/evp_extra_test2
|
||||
/test/evp_pkey_ctx_new_from_name
|
||||
/test/threadstest_fips
|
||||
/test/timing_load_creds
|
||||
|
||||
# Demo applications
|
||||
/demos/bio/client-arg
|
||||
/demos/bio/client-conf
|
||||
/demos/bio/saccept
|
||||
/demos/bio/sconnect
|
||||
/demos/bio/server-arg
|
||||
/demos/bio/server-cmod
|
||||
/demos/bio/server-conf
|
||||
/demos/cipher/aesccm
|
||||
/demos/cipher/aesgcm
|
||||
/demos/cipher/aeskeywrap
|
||||
/demos/cipher/ariacbc
|
||||
/demos/cms/cms_comp
|
||||
/demos/cms/cms_ddec
|
||||
/demos/cms/cms_dec
|
||||
/demos/cms/cms_denc
|
||||
/demos/cms/cms_enc
|
||||
/demos/cms/cms_sign
|
||||
/demos/cms/cms_sign2
|
||||
/demos/cms/cms_uncomp
|
||||
/demos/cms/cms_ver
|
||||
/demos/digest/BIO_f_md
|
||||
/demos/digest/EVP_MD_demo
|
||||
/demos/digest/EVP_MD_stdin
|
||||
/demos/digest/EVP_MD_xof
|
||||
/demos/encode/ec_encode
|
||||
/demos/encode/rsa_encode
|
||||
/demos/encrypt/rsa_encrypt
|
||||
/demos/guide/quic-client-block
|
||||
/demos/guide/quic-client-non-block
|
||||
/demos/guide/quic-hq-interop
|
||||
/demos/guide/quic-multi-stream
|
||||
/demos/guide/tls-client-block
|
||||
/demos/guide/tls-client-non-block
|
||||
/demos/http3/libnghttp3.pc
|
||||
/demos/http3/nghttp3/
|
||||
/demos/http3/ossl-nghttp3-demo
|
||||
/demos/kdf/argon2
|
||||
/demos/kdf/hkdf
|
||||
/demos/kdf/pbkdf2
|
||||
/demos/kdf/scrypt
|
||||
/demos/keyexch/x25519
|
||||
/demos/mac/cmac-aes256
|
||||
/demos/mac/gmac
|
||||
/demos/mac/hmac-sha512
|
||||
/demos/mac/poly1305
|
||||
/demos/pkey/EVP_PKEY_DSA_keygen
|
||||
/demos/pkey/EVP_PKEY_DSA_paramfromdata
|
||||
/demos/pkey/EVP_PKEY_DSA_paramgen
|
||||
/demos/pkey/EVP_PKEY_DSA_paramvalidate
|
||||
/demos/pkey/EVP_PKEY_EC_keygen
|
||||
/demos/pkey/EVP_PKEY_RSA_keygen
|
||||
/demos/signature/EVP_DSA_Signature_demo
|
||||
/demos/signature/EVP_EC_Signature_demo
|
||||
/demos/signature/EVP_ED_Signature_demo
|
||||
/demos/signature/rsa_pss_direct
|
||||
/demos/signature/rsa_pss_hash
|
||||
/demos/smime/smdec
|
||||
/demos/smime/smenc
|
||||
/demos/smime/smsign
|
||||
/demos/smime/smsign2
|
||||
/demos/smime/smver
|
||||
/demos/sslecho/sslecho
|
||||
|
||||
# Certain files that get created by tests on the fly
|
||||
/test-runs
|
||||
/test/buildtest_*
|
||||
/test/provider_internal_test.cnf
|
||||
/test/fipsmodule.cnf
|
||||
/providers/fipsmodule.cnf
|
||||
|
||||
# Fuzz stuff.
|
||||
# Anything without an extension is an executable on Unix, so we keep files
|
||||
# with extensions. And we keep the corpora subddir versioned as well.
|
||||
# Anything more generic with extensions that should be ignored will be taken
|
||||
# care of by general ignores for those extensions (*.o, *.obj, *.exe, ...)
|
||||
/fuzz/*
|
||||
!/fuzz/README*
|
||||
!/fuzz/corpora
|
||||
!/fuzz/*.*
|
||||
|
||||
# Misc auto generated files
|
||||
/doc/man7/openssl_user_macros.pod
|
||||
/tools/c_rehash
|
||||
/tools/c_rehash.pl
|
||||
/util/shlib_wrap.sh
|
||||
/util/wrap.pl
|
||||
/tags
|
||||
/TAGS
|
||||
*.map
|
||||
*.ld
|
||||
/apps/progs.c
|
||||
/apps/progs.h
|
||||
|
||||
# macOS
|
||||
.DS_Store
|
||||
|
||||
# Windows (legacy)
|
||||
/tmp32
|
||||
/tmp32.dbg
|
||||
/tmp32dll
|
||||
/tmp32dll.dbg
|
||||
/out32
|
||||
/out32.dbg
|
||||
/out32dll
|
||||
/out32dll.dbg
|
||||
/inc32
|
||||
/MINFO
|
||||
/ms/bcb.mak
|
||||
/ms/libeay32.def
|
||||
/ms/nt.mak
|
||||
/ms/ntdll.mak
|
||||
/ms/ssleay32.def
|
||||
/ms/version32.rc
|
||||
|
||||
# Files created on other branches that are not held in git, and are not
|
||||
# needed on this branch
|
||||
/include/openssl/des_old.h
|
||||
/include/openssl/fips.h
|
||||
/include/openssl/fips_rand.h
|
||||
/include/openssl/krb5_asn.h
|
||||
/include/openssl/kssl.h
|
||||
/include/openssl/pq_compat.h
|
||||
/include/openssl/ssl23.h
|
||||
/include/openssl/tmdiff.h
|
||||
/include/openssl/ui_compat.h
|
||||
/test/fips_aesavs.c
|
||||
/test/fips_desmovs.c
|
||||
/test/fips_dsatest.c
|
||||
/test/fips_dssvs.c
|
||||
/test/fips_hmactest.c
|
||||
/test/fips_randtest.c
|
||||
/test/fips_rngvs.c
|
||||
/test/fips_rsagtest.c
|
||||
/test/fips_rsastest.c
|
||||
/test/fips_rsavtest.c
|
||||
/test/fips_shatest.c
|
||||
/test/fips_test_suite.c
|
||||
/test/shatest.c
|
||||
|
||||
# Generated docs directories
|
||||
/doc/html
|
||||
/doc/man
|
||||
|
||||
##### Generic patterns
|
||||
# Auto generated assembly language source files
|
||||
*.s
|
||||
!/crypto/*/asm/*.s
|
||||
/crypto/arm*.S
|
||||
/crypto/*/*.S
|
||||
*.asm
|
||||
!/crypto/*/asm/*.asm
|
||||
|
||||
# Object files
|
||||
*.o
|
||||
*.obj
|
||||
|
||||
# editor artefacts
|
||||
*.swp
|
||||
.#*
|
||||
\#*#
|
||||
*~
|
||||
|
||||
# Certificate symbolic links
|
||||
*.0
|
||||
|
||||
# All kinds of libraries and executables
|
||||
*.a
|
||||
*.so
|
||||
*.so.*
|
||||
*.dylib
|
||||
*.dylib.*
|
||||
*.dll
|
||||
*.dll.*
|
||||
*.exe
|
||||
*.pyc
|
||||
*.exp
|
||||
*.lib
|
||||
*.pdb
|
||||
*.tds
|
||||
*.ilk
|
||||
*.def
|
||||
*.rc
|
||||
*.res
|
||||
|
||||
# Misc generated stuff
|
||||
Makefile.save
|
||||
/crypto/**/lib
|
||||
/engines/**/lib
|
||||
/ssl/**/lib
|
||||
*.bak
|
||||
cscope.*
|
||||
*.d
|
||||
!.ctags.d
|
||||
*.d.tmp
|
||||
pod2htmd.tmp
|
||||
MAKE0[0-9][0-9][0-9].@@@
|
||||
|
||||
# Windows manifest files
|
||||
*.manifest
|
||||
doc-nits
|
||||
|
||||
# LSP (Language Server Protocol) support
|
||||
.cache/
|
||||
compile_commands.json
|
||||
37
.gitmodules
vendored
37
.gitmodules
vendored
@@ -1,37 +0,0 @@
|
||||
[submodule "pyca.cryptography"]
|
||||
path = pyca-cryptography
|
||||
url = https://github.com/pyca/cryptography.git
|
||||
|
||||
[submodule "krb5"]
|
||||
path = krb5
|
||||
url = https://github.com/krb5/krb5
|
||||
|
||||
[submodule "gost-engine"]
|
||||
path = gost-engine
|
||||
url = https://github.com/gost-engine/engine
|
||||
update = rebase
|
||||
[submodule "wycheproof"]
|
||||
path = wycheproof
|
||||
url = https://github.com/google/wycheproof
|
||||
[submodule "tlsfuzzer"]
|
||||
path = tlsfuzzer
|
||||
url = https://github.com/tlsfuzzer/tlsfuzzer
|
||||
[submodule "python-ecdsa"]
|
||||
path = python-ecdsa
|
||||
url = https://github.com/tlsfuzzer/python-ecdsa
|
||||
[submodule "tlslite-ng"]
|
||||
path = tlslite-ng
|
||||
url = https://github.com/tlsfuzzer/tlslite-ng
|
||||
[submodule "oqs-provider"]
|
||||
path = oqs-provider
|
||||
url = https://github.com/open-quantum-safe/oqs-provider.git
|
||||
[submodule "cloudflare-quiche"]
|
||||
path = cloudflare-quiche
|
||||
url = https://github.com/cloudflare/quiche
|
||||
[submodule "fuzz/corpora"]
|
||||
path = fuzz/corpora
|
||||
url = https://github.com/openssl/fuzz-corpora
|
||||
branch = main
|
||||
[submodule "pkcs11-provider"]
|
||||
path = pkcs11-provider
|
||||
url = https://github.com/latchset/pkcs11-provider.git
|
||||
@@ -1,6 +0,0 @@
|
||||
Acknowledgements
|
||||
================
|
||||
|
||||
Please see our [Thanks!][] page for the current acknowledgements.
|
||||
|
||||
[Thanks!]: https://www.openssl.org/community/thanks.html
|
||||
53
AUTHORS.md
53
AUTHORS.md
@@ -1,53 +0,0 @@
|
||||
Authors
|
||||
=======
|
||||
|
||||
This is the list of OpenSSL authors for copyright purposes.
|
||||
It does not necessarily list everyone who has contributed code,
|
||||
since in some cases, their employer may be the copyright holder.
|
||||
To see the full list of contributors, see the revision history in
|
||||
source control.
|
||||
|
||||
Groups
|
||||
------
|
||||
|
||||
* OpenSSL Software Services, Inc.
|
||||
* OpenSSL Software Foundation, Inc.
|
||||
* Google LLC
|
||||
|
||||
Individuals
|
||||
-----------
|
||||
|
||||
* Andy Polyakov
|
||||
* Ben Laurie
|
||||
* Ben Kaduk
|
||||
* Bernd Edlinger
|
||||
* Bodo Möller
|
||||
* David Benjamin
|
||||
* David von Oheimb
|
||||
* Dmitry Belyavskiy (Дмитрий Белявский)
|
||||
* Emilia Käsper
|
||||
* Eric Young
|
||||
* Geoff Thorpe
|
||||
* Holger Reif
|
||||
* Kurt Roeckx
|
||||
* Lutz Jänicke
|
||||
* Mark J. Cox
|
||||
* Matt Caswell
|
||||
* Matthias St. Pierre
|
||||
* Nicola Tuveri
|
||||
* Nils Larsch
|
||||
* Patrick Steuer
|
||||
* Paul Dale
|
||||
* Paul C. Sutton
|
||||
* Paul Yang
|
||||
* Ralf S. Engelschall
|
||||
* Rich Salz
|
||||
* Richard Levitte
|
||||
* Shane Lontis
|
||||
* Stephen Henson
|
||||
* Steve Marquess
|
||||
* Tim Hudson
|
||||
* Tomáš Mráz
|
||||
* Ulf Möller
|
||||
* Valerii Krygin
|
||||
* Viktor Dukhovni
|
||||
21458
CHANGES.md
21458
CHANGES.md
File diff suppressed because it is too large
Load Diff
@@ -1,6 +0,0 @@
|
||||
Code of Conduct
|
||||
===============
|
||||
|
||||
The OpenSSL [Code of Conduct] is published on the project's website.
|
||||
|
||||
[Code of Conduct]: https://www.openssl.org/community/conduct.html
|
||||
104
CONTRIBUTING.md
104
CONTRIBUTING.md
@@ -1,104 +0,0 @@
|
||||
HOW TO CONTRIBUTE TO OpenSSL
|
||||
============================
|
||||
|
||||
Please visit our [Getting Started] page for other ideas about how to contribute.
|
||||
|
||||
[Getting Started]: <https://openssl-library.org/community/getting-started>
|
||||
|
||||
Development is done on GitHub in the [openssl/openssl] repository.
|
||||
|
||||
[openssl/openssl]: <https://github.com/openssl/openssl>
|
||||
|
||||
To request a new feature, ask a question, or report a bug,
|
||||
please open an [issue on GitHub](https://github.com/openssl/openssl/issues).
|
||||
|
||||
To submit a patch or implement a new feature, please open a
|
||||
[pull request on GitHub](https://github.com/openssl/openssl/pulls).
|
||||
If you are thinking of making a large contribution,
|
||||
open an issue for it before starting work, to get comments from the community.
|
||||
Someone may be already working on the same thing,
|
||||
or there may be special reasons why a feature is not implemented.
|
||||
|
||||
To make it easier to review and accept your pull request, please follow these
|
||||
guidelines:
|
||||
|
||||
1. Anything other than a trivial contribution requires a [Contributor
|
||||
License Agreement] (CLA), giving us permission to use your code.
|
||||
If your contribution is too small to require a CLA (e.g., fixing a spelling
|
||||
mistake), then place the text "`CLA: trivial`" on a line by itself below
|
||||
the rest of your commit message separated by an empty line, like this:
|
||||
|
||||
```
|
||||
One-line summary of trivial change
|
||||
|
||||
Optional main body of commit message. It might contain a sentence
|
||||
or two explaining the trivial change.
|
||||
|
||||
CLA: trivial
|
||||
```
|
||||
|
||||
It is not sufficient to only place the text "`CLA: trivial`" in the GitHub
|
||||
pull request description.
|
||||
|
||||
[Contributor License Agreement]: <https://www.openssl.org/policies/cla.html>
|
||||
|
||||
To amend a missing "`CLA: trivial`" line after submission, do the following:
|
||||
|
||||
```
|
||||
git commit --amend
|
||||
# add the line, save and quit the editor
|
||||
git push -f [<repository> [<branch>]]
|
||||
```
|
||||
|
||||
2. All source files should start with the following text (with
|
||||
appropriate comment characters at the start of each line and the
|
||||
year(s) updated):
|
||||
|
||||
```
|
||||
Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
this file except in compliance with the License. You can obtain a copy
|
||||
in the file LICENSE in the source distribution or at
|
||||
https://www.openssl.org/source/license.html
|
||||
```
|
||||
|
||||
3. Patches should be as current as possible; expect to have to rebase
|
||||
often. We do not accept merge commits, you will have to remove them
|
||||
(usually by rebasing) before it will be acceptable.
|
||||
|
||||
4. Code provided should follow our [coding style] and [documentation policy]
|
||||
and compile without warnings.
|
||||
There is a [Perl tool](util/check-format.pl) that helps
|
||||
finding code formatting mistakes and other coding style nits.
|
||||
Where `gcc` or `clang` is available, you should use the
|
||||
`--strict-warnings` `Configure` option. OpenSSL compiles on many varied
|
||||
platforms: try to ensure you only use portable features.
|
||||
Clean builds via GitHub Actions are required. They are started automatically
|
||||
whenever a PR is created or updated by committers.
|
||||
|
||||
[coding style]: https://openssl-library.org/policies/technical/coding-style/
|
||||
[documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/
|
||||
|
||||
5. When at all possible, code contributions should include tests. These can
|
||||
either be added to an existing test, or completely new. Please see
|
||||
[test/README.md](test/README.md) for information on the test framework.
|
||||
|
||||
6. New features or changed functionality must include
|
||||
documentation. Please look at the `.pod` files in `doc/man[1357]` for
|
||||
examples of our style. Run `make doc-nits` to make sure that your
|
||||
documentation changes are clean.
|
||||
|
||||
7. For user visible changes (API changes, behaviour changes, ...),
|
||||
consider adding a note in [CHANGES.md](CHANGES.md).
|
||||
This could be a summarising description of the change, and could
|
||||
explain the grander details.
|
||||
Have a look through existing entries for inspiration.
|
||||
Please note that this is NOT simply a copy of git-log one-liners.
|
||||
Also note that security fixes get an entry in [CHANGES.md](CHANGES.md).
|
||||
This file helps users get more in-depth information of what comes
|
||||
with a specific release without having to sift through the higher
|
||||
noise ratio in git-log.
|
||||
|
||||
8. Guidelines on how to integrate error output of new crypto library modules
|
||||
can be found in [crypto/err/README.md](crypto/err/README.md).
|
||||
65
COPYRIGHT
Normal file
65
COPYRIGHT
Normal file
@@ -0,0 +1,65 @@
|
||||
Copyright (C) 1997 Eric Young (eay@cryptsoft.com)
|
||||
All rights reserved.
|
||||
|
||||
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com).
|
||||
The implementation was written so as to conform with Netscapes SSL.
|
||||
|
||||
This library is free for commercial and non-commercial use as long as
|
||||
the following conditions are aheared to. The following conditions
|
||||
apply to all code found in this distribution, be it the RC4, RSA,
|
||||
lhash, DES, etc., code; not just the SSL code. The SSL documentation
|
||||
included with this distribution is covered by the same copyright terms
|
||||
except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
||||
|
||||
Please note that MD2, MD5 and IDEA are publically available standards
|
||||
that contain sample implementations, I have re-coded them in my own
|
||||
way but there is nothing special about those implementations. The DES
|
||||
library is another mater :-).
|
||||
|
||||
Copyright remains Eric Young's, and as such any Copyright notices in
|
||||
the code are not to be removed.
|
||||
If this package is used in a product, Eric Young should be given attribution
|
||||
as the author of the parts of the library used.
|
||||
This can be in the form of a textual message at program startup or
|
||||
in documentation (online or textual) provided with the package.
|
||||
|
||||
Redistribution and use in source and binary forms, with or without
|
||||
modification, are permitted provided that the following conditions
|
||||
are met:
|
||||
1. Redistributions of source code must retain the copyright
|
||||
notice, this list of conditions and the following disclaimer.
|
||||
2. Redistributions in binary form must reproduce the above copyright
|
||||
notice, this list of conditions and the following disclaimer in the
|
||||
documentation and/or other materials provided with the distribution.
|
||||
3. All advertising materials mentioning features or use of this software
|
||||
must display the following acknowledgement:
|
||||
"This product includes cryptographic software written by
|
||||
Eric Young (eay@cryptsoft.com)"
|
||||
The word 'cryptographic' can be left out if the rouines from the library
|
||||
being used are not cryptographic related :-).
|
||||
4. If you include any Windows specific code (or a derivative thereof) from
|
||||
the apps directory (application code) you must include an acknowledgement:
|
||||
"This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
||||
|
||||
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
|
||||
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
|
||||
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
SUCH DAMAGE.
|
||||
|
||||
The licence and distribution terms for any publically available version or
|
||||
derivative of this code cannot be changed. i.e. this code cannot simply be
|
||||
copied and put under another distribution licence
|
||||
[including the GNU Public Licence.]
|
||||
|
||||
The reason behind this being stated in this direct manner is past
|
||||
experience in code simply being copied and the attribution removed
|
||||
from it and then being distributed as part of other packages. This
|
||||
implementation was a non-trivial and unpaid effort.
|
||||
|
||||
@@ -1,202 +0,0 @@
|
||||
# -*- Mode: perl -*-
|
||||
my %targets=(
|
||||
DEFAULTS => {
|
||||
template => 1,
|
||||
|
||||
cflags => "",
|
||||
cppflags => "",
|
||||
lflags => "",
|
||||
defines => [],
|
||||
includes => [],
|
||||
lib_cflags => "",
|
||||
lib_cppflags => "",
|
||||
lib_defines => [],
|
||||
thread_scheme => "(unknown)", # Assume we don't know
|
||||
thread_defines => [],
|
||||
|
||||
unistd => "<unistd.h>",
|
||||
shared_target => "",
|
||||
shared_cflag => "",
|
||||
shared_defines => [],
|
||||
shared_ldflag => "",
|
||||
shared_rcflag => "",
|
||||
|
||||
#### Defaults for the benefit of the config targets who don't inherit
|
||||
#### a BASE and assume Unix defaults
|
||||
#### THESE WILL DISAPPEAR IN OpenSSL 1.2
|
||||
build_scheme => [ "unified", "unix" ],
|
||||
build_file => "Makefile",
|
||||
|
||||
AR => "(unused)",
|
||||
ARFLAGS => "(unused)",
|
||||
CC => "cc",
|
||||
HASHBANGPERL => "/usr/bin/env perl",
|
||||
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
|
||||
? "ranlib" : "" },
|
||||
RC => "windres",
|
||||
|
||||
#### THESE WILL BE ENABLED IN OpenSSL 1.2
|
||||
#HASHBANGPERL => "PERL", # Only Unix actually cares
|
||||
},
|
||||
|
||||
BASE_common => {
|
||||
template => 1,
|
||||
|
||||
enable => [],
|
||||
disable => [],
|
||||
|
||||
defines =>
|
||||
sub {
|
||||
my @defs = ( 'OPENSSL_BUILDING_OPENSSL' );
|
||||
push @defs, "BROTLI" unless $disabled{brotli};
|
||||
push @defs, "BROTLI_SHARED" unless $disabled{"brotli-dynamic"};
|
||||
push @defs, "ZLIB" unless $disabled{zlib};
|
||||
push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
|
||||
push @defs, "ZSTD" unless $disabled{zstd};
|
||||
push @defs, "ZSTD_SHARED" unless $disabled{"zstd-dynamic"};
|
||||
return [ @defs ];
|
||||
},
|
||||
includes =>
|
||||
sub {
|
||||
my @incs = ();
|
||||
push @incs, $withargs{jitter_include}
|
||||
if !$disabled{jitter} && $withargs{jitter_include};
|
||||
push @incs, $withargs{brotli_include}
|
||||
if !$disabled{brotli} && $withargs{brotli_include};
|
||||
push @incs, $withargs{zlib_include}
|
||||
if !$disabled{zlib} && $withargs{zlib_include};
|
||||
push @incs, $withargs{zstd_include}
|
||||
if !$disabled{zstd} && $withargs{zstd_include};
|
||||
return [ @incs ];
|
||||
},
|
||||
},
|
||||
|
||||
BASE_unix => {
|
||||
inherit_from => [ "BASE_common" ],
|
||||
template => 1,
|
||||
|
||||
AR => "ar",
|
||||
ARFLAGS => "qc",
|
||||
CC => "cc",
|
||||
OBJCOPY => "objcopy",
|
||||
bin_cflags =>
|
||||
sub {
|
||||
my @flags = ();
|
||||
if (!defined($disabled{pie})) {
|
||||
push(@flags, "-fPIE");
|
||||
}
|
||||
return join(" ", @flags);
|
||||
},
|
||||
bin_lflags =>
|
||||
sub {
|
||||
my @flags = ();
|
||||
if (!defined($disabled{pie})) {
|
||||
push(@flags, "-pie");
|
||||
}
|
||||
return join(" ", @flags);
|
||||
},
|
||||
lflags =>
|
||||
sub {
|
||||
my @libs = ();
|
||||
push(@libs, "-L".$withargs{jitter_lib}) if $withargs{jitter_lib};
|
||||
push(@libs, "-L".$withargs{zlib_lib}) if $withargs{zlib_lib};
|
||||
push(@libs, "-L".$withargs{brotli_lib}) if $withargs{brotli_lib};
|
||||
push(@libs, "-L".$withargs{zstd_lib}) if $withargs{zstd_lib};
|
||||
return join(" ", @libs);
|
||||
},
|
||||
ex_libs =>
|
||||
sub {
|
||||
my @libs = ();
|
||||
push(@libs, "-l:libjitterentropy.a") if !defined($disabled{jitter});
|
||||
push(@libs, "-lz") if !defined($disabled{zlib}) && defined($disabled{"zlib-dynamic"});
|
||||
if (!defined($disabled{brotli}) && defined($disabled{"brotli-dynamic"})) {
|
||||
push(@libs, "-lbrotlienc");
|
||||
push(@libs, "-lbrotlidec");
|
||||
push(@libs, "-lbrotlicommon");
|
||||
push(@libs, "-lm");
|
||||
}
|
||||
push(@libs, "-lzstd") if !defined($disabled{zstd}) && defined($disabled{"zstd-dynamic"});
|
||||
return join(" ", @libs);
|
||||
},
|
||||
HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares
|
||||
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
|
||||
? "ranlib" : "" },
|
||||
RC => "windres",
|
||||
|
||||
build_scheme => [ "unified", "unix" ],
|
||||
build_file => "Makefile",
|
||||
|
||||
perl_platform => 'Unix',
|
||||
},
|
||||
|
||||
BASE_Windows => {
|
||||
inherit_from => [ "BASE_common" ],
|
||||
template => 1,
|
||||
|
||||
lib_defines =>
|
||||
sub {
|
||||
my @defs = ();
|
||||
unless ($disabled{"zlib-dynamic"}) {
|
||||
my $zlib = $withargs{zlib_lib} // "ZLIB1";
|
||||
push @defs, 'LIBZ=' . (quotify("perl", $zlib))[0];
|
||||
}
|
||||
return [ @defs ];
|
||||
},
|
||||
ex_libs =>
|
||||
sub {
|
||||
my @libs = ();
|
||||
unless ($disabled{zlib}) {
|
||||
if (defined($disabled{"zlib-dynamic"})) {
|
||||
push(@libs, $withargs{zlib_lib} // "ZLIB1");
|
||||
}
|
||||
}
|
||||
unless ($disabled{zstd}) {
|
||||
if (defined($disabled{"zstd-dynamic"})) {
|
||||
push(@libs, $withargs{zstd_lib} // "libzstd");
|
||||
}
|
||||
}
|
||||
unless ($disabled{brotli}) {
|
||||
if (defined($disabled{"brotli-dynamic"})) {
|
||||
my $path = "";
|
||||
if (defined($withargs{brotli_lib})) {
|
||||
$path = $withargs{brotli_lib} . "\\";
|
||||
}
|
||||
push(@libs, $path . "brotlicommon.lib");
|
||||
push(@libs, $path . "brotlidec.lib");
|
||||
push(@libs, $path . "brotlienc.lib");
|
||||
}
|
||||
}
|
||||
return join(" ", @libs);
|
||||
},
|
||||
|
||||
MT => "mt",
|
||||
MTFLAGS => "-nologo",
|
||||
mtinflag => "-manifest ",
|
||||
mtoutflag => "-outputresource:",
|
||||
|
||||
build_file => "makefile",
|
||||
build_scheme => [ "unified", "windows" ],
|
||||
|
||||
perl_platform => 'Windows',
|
||||
},
|
||||
|
||||
BASE_VMS => {
|
||||
inherit_from => [ "BASE_common" ],
|
||||
template => 1,
|
||||
|
||||
includes =>
|
||||
add(sub {
|
||||
my @incs = ();
|
||||
# GNV$ZLIB_INCLUDE is the standard logical name for later
|
||||
# zlib incarnations.
|
||||
push @incs, 'GNV$ZLIB_INCLUDE:'
|
||||
if !$disabled{zlib} && !$withargs{zlib_include};
|
||||
return [ @incs ];
|
||||
}),
|
||||
|
||||
build_file => "descrip.mms",
|
||||
build_scheme => [ "unified", "VMS" ],
|
||||
|
||||
perl_platform => 'VMS',
|
||||
},
|
||||
);
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,298 +0,0 @@
|
||||
#### Android...
|
||||
#
|
||||
# See NOTES-Android.md for details, and don't miss platform-specific
|
||||
# comments below...
|
||||
|
||||
{
|
||||
use File::Spec::Functions;
|
||||
|
||||
my $android_ndk = {};
|
||||
my %triplet = (
|
||||
arm => "arm-linux-androideabi",
|
||||
arm64 => "aarch64-linux-android",
|
||||
mips => "mipsel-linux-android",
|
||||
mips64 => "mips64el-linux-android",
|
||||
riscv64 => "riscv64-linux-android",
|
||||
x86 => "i686-linux-android",
|
||||
x86_64 => "x86_64-linux-android",
|
||||
);
|
||||
|
||||
sub android_ndk {
|
||||
unless (%$android_ndk) {
|
||||
if ($now_printing =~ m|^android|) {
|
||||
return $android_ndk = { bn_ops => "BN_AUTO" };
|
||||
}
|
||||
|
||||
my $ndk_var;
|
||||
my $ndk;
|
||||
foreach (qw(ANDROID_NDK_ROOT ANDROID_NDK)) {
|
||||
$ndk_var = $_;
|
||||
$ndk = $ENV{$ndk_var};
|
||||
last if defined $ndk;
|
||||
}
|
||||
die "\$ANDROID_NDK_ROOT is not defined" if (!$ndk);
|
||||
my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt";
|
||||
my $ndk_src_props = "$ndk/source.properties";
|
||||
my $is_ndk = -f $ndk_src_props;
|
||||
if ($is_ndk == $is_standalone_toolchain) {
|
||||
die "\$ANDROID_NDK_ROOT=$ndk is invalid";
|
||||
}
|
||||
$ndk = canonpath($ndk);
|
||||
|
||||
my $ndkver = undef;
|
||||
|
||||
if (open my $fh, "<$ndk_src_props") {
|
||||
local $_;
|
||||
while(<$fh>) {
|
||||
if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
|
||||
$ndkver = $1;
|
||||
last;
|
||||
}
|
||||
}
|
||||
close $fh;
|
||||
}
|
||||
|
||||
my ($sysroot, $api, $arch);
|
||||
|
||||
$config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
|
||||
$arch = $1;
|
||||
|
||||
if ($sysroot = $ENV{CROSS_SYSROOT}) {
|
||||
$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
|
||||
($api, $arch) = ($1, $2);
|
||||
} elsif ($is_standalone_toolchain) {
|
||||
$sysroot = "$ndk/sysroot";
|
||||
} else {
|
||||
$api = "*";
|
||||
|
||||
# see if user passed -D__ANDROID_API__=N
|
||||
foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
|
||||
if (m|__ANDROID_API__=([0-9]+)|) {
|
||||
$api = $1;
|
||||
last;
|
||||
}
|
||||
}
|
||||
|
||||
if (-d "$ndk/platforms") {
|
||||
# list available platforms (numerically)
|
||||
my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
|
||||
$b =~ m/-([0-9]+)$/; $aa <=> $1;
|
||||
} glob("$ndk/platforms/android-$api");
|
||||
die "no $ndk/platforms/android-$api" if ($#platforms < 0);
|
||||
|
||||
$sysroot = "@platforms[$#platforms]/arch-$arch";
|
||||
$sysroot =~ m|/android-([0-9]+)/arch-$arch|;
|
||||
$api = $1;
|
||||
} elsif ($api eq "*") {
|
||||
# r22 Removed platforms dir, use this JSON file
|
||||
my $path = "$ndk/meta/platforms.json";
|
||||
open my $fh, $path or die "Could not open '$path' $!";
|
||||
while (<$fh>) {
|
||||
if (/"max": (\d+),/) {
|
||||
$api = $1;
|
||||
last;
|
||||
}
|
||||
}
|
||||
close $fh;
|
||||
}
|
||||
die "Could not get default API Level" if ($api eq "*");
|
||||
}
|
||||
die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot);
|
||||
|
||||
my $triarch = $triplet{$arch};
|
||||
my $cflags;
|
||||
my $cppflags;
|
||||
|
||||
# see if there is NDK clang on $PATH, "universal" or "standalone"
|
||||
if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
|
||||
my $host=$1;
|
||||
# harmonize with gcc default
|
||||
my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
|
||||
(my $tridefault = $triarch) =~ s/^arm-/$arm-/;
|
||||
(my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
|
||||
if (length $sysroot) {
|
||||
$cflags .= " -target $tridefault "
|
||||
. "-gcc-toolchain \$($ndk_var)/toolchains"
|
||||
. "/$tritools-4.9/prebuilt/$host";
|
||||
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
|
||||
} else {
|
||||
$user{CC} = "$tridefault$api-clang";
|
||||
}
|
||||
$user{CROSS_COMPILE} = undef;
|
||||
if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
|
||||
$user{AR} = "llvm-ar";
|
||||
$user{ARFLAGS} = [ "rs" ];
|
||||
$user{RANLIB} = ":";
|
||||
}
|
||||
} elsif ($is_standalone_toolchain) {
|
||||
my $cc = $user{CC} // "clang";
|
||||
# One can probably argue that both clang and gcc should be
|
||||
# probed, but support for "standalone toolchain" was added
|
||||
# *after* announcement that gcc is being phased out, so
|
||||
# favouring clang is considered adequate. Those who insist
|
||||
# have option to enforce test for gcc with CC=gcc.
|
||||
if (which("$triarch-$cc") !~ m|^$ndk|) {
|
||||
die "no NDK $triarch-$cc on \$PATH";
|
||||
}
|
||||
$user{CC} = $cc;
|
||||
$user{CROSS_COMPILE} = "$triarch-";
|
||||
} elsif ($user{CC} eq "clang") {
|
||||
die "no NDK clang on \$PATH";
|
||||
} else {
|
||||
if (which("$triarch-gcc") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
|
||||
die "no NDK $triarch-gcc on \$PATH";
|
||||
}
|
||||
$cflags .= " -mandroid";
|
||||
$user{CROSS_COMPILE} = "$triarch-";
|
||||
}
|
||||
|
||||
if (length $sysroot) {
|
||||
if (!-d "$sysroot/usr/include") {
|
||||
my $incroot = "$ndk/sysroot/usr/include";
|
||||
die "no $incroot" if (!-d $incroot);
|
||||
die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
|
||||
$incroot =~ s|^$ndk/||;
|
||||
$cppflags = "-D__ANDROID_API__=$api";
|
||||
$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
|
||||
$cppflags .= " -isystem \$($ndk_var)/$incroot";
|
||||
}
|
||||
$sysroot =~ s|^$ndk/||;
|
||||
$sysroot = " --sysroot=\$($ndk_var)/$sysroot";
|
||||
}
|
||||
$android_ndk = {
|
||||
cflags => $cflags . $sysroot,
|
||||
cppflags => $cppflags,
|
||||
bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
|
||||
: "BN_LLONG",
|
||||
};
|
||||
}
|
||||
|
||||
return $android_ndk;
|
||||
}
|
||||
}
|
||||
|
||||
my %targets = (
|
||||
"android" => {
|
||||
inherit_from => [ "linux-generic32" ],
|
||||
template => 1,
|
||||
################################################################
|
||||
# Special note about -pie. The underlying reason is that
|
||||
# Lollipop refuses to run non-PIE. But what about older systems
|
||||
# and NDKs? -fPIC was never problem, so the only concern is -pie.
|
||||
# Older toolchains, e.g. r4, appear to handle it and binaries
|
||||
# turn out mostly functional. "Mostly" means that oldest
|
||||
# Androids, such as Froyo, fail to handle executable, but newer
|
||||
# systems are perfectly capable of executing binaries targeting
|
||||
# Froyo. Keep in mind that in the nutshell Android builds are
|
||||
# about JNI, i.e. shared libraries, not applications.
|
||||
cflags => add(sub { android_ndk()->{cflags} }),
|
||||
cppflags => add(sub { android_ndk()->{cppflags} }),
|
||||
cxxflags => add(sub { android_ndk()->{cflags} }),
|
||||
bn_ops => sub { android_ndk()->{bn_ops} },
|
||||
bin_cflags => "-fPIE",
|
||||
bin_lflags => "-pie",
|
||||
enable => [ ],
|
||||
shared_extension => ".so",
|
||||
},
|
||||
"android-arm" => {
|
||||
################################################################
|
||||
# Contemporary Android applications can provide multiple JNI
|
||||
# providers in .apk, targeting multiple architectures. Among
|
||||
# them there is "place" for two ARM flavours: generic eabi and
|
||||
# armv7-a/hard-float. However, it should be noted that OpenSSL's
|
||||
# ability to engage NEON is not constrained by ABI choice, nor
|
||||
# is your ability to call OpenSSL from your application code
|
||||
# compiled with floating-point ABI other than default 'soft'.
|
||||
# (Latter thanks to __attribute__((pcs("aapcs"))) declaration.)
|
||||
# This means that choice of ARM libraries you provide in .apk
|
||||
# is driven by application needs. For example if application
|
||||
# itself benefits from NEON or is floating-point intensive, then
|
||||
# it might be appropriate to provide both libraries. Otherwise
|
||||
# just generic eabi would do. But in latter case it would be
|
||||
# appropriate to
|
||||
#
|
||||
# ./Configure android-arm -D__ARM_MAX_ARCH__=8
|
||||
#
|
||||
# in order to build "universal" binary and allow OpenSSL take
|
||||
# advantage of NEON when it's available.
|
||||
#
|
||||
# Keep in mind that (just like with linux-armv4) we rely on
|
||||
# compiler defaults, which is not necessarily what you had
|
||||
# in mind, in which case you would have to pass additional
|
||||
# -march and/or -mfloat-abi flags. NDK defaults to armv5te.
|
||||
# Newer NDK versions reportedly require additional -latomic.
|
||||
#
|
||||
inherit_from => [ "android" ],
|
||||
bn_ops => add("RC4_CHAR"),
|
||||
asm_arch => 'armv4',
|
||||
perlasm_scheme => "void",
|
||||
},
|
||||
"android-arm64" => {
|
||||
inherit_from => [ "android" ],
|
||||
bn_ops => add("RC4_CHAR"),
|
||||
asm_arch => 'aarch64',
|
||||
perlasm_scheme => "linux64",
|
||||
},
|
||||
|
||||
"android-mips" => {
|
||||
inherit_from => [ "android" ],
|
||||
bn_ops => add("RC4_CHAR"),
|
||||
asm_arch => 'mips32',
|
||||
perlasm_scheme => "o32",
|
||||
},
|
||||
"android-mips64" => {
|
||||
################################################################
|
||||
# You are more than likely have to specify target processor
|
||||
# on ./Configure command line. Trouble is that toolchain's
|
||||
# default is MIPS64r6 (at least in r10d), but there are no
|
||||
# such processors around (or they are too rare to spot one).
|
||||
# Actual problem is that MIPS64r6 is binary incompatible
|
||||
# with previous MIPS ISA versions, in sense that unlike
|
||||
# prior versions original MIPS binary code will fail.
|
||||
#
|
||||
inherit_from => [ "android" ],
|
||||
bn_ops => add("RC4_CHAR"),
|
||||
asm_arch => 'mips64',
|
||||
perlasm_scheme => "64",
|
||||
},
|
||||
|
||||
"android-x86" => {
|
||||
inherit_from => [ "android" ],
|
||||
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
|
||||
bn_ops => add("RC4_INT"),
|
||||
asm_arch => 'x86',
|
||||
perlasm_scheme => "android",
|
||||
ex_libs => add(threads("-latomic")),
|
||||
},
|
||||
"android-x86_64" => {
|
||||
inherit_from => [ "android" ],
|
||||
bn_ops => add("RC4_INT"),
|
||||
asm_arch => 'x86_64',
|
||||
perlasm_scheme => "elf",
|
||||
},
|
||||
|
||||
"android-riscv64" => {
|
||||
inherit_from => [ "android" ],
|
||||
asm_arch => 'riscv64',
|
||||
perlasm_scheme => "linux64",
|
||||
},
|
||||
|
||||
####################################################################
|
||||
# Backward compatible targets, (might) require $CROSS_SYSROOT
|
||||
#
|
||||
"android-armeabi" => {
|
||||
inherit_from => [ "android-arm" ],
|
||||
},
|
||||
"android64" => {
|
||||
inherit_from => [ "android" ],
|
||||
},
|
||||
"android64-aarch64" => {
|
||||
inherit_from => [ "android-arm64" ],
|
||||
},
|
||||
"android64-x86_64" => {
|
||||
inherit_from => [ "android-x86_64" ],
|
||||
},
|
||||
"android64-mips64" => {
|
||||
inherit_from => [ "android-mips64" ],
|
||||
},
|
||||
);
|
||||
@@ -1,89 +0,0 @@
|
||||
#### iPhoneOS/iOS
|
||||
#
|
||||
# `xcrun` targets require an Xcode that can determine the correct C compiler via
|
||||
# `xcrun -sdk iphoneos`. This has been standard in Xcode for a while now - any recent
|
||||
# Xcode should do. If the Xcode on the build machine doesn't support this then use
|
||||
# the legacy targets at the end of this file. These require manual definition of
|
||||
# environment variables.
|
||||
#
|
||||
my %targets = (
|
||||
"ios-common" => {
|
||||
template => 1,
|
||||
inherit_from => [ "darwin-common" ],
|
||||
sys_id => "iOS",
|
||||
disable => [ "async" ],
|
||||
},
|
||||
"ios-xcrun" => {
|
||||
inherit_from => [ "ios-common" ],
|
||||
# It should be possible to go below iOS 6 and even add -arch armv6,
|
||||
# thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
|
||||
# at this point.
|
||||
CC => "xcrun -sdk iphoneos cc",
|
||||
cflags => add("-arch armv7 -fno-common"),
|
||||
asm_arch => 'armv4',
|
||||
perlasm_scheme => "ios32",
|
||||
},
|
||||
"ios64-xcrun" => {
|
||||
inherit_from => [ "ios-common" ],
|
||||
CC => "xcrun -sdk iphoneos cc",
|
||||
cflags => add("-arch arm64 -fno-common"),
|
||||
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
|
||||
asm_arch => 'aarch64',
|
||||
perlasm_scheme => "ios64",
|
||||
},
|
||||
"iossimulator-xcrun" => {
|
||||
inherit_from => [ "ios-common" ],
|
||||
CC => "xcrun -sdk iphonesimulator cc",
|
||||
},
|
||||
"iossimulator-arm64-xcrun" => {
|
||||
inherit_from => [ "ios-common" ],
|
||||
CC => "xcrun -sdk iphonesimulator cc",
|
||||
cflags => add("-arch arm64 -fno-common"),
|
||||
bn_ops => "SIXTY_FOUR_BIT_LONG",
|
||||
asm_arch => 'aarch64',
|
||||
perlasm_scheme => "ios64",
|
||||
},
|
||||
"iossimulator-i386-xcrun" => {
|
||||
inherit_from => [ "ios-common" ],
|
||||
CC => "xcrun -sdk iphonesimulator cc",
|
||||
cflags => add("-arch i386 -fno-common"),
|
||||
bn_ops => "BN_LLONG",
|
||||
asm_arch => 'x86',
|
||||
perlasm_scheme => "macosx",
|
||||
},
|
||||
"iossimulator-x86_64-xcrun" => {
|
||||
inherit_from => [ "ios-common" ],
|
||||
CC => "xcrun -sdk iphonesimulator cc",
|
||||
cflags => add("-arch x86_64 -fno-common"),
|
||||
bn_ops => "SIXTY_FOUR_BIT_LONG",
|
||||
asm_arch => 'x86_64',
|
||||
perlasm_scheme => "macosx",
|
||||
},
|
||||
# It takes three prior-set environment variables to make it work:
|
||||
#
|
||||
# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
|
||||
# CROSS_TOP=/where/SDKs/are
|
||||
# CROSS_SDK=iPhoneOSx.y.sdk
|
||||
#
|
||||
# Exact paths vary with Xcode releases, but for couple of last ones
|
||||
# they would look like this:
|
||||
#
|
||||
# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
|
||||
# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
|
||||
# CROSS_SDK=iPhoneOS.sdk
|
||||
#
|
||||
"iphoneos-cross" => {
|
||||
inherit_from => [ "ios-common" ],
|
||||
cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\" -fno-common"),
|
||||
},
|
||||
"ios-cross" => {
|
||||
inherit_from => [ "ios-xcrun" ],
|
||||
CC => "cc",
|
||||
cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""),
|
||||
},
|
||||
"ios64-cross" => {
|
||||
inherit_from => [ "ios64-xcrun" ],
|
||||
CC => "cc",
|
||||
cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""),
|
||||
},
|
||||
);
|
||||
@@ -1,121 +0,0 @@
|
||||
my %targets = (
|
||||
"BC-32" => {
|
||||
inherit_from => [ "BASE_Windows" ],
|
||||
sys_id => "WIN32",
|
||||
bn_ops => "BN_LLONG",
|
||||
thread_scheme => "winthreads",
|
||||
cc => "bcc32c",
|
||||
CPP => "cpp32 -oCON -Sc -Sr",
|
||||
defines => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN32",
|
||||
"L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp",
|
||||
"_strnicmp=strnicmp", "_malloca=malloc",
|
||||
"_freea=free", "_setmode=setmode"),
|
||||
cflags => picker(default => add("-q -c",
|
||||
threads("-tM"),
|
||||
shared("-tR")),
|
||||
debug => "-Od -v -vi- -D_DEBUG",
|
||||
release => "-O2"),
|
||||
bin_cflags => "-tWC",
|
||||
lib_cflags => shared("-tWD -D_WINDLL -D_DLL"),
|
||||
coutflag => "-o",
|
||||
|
||||
# -Sx isn't documented, but 'cpp32 -H -S' explains it:
|
||||
#
|
||||
# -Sx Omit preprocessed text in output
|
||||
makedepcmd => "cpp32 -oCON -Sx -Hp",
|
||||
makedep_scheme => "embarcadero",
|
||||
|
||||
LD => "ilink32",
|
||||
LDFLAGS => picker(default => "-x -Gn -q -w-dup",
|
||||
debug => '-j"$(BDS)\lib\win32c\debug" ' .
|
||||
'-L"$(BDS)\lib\win32c\debug" -v',
|
||||
release => '-j"$(BDS)\lib\win32c\release" ' .
|
||||
'-L"$(BDS)\lib\win32c\release"'),
|
||||
bin_lflags => "-ap -Tpe c0x32.obj wildargs.obj",
|
||||
ldoutflag => ",",
|
||||
ldpostoutflag => ",,",
|
||||
ld_resp_delim => " +\n",
|
||||
ex_libs => add(sub {
|
||||
my @ex_libs = ("import32.lib",
|
||||
($disabled{shared}
|
||||
? ($disabled{threads} ? "cw32.lib" : "cw32mt.lib")
|
||||
: ($disabled{threads} ? "cw32i.lib" : "cw32mti.lib")));
|
||||
push @ex_libs, "ws2_32.lib" unless $disabled{sock};
|
||||
return join(" ", @ex_libs);
|
||||
}),
|
||||
AR => "tlib",
|
||||
ARFLAGS => "/P256 /N /u",
|
||||
ar_resp_delim => " &\n",
|
||||
RC => "brcc32",
|
||||
RCFLAGS => '-i"$(BDS)\include\windows\sdk"',
|
||||
rcoutflag => "-fo",
|
||||
shared_target => "win-shared",
|
||||
shared_ldflag => "-aa -Tpd c0d32.obj",
|
||||
lddefflag => ",",
|
||||
ldresflag => ",",
|
||||
ld_implib_rule => 'implib -a $< $**',
|
||||
dso_scheme => "win32",
|
||||
shared_defflag => '',
|
||||
perl_platform => 'Windows::cppbuilder',
|
||||
uplink_arch => 'common',
|
||||
},
|
||||
"BC-64" => {
|
||||
inherit_from => [ "BASE_Windows" ],
|
||||
sys_id => "WIN64",
|
||||
bn_ops => "BN_LLONG",
|
||||
thread_scheme => "winthreads",
|
||||
cc => "bcc64",
|
||||
CPP => "cpp64 -oCON -Sc -Sr",
|
||||
defines => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN64",
|
||||
"L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp",
|
||||
"_strnicmp=strnicmp", "_setmode=setmode"),
|
||||
cflags => picker(default => add("-q -c",
|
||||
threads("-tM"),
|
||||
shared("-tR")),
|
||||
debug => "-Od -v -vi- -D_DEBUG",
|
||||
release => "-O2"),
|
||||
bin_cflags => "-tWC",
|
||||
lib_cflags => shared("-tWD -D_WINDLL -D_DLL"),
|
||||
coutflag => "-o",
|
||||
|
||||
# -Sx isn't documented, but 'cpp64 -H -S' explains it:
|
||||
#
|
||||
# -Sx Omit preprocessed text in output
|
||||
makedepcmd => "cpp64 -oCON -Sx -Hp",
|
||||
makedep_scheme => "embarcadero",
|
||||
|
||||
LD => "ilink64",
|
||||
LDFLAGS => picker(default => "-x -Gn -q -w-dup",
|
||||
debug => '-j"$(BDS)\lib\win64\debug" ' .
|
||||
'-L"$(BDS)\lib\win64\debug" -v',
|
||||
release => '-j"$(BDS)\lib\win64\release" ' .
|
||||
'-L"$(BDS)\lib\win64\release"'),
|
||||
bin_lflags => "-ap -Tpe c0x64.o wildargs.o",
|
||||
ldoutflag => ",",
|
||||
ldpostoutflag => ",,",
|
||||
ld_resp_delim => " +\n",
|
||||
ex_libs => add(sub {
|
||||
my @ex_libs = ("import64.a",
|
||||
($disabled{shared}
|
||||
? ($disabled{threads} ? "cw64.a" : "cw64mt.a")
|
||||
: ($disabled{threads} ? "cw64i.a" : "cw64mti.a")));
|
||||
push @ex_libs, "ws2_32.a" unless $disabled{sock};
|
||||
return join(" ", @ex_libs);
|
||||
}),
|
||||
AR => "tlib",
|
||||
ARFLAGS => "/P256 /N /u",
|
||||
ar_resp_delim => " &\n",
|
||||
RC => "brcc32",
|
||||
RCFLAGS => '-i"$(BDS)\include\windows\sdk"',
|
||||
rcoutflag => "-fo",
|
||||
shared_target => "win-shared",
|
||||
shared_ldflag => "-aa -Tpd c0d64.o",
|
||||
lddefflag => ",",
|
||||
ldresflag => ",",
|
||||
ld_implib_rule => 'implib -a $< $**',
|
||||
dso_scheme => "win64",
|
||||
shared_defflag => '',
|
||||
perl_platform => 'Windows::cppbuilder',
|
||||
uplink_arch => 'common',
|
||||
}
|
||||
);
|
||||
@@ -1,18 +0,0 @@
|
||||
# We can't make any commitment to support the DJGPP platform,
|
||||
# and rely entirely on the OpenSSL community to help is fine
|
||||
# tune and test.
|
||||
|
||||
my %targets = (
|
||||
"DJGPP" => {
|
||||
inherit_from => [ "BASE_unix" ],
|
||||
CC => "gcc",
|
||||
CFLAGS => "-fomit-frame-pointer -O2 -Wall",
|
||||
cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN",
|
||||
sys_id => "MSDOS",
|
||||
lflags => add("-L/dev/env/WATT_ROOT/lib"),
|
||||
ex_libs => add("-lwatt"),
|
||||
bn_ops => "BN_LLONG",
|
||||
asm_arch => 'x86',
|
||||
perlasm_scheme => "a.out",
|
||||
},
|
||||
);
|
||||
@@ -1,35 +0,0 @@
|
||||
my %targets = (
|
||||
"haiku-common" => {
|
||||
template => 1,
|
||||
CC => "cc",
|
||||
CFLAGS => add_before(picker(default => "-Wall",
|
||||
debug => "-g -O0",
|
||||
release => "-O2")),
|
||||
cflags => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h",
|
||||
threads("-D_REENTRANT")),
|
||||
AR => "ar",
|
||||
ARFLAGS => "qc",
|
||||
HASHBANGPERL => "/bin/env perl",
|
||||
sys_id => "HAIKU",
|
||||
ex_libs => "-lnetwork",
|
||||
perlasm_scheme => "elf",
|
||||
thread_scheme => "pthreads",
|
||||
dso_scheme => "dlfcn",
|
||||
shared_target => "gnu-shared",
|
||||
shared_cflag => "-fPIC",
|
||||
shared_ldflag => "-shared",
|
||||
perl_platform => 'Unix',
|
||||
},
|
||||
"haiku-x86" => {
|
||||
inherit_from => [ "haiku-common" ],
|
||||
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
|
||||
bn_ops => "BN_LLONG",
|
||||
asm_arch => 'x86',
|
||||
perlasm_scheme => 'elf',
|
||||
},
|
||||
"haiku-x86_64" => {
|
||||
inherit_from => [ "haiku-common" ],
|
||||
cflags => add("-m64"),
|
||||
bn_ops => "SIXTY_FOUR_BIT_LONG",
|
||||
},
|
||||
);
|
||||
@@ -1,22 +0,0 @@
|
||||
# We can't make commitment to supporting Microsoft assembler,
|
||||
# because it would mean supporting all masm versions. This in
|
||||
# in turn is because masm is not really an interchangeable option,
|
||||
# while users tend to have reasons to stick with specific Visual
|
||||
# Studio versions. It's usually lesser hassle to make it work
|
||||
# with latest assembler, but tweaking for older versions had
|
||||
# proven to be daunting task. This is experimental target, for
|
||||
# production builds stick with [up-to-date version of] nasm.
|
||||
|
||||
my %targets = (
|
||||
"VC-WIN64A-masm" => {
|
||||
inherit_from => [ "VC-WIN64-common" ],
|
||||
AS => "ml64",
|
||||
ASFLAGS => "/nologo /Zi",
|
||||
asoutflag => "/Fo",
|
||||
asflags => "/c /Cp /Cx",
|
||||
sys_id => "WIN64A",
|
||||
uplink_arch => 'x86_64',
|
||||
asm_arch => 'x86_64',
|
||||
perlasm_scheme => "masm",
|
||||
},
|
||||
);
|
||||
@@ -1,283 +0,0 @@
|
||||
#### Nonstop configurations
|
||||
# Common for all
|
||||
'nonstop-common' => {
|
||||
inherit_from => [ 'BASE_unix' ],
|
||||
template => 1,
|
||||
cc => 'c99',
|
||||
cflags => add_before(picker(debug => '-g -O0',
|
||||
release => '-g -O2'),
|
||||
'-Wextensions',
|
||||
'-Wnowarn=203,220,272,734,770,1506',
|
||||
'-Wbuild_neutral_library',
|
||||
'-Wverbose'),
|
||||
defines => add('OPENSSL_VPROC=$(OPENSSL_VPROC)',
|
||||
'_XOPEN_SOURCE',
|
||||
'_XOPEN_SOURCE_EXTENDED=1',
|
||||
'_TANDEM_SOURCE',
|
||||
'__NSK_OPTIONAL_TYPES__',
|
||||
'B_ENDIAN'),
|
||||
perl => '/usr/bin/perl',
|
||||
shared_target => 'nonstop-shared',
|
||||
shared_extension => ".so",
|
||||
ex_libs => add('-lrld'),
|
||||
enable => ['egd'],
|
||||
# Not currently inherited
|
||||
disable => ['atexit'],
|
||||
dso_scheme => 'DLFCN',
|
||||
sys_id => 'TANDEM',
|
||||
},
|
||||
|
||||
######################################################################
|
||||
# Additional variant settings, to be combined with nonstop-common
|
||||
# Note that these do not inherit anything. However, the diverse values
|
||||
# are merged with other entries in an 'inherit_from'.
|
||||
#
|
||||
# These combine:
|
||||
# - System architecture (MIPS, Itanium, or x86)
|
||||
# - Execution environment (oss [default] or guardian)
|
||||
#
|
||||
# Unfortunately, they can't be separated into independent templates, because
|
||||
# a number of the above are encoded as different linkers, and by consequence,
|
||||
# different c99 linker flags (-Wld, -Weld, and -Wxld)
|
||||
#
|
||||
# In addition, the are modifiers for:
|
||||
# - Size of long + pointer (ilp32 [default] and lp64)
|
||||
# - Float type (neutral and tandem)
|
||||
#
|
||||
# Unfortunately, because the float types affect the linker settings, those
|
||||
# are divided per system architecture
|
||||
#
|
||||
# MIPS + guardian (unused but present for convenience):
|
||||
'nonstop-archenv-mips-guardian' => {
|
||||
template => 1,
|
||||
defines => ['NO_GETPID'],
|
||||
cflags => '-Wtarget=tns/r -Wsystype=guardian',
|
||||
lflags => '-Wld="-set systype guardian"',
|
||||
shared_ldflag => '-Wshared -Wld="-soname $(@:lib%.so=%)"',
|
||||
shared_defflag => '-Wld_obey=',
|
||||
shared_argfileflag => '-Wld_obey=',
|
||||
},
|
||||
|
||||
# Itanium + guardian:
|
||||
'nonstop-archenv-itanium-guardian' => {
|
||||
template => 1,
|
||||
defines => ['NO_GETPID'],
|
||||
cflags => '-Wtarget=tns/e -Wsystype=guardian',
|
||||
lflags => '-Weld="-set systype guardian"',
|
||||
shared_ldflag => '-Wshared -Weld="-soname $(@:lib%.so=%)"',
|
||||
shared_defflag => '-Weld_obey=',
|
||||
shared_argfileflag => '-Weld_obey=',
|
||||
},
|
||||
|
||||
# x86 + guardian:
|
||||
'nonstop-archenv-x86_64-guardian' => {
|
||||
template => 1,
|
||||
defines => ['NO_GETPID'],
|
||||
cflags => '-Wtarget=tns/x -Wsystype=guardian',
|
||||
lflags => '-Wxld="-set systype guardian"',
|
||||
shared_ldflag => '-Wshared -Wxld="-soname $(@:lib%.so=%)"',
|
||||
shared_defflag => '-Wxld_obey=',
|
||||
shared_argfileflag => '-Wxld_obey=',
|
||||
},
|
||||
|
||||
# MIPS + oss (unused but present for convenience):
|
||||
'nonstop-archenv-mips-oss' => {
|
||||
template => 1,
|
||||
cflags => '-Wtarget=tns/r -Wsystype=oss',
|
||||
lflags => '-Wld="-set systype oss"',
|
||||
shared_ldflag => '-Wshared',
|
||||
shared_defflag => '-Wld_obey=',
|
||||
shared_argfileflag => '-Wld_obey=',
|
||||
},
|
||||
# Itanium + oss:
|
||||
'nonstop-archenv-itanium-oss' => {
|
||||
template => 1,
|
||||
cflags => '-Wtarget=tns/e -Wsystype=oss',
|
||||
lflags => '-Weld="-set systype oss"',
|
||||
shared_ldflag => '-Wshared',
|
||||
shared_defflag => '-Weld_obey=',
|
||||
shared_argfileflag => '-Weld_obey=',
|
||||
},
|
||||
# x86_64 + oss:
|
||||
'nonstop-archenv-x86_64-oss' => {
|
||||
template => 1,
|
||||
cflags => '-Wtarget=tns/x -Wsystype=oss',
|
||||
lflags => '-Wxld="-set systype oss"',
|
||||
shared_ldflag => '-Wshared',
|
||||
shared_defflag => '-Wxld_obey=',
|
||||
shared_argfileflag => '-Wxld_obey=',
|
||||
},
|
||||
|
||||
# Size variants
|
||||
'nonstop-ilp32' => {
|
||||
template => 1,
|
||||
cflags => '-Wilp32',
|
||||
bn_ops => 'THIRTY_TWO_BIT',
|
||||
},
|
||||
'nonstop-lp64-itanium' => {
|
||||
template => 1,
|
||||
cflags => '-Wlp64',
|
||||
bn_ops => 'SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR',
|
||||
},
|
||||
'nonstop-lp64-x86_64' => {
|
||||
template => 1,
|
||||
cflags => '-Wlp64',
|
||||
lflags => '-Wxld="-set data_model lp64"',
|
||||
bn_ops => 'SIXTY_FOUR_BIT',
|
||||
},
|
||||
|
||||
# Float variants
|
||||
'nonstop-nfloat-mips' => {
|
||||
template => 1,
|
||||
lflags => '-Wld="-set floattype neutral_float"',
|
||||
},
|
||||
'nonstop-tfloat-mips' => {
|
||||
template => 1,
|
||||
lflags => '-Wld="-set floattype tandem_float"',
|
||||
},
|
||||
'nonstop-efloat-itanium' => {
|
||||
template => 1,
|
||||
cflags => '-WIEEE_float',
|
||||
lflags => '-Weld="-set floattype ieee_float"',
|
||||
},
|
||||
'nonstop-nfloat-itanium' => {
|
||||
template => 1,
|
||||
lflags => '-Weld="-set floattype neutral_float"',
|
||||
},
|
||||
'nonstop-tfloat-itanium' => {
|
||||
template => 1,
|
||||
cflags => '-WTandem_float',
|
||||
lflags => '-Weld="-set floattype tandem_float"',
|
||||
},
|
||||
'nonstop-efloat-x86_64' => {
|
||||
template => 1,
|
||||
cflags => '-WIEEE_float',
|
||||
lflags => '-Wxld="-set floattype ieee_float"',
|
||||
},
|
||||
'nonstop-nfloat-x86_64' => {
|
||||
template => 1,
|
||||
lflags => '-Wxld="-set floattype neutral_float"',
|
||||
},
|
||||
'nonstop-tfloat-x86_64' => {
|
||||
template => 1,
|
||||
cflags => '-WTandem_float',
|
||||
lflags => '-Wxld="-set floattype tandem_float"',
|
||||
},
|
||||
|
||||
######################################################################
|
||||
# Build models
|
||||
'nonstop-model-put' => {
|
||||
template => 1,
|
||||
defines => ['_PUT_MODEL_',
|
||||
'_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
|
||||
ex_libs => '-lput',
|
||||
},
|
||||
|
||||
######################################################################
|
||||
# Build models
|
||||
'nonstop-model-klt' => {
|
||||
template => 1,
|
||||
defines => ['_KLT_MODEL_',
|
||||
'_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
|
||||
ex_libs => '-lklt',
|
||||
},
|
||||
|
||||
######################################################################
|
||||
# Now for the entries themselves, let's combine things!
|
||||
'nonstop-nsx' => {
|
||||
inherit_from => [ 'nonstop-common',
|
||||
'nonstop-archenv-x86_64-oss',
|
||||
'nonstop-ilp32',
|
||||
'nonstop-efloat-x86_64' ],
|
||||
disable => ['threads','atexit'],
|
||||
},
|
||||
'nonstop-nsx_put' => {
|
||||
inherit_from => [ 'nonstop-common',
|
||||
'nonstop-archenv-x86_64-oss',
|
||||
'nonstop-ilp32',
|
||||
'nonstop-efloat-x86_64',
|
||||
'nonstop-model-put' ],
|
||||
multilib => '-put',
|
||||
multibin => '-put',
|
||||
disable => ['atexit'],
|
||||
},
|
||||
'nonstop-nsx_64' => {
|
||||
inherit_from => [ 'nonstop-common',
|
||||
'nonstop-archenv-x86_64-oss',
|
||||
'nonstop-lp64-x86_64',
|
||||
'nonstop-efloat-x86_64' ],
|
||||
multilib => '64',
|
||||
multibin => '64',
|
||||
disable => ['threads','atexit'],
|
||||
},
|
||||
'nonstop-nsx_64_put' => {
|
||||
inherit_from => [ 'nonstop-common',
|
||||
'nonstop-archenv-x86_64-oss',
|
||||
'nonstop-lp64-x86_64',
|
||||
'nonstop-efloat-x86_64',
|
||||
'nonstop-model-put' ],
|
||||
multilib => '64-put',
|
||||
multibin => '64-put',
|
||||
disable => ['atexit'],
|
||||
},
|
||||
'nonstop-nsx_64_klt' => {
|
||||
inherit_from => [ 'nonstop-common',
|
||||
'nonstop-archenv-x86_64-oss',
|
||||
'nonstop-lp64-x86_64',
|
||||
'nonstop-efloat-x86_64',
|
||||
'nonstop-model-klt' ],
|
||||
multilib => '64-klt',
|
||||
multibin => '64-klt',
|
||||
disable => ['atexit'],
|
||||
},
|
||||
'nonstop-nsx_g' => {
|
||||
inherit_from => [ 'nonstop-common',
|
||||
'nonstop-archenv-x86_64-guardian',
|
||||
'nonstop-ilp32', 'nonstop-nfloat-x86_64' ],
|
||||
disable => ['threads','atexit'],
|
||||
},
|
||||
'nonstop-nsx_g_tandem' => {
|
||||
inherit_from => [ 'nonstop-common',
|
||||
'nonstop-archenv-x86_64-guardian',
|
||||
'nonstop-ilp32', 'nonstop-tfloat-x86_64' ],
|
||||
disable => ['threads','atexit'],
|
||||
},
|
||||
'nonstop-nsv' => {
|
||||
inherit_from => [ 'nonstop-nsx' ],
|
||||
},
|
||||
'nonstop-nse' => {
|
||||
inherit_from => [ 'nonstop-common',
|
||||
'nonstop-archenv-itanium-oss',
|
||||
'nonstop-ilp32',
|
||||
'nonstop-efloat-itanium' ],
|
||||
disable => ['threads','atexit'],
|
||||
},
|
||||
'nonstop-nse_put' => {
|
||||
inherit_from => [ 'nonstop-common',
|
||||
'nonstop-archenv-itanium-oss',
|
||||
'nonstop-ilp32',
|
||||
'nonstop-efloat-itanium',
|
||||
'nonstop-model-put' ],
|
||||
multilib => '-put',
|
||||
multibin => '-put',
|
||||
disable => ['atexit'],
|
||||
},
|
||||
'nonstop-nse_64' => {
|
||||
inherit_from => [ 'nonstop-common',
|
||||
'nonstop-archenv-itanium-oss',
|
||||
'nonstop-lp64-itanium',
|
||||
'nonstop-efloat-itanium' ],
|
||||
multilib => '64',
|
||||
multibin => '64',
|
||||
disable => ['threads','atexit'],
|
||||
},
|
||||
'nonstop-nse_64_put' => {
|
||||
inherit_from => [ 'nonstop-common',
|
||||
'nonstop-archenv-itanium-oss',
|
||||
'nonstop-lp64-itanium',
|
||||
'nonstop-efloat-itanium',
|
||||
'nonstop-model-put' ],
|
||||
multilib => '64-put',
|
||||
multibin => '64-put',
|
||||
disable => ['atexit'],
|
||||
},
|
||||
@@ -1,11 +0,0 @@
|
||||
## -*- mode: perl; -*-
|
||||
(
|
||||
# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
|
||||
"OS390-Unix" => {
|
||||
inherit_from => [ "BASE_unix" ],
|
||||
cc => "cc",
|
||||
cflags => "-O -DB_ENDIAN -DCHARSET_EBCDIC",
|
||||
bn_ops => "THIRTY_TWO_BIT RC4_CHAR",
|
||||
thread_scheme => "(unknown)",
|
||||
}
|
||||
);
|
||||
@@ -1,14 +0,0 @@
|
||||
## -*- mode: perl; -*-
|
||||
|
||||
# OpenVMS cross compilation of x86_64 binaries on Itanium. This doesn't
|
||||
# fit the usual cross compilation parameters that are used on Unixly machines
|
||||
|
||||
(
|
||||
'vms-x86_64-cross-ia64' => {
|
||||
inherit_from => [ 'vms-generic' ],
|
||||
CC => 'XCC',
|
||||
bn_ops => 'SIXTY_FOUR_BIT',
|
||||
pointer_size => '',
|
||||
setup_commands => [ '@SYS$MANAGER:X86_XTOOLS$SYLOGIN.COM' ],
|
||||
}
|
||||
);
|
||||
@@ -1,36 +0,0 @@
|
||||
## -*- mode: perl; -*-
|
||||
# Windows on Arm clang-cl targets.
|
||||
#
|
||||
|
||||
my %targets = (
|
||||
"VC-WIN64-CLANGASM-ARM" => {
|
||||
inherit_from => [ "VC-noCE-common" ],
|
||||
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
|
||||
"OPENSSL_SYS_WIN_CORE"),
|
||||
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
|
||||
multilib => "-arm64",
|
||||
asm_arch => "aarch64",
|
||||
AS => "clang-cl.exe",
|
||||
ASFLAGS => "/nologo /Zi --target=arm64-pc-windows-msvc",
|
||||
asflags => "/c",
|
||||
asoutflag => "/Fo",
|
||||
perlasm_scheme => "win64",
|
||||
uplink_arch => 'armv8',
|
||||
},
|
||||
"VC-CLANG-WIN64-CLANGASM-ARM" => {
|
||||
CC => "clang-cl",
|
||||
inherit_from => [ "VC-noCE-common" ],
|
||||
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
|
||||
"OPENSSL_SYS_WIN_CORE"),
|
||||
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
|
||||
multilib => "-arm64",
|
||||
asm_arch => "aarch64",
|
||||
CFLAGS => add("--target=arm64-pc-windows-msvc"),
|
||||
AS => "clang-cl.exe",
|
||||
ASFLAGS => "/nologo /Zi --target=arm64-pc-windows-msvc",
|
||||
asflags => "/c",
|
||||
asoutflag => "/Fo",
|
||||
perlasm_scheme => "win64",
|
||||
uplink_arch => 'armv8',
|
||||
},
|
||||
);
|
||||
@@ -1,37 +0,0 @@
|
||||
## -*- mode: perl; -*-
|
||||
# Windows HybridCRT targets.
|
||||
#
|
||||
# https://github.com/microsoft/WindowsAppSDK/blob/77761e244289fda6b3d5f14c7bded189fed4fb89/docs/Coding-Guidelines/HybridCRT.md
|
||||
# Link statically against the runtime and STL, but link dynamically against the CRT by ignoring the static CRT
|
||||
# lib and instead linking against the Universal CRT DLL import library. This "Hybrid" linking mechanism is
|
||||
# supported according to the CRT maintainer. Dynamic linking against the CRT makes the binaries a bit smaller
|
||||
# than they would otherwise be if the CRT, runtime, and STL were all statically linked in.
|
||||
|
||||
|
||||
sub remove_from_flags {
|
||||
my ($toRemove, $flags) = @_;
|
||||
|
||||
$flags =~ s/$toRemove//;
|
||||
return $flags;
|
||||
}
|
||||
|
||||
my %targets = (
|
||||
"VC-WIN32-HYBRIDCRT" => {
|
||||
inherit_from => [ "VC-WIN32" ],
|
||||
cflags => sub {
|
||||
remove_from_flags(qr/\/MDd?\s/, add(picker(debug => "/MTd",
|
||||
release => "/MT"))->(@_))
|
||||
},
|
||||
lflags => add(picker(debug => "/NODEFAULTLIB:libucrtd.lib /DEFAULTLIB:ucrtd.lib",
|
||||
release => "/NODEFAULTLIB:libucrt.lib /DEFAULTLIB:ucrt.lib")),
|
||||
},
|
||||
"VC-WIN64A-HYBRIDCRT" => {
|
||||
inherit_from => [ "VC-WIN64A" ],
|
||||
cflags => sub {
|
||||
remove_from_flags(qr/\/MDd?\s/, add(picker(debug => "/MTd",
|
||||
release => "/MT"))->(@_))
|
||||
},
|
||||
lflags => add(picker(debug => "/NODEFAULTLIB:libucrtd.lib /DEFAULTLIB:ucrtd.lib",
|
||||
release => "/NODEFAULTLIB:libucrt.lib /DEFAULTLIB:ucrt.lib")),
|
||||
},
|
||||
);
|
||||
@@ -1,137 +0,0 @@
|
||||
## -*- mode: perl; -*-
|
||||
# Windows OneCore targets.
|
||||
#
|
||||
# OneCore is new API stability "contract" that transcends Desktop, IoT and
|
||||
# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
|
||||
# export subset of Win32 API that are common to all Windows 10 devices.
|
||||
#
|
||||
# OneCore Configuration temporarily dedicated for console applications
|
||||
# due to disabled event logging, which is incompatible with one core.
|
||||
# Error messages are provided via standard error only.
|
||||
# TODO: extend error handling to use ETW based eventing
|
||||
# (Or rework whole error messaging)
|
||||
|
||||
my $UWP_info = {};
|
||||
sub UWP_info {
|
||||
unless (%$UWP_info) {
|
||||
my $SDKver = `powershell -Command \"& {\$(Get-Item \\\"hklm:\\SOFTWARE\\WOW6432Node\\Microsoft\\Microsoft SDKs\\Windows\\\").GetValue(\\\"CurrentVersion\\\")}\"`;
|
||||
$SDKver =~ s|\R$||;
|
||||
my @SDKver_split = split(/\./, $SDKver);
|
||||
# SDK version older than 10.0.17763 don't support our ASM builds
|
||||
if ($SDKver_split[0] < 10
|
||||
|| ($SDKver_split[0] == 10
|
||||
&& $SDKver_split[1] == 0
|
||||
&& $SDKver_split[2] < 17763)) {
|
||||
$UWP_info->{disable} = [ 'asm' ];
|
||||
} else {
|
||||
$UWP_info->{disable} = [ ];
|
||||
}
|
||||
}
|
||||
return $UWP_info;
|
||||
}
|
||||
|
||||
my %targets = (
|
||||
"VC-WIN32-ONECORE" => {
|
||||
inherit_from => [ "VC-WIN32" ],
|
||||
# /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has
|
||||
# hidden reference to kernel32.lib, but we don't actually want
|
||||
# it in "onecore" build.
|
||||
lflags => add("/NODEFAULTLIB:kernel32.lib"),
|
||||
defines => add("OPENSSL_SYS_WIN_CORE"),
|
||||
ex_libs => "onecore.lib",
|
||||
},
|
||||
"VC-WIN64A-ONECORE" => {
|
||||
inherit_from => [ "VC-WIN64A" ],
|
||||
lflags => add("/NODEFAULTLIB:kernel32.lib"),
|
||||
defines => add("OPENSSL_SYS_WIN_CORE"),
|
||||
ex_libs => "onecore.lib",
|
||||
},
|
||||
|
||||
# Windows on ARM targets. ARM compilers are additional components in
|
||||
# VS2017, i.e. they are not installed by default. And when installed,
|
||||
# there are no "ARM Tool Command Prompt"s on Start menu, you have
|
||||
# to locate vcvarsall.bat and act accordingly. VC-WIN32-ARM has
|
||||
# received limited testing with evp_test.exe on Windows 10 IoT Core,
|
||||
# but not VC-WIN64-ARM, no hardware... In other words they are not
|
||||
# actually supported...
|
||||
#
|
||||
# Another thing to keep in mind [in cross-compilation scenario such
|
||||
# as this one] is that target's file system has nothing to do with
|
||||
# compilation system's one. This means that you're are likely to use
|
||||
# --prefix and --openssldir with target-specific values. 'nmake install'
|
||||
# step is effectively meaningless in cross-compilation case, though
|
||||
# it might be useful to 'nmake install DESTDIR=S:\ome\where' where you
|
||||
# can point Visual Studio to when compiling custom application code.
|
||||
|
||||
"VC-WIN32-ARM" => {
|
||||
inherit_from => [ "VC-noCE-common" ],
|
||||
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
|
||||
"OPENSSL_SYS_WIN_CORE"),
|
||||
bn_ops => "BN_LLONG RC4_CHAR",
|
||||
lflags => add("/NODEFAULTLIB:kernel32.lib"),
|
||||
ex_libs => "onecore.lib",
|
||||
multilib => "-arm",
|
||||
},
|
||||
"VC-WIN64-ARM" => {
|
||||
inherit_from => [ "VC-noCE-common" ],
|
||||
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
|
||||
"OPENSSL_SYS_WIN_CORE"),
|
||||
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
|
||||
lflags => add("/NODEFAULTLIB:kernel32.lib"),
|
||||
ex_libs => "onecore.lib",
|
||||
multilib => "-arm64",
|
||||
},
|
||||
|
||||
# Universal Windows Platform (UWP) App Support
|
||||
|
||||
# TODO
|
||||
#
|
||||
# The 'disable' attribute should have 'uplink'.
|
||||
# however, these are checked in some 'inherit_from', which is processed
|
||||
# very early, before the 'disable' attributes are seen.
|
||||
# This is a problem that needs to be resolved in Configure first.
|
||||
#
|
||||
# But if you want to build library with Windows 10 Version 1809 SDK or
|
||||
# earlier, the 'disable' attribute should also have 'asm'.
|
||||
|
||||
"VC-WIN32-UWP" => {
|
||||
inherit_from => [ "VC-WIN32-ONECORE" ],
|
||||
lflags => add("/APPCONTAINER"),
|
||||
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
|
||||
"_WIN32_WINNT=0x0A00"),
|
||||
dso_scheme => "",
|
||||
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
|
||||
@{ UWP_info()->{disable} } ] },
|
||||
ex_libs => "WindowsApp.lib",
|
||||
},
|
||||
"VC-WIN64A-UWP" => {
|
||||
inherit_from => [ "VC-WIN64A-ONECORE" ],
|
||||
lflags => add("/APPCONTAINER"),
|
||||
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
|
||||
"_WIN32_WINNT=0x0A00"),
|
||||
dso_scheme => "",
|
||||
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
|
||||
@{ UWP_info()->{disable} } ] },
|
||||
ex_libs => "WindowsApp.lib",
|
||||
},
|
||||
"VC-WIN32-ARM-UWP" => {
|
||||
inherit_from => [ "VC-WIN32-ARM" ],
|
||||
lflags => add("/APPCONTAINER"),
|
||||
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
|
||||
"_WIN32_WINNT=0x0A00"),
|
||||
dso_scheme => "",
|
||||
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
|
||||
@{ UWP_info()->{disable} } ] },
|
||||
ex_libs => "WindowsApp.lib",
|
||||
},
|
||||
"VC-WIN64-ARM-UWP" => {
|
||||
inherit_from => [ "VC-WIN64-ARM" ],
|
||||
lflags => add("/APPCONTAINER"),
|
||||
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
|
||||
"_WIN32_WINNT=0x0A00"),
|
||||
dso_scheme => "",
|
||||
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
|
||||
@{ UWP_info()->{disable} } ] },
|
||||
ex_libs => "WindowsApp.lib",
|
||||
},
|
||||
);
|
||||
@@ -1,136 +0,0 @@
|
||||
Configure Internals
|
||||
===================
|
||||
|
||||
[ note: this file uses markdown for formatting ]
|
||||
|
||||
Intro
|
||||
-----
|
||||
|
||||
This is a collection of notes that are hopefully of interest to those
|
||||
who decide to dive into Configure and what it does. This is a living
|
||||
document and anyone is encouraged to add to it and submit changes.
|
||||
There's no claim for this document to be complete at any time, but it
|
||||
will hopefully reach such a point in time.
|
||||
|
||||
|
||||
----------------------------------------------------------------------
|
||||
|
||||
Parsing build.info files, processing conditions
|
||||
-----------------------------------------------
|
||||
|
||||
Processing conditions in build.info files is done with the help of a
|
||||
condition stack that tell if a build.info should be processed or if it
|
||||
should just be skipped over. The possible states of the stack top are
|
||||
expressed in the following comment from Configure:
|
||||
|
||||
# The top item of this stack has the following values
|
||||
# -2 positive already run and we found ELSE (following ELSIF should fail)
|
||||
# -1 positive already run (skip until ENDIF)
|
||||
# 0 negatives so far (if we're at a condition, check it)
|
||||
# 1 last was positive (don't skip lines until next ELSE, ELSIF or ENDIF)
|
||||
# 2 positive ELSE (following ELSIF should fail)
|
||||
|
||||
Ground rule is that non-condition lines are skipped over if the
|
||||
stack top is > 0. Condition lines (IF, ELSIF, ELSE and ENDIF
|
||||
statements) need to be processed either way to keep track of the skip
|
||||
stack states, so they are a little more intricate.
|
||||
|
||||
Instead of trying to describe in words, here are some example of what
|
||||
the skip stack should look like after each line is processed:
|
||||
|
||||
Example 1:
|
||||
|
||||
| IF[1] | 1 | |
|
||||
| ... whatever ... | | this line is processed |
|
||||
| IF[1] | 1 1 | |
|
||||
| ... whatever ... | | this line is processed |
|
||||
| ELSIF[1] | 1 -1 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSE | 1 -2 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ENDIF | 1 | |
|
||||
| ... whatever ... | | this line is processed |
|
||||
| ELSIF[1] | -1 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| IF[1] | -1 -1 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSIF[1] | -1 -1 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSE | -1 -2 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ENDIF | -1 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ENDIF | | |
|
||||
|
||||
Example 2:
|
||||
|
||||
| IF[0] | 0 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| IF[1] | 0 -1 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSIF[1] | 0 -1 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSE | 0 -2 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ENDIF | 0 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSIF[1] | 1 | |
|
||||
| ... whatever ... | | this line is processed |
|
||||
| IF[1] | 1 1 | |
|
||||
| ... whatever ... | | this line is processed |
|
||||
| ELSIF[1] | 1 -1 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSE | 1 -2 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ENDIF | 1 | |
|
||||
| ... whatever ... | | this line is processed |
|
||||
| ENDIF | | |
|
||||
|
||||
Example 3:
|
||||
|
||||
| IF[0] | 0 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| IF[0] | 0 -1 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSIF[1] | 0 -1 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSE | 0 -2 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ENDIF | 0 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSIF[1] | 1 | |
|
||||
| ... whatever ... | | this line is processed |
|
||||
| IF[0] | 1 0 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSIF[1] | 1 1 | |
|
||||
| ... whatever ... | | this line is processed |
|
||||
| ELSE | 1 -2 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ENDIF | 1 | |
|
||||
| ... whatever ... | | this line is processed |
|
||||
| ENDIF | | |
|
||||
|
||||
Example 4:
|
||||
|
||||
| IF[0] | 0 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| IF[0] | 0 -1 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSIF[0] | 0 -1 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSE | 0 -2 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ENDIF | 0 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSIF[1] | 1 | |
|
||||
| ... whatever ... | | this line is processed |
|
||||
| IF[0] | 1 0 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSIF[0] | 1 0 | |
|
||||
| ... whatever ... | | this line is skipped over |
|
||||
| ELSE | 1 2 | |
|
||||
| ... whatever ... | | this line is processed |
|
||||
| ENDIF | 1 | |
|
||||
| ... whatever ... | | this line is processed |
|
||||
| ENDIF | | |
|
||||
|
||||
@@ -1,604 +0,0 @@
|
||||
Design document for the unified scheme data
|
||||
===========================================
|
||||
|
||||
How are things connected?
|
||||
-------------------------
|
||||
|
||||
The unified scheme takes all its data from the `build.info` files seen
|
||||
throughout the source tree. These files hold the minimum information
|
||||
needed to build end product files from diverse sources. See the
|
||||
section on `build.info` files below.
|
||||
|
||||
From the information in `build.info` files, `Configure` builds up an
|
||||
information database as a hash table called `%unified_info`, which is
|
||||
stored in configdata.pm, found at the top of the build tree (which may
|
||||
or may not be the same as the source tree).
|
||||
|
||||
[`Configurations/common.tmpl`](common.tmpl) uses the data from `%unified_info` to
|
||||
generate the rules for building end product files as well as
|
||||
intermediary files with the help of a few functions found in the
|
||||
build-file templates. See the section on build-file templates further
|
||||
down for more information.
|
||||
|
||||
build.info files
|
||||
----------------
|
||||
|
||||
As mentioned earlier, `build.info` files are meant to hold the minimum
|
||||
information needed to build output files, and therefore only (with a
|
||||
few possible exceptions [1]) have information about end products (such
|
||||
as scripts, library files and programs) and source files (such as C
|
||||
files, C header files, assembler files, etc). Intermediate files such
|
||||
as object files are rarely directly referred to in `build.info` files (and
|
||||
when they are, it's always with the file name extension `.o`), they are
|
||||
inferred by `Configure`. By the same rule of minimalism, end product
|
||||
file name extensions (such as `.so`, `.a`, `.exe`, etc) are never mentioned
|
||||
in `build.info`. Their file name extensions will be inferred by the
|
||||
build-file templates, adapted for the platform they are meant for (see
|
||||
sections on `%unified_info` and build-file templates further down).
|
||||
|
||||
The variables `PROGRAMS`, `LIBS`, `MODULES` and `SCRIPTS` are used to declare
|
||||
end products. There are variants for them with `_NO_INST` as suffix
|
||||
(`PROGRAM_NO_INST` etc) to specify end products that shouldn't get installed.
|
||||
|
||||
The variables `SOURCE`, `DEPEND`, `INCLUDE` and `DEFINE` are indexed by a
|
||||
produced file, and their values are the source used to produce that
|
||||
particular produced file, extra dependencies, include directories
|
||||
needed, or C macros to be defined.
|
||||
|
||||
All their values in all the `build.info` throughout the source tree are
|
||||
collected together and form a set of programs, libraries, modules and
|
||||
scripts to be produced, source files, dependencies, etc etc etc.
|
||||
|
||||
Let's have a pretend example, a very limited contraption of OpenSSL,
|
||||
composed of the program `apps/openssl`, the libraries `libssl` and
|
||||
`libcrypto`, an module `engines/ossltest` and their sources and
|
||||
dependencies.
|
||||
|
||||
# build.info
|
||||
LIBS=libcrypto libssl
|
||||
INCLUDE[libcrypto]=include
|
||||
INCLUDE[libssl]=include
|
||||
DEPEND[libssl]=libcrypto
|
||||
|
||||
This is the top directory `build.info` file, and it tells us that two
|
||||
libraries are to be built, the include directory `include/` shall be
|
||||
used throughout when building anything that will end up in each
|
||||
library, and that the library `libssl` depend on the library
|
||||
`libcrypto` to function properly.
|
||||
|
||||
# apps/build.info
|
||||
PROGRAMS=openssl
|
||||
SOURCE[openssl]=openssl.c
|
||||
INCLUDE[openssl]=.. ../include
|
||||
DEPEND[openssl]=../libssl
|
||||
|
||||
This is the `build.info` file in `apps/`, one may notice that all file
|
||||
paths mentioned are relative to the directory the `build.info` file is
|
||||
located in. This one tells us that there's a program to be built
|
||||
called `apps/openss` (the file name extension will depend on the
|
||||
platform and is therefore not mentioned in the `build.info` file). It's
|
||||
built from one source file, `apps/openssl.c`, and building it requires
|
||||
the use of `.` and `include/` include directories (both are declared
|
||||
from the point of view of the `apps/` directory), and that the program
|
||||
depends on the library `libssl` to function properly.
|
||||
|
||||
# crypto/build.info
|
||||
LIBS=../libcrypto
|
||||
SOURCE[../libcrypto]=aes.c evp.c cversion.c
|
||||
DEPEND[cversion.o]=buildinf.h
|
||||
|
||||
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
|
||||
DEPEND[buildinf.h]=../Makefile
|
||||
DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
|
||||
|
||||
This is the `build.info` file in `crypto/`, and it tells us a little more
|
||||
about what's needed to produce `libcrypto`. LIBS is used again to
|
||||
declare that `libcrypto` is to be produced. This declaration is
|
||||
really unnecessary as it's already mentioned in the top `build.info`
|
||||
file, but can make the info file easier to understand. This is to
|
||||
show that duplicate information isn't an issue.
|
||||
|
||||
This `build.info` file informs us that `libcrypto` is built from a few
|
||||
source files, `crypto/aes.c`, `crypto/evp.c` and `crypto/cversion.c`.
|
||||
It also shows us that building the object file inferred from
|
||||
`crypto/cversion.c` depends on `crypto/buildinf.h`. Finally, it
|
||||
also shows the possibility to declare how some files are generated
|
||||
using some script, in this case a perl script, and how such scripts
|
||||
can be declared to depend on other files, in this case a perl module.
|
||||
|
||||
Two things are worth an extra note:
|
||||
|
||||
`DEPEND[cversion.o]` mentions an object file. DEPEND indexes is the
|
||||
only location where it's valid to mention them
|
||||
|
||||
# ssl/build.info
|
||||
LIBS=../libssl
|
||||
SOURCE[../libssl]=tls.c
|
||||
|
||||
This is the build.info file in `ssl/`, and it tells us that the
|
||||
library `libssl` is built from the source file `ssl/tls.c`.
|
||||
|
||||
# engines/build.info
|
||||
MODULES=dasync
|
||||
SOURCE[dasync]=e_dasync.c
|
||||
DEPEND[dasync]=../libcrypto
|
||||
INCLUDE[dasync]=../include
|
||||
|
||||
MODULES_NO_INST=ossltest
|
||||
SOURCE[ossltest]=e_ossltest.c
|
||||
DEPEND[ossltest]=../libcrypto.a
|
||||
INCLUDE[ossltest]=../include
|
||||
|
||||
This is the `build.info` file in `engines/`, telling us that two modules
|
||||
called `engines/dasync` and `engines/ossltest` shall be built, that
|
||||
`dasync`'s source is `engines/e_dasync.c` and `ossltest`'s source is
|
||||
`engines/e_ossltest.c` and that the include directory `include/` may
|
||||
be used when building anything that will be part of these modules.
|
||||
Also, both modules depend on the library `libcrypto` to function
|
||||
properly. `ossltest` is explicitly linked with the static variant of
|
||||
the library `libcrypto`. Finally, only `dasync` is being installed, as
|
||||
`ossltest` is only for internal testing.
|
||||
|
||||
When `Configure` digests these `build.info` files, the accumulated
|
||||
information comes down to this:
|
||||
|
||||
LIBS=libcrypto libssl
|
||||
SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
|
||||
DEPEND[crypto/cversion.o]=crypto/buildinf.h
|
||||
INCLUDE[libcrypto]=include
|
||||
SOURCE[libssl]=ssl/tls.c
|
||||
INCLUDE[libssl]=include
|
||||
DEPEND[libssl]=libcrypto
|
||||
|
||||
PROGRAMS=apps/openssl
|
||||
SOURCE[apps/openssl]=apps/openssl.c
|
||||
INCLUDE[apps/openssl]=. include
|
||||
DEPEND[apps/openssl]=libssl
|
||||
|
||||
MODULES=engines/dasync
|
||||
SOURCE[engines/dasync]=engines/e_dasync.c
|
||||
DEPEND[engines/dasync]=libcrypto
|
||||
INCLUDE[engines/dasync]=include
|
||||
|
||||
MODULES_NO_INST=engines/ossltest
|
||||
SOURCE[engines/ossltest]=engines/e_ossltest.c
|
||||
DEPEND[engines/ossltest]=libcrypto.a
|
||||
INCLUDE[engines/ossltest]=include
|
||||
|
||||
GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
|
||||
DEPEND[crypto/buildinf.h]=Makefile
|
||||
DEPEND[util/mkbuildinf.pl]=util/Foo.pm
|
||||
|
||||
A few notes worth mentioning:
|
||||
|
||||
`LIBS` may be used to declare routine libraries only.
|
||||
|
||||
`PROGRAMS` may be used to declare programs only.
|
||||
|
||||
`MODULES` may be used to declare modules only.
|
||||
|
||||
The indexes for `SOURCE` must only be end product files, such as
|
||||
libraries, programs or modules. The values of `SOURCE` variables must
|
||||
only be source files (possibly generated).
|
||||
|
||||
`INCLUDE` and `DEPEND` shows a relationship between different files
|
||||
(usually produced files) or between files and directories, such as a
|
||||
program depending on a library, or between an object file and some
|
||||
extra source file.
|
||||
|
||||
When `Configure` processes the `build.info` files, it will take it as
|
||||
truth without question, and will therefore perform very few checks.
|
||||
If the build tree is separate from the source tree, it will assume
|
||||
that all built files and up in the build directory and that all source
|
||||
files are to be found in the source tree, if they can be found there.
|
||||
`Configure` will assume that source files that can't be found in the
|
||||
source tree (such as `crypto/bildinf.h` in the example above) are
|
||||
generated and will be found in the build tree.
|
||||
|
||||
The `%unified_info` database
|
||||
----------------------------
|
||||
|
||||
The information in all the `build.info` get digested by `Configure` and
|
||||
collected into the `%unified_info` database, divided into the following
|
||||
indexes:
|
||||
|
||||
depends => a hash table containing 'file' => [ 'dependency' ... ]
|
||||
pairs. These are directly inferred from the DEPEND
|
||||
variables in build.info files.
|
||||
|
||||
modules => a list of modules. These are directly inferred from
|
||||
the MODULES variable in build.info files.
|
||||
|
||||
generate => a hash table containing 'file' => [ 'generator' ... ]
|
||||
pairs. These are directly inferred from the GENERATE
|
||||
variables in build.info files.
|
||||
|
||||
includes => a hash table containing 'file' => [ 'include' ... ]
|
||||
pairs. These are directly inferred from the INCLUDE
|
||||
variables in build.info files.
|
||||
|
||||
install => a hash table containing 'type' => [ 'file' ... ] pairs.
|
||||
The types are 'programs', 'libraries', 'modules' and
|
||||
'scripts', and the array of files list the files of
|
||||
that type that should be installed.
|
||||
|
||||
libraries => a list of libraries. These are directly inferred from
|
||||
the LIBS variable in build.info files.
|
||||
|
||||
programs => a list of programs. These are directly inferred from
|
||||
the PROGRAMS variable in build.info files.
|
||||
|
||||
scripts => a list of scripts. There are directly inferred from
|
||||
the SCRIPTS variable in build.info files.
|
||||
|
||||
sources => a hash table containing 'file' => [ 'sourcefile' ... ]
|
||||
pairs. These are indirectly inferred from the SOURCE
|
||||
variables in build.info files. Object files are
|
||||
mentioned in this hash table, with source files from
|
||||
SOURCE variables, and AS source files for programs and
|
||||
libraries.
|
||||
|
||||
shared_sources =>
|
||||
a hash table just like 'sources', but only as source
|
||||
files (object files) for building shared libraries.
|
||||
|
||||
As an example, here is how the `build.info` files example from the
|
||||
section above would be digested into a `%unified_info` table:
|
||||
|
||||
our %unified_info = (
|
||||
"depends" =>
|
||||
{
|
||||
"apps/openssl" =>
|
||||
[
|
||||
"libssl",
|
||||
],
|
||||
"crypto/buildinf.h" =>
|
||||
[
|
||||
"Makefile",
|
||||
],
|
||||
"crypto/cversion.o" =>
|
||||
[
|
||||
"crypto/buildinf.h",
|
||||
],
|
||||
"engines/dasync" =>
|
||||
[
|
||||
"libcrypto",
|
||||
],
|
||||
"engines/ossltest" =>
|
||||
[
|
||||
"libcrypto.a",
|
||||
],
|
||||
"libssl" =>
|
||||
[
|
||||
"libcrypto",
|
||||
],
|
||||
"util/mkbuildinf.pl" =>
|
||||
[
|
||||
"util/Foo.pm",
|
||||
],
|
||||
},
|
||||
"modules" =>
|
||||
[
|
||||
"engines/dasync",
|
||||
"engines/ossltest",
|
||||
],
|
||||
"generate" =>
|
||||
{
|
||||
"crypto/buildinf.h" =>
|
||||
[
|
||||
"util/mkbuildinf.pl",
|
||||
"\"\$(CC)",
|
||||
"\$(CFLAGS)\"",
|
||||
"\"$(PLATFORM)\"",
|
||||
],
|
||||
},
|
||||
"includes" =>
|
||||
{
|
||||
"apps/openssl" =>
|
||||
[
|
||||
".",
|
||||
"include",
|
||||
],
|
||||
"engines/ossltest" =>
|
||||
[
|
||||
"include"
|
||||
],
|
||||
"libcrypto" =>
|
||||
[
|
||||
"include",
|
||||
],
|
||||
"libssl" =>
|
||||
[
|
||||
"include",
|
||||
],
|
||||
"util/mkbuildinf.pl" =>
|
||||
[
|
||||
"util",
|
||||
],
|
||||
}
|
||||
"install" =>
|
||||
{
|
||||
"modules" =>
|
||||
[
|
||||
"engines/dasync",
|
||||
],
|
||||
"libraries" =>
|
||||
[
|
||||
"libcrypto",
|
||||
"libssl",
|
||||
],
|
||||
"programs" =>
|
||||
[
|
||||
"apps/openssl",
|
||||
],
|
||||
},
|
||||
"libraries" =>
|
||||
[
|
||||
"libcrypto",
|
||||
"libssl",
|
||||
],
|
||||
"programs" =>
|
||||
[
|
||||
"apps/openssl",
|
||||
],
|
||||
"sources" =>
|
||||
{
|
||||
"apps/openssl" =>
|
||||
[
|
||||
"apps/openssl.o",
|
||||
],
|
||||
"apps/openssl.o" =>
|
||||
[
|
||||
"apps/openssl.c",
|
||||
],
|
||||
"crypto/aes.o" =>
|
||||
[
|
||||
"crypto/aes.c",
|
||||
],
|
||||
"crypto/cversion.o" =>
|
||||
[
|
||||
"crypto/cversion.c",
|
||||
],
|
||||
"crypto/evp.o" =>
|
||||
[
|
||||
"crypto/evp.c",
|
||||
],
|
||||
"engines/e_dasync.o" =>
|
||||
[
|
||||
"engines/e_dasync.c",
|
||||
],
|
||||
"engines/dasync" =>
|
||||
[
|
||||
"engines/e_dasync.o",
|
||||
],
|
||||
"engines/e_ossltest.o" =>
|
||||
[
|
||||
"engines/e_ossltest.c",
|
||||
],
|
||||
"engines/ossltest" =>
|
||||
[
|
||||
"engines/e_ossltest.o",
|
||||
],
|
||||
"libcrypto" =>
|
||||
[
|
||||
"crypto/aes.c",
|
||||
"crypto/cversion.c",
|
||||
"crypto/evp.c",
|
||||
],
|
||||
"libssl" =>
|
||||
[
|
||||
"ssl/tls.c",
|
||||
],
|
||||
"ssl/tls.o" =>
|
||||
[
|
||||
"ssl/tls.c",
|
||||
],
|
||||
},
|
||||
);
|
||||
|
||||
As can be seen, everything in `%unified_info` is fairly simple suggest
|
||||
of information. Still, it tells us that to build all programs, we
|
||||
must build `apps/openssl`, and to build the latter, we will need to
|
||||
build all its sources (`apps/openssl.o` in this case) and all the
|
||||
other things it depends on (such as `libssl`). All those dependencies
|
||||
need to be built as well, using the same logic, so to build `libssl`,
|
||||
we need to build `ssl/tls.o` as well as `libcrypto`, and to build the
|
||||
latter...
|
||||
|
||||
Build-file templates
|
||||
--------------------
|
||||
|
||||
Build-file templates are essentially build-files (such as `Makefile` on
|
||||
Unix) with perl code fragments mixed in. Those perl code fragment
|
||||
will generate all the configuration dependent data, including all the
|
||||
rules needed to build end product files and intermediary files alike.
|
||||
At a minimum, there must be a perl code fragment that defines a set of
|
||||
functions that are used to generates specific build-file rules, to
|
||||
build static libraries from object files, to build shared libraries
|
||||
from static libraries, to programs from object files and libraries,
|
||||
etc.
|
||||
|
||||
generatesrc - function that produces build file lines to generate
|
||||
a source file from some input.
|
||||
|
||||
It's called like this:
|
||||
|
||||
generatesrc(src => "PATH/TO/tobegenerated",
|
||||
generator => [ "generatingfile", ... ]
|
||||
generator_incs => [ "INCL/PATH", ... ]
|
||||
generator_deps => [ "dep1", ... ]
|
||||
incs => [ "INCL/PATH", ... ],
|
||||
deps => [ "dep1", ... ],
|
||||
intent => one of "libs", "dso", "bin" );
|
||||
|
||||
'src' has the name of the file to be generated.
|
||||
'generator' is the command or part of command to
|
||||
generate the file, of which the first item is
|
||||
expected to be the file to generate from.
|
||||
generatesrc() is expected to analyse and figure out
|
||||
exactly how to apply that file and how to capture
|
||||
the result. 'generator_incs' and 'generator_deps'
|
||||
are include directories and files that the generator
|
||||
file itself depends on. 'incs' and 'deps' are
|
||||
include directories and files that are used if $(CC)
|
||||
is used as an intermediary step when generating the
|
||||
end product (the file indicated by 'src'). 'intent'
|
||||
indicates what the generated file is going to be
|
||||
used for.
|
||||
|
||||
src2obj - function that produces build file lines to build an
|
||||
object file from source files and associated data.
|
||||
|
||||
It's called like this:
|
||||
|
||||
src2obj(obj => "PATH/TO/objectfile",
|
||||
srcs => [ "PATH/TO/sourcefile", ... ],
|
||||
deps => [ "dep1", ... ],
|
||||
incs => [ "INCL/PATH", ... ]
|
||||
intent => one of "lib", "dso", "bin" );
|
||||
|
||||
'obj' has the intended object file with `.o`
|
||||
extension, src2obj() is expected to change it to
|
||||
something more suitable for the platform.
|
||||
'srcs' has the list of source files to build the
|
||||
object file, with the first item being the source
|
||||
file that directly corresponds to the object file.
|
||||
'deps' is a list of explicit dependencies. 'incs'
|
||||
is a list of include file directories. Finally,
|
||||
'intent' indicates what this object file is going
|
||||
to be used for.
|
||||
|
||||
obj2lib - function that produces build file lines to build a
|
||||
static library file ("libfoo.a" in Unix terms) from
|
||||
object files.
|
||||
|
||||
called like this:
|
||||
|
||||
obj2lib(lib => "PATH/TO/libfile",
|
||||
objs => [ "PATH/TO/objectfile", ... ]);
|
||||
|
||||
'lib' has the intended library file name *without*
|
||||
extension, obj2lib is expected to add that. 'objs'
|
||||
has the list of object files to build this library.
|
||||
|
||||
libobj2shlib - backward compatibility function that's used the
|
||||
same way as obj2shlib (described next), and was
|
||||
expected to build the shared library from the
|
||||
corresponding static library when that was suitable.
|
||||
NOTE: building a shared library from a static
|
||||
library is now DEPRECATED, as they no longer share
|
||||
object files. Attempting to do this will fail.
|
||||
|
||||
obj2shlib - function that produces build file lines to build a
|
||||
shareable object library file ("libfoo.so" in Unix
|
||||
terms) from the corresponding object files.
|
||||
|
||||
called like this:
|
||||
|
||||
obj2shlib(shlib => "PATH/TO/shlibfile",
|
||||
lib => "PATH/TO/libfile",
|
||||
objs => [ "PATH/TO/objectfile", ... ],
|
||||
deps => [ "PATH/TO/otherlibfile", ... ]);
|
||||
|
||||
'lib' has the base (static) library file name
|
||||
*without* extension. This is useful in case
|
||||
supporting files are needed (such as import
|
||||
libraries on Windows).
|
||||
'shlib' has the corresponding shared library name
|
||||
*without* extension. 'deps' has the list of other
|
||||
libraries (also *without* extension) this library
|
||||
needs to be linked with. 'objs' has the list of
|
||||
object files to build this library.
|
||||
|
||||
obj2dso - function that produces build file lines to build a
|
||||
dynamic shared object file from object files.
|
||||
|
||||
called like this:
|
||||
|
||||
obj2dso(lib => "PATH/TO/libfile",
|
||||
objs => [ "PATH/TO/objectfile", ... ],
|
||||
deps => [ "PATH/TO/otherlibfile",
|
||||
... ]);
|
||||
|
||||
This is almost the same as obj2shlib, but the
|
||||
intent is to build a shareable library that can be
|
||||
loaded in runtime (a "plugin"...).
|
||||
|
||||
obj2bin - function that produces build file lines to build an
|
||||
executable file from object files.
|
||||
|
||||
called like this:
|
||||
|
||||
obj2bin(bin => "PATH/TO/binfile",
|
||||
objs => [ "PATH/TO/objectfile", ... ],
|
||||
deps => [ "PATH/TO/libfile", ... ]);
|
||||
|
||||
'bin' has the intended executable file name
|
||||
*without* extension, obj2bin is expected to add
|
||||
that. 'objs' has the list of object files to build
|
||||
this library. 'deps' has the list of library files
|
||||
(also *without* extension) that the programs needs
|
||||
to be linked with.
|
||||
|
||||
in2script - function that produces build file lines to build a
|
||||
script file from some input.
|
||||
|
||||
called like this:
|
||||
|
||||
in2script(script => "PATH/TO/scriptfile",
|
||||
sources => [ "PATH/TO/infile", ... ]);
|
||||
|
||||
'script' has the intended script file name.
|
||||
'sources' has the list of source files to build the
|
||||
resulting script from.
|
||||
|
||||
Along with the build-file templates is the driving template
|
||||
[`Configurations/common.tmpl`](common.tmpl), which looks through all the
|
||||
information in `%unified_info` and generates all the rulesets to build libraries,
|
||||
programs and all intermediate files, using the rule generating
|
||||
functions defined in the build-file template.
|
||||
|
||||
As an example with the smaller `build.info` set we've seen as an
|
||||
example, producing the rules to build `libcrypto` would result in the
|
||||
following calls:
|
||||
|
||||
# Note: obj2shlib will only be called if shared libraries are
|
||||
# to be produced.
|
||||
# Note 2: obj2shlib must convert the '.o' extension to whatever
|
||||
# is suitable on the local platform.
|
||||
obj2shlib(shlib => "libcrypto",
|
||||
objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ],
|
||||
deps => [ ]);
|
||||
|
||||
obj2lib(lib => "libcrypto"
|
||||
objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ]);
|
||||
|
||||
src2obj(obj => "crypto/aes.o"
|
||||
srcs => [ "crypto/aes.c" ],
|
||||
deps => [ ],
|
||||
incs => [ "include" ],
|
||||
intent => "lib");
|
||||
|
||||
src2obj(obj => "crypto/evp.o"
|
||||
srcs => [ "crypto/evp.c" ],
|
||||
deps => [ ],
|
||||
incs => [ "include" ],
|
||||
intent => "lib");
|
||||
|
||||
src2obj(obj => "crypto/cversion.o"
|
||||
srcs => [ "crypto/cversion.c" ],
|
||||
deps => [ "crypto/buildinf.h" ],
|
||||
incs => [ "include" ],
|
||||
intent => "lib");
|
||||
|
||||
generatesrc(src => "crypto/buildinf.h",
|
||||
generator => [ "util/mkbuildinf.pl", "\"$(CC)",
|
||||
"$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
|
||||
generator_incs => [ "util" ],
|
||||
generator_deps => [ "util/Foo.pm" ],
|
||||
incs => [ ],
|
||||
deps => [ ],
|
||||
intent => "lib");
|
||||
|
||||
The returned strings from all those calls are then concatenated
|
||||
together and written to the resulting build-file.
|
||||
@@ -1,674 +0,0 @@
|
||||
Intro
|
||||
=====
|
||||
|
||||
This directory contains a few sets of files that are used for
|
||||
configuration in diverse ways:
|
||||
|
||||
*.conf Target platform configurations, please read
|
||||
'Configurations of OpenSSL target platforms' for more
|
||||
information.
|
||||
*.tmpl Build file templates, please read 'Build-file
|
||||
programming with the "unified" build system' as well
|
||||
as 'Build info files' for more information.
|
||||
*.pm Helper scripts / modules for the main `Configure`
|
||||
script. See 'Configure helper scripts for more
|
||||
information.
|
||||
|
||||
Configurations of OpenSSL target platforms
|
||||
==========================================
|
||||
|
||||
Configuration targets are a collection of facts that we know about
|
||||
different platforms and their capabilities. We organise them in a
|
||||
hash table, where each entry represent a specific target.
|
||||
|
||||
Note that configuration target names must be unique across all config
|
||||
files. The Configure script does check that a config file doesn't
|
||||
have config targets that shadow config targets from other files.
|
||||
|
||||
In each table entry, the following keys are significant:
|
||||
|
||||
inherit_from => Other targets to inherit values from.
|
||||
Explained further below. [1]
|
||||
template => Set to 1 if this isn't really a platform
|
||||
target. Instead, this target is a template
|
||||
upon which other targets can be built.
|
||||
Explained further below. [1]
|
||||
|
||||
sys_id => System identity for systems where that
|
||||
is difficult to determine automatically.
|
||||
|
||||
enable => Enable specific configuration features.
|
||||
This MUST be an array of words.
|
||||
disable => Disable specific configuration features.
|
||||
This MUST be an array of words.
|
||||
Note: if the same feature is both enabled
|
||||
and disabled, disable wins.
|
||||
|
||||
as => The assembler command. This is not always
|
||||
used (for example on Unix, where the C
|
||||
compiler is used instead).
|
||||
asflags => Default assembler command flags [4].
|
||||
cpp => The C preprocessor command, normally not
|
||||
given, as the build file defaults are
|
||||
usually good enough.
|
||||
cppflags => Default C preprocessor flags [4].
|
||||
defines => As an alternative, macro definitions may be
|
||||
given here instead of in 'cppflags' [4].
|
||||
If given here, they MUST be as an array of
|
||||
the string such as "MACRO=value", or just
|
||||
"MACRO" for definitions without value.
|
||||
includes => As an alternative, inclusion directories
|
||||
may be given here instead of in 'cppflags'
|
||||
[4]. If given here, the MUST be an array
|
||||
of strings, one directory specification
|
||||
each.
|
||||
cc => The C compiler command, usually one of "cc",
|
||||
"gcc" or "clang". This command is normally
|
||||
also used to link object files and
|
||||
libraries into the final program.
|
||||
cxx => The C++ compiler command, usually one of
|
||||
"c++", "g++" or "clang++". This command is
|
||||
also used when linking a program where at
|
||||
least one of the object file is made from
|
||||
C++ source.
|
||||
cflags => Defaults C compiler flags [4].
|
||||
cxxflags => Default C++ compiler flags [4]. If unset,
|
||||
it gets the same value as cflags.
|
||||
|
||||
(linking is a complex thing, see [3] below)
|
||||
ld => Linker command, usually not defined
|
||||
(meaning the compiler command is used
|
||||
instead).
|
||||
(NOTE: this is here for future use, it's
|
||||
not implemented yet)
|
||||
lflags => Default flags used when linking apps,
|
||||
shared libraries or DSOs [4].
|
||||
ex_libs => Extra libraries that are needed when
|
||||
linking shared libraries, DSOs or programs.
|
||||
The value is also assigned to Libs.private
|
||||
in $(libdir)/pkgconfig/libcrypto.pc.
|
||||
|
||||
shared_cppflags => Extra C preprocessor flags used when
|
||||
processing C files for shared libraries.
|
||||
shared_cflag => Extra C compiler flags used when compiling
|
||||
for shared libraries, typically something
|
||||
like "-fPIC".
|
||||
shared_ldflag => Extra linking flags used when linking
|
||||
shared libraries.
|
||||
module_cppflags
|
||||
module_cflags
|
||||
module_ldflags => Has the same function as the corresponding
|
||||
'shared_' attributes, but for building DSOs.
|
||||
When unset, they get the same values as the
|
||||
corresponding 'shared_' attributes.
|
||||
|
||||
ar => The library archive command, the default is
|
||||
"ar".
|
||||
(NOTE: this is here for future use, it's
|
||||
not implemented yet)
|
||||
arflags => Flags to be used with the library archive
|
||||
command. On Unix, this includes the
|
||||
command letter, 'r' by default.
|
||||
|
||||
ranlib => The library archive indexing command, the
|
||||
default is 'ranlib' it it exists.
|
||||
|
||||
unistd => An alternative header to the typical
|
||||
'<unistd.h>'. This is very rarely needed.
|
||||
|
||||
shared_extension => File name extension used for shared
|
||||
libraries.
|
||||
obj_extension => File name extension used for object files.
|
||||
On unix, this defaults to ".o" (NOTE: this
|
||||
is here for future use, it's not
|
||||
implemented yet)
|
||||
exe_extension => File name extension used for executable
|
||||
files. On unix, this defaults to "" (NOTE:
|
||||
this is here for future use, it's not
|
||||
implemented yet)
|
||||
shlib_variant => A "variant" identifier inserted between the base
|
||||
shared library name and the extension. On "unixy"
|
||||
platforms (BSD, Linux, Solaris, MacOS/X, ...) this
|
||||
supports installation of custom OpenSSL libraries
|
||||
that don't conflict with other builds of OpenSSL
|
||||
installed on the system. The variant identifier
|
||||
becomes part of the SONAME of the library and also
|
||||
any symbol versions (symbol versions are not used or
|
||||
needed with MacOS/X). For example, on a system
|
||||
where a default build would normally create the SSL
|
||||
shared library as 'libssl.so -> libssl.so.1.1' with
|
||||
the value of the symlink as the SONAME, a target
|
||||
definition that sets 'shlib_variant => "-abc"' will
|
||||
create 'libssl.so -> libssl-abc.so.1.1', again with
|
||||
an SONAME equal to the value of the symlink. The
|
||||
symbol versions associated with the variant library
|
||||
would then be 'OPENSSL_ABC_<version>' rather than
|
||||
the default 'OPENSSL_<version>'. The string inserted
|
||||
into symbol versions is obtained by mapping all
|
||||
letters in the "variant" identifier to uppercase
|
||||
and all non-alphanumeric characters to '_'.
|
||||
|
||||
thread_scheme => The type of threads is used on the
|
||||
configured platform. Currently known
|
||||
values are "(unknown)", "pthreads",
|
||||
"uithreads" (a.k.a solaris threads) and
|
||||
"winthreads". Except for "(unknown)", the
|
||||
actual value is currently ignored but may
|
||||
be used in the future. See further notes
|
||||
below [2].
|
||||
dso_scheme => The type of dynamic shared objects to build
|
||||
for. This mostly comes into play with
|
||||
modules, but can be used for other purposes
|
||||
as well. Valid values are "DLFCN"
|
||||
(dlopen() et al), "DLFCN_NO_H" (for systems
|
||||
that use dlopen() et al but do not have
|
||||
fcntl.h), "DL" (shl_load() et al), "WIN32"
|
||||
and "VMS".
|
||||
asm_arch => The architecture to be used for compiling assembly
|
||||
source. This acts as a selector in build.info files.
|
||||
uplink_arch => The architecture to be used for compiling uplink
|
||||
source. This acts as a selector in build.info files.
|
||||
This is separate from asm_arch because it's compiled
|
||||
even when 'no-asm' is given, even though it contains
|
||||
assembler source.
|
||||
perlasm_scheme => The perlasm method used to create the
|
||||
assembler files used when compiling with
|
||||
assembler implementations.
|
||||
shared_target => The shared library building method used.
|
||||
This serves multiple purposes:
|
||||
- as index for targets found in shared_info.pl.
|
||||
- as linker script generation selector.
|
||||
To serve both purposes, the index for shared_info.pl
|
||||
should end with '-shared', and this suffix will be
|
||||
removed for use as a linker script generation
|
||||
selector. Note that the latter is only used if
|
||||
'shared_defflag' is defined.
|
||||
build_scheme => The scheme used to build up a Makefile.
|
||||
In its simplest form, the value is a string
|
||||
with the name of the build scheme.
|
||||
The value may also take the form of a list
|
||||
of strings, if the build_scheme is to have
|
||||
some options. In this case, the first
|
||||
string in the list is the name of the build
|
||||
scheme.
|
||||
Currently recognised build scheme is "unified".
|
||||
For the "unified" build scheme, this item
|
||||
*must* be an array with the first being the
|
||||
word "unified" and the second being a word
|
||||
to identify the platform family.
|
||||
|
||||
multilib => On systems that support having multiple
|
||||
implementations of a library (typically a
|
||||
32-bit and a 64-bit variant), this is used
|
||||
to have the different variants in different
|
||||
directories.
|
||||
|
||||
multibin => On systems that support having multiple
|
||||
implementations of a library and binaries
|
||||
(typically a 32-bit and a 64-bit variant),
|
||||
this is used to have the different variants
|
||||
in different binary directories. This setting
|
||||
works in conjunction with multilib.
|
||||
|
||||
bn_ops => Building options (was just bignum options in
|
||||
the earlier history of this option, hence the
|
||||
name). This is a string of words that describe
|
||||
algorithms' implementation parameters that
|
||||
are optimal for the designated target platform,
|
||||
such as the type of integers used to build up
|
||||
the bignum, different ways to implement certain
|
||||
ciphers and so on. To fully comprehend the
|
||||
meaning, the best is to read the affected
|
||||
source.
|
||||
The valid words are:
|
||||
|
||||
THIRTY_TWO_BIT bignum limbs are 32 bits,
|
||||
this is default if no
|
||||
option is specified, it
|
||||
works on any supported
|
||||
system [unless "wider"
|
||||
limb size is implied in
|
||||
assembly code];
|
||||
BN_LLONG bignum limbs are 32 bits,
|
||||
but 64-bit 'unsigned long
|
||||
long' is used internally
|
||||
in calculations;
|
||||
SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
|
||||
and sizeof(long) is 8;
|
||||
SIXTY_FOUR_BIT bignums limbs are 64 bits,
|
||||
but execution environment
|
||||
is ILP32;
|
||||
RC4_CHAR RC4 key schedule is made
|
||||
up of 'unsigned char's;
|
||||
Note: should not be used
|
||||
for new configuration
|
||||
targets
|
||||
RC4_INT RC4 key schedule is made
|
||||
up of 'unsigned int's;
|
||||
Note: should not be used
|
||||
for new configuration
|
||||
targets
|
||||
|
||||
[1] as part of the target configuration, one can have a key called
|
||||
`inherit_from` that indicates what other configurations to inherit
|
||||
data from. These are resolved recursively.
|
||||
|
||||
Inheritance works as a set of default values that can be overridden
|
||||
by corresponding key values in the inheriting configuration.
|
||||
|
||||
Note 1: any configuration table can be used as a template.
|
||||
Note 2: pure templates have the attribute `template => 1` and
|
||||
cannot be used as build targets.
|
||||
|
||||
If several configurations are given in the `inherit_from` array,
|
||||
the values of same attribute are concatenated with space
|
||||
separation. With this, it's possible to have several smaller
|
||||
templates for different configuration aspects that can be combined
|
||||
into a complete configuration.
|
||||
|
||||
Instead of a scalar value or an array, a value can be a code block
|
||||
of the form `sub { /* your code here */ }`. This code block will
|
||||
be called with the list of inherited values for that key as
|
||||
arguments. In fact, the concatenation of strings is really done
|
||||
by using `sub { join(" ",@_) }` on the list of inherited values.
|
||||
|
||||
An example:
|
||||
|
||||
"foo" => {
|
||||
template => 1,
|
||||
haha => "ha ha",
|
||||
hoho => "ho",
|
||||
ignored => "This should not appear in the end result",
|
||||
},
|
||||
"bar" => {
|
||||
template => 1,
|
||||
haha => "ah",
|
||||
hoho => "haho",
|
||||
hehe => "hehe"
|
||||
},
|
||||
"laughter" => {
|
||||
inherit_from => [ "foo", "bar" ],
|
||||
hehe => sub { join(" ",(@_,"!!!")) },
|
||||
ignored => "",
|
||||
}
|
||||
|
||||
The entry for "laughter" will become as follows after processing:
|
||||
|
||||
"laughter" => {
|
||||
haha => "ha ha ah",
|
||||
hoho => "ho haho",
|
||||
hehe => "hehe !!!",
|
||||
ignored => ""
|
||||
}
|
||||
|
||||
[2] OpenSSL is built with threading capabilities unless the user
|
||||
specifies `no-threads`. The value of the key `thread_scheme` may
|
||||
be `(unknown)`, in which case the user MUST give some compilation
|
||||
flags to `Configure`.
|
||||
|
||||
[3] OpenSSL has three types of things to link from object files or
|
||||
static libraries:
|
||||
|
||||
- shared libraries; that would be libcrypto and libssl.
|
||||
- shared objects (sometimes called dynamic libraries); that would
|
||||
be the modules.
|
||||
- applications; those are apps/openssl and all the test apps.
|
||||
|
||||
Very roughly speaking, linking is done like this (words in braces
|
||||
represent the configuration settings documented at the beginning
|
||||
of this file):
|
||||
|
||||
shared libraries:
|
||||
{ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
|
||||
foo/something.o foo/somethingelse.o {ex_libs}
|
||||
|
||||
shared objects:
|
||||
{ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
|
||||
blah1.o blah2.o -lcrypto {ex_libs}
|
||||
|
||||
applications:
|
||||
{ld} $(CFLAGS) {lflags} -o app \
|
||||
app1.o utils.o -lssl -lcrypto {ex_libs}
|
||||
|
||||
[4] There are variants of these attribute, prefixed with `lib_`,
|
||||
`dso_` or `bin_`. Those variants replace the unprefixed attribute
|
||||
when building library, DSO or program modules specifically.
|
||||
|
||||
Historically, the target configurations came in form of a string with
|
||||
values separated by colons. This use is deprecated. The string form
|
||||
looked like this:
|
||||
|
||||
"target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:
|
||||
{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:
|
||||
{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:
|
||||
{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:
|
||||
{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:
|
||||
{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:
|
||||
{arflags}:{multilib}"
|
||||
|
||||
Build info files
|
||||
================
|
||||
|
||||
The `build.info` files that are spread over the source tree contain the
|
||||
minimum information needed to build and distribute OpenSSL. It uses a
|
||||
simple and yet fairly powerful language to determine what needs to be
|
||||
built, from what sources, and other relationships between files.
|
||||
|
||||
For every `build.info` file, all file references are relative to the
|
||||
directory of the `build.info` file for source files, and the
|
||||
corresponding build directory for built files if the build tree
|
||||
differs from the source tree.
|
||||
|
||||
When processed, every line is processed with the perl module
|
||||
Text::Template, using the delimiters `{-` and `-}`. The hashes
|
||||
`%config` and `%target` are passed to the perl fragments, along with
|
||||
$sourcedir and $builddir, which are the locations of the source
|
||||
directory for the current `build.info` file and the corresponding build
|
||||
directory, all relative to the top of the build tree.
|
||||
|
||||
`Configure` only knows inherently about the top `build.info` file. For
|
||||
any other directory that has one, further directories to look into
|
||||
must be indicated like this:
|
||||
|
||||
SUBDIRS=something someelse
|
||||
|
||||
On to things to be built; they are declared by setting specific
|
||||
variables:
|
||||
|
||||
PROGRAMS=foo bar
|
||||
LIBS=libsomething
|
||||
MODULES=libeng
|
||||
SCRIPTS=myhack
|
||||
|
||||
Note that the files mentioned for PROGRAMS, LIBS and MODULES *must* be
|
||||
without extensions. The build file templates will figure them out.
|
||||
|
||||
For each thing to be built, it is then possible to say what sources
|
||||
they are built from:
|
||||
|
||||
PROGRAMS=foo bar
|
||||
SOURCE[foo]=foo.c common.c
|
||||
SOURCE[bar]=bar.c extra.c common.c
|
||||
|
||||
It's also possible to tell some other dependencies:
|
||||
|
||||
DEPEND[foo]=libsomething
|
||||
DEPEND[libbar]=libsomethingelse
|
||||
|
||||
(it could be argued that 'libsomething' and 'libsomethingelse' are
|
||||
source as well. However, the files given through SOURCE are expected
|
||||
to be located in the source tree while files given through DEPEND are
|
||||
expected to be located in the build tree)
|
||||
|
||||
It's also possible to depend on static libraries explicitly:
|
||||
|
||||
DEPEND[foo]=libsomething.a
|
||||
DEPEND[libbar]=libsomethingelse.a
|
||||
|
||||
This should be rarely used, and care should be taken to make sure it's
|
||||
only used when supported. For example, native Windows build doesn't
|
||||
support building static libraries and DLLs at the same time, so using
|
||||
static libraries on Windows can only be done when configured
|
||||
`no-shared`.
|
||||
|
||||
In some cases, it's desirable to include some source files in the
|
||||
shared form of a library only:
|
||||
|
||||
SHARED_SOURCE[libfoo]=dllmain.c
|
||||
|
||||
For any file to be built, it's also possible to tell what extra
|
||||
include paths the build of their source files should use:
|
||||
|
||||
INCLUDE[foo]=include
|
||||
|
||||
It's also possible to specify C macros that should be defined:
|
||||
|
||||
DEFINE[foo]=FOO BAR=1
|
||||
|
||||
In some cases, one might want to generate some source files from
|
||||
others, that's done as follows:
|
||||
|
||||
GENERATE[foo.s]=asm/something.pl $(CFLAGS)
|
||||
GENERATE[bar.s]=asm/bar.S
|
||||
|
||||
The value of each GENERATE line is a command line or part of it.
|
||||
Configure places no rules on the command line, except that the first
|
||||
item must be the generator file. It is, however, entirely up to the
|
||||
build file template to define exactly how those command lines should
|
||||
be handled, how the output is captured and so on.
|
||||
|
||||
Sometimes, the generator file itself depends on other files, for
|
||||
example if it is a perl script that depends on other perl modules.
|
||||
This can be expressed using DEPEND like this:
|
||||
|
||||
DEPEND[asm/something.pl]=../perlasm/Foo.pm
|
||||
|
||||
There may also be cases where the exact file isn't easily specified,
|
||||
but an inclusion directory still needs to be specified. INCLUDE can
|
||||
be used in that case:
|
||||
|
||||
INCLUDE[asm/something.pl]=../perlasm
|
||||
|
||||
NOTE: GENERATE lines are limited to one command only per GENERATE.
|
||||
|
||||
Finally, you can have some simple conditional use of the `build.info`
|
||||
information, looking like this:
|
||||
|
||||
IF[1]
|
||||
something
|
||||
ELSIF[2]
|
||||
something other
|
||||
ELSE
|
||||
something else
|
||||
ENDIF
|
||||
|
||||
The expression in square brackets is interpreted as a string in perl,
|
||||
and will be seen as true if perl thinks it is, otherwise false. For
|
||||
example, the above would have "something" used, since 1 is true.
|
||||
|
||||
Together with the use of Text::Template, this can be used as
|
||||
conditions based on something in the passed variables, for example:
|
||||
|
||||
IF[{- $disabled{shared} -}]
|
||||
LIBS=libcrypto
|
||||
SOURCE[libcrypto]=...
|
||||
ELSE
|
||||
LIBS=libfoo
|
||||
SOURCE[libfoo]=...
|
||||
ENDIF
|
||||
|
||||
Build-file programming with the "unified" build system
|
||||
======================================================
|
||||
|
||||
"Build files" are called `Makefile` on Unix-like operating systems,
|
||||
`descrip.mms` for MMS on VMS, `makefile` for `nmake` on Windows, etc.
|
||||
|
||||
To use the "unified" build system, the target configuration needs to
|
||||
set the three items `build_scheme`, `build_file` and `build_command`.
|
||||
In the rest of this section, we will assume that `build_scheme` is set
|
||||
to "unified" (see the configurations documentation above for the
|
||||
details).
|
||||
|
||||
For any name given by `build_file`, the "unified" system expects a
|
||||
template file in `Configurations/` named like the build file, with
|
||||
`.tmpl` appended, or in case of possible ambiguity, a combination of
|
||||
the second `build_scheme` list item and the `build_file` name. For
|
||||
example, if `build_file` is set to `Makefile`, the template could be
|
||||
`Configurations/Makefile.tmpl` or `Configurations/unix-Makefile.tmpl`.
|
||||
In case both `Configurations/unix-Makefile.tmpl` and
|
||||
`Configurations/Makefile.tmpl` are present, the former takes precedence.
|
||||
|
||||
The build-file template is processed with the perl module
|
||||
Text::Template, using `{-` and `-}` as delimiters that enclose the
|
||||
perl code fragments that generate configuration-dependent content.
|
||||
Those perl fragments have access to all the hash variables from
|
||||
configdata.pem.
|
||||
|
||||
The build-file template is expected to define at least the following
|
||||
perl functions in a perl code fragment enclosed with `{-` and `-}`.
|
||||
They are all expected to return a string with the lines they produce.
|
||||
|
||||
generatesrc - function that produces build file lines to generate
|
||||
a source file from some input.
|
||||
|
||||
It's called like this:
|
||||
|
||||
generatesrc(src => "PATH/TO/tobegenerated",
|
||||
generator => [ "generatingfile", ... ]
|
||||
generator_incs => [ "INCL/PATH", ... ]
|
||||
generator_deps => [ "dep1", ... ]
|
||||
generator => [ "generatingfile", ... ]
|
||||
incs => [ "INCL/PATH", ... ],
|
||||
deps => [ "dep1", ... ],
|
||||
intent => one of "libs", "dso", "bin" );
|
||||
|
||||
'src' has the name of the file to be generated.
|
||||
'generator' is the command or part of command to
|
||||
generate the file, of which the first item is
|
||||
expected to be the file to generate from.
|
||||
generatesrc() is expected to analyse and figure out
|
||||
exactly how to apply that file and how to capture
|
||||
the result. 'generator_incs' and 'generator_deps'
|
||||
are include directories and files that the generator
|
||||
file itself depends on. 'incs' and 'deps' are
|
||||
include directories and files that are used if $(CC)
|
||||
is used as an intermediary step when generating the
|
||||
end product (the file indicated by 'src'). 'intent'
|
||||
indicates what the generated file is going to be
|
||||
used for.
|
||||
|
||||
src2obj - function that produces build file lines to build an
|
||||
object file from source files and associated data.
|
||||
|
||||
It's called like this:
|
||||
|
||||
src2obj(obj => "PATH/TO/objectfile",
|
||||
srcs => [ "PATH/TO/sourcefile", ... ],
|
||||
deps => [ "dep1", ... ],
|
||||
incs => [ "INCL/PATH", ... ]
|
||||
intent => one of "lib", "dso", "bin" );
|
||||
|
||||
'obj' has the intended object file with '.o'
|
||||
extension, src2obj() is expected to change it to
|
||||
something more suitable for the platform.
|
||||
'srcs' has the list of source files to build the
|
||||
object file, with the first item being the source
|
||||
file that directly corresponds to the object file.
|
||||
'deps' is a list of explicit dependencies. 'incs'
|
||||
is a list of include file directories. Finally,
|
||||
'intent' indicates what this object file is going
|
||||
to be used for.
|
||||
|
||||
obj2lib - function that produces build file lines to build a
|
||||
static library file ("libfoo.a" in Unix terms) from
|
||||
object files.
|
||||
|
||||
called like this:
|
||||
|
||||
obj2lib(lib => "PATH/TO/libfile",
|
||||
objs => [ "PATH/TO/objectfile", ... ]);
|
||||
|
||||
'lib' has the intended library filename *without*
|
||||
extension, obj2lib is expected to add that. 'objs'
|
||||
has the list of object files to build this library.
|
||||
|
||||
libobj2shlib - backward compatibility function that's used the
|
||||
same way as obj2shlib (described next), and was
|
||||
expected to build the shared library from the
|
||||
corresponding static library when that was suitable.
|
||||
NOTE: building a shared library from a static
|
||||
library is now DEPRECATED, as they no longer share
|
||||
object files. Attempting to do this will fail.
|
||||
|
||||
obj2shlib - function that produces build file lines to build a
|
||||
shareable object library file ("libfoo.so" in Unix
|
||||
terms) from the corresponding object files.
|
||||
|
||||
called like this:
|
||||
|
||||
obj2shlib(shlib => "PATH/TO/shlibfile",
|
||||
lib => "PATH/TO/libfile",
|
||||
objs => [ "PATH/TO/objectfile", ... ],
|
||||
deps => [ "PATH/TO/otherlibfile", ... ]);
|
||||
|
||||
'lib' has the base (static) library filename
|
||||
*without* extension. This is useful in case
|
||||
supporting files are needed (such as import
|
||||
libraries on Windows).
|
||||
'shlib' has the corresponding shared library name
|
||||
*without* extension. 'deps' has the list of other
|
||||
libraries (also *without* extension) this library
|
||||
needs to be linked with. 'objs' has the list of
|
||||
object files to build this library.
|
||||
|
||||
obj2dso - function that produces build file lines to build a
|
||||
dynamic shared object file from object files.
|
||||
|
||||
called like this:
|
||||
|
||||
obj2dso(lib => "PATH/TO/libfile",
|
||||
objs => [ "PATH/TO/objectfile", ... ],
|
||||
deps => [ "PATH/TO/otherlibfile",
|
||||
... ]);
|
||||
|
||||
This is almost the same as obj2shlib, but the
|
||||
intent is to build a shareable library that can be
|
||||
loaded in runtime (a "plugin"...).
|
||||
|
||||
obj2bin - function that produces build file lines to build an
|
||||
executable file from object files.
|
||||
|
||||
called like this:
|
||||
|
||||
obj2bin(bin => "PATH/TO/binfile",
|
||||
objs => [ "PATH/TO/objectfile", ... ],
|
||||
deps => [ "PATH/TO/libfile", ... ]);
|
||||
|
||||
'bin' has the intended executable filename
|
||||
*without* extension, obj2bin is expected to add
|
||||
that. 'objs' has the list of object files to build
|
||||
this library. 'deps' has the list of library files
|
||||
(also *without* extension) that the programs needs
|
||||
to be linked with.
|
||||
|
||||
in2script - function that produces build file lines to build a
|
||||
script file from some input.
|
||||
|
||||
called like this:
|
||||
|
||||
in2script(script => "PATH/TO/scriptfile",
|
||||
sources => [ "PATH/TO/infile", ... ]);
|
||||
|
||||
'script' has the intended script filename.
|
||||
'sources' has the list of source files to build the
|
||||
resulting script from.
|
||||
|
||||
In all cases, file file paths are relative to the build tree top, and
|
||||
the build file actions run with the build tree top as current working
|
||||
directory.
|
||||
|
||||
Make sure to end the section with these functions with a string that
|
||||
you thing is appropriate for the resulting build file. If nothing
|
||||
else, end it like this:
|
||||
|
||||
""; # Make sure no lingering values end up in the Makefile
|
||||
-}
|
||||
|
||||
Configure helper scripts
|
||||
========================
|
||||
|
||||
Configure uses helper scripts in this directory:
|
||||
|
||||
Checker scripts
|
||||
---------------
|
||||
|
||||
These scripts are per platform family, to check the integrity of the
|
||||
tools used for configuration and building. The checker script used is
|
||||
either `{build_platform}-{build_file}-checker.pm` or
|
||||
`{build_platform}-checker.pm`, where `{build_platform}` is the second
|
||||
`build_scheme` list element from the configuration target data, and
|
||||
`{build_file}` is `build_file` from the same target data.
|
||||
|
||||
If the check succeeds, the script is expected to end with a non-zero
|
||||
expression. If the check fails, the script can end with a zero, or
|
||||
with a `die`.
|
||||
@@ -1,31 +0,0 @@
|
||||
{- # -*- Mode: perl -*-
|
||||
|
||||
# Commonly used list of generated files
|
||||
# The reason for the complexity is that the build.info files provide
|
||||
# GENERATE rules for *all* platforms without discrimination, while the
|
||||
# build files only want those for a particular build. Therefore, we
|
||||
# need to extrapolate exactly what we need to generate. The way to do
|
||||
# that is to extract all possible source files from diverse tables and
|
||||
# filter out all that are not generated
|
||||
my %generatables =
|
||||
map { $_ => 1 }
|
||||
( # The sources of stuff may be generated
|
||||
( map { @{$unified_info{sources}->{$_}} }
|
||||
keys %{$unified_info{sources}} ),
|
||||
$disabled{shared}
|
||||
? ()
|
||||
: ( map { @{$unified_info{shared_sources}->{$_}} }
|
||||
keys %{$unified_info{shared_sources}} ),
|
||||
# Things we explicitly depend on are usually generated
|
||||
( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} }
|
||||
keys %{$unified_info{depends}} ));
|
||||
our @generated =
|
||||
sort ( ( grep { defined $unified_info{generate}->{$_} }
|
||||
sort keys %generatables ),
|
||||
# Scripts are assumed to be generated, so add them too
|
||||
( grep { defined $unified_info{sources}->{$_} }
|
||||
@{$unified_info{scripts}} ) );
|
||||
|
||||
# Avoid strange output
|
||||
"";
|
||||
-}
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,556 +0,0 @@
|
||||
package gentemplate;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Carp;
|
||||
|
||||
use Exporter;
|
||||
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
|
||||
@ISA = qw(Exporter);
|
||||
@EXPORT = qw(gentemplate);
|
||||
|
||||
use File::Basename;
|
||||
|
||||
sub gentemplate {
|
||||
my %opts = @_;
|
||||
|
||||
my $generator = OpenSSL::GenTemplate->new(%opts);
|
||||
|
||||
# Build mandatory header file generators
|
||||
foreach (@{$generator->{info}->{depends}->{""}}) { $generator->dogenerate($_); }
|
||||
|
||||
# Build all known targets, libraries, modules, programs and scripts.
|
||||
# Everything else will be handled as a consequence.
|
||||
foreach (@{$generator->{info}->{targets}}) { $generator->dotarget($_); }
|
||||
foreach (@{$generator->{info}->{libraries}}) { $generator->dolib($_); }
|
||||
foreach (@{$generator->{info}->{modules}}) { $generator->domodule($_); }
|
||||
foreach (@{$generator->{info}->{programs}}) { $generator->dobin($_); }
|
||||
foreach (@{$generator->{info}->{scripts}}) { $generator->doscript($_); }
|
||||
foreach (sort keys %{$generator->{info}->{htmldocs}}) { $generator->dodocs('html', $_); }
|
||||
foreach (sort keys %{$generator->{info}->{mandocs}}) { $generator->dodocs('man', $_); }
|
||||
foreach (sort keys %{$generator->{info}->{dirinfo}}) { $generator->dodir($_); }
|
||||
}
|
||||
|
||||
package OpenSSL::GenTemplate;
|
||||
|
||||
use OpenSSL::Util;
|
||||
|
||||
sub new {
|
||||
my $class = shift;
|
||||
my %opts = @_;
|
||||
|
||||
my $data = {
|
||||
output => $opts{output},
|
||||
config => $opts{config} // {},
|
||||
disabled => $opts{disabled} // {},
|
||||
info => $opts{unified_info} // {},
|
||||
};
|
||||
|
||||
return bless $data, $class;
|
||||
};
|
||||
|
||||
sub emit {
|
||||
my $self = shift;
|
||||
my $name = shift;
|
||||
my %opts = @_;
|
||||
my $fh = $self->{output};
|
||||
|
||||
die "No name?" unless $name;
|
||||
print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}"
|
||||
unless defined $opts{attrs}->{skip};
|
||||
}
|
||||
|
||||
my $debug_resolvedepends = $ENV{BUILDFILE_DEBUG_DEPENDS};
|
||||
my $debug_rules = $ENV{BUILDFILE_DEBUG_RULES};
|
||||
|
||||
# A cache of objects for which a recipe has already been generated
|
||||
our %cache;
|
||||
|
||||
# collectdepends, expanddepends and reducedepends work together to make
|
||||
# sure there are no duplicate or weak dependencies and that they are in
|
||||
# the right order. This is used to sort the list of libraries that a
|
||||
# build depends on.
|
||||
sub extensionlesslib {
|
||||
my @result = map { $_ =~ /(\.a)?$/; $` } @_;
|
||||
return @result if wantarray;
|
||||
return $result[0];
|
||||
}
|
||||
|
||||
# collectdepends dives into the tree of dependencies and returns
|
||||
# a list of all the non-weak ones.
|
||||
sub collectdepends {
|
||||
my $self = shift;
|
||||
return () unless @_;
|
||||
|
||||
my $thing = shift;
|
||||
my $extensionlessthing = extensionlesslib($thing);
|
||||
my @listsofar = @_; # to check if we're looping
|
||||
my @list = @{ $self->{info}->{depends}->{$thing} //
|
||||
$self->{info}->{depends}->{$extensionlessthing}
|
||||
// [] };
|
||||
my @newlist = ();
|
||||
|
||||
print STDERR "DEBUG[collectdepends] $thing > ", join(' ', @listsofar), "\n"
|
||||
if $debug_resolvedepends;
|
||||
foreach my $item (@list) {
|
||||
my $extensionlessitem = extensionlesslib($item);
|
||||
# It's time to break off when the dependency list starts looping
|
||||
next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
|
||||
# Don't add anything here if the dependency is weak
|
||||
next if defined $self->{info}->{attributes}->{depends}->{$thing}->{$item}->{'weak'};
|
||||
my @resolved = $self->collectdepends($item, @listsofar, $item);
|
||||
push @newlist, $item, @resolved;
|
||||
}
|
||||
print STDERR "DEBUG[collectdepends] $thing < ", join(' ', @newlist), "\n"
|
||||
if $debug_resolvedepends;
|
||||
@newlist;
|
||||
}
|
||||
|
||||
# expanddepends goes through a list of stuff, checks if they have any
|
||||
# dependencies, and adds them at the end of the current position if
|
||||
# they aren't already present later on.
|
||||
sub expanddepends {
|
||||
my $self = shift;
|
||||
my @after = ( @_ );
|
||||
print STDERR "DEBUG[expanddepends]> ", join(' ', @after), "\n"
|
||||
if $debug_resolvedepends;
|
||||
my @before = ();
|
||||
while (@after) {
|
||||
my $item = shift @after;
|
||||
print STDERR "DEBUG[expanddepends]\\ ", join(' ', @before), "\n"
|
||||
if $debug_resolvedepends;
|
||||
print STDERR "DEBUG[expanddepends] - ", $item, "\n"
|
||||
if $debug_resolvedepends;
|
||||
my @middle = (
|
||||
$item,
|
||||
map {
|
||||
my $x = $_;
|
||||
my $extlessx = extensionlesslib($x);
|
||||
if (grep { $extlessx eq extensionlesslib($_) } @before
|
||||
and
|
||||
!grep { $extlessx eq extensionlesslib($_) } @after) {
|
||||
print STDERR "DEBUG[expanddepends] + ", $x, "\n"
|
||||
if $debug_resolvedepends;
|
||||
( $x )
|
||||
} else {
|
||||
print STDERR "DEBUG[expanddepends] ! ", $x, "\n"
|
||||
if $debug_resolvedepends;
|
||||
()
|
||||
}
|
||||
} @{$self->{info}->{depends}->{$item} // []}
|
||||
);
|
||||
print STDERR "DEBUG[expanddepends] = ", join(' ', @middle), "\n"
|
||||
if $debug_resolvedepends;
|
||||
print STDERR "DEBUG[expanddepends]/ ", join(' ', @after), "\n"
|
||||
if $debug_resolvedepends;
|
||||
push @before, @middle;
|
||||
}
|
||||
print STDERR "DEBUG[expanddepends]< ", join(' ', @before), "\n"
|
||||
if $debug_resolvedepends;
|
||||
@before;
|
||||
}
|
||||
|
||||
# reducedepends looks through a list, and checks if each item is
|
||||
# repeated later on. If it is, the earlier copy is dropped.
|
||||
sub reducedepends {
|
||||
my @list = @_;
|
||||
print STDERR "DEBUG[reducedepends]> ", join(' ', @list), "\n"
|
||||
if $debug_resolvedepends;
|
||||
my @newlist = ();
|
||||
my %replace = ();
|
||||
while (@list) {
|
||||
my $item = shift @list;
|
||||
my $extensionlessitem = extensionlesslib($item);
|
||||
if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
|
||||
if ($item ne $extensionlessitem) {
|
||||
# If this instance of the library is explicitly static, we
|
||||
# prefer that to any shared library name, since it must have
|
||||
# been done on purpose.
|
||||
$replace{$extensionlessitem} = $item;
|
||||
}
|
||||
} else {
|
||||
push @newlist, $item;
|
||||
}
|
||||
}
|
||||
@newlist = map { $replace{$_} // $_; } @newlist;
|
||||
print STDERR "DEBUG[reducedepends]< ", join(' ', @newlist), "\n"
|
||||
if $debug_resolvedepends;
|
||||
@newlist;
|
||||
}
|
||||
|
||||
# Do it all
|
||||
# This takes multiple inputs and combine them into a single list of
|
||||
# interdependent things. The returned value will include all the input.
|
||||
# Callers are responsible for taking away the things they are building.
|
||||
sub resolvedepends {
|
||||
my $self = shift;
|
||||
print STDERR "DEBUG[resolvedepends] START (", join(', ', @_), ")\n"
|
||||
if $debug_resolvedepends;
|
||||
my @all =
|
||||
reducedepends($self->expanddepends(map { ( $_, $self->collectdepends($_) ) } @_));
|
||||
print STDERR "DEBUG[resolvedepends] END (", join(', ', @_), ") : ",
|
||||
join(',', map { "\n $_" } @all), "\n"
|
||||
if $debug_resolvedepends;
|
||||
@all;
|
||||
}
|
||||
|
||||
# dogenerate is responsible for producing all the recipes that build
|
||||
# generated source files. It recurses in case a dependency is also a
|
||||
# generated source file.
|
||||
sub dogenerate {
|
||||
my $self = shift;
|
||||
my $src = shift;
|
||||
# Safety measure
|
||||
return "" unless defined $self->{info}->{generate}->{$src};
|
||||
return "" if $cache{$src};
|
||||
my $obj = shift;
|
||||
my $bin = shift;
|
||||
my %opts = @_;
|
||||
if ($self->{info}->{generate}->{$src}) {
|
||||
die "$src is generated by Configure, should not appear in build file\n"
|
||||
if ref $self->{info}->{generate}->{$src} eq "";
|
||||
my $script = $self->{info}->{generate}->{$src}->[0];
|
||||
my %attrs = %{$self->{info}->{attributes}->{generate}->{$src} // {}};
|
||||
$self->emit('generatesrc',
|
||||
src => $src,
|
||||
product => $bin,
|
||||
generator => $self->{info}->{generate}->{$src},
|
||||
generator_incs => $self->{info}->{includes}->{$script} // [],
|
||||
generator_deps => $self->{info}->{depends}->{$script} // [],
|
||||
deps => $self->{info}->{depends}->{$src} // [],
|
||||
incs => [ defined $obj ? @{$self->{info}->{includes}->{$obj} // []} : (),
|
||||
defined $bin ? @{$self->{info}->{includes}->{$bin} // []} : () ],
|
||||
defs => [ defined $obj ? @{$self->{info}->{defines}->{$obj} // []} : (),
|
||||
defined $bin ? @{$self->{info}->{defines}->{$bin} // []} : () ],
|
||||
attrs => { %attrs },
|
||||
%opts);
|
||||
foreach (@{$self->{info}->{depends}->{$src} // []}) {
|
||||
$self->dogenerate($_, $obj, $bin, %opts);
|
||||
}
|
||||
# The generator itself may be is generated
|
||||
if ($self->{info}->{generate}->{$script}) {
|
||||
$self->dogenerate($script, $obj, $bin, %opts);
|
||||
}
|
||||
}
|
||||
$cache{$src} = 1;
|
||||
}
|
||||
|
||||
sub dotarget {
|
||||
my $self = shift;
|
||||
my $target = shift;
|
||||
return "" if $cache{$target};
|
||||
$self->emit('generatetarget',
|
||||
target => $target,
|
||||
deps => $self->{info}->{depends}->{$target} // []);
|
||||
foreach (@{$self->{info}->{depends}->{$target} // []}) {
|
||||
$self->dogenerate($_);
|
||||
}
|
||||
$cache{$target} = 1;
|
||||
}
|
||||
|
||||
# doobj is responsible for producing all the recipes that build
|
||||
# object files as well as dependency files.
|
||||
sub doobj {
|
||||
my $self = shift;
|
||||
my $obj = shift;
|
||||
return "" if $cache{$obj};
|
||||
my $bin = shift;
|
||||
my %opts = @_;
|
||||
if (@{$self->{info}->{sources}->{$obj} // []}) {
|
||||
my @srcs = @{$self->{info}->{sources}->{$obj}};
|
||||
my @deps = @{$self->{info}->{depends}->{$obj} // []};
|
||||
my @incs = ( @{$self->{info}->{includes}->{$obj} // []},
|
||||
@{$self->{info}->{includes}->{$bin} // []} );
|
||||
my @defs = ( @{$self->{info}->{defines}->{$obj} // []},
|
||||
@{$self->{info}->{defines}->{$bin} // []} );
|
||||
print STDERR "DEBUG[doobj] \@srcs for $obj ($bin) : ",
|
||||
join(",", map { "\n $_" } @srcs), "\n"
|
||||
if $debug_rules;
|
||||
print STDERR "DEBUG[doobj] \@deps for $obj ($bin) : ",
|
||||
join(",", map { "\n $_" } @deps), "\n"
|
||||
if $debug_rules;
|
||||
print STDERR "DEBUG[doobj] \@incs for $obj ($bin) : ",
|
||||
join(",", map { "\n $_" } @incs), "\n"
|
||||
if $debug_rules;
|
||||
print STDERR "DEBUG[doobj] \@defs for $obj ($bin) : ",
|
||||
join(",", map { "\n $_" } @defs), "\n"
|
||||
if $debug_rules;
|
||||
print STDERR "DEBUG[doobj] \%opts for $obj ($bin) : ", ,
|
||||
join(",", map { "\n $_ = $opts{$_}" } sort keys %opts), "\n"
|
||||
if $debug_rules;
|
||||
$self->emit('src2obj',
|
||||
obj => $obj, product => $bin,
|
||||
srcs => [ @srcs ], deps => [ @deps ],
|
||||
incs => [ @incs ], defs => [ @defs ],
|
||||
%opts);
|
||||
foreach ((@{$self->{info}->{sources}->{$obj}},
|
||||
@{$self->{info}->{depends}->{$obj} // []})) {
|
||||
$self->dogenerate($_, $obj, $bin, %opts);
|
||||
}
|
||||
}
|
||||
$cache{$obj} = 1;
|
||||
}
|
||||
|
||||
# Helper functions to grab all applicable intermediary files.
|
||||
# This is particularly useful when a library is given as source
|
||||
# rather than a dependency. In that case, we consider it to be a
|
||||
# container with object file references, or possibly references
|
||||
# to further libraries to pilfer in the same way.
|
||||
sub getsrclibs {
|
||||
my $self = shift;
|
||||
my $section = shift;
|
||||
|
||||
# For all input, see if it sources static libraries. If it does,
|
||||
# return them together with the result of a recursive call.
|
||||
map { ( $_, getsrclibs($section, $_) ) }
|
||||
grep { $_ =~ m|\.a$| }
|
||||
map { @{$self->{info}->{$section}->{$_} // []} }
|
||||
@_;
|
||||
}
|
||||
|
||||
sub getlibobjs {
|
||||
my $self = shift;
|
||||
my $section = shift;
|
||||
|
||||
# For all input, see if it's an intermediary file (library or object).
|
||||
# If it is, collect the result of a recursive call, or if that returns
|
||||
# an empty list, the element itself. Return the result.
|
||||
map {
|
||||
my @x = $self->getlibobjs($section, @{$self->{info}->{$section}->{$_}});
|
||||
@x ? @x : ( $_ );
|
||||
}
|
||||
grep { defined $self->{info}->{$section}->{$_} }
|
||||
@_;
|
||||
}
|
||||
|
||||
# dolib is responsible for building libraries. It will call
|
||||
# obj2shlib if shared libraries are produced, and obj2lib in all
|
||||
# cases. It also makes sure all object files for the library are
|
||||
# built.
|
||||
sub dolib {
|
||||
my $self = shift;
|
||||
my $lib = shift;
|
||||
return "" if $cache{$lib};
|
||||
|
||||
my %attrs = %{$self->{info}->{attributes}->{libraries}->{$lib} // {}};
|
||||
|
||||
my @deps = ( $self->resolvedepends(getsrclibs('sources', $lib)) );
|
||||
|
||||
# We support two types of objs, those who are specific to this library
|
||||
# (they end up in @objs) and those that we get indirectly, via other
|
||||
# libraries (they end up in @foreign_objs). We get the latter any time
|
||||
# someone has done something like this in build.info:
|
||||
# SOURCE[libfoo.a]=libbar.a
|
||||
# The indirect object files must be kept in a separate array so they
|
||||
# don't get rebuilt unnecessarily (and with incorrect auxiliary
|
||||
# information).
|
||||
#
|
||||
# Object files can't be collected commonly for shared and static
|
||||
# libraries, because we contain their respective object files in
|
||||
# {shared_sources} and {sources}, and because the implications are
|
||||
# slightly different for each library form.
|
||||
#
|
||||
# We grab all these "foreign" object files recursively with getlibobjs().
|
||||
|
||||
unless ($self->{disabled}->{shared} || $lib =~ /\.a$/) {
|
||||
# If this library sources other static libraries and those
|
||||
# libraries are marked {noinst}, there's no need to include
|
||||
# all of their object files. Instead, we treat those static
|
||||
# libraries as dependents alongside any other library this
|
||||
# one depends on, and let symbol resolution do its job.
|
||||
my @sourced_libs = ();
|
||||
my @objs = ();
|
||||
my @foreign_objs = ();
|
||||
my @deps = ();
|
||||
foreach (@{$self->{info}->{shared_sources}->{$lib} // []}) {
|
||||
if ($_ !~ m|\.a$|) {
|
||||
push @objs, $_;
|
||||
} elsif ($self->{info}->{attributes}->{libraries}->{$_}->{noinst}) {
|
||||
push @deps, $_;
|
||||
} else {
|
||||
push @deps, $self->getsrclibs('sources', $_);
|
||||
push @foreign_objs, $self->getlibobjs('sources', $_);
|
||||
}
|
||||
}
|
||||
@deps = ( grep { $_ ne $lib } $self->resolvedepends($lib, @deps) );
|
||||
print STDERR "DEBUG[dolib:shlib] \%attrs for $lib : ", ,
|
||||
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
|
||||
if %attrs && $debug_rules;
|
||||
print STDERR "DEBUG[dolib:shlib] \@deps for $lib : ",
|
||||
join(",", map { "\n $_" } @deps), "\n"
|
||||
if @deps && $debug_rules;
|
||||
print STDERR "DEBUG[dolib:shlib] \@objs for $lib : ",
|
||||
join(",", map { "\n $_" } @objs), "\n"
|
||||
if @objs && $debug_rules;
|
||||
print STDERR "DEBUG[dolib:shlib] \@foreign_objs for $lib : ",
|
||||
join(",", map { "\n $_" } @foreign_objs), "\n"
|
||||
if @foreign_objs && $debug_rules;
|
||||
$self->emit('obj2shlib',
|
||||
lib => $lib,
|
||||
attrs => { %attrs },
|
||||
objs => [ @objs, @foreign_objs ],
|
||||
deps => [ @deps ]);
|
||||
foreach (@objs) {
|
||||
# If this is somehow a compiled object, take care of it that way
|
||||
# Otherwise, it might simply be generated
|
||||
if (defined $self->{info}->{sources}->{$_}) {
|
||||
if($_ =~ /\.a$/) {
|
||||
$self->dolib($_);
|
||||
} else {
|
||||
$self->doobj($_, $lib, intent => "shlib", attrs => { %attrs });
|
||||
}
|
||||
} else {
|
||||
$self->dogenerate($_, undef, undef, intent => "lib");
|
||||
}
|
||||
}
|
||||
}
|
||||
{
|
||||
# When putting static libraries together, we cannot rely on any
|
||||
# symbol resolution, so for all static libraries used as source for
|
||||
# this one, as well as other libraries they depend on, we simply
|
||||
# grab all their object files unconditionally,
|
||||
# Symbol resolution will happen when any program, module or shared
|
||||
# library is linked with this one.
|
||||
my @objs = ();
|
||||
my @sourcedeps = ();
|
||||
my @foreign_objs = ();
|
||||
foreach (@{$self->{info}->{sources}->{$lib}}) {
|
||||
if ($_ !~ m|\.a$|) {
|
||||
push @objs, $_;
|
||||
} else {
|
||||
push @sourcedeps, $_;
|
||||
}
|
||||
}
|
||||
@sourcedeps = ( grep { $_ ne $lib } $self->resolvedepends(@sourcedeps) );
|
||||
print STDERR "DEBUG[dolib:lib] : \@sourcedeps for $_ : ",
|
||||
join(",", map { "\n $_" } @sourcedeps), "\n"
|
||||
if @sourcedeps && $debug_rules;
|
||||
@foreign_objs = $self->getlibobjs('sources', @sourcedeps);
|
||||
print STDERR "DEBUG[dolib:lib] \%attrs for $lib : ", ,
|
||||
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
|
||||
if %attrs && $debug_rules;
|
||||
print STDERR "DEBUG[dolib:lib] \@objs for $lib : ",
|
||||
join(",", map { "\n $_" } @objs), "\n"
|
||||
if @objs && $debug_rules;
|
||||
print STDERR "DEBUG[dolib:lib] \@foreign_objs for $lib : ",
|
||||
join(",", map { "\n $_" } @foreign_objs), "\n"
|
||||
if @foreign_objs && $debug_rules;
|
||||
$self->emit('obj2lib',
|
||||
lib => $lib, attrs => { %attrs },
|
||||
objs => [ @objs, @foreign_objs ]);
|
||||
foreach (@objs) {
|
||||
$self->doobj($_, $lib, intent => "lib", attrs => { %attrs });
|
||||
}
|
||||
}
|
||||
$cache{$lib} = 1;
|
||||
}
|
||||
|
||||
# domodule is responsible for building modules. It will call
|
||||
# obj2dso, and also makes sure all object files for the library
|
||||
# are built.
|
||||
sub domodule {
|
||||
my $self = shift;
|
||||
my $module = shift;
|
||||
return "" if $cache{$module};
|
||||
my %attrs = %{$self->{info}->{attributes}->{modules}->{$module} // {}};
|
||||
my @objs = @{$self->{info}->{sources}->{$module}};
|
||||
my @deps = ( grep { $_ ne $module }
|
||||
$self->resolvedepends($module) );
|
||||
print STDERR "DEBUG[domodule] \%attrs for $module :",
|
||||
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
|
||||
if $debug_rules;
|
||||
print STDERR "DEBUG[domodule] \@objs for $module : ",
|
||||
join(",", map { "\n $_" } @objs), "\n"
|
||||
if $debug_rules;
|
||||
print STDERR "DEBUG[domodule] \@deps for $module : ",
|
||||
join(",", map { "\n $_" } @deps), "\n"
|
||||
if $debug_rules;
|
||||
$self->emit('obj2dso',
|
||||
module => $module,
|
||||
attrs => { %attrs },
|
||||
objs => [ @objs ],
|
||||
deps => [ @deps ]);
|
||||
foreach (@{$self->{info}->{sources}->{$module}}) {
|
||||
# If this is somehow a compiled object, take care of it that way
|
||||
# Otherwise, it might simply be generated
|
||||
if (defined $self->{info}->{sources}->{$_}) {
|
||||
$self->doobj($_, $module, intent => "dso", attrs => { %attrs });
|
||||
} else {
|
||||
$self->dogenerate($_, undef, $module, intent => "dso");
|
||||
}
|
||||
}
|
||||
$cache{$module} = 1;
|
||||
}
|
||||
|
||||
# dobin is responsible for building programs. It will call obj2bin,
|
||||
# and also makes sure all object files for the library are built.
|
||||
sub dobin {
|
||||
my $self = shift;
|
||||
my $bin = shift;
|
||||
return "" if $cache{$bin};
|
||||
my %attrs = %{$self->{info}->{attributes}->{programs}->{$bin} // {}};
|
||||
my @objs = @{$self->{info}->{sources}->{$bin}};
|
||||
my @deps = ( grep { $_ ne $bin } $self->resolvedepends($bin) );
|
||||
print STDERR "DEBUG[dobin] \%attrs for $bin : ",
|
||||
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
|
||||
if %attrs && $debug_rules;
|
||||
print STDERR "DEBUG[dobin] \@objs for $bin : ",
|
||||
join(",", map { "\n $_" } @objs), "\n"
|
||||
if @objs && $debug_rules;
|
||||
print STDERR "DEBUG[dobin] \@deps for $bin : ",
|
||||
join(",", map { "\n $_" } @deps), "\n"
|
||||
if @deps && $debug_rules;
|
||||
$self->emit('obj2bin',
|
||||
bin => $bin,
|
||||
attrs => { %attrs },
|
||||
objs => [ @objs ],
|
||||
deps => [ @deps ]);
|
||||
foreach (@objs) {
|
||||
$self->doobj($_, $bin, intent => "bin", attrs => { %attrs });
|
||||
}
|
||||
$cache{$bin} = 1;
|
||||
}
|
||||
|
||||
# doscript is responsible for building scripts from templates. It will
|
||||
# call in2script.
|
||||
sub doscript {
|
||||
my $self = shift;
|
||||
my $script = shift;
|
||||
return "" if $cache{$script};
|
||||
$self->emit('in2script',
|
||||
script => $script,
|
||||
attrs => $self->{info}->{attributes}->{scripts}->{$script} // {},
|
||||
sources => $self->{info}->{sources}->{$script});
|
||||
$cache{$script} = 1;
|
||||
}
|
||||
|
||||
sub dodir {
|
||||
my $self = shift;
|
||||
my $dir = shift;
|
||||
return "" if !exists(&generatedir) or $cache{$dir};
|
||||
$self->emit('generatedir',
|
||||
dir => $dir,
|
||||
deps => $self->{info}->{dirinfo}->{$dir}->{deps} // [],
|
||||
%{$self->{info}->{dirinfo}->{$_}->{products}});
|
||||
$cache{$dir} = 1;
|
||||
}
|
||||
|
||||
# dodocs is responsible for building documentation from .pods.
|
||||
# It will call generatesrc.
|
||||
sub dodocs {
|
||||
my $self = shift;
|
||||
my $type = shift;
|
||||
my $section = shift;
|
||||
foreach my $doc (@{$self->{info}->{"${type}docs"}->{$section}}) {
|
||||
next if $cache{$doc};
|
||||
$self->emit('generatesrc',
|
||||
src => $doc,
|
||||
generator => $self->{info}->{generate}->{$doc});
|
||||
foreach ((@{$self->{info}->{depends}->{$doc} // []})) {
|
||||
$self->dogenerate($_, undef, undef);
|
||||
}
|
||||
$cache{$doc} = 1;
|
||||
}
|
||||
}
|
||||
|
||||
1;
|
||||
@@ -1,18 +0,0 @@
|
||||
package platform;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use vars qw(@ISA);
|
||||
|
||||
# Callers must make sure @INC has the build directory
|
||||
use configdata;
|
||||
|
||||
my $module = $target{perl_platform} || 'Unix';
|
||||
(my $module_path = $module) =~ s|::|/|g;
|
||||
|
||||
require "platform/$module_path.pm";
|
||||
@ISA = ("platform::$module");
|
||||
|
||||
1;
|
||||
|
||||
__END__
|
||||
@@ -1,47 +0,0 @@
|
||||
package platform::AIX;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Carp;
|
||||
|
||||
use vars qw(@ISA);
|
||||
|
||||
require platform::Unix;
|
||||
@ISA = qw(platform::Unix);
|
||||
|
||||
# Assume someone set @INC right before loading this module
|
||||
use configdata;
|
||||
|
||||
sub dsoext { '.so' }
|
||||
sub shlibextsimple { return '.so' if $target{shared_target} eq "aix-solib";
|
||||
'.a'}
|
||||
|
||||
# In shared mode, the default static library names clashes with the final
|
||||
# "simple" full shared library name, so we add '_a' to the basename of the
|
||||
# static libraries in that case, unless in solib mode (using only .so
|
||||
# files for shared libraries, and not packaging them inside archives)
|
||||
sub staticname {
|
||||
return platform::Unix->staticname($_[1]) if $target{shared_target} eq "aix-solib";
|
||||
|
||||
# Non-installed libraries are *always* static, and their names remain
|
||||
# the same, except for the mandatory extension
|
||||
my $in_libname = platform::BASE->staticname($_[1]);
|
||||
return $in_libname
|
||||
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
|
||||
|
||||
return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a');
|
||||
}
|
||||
|
||||
# In solib mode, we do not install the simple symlink (we install the import
|
||||
# library). In regular mode, we install the symlink.
|
||||
sub sharedlib_simple {
|
||||
return undef if $target{shared_target} eq "aix-solib";
|
||||
return platform::Unix->sharedlib_simple($_[1], $_[0]->shlibextsimple());
|
||||
}
|
||||
|
||||
# In solib mode, we install the import library. In regular mode, we have
|
||||
# no import library.
|
||||
sub sharedlib_import {
|
||||
return platform::Unix->sharedlib_simple($_[1]) if $target{shared_target} eq "aix-solib";
|
||||
return undef;
|
||||
}
|
||||
@@ -1,99 +0,0 @@
|
||||
package platform::BASE;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Carp;
|
||||
|
||||
# Assume someone set @INC right before loading this module
|
||||
use configdata;
|
||||
|
||||
# Globally defined "platform specific" extensions, available for uniformity
|
||||
sub depext { '.d' }
|
||||
|
||||
# Functions to convert internal file representations to platform specific
|
||||
# ones. Note that these all depend on extension functions that MUST be
|
||||
# defined per platform.
|
||||
#
|
||||
# Currently known internal or semi-internal extensions are:
|
||||
#
|
||||
# .a For libraries that are made static only.
|
||||
# Internal libraries only.
|
||||
# .o For object files.
|
||||
# .s, .S Assembler files. This is an actual extension on Unix
|
||||
# .res Resource file. This is an actual extension on Windows
|
||||
|
||||
sub binname { return $_[1] } # Name of executable binary
|
||||
sub dsoname { return $_[1] } # Name of dynamic shared object (DSO)
|
||||
sub sharedname { return __isshared($_[1]) ? $_[1] : undef } # Name of shared lib
|
||||
sub staticname { return __base($_[1], '.a') } # Name of static lib
|
||||
|
||||
# Convenience function to convert the shlib version to an acceptable part
|
||||
# of a file or directory name. By default, we consider it acceptable as is.
|
||||
sub shlib_version_as_filename { return $config{shlib_version} }
|
||||
|
||||
# Convenience functions to convert the possible extension of an input file name
|
||||
sub bin { return $_[0]->binname($_[1]) . $_[0]->binext() }
|
||||
sub dso { return $_[0]->dsoname($_[1]) . $_[0]->dsoext() }
|
||||
sub sharedlib { return __concat($_[0]->sharedname($_[1]), $_[0]->shlibext()) }
|
||||
sub staticlib { return $_[0]->staticname($_[1]) . $_[0]->libext() }
|
||||
|
||||
# More convenience functions for intermediary files
|
||||
sub def { return __base($_[1], '.ld') . $_[0]->defext() }
|
||||
sub obj { return __base($_[1], '.o') . $_[0]->objext() }
|
||||
sub res { return __base($_[1], '.res') . $_[0]->resext() }
|
||||
sub dep { return __base($_[1], '.o') . $_[0]->depext() } # <- objname
|
||||
sub asm { return __base($_[1], '.s') . $_[0]->asmext() }
|
||||
|
||||
# Another set of convenience functions for standard checks of certain
|
||||
# internal extensions and conversion from internal to platform specific
|
||||
# extension. Note that the latter doesn't deal with libraries because
|
||||
# of ambivalence
|
||||
sub isdef { return $_[1] =~ m|\.ld$|; }
|
||||
sub isobj { return $_[1] =~ m|\.o$|; }
|
||||
sub isres { return $_[1] =~ m|\.res$|; }
|
||||
sub isasm { return $_[1] =~ m|\.s$|; }
|
||||
sub iscppasm { return $_[1] =~ m|\.S$|; }
|
||||
sub isstaticlib { return $_[1] =~ m|\.a$|; }
|
||||
sub convertext {
|
||||
if ($_[0]->isdef($_[1])) { return $_[0]->def($_[1]); }
|
||||
if ($_[0]->isobj($_[1])) { return $_[0]->obj($_[1]); }
|
||||
if ($_[0]->isres($_[1])) { return $_[0]->res($_[1]); }
|
||||
if ($_[0]->isasm($_[1])) { return $_[0]->asm($_[1]); }
|
||||
if ($_[0]->isstaticlib($_[1])) { return $_[0]->staticlib($_[1]); }
|
||||
return $_[1];
|
||||
}
|
||||
|
||||
# Helpers ############################################################
|
||||
|
||||
# __base EXPR, LIST
|
||||
# This returns the given path (EXPR) with the matching suffix from LIST stripped
|
||||
sub __base {
|
||||
my $path = shift;
|
||||
foreach (@_) {
|
||||
if ($path =~ m|\Q${_}\E$|) {
|
||||
return $`;
|
||||
}
|
||||
}
|
||||
return $path;
|
||||
}
|
||||
|
||||
# __isshared EXPR
|
||||
# EXPR is supposed to be a library name. This will return true if that library
|
||||
# can be assumed to be a shared library, otherwise false
|
||||
sub __isshared {
|
||||
return !($disabled{shared} || $_[0] =~ /\.a$/);
|
||||
}
|
||||
|
||||
# __concat LIST
|
||||
# Returns the concatenation of all elements of LIST if none of them is
|
||||
# undefined. If one of them is undefined, returns undef instead.
|
||||
sub __concat {
|
||||
my $result = '';
|
||||
foreach (@_) {
|
||||
return undef unless defined $_;
|
||||
$result .= $_;
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
1;
|
||||
@@ -1,22 +0,0 @@
|
||||
package platform::Cygwin;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Carp;
|
||||
|
||||
use vars qw(@ISA);
|
||||
|
||||
require platform::mingw;
|
||||
@ISA = qw(platform::mingw);
|
||||
|
||||
# Assume someone set @INC right before loading this module
|
||||
use configdata;
|
||||
|
||||
sub sharedname {
|
||||
my $class = shift;
|
||||
my $lib = platform::mingw->sharedname(@_);
|
||||
$lib =~ s|^lib|cyg| if defined $lib;
|
||||
return $lib;
|
||||
}
|
||||
|
||||
1;
|
||||
@@ -1,89 +0,0 @@
|
||||
package platform::Unix;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Carp;
|
||||
|
||||
use vars qw(@ISA);
|
||||
|
||||
require platform::BASE;
|
||||
@ISA = qw(platform::BASE);
|
||||
|
||||
# Assume someone set @INC right before loading this module
|
||||
use configdata;
|
||||
|
||||
sub binext { $target{exe_extension} || '' }
|
||||
sub dsoext { $target{dso_extension} || platform->shlibextsimple()
|
||||
|| '.so' }
|
||||
# Because these are also used in scripts and not just Makefile, we must
|
||||
# convert $(SHLIB_VERSION_NUMBER) to the actual number.
|
||||
sub shlibext { (my $x = $target{shared_extension}
|
||||
|| '.so.$(SHLIB_VERSION_NUMBER)')
|
||||
=~ s|\.\$\(SHLIB_VERSION_NUMBER\)
|
||||
|.$config{shlib_version}|x;
|
||||
$x; }
|
||||
sub libext { $target{lib_extension} || '.a' }
|
||||
sub defext { $target{def_extension} || '.ld' }
|
||||
sub objext { $target{obj_extension} || '.o' }
|
||||
sub depext { $target{obj_extension} || '.d' }
|
||||
|
||||
# Other extra that aren't defined in platform::BASE
|
||||
sub shlibextsimple { (my $x = $target{shared_extension} || '.so')
|
||||
=~ s|\.\$\(SHLIB_VERSION_NUMBER\)||;
|
||||
$x; }
|
||||
sub shlibvariant { $target{shlib_variant} || "" }
|
||||
sub makedepcmd { $disabled{makedepend} ? undef : $config{makedepcmd} }
|
||||
|
||||
# No conversion of assembler extension on Unix
|
||||
sub asm {
|
||||
return $_[1];
|
||||
}
|
||||
|
||||
# At some point, we might decide that static libraries are called something
|
||||
# other than the default...
|
||||
sub staticname {
|
||||
# Non-installed libraries are *always* static, and their names remain
|
||||
# the same, except for the mandatory extension
|
||||
my $in_libname = platform::BASE->staticname($_[1]);
|
||||
return $in_libname
|
||||
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
|
||||
|
||||
# We currently return the same name anyway... but we might choose to
|
||||
# append '_static' or '_a' some time in the future.
|
||||
return platform::BASE->staticname($_[1]);
|
||||
}
|
||||
|
||||
sub sharedname {
|
||||
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
|
||||
($_[0]->shlibvariant() // ''));
|
||||
}
|
||||
|
||||
sub sharedname_simple {
|
||||
return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
|
||||
}
|
||||
|
||||
sub sharedlib_simple {
|
||||
# This function returns the simplified shared library name (no version
|
||||
# or variant in the shared library file name) if the simple variants of
|
||||
# the base name or the suffix differ from the full variants of the same.
|
||||
|
||||
# Note: if $_[1] isn't a shared library name, then $_[0]->sharedname()
|
||||
# and $_[0]->sharedname_simple() will return undef. This needs being
|
||||
# accounted for.
|
||||
my $name = $_[0]->sharedname($_[1]);
|
||||
my $simplename = $_[0]->sharedname_simple($_[1]);
|
||||
my $ext = $_[0]->shlibext();
|
||||
# Allow override of the extension passed in as parameter
|
||||
my $simpleext = $_[2];
|
||||
$simpleext = $_[0]->shlibextsimple() unless defined $simpleext;
|
||||
|
||||
return undef unless defined $simplename && defined $name;
|
||||
return undef if ($name eq $simplename && $ext eq $simpleext);
|
||||
return platform::BASE::__concat($simplename, $simpleext);
|
||||
}
|
||||
|
||||
sub sharedlib_import {
|
||||
return undef;
|
||||
}
|
||||
|
||||
1;
|
||||
@@ -1,65 +0,0 @@
|
||||
package platform::VMS;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Carp;
|
||||
|
||||
use vars qw(@ISA);
|
||||
|
||||
require platform::BASE;
|
||||
@ISA = qw(platform::BASE);
|
||||
|
||||
# Assume someone set @INC right before loading this module
|
||||
use configdata;
|
||||
|
||||
# VMS has a cultural standard where all installed libraries are prefixed.
|
||||
# For OpenSSL, the choice is 'ossl$' (this prefix was claimed in a
|
||||
# conversation with VSI, Tuesday January 26 2016)
|
||||
sub osslprefix { 'OSSL$' }
|
||||
|
||||
sub binext { '.EXE' }
|
||||
sub dsoext { '.EXE' }
|
||||
sub shlibext { '.EXE' }
|
||||
sub libext { '.OLB' }
|
||||
sub defext { '.OPT' }
|
||||
sub objext { '.OBJ' }
|
||||
sub depext { '.D' }
|
||||
sub asmext { '.ASM' }
|
||||
|
||||
# Other extra that aren't defined in platform::BASE
|
||||
sub shlibvariant { $target{shlib_variant} || '' }
|
||||
|
||||
sub optext { '.OPT' }
|
||||
sub optname { return $_[1] }
|
||||
sub opt { return $_[0]->optname($_[1]) . $_[0]->optext() }
|
||||
|
||||
# Other projects include the pointer size in the name of installed libraries,
|
||||
# so we do too.
|
||||
sub staticname {
|
||||
# Non-installed libraries are *always* static, and their names remain
|
||||
# the same, except for the mandatory extension
|
||||
my $in_libname = platform::BASE->staticname($_[1]);
|
||||
return $in_libname
|
||||
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
|
||||
|
||||
return platform::BASE::__concat($_[0]->osslprefix(),
|
||||
platform::BASE->staticname($_[1]),
|
||||
$target{pointer_size});
|
||||
}
|
||||
|
||||
# To enable installation of multiple major OpenSSL releases, we include the
|
||||
# version number in installed shared library names.
|
||||
my $sover_filename =
|
||||
join('', map { sprintf "%02d", $_ } split(m|\.|, $config{shlib_version}));
|
||||
sub shlib_version_as_filename {
|
||||
return $sover_filename;
|
||||
}
|
||||
sub sharedname {
|
||||
return platform::BASE::__concat($_[0]->osslprefix(),
|
||||
platform::BASE->sharedname($_[1]),
|
||||
$_[0]->shlib_version_as_filename(),
|
||||
($_[0]->shlibvariant() // ''),
|
||||
"_shr$target{pointer_size}");
|
||||
}
|
||||
|
||||
1;
|
||||
@@ -1,64 +0,0 @@
|
||||
package platform::Windows;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Carp;
|
||||
|
||||
use vars qw(@ISA);
|
||||
|
||||
require platform::BASE;
|
||||
@ISA = qw(platform::BASE);
|
||||
|
||||
# Assume someone set @INC right before loading this module
|
||||
use configdata;
|
||||
|
||||
sub binext { '.exe' }
|
||||
sub dsoext { '.dll' }
|
||||
sub shlibext { '.dll' }
|
||||
sub libext { '.lib' }
|
||||
sub defext { '.def' }
|
||||
sub objext { '.obj' }
|
||||
sub depext { '.d' }
|
||||
sub asmext { '.asm' }
|
||||
|
||||
# Other extra that aren't defined in platform::BASE
|
||||
sub resext { '.res' }
|
||||
sub shlibextimport { '.lib' }
|
||||
sub shlibvariant { $target{shlib_variant} || '' }
|
||||
|
||||
sub staticname {
|
||||
# Non-installed libraries are *always* static, and their names remain
|
||||
# the same, except for the mandatory extension
|
||||
my $in_libname = platform::BASE->staticname($_[1]);
|
||||
return $in_libname
|
||||
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
|
||||
|
||||
# To make sure not to clash with an import library, we make the static
|
||||
# variant of our installed libraries get '_static' added to their names.
|
||||
return platform::BASE->staticname($_[1])
|
||||
. ($disabled{shared} ? '' : '_static');
|
||||
}
|
||||
|
||||
# To mark forward compatibility, we include the OpenSSL major release version
|
||||
# number in the installed shared library names.
|
||||
(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
|
||||
sub shlib_version_as_filename {
|
||||
return $sover_filename
|
||||
}
|
||||
sub sharedname {
|
||||
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
|
||||
"-",
|
||||
$_[0]->shlib_version_as_filename(),
|
||||
($_[0]->shlibvariant() // ''));
|
||||
}
|
||||
|
||||
sub sharedname_import {
|
||||
return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
|
||||
}
|
||||
|
||||
sub sharedlib_import {
|
||||
return platform::BASE::__concat($_[0]->sharedname_import($_[1]),
|
||||
$_[0]->shlibextimport());
|
||||
}
|
||||
|
||||
1;
|
||||
@@ -1,44 +0,0 @@
|
||||
package platform::Windows::MSVC;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Carp;
|
||||
|
||||
use vars qw(@ISA);
|
||||
|
||||
require platform::Windows;
|
||||
@ISA = qw(platform::Windows);
|
||||
|
||||
# Assume someone set @INC right before loading this module
|
||||
use configdata;
|
||||
|
||||
sub pdbext { '.pdb' }
|
||||
|
||||
# It's possible that this variant of |sharedname| should be in Windows.pm.
|
||||
# However, this variant was VC only in 1.1.1, so we maintain that here until
|
||||
# further notice.
|
||||
sub sharedname {
|
||||
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
|
||||
"-",
|
||||
$_[0]->shlib_version_as_filename(),
|
||||
($target{multilib} // '' ),
|
||||
($_[0]->shlibvariant() // ''));
|
||||
}
|
||||
|
||||
sub staticlibpdb {
|
||||
return platform::BASE::__concat($_[0]->staticname($_[1]), $_[0]->pdbext());
|
||||
}
|
||||
|
||||
sub sharedlibpdb {
|
||||
return platform::BASE::__concat($_[0]->sharedname($_[1]), $_[0]->pdbext());
|
||||
}
|
||||
|
||||
sub dsopdb {
|
||||
return platform::BASE::__concat($_[0]->dsoname($_[1]), $_[0]->pdbext());
|
||||
}
|
||||
|
||||
sub binpdb {
|
||||
return platform::BASE::__concat($_[0]->binname($_[1]), $_[0]->pdbext());
|
||||
}
|
||||
|
||||
1;
|
||||
@@ -1,16 +0,0 @@
|
||||
package platform::Windows::cppbuilder;
|
||||
|
||||
use vars qw(@ISA);
|
||||
|
||||
require platform::Windows::MSVC;
|
||||
@ISA = qw(platform::Windows::MSVC);
|
||||
|
||||
sub pdbext { '.tds' }
|
||||
|
||||
# C++Builder's Clang-based compilers prepend an underscore to __cdecl-convention
|
||||
# C functions, and the linker needs those as the InternalName in the .def file.
|
||||
sub export2internal {
|
||||
return "_$_[1]";
|
||||
}
|
||||
|
||||
1;
|
||||
@@ -1,51 +0,0 @@
|
||||
package platform::mingw;
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
use Carp;
|
||||
|
||||
use vars qw(@ISA);
|
||||
|
||||
require platform::Unix;
|
||||
@ISA = qw(platform::Unix);
|
||||
|
||||
# Assume someone set @INC right before loading this module
|
||||
use configdata;
|
||||
|
||||
sub binext { '.exe' }
|
||||
sub objext { '.obj' }
|
||||
sub libext { '.a' }
|
||||
sub dsoext { '.dll' }
|
||||
sub defext { '.def' }
|
||||
|
||||
# Other extra that aren't defined in platform::BASE
|
||||
sub resext { '.res.obj' }
|
||||
sub shlibext { '.dll' }
|
||||
sub shlibextimport { $target{shared_import_extension} || '.dll.a' }
|
||||
sub shlibextsimple { undef }
|
||||
sub makedepcmd { $disabled{makedepend} ? undef : $config{makedepcmd} }
|
||||
|
||||
(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
|
||||
sub shlib_version_as_filename {
|
||||
return $sover_filename;
|
||||
}
|
||||
sub sharedname {
|
||||
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
|
||||
"-",
|
||||
$_[0]->shlib_version_as_filename(),
|
||||
($config{target} eq "mingw64"
|
||||
? "-x64" : ""));
|
||||
}
|
||||
|
||||
# With Mingw and other DLL producers, there isn't any "simpler" shared
|
||||
# library name. However, there is a static import library.
|
||||
sub sharedlib_simple {
|
||||
return undef;
|
||||
}
|
||||
|
||||
sub sharedlib_import {
|
||||
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
|
||||
$_[0]->shlibextimport());
|
||||
}
|
||||
|
||||
1;
|
||||
@@ -1,100 +0,0 @@
|
||||
#! /usr/bin/env perl
|
||||
# -*- mode: perl; -*-
|
||||
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License 2.0 (the "License"). You may not use
|
||||
# this file except in compliance with the License. You can obtain a copy
|
||||
# in the file LICENSE in the source distribution or at
|
||||
# https://www.openssl.org/source/license.html
|
||||
|
||||
# This is a collection of extra attributes to be used as input for creating
|
||||
# shared libraries, currently on any Unix variant, including Unix like
|
||||
# environments on Windows.
|
||||
|
||||
sub detect_gnu_ld {
|
||||
my @lines =
|
||||
`$config{CROSS_COMPILE}$config{CC} -Wl,-V /dev/null 2>&1`;
|
||||
return grep /^GNU ld/, @lines;
|
||||
}
|
||||
sub detect_gnu_cc {
|
||||
my @lines =
|
||||
`$config{CROSS_COMPILE}$config{CC} -v 2>&1`;
|
||||
return grep /gcc/, @lines;
|
||||
}
|
||||
|
||||
my %shared_info;
|
||||
%shared_info = (
|
||||
'gnu-shared' => {
|
||||
shared_ldflag => '-shared -Wl,-Bsymbolic',
|
||||
shared_sonameflag => '-Wl,-soname=',
|
||||
},
|
||||
'linux-shared' => sub {
|
||||
return {
|
||||
%{$shared_info{'gnu-shared'}},
|
||||
shared_defflag => '-Wl,--version-script=',
|
||||
dso_ldflags =>
|
||||
(grep /(?:^|\s)-fsanitize/,
|
||||
@{$config{CFLAGS}}, @{$config{cflags}})
|
||||
? ''
|
||||
: '-Wl,-z,defs',
|
||||
};
|
||||
},
|
||||
'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; },
|
||||
'bsd-gcc-nodef-shared' => sub {
|
||||
return {
|
||||
%{$shared_info{'gnu-shared'}},
|
||||
shared_defflags => '-Wl,--version-script=',
|
||||
};
|
||||
},
|
||||
'darwin-shared' => {
|
||||
module_ldflags => '-bundle',
|
||||
shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
|
||||
shared_sonameflag => '-install_name $(libdir)/',
|
||||
},
|
||||
'cygwin-shared' => {
|
||||
shared_ldflag => '-shared -Wl,--enable-auto-image-base',
|
||||
shared_impflag => '-Wl,--out-implib=',
|
||||
},
|
||||
'mingw-shared' => sub {
|
||||
return {
|
||||
%{$shared_info{'cygwin-shared'}},
|
||||
# def_flag made to empty string so it still generates
|
||||
# something
|
||||
shared_defflag => '',
|
||||
shared_argfileflag => '@',
|
||||
};
|
||||
},
|
||||
'alpha-osf1-shared' => sub {
|
||||
return $shared_info{'gnu-shared'} if detect_gnu_ld();
|
||||
return {
|
||||
module_ldflags => '-shared -Wl,-Bsymbolic',
|
||||
shared_ldflag => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)',
|
||||
};
|
||||
},
|
||||
'svr3-shared' => sub {
|
||||
return $shared_info{'gnu-shared'} if detect_gnu_ld();
|
||||
return {
|
||||
shared_ldflag => '-G',
|
||||
shared_sonameflag => '-h ',
|
||||
};
|
||||
},
|
||||
'svr5-shared' => sub {
|
||||
return $shared_info{'gnu-shared'} if detect_gnu_ld();
|
||||
return {
|
||||
shared_ldflag => detect_gnu_cc() ? '-shared' : '-G',
|
||||
shared_sonameflag => '-h ',
|
||||
};
|
||||
},
|
||||
'solaris-gcc-shared' => sub {
|
||||
return $shared_info{'linux-shared'} if detect_gnu_ld();
|
||||
return {
|
||||
# Note: we should also have -shared here, but because some
|
||||
# config targets define it with an added -static-libgcc
|
||||
# following it, we don't want to change the order. This
|
||||
# forces all solaris gcc config targets to define shared_ldflag
|
||||
shared_ldflag => '-Wl,-Bsymbolic',
|
||||
shared_defflag => "-Wl,-M,",
|
||||
shared_sonameflag => "-Wl,-h,",
|
||||
};
|
||||
},
|
||||
);
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1,22 +0,0 @@
|
||||
#! /usr/bin/env perl
|
||||
|
||||
use Config;
|
||||
|
||||
# Check that the perl implementation file modules generate paths that
|
||||
# we expect for the platform
|
||||
use File::Spec::Functions qw(:DEFAULT rel2abs);
|
||||
|
||||
if (rel2abs('.') !~ m|/|) {
|
||||
die <<EOF;
|
||||
|
||||
******************************************************************************
|
||||
This perl implementation doesn't produce Unix like paths (with forward slash
|
||||
directory separators). Please use an implementation that matches your
|
||||
building platform.
|
||||
|
||||
This Perl version: $Config{version} for $Config{archname}
|
||||
******************************************************************************
|
||||
EOF
|
||||
}
|
||||
|
||||
1;
|
||||
@@ -1,22 +0,0 @@
|
||||
#! /usr/bin/env perl
|
||||
|
||||
use Config;
|
||||
|
||||
# Check that the perl implementation file modules generate paths that
|
||||
# we expect for the platform
|
||||
use File::Spec::Functions qw(:DEFAULT rel2abs);
|
||||
|
||||
if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) {
|
||||
die <<EOF;
|
||||
|
||||
******************************************************************************
|
||||
This perl implementation doesn't produce Windows like paths (with backward
|
||||
slash directory separators). Please use an implementation that matches your
|
||||
building platform.
|
||||
|
||||
This Perl version: $Config{version} for $Config{archname}
|
||||
******************************************************************************
|
||||
EOF
|
||||
}
|
||||
|
||||
1;
|
||||
File diff suppressed because it is too large
Load Diff
33
HACKING.md
33
HACKING.md
@@ -1,33 +0,0 @@
|
||||
MODIFYING OPENSSL SOURCE
|
||||
========================
|
||||
|
||||
This document describes the way to add custom modifications to OpenSSL sources.
|
||||
|
||||
If you are adding new public functions to the custom library build, you need to
|
||||
either add a prototype in one of the existing OpenSSL header files;
|
||||
or provide a new header file and edit
|
||||
[Configurations/unix-Makefile.tmpl](Configurations/unix-Makefile.tmpl)
|
||||
to pick up that file.
|
||||
|
||||
After that, perform the following steps:
|
||||
|
||||
./Configure -Werror --strict-warnings [your-options]
|
||||
make update
|
||||
make
|
||||
make test
|
||||
|
||||
`make update` ensures that your functions declarations are added to
|
||||
`util/libcrypto.num` or `util/libssl.num`.
|
||||
If you plan to submit the changes you made to OpenSSL
|
||||
(see [CONTRIBUTING.md](CONTRIBUTING.md)), it's worth running:
|
||||
|
||||
make doc-nits
|
||||
|
||||
after running `make update` to ensure that documentation has correct format.
|
||||
|
||||
`make update` also generates files related to OIDs (in the `crypto/objects/`
|
||||
folder) and errors.
|
||||
If a merge error occurs in one of these generated files, then the
|
||||
generated files need to be removed and regenerated using `make update`.
|
||||
To aid in this process, the generated files can be committed separately
|
||||
so they can be removed easily.
|
||||
316
HISTORY
Normal file
316
HISTORY
Normal file
@@ -0,0 +1,316 @@
|
||||
16-Mar-98
|
||||
- Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
|
||||
- Lots and lots of changes
|
||||
|
||||
29-Jan-98
|
||||
- ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
|
||||
Goetz Babin-Ebell <babinebell@trustcenter.de>.
|
||||
- SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
|
||||
TLS1_VERSION.
|
||||
|
||||
7-Jan-98
|
||||
- Finally reworked the cipher string to ciphers again, so it
|
||||
works correctly
|
||||
- All the app_data stuff is now ex_data with funcion calls to access.
|
||||
The index is supplied by a function and 'methods' can be setup
|
||||
for the types that are called on XXX_new/XXX_free. This lets
|
||||
applications get notified on creation and destruction. Some of
|
||||
the RSA methods could be implemented this way and I may do so.
|
||||
- Oh yes, SSL under perl5 is working at the basic level.
|
||||
|
||||
15-Dec-97
|
||||
- Warning - the gethostbyname cache is not fully thread safe,
|
||||
but it should work well enough.
|
||||
- Major internal reworking of the app_data stuff. More functions
|
||||
but if you were accessing ->app_data directly, things will
|
||||
stop working.
|
||||
- The perlv5 stuff is working. Currently on message digests,
|
||||
ciphers and the bignum library.
|
||||
|
||||
9-Dec-97
|
||||
- Modified re-negotiation so that server initated re-neg
|
||||
will cause a SSL_read() to return -1 should retry.
|
||||
The danger otherwise was that the server and the
|
||||
client could end up both trying to read when using non-blocking
|
||||
sockets.
|
||||
|
||||
4-Dec-97
|
||||
- Lots of small changes
|
||||
- Fix for binaray mode in Windows for the FILE BIO, thanks to
|
||||
Bob Denny <rdenny@dc3.com>
|
||||
|
||||
17-Nov-97
|
||||
- Quite a few internal cleanups, (removal of errno, and using macros
|
||||
defined in e_os.h).
|
||||
- A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
|
||||
the automactic naming out output files was being stuffed up.
|
||||
|
||||
29-Oct-97
|
||||
- The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
|
||||
for x86.
|
||||
|
||||
21-Oct-97
|
||||
- Fixed a bug in the BIO_gethostbyname() cache.
|
||||
|
||||
15-Oct-97
|
||||
- cbc mode for blowfish/des/3des is now in assember. Blowfish asm
|
||||
has also been improved. At this point in time, on the pentium,
|
||||
md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
|
||||
des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
|
||||
is %62 faster.
|
||||
|
||||
12-Oct-97
|
||||
- MEM_BUF_grow() has been fixed so that it always sets the buf->length
|
||||
to the value we are 'growing' to. Think of MEM_BUF_grow() as the
|
||||
way to set the length value correctly.
|
||||
|
||||
10-Oct-97
|
||||
- I now hash for certificate lookup on the raw DER encoded RDN (md5).
|
||||
This breaks things again :-(. This is efficent since I cache
|
||||
the DER encoding of the RDN.
|
||||
- The text DN now puts in the numeric OID instead of UNKNOWN.
|
||||
- req can now process arbitary OIDs in the config file.
|
||||
- I've been implementing md5 in x86 asm, much faster :-).
|
||||
- Started sha1 in x86 asm, needs more work.
|
||||
- Quite a few speedups in the BN stuff. RSA public operation
|
||||
has been made faster by caching the BN_MONT_CTX structure.
|
||||
The calulating of the Ai where A*Ai === 1 mod m was rather
|
||||
expensive. Basically a 40-50% speedup on public operations.
|
||||
The RSA speedup is now 15% on pentiums and %20 on pentium
|
||||
pro.
|
||||
|
||||
30-Sep-97
|
||||
- After doing some profiling, I added x86 adm for bn_add_words(),
|
||||
which just adds 2 arrays of longs together. A %10 speedup
|
||||
for 512 and 1024 bit RSA on the pentium pro.
|
||||
|
||||
29-Sep-97
|
||||
- Converted the x86 bignum assembler to us the perl scripts
|
||||
for generation.
|
||||
|
||||
23-Sep-97
|
||||
- If SSL_set_session() is passed a NULL session, it now clears the
|
||||
current session-id.
|
||||
|
||||
22-Sep-97
|
||||
- Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
|
||||
certificates.
|
||||
- Bug in crypto/evp/encode.c where by decoding of 65 base64
|
||||
encoded lines, one line at a time (via a memory BIO) would report
|
||||
EOF after the first line was decoded.
|
||||
- Fix in X509_find_by_issuer_and_serial() from
|
||||
Dr Stephen Henson <shenson@bigfoot.com>
|
||||
|
||||
19-Sep-97
|
||||
- NO_FP_API and NO_STDIO added.
|
||||
- Put in sh config command. It auto runs Configure with the correct
|
||||
parameters.
|
||||
|
||||
18-Sep-97
|
||||
- Fix x509.c so if a DSA cert has different parameters to its parent,
|
||||
they are left in place. Not tested yet.
|
||||
|
||||
16-Sep-97
|
||||
- ssl_create_cipher_list() had some bugs, fixes from
|
||||
Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
|
||||
- Fixed a bug in the Base64 BIO, where it would return 1 instead
|
||||
of -1 when end of input was encountered but should retry.
|
||||
Basically a Base64/Memory BIO interaction problem.
|
||||
- Added a HMAC set of functions in preporarion for TLS work.
|
||||
|
||||
15-Sep-97
|
||||
- Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
|
||||
- Prime generation spead up %25 (512 bit prime, pentium pro linux)
|
||||
by using montgomery multiplication in the prime number test.
|
||||
|
||||
11-Sep-97
|
||||
- Ugly bug in ssl3_write_bytes(). Basically if application land
|
||||
does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
|
||||
did not check the size and tried to copy the entire buffer.
|
||||
This would tend to cause memory overwrites since SSLv3 has
|
||||
a maximum packet size of 16k. If your program uses
|
||||
buffers <= 16k, you would probably never see this problem.
|
||||
- Fixed a new errors that were cause by malloc() not returning
|
||||
0 initialised memory..
|
||||
- SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
|
||||
SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
|
||||
since this flags stops SSLeay being able to handle client
|
||||
cert requests correctly.
|
||||
|
||||
08-Sep-97
|
||||
- SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
|
||||
on, the SSL server routines will not use a SSL_SESSION that is
|
||||
held in it's cache. This in intended to be used with the session-id
|
||||
callbacks so that while the session-ids are still stored in the
|
||||
cache, the decision to use them and how to look them up can be
|
||||
done by the callbacks. The are the 'new', 'get' and 'remove'
|
||||
callbacks. This can be used to determine the session-id
|
||||
to use depending on information like which port/host the connection
|
||||
is coming from. Since the are also SSL_SESSION_set_app_data() and
|
||||
SSL_SESSION_get_app_data() functions, the application can hold
|
||||
information against the session-id as well.
|
||||
|
||||
03-Sep-97
|
||||
- Added lookup of CRLs to the by_dir method,
|
||||
X509_load_crl_file() also added. Basically it means you can
|
||||
lookup CRLs via the same system used to lookup certificates.
|
||||
- Changed things so that the X509_NAME structure can contain
|
||||
ASN.1 BIT_STRINGS which is required for the unique
|
||||
identifier OID.
|
||||
- Fixed some problems with the auto flushing of the session-id
|
||||
cache. It was not occuring on the server side.
|
||||
|
||||
02-Sep-97
|
||||
- Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
|
||||
which is the maximum number of entries allowed in the
|
||||
session-id cache. This is enforced with a simple FIFO list.
|
||||
The default size is 20*1024 entries which is rather large :-).
|
||||
The Timeout code is still always operating.
|
||||
|
||||
01-Sep-97
|
||||
- Added an argument to all the 'generate private key/prime`
|
||||
callbacks. It is the last parameter so this should not
|
||||
break existing code but it is needed for C++.
|
||||
- Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
|
||||
BIO. This lets the BIO read and write base64 encoded data
|
||||
without inserting or looking for '\n' characters. The '-A'
|
||||
flag turns this on when using apps/enc.c.
|
||||
- RSA_NO_PADDING added to help BSAFE functionality. This is a
|
||||
very dangerous thing to use, since RSA private key
|
||||
operations without random padding bytes (as PKCS#1 adds) can
|
||||
be attacked such that the private key can be revealed.
|
||||
- ASN.1 bug and rc2-40-cbc and rc4-40 added by
|
||||
Dr Stephen Henson <shenson@bigfoot.com>
|
||||
|
||||
31-Aug-97 (stuff added while I was away)
|
||||
- Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
|
||||
- RSA_flags() added allowing bypass of pub/priv match check
|
||||
in ssl/ssl_rsa.c - Tim Hudson.
|
||||
- A few minor bugs.
|
||||
|
||||
SSLeay 0.8.1 released.
|
||||
|
||||
19-Jul-97
|
||||
- Server side initated dynamic renegotiation is broken. I will fix
|
||||
it when I get back from holidays.
|
||||
|
||||
15-Jul-97
|
||||
- Quite a few small changes.
|
||||
- INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
|
||||
|
||||
09-Jul-97
|
||||
- Added 2 new values to the SSL info callback.
|
||||
SSL_CB_START which is passed when the SSL protocol is started
|
||||
and SSL_CB_DONE when it has finished sucsessfully.
|
||||
|
||||
08-Jul-97
|
||||
- Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
|
||||
that related to DSA public/private keys.
|
||||
- Added all the relevent PEM and normal IO functions to support
|
||||
reading and writing RSAPublic keys.
|
||||
- Changed makefiles to use ${AR} instead of 'ar r'
|
||||
|
||||
07-Jul-97
|
||||
- Error in ERR_remove_state() that would leave a dangling reference
|
||||
to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
|
||||
- s_client now prints the X509_NAMEs passed from the server
|
||||
when requesting a client cert.
|
||||
- Added a ssl->type, which is one of SSL_ST_CONNECT or
|
||||
SSL_ST_ACCEPT. I had to add it so I could tell if I was
|
||||
a connect or an accept after the handshake had finished.
|
||||
- SSL_get_client_CA_list(SSL *s) now returns the CA names
|
||||
passed by the server if called by a client side SSL.
|
||||
|
||||
05-Jul-97
|
||||
- Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
|
||||
0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com).
|
||||
|
||||
04-Jul-97
|
||||
- Fixed some things in X509_NAME_add_entry(), thanks to
|
||||
Matthew Donald <matthew@world.net>.
|
||||
- I had a look at the cipher section and though that it was a
|
||||
bit confused, so I've changed it.
|
||||
- I was not setting up the RC4-64-MD5 cipher correctly. It is
|
||||
a MS special that appears in exported MS Money.
|
||||
- Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
|
||||
spec. I was missing the two byte length header for the
|
||||
ClientDiffieHellmanPublic value. This is a packet sent from
|
||||
the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
|
||||
option will enable SSLeay server side SSLv3 accept either
|
||||
the correct or my 080 packet format.
|
||||
- Fixed a few typos in crypto/pem.org.
|
||||
|
||||
02-Jul-97
|
||||
- Alias mapping for EVP_get_(digest|cipher)byname is now
|
||||
performed before a lookup for actual cipher. This means
|
||||
that an alias can be used to 're-direct' a cipher or a
|
||||
digest.
|
||||
- ASN1_read_bio() had a bug that only showed up when using a
|
||||
memory BIO. When EOF is reached in the memory BIO, it is
|
||||
reported as a -1 with BIO_should_retry() set to true.
|
||||
|
||||
01-Jul-97
|
||||
- Fixed an error in X509_verify_cert() caused by my
|
||||
miss-understanding how 'do { contine } while(0);' works.
|
||||
Thanks to Emil Sit <sit@mit.edu> for educating me :-)
|
||||
|
||||
30-Jun-97
|
||||
- Base64 decoding error. If the last data line did not end with
|
||||
a '=', sometimes extra data would be returned.
|
||||
- Another 'cut and paste' bug in x509.c related to setting up the
|
||||
STDout BIO.
|
||||
|
||||
27-Jun-97
|
||||
- apps/ciphers.c was not printing due to an editing error.
|
||||
- Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
|
||||
a library build error in util/mk1mf.pl
|
||||
|
||||
26-Jun-97
|
||||
- Still did not have the auto 'experimental' code removal
|
||||
script correct.
|
||||
- A few header tweaks for Watcom 11.0 under Win32 from
|
||||
Rolf Lindemann <Lindemann@maz-hh.de>
|
||||
- 0 length OCTET_STRING bug in asn1_parse
|
||||
- A minor fix with an non-existent function in the MS .def files.
|
||||
- A few changes to the PKCS7 stuff.
|
||||
|
||||
25-Jun-97
|
||||
SSLeay 0.8.0 finally it gets released.
|
||||
|
||||
24-Jun-97
|
||||
Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
|
||||
use a temporary RSA key. This is experimental and needs some more work.
|
||||
Fixed a few Win16 build problems.
|
||||
|
||||
23-Jun-97
|
||||
SSLv3 bug. I was not doing the 'lookup' of the CERT structure
|
||||
correctly. I was taking the SSL->ctx->default_cert when I should
|
||||
have been using SSL->cert. The bug was in ssl/s3_srvr.c
|
||||
|
||||
20-Jun-97
|
||||
X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
|
||||
rest of the library. Even though I had the code required to do
|
||||
it correctly, apps/req.c was doing the wrong thing. I have fixed
|
||||
and tested everything.
|
||||
|
||||
Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
|
||||
|
||||
19-Jun-97
|
||||
Fixed a bug in the SSLv2 server side first packet handling. When
|
||||
using the non-blocking test BIO, the ssl->s2->first_packet flag
|
||||
was being reset when a would-block failure occurred when reading
|
||||
the first 5 bytes of the first packet. This caused the checking
|
||||
logic to run at the wrong time and cause an error.
|
||||
|
||||
Fixed a problem with specifying cipher. If RC4-MD5 were used,
|
||||
only the SSLv3 version would be picked up. Now this will pick
|
||||
up both SSLv2 and SSLv3 versions. This required changing the
|
||||
SSL_CIPHER->mask values so that they only mask the ciphers,
|
||||
digests, authentication, export type and key-exchange algorithms.
|
||||
|
||||
I found that when a SSLv23 session is established, a reused
|
||||
session, of type SSLv3 was attempting to write the SSLv2
|
||||
ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
|
||||
method has been modified so it will only write out cipher which
|
||||
that method knows about.
|
||||
|
||||
443
HISTORY.066
Normal file
443
HISTORY.066
Normal file
@@ -0,0 +1,443 @@
|
||||
SSLeay 0.6.5
|
||||
|
||||
After quite some time (3 months), the new release. I have been very busy
|
||||
for the last few months and so this is mostly bug fixes and improvments.
|
||||
|
||||
The main additions are
|
||||
|
||||
- assember for x86 DES. For all those gcc based systems, this is a big
|
||||
improvement. From 117,000 DES operation a second on a pentium 100,
|
||||
I now get 191,000. I have also reworked the C version so it
|
||||
now gives 148,000 DESs per second.
|
||||
- As mentioned above, the inner DES macros now have some more variant that
|
||||
sometimes help, sometimes hinder performance. There are now 3 options
|
||||
DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
|
||||
and DES_RISC (a more register intensive version of the inner macro).
|
||||
The crypto/des/des_opts.c program, when compiled and run, will give
|
||||
an indication of the correct options to use.
|
||||
- The BIO stuff has been improved. Read doc/bio.doc. There are now
|
||||
modules for encryption and base64 encoding and a BIO_printf() function.
|
||||
- The CA program will accept simple one line X509v3 extensions in the
|
||||
ssleay.cnf file. Have a look at the example. Currently this just
|
||||
puts the text into the certificate as an OCTET_STRING so currently
|
||||
the more advanced X509v3 data types are not handled but this is enough
|
||||
for the netscape extensions.
|
||||
- There is the start of a nicer higher level interface to the X509
|
||||
strucutre.
|
||||
- Quite a lot of bug fixes.
|
||||
- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used
|
||||
to define the malloc(), free() and realloc() routines to use
|
||||
(look in crypto/crypto.h). This is mostly needed for Windows NT/95 when
|
||||
using DLLs and mixing CRT libraries.
|
||||
|
||||
In general, read the 'VERSION' file for changes and be aware that some of
|
||||
the new stuff may not have been tested quite enough yet, so don't just plonk
|
||||
in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
|
||||
|
||||
SSLeay 0.6.4 30/08/96 eay
|
||||
|
||||
I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
|
||||
Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
|
||||
|
||||
The main changes in this release
|
||||
|
||||
- Thread safe. have a read of doc/threads.doc and play in the mt directory.
|
||||
For anyone using 0.6.3 with threads, I found 2 major errors so consider
|
||||
moving to 0.6.4. I have a test program that builds under NT and
|
||||
solaris.
|
||||
- The get session-id callback has changed. Have a read of doc/callback.doc.
|
||||
- The X509_cert_verify callback (the SSL_verify callback) now
|
||||
has another argument. Have a read of doc/callback.doc
|
||||
- 'ca -preserve', sign without re-ordering the DN. Not tested much.
|
||||
- VMS support.
|
||||
- Compile time memory leak detection can now be built into SSLeay.
|
||||
Read doc/memory.doc
|
||||
- CONF routines now understand '\', '\n', '\r' etc. What this means is that
|
||||
the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
|
||||
- 'ssleay ciphers' added, lists the default cipher list for SSLeay.
|
||||
- RC2 key setup is now compatable with Netscape.
|
||||
- Modifed server side of SSL implementation, big performance difference when
|
||||
using session-id reuse.
|
||||
|
||||
0.6.3
|
||||
|
||||
Bug fixes and the addition of some nice stuff to the 'ca' program.
|
||||
Have a read of doc/ns-ca.doc for how hit has been modified so
|
||||
it can be driven from a CGI script. The CGI script is not provided,
|
||||
but that is just being left as an excersize for the reader :-).
|
||||
|
||||
0.6.2
|
||||
|
||||
This is most bug fixes and functionality improvements.
|
||||
|
||||
Additions are
|
||||
- More thread debugging patches, the thread stuff is still being
|
||||
tested, but for those keep to play with stuff, have a look in
|
||||
crypto/cryptlib.c. The application needs to define 1 (or optionaly
|
||||
a second) callback that is used to implement locking. Compiling
|
||||
with LOCK_DEBUG spits out lots of locking crud :-).
|
||||
This is what I'm currently working on.
|
||||
- SSL_CTX_set_default_passwd_cb() can be used to define the callback
|
||||
function used in the SSL*_file() functions used to load keys. I was
|
||||
always of the opinion that people should call
|
||||
PEM_read_RSAPrivateKey() and pass the callback they want to use, but
|
||||
it appears they just want to use the SSL_*_file() function() :-(.
|
||||
- 'enc' now has a -kfile so a key can be read from a file. This is
|
||||
mostly used so that the passwd does not appear when using 'ps',
|
||||
which appears imposible to stop under solaris.
|
||||
- X509v3 certificates now work correctly. I even have more examples
|
||||
in my tests :-). There is now a X509_EXTENSION type that is used in
|
||||
X509v3 certificates and CRLv2.
|
||||
- Fixed that signature type error :-(
|
||||
- Fixed quite a few potential memory leaks and problems when reusing
|
||||
X509, CRL and REQ structures.
|
||||
- EVP_set_pw_prompt() now sets the library wide default password
|
||||
prompt.
|
||||
- The 'pkcs7' command will now, given the -print_certs flag, output in
|
||||
pem format, all certificates and CRL contained within. This is more
|
||||
of a pre-emtive thing for the new verisign distribution method. I
|
||||
should also note, that this also gives and example in code, of how
|
||||
to do this :-), or for that matter, what is involved in going the
|
||||
other way (list of certs and crl -> pkcs7).
|
||||
- Added RSA's DESX to the DES library. It is also available via the
|
||||
EVP_desx_cbc() method and via 'enc desx'.
|
||||
|
||||
SSLeay 0.6.1
|
||||
|
||||
The main functional changes since 0.6.0 are as follows
|
||||
- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
|
||||
that from now on, I'll keep the .def numbers the same so they will be.
|
||||
- RSA private key operations are about 2 times faster that 0.6.0
|
||||
- The SSL_CTX now has more fields so default values can be put against
|
||||
it. When an SSL structure is created, these default values are used
|
||||
but can be overwritten. There are defaults for cipher, certificate,
|
||||
private key, verify mode and callback. This means SSL session
|
||||
creation can now be
|
||||
ssl=SSL_new()
|
||||
SSL_set_fd(ssl,sock);
|
||||
SSL_accept(ssl)
|
||||
....
|
||||
All the other uglyness with having to keep a global copy of the
|
||||
private key and certificate/verify mode in the server is now gone.
|
||||
- ssl/ssltest.c - one process talking SSL to its self for testing.
|
||||
- Storage of Session-id's can be controled via a session_cache_mode
|
||||
flag. There is also now an automatic default flushing of
|
||||
old session-id's.
|
||||
- The X509_cert_verify() function now has another parameter, this
|
||||
should not effect most people but it now means that the reason for
|
||||
the failure to verify is now available via SSL_get_verify_result(ssl).
|
||||
You don't have to use a global variable.
|
||||
- SSL_get_app_data() and SSL_set_app_data() can be used to keep some
|
||||
application data against the SSL structure. It is upto the application
|
||||
to free the data. I don't use it, but it is available.
|
||||
- SSL_CTX_set_cert_verify_callback() can be used to specify a
|
||||
verify callback function that completly replaces my certificate
|
||||
verification code. Xcert should be able to use this :-).
|
||||
The callback is of the form int app_verify_callback(arg,ssl,cert).
|
||||
This needs to be documented more.
|
||||
- I have started playing with shared library builds, have a look in
|
||||
the shlib directory. It is very simple. If you need a numbered
|
||||
list of functions, have a look at misc/crypto.num and misc/ssl.num.
|
||||
- There is some stuff to do locking to make the library thread safe.
|
||||
I have only started this stuff and have not finished. If anyone is
|
||||
keen to do so, please send me the patches when finished.
|
||||
|
||||
So I have finally made most of the additions to the SSL interface that
|
||||
I thought were needed.
|
||||
|
||||
There will probably be a pause before I make any non-bug/documentation
|
||||
related changes to SSLeay since I'm feeling like a bit of a break.
|
||||
|
||||
eric - 12 Jul 1996
|
||||
I saw recently a comment by some-one that we now seem to be entering
|
||||
the age of perpetual Beta software.
|
||||
Pioneered by packages like linux but refined to an art form by
|
||||
netscape.
|
||||
|
||||
I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
|
||||
|
||||
There are quite a large number of sections that are 'works in
|
||||
progress' in this package. I will also list the major changes and
|
||||
what files you should read.
|
||||
|
||||
BIO - this is the new IO structure being used everywhere in SSLeay. I
|
||||
started out developing this because of microsoft, I wanted a mechanism
|
||||
to callback to the application for all IO, so Windows 3.1 DLL
|
||||
perversion could be hidden from me and the 15 different ways to write
|
||||
to a file under NT would also not be dictated by me at library build
|
||||
time. What the 'package' is is an API for a data structure containing
|
||||
functions. IO interfaces can be written to conform to the
|
||||
specification. This in not intended to hide the underlying data type
|
||||
from the application, but to hide it from SSLeay :-).
|
||||
I have only really finished testing the FILE * and socket/fd modules.
|
||||
There are also 'filter' BIO's. Currently I have only implemented
|
||||
message digests, and it is in use in the dgst application. This
|
||||
functionality will allow base64/encrypto/buffering modules to be
|
||||
'push' into a BIO without it affecting the semantics. I'm also
|
||||
working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
|
||||
from an event loop which uses the interface.
|
||||
It is also possible to 'attach' callbacks to a BIO so they get called
|
||||
before and after each operation, alowing extensive debug output
|
||||
to be generated (try running dgst with -d).
|
||||
|
||||
Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
|
||||
functions that used to take FILE *, now take BIO *.
|
||||
The wrappers are easy to write
|
||||
|
||||
function_fp(fp,x)
|
||||
FILE *fp;
|
||||
{
|
||||
BIO *b;
|
||||
int ret;
|
||||
|
||||
if ((b=BIO_new(BIO_s_file())) == NULL) error.....
|
||||
BIO_set_fp(b,fp,BIO_NOCLOSE);
|
||||
ret=function_bio(b,x);
|
||||
BIO_free(b);
|
||||
return(ret);
|
||||
}
|
||||
Remember, there are no functions that take FILE * in SSLeay when
|
||||
compiled for Windows 3.1 DLL's.
|
||||
|
||||
--
|
||||
I have added a general EVP_PKEY type that can hold a public/private
|
||||
key. This is now what is used by the EVP_ functions and is passed
|
||||
around internally. I still have not done the PKCS#8 stuff, but
|
||||
X509_PKEY is defined and waiting :-)
|
||||
|
||||
--
|
||||
For a full function name listings, have a look at ms/crypt32.def and
|
||||
ms/ssl32.def. These are auto-generated but are complete.
|
||||
Things like ASN1_INTEGER_get() have been added and are in here if you
|
||||
look. I have renamed a few things, again, have a look through the
|
||||
function list and you will probably find what you are after. I intend
|
||||
to at least put a one line descrition for each one.....
|
||||
|
||||
--
|
||||
Microsoft - thats what this release is about, read the MICROSOFT file.
|
||||
|
||||
--
|
||||
Multi-threading support. I have started hunting through the code and
|
||||
flaging where things need to be done. In a state of work but high on
|
||||
the list.
|
||||
|
||||
--
|
||||
For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
|
||||
be be you random data device, otherwise 'RFILE' in e_os.h
|
||||
will be used, in your home directory. It will be updated
|
||||
periodically. The environment variable RANDFILE will override this
|
||||
choice and read/write to that file instead. DEVRANDOM is used in
|
||||
conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random
|
||||
number generator, pick on one of these files.
|
||||
|
||||
--
|
||||
|
||||
The list of things to read and do
|
||||
|
||||
dgst -d
|
||||
s_client -state (this uses a callback placed in the SSL state loop and
|
||||
will be used else-where to help debug/monitor what
|
||||
is happening.)
|
||||
|
||||
doc/why.doc
|
||||
doc/bio.doc <- hmmm, needs lots of work.
|
||||
doc/bss_file.doc <- one that is working :-)
|
||||
doc/session.doc <- it has changed
|
||||
doc/speed.doc
|
||||
also play with ssleay version -a. I have now added a SSLeay()
|
||||
function that returns a version number, eg 0600 for this release
|
||||
which is primarily to be used to check DLL version against the
|
||||
application.
|
||||
util/* Quite a few will not interest people, but some may, like
|
||||
mk1mf.pl, mkdef.pl,
|
||||
util/do_ms.sh
|
||||
|
||||
try
|
||||
cc -Iinclude -Icrypto -c crypto/crypto.c
|
||||
cc -Iinclude -Issl -c ssl/ssl.c
|
||||
You have just built the SSLeay libraries as 2 object files :-)
|
||||
|
||||
Have a general rummage around in the bin stall directory and look at
|
||||
what is in there, like CA.sh and c_rehash
|
||||
|
||||
There are lots more things but it is 12:30am on a Friday night and I'm
|
||||
heading home :-).
|
||||
|
||||
eric 22-Jun-1996
|
||||
This version has quite a few major bug fixes and improvements. It DOES NOT
|
||||
do SSLv3 yet.
|
||||
|
||||
The main things changed
|
||||
- A Few days ago I added the s_mult application to ssleay which is
|
||||
a demo of an SSL server running in an event loop type thing.
|
||||
It supports non-blocking IO, I have finally gotten it right, SSL_accept()
|
||||
can operate in non-blocking IO mode, look at the code to see how :-).
|
||||
Have a read of doc/s_mult as well. This program leaks memory and
|
||||
file descriptors everywhere but I have not cleaned it up yet.
|
||||
This is a demo of how to do non-blocking IO.
|
||||
- The SSL session management has been 'worked over' and there is now
|
||||
quite an expansive set of functions to manipulate them. Have a read of
|
||||
doc/session.doc for some-things I quickly whipped up about how it now works.
|
||||
This assume you know the SSLv2 protocol :-)
|
||||
- I can now read/write the netscape certificate format, use the
|
||||
-inform/-outform 'net' options to the x509 command. I have not put support
|
||||
for this type in the other demo programs, but it would be easy to add.
|
||||
- asn1parse and 'enc' have been modified so that when reading base64
|
||||
encoded files (pem format), they do not require '-----BEGIN' header lines.
|
||||
The 'enc' program had a buffering bug fixed, it can be used as a general
|
||||
base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
|
||||
respecivly. Leaving out the '-a' flag in this case makes the 'enc' command
|
||||
into a form of 'cat'.
|
||||
- The 'x509' and 'req' programs have been fixed and modified a little so
|
||||
that they generate self-signed certificates correctly. The test
|
||||
script actually generates a 'CA' certificate and then 'signs' a
|
||||
'user' certificate. Have a look at this shell script (test/sstest)
|
||||
to see how things work, it tests most possible combinations of what can
|
||||
be done.
|
||||
- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
|
||||
of SSL_set_cipher_list() is now the correct API (stops confusion :-).
|
||||
If this function is used in the client, only the specified ciphers can
|
||||
be used, with preference given to the order the ciphers were listed.
|
||||
For the server, if this is used, only the specified ciphers will be used
|
||||
to accept connections. If this 'option' is not used, a default set of
|
||||
ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
|
||||
list for all ciphers started against the SSL_CTX. So the order is
|
||||
SSL cipher_list, if not present, SSL_CTX cipher list, if not
|
||||
present, then the library default.
|
||||
What this means is that normally ciphers like
|
||||
NULL-MD5 will never be used. The only way this cipher can be used
|
||||
for both ends to specify to use it.
|
||||
To enable or disable ciphers in the library at build time, modify the
|
||||
first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
|
||||
This file also contains the 'pref_cipher' list which is the default
|
||||
cipher preference order.
|
||||
- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
|
||||
options work. They should, and they enable loading and writing the
|
||||
netscape rsa private key format. I will be re-working this section of
|
||||
SSLeay for the next version. What is currently in place is a quick and
|
||||
dirty hack.
|
||||
- I've re-written parts of the bignum library. This gives speedups
|
||||
for all platforms. I now provide assembler for use under Windows NT.
|
||||
I have not tested the Windows 3.1 assembler but it is quite simple code.
|
||||
This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
|
||||
and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
|
||||
Basically the times available under linux/solaris x86 can be achieve under
|
||||
Windows NT. I still don't know how these times compare to RSA's BSAFE
|
||||
library but I have been emailing with people and with their help, I should
|
||||
be able to get my library's quite a bit faster still (more algorithm changes).
|
||||
The object file crypto/bn/asm/x86-32.obj should be used when linking
|
||||
under NT.
|
||||
- 'make makefile.one' in the top directory will generate a single makefile
|
||||
called 'makefile.one' This makefile contains no perl references and
|
||||
will build the SSLeay library into the 'tmp' and 'out' directories.
|
||||
util/mk1mf.pl >makefile.one is how this makefile is
|
||||
generated. The mk1mf.pl command take several option to generate the
|
||||
makefile for use with cc, gcc, Visual C++ and Borland C++. This is
|
||||
still under development. I have only build .lib's for NT and MSDOS
|
||||
I will be working on this more. I still need to play with the
|
||||
correct compiler setups for these compilers and add some more stuff but
|
||||
basically if you just want to compile the library
|
||||
on a 'non-unix' platform, this is a very very good file to start with :-).
|
||||
Have a look in the 'microsoft' directory for my current makefiles.
|
||||
I have not yet modified things to link with sockets under Windows NT.
|
||||
You guys should be able to do this since this is actually outside of the
|
||||
SSLeay scope :-). I will be doing it for myself soon.
|
||||
util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock
|
||||
to build without RC2/RC4, to require RSAref for linking, and to
|
||||
build with no socket code.
|
||||
|
||||
- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
|
||||
that was posted to sci.crypt has been added to the library and SSL.
|
||||
I take the view that if RC2 is going to be included in a standard,
|
||||
I'll include the cipher to make my package complete.
|
||||
There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
|
||||
at compile time. I have not tested this recently but it should all work
|
||||
and if you are in the USA and don't want RSA threatening to sue you,
|
||||
you could probably remove the RC4/RC2 code inside these sections.
|
||||
I may in the future include a perl script that does this code
|
||||
removal automatically for those in the USA :-).
|
||||
- I have removed all references to sed in the makefiles. So basically,
|
||||
the development environment requires perl and sh. The build environment
|
||||
does not (use the makefile.one makefile).
|
||||
The Configure script still requires perl, this will probably stay that way
|
||||
since I have perl for Windows NT :-).
|
||||
|
||||
eric (03-May-1996)
|
||||
|
||||
PS Have a look in the VERSION file for more details on the changes and
|
||||
bug fixes.
|
||||
I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
|
||||
things up. This version will be quite stable, mostly because I'm on
|
||||
holidays until 10-March-1996. For any problems in the interum, send email
|
||||
to Tim Hudson <tjh@mincom.oz.au>.
|
||||
|
||||
SSLeay 0.5.0
|
||||
|
||||
12-12-95
|
||||
This is going out before it should really be released.
|
||||
|
||||
I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
|
||||
this for 11 weeks or get things out. It is still going to change a
|
||||
lot in the next week so if you do grab this version, please test and
|
||||
give me feed back ASAP, inculuding questions on how to do things with
|
||||
the library. This will prompt me to write documentation so I don't
|
||||
have to answer the same question again :-).
|
||||
|
||||
This 'pre' release version is for people who are interested in the
|
||||
library. The applications will have to be changed to use
|
||||
the new version of the SSL interface. I intend to finish more
|
||||
documentation before I leave but until then, look at the programs in
|
||||
the apps directory. As far as code goes, it is much much nicer than
|
||||
the old version.
|
||||
|
||||
The current library works, has no memory leaks (as far as I can tell)
|
||||
and is far more bug free that 0.4.5d. There are no global variable of
|
||||
consequence (I believe) and I will produce some documentation that
|
||||
tell where to look for those people that do want to do multi-threaded
|
||||
stuff.
|
||||
|
||||
There should be more documentation. Have a look in the
|
||||
doc directory. I'll be adding more before I leave, it is a start
|
||||
by mostly documents the crypto library. Tim Hudson will update
|
||||
the web page ASAP. The spelling and grammar are crap but
|
||||
it is better than nothing :-)
|
||||
|
||||
Reasons to start playing with version 0.5.0
|
||||
- All the programs in the apps directory build into one ssleay binary.
|
||||
- There is a new version of the 'req' program that generates certificate
|
||||
requests, there is even documentation for this one :-)
|
||||
- There is a demo certification authorithy program. Currently it will
|
||||
look at the simple database and update it. It will generate CRL from
|
||||
the data base. You need to edit the database by hand to revoke a
|
||||
certificate, it is my aim to use perl5/Tk but I don't have time to do
|
||||
this right now. It will generate the certificates but the management
|
||||
scripts still need to be written. This is not a hard task.
|
||||
- Things have been cleaned up alot.
|
||||
- Have a look at the enc and dgst programs in the apps directory.
|
||||
- It supports v3 of x509 certiticates.
|
||||
|
||||
|
||||
Major things missing.
|
||||
- I have been working on (and thinging about) the distributed x509
|
||||
hierachy problem. I have not had time to put my solution in place.
|
||||
It will have to wait until I come back.
|
||||
- I have not put in CRL checking in the certificate verification but
|
||||
it would not be hard to do. I was waiting until I could generate my
|
||||
own CRL (which has only been in the last week) and I don't have time
|
||||
to put it in correctly.
|
||||
- Montgomery multiplication need to be implemented. I know the
|
||||
algorithm, just ran out of time.
|
||||
- PKCS#7. I can load and write the DER version. I need to re-work
|
||||
things to support BER (if that means nothing, read the ASN1 spec :-).
|
||||
- Testing of the higher level digital envelope routines. I have not
|
||||
played with the *_seal() and *_open() type functions. They are
|
||||
written but need testing. The *_sign() and *_verify() functions are
|
||||
rock solid.
|
||||
- PEM. Doing this and PKCS#7 have been dependant on the distributed
|
||||
x509 heirachy problem. I started implementing my ideas, got
|
||||
distracted writing a CA program and then ran out of time. I provide
|
||||
the functionality of RSAref at least.
|
||||
- Re work the asm. code for the x86. I've changed by low level bignum
|
||||
interface again, so I really need to tweak the x86 stuff. gcc is
|
||||
good enough for the other boxes.
|
||||
|
||||
7
HISTORY.090
Normal file
7
HISTORY.090
Normal file
@@ -0,0 +1,7 @@
|
||||
- A minor bug in ssl/s3_clnt.c where there would always be 4 0 bytes
|
||||
sent in the client random, thanks to
|
||||
Edward Bishop <ebishop@spyglass.com>
|
||||
- Changed some BIGNUM api stuff.
|
||||
|
||||
- I Deleted the HISTORY.090 I was working on and when I found out, it was
|
||||
permanently gone :-(
|
||||
133
INSTALL
Normal file
133
INSTALL
Normal file
@@ -0,0 +1,133 @@
|
||||
# Installation of SSLeay.
|
||||
# It depends on perl for a few bits but those steps can be skipped and
|
||||
# the top level makefile edited by hand
|
||||
|
||||
# When bringing the SSLeay distribution back from the evil intel world
|
||||
# of Windows NT, do the following to make it nice again under unix :-)
|
||||
# You don't normally need to run this.
|
||||
sh util/fixNT.sh # This only works for NT now - eay - 21-Jun-1996
|
||||
|
||||
# If you have perl, and it is not in /usr/local/bin, you can run
|
||||
perl util/perlpath.pl /new/path
|
||||
# and this will fix the paths in all the scripts. DO NOT put
|
||||
# /new/path/perl, just /new/path. The build
|
||||
# environment always run scripts as 'perl perlscript.pl' but some of the
|
||||
# 'applications' are easier to usr with the path fixed.
|
||||
|
||||
# Edit crypto/cryptlib.h, tools/c_rehash, and Makefile.ssl
|
||||
# to set the install locations if you don't like
|
||||
# the default location of /usr/local/ssl
|
||||
# Do this by running
|
||||
perl util/ssldir.pl /new/ssl/home
|
||||
# if you have perl, or by hand if not.
|
||||
|
||||
# If things have been stuffed up with the sym links, run
|
||||
make -f Makefile.ssl links
|
||||
# This will re-populate lib/include with symlinks and for each
|
||||
# directory, link Makefile to Makefile.ssl
|
||||
|
||||
# Setup the machine dependent stuff for the top level makefile
|
||||
# and some select .h files
|
||||
# If you don't have perl, this will bomb, in which case just edit the
|
||||
# top level Makefile.ssl
|
||||
./Configure 'system type'
|
||||
|
||||
# The 'Configure' command contains default configuration parameters
|
||||
# for lots of machines. Configure edits 5 lines in the top level Makefile
|
||||
# It modifies the following values in the following files
|
||||
Makefile.ssl CC CFLAG EX_LIBS BN_MULW
|
||||
crypto/des/des.h DES_LONG
|
||||
crypto/des/des_locl.h DES_PTR
|
||||
crypto/md2/md2.h MD2_INT
|
||||
crypto/rc4/rc4.h RC4_INT
|
||||
crypto/rc4/rc4_enc.c RC4_INDEX
|
||||
crypto/rc2/rc2.h RC2_INT
|
||||
crypto/bf/bf_locl.h BF_INT
|
||||
crypto/idea/idea.h IDEA_INT
|
||||
crypto/bn/bn.h BN_LLONG (and defines one of SIXTY_FOUR_BIT,
|
||||
SIXTY_FOUR_BIT_LONG, THIRTY_TWO_BIT,
|
||||
SIXTEEN_BIT or EIGHT_BIT)
|
||||
Please remember that all these files are actually copies of the file with
|
||||
a .org extention. So if you change crypto/des/des.h, the next time
|
||||
you run Configure, it will be runover by a 'configured' version of
|
||||
crypto/des/des.org. So to make the changer the default, change the .org
|
||||
files. The reason these files have to be edited is because most of
|
||||
these modifications change the size of fundamental data types.
|
||||
While in theory this stuff is optional, it often makes a big
|
||||
difference in performance and when using assember, it is importaint
|
||||
for the 'Bignum bits' match those required by the assember code.
|
||||
A warning for people using gcc with sparc cpu's. Gcc needs the -mv8
|
||||
flag to use the hardware multiply instruction which was not present in
|
||||
earlier versions of the sparc CPU. I define it by default. If you
|
||||
have an old sparc, and it crashes, try rebuilding with this flag
|
||||
removed. I am leaving this flag on by default because it makes
|
||||
things run 4 times faster :-)
|
||||
|
||||
# clean out all the old stuff
|
||||
make clean
|
||||
|
||||
# Do a make depend only if you have the makedepend command installed
|
||||
# This is not needed but it does make things nice when developing.
|
||||
make depend
|
||||
|
||||
# make should build everything
|
||||
make
|
||||
|
||||
# fix up the demo certificate hash directory if it has been stuffed up.
|
||||
make rehash
|
||||
|
||||
# test everything
|
||||
make test
|
||||
|
||||
# install the lot
|
||||
make install
|
||||
|
||||
# It is worth noting that all the applications are built into the one
|
||||
# program, ssleay, which is then has links from the other programs
|
||||
# names to it.
|
||||
# The applicatons can be built by themselves, just don't define the
|
||||
# 'MONOLITH' flag. So to build the 'enc' program stand alone,
|
||||
gcc -O2 -Iinclude apps/enc.c apps/apps.c libcrypto.a
|
||||
|
||||
# Other useful make options are
|
||||
make makefile.one
|
||||
# which generate a 'makefile.one' file which will build the complete
|
||||
# SSLeay distribution with temp. files in './tmp' and 'installable' files
|
||||
# in './out'
|
||||
|
||||
# Have a look at running
|
||||
perl util/mk1mf.pl help
|
||||
# this can be used to generate a single makefile and is about the only
|
||||
# way to generate makefiles for windows.
|
||||
|
||||
# There is actually a final way of building SSLeay.
|
||||
gcc -O2 -c -Icrypto -Iinclude crypto/crypto.c
|
||||
gcc -O2 -c -Issl -Iinclude ssl/ssl.c
|
||||
# and you now have the 2 libraries as single object files :-).
|
||||
# If you want to use the assember code for your particular platform
|
||||
# (DEC alpha/x86 are the main ones, the other assember is just the
|
||||
# output from gcc) you will need to link the assember with the above generated
|
||||
# object file and also do the above compile as
|
||||
gcc -O2 -DBN_ASM -c -Icrypto -Iinclude crypto/crypto.c
|
||||
|
||||
This last option is probably the best way to go when porting to another
|
||||
platform or building shared libraries. It is not good for development so
|
||||
I don't normally use it.
|
||||
|
||||
To build shared libararies under unix, have a look in shlib, basically
|
||||
you are on your own, but it is quite easy and all you have to do
|
||||
is compile 2 (or 3) files.
|
||||
|
||||
For mult-threading, have a read of doc/threads.doc. Again it is quite
|
||||
easy and normally only requires some extra callbacks to be defined
|
||||
by the application.
|
||||
The examples for solaris and windows NT/95 are in the mt directory.
|
||||
|
||||
have fun
|
||||
|
||||
eric 25-Jun-1997
|
||||
|
||||
IRIX 5.x will build as a 32 bit system with mips1 assember.
|
||||
IRIX 6.x will build as a 64 bit system with mips3 assember. It conforms
|
||||
to n32 standards. In theory you can compile the 64 bit assember under
|
||||
IRIX 5.x but you will have to have the correct system software installed.
|
||||
2074
INSTALL.md
2074
INSTALL.md
File diff suppressed because it is too large
Load Diff
177
LICENSE.txt
177
LICENSE.txt
@@ -1,177 +0,0 @@
|
||||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
https://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
146
MICROSOFT
Normal file
146
MICROSOFT
Normal file
@@ -0,0 +1,146 @@
|
||||
The Microsoft World.
|
||||
|
||||
The good news, to build SSLeay for the Microsft World
|
||||
|
||||
Windows 3.1 DLL's
|
||||
perl Configure VC-WIN16
|
||||
nmake -f ms\w31dll.mak
|
||||
|
||||
Windows NT/95 DLL's
|
||||
perl Configure VC-WIN32
|
||||
nmake -f ms\ntdll.mak
|
||||
|
||||
Now the bad news
|
||||
All builds were done using Microsofts Visual C++ 1.52c and [45].x.
|
||||
If you are a borland person, you are probably going to have to help me
|
||||
finish the stuff in util/pl/BC*pl
|
||||
|
||||
All builds were made under Windows NT - this means long filenames, so
|
||||
you may have problems under Windows 3.1 but probably not under 95.
|
||||
|
||||
Because file pointers don't work in DLL's under Windows 3.1 (well at
|
||||
least stdin/stdout don't and I don't like having to differentiate
|
||||
between these and other file pointers), I now use the BIO file-pointer
|
||||
module, which needs to be linked into your application. You can either
|
||||
use the memory buffer BIO for IO, or compile bss_file.c into your
|
||||
application, it is in the apps directory and is just a copy of
|
||||
crypto/buffer/bss_file.c with #define APPS_WIN16 added.
|
||||
I have not yet automated the makefile to automatically copy it into 'out'
|
||||
for a win 3.1 build....
|
||||
|
||||
All callbacks passed into SSLeay for Windows 3.1 need to be of type
|
||||
_far _loadds.
|
||||
|
||||
I don't support building with the pascal calling convention.
|
||||
|
||||
The DLL and static builds are large memory model.
|
||||
|
||||
To build static libraries for NT/95 or win 3.1
|
||||
|
||||
perl util/mk1mf.pl VC-WIN32 > mf-stat.nt
|
||||
perl util/mk1mf.pl VC-WIN16 > mf-stat.w31
|
||||
for DLL's
|
||||
perl util/mk1mf.pl dll VC-WIN32 > mf-dll.nt
|
||||
perl util/mk1mf.pl dll VC-WIN16 > mf-dll.w31
|
||||
|
||||
Again you will notice that if you dont have perl, you cannot do this.
|
||||
|
||||
Now the next importaint issue. Running Configure!
|
||||
I have small assember code files for critical big number library operation
|
||||
in crypto/bn/asm. There is, asm code, object files and uuencode
|
||||
object files. They are
|
||||
x86nt32.asm - 32bit flat memory model assember - suitable Win32
|
||||
x86w16.asm - 16bit assember - used in the msdos build.
|
||||
x86w32.asm - 32bit assember, win 3.1 segments, used for win16 build.
|
||||
|
||||
If you feel compelled to build the 16bit maths routines in the windows 3.1
|
||||
build,
|
||||
perl Configure VC-W31-16
|
||||
perl util/mk1mf.pl dll VC-W31-16 > mf-dll.w31
|
||||
|
||||
If you hate assember and don't want anything to do with it,
|
||||
perl util/mk1mf.pl no-asm VC-WIN16 > mf-dll.w31
|
||||
will work for any of the makefile generations.
|
||||
|
||||
There are more options to mk1mf.pl but these all leave the temporary
|
||||
files in 'tmp' and the output files in 'out' by default.
|
||||
|
||||
The NT build is done for console mode.
|
||||
|
||||
The Windows 3.1 version of SSLeay uses quickwin, the interface is ugly
|
||||
but it is better than nothing. If you want ugly, try doing anything
|
||||
that involves getting a password. I decided to be ugly instead of
|
||||
echoing characters. For Windows 3.1 I would just sugest using the
|
||||
msdos version of the ssleay application for command line work.
|
||||
The QuickWin build is primarily for testing.
|
||||
|
||||
For both NT and Windows 3.1, I have not written the code so that
|
||||
s_client, s_server can take input from the keyboard. You can happily
|
||||
start applications up in separate windows, watch them handshake, and then sit
|
||||
there for-ever. I have not had the time to get this working, and I've
|
||||
been able to test things from a unix box to the NT box :-).
|
||||
Try running ssleay s_server on the windows box
|
||||
(with either -cert ../apps/server.pem -www)
|
||||
and run ssleay s_time from another window.
|
||||
This often stuffs up on Windows 3.1, but I'm not worried since this is
|
||||
probably a problem with my demo applications, not the libraries.
|
||||
|
||||
After a build of one of the version of microsoft SSLeay,
|
||||
'cd ms' and then run 'test'. This should check everything out and
|
||||
even does a trial run of generating certificates.
|
||||
'test.bat' requires that perl be install, you be in the ms directory
|
||||
(not the test directory, thats for unix so stay out :-) and that the
|
||||
build output directory be ../out
|
||||
|
||||
On a last note, you will probably get division by zero errors and
|
||||
stuff after a build. This is due to your own inability to follow
|
||||
instructions :-).
|
||||
|
||||
The reasons for the problem is probably one of the following.
|
||||
|
||||
1) You did not run Configure. This is critical for windows 3.1 when
|
||||
using assember. The values in crypto/bn/bn.h must match the
|
||||
ones requred for the assember code. (remember that if you
|
||||
edit crypto/bn/bn.h by hand, it will be clobered the next time
|
||||
you run Configure by the contents of crypto/bn/bn.org).
|
||||
SSLeay version -o will list the compile options.
|
||||
For VC-WIN32 you need bn(64,32) or bn(32,32)
|
||||
For VC-W31-32/VC-WIN16 you need bn(32,32)
|
||||
For VC-W31-16 you need bn(32,16) or bn(16,16)
|
||||
For VC-MSDOS you need bn(32,16) or bn(16,16).
|
||||
|
||||
The first number will be 2 times bigger than the second if
|
||||
BN_LLONG is defined in bn.h and the size of the second number
|
||||
depends on the 'bits' defined at the start of bn.h. Have a
|
||||
look, it's all reasonably clear.
|
||||
If you want to start messing with 8 bit builds and things like
|
||||
that, build without the assember by re-generating a makefile
|
||||
via 'perl util/mk1mf.pl no-asm'.
|
||||
2) You tried to build under MS-DOS or Windows 3.1 using the /G3
|
||||
option. Don't. It is buggy (thats why you just got that
|
||||
error) and unless you want to work out which optimising flag
|
||||
to turn off, I'm not going to help you :-). I also noticed
|
||||
that code often ran slower when compiled with /G3.
|
||||
3) Under NT/95, malloc goes stupid. You are probably linking with
|
||||
the wrong library, there are problems if you mix the threaded
|
||||
and non-threaded libraries (due to the DLL being staticly
|
||||
linked with one and the applicaion using another.
|
||||
|
||||
Well hopefully thats most of the MS issues handled, see you in ssl-users :-).
|
||||
|
||||
eric 30-Aug-1996
|
||||
|
||||
SSLeay 0.6.5
|
||||
For Windows 95/NT, add CRYPTO_malloc_init() to your program before any
|
||||
calls to the SSLeay libraries. This function will insert callbacks so that
|
||||
the SSLeay libraries will use the same malloc(), free() and realloc() as
|
||||
your application so 'problem 3)' mentioned above will go away.
|
||||
|
||||
There is now DES assember for Windows NT/95. The file is
|
||||
crypto/des/asm/win32.asm and replaces crypto/des/des_enc.c in the build.
|
||||
|
||||
There is also Blowfish assember for Windows NT/95. The file is
|
||||
crypto/bf/asm/win32.asm and replaces crypto/bf/bf_enc.c in the build.
|
||||
|
||||
eric 25-Jun-1997
|
||||
|
||||
338
Makefile.ssl
Normal file
338
Makefile.ssl
Normal file
@@ -0,0 +1,338 @@
|
||||
#
|
||||
# Makefile for all the SSL related library routines and utilities
|
||||
VERSION = 0.9.1b
|
||||
PLATFORM=debug
|
||||
#
|
||||
# make install will install:
|
||||
# libraries into $INSTALLTOP/lib
|
||||
# headers into $INSTALLTOP/include
|
||||
# utilities into $INSTALLTOP/bin
|
||||
#
|
||||
# By default INSTALLTOP is set to /usr/local/ssl
|
||||
# If you want things install elsewere, consider running
|
||||
# perl util/ssldir.pl /new/path
|
||||
#
|
||||
# Interesting Mailing Lists:
|
||||
# ssl-bugs@mincom.oz.au
|
||||
# ssl-users@mincom.oz.au
|
||||
#
|
||||
# To join the Mailing Lists:
|
||||
# ssl-bugs-request@mincom.oz.au
|
||||
# ssl-users-request@mincom.oz.au
|
||||
#
|
||||
# If you must get hold of people directly (we much prefer the above
|
||||
# lists to be used if the question is of general interest!):
|
||||
# Eric Young <eay@cryptsoft.com>
|
||||
# Tim Hudson <tjh@cryptsoft.com>
|
||||
# or both <ssleay@cryptsoft.com>
|
||||
#
|
||||
# The primary distribution of SSLeay is from
|
||||
# ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL
|
||||
#
|
||||
# NOCONST - Define for C compilers that don't like the const key word.
|
||||
# NOPROTO - Define in if your compiler does not support prototypes.
|
||||
# RSAref - Define if we are to link with RSAref.
|
||||
# NO_IDEA - Define to build without the IDEA algorithm
|
||||
# NO_RC4 - Define to build without the RC4 algorithm
|
||||
# NO_RC2 - Define to build without the RC2 algorithm
|
||||
# THREADS - Define when building with threads, you will probably also need any
|
||||
# system defines as well, i.e. _REENTERANT for Solaris 2.[34]
|
||||
# TERMIO - Define the termio terminal subsystem, needed if sgtty is missing.
|
||||
# TERMIOS - Define the termios terminal subsystem, Silicon Graphics.
|
||||
# LONGCRYPT - Define to use HPUX 10.x's long password modification to crypt(3).
|
||||
# DEVRANDOM - Give this the value of the 'random device' if your OS supports
|
||||
# one. 32 bytes will be read from this when the random
|
||||
# number generator is initalised.
|
||||
# SSL_ALLOW_ADH - define if you want the server to be able to use the
|
||||
# SSLv3 anon-DH ciphers.
|
||||
# SSL_ALLOW_ENULL - define if you want the server to be able to use the
|
||||
# NULL encryption ciphers.
|
||||
#
|
||||
# LOCK_DEBUG - turns on lots of lock debug output :-)
|
||||
# REF_CHECK - turn on some xyz_free() assertions.
|
||||
# REF_PRINT - prints some stuff on structure free.
|
||||
# CRYPTO_MDEBUG - turns on my 'memory leak' detecting stuff
|
||||
# MFUNC - Make all Malloc/Free/Realloc calls call
|
||||
# CRYPTO_malloc/CRYPTO_free/CRYPTO_realloc which can be setup to
|
||||
# call application defined callbacks via CRYPTO_set_mem_functions()
|
||||
# MD5_ASM needs to be defined to use the x86 assembler for MD5
|
||||
# SHA1_ASM needs to be defined to use the x86 assembler for SHA1
|
||||
# RMD160_ASM needs to be defined to use the x86 assembler for RIPEMD160
|
||||
# Do not define B_ENDIAN or L_ENDIAN if 'unsigned long' == 8. It must
|
||||
# equal 4.
|
||||
# PKCS1_CHECK - pkcs1 tests.
|
||||
|
||||
CC= gcc
|
||||
#CFLAG= -DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -m486 -Wall -Wuninitialized -DSHA1_ASM -DMD5_ASM -DRMD160_ASM
|
||||
CFLAG= -DBN_DEBUG -DREF_CHECK -DCRYPTO_MDEBUG -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror
|
||||
PEX_LIBS= -L. -L.. -L../.. -L../../..
|
||||
EX_LIBS= -lefence
|
||||
AR=ar r
|
||||
|
||||
# Set BN_ASM to bn_asm.o if you want to use the C version
|
||||
BN_ASM= bn_asm.o
|
||||
#BN_ASM= bn_asm.o
|
||||
#BN_ASM= asm/bn86-elf.o # elf, linux-elf
|
||||
#BN_ASM= asm/bn86-sol.o # solaris
|
||||
#BN_ASM= asm/bn86-out.o # a.out, FreeBSD
|
||||
#BN_ASM= asm/bn86bsdi.o # bsdi
|
||||
#BN_ASM= asm/alpha.o # DEC Alpha
|
||||
#BN_ASM= asm/pa-risc2.o # HP-UX PA-RISC
|
||||
#BN_ASM= asm/r3000.o # SGI MIPS cpu
|
||||
#BN_ASM= asm/sparc.o # Sun solaris/SunOS
|
||||
#BN_ASM= asm/bn-win32.o # Windows 95/NT
|
||||
#BN_ASM= asm/x86w16.o # 16 bit code for Windows 3.1/DOS
|
||||
#BN_ASM= asm/x86w32.o # 32 bit code for Windows 3.1
|
||||
|
||||
# Set DES_ENC to des_enc.o if you want to use the C version
|
||||
#There are 4 x86 assember options.
|
||||
DES_ENC= des_enc.o fcrypt_b.o
|
||||
#DES_ENC= des_enc.o fcrypt_b.o # C
|
||||
#DES_ENC= asm/dx86-elf.o asm/yx86-elf.o # elf
|
||||
#DES_ENC= asm/dx86-sol.o asm/yx86-sol.o # solaris
|
||||
#DES_ENC= asm/dx86-out.o asm/yx86-out.o # a.out, FreeBSD
|
||||
#DES_ENC= asm/dx86bsdi.o asm/yx86bsdi.o # bsdi
|
||||
|
||||
# Set BF_ENC to bf_enc.o if you want to use the C version
|
||||
#There are 4 x86 assember options.
|
||||
BF_ENC= bf_enc.o
|
||||
#BF_ENC= bf_enc.o
|
||||
#BF_ENC= asm/bx86-elf.o # elf
|
||||
#BF_ENC= asm/bx86-sol.o # solaris
|
||||
#BF_ENC= asm/bx86-out.o # a.out, FreeBSD
|
||||
#BF_ENC= asm/bx86bsdi.o # bsdi
|
||||
|
||||
# Set CAST_ENC to c_enc.o if you want to use the C version
|
||||
#There are 4 x86 assember options.
|
||||
CAST_ENC= c_enc.o
|
||||
#CAST_ENC= c_enc.o
|
||||
#CAST_ENC= asm/cx86-elf.o # elf
|
||||
#CAST_ENC= asm/cx86-sol.o # solaris
|
||||
#CAST_ENC= asm/cx86-out.o # a.out, FreeBSD
|
||||
#CAST_ENC= asm/cx86bsdi.o # bsdi
|
||||
|
||||
# Set RC4_ENC to rc4_enc.o if you want to use the C version
|
||||
#There are 4 x86 assember options.
|
||||
RC4_ENC= rc4_enc.o
|
||||
#RC4_ENC= rc4_enc.o
|
||||
#RC4_ENC= asm/rx86-elf.o # elf
|
||||
#RC4_ENC= asm/rx86-sol.o # solaris
|
||||
#RC4_ENC= asm/rx86-out.o # a.out, FreeBSD
|
||||
#RC4_ENC= asm/rx86bsdi.o # bsdi
|
||||
|
||||
# Set RC5_ENC to rc5_enc.o if you want to use the C version
|
||||
#There are 4 x86 assember options.
|
||||
RC5_ENC= rc5_enc.o
|
||||
#RC5_ENC= rc5_enc.o
|
||||
#RC5_ENC= asm/r586-elf.o # elf
|
||||
#RC5_ENC= asm/r586-sol.o # solaris
|
||||
#RC5_ENC= asm/r586-out.o # a.out, FreeBSD
|
||||
#RC5_ENC= asm/r586bsdi.o # bsdi
|
||||
|
||||
# Also need MD5_ASM defined
|
||||
MD5_ASM_OBJ=
|
||||
#MD5_ASM_OBJ= asm/mx86-elf.o # elf
|
||||
#MD5_ASM_OBJ= asm/mx86-sol.o # solaris
|
||||
#MD5_ASM_OBJ= asm/mx86-out.o # a.out, FreeBSD
|
||||
#MD5_ASM_OBJ= asm/mx86bsdi.o # bsdi
|
||||
|
||||
# Also need SHA1_ASM defined
|
||||
SHA1_ASM_OBJ=
|
||||
#SHA1_ASM_OBJ= asm/sx86-elf.o # elf
|
||||
#SHA1_ASM_OBJ= asm/sx86-sol.o # solaris
|
||||
#SHA1_ASM_OBJ= asm/sx86-out.o # a.out, FreeBSD
|
||||
#SHA1_ASM_OBJ= asm/sx86bsdi.o # bsdi
|
||||
|
||||
# Also need RMD160_ASM defined
|
||||
RMD160_ASM_OBJ=
|
||||
#RMD160_ASM_OBJ= asm/rm86-elf.o # elf
|
||||
#RMD160_ASM_OBJ= asm/rm86-sol.o # solaris
|
||||
#RMD160_ASM_OBJ= asm/rm86-out.o # a.out, FreeBSD
|
||||
#RMD160_ASM_OBJ= asm/rm86bsdi.o # bsdi
|
||||
|
||||
DIRS= crypto ssl rsaref apps test tools
|
||||
# dirs in crypto to build
|
||||
SDIRS= \
|
||||
md2 md5 sha mdc2 hmac ripemd \
|
||||
des rc2 rc4 rc5 idea bf cast \
|
||||
bn rsa dsa dh \
|
||||
buffer bio stack lhash rand err objects \
|
||||
evp pem asn1 x509 conf txt_db pkcs7 comp
|
||||
|
||||
# If you change the INSTALLTOP, make sure to also change the values
|
||||
# in crypto/location.h
|
||||
INSTALLTOP=/usr/local/ssl
|
||||
|
||||
MAKEFILE= Makefile.ssl
|
||||
MAKE= make -f Makefile.ssl
|
||||
|
||||
MAN1=1
|
||||
MAN3=3
|
||||
SHELL=/bin/sh
|
||||
|
||||
TOP= .
|
||||
ONEDIRS=out tmp
|
||||
EDIRS= times doc bugs util include certs ms shlib mt demos perl sf dep
|
||||
MISC= COPYRIGHT Configure HISTORY.090 HISTORY.066 INSTALL Makefile.ssl \
|
||||
Makefile \
|
||||
README TODO HISTORY README.066 README.080 README.090 \
|
||||
VERSION PROBLEMS MINFO makefile.one e_os.h \
|
||||
MICROSOFT makevms.com config PATENTS
|
||||
WDIRS= windows
|
||||
LIBS= libcrypto.a libssl.a
|
||||
|
||||
GENERAL= Makefile
|
||||
BASENAME= SSLeay
|
||||
NAME= $(BASENAME)-$(VERSION)
|
||||
TARFILE= $(NAME).tar
|
||||
WTARFILE= $(NAME)-win.tar
|
||||
EXHEADER= e_os.h
|
||||
HEADER= e_os.h
|
||||
|
||||
all:
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making $$i..."; \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' SDIRS='${SDIRS}' AR='${AR}' all ); \
|
||||
done;
|
||||
|
||||
sub_all:
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making $$i..."; \
|
||||
$(MAKE) CC='${CC}' PLATFORM='${PLATFORM}' CFLAG='${CFLAG}' SDIRS='$(SDIRS)' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' all ); \
|
||||
done;
|
||||
|
||||
libclean:
|
||||
/bin/rm *.a */lib */*/lib
|
||||
|
||||
clean:
|
||||
/bin/rm -f shlib/*.o *.o core a.out fluff *.map
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "cleaning $$i..."; \
|
||||
$(MAKE) SDIRS='${SDIRS}' clean ); \
|
||||
/bin/rm -f $(LIBS); \
|
||||
done;
|
||||
/bin/rm -f *.a *.o speed.* *.map *.so .pure core
|
||||
/bin/rm -f $(TARFILE)
|
||||
@for i in $(ONEDIRS) ;\
|
||||
do \
|
||||
/bin/rm -fr $$i/*; \
|
||||
done
|
||||
|
||||
makefile.one: files
|
||||
perl util/mk1mf.pl >makefile.one; \
|
||||
sh util/do_ms.sh
|
||||
|
||||
files: MINFO
|
||||
perl $(TOP)/util/files.pl Makefile.ssl > $(TOP)/MINFO
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making 'files' in $$i..."; \
|
||||
$(MAKE) SDIRS='${SDIRS}' files ); \
|
||||
done;
|
||||
|
||||
links:
|
||||
/bin/rm -f Makefile;
|
||||
./util/point.sh Makefile.ssl Makefile;
|
||||
$(TOP)/util/mklink.sh include $(EXHEADER) ;
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making links in $$i..."; \
|
||||
$(MAKE) SDIRS='${SDIRS}' links ); \
|
||||
done;
|
||||
# @(cd apps; sh ./mklinks)
|
||||
@( SSLEAY="`pwd`/apps/ssleay"; export SSLEAY; sh tools/c_rehash certs )
|
||||
|
||||
dclean:
|
||||
/bin/rm -f *.bak
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "undoing makedepend in $$i..."; \
|
||||
$(MAKE) SDIRS='${SDIRS}' dclean ); \
|
||||
done;
|
||||
|
||||
rehash:
|
||||
@(PATH="`pwd`/apps:${PATH}"; sh tools/c_rehash certs)
|
||||
|
||||
test: tests
|
||||
|
||||
tests:
|
||||
(cd test; echo "testing $$i..."; \
|
||||
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' PEX_LIBS='${PEX_LIBS}' EX_LIBS='${EX_LIBS}' BN_ASM='${BN_ASM}' DES_ENC='${DES_ENC}' BF_ENC='${BF_ENC}' CAST_ENC='${CAST_ENC}' RC4_ENC='${RC4_ENC}' RC5_ENC='${RC5_ENC}' SDIRS='${SDIRS}' SHA1_ASM_OBJ='${SHA1_ASM_OBJ}' MD5_ASM_OBJ='${MD5_ASM_OBJ}' RMD160_ASM_OBJ='${RMD160_ASM_OBJ}' AR='${AR}' tests );
|
||||
@apps/ssleay version -a
|
||||
|
||||
depend:
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making dependancies $$i..."; \
|
||||
$(MAKE) SDIRS='${SDIRS}' depend ); \
|
||||
done;
|
||||
|
||||
lint:
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making lint $$i..."; \
|
||||
$(MAKE) SDIRS='${SDIRS}' lint ); \
|
||||
done;
|
||||
|
||||
tags:
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making tags $$i..."; \
|
||||
$(MAKE) SDIRS='${SDIRS}' tags ); \
|
||||
done;
|
||||
|
||||
errors:
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "making errors in $$i..."; \
|
||||
$(MAKE) SDIRS='${SDIRS}' errors ); \
|
||||
done;
|
||||
|
||||
tar:
|
||||
@(cd ..;\
|
||||
mv $(BASENAME) $(NAME); \
|
||||
export STUFF; \
|
||||
for i in $(MISC) $(DIRS) $(EDIRS) $(ONEDIRS) ;\
|
||||
do \
|
||||
STUFF="$$STUFF $(NAME)/$$i"; \
|
||||
done; \
|
||||
tar cf $(NAME)/$(TARFILE) $$STUFF; \
|
||||
mv $(NAME) $(BASENAME) )
|
||||
gzip -f $(TARFILE)
|
||||
|
||||
dist:
|
||||
perl Configure dist
|
||||
perl util/up_ver.pl ${VERSION}
|
||||
@$(MAKE) dist_pem_h
|
||||
@$(MAKE) SDIRS='${SDIRS}' clean
|
||||
@$(MAKE) SDIRS='${SDIRS}' dclean
|
||||
@(cd apps; sh ./rmlinks)
|
||||
@$(MAKE) makefile.one
|
||||
@$(MAKE) tar
|
||||
|
||||
dist_pem_h:
|
||||
(cd crypto/pem; $(MAKE) SDIRS='${SDIRS}' CFLAG='${CFLAG}' pem.h; $(MAKE) clean)
|
||||
|
||||
install: all
|
||||
@-mkdir -p $(INSTALLTOP)/bin 2>/dev/null
|
||||
@-mkdir -p $(INSTALLTOP)/lib 2>/dev/null
|
||||
@-mkdir -p $(INSTALLTOP)/include 2>/dev/null
|
||||
@-mkdir -p $(INSTALLTOP)/certs 2>/dev/null
|
||||
@-mkdir -p $(INSTALLTOP)/private 2>/dev/null
|
||||
@for i in $(DIRS) ;\
|
||||
do \
|
||||
(cd $$i; echo "installing $$i..."; \
|
||||
$(MAKE) CC='${CC}' CFLAG='${CFLAG}' INSTALLTOP='${INSTALLTOP}' EX_LIBS='${EX_LIBS}' SDIRS='${SDIRS}' install ); \
|
||||
done
|
||||
@for i in $(LIBS) ;\
|
||||
do \
|
||||
( echo installing $$i; \
|
||||
cp $$i $(INSTALLTOP)/lib; \
|
||||
sh util/ranlib.sh $(INSTALLTOP)/lib/$$i; \
|
||||
chmod 644 $(INSTALLTOP)/lib/$$i ); \
|
||||
done
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
@@ -1,90 +0,0 @@
|
||||
Notes for Android platforms
|
||||
===========================
|
||||
|
||||
Requirement details
|
||||
-------------------
|
||||
|
||||
Beside basic tools like perl and make, you'll need to download the Android
|
||||
NDK. It's available for Linux, macOS and Windows, but only Linux
|
||||
version was actually tested. There is no reason to believe that macOS
|
||||
wouldn't work. And as for Windows, it's unclear which "shell" would be
|
||||
suitable, MSYS2 might have best chances. NDK version should play lesser
|
||||
role, the goal is to support a range of most recent versions.
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
Android is a cross-compiled target and you can't rely on `./Configure`
|
||||
to find out the configuration target for you. You have to name your
|
||||
target explicitly; there are `android-arm`, `android-arm64`, `android-mips`,
|
||||
`android-mip64`, `android-x86`, `android-x86_64` and `android-riscv64`
|
||||
(`*MIPS` targets are no longer supported with NDK R20+).
|
||||
|
||||
Do not pass --cross-compile-prefix (as you might be tempted), as it
|
||||
will be "calculated" automatically based on chosen platform. However,
|
||||
you still need to know the prefix to extend your PATH, in order to
|
||||
invoke `$(CROSS_COMPILE)clang` [`*gcc` on NDK 19 and lower] and company.
|
||||
(`./Configure` will fail and give you a hint if you get it wrong.)
|
||||
|
||||
Apart from `PATH` adjustment, you need to set `ANDROID_NDK_ROOT` environment
|
||||
to point at the `NDK` directory. If you're using a side-by-side NDK the path
|
||||
will look something like `/some/where/android-sdk/ndk/<ver>`, and for a
|
||||
standalone NDK the path will be something like `/some/where/android-ndk-<ver>`.
|
||||
Both variables are significant at both configuration and compilation times.
|
||||
The NDK customarily supports multiple Android API levels, e.g. `android-14`,
|
||||
`android-21`, etc. By default, latest API level is chosen. If you need to target
|
||||
an older platform pass the argument `-D__ANDROID_API__=N` to `Configure`,
|
||||
with `N` being the numerical value of the target platform version. For example,
|
||||
to compile for Android 10 arm64 with a side-by-side NDK r20.0.5594570
|
||||
|
||||
export ANDROID_NDK_ROOT=/home/whoever/Android/android-sdk/ndk/20.0.5594570
|
||||
PATH=$ANDROID_NDK_ROOT/toolchains/llvm/prebuilt/linux-x86_64/bin:$ANDROID_NDK_ROOT/toolchains/arm-linux-androideabi-4.9/prebuilt/linux-x86_64/bin:$PATH
|
||||
./Configure android-arm64 -D__ANDROID_API__=29
|
||||
make
|
||||
|
||||
Older versions of the NDK have GCC under their common prebuilt tools
|
||||
directory, so the bin path will be slightly different. EG: to compile
|
||||
for ICS on ARM with NDK 10d:
|
||||
|
||||
export ANDROID_NDK_ROOT=/some/where/android-ndk-10d
|
||||
PATH=$ANDROID_NDK_ROOT/toolchains/arm-linux-androideabi-4.8/prebuilt/linux-x86_64/bin:$PATH
|
||||
./Configure android-arm -D__ANDROID_API__=14
|
||||
make
|
||||
|
||||
Caveat lector! Earlier OpenSSL versions relied on additional `CROSS_SYSROOT`
|
||||
variable set to `$ANDROID_NDK_ROOT/platforms/android-<api>/arch-<arch>` to
|
||||
appoint headers-n-libraries' location. It's still recognized in order
|
||||
to facilitate migration from older projects. However, since API level
|
||||
appears in `CROSS_SYSROOT` value, passing `-D__ANDROID_API__=N` can be in
|
||||
conflict, and mixing the two is therefore not supported. Migration to
|
||||
`CROSS_SYSROOT`-less setup is recommended.
|
||||
|
||||
One can engage clang by adjusting PATH to cover the same NDK's clang. Just
|
||||
keep in mind that if you miss it, Configure will try to use gcc...
|
||||
Also, PATH would need even further adjustment to cover unprefixed, yet
|
||||
target-specific, ar and ranlib. It's possible that you don't need to
|
||||
bother, if binutils-multiarch is installed on your Linux system.
|
||||
|
||||
Another option is to create so called "standalone toolchain" tailored
|
||||
for single specific platform including Android API level, and assign its
|
||||
location to `ANDROID_NDK_ROOT`. In such case, you have to pass matching
|
||||
target name to Configure and shouldn't use `-D__ANDROID_API__=N`. `PATH`
|
||||
adjustment becomes simpler, `$ANDROID_NDK_ROOT/bin:$PATH` suffices.
|
||||
|
||||
Running tests (on Linux)
|
||||
------------------------
|
||||
|
||||
This is not actually supported. Notes are meant rather as inspiration.
|
||||
|
||||
Even though build output targets alien system, it's possible to execute
|
||||
test suite on Linux system by employing qemu-user. The trick is static
|
||||
linking. Pass -static to Configure, then edit generated Makefile and
|
||||
remove occurrences of -ldl and -pie flags. You would also need to pick
|
||||
API version that comes with usable static libraries, 42/2=21 used to
|
||||
work. Once built, you should be able to
|
||||
|
||||
env EXE_SHELL=qemu-<arch> make test
|
||||
|
||||
If you need to pass additional flag to qemu, quotes are your friend, e.g.
|
||||
|
||||
env EXE_SHELL="qemu-mips64el -cpu MIPS64R6-generic" make test
|
||||
@@ -1,33 +0,0 @@
|
||||
Notes on ANSI C
|
||||
===============
|
||||
|
||||
When building for pure ANSI C (C89/C90), you must configure with at least
|
||||
the following configuration settings:
|
||||
|
||||
- `no-asm`
|
||||
|
||||
There are cases of `asm()` calls in our C source, which isn't supported
|
||||
in pure ANSI C.
|
||||
|
||||
- `no-secure-memory`
|
||||
|
||||
The secure memory calls aren't supported with ANSI C.
|
||||
|
||||
- `-D_XOPEN_SOURCE=1`
|
||||
|
||||
This macro enables the use of the following types, functions and global
|
||||
variables:
|
||||
|
||||
- `timezone`
|
||||
|
||||
- `-D_POSIX_C_SOURCE=200809L`
|
||||
|
||||
This macro enables the use of the following types, functions and global
|
||||
variables:
|
||||
|
||||
- `ssize_t`
|
||||
- `strdup()`
|
||||
|
||||
It's arguable that with gcc and clang, all of these issues are removed when
|
||||
defining the macro `_DEFAULT_SOURCE`. However, that effectively sets the C
|
||||
language level to C99, which isn't ANSI C.
|
||||
@@ -1,46 +0,0 @@
|
||||
Notes for the DOS platform with DJGPP
|
||||
=====================================
|
||||
|
||||
OpenSSL has been ported to DJGPP, a Unix look-alike 32-bit run-time
|
||||
environment for 16-bit DOS, but only with long filename support.
|
||||
If you wish to compile on native DOS with 8+3 filenames, you will
|
||||
have to tweak the installation yourself, including renaming files
|
||||
with illegal or duplicate names.
|
||||
|
||||
You should have a full DJGPP environment installed, including the
|
||||
latest versions of DJGPP, GCC, BINUTILS, BASH, etc. This package
|
||||
requires that PERL and the PERL module `Text::Template` also be
|
||||
installed (see [NOTES-PERL.md](NOTES-PERL.md)).
|
||||
|
||||
All of these can be obtained from the usual DJGPP mirror sites or
|
||||
directly at <http://www.delorie.com/pub/djgpp>. For help on which
|
||||
files to download, see the DJGPP "ZIP PICKER" page at
|
||||
<http://www.delorie.com/djgpp/zip-picker.html>. You also need to have
|
||||
the WATT-32 networking package installed before you try to compile
|
||||
OpenSSL. This can be obtained from <http://www.watt-32.net/>.
|
||||
The Makefile assumes that the WATT-32 code is in the directory
|
||||
specified by the environment variable WATT_ROOT. If you have watt-32
|
||||
in directory `watt32` under your main DJGPP directory, specify
|
||||
`WATT_ROOT="/dev/env/DJDIR/watt32"`.
|
||||
|
||||
To compile OpenSSL, start your BASH shell, then configure for DJGPP by
|
||||
running `./Configure` with appropriate arguments:
|
||||
|
||||
./Configure no-threads --prefix=/dev/env/DJDIR DJGPP
|
||||
|
||||
And finally fire up `make`. You may run out of DPMI selectors when
|
||||
running in a DOS box under Windows. If so, just close the BASH
|
||||
shell, go back to Windows, and restart BASH. Then run `make` again.
|
||||
|
||||
RUN-TIME CAVEAT LECTOR
|
||||
--------------
|
||||
|
||||
Quoting FAQ:
|
||||
|
||||
"Cryptographic software needs a source of unpredictable data to work
|
||||
correctly. Many open source operating systems provide a "randomness
|
||||
device" (`/dev/urandom` or `/dev/random`) that serves this purpose."
|
||||
|
||||
As of version 0.9.7f DJGPP port checks upon `/dev/urandom$` for a 3rd
|
||||
party "randomness" DOS driver. One such driver, `NOISE.SYS`, can be
|
||||
obtained from <http://www.rahul.net/dkaufman/index.html>.
|
||||
254
NOTES-NONSTOP.md
254
NOTES-NONSTOP.md
@@ -1,254 +0,0 @@
|
||||
NOTES FOR THE HPE NONSTOP PLATFORM
|
||||
==============================
|
||||
|
||||
Requirement details
|
||||
-------------------
|
||||
|
||||
In addition to the requirements and instructions listed
|
||||
in [INSTALL.md](INSTALL.md), the following are required as well:
|
||||
|
||||
* The TNS/X platform supports hardware randomization.
|
||||
Specify the `--with-rand-seed=rdcpu` option to the `./Configure` script.
|
||||
This is recommended but not required. `egd` is supported at 3.0 but cannot
|
||||
be used if FIPS is selected.
|
||||
* The TNS/E platform does not support hardware randomization, so
|
||||
specify the `--with-rand-seed=egd` option to the `./Configure` script.
|
||||
|
||||
About c99 compiler
|
||||
------------------
|
||||
|
||||
The c99 compiler is required for building OpenSSL from source. While c11
|
||||
may work, it has not been broadly tested. c99 is the only compiler
|
||||
prerequisite needed to build OpenSSL 3.0 on this platform.
|
||||
|
||||
Threading Models
|
||||
----------------
|
||||
|
||||
OpenSSL can be built either using the POSIX User Threads (PUT) threading model,
|
||||
or with threading support disabled. Select the following build configuration
|
||||
for each on the TNS/X (L-Series) platform:
|
||||
|
||||
* `nonstop-nsx` or default will select an unthreaded 32-bit build.
|
||||
* `nonstop-nsx_64` selects an unthreaded 64-bit memory and file length build.
|
||||
* `nonstop-nsx_64_klt` selects the 64-bit memory and file length KLT build.
|
||||
* `nonstop-nsx_put` selects the PUT build.
|
||||
* `nonstop-nsx_64_put` selects the 64-bit memory and file length PUT build.
|
||||
|
||||
The KLT threading model is a newly released model on NonStop. It implements
|
||||
kernel-level threading. KLT provides much closer threading to what OpenSSL
|
||||
uses for Linux-like threading models. KLT continues to use the pthread library
|
||||
API. There is no supported 32-bit or Guardian builds for KLT. Note: KLT is
|
||||
not currently available but is planned for post-2024.
|
||||
|
||||
The SPT threading model is no longer supported as of OpenSSL 3.2.
|
||||
|
||||
The PUT model is incompatible with the QUIC capability. This capability should
|
||||
be disabled when building with PUT.
|
||||
|
||||
### TNS/E Considerations
|
||||
|
||||
The TNS/E platform is build using the same set of builds specifying `nse`
|
||||
instead of `nsx` in the set above.
|
||||
|
||||
You cannot build for TNS/E for FIPS, so you must specify the `no-fips`
|
||||
option to `./Configure`.
|
||||
|
||||
Linking and Loading Considerations
|
||||
----------------------------------
|
||||
|
||||
Because of how the NonStop Common Runtime Environment (CRE) works, there are
|
||||
restrictions on how programs can link and load with OpenSSL libraries.
|
||||
On current NonStop platforms, programs cannot both statically link OpenSSL
|
||||
libraries and dynamically load OpenSSL shared libraries concurrently. If this
|
||||
is done, there is a high probability of encountering a SIGSEGV condition
|
||||
relating to `atexit()` processing when a shared library is unloaded and when
|
||||
the program terminates. This limitation applies to all OpenSSL shared library
|
||||
components.
|
||||
|
||||
A control has been added as of 3.3.x to disable calls to `atexit()` within the
|
||||
`libcrypto` builds (specifically in `crypto/init.c`). This switch can be
|
||||
controlled using `disable-atexit` or `enable-atexit`, and is disabled by default
|
||||
for NonStop builds. If you need to have `atexit()` functionality, set
|
||||
`enabled-atexit` when configuring OpenSSL to enable the `atexit()` call to
|
||||
register `OPENSSL_cleanup()` automatically. Preferably, you can explicitly call
|
||||
`OPENSSL_cleanup()` from your application.
|
||||
|
||||
About Prefix and OpenSSLDir
|
||||
---------------------------
|
||||
|
||||
Because there are many potential builds that must co-exist on any given
|
||||
NonStop node, managing the location of your build distribution is crucial.
|
||||
Keep each destination separate and distinct. Mixing any mode described in
|
||||
this document can cause application instability. The recommended approach
|
||||
is to specify the OpenSSL version and threading model in your configuration
|
||||
options, and keeping your memory and float options consistent, for example:
|
||||
|
||||
* For 1.1 `--prefix=/usr/local-ssl1.1 --openssldir=/usr/local-ssl1.1/ssl`
|
||||
* For 1.1 PUT `--prefix=/usr/local-ssl1.1_put --openssldir=/usr/local-ssl1.1_put/ssl`
|
||||
|
||||
As of 3.0, the NonStop configurations use the multilib attribute to distinguish
|
||||
between different models:
|
||||
|
||||
* For 3.0 `--prefix=/usr/local-ssl3.0 --openssldir=/usr/local-ssl3.0/ssl`
|
||||
|
||||
The PUT model is placed in `${prefix}/lib-put` for 32-bit models and
|
||||
`${prefix}/lib64-put` for 64-bit models.
|
||||
|
||||
Use the `_RLD_LIB_PATH` environment variable in OSS to select the appropriate
|
||||
directory containing `libcrypto.so` and `libssl.so`. In GUARDIAN, use the
|
||||
`=_RLD_LIB_PATH` search define to locate the GUARDIAN subvolume where OpenSSL
|
||||
is installed.
|
||||
|
||||
Float Considerations
|
||||
--------------------
|
||||
|
||||
OpenSSL is built using IEEE Float mode by default. If you need a different
|
||||
IEEE mode, create a new configuration specifying `tfloat-x86-64` (for Tandem
|
||||
Float) or `nfloat-x86-64` (for Neutral Float).
|
||||
|
||||
Memory Models
|
||||
-------------
|
||||
|
||||
The current OpenSSL default memory model uses the default platform address
|
||||
model. If you need a different address model, you must specify the appropriate
|
||||
c99 options for compile (`CFLAGS`) and linkers (`LDFLAGS`).
|
||||
|
||||
Cross Compiling on Windows
|
||||
--------------------------
|
||||
|
||||
To configure and compile OpenSSL, you will need to set up a Cygwin environment.
|
||||
The Cygwin tools should include bash, make, and any other normal tools required
|
||||
for building programs.
|
||||
|
||||
Your `PATH` must include the bin directory for the c99 cross-compiler, as in:
|
||||
|
||||
export PATH=/cygdrive/c/Program\ Files\ \(x86\)/HPE\ NonStop/L16.05/usr/bin:$PATH
|
||||
|
||||
This should be set before Configure is run. For the c99 cross-compiler to work
|
||||
correctly, you also need the `COMP_ROOT` set, as in:
|
||||
|
||||
export COMP_ROOT="C:\Program Files (x86)\HPE NonStop\L16.05"
|
||||
|
||||
`COMP_ROOT` needs to be in Windows form.
|
||||
|
||||
An example of a `Configure` command to be run from the OpenSSL directory is:
|
||||
|
||||
./Configure nonstop-nsx_64 --with-rand-seed=rdcpu
|
||||
|
||||
Do not forget to include any OpenSSL cross-compiling prefix and certificate
|
||||
options when creating your libraries.
|
||||
|
||||
The OpenSSL test suite will not run on your workstation. In order to verify the
|
||||
build, you will need to perform the build and test steps in OSS in your NonStop
|
||||
server. You can also build under gcc and run the test suite for Windows but that
|
||||
is not equivalent.
|
||||
|
||||
**Note:** In the event that you are attempting a FIPS-compliant cross-compile,
|
||||
be aware that signatures may not match between builds done under OSS and under
|
||||
cross-compiles as the compilers do not necessarily generate identical objects.
|
||||
Anything and everything to do with FIPS is outside the scope of this document.
|
||||
Refer to the FIPS security policy for more information.
|
||||
|
||||
The following build configurations have been successfully attempted at one
|
||||
point or another. If you are successful in your cross-compile efforts, please
|
||||
update this list:
|
||||
|
||||
- nonstop-nsx_64
|
||||
- nonstop-nsx_64_put
|
||||
|
||||
**Note:** Cross-compile builds for TNS/E have not been attempted, but should
|
||||
follow the same considerations as for TNS/X above.
|
||||
|
||||
Also see the NSDEE discussion below for more historical information.
|
||||
|
||||
Cross Compiling with NSDEE
|
||||
--------------------------
|
||||
|
||||
**Note:** None of these builds have been tested by the platform maintainer and
|
||||
are supplied for historical value. Please submit a Pull Request to OpenSSL
|
||||
should these need to be adjusted.
|
||||
|
||||
If you are attempting to build OpenSSL with NSDEE, you will need to specify
|
||||
the following variables. The following set of compiler defines are required:
|
||||
|
||||
# COMP_ROOT must be a full path for the build system (e.g. windows)
|
||||
COMP_ROOT=$(cygpath -w /path/to/comp_root)
|
||||
# CC must be executable by your shell
|
||||
CC=/path/to/c99
|
||||
|
||||
### Optional Build Variables
|
||||
|
||||
DBGFLAG="--debug"
|
||||
CIPHENABLES="enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-rc4"
|
||||
|
||||
### Internal Known TNS/X to TNS/E Cross Compile Variables
|
||||
|
||||
The following definition is required if you are building on TNS/X for TNS/E
|
||||
and have access to a TNS/E machine on your EXPAND network - with an example
|
||||
node named `\CS3`:
|
||||
|
||||
SYSTEMLIBS="-L/E/cs3/usr/local/lib"
|
||||
|
||||
Version Procedure (VPROC) Considerations
|
||||
----------------------------------------
|
||||
|
||||
If you require a VPROC entry for platform version identification, use the
|
||||
following variables:
|
||||
|
||||
### For Itanium
|
||||
|
||||
OPENSSL_VPROC_PREFIX=T0085H06
|
||||
|
||||
### For x86
|
||||
|
||||
OPENSSL_VPROC_PREFIX=T0085L01
|
||||
|
||||
### Common Definition
|
||||
|
||||
export OPENSSL_VPROC=${OPENSSL_VPROC_PREFIX}_$(
|
||||
. VERSION.dat
|
||||
if [ -n "$PRE_RELEASE_TAG" ]; then
|
||||
PRE_RELEASE_TAG="-$PRE_RELEASE_TAG"
|
||||
fi
|
||||
if [ -n "$BUILD_METADATA" ]; then
|
||||
BUILD_METADATA="+$BUILD_METADATA"
|
||||
fi
|
||||
echo "$MAJOR.$MINOR.$PATCH$PRE_RELEASE_TAG$BUILD_METADATA" |\
|
||||
sed -e 's/[-.+]/_/g'
|
||||
)
|
||||
|
||||
Example Configure Targets
|
||||
-------------------------
|
||||
|
||||
For OSS targets, the main DLL names will be `libssl.so` and `libcrypto.so`.
|
||||
The following assumes that your PWD is set according to your installation
|
||||
standards.
|
||||
|
||||
./Configure nonstop-nsx --prefix=${PWD} \
|
||||
--openssldir=${PWD}/ssl no-threads \
|
||||
--with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
|
||||
./Configure nonstop-nsx_put --prefix=${PWD} \
|
||||
--openssldir=${PWD}/ssl threads "-D_REENTRANT" \
|
||||
--with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
|
||||
./Configure nonstop-nsx_64 --prefix=${PWD} \
|
||||
--openssldir=${PWD}/ssl no-threads \
|
||||
--with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
|
||||
./Configure nonstop-nsx_64_put --prefix=${PWD} \
|
||||
--openssldir=${PWD}/ssl threads "-D_REENTRANT" \
|
||||
--with-rand-seed=rdcpu ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
|
||||
|
||||
./Configure nonstop-nse --prefix=${PWD} \
|
||||
--openssldir=${PWD}/ssl no-threads \
|
||||
--with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
|
||||
./Configure nonstop-nse_g --prefix=${PWD} \
|
||||
--openssldir=${PWD}/ssl no-threads \
|
||||
--with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
|
||||
./Configure nonstop-nse_put --prefix=${PWD} \
|
||||
--openssldir=${PWD}/ssl threads "-D_REENTRANT" \
|
||||
--with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
|
||||
./Configure nonstop-nse_64 --prefix=${PWD} \
|
||||
--openssldir=${PWD}/ssl no-threads \
|
||||
--with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
|
||||
./Configure nonstop-nse_64_put --prefix=${PWD} \
|
||||
--openssldir=${PWD}/ssl threads "-D_REENTRANT"
|
||||
--with-rand-seed=egd ${CIPHENABLES} ${DBGFLAG} ${SYSTEMLIBS}
|
||||
127
NOTES-PERL.md
127
NOTES-PERL.md
@@ -1,127 +0,0 @@
|
||||
Notes on Perl
|
||||
=============
|
||||
|
||||
- [General Notes](#general-notes)
|
||||
- [Perl on Windows](#perl-on-windows)
|
||||
- [Perl on VMS](#perl-on-vms)
|
||||
- [Perl on NonStop](#perl-on-nonstop)
|
||||
- [Required Perl modules](#required-perl-modules)
|
||||
- [Notes on installing a Perl module](#notes-on-installing-a-perl-module])
|
||||
|
||||
General Notes
|
||||
-------------
|
||||
|
||||
For our scripts, we rely quite a bit on Perl, and increasingly on
|
||||
some core Perl modules. These Perl modules are part of the Perl
|
||||
source, so if you build Perl on your own, you should be set.
|
||||
|
||||
However, if you install Perl as binary packages, the outcome might
|
||||
differ, and you may have to check that you do get the core modules
|
||||
installed properly. We do not claim to know them all, but experience
|
||||
has told us the following:
|
||||
|
||||
- on Linux distributions based on Debian, the package `perl` will
|
||||
install the core Perl modules as well, so you will be fine.
|
||||
- on Linux distributions based on RPMs, you will need to install
|
||||
`perl-core` rather than just `perl`.
|
||||
|
||||
You MUST have at least Perl version 5.10.0 installed. This minimum
|
||||
requirement is due to our use of regexp backslash sequence \R among
|
||||
other features that didn't exist in core Perl before that version.
|
||||
|
||||
Perl on Windows
|
||||
---------------
|
||||
|
||||
There are a number of build targets that can be viewed as "Windows".
|
||||
Indeed, there are `VC-*` configs targeting Visual Studio C, as well as
|
||||
MinGW and Cygwin. The key recommendation is to use a Perl installation
|
||||
that matches the build environment. For example, if you will build
|
||||
on Cygwin be sure to use the Cygwin package manager to install Perl.
|
||||
For MSYS builds use the MSYS provided Perl.
|
||||
For VC-* builds, we recommend Strawberry Perl, from <http://strawberryperl.com>.
|
||||
An alternative is ActiveState Perl, from <http://www.activestate.com/ActivePerl>
|
||||
for which you may need to explicitly select the Perl module Win32/Console.pm
|
||||
available via <https://platform.activestate.com/ActiveState>.
|
||||
|
||||
Perl on VMS
|
||||
-----------
|
||||
|
||||
You will need to install Perl separately. One way to do so is to
|
||||
download the source from <http://perl.org/>, unpacking it, reading
|
||||
`README-VMS.md` and follow the instructions. Another way is to download a
|
||||
`.PCSI` file from <http://www.vmsperl.com/> and install it using the
|
||||
POLYCENTER install tool.
|
||||
|
||||
Perl on NonStop
|
||||
---------------
|
||||
|
||||
Perl is installed on HPE NonStop platforms as part of the Scripting Languages
|
||||
package T1203PAX file. The package is shipped as part of a NonStop RVU
|
||||
(Release Version Updates) package. Individual SPRs (Software Product Release)
|
||||
representing fixes can be obtained from the Scout website at
|
||||
<https://h22204.www2.hpe.com/NEP>. Follow the appropriate set of installation
|
||||
instructions for your operating system release as described in the
|
||||
Script Language User Guide available from the NonStop Technical Library.
|
||||
|
||||
Required Perl modules
|
||||
---------------------
|
||||
|
||||
We do our best to limit ourselves to core Perl modules to keep the
|
||||
requirements down. There are just a few exceptions.
|
||||
|
||||
* Text::Template this is required *for building*
|
||||
|
||||
To avoid unnecessary initial hurdles, we include a copy of this module
|
||||
in the source. It will work as a fallback if the module isn't already
|
||||
installed.
|
||||
|
||||
* `Test::More` this is required *for testing*
|
||||
|
||||
We require the minimum version to be 0.96, which appeared in Perl 5.13.4,
|
||||
because that version was the first to have all the features we're using.
|
||||
This module is required for testing only! If you don't plan on running
|
||||
the tests, you don't need to bother with this one.
|
||||
|
||||
Notes on installing a Perl module
|
||||
---------------------------------
|
||||
|
||||
There are a number of ways to install a perl module. In all
|
||||
descriptions below, `Text::Template` will serve as an example.
|
||||
|
||||
1. for Linux users, the easiest is to install with the use of your
|
||||
favorite package manager. Usually, all you need to do is search
|
||||
for the module name and to install the package that comes up.
|
||||
|
||||
On Debian based Linux distributions, it would go like this:
|
||||
|
||||
$ apt-cache search Text::Template
|
||||
...
|
||||
libtext-template-perl - perl module to process text templates
|
||||
$ sudo apt-get install libtext-template-perl
|
||||
|
||||
Perl modules in Debian based distributions use package names like
|
||||
the name of the module in question, with "lib" prepended and
|
||||
"-perl" appended.
|
||||
|
||||
2. Install using CPAN. This is very easy, but usually requires root
|
||||
access:
|
||||
|
||||
$ cpan -i Text::Template
|
||||
|
||||
Note that this runs all the tests that the module to be installed
|
||||
comes with. This is usually a smooth operation, but there are
|
||||
platforms where a failure is indicated even though the actual tests
|
||||
were successful. Should that happen, you can force an
|
||||
installation regardless (that should be safe since you've already
|
||||
seen the tests succeed!):
|
||||
|
||||
$ cpan -f -i Text::Template
|
||||
|
||||
Note: on VMS, you must quote any argument that contains uppercase
|
||||
characters, so the lines above would be:
|
||||
|
||||
$ cpan -i "Text::Template"
|
||||
|
||||
and:
|
||||
|
||||
$ cpan -f -i "Text::Template"
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user