mirror/openssl
1
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2026-01-15 21:49:45 +00:00
Code Issues Actions 64 Packages Projects Releases Wiki Activity

Compare commits

base: mirror:feature/method-store-freeze
Branches Tags
mirror:master mirror:openssl-3.0 mirror:openssl-3.3 mirror:openssl-3.4 mirror:openssl-3.5 mirror:openssl-3.6 mirror:feature/dtls-1.3 mirror:feature/method-store-freeze mirror:feature/removesslv3 mirror:feature/ech mirror:feature/ossl_fn mirror:feature/engineremoval mirror:openssl-3.2 mirror:feature/quic-0-rtt mirror:feature/evp_skey mirror:feature/acert-cli mirror:openssl-3.1 mirror:feature/hss mirror:OpenSSL_1_1_1-stable mirror:OpenSSL_1_0_2-stable mirror:OpenSSL_1_1_0-stable mirror:OpenSSL-fips-2_0-stable mirror:OpenSSL-fips-2_0-dev mirror:tls1.3-draft-18 mirror:tls1.3-draft-19 mirror:OpenSSL_1_0_1-stable mirror:OpenSSL_1_0_0-stable mirror:OpenSSL_0_9_8-stable mirror:OpenSSL-fips-1_2-stable mirror:OpenSSL-fips-0_9_8-stable mirror:OpenSSL_0_9_7-stable mirror:OpenSSL_0_9_8fg-stable mirror:OpenSSL-fips2-0_9_7-stable mirror:OpenSSL_0_9_6-stable mirror:OpenSSL-engine-0_9_6-stable mirror:OpenSSL-fips-0_9_7-stable mirror:SSLeay
mirror:3.4-POST-CLANG-FORMAT-WEBKIT mirror:3.4-PRE-CLANG-FORMAT-WEBKIT mirror:3.0-POST-CLANG-FORMAT-WEBKIT mirror:3.0-PRE-CLANG-FORMAT-WEBKIT mirror:3.3-POST-CLANG-FORMAT-WEBKIT mirror:3.3-PRE-CLANG-FORMAT-WEBKIT mirror:3.5-POST-CLANG-FORMAT-WEBKIT mirror:3.5-PRE-CLANG-FORMAT-WEBKIT mirror:3.6-POST-CLANG-FORMAT-WEBKIT mirror:3.6-PRE-CLANG-FORMAT-WEBKIT mirror:4.0-POST-CLANG-FORMAT-WEBKIT mirror:4.0-PRE-CLANG-FORMAT-WEBKIT mirror:openssl-3.6.0 mirror:openssl-3.0.18 mirror:openssl-3.2.6 mirror:openssl-3.3.5 mirror:openssl-3.4.3 mirror:openssl-3.5.4 mirror:openssl-3.6.0-beta1 mirror:openssl-3.5.3 mirror:openssl-3.6.0-alpha1 mirror:openssl-3.5.2 mirror:openssl-3.0.17 mirror:openssl-3.2.5 mirror:openssl-3.3.4 mirror:openssl-3.4.2 mirror:openssl-3.5.1 mirror:openssl-3.5.0 mirror:openssl-3.5.0-beta1 mirror:openssl-3.5.0-alpha1 mirror:openssl-3.0.16 mirror:openssl-3.1.8 mirror:openssl-3.2.4 mirror:openssl-3.3.3 mirror:openssl-3.4.1 mirror:openssl-3.4.0 mirror:openssl-3.4.0-beta1 mirror:openssl-3.4.0-alpha1 mirror:openssl-3.0.15 mirror:openssl-3.1.7 mirror:openssl-3.2.3 mirror:openssl-3.3.2 mirror:openssl-3.0.14 mirror:openssl-3.1.6 mirror:openssl-3.2.2 mirror:openssl-3.3.1 mirror:openssl-3.3.0 mirror:openssl-3.3.0-beta1 mirror:openssl-3.3.0-alpha1 mirror:openssl-3.0.13 mirror:openssl-3.1.5 mirror:openssl-3.2.1 mirror:openssl-3.2.0 mirror:openssl-3.2.0-beta1 mirror:openssl-3.0.12 mirror:openssl-3.1.4 mirror:openssl-3.2.0-alpha2 mirror:openssl-3.0.11 mirror:openssl-3.1.3 mirror:OpenSSL_1_1_1w mirror:openssl-3.2.0-alpha1 mirror:OpenSSL_1_1_1v mirror:openssl-3.0.10 mirror:openssl-3.1.2 mirror:OpenSSL_1_1_1u mirror:openssl-3.0.9 mirror:openssl-3.1.1 mirror:openssl-3.1.0 mirror:openssl-3.0.8 mirror:OpenSSL_1_1_1t mirror:openssl-3.1.0-beta1 mirror:openssl-3.1.0-alpha1 mirror:openssl-3.0.7 mirror:OpenSSL_1_1_1s mirror:OpenSSL_1_1_1r mirror:openssl-3.0.6 mirror:OpenSSL_1_1_1q mirror:openssl-3.0.5 mirror:OpenSSL_1_1_1p mirror:openssl-3.0.4 mirror:OpenSSL_1_1_1o mirror:openssl-3.0.3 mirror:OpenSSL_1_1_1n mirror:openssl-3.0.2 mirror:openssl-3.0.1 mirror:OpenSSL_1_1_1m mirror:openssl-3.0.0 mirror:OpenSSL_1_1_1l mirror:openssl-3.0.0-beta2 mirror:openssl-3.0.0-beta1 mirror:openssl-3.0.0-alpha17 mirror:openssl-3.0.0-alpha16 mirror:openssl-3.0.0-alpha15 mirror:openssl-3.0.0-alpha14 mirror:OpenSSL_1_1_1k mirror:openssl-3.0.0-alpha13 mirror:openssl-3.0.0-alpha12 mirror:OpenSSL_1_1_1j mirror:openssl-3.0.0-alpha11 mirror:openssl-3.0.0-alpha10 mirror:OpenSSL_1_1_1i mirror:openssl-3.0.0-alpha9 mirror:openssl-3.0.0-alpha8 mirror:openssl-3.0.0-alpha7 mirror:OpenSSL_1_1_1h mirror:openssl-3.0.0-alpha6 mirror:openssl-3.0.0-alpha5 mirror:openssl-3.0.0-alpha4 mirror:openssl-3.0.0-alpha3 mirror:openssl-3.0.0-alpha2 mirror:openssl-3.0.0-alpha1 mirror:OpenSSL_1_1_1g mirror:OpenSSL_1_1_1f mirror:OpenSSL_1_1_1e mirror:OpenSSL_1_0_2u mirror:OpenSSL_1_0_2t mirror:OpenSSL_1_1_0l mirror:OpenSSL_1_1_1d mirror:OpenSSL_1_1_1c mirror:OpenSSL_1_1_0k mirror:OpenSSL_1_0_2s mirror:OpenSSL_1_0_2r mirror:OpenSSL_1_1_1b mirror:OpenSSL_1_0_2q mirror:OpenSSL_1_1_0j mirror:OpenSSL_1_1_1a mirror:OpenSSL_1_1_1 mirror:OpenSSL_1_1_1-pre9 mirror:OpenSSL_1_0_2p mirror:OpenSSL_1_1_0i mirror:OpenSSL_1_1_1-pre8 mirror:OpenSSL_1_1_1-pre7 mirror:OpenSSL_1_1_1-pre6 mirror:OpenSSL_1_1_1-pre5 mirror:OpenSSL_1_1_1-pre4 mirror:OpenSSL_1_0_2o mirror:OpenSSL_1_1_0h mirror:OpenSSL_1_1_1-pre3 mirror:OpenSSL_1_1_1-pre2 mirror:OpenSSL_1_1_1-pre1 mirror:OpenSSL_1_0_2n mirror:OpenSSL_1_0_2m mirror:OpenSSL_1_1_0g mirror:OpenSSL-fips-2_0_16 mirror:OpenSSL-fips-2_0_15 mirror:OpenSSL_1_0_2l mirror:OpenSSL_1_1_0f mirror:OpenSSL-fips-2_0_14 mirror:OpenSSL_1_1_0e mirror:OpenSSL_1_0_2k mirror:OpenSSL_1_1_0d mirror:OpenSSL-fips-2_0_13 mirror:OpenSSL_1_1_0c mirror:OpenSSL_1_0_2j mirror:OpenSSL_1_1_0b mirror:OpenSSL_1_0_1u mirror:OpenSSL_1_0_2i mirror:OpenSSL_1_1_0a mirror:OpenSSL_1_1_0 mirror:OpenSSL_1_1_0-pre6 mirror:OpenSSL_1_0_1t mirror:OpenSSL_1_0_2h mirror:OpenSSL_1_1_0-pre5 mirror:OpenSSL_1_1_0-pre4 mirror:OpenSSL_1_0_1s mirror:OpenSSL_1_0_2g mirror:OpenSSL_1_1_0-pre3 mirror:OpenSSL-fips-2_0_12 mirror:OpenSSL-fips-2_0_11 mirror:OpenSSL-fips-2_0_10 mirror:OpenSSL_1_0_1r mirror:OpenSSL_1_0_2f mirror:OpenSSL_1_1_0-pre2 mirror:OpenSSL_1_1_0-pre1 mirror:OpenSSL_0_9_8zh mirror:OpenSSL_1_0_0t mirror:OpenSSL_1_0_1q mirror:OpenSSL_1_0_2e mirror:OpenSSL_1_0_1p mirror:OpenSSL_1_0_2d mirror:OpenSSL_1_0_1o mirror:OpenSSL_1_0_2c mirror:OpenSSL_0_9_8zg mirror:OpenSSL_1_0_0s mirror:OpenSSL_1_0_1n mirror:OpenSSL_1_0_2b mirror:OpenSSL-fips-2_0_9 mirror:OpenSSL_0_9_8zf mirror:OpenSSL_1_0_0r mirror:OpenSSL_1_0_1m mirror:OpenSSL_1_0_2a mirror:OpenSSL_0_9_8-pre-reformat mirror:OpenSSL_0_9_8-pre-auto-reformat mirror:OpenSSL_0_9_8-post-auto-reformat mirror:OpenSSL_0_9_8-post-reformat mirror:OpenSSL_1_0_0-pre-reformat mirror:OpenSSL_1_0_0-pre-auto-reformat mirror:OpenSSL_1_0_0-post-auto-reformat mirror:OpenSSL_1_0_0-post-reformat mirror:OpenSSL_1_0_1-pre-reformat mirror:OpenSSL_1_0_1-pre-auto-reformat mirror:OpenSSL_1_0_1-post-auto-reformat mirror:OpenSSL_1_0_1-post-reformat mirror:OpenSSL_1_0_2-pre-reformat mirror:OpenSSL_1_0_2-pre-auto-reformat mirror:OpenSSL_1_0_2-post-auto-reformat mirror:OpenSSL_1_0_2-post-reformat mirror:master-pre-reformat mirror:master-pre-auto-reformat mirror:master-post-auto-reformat mirror:master-post-reformat mirror:OpenSSL_1_0_2 mirror:OpenSSL_0_9_8ze mirror:OpenSSL_1_0_0q mirror:OpenSSL_1_0_1l mirror:OpenSSL_0_9_8zd mirror:OpenSSL_1_0_0p mirror:OpenSSL_1_0_1k mirror:OpenSSL-fips-2_0_8 mirror:OpenSSL_1_0_1j mirror:OpenSSL_1_0_0o mirror:OpenSSL_0_9_8zc mirror:OpenSSL_1_0_2-beta3 mirror:OpenSSL_0_9_8zb mirror:OpenSSL_1_0_0n mirror:OpenSSL_1_0_1i mirror:OpenSSL_1_0_2-beta2 mirror:OpenSSL-fips-2_0_7 mirror:OpenSSL_1_0_1h mirror:OpenSSL_1_0_0m mirror:OpenSSL_0_9_8za mirror:OpenSSL-fips-2_0_6 mirror:OpenSSL_1_0_1g mirror:OpenSSL_1_0_2-beta1 mirror:OpenSSL_1_0_0l mirror:OpenSSL_1_0_1f mirror:OpenSSL-fips-2_0_4 mirror:OpenSSL-fips-2_0_5 mirror:OpenSSL-fips-2_0_3 mirror:OpenSSL-fips-2_0_2 mirror:OpenSSL_1_0_1e mirror:OpenSSL_1_0_0k mirror:OpenSSL_1_0_1d mirror:OpenSSL_0_9_8y mirror:OpenSSL-fips-2_0-pl1 mirror:OpenSSL-fips-2_0_1 mirror:OpenSSL_1_0_1c mirror:OpenSSL_1_0_0j mirror:OpenSSL_0_9_8x mirror:OpenSSL_1_0_1b mirror:OpenSSL_0_9_8w mirror:OpenSSL_1_0_1a mirror:OpenSSL_0_9_8v mirror:OpenSSL_1_0_0i mirror:OpenSSL_1_0_1 mirror:OpenSSL_1_0_0h mirror:OpenSSL_0_9_8u mirror:OpenSSL_1_0_1-beta3 mirror:OpenSSL_1_0_1-beta2 mirror:OpenSSL-fips-2_0-rc9 mirror:OpenSSL-fips-2_0 mirror:OpenSSL_1_0_0g mirror:OpenSSL_0_9_8t mirror:OpenSSL_0_9_8s mirror:OpenSSL_1_0_0f mirror:OpenSSL-fips-2_0-rc8 mirror:OpenSSL_1_0_1-beta1 mirror:OpenSSL-fips-2_0-rc7 mirror:OpenSSL-fips-2_0-rc6 mirror:OpenSSL-fips-2_0-rc5 mirror:OpenSSL-fips-2_0-rc4 mirror:OpenSSL-fips-2_0-rc3 mirror:OpenSSL-fips-2_0-rc2 mirror:OpenSSL-fips-2_0-rc1 mirror:OpenSSL-fips-1_2_3 mirror:OpenSSL-fips-1_2_2 mirror:OpenSSL-fips-1_2_1 mirror:OpenSSL_1_0_0e mirror:OpenSSL_1_0_0d mirror:OpenSSL_0_9_8r mirror:OpenSSL_0_9_8q mirror:OpenSSL_1_0_0c mirror:OpenSSL_0_9_8p mirror:OpenSSL_1_0_0b mirror:OpenSSL_0_9_8o mirror:OpenSSL_1_0_0a mirror:OpenSSL_1_0_0 mirror:OpenSSL_0_9_8n mirror:OpenSSL_0_9_8m mirror:OpenSSL_0_9_8m-beta1 mirror:OpenSSL_1_0_0-beta5 mirror:OpenSSL_1_0_0-beta4 mirror:OpenSSL_0_9_8l mirror:OpenSSL_1_0_0-beta3 mirror:OpenSSL_1_0_0-beta2 mirror:OpenSSL_1_0_0-beta1 mirror:OpenSSL_0_9_8k mirror:OpenSSL_0_9_8j mirror:OpenSSL_0_9_8i mirror:OpenSSL_0_9_8h mirror:OpenSSL_0_9_8g mirror:OpenSSL_0_9_8f mirror:OpenSSL-fips-1_2_0 mirror:FIPS_098_TEST_8 mirror:FIPS_098_TEST_7 mirror:FIPS_098_TEST_6 mirror:FIPS_098_TEST_5 mirror:FIPS_098_TEST_4 mirror:FIPS_098_TEST_3 mirror:FIPS_098_TEST_2 mirror:FIPS_098_TEST_1 mirror:OpenSSL_0_9_7m mirror:OpenSSL_0_9_8e mirror:OpenSSL_0_9_7l mirror:OpenSSL_0_9_8d mirror:OpenSSL_0_9_8c mirror:OpenSSL_0_9_7k mirror:OpenSSL_0_9_7j mirror:OpenSSL_0_9_8b mirror:OpenSSL_FIPS_1_0 mirror:OpenSSL_0_9_7i mirror:OpenSSL_0_9_8a mirror:OpenSSL_0_9_7h mirror:OpenSSL_0_9_8 mirror:FIPS_TEST_10 mirror:OpenSSL_0_9_8-beta6 mirror:OpenSSL_0_9_8-beta5 mirror:FIPS_TEST_9 mirror:OpenSSL_0_9_8-beta4 mirror:OpenSSL_0_9_8-beta3 mirror:BEN_FIPS_TEST_8 mirror:OpenSSL_0_9_8-beta2 mirror:OpenSSL_0_9_8-beta1 mirror:OpenSSL_0_9_7g mirror:OpenSSL_0_9_7f mirror:BEN_FIPS_TEST_7 mirror:BEN_FIPS_TEST_6 mirror:OpenSSL_0_9_7e mirror:OpenSSL_0_9_7d mirror:OpenSSL-engine-0_9_6m mirror:OpenSSL_0_9_6m mirror:LEVITTE_after_const mirror:LEVITTE_before_const mirror:BEN_FIPS_TEST_5 mirror:BEN_FIPS_TEST_4 mirror:OpenSSL-engine-0_9_6l mirror:OpenSSL_0_9_6l mirror:BEN_FIPS_TEST_3 mirror:BEN_FIPS_TEST_2 mirror:BEN_FIPS_TEST_1 mirror:OpenSSL-engine-0_9_6k mirror:OpenSSL_0_9_6k mirror:OpenSSL_0_9_7c mirror:OpenSSL-engine-0_9_6j mirror:OpenSSL_0_9_7b mirror:OpenSSL_0_9_6j mirror:OpenSSL-engine-0_9_6i mirror:OpenSSL_0_9_6i mirror:OpenSSL_0_9_7a mirror:OpenSSL_0_9_7 mirror:OpenSSL_0_9_7-beta6 mirror:STATE_after_zlib mirror:STATE_before_zlib mirror:OpenSSL_0_9_7-beta5 mirror:OpenSSL-engine-0_9_6h mirror:OpenSSL_0_9_6h mirror:OpenSSL_0_9_7-beta4 mirror:OpenSSL-engine-0_9_6g mirror:OpenSSL_0_9_6g mirror:OpenSSL-engine-0_9_6f mirror:OpenSSL_0_9_6f mirror:OpenSSL_0_9_7-beta3 mirror:OpenSSL-engine-0_9_6e mirror:OpenSSL_0_9_6e mirror:OpenSSL_0_9_7-beta2 mirror:OpenSSL_0_9_7-beta1 mirror:AFTER_COMPAQ_PATCH mirror:BEFORE_COMPAQ_PATCH mirror:OpenSSL-engine-0_9_6d mirror:OpenSSL_0_9_6d mirror:OpenSSL-engine-0_9_6d-beta1 mirror:OpenSSL_0_9_6d-beta1 mirror:OpenSSL-engine-0_9_6c mirror:OpenSSL_0_9_6c mirror:OpenSSL-engine-0_9_6b mirror:OpenSSL_0_9_6b mirror:OpenSSL_0_9_6a mirror:OpenSSL-engine-0_9_6a mirror:OpenSSL-engine-0_9_6a-beta3 mirror:OpenSSL_0_9_6a-beta3 mirror:OpenSSL-engine-0_9_6a-beta2 mirror:OpenSSL_0_9_6a-beta2 mirror:OpenSSL-engine-0_9_6a-beta1 mirror:OpenSSL_0_9_6a-beta1 mirror:rsaref mirror:BEFORE_engine mirror:OpenSSL_0_9_6-beta2 mirror:OpenSSL_0_9_6-beta1 mirror:OpenSSL_0_9_6 mirror:OpenSSL-engine-0_9_6 mirror:OpenSSL-engine-0_9_6-beta3 mirror:OpenSSL_0_9_6-beta3 mirror:OpenSSL-engine-0_9_6-beta2 mirror:OpenSSL-engine-0_9_6-beta1 mirror:OpenSSL_0_9_5 mirror:OpenSSL_0_9_5a mirror:OpenSSL_0_9_5a-beta2 mirror:OpenSSL_0_9_5a-beta1 mirror:OpenSSL_0_9_5beta2 mirror:OpenSSL_0_9_5beta1 mirror:OpenSSL_0_9_4 mirror:OpenSSL_0_9_3a mirror:OpenSSL_0_9_3 mirror:OpenSSL_0_9_3beta2 mirror:OpenSSL_0_9_3beta1 mirror:OpenSSL_0_9_2b mirror:OpenSSL_0_9_1c mirror:SSLeay_0_9_1b mirror:SSLeay_0_9_0b mirror:SSLeay_0_8_1b
..
compare: mirror:tls1.3-draft-19
Branches Tags
mirror:master mirror:openssl-3.0 mirror:openssl-3.3 mirror:openssl-3.4 mirror:openssl-3.5 mirror:openssl-3.6 mirror:feature/dtls-1.3 mirror:feature/method-store-freeze mirror:feature/removesslv3 mirror:feature/ech mirror:feature/ossl_fn mirror:feature/engineremoval mirror:openssl-3.2 mirror:feature/quic-0-rtt mirror:feature/evp_skey mirror:feature/acert-cli mirror:openssl-3.1 mirror:feature/hss mirror:OpenSSL_1_1_1-stable mirror:OpenSSL_1_0_2-stable mirror:OpenSSL_1_1_0-stable mirror:OpenSSL-fips-2_0-stable mirror:OpenSSL-fips-2_0-dev mirror:tls1.3-draft-18 mirror:tls1.3-draft-19 mirror:OpenSSL_1_0_1-stable mirror:OpenSSL_1_0_0-stable mirror:OpenSSL_0_9_8-stable mirror:OpenSSL-fips-1_2-stable mirror:OpenSSL-fips-0_9_8-stable mirror:OpenSSL_0_9_7-stable mirror:OpenSSL_0_9_8fg-stable mirror:OpenSSL-fips2-0_9_7-stable mirror:OpenSSL_0_9_6-stable mirror:OpenSSL-engine-0_9_6-stable mirror:OpenSSL-fips-0_9_7-stable mirror:SSLeay
mirror:3.4-POST-CLANG-FORMAT-WEBKIT mirror:3.4-PRE-CLANG-FORMAT-WEBKIT mirror:3.0-POST-CLANG-FORMAT-WEBKIT mirror:3.0-PRE-CLANG-FORMAT-WEBKIT mirror:3.3-POST-CLANG-FORMAT-WEBKIT mirror:3.3-PRE-CLANG-FORMAT-WEBKIT mirror:3.5-POST-CLANG-FORMAT-WEBKIT mirror:3.5-PRE-CLANG-FORMAT-WEBKIT mirror:3.6-POST-CLANG-FORMAT-WEBKIT mirror:3.6-PRE-CLANG-FORMAT-WEBKIT mirror:4.0-POST-CLANG-FORMAT-WEBKIT mirror:4.0-PRE-CLANG-FORMAT-WEBKIT mirror:openssl-3.6.0 mirror:openssl-3.0.18 mirror:openssl-3.2.6 mirror:openssl-3.3.5 mirror:openssl-3.4.3 mirror:openssl-3.5.4 mirror:openssl-3.6.0-beta1 mirror:openssl-3.5.3 mirror:openssl-3.6.0-alpha1 mirror:openssl-3.5.2 mirror:openssl-3.0.17 mirror:openssl-3.2.5 mirror:openssl-3.3.4 mirror:openssl-3.4.2 mirror:openssl-3.5.1 mirror:openssl-3.5.0 mirror:openssl-3.5.0-beta1 mirror:openssl-3.5.0-alpha1 mirror:openssl-3.0.16 mirror:openssl-3.1.8 mirror:openssl-3.2.4 mirror:openssl-3.3.3 mirror:openssl-3.4.1 mirror:openssl-3.4.0 mirror:openssl-3.4.0-beta1 mirror:openssl-3.4.0-alpha1 mirror:openssl-3.0.15 mirror:openssl-3.1.7 mirror:openssl-3.2.3 mirror:openssl-3.3.2 mirror:openssl-3.0.14 mirror:openssl-3.1.6 mirror:openssl-3.2.2 mirror:openssl-3.3.1 mirror:openssl-3.3.0 mirror:openssl-3.3.0-beta1 mirror:openssl-3.3.0-alpha1 mirror:openssl-3.0.13 mirror:openssl-3.1.5 mirror:openssl-3.2.1 mirror:openssl-3.2.0 mirror:openssl-3.2.0-beta1 mirror:openssl-3.0.12 mirror:openssl-3.1.4 mirror:openssl-3.2.0-alpha2 mirror:openssl-3.0.11 mirror:openssl-3.1.3 mirror:OpenSSL_1_1_1w mirror:openssl-3.2.0-alpha1 mirror:OpenSSL_1_1_1v mirror:openssl-3.0.10 mirror:openssl-3.1.2 mirror:OpenSSL_1_1_1u mirror:openssl-3.0.9 mirror:openssl-3.1.1 mirror:openssl-3.1.0 mirror:openssl-3.0.8 mirror:OpenSSL_1_1_1t mirror:openssl-3.1.0-beta1 mirror:openssl-3.1.0-alpha1 mirror:openssl-3.0.7 mirror:OpenSSL_1_1_1s mirror:OpenSSL_1_1_1r mirror:openssl-3.0.6 mirror:OpenSSL_1_1_1q mirror:openssl-3.0.5 mirror:OpenSSL_1_1_1p mirror:openssl-3.0.4 mirror:OpenSSL_1_1_1o mirror:openssl-3.0.3 mirror:OpenSSL_1_1_1n mirror:openssl-3.0.2 mirror:openssl-3.0.1 mirror:OpenSSL_1_1_1m mirror:openssl-3.0.0 mirror:OpenSSL_1_1_1l mirror:openssl-3.0.0-beta2 mirror:openssl-3.0.0-beta1 mirror:openssl-3.0.0-alpha17 mirror:openssl-3.0.0-alpha16 mirror:openssl-3.0.0-alpha15 mirror:openssl-3.0.0-alpha14 mirror:OpenSSL_1_1_1k mirror:openssl-3.0.0-alpha13 mirror:openssl-3.0.0-alpha12 mirror:OpenSSL_1_1_1j mirror:openssl-3.0.0-alpha11 mirror:openssl-3.0.0-alpha10 mirror:OpenSSL_1_1_1i mirror:openssl-3.0.0-alpha9 mirror:openssl-3.0.0-alpha8 mirror:openssl-3.0.0-alpha7 mirror:OpenSSL_1_1_1h mirror:openssl-3.0.0-alpha6 mirror:openssl-3.0.0-alpha5 mirror:openssl-3.0.0-alpha4 mirror:openssl-3.0.0-alpha3 mirror:openssl-3.0.0-alpha2 mirror:openssl-3.0.0-alpha1 mirror:OpenSSL_1_1_1g mirror:OpenSSL_1_1_1f mirror:OpenSSL_1_1_1e mirror:OpenSSL_1_0_2u mirror:OpenSSL_1_0_2t mirror:OpenSSL_1_1_0l mirror:OpenSSL_1_1_1d mirror:OpenSSL_1_1_1c mirror:OpenSSL_1_1_0k mirror:OpenSSL_1_0_2s mirror:OpenSSL_1_0_2r mirror:OpenSSL_1_1_1b mirror:OpenSSL_1_0_2q mirror:OpenSSL_1_1_0j mirror:OpenSSL_1_1_1a mirror:OpenSSL_1_1_1 mirror:OpenSSL_1_1_1-pre9 mirror:OpenSSL_1_0_2p mirror:OpenSSL_1_1_0i mirror:OpenSSL_1_1_1-pre8 mirror:OpenSSL_1_1_1-pre7 mirror:OpenSSL_1_1_1-pre6 mirror:OpenSSL_1_1_1-pre5 mirror:OpenSSL_1_1_1-pre4 mirror:OpenSSL_1_0_2o mirror:OpenSSL_1_1_0h mirror:OpenSSL_1_1_1-pre3 mirror:OpenSSL_1_1_1-pre2 mirror:OpenSSL_1_1_1-pre1 mirror:OpenSSL_1_0_2n mirror:OpenSSL_1_0_2m mirror:OpenSSL_1_1_0g mirror:OpenSSL-fips-2_0_16 mirror:OpenSSL-fips-2_0_15 mirror:OpenSSL_1_0_2l mirror:OpenSSL_1_1_0f mirror:OpenSSL-fips-2_0_14 mirror:OpenSSL_1_1_0e mirror:OpenSSL_1_0_2k mirror:OpenSSL_1_1_0d mirror:OpenSSL-fips-2_0_13 mirror:OpenSSL_1_1_0c mirror:OpenSSL_1_0_2j mirror:OpenSSL_1_1_0b mirror:OpenSSL_1_0_1u mirror:OpenSSL_1_0_2i mirror:OpenSSL_1_1_0a mirror:OpenSSL_1_1_0 mirror:OpenSSL_1_1_0-pre6 mirror:OpenSSL_1_0_1t mirror:OpenSSL_1_0_2h mirror:OpenSSL_1_1_0-pre5 mirror:OpenSSL_1_1_0-pre4 mirror:OpenSSL_1_0_1s mirror:OpenSSL_1_0_2g mirror:OpenSSL_1_1_0-pre3 mirror:OpenSSL-fips-2_0_12 mirror:OpenSSL-fips-2_0_11 mirror:OpenSSL-fips-2_0_10 mirror:OpenSSL_1_0_1r mirror:OpenSSL_1_0_2f mirror:OpenSSL_1_1_0-pre2 mirror:OpenSSL_1_1_0-pre1 mirror:OpenSSL_0_9_8zh mirror:OpenSSL_1_0_0t mirror:OpenSSL_1_0_1q mirror:OpenSSL_1_0_2e mirror:OpenSSL_1_0_1p mirror:OpenSSL_1_0_2d mirror:OpenSSL_1_0_1o mirror:OpenSSL_1_0_2c mirror:OpenSSL_0_9_8zg mirror:OpenSSL_1_0_0s mirror:OpenSSL_1_0_1n mirror:OpenSSL_1_0_2b mirror:OpenSSL-fips-2_0_9 mirror:OpenSSL_0_9_8zf mirror:OpenSSL_1_0_0r mirror:OpenSSL_1_0_1m mirror:OpenSSL_1_0_2a mirror:OpenSSL_0_9_8-pre-reformat mirror:OpenSSL_0_9_8-pre-auto-reformat mirror:OpenSSL_0_9_8-post-auto-reformat mirror:OpenSSL_0_9_8-post-reformat mirror:OpenSSL_1_0_0-pre-reformat mirror:OpenSSL_1_0_0-pre-auto-reformat mirror:OpenSSL_1_0_0-post-auto-reformat mirror:OpenSSL_1_0_0-post-reformat mirror:OpenSSL_1_0_1-pre-reformat mirror:OpenSSL_1_0_1-pre-auto-reformat mirror:OpenSSL_1_0_1-post-auto-reformat mirror:OpenSSL_1_0_1-post-reformat mirror:OpenSSL_1_0_2-pre-reformat mirror:OpenSSL_1_0_2-pre-auto-reformat mirror:OpenSSL_1_0_2-post-auto-reformat mirror:OpenSSL_1_0_2-post-reformat mirror:master-pre-reformat mirror:master-pre-auto-reformat mirror:master-post-auto-reformat mirror:master-post-reformat mirror:OpenSSL_1_0_2 mirror:OpenSSL_0_9_8ze mirror:OpenSSL_1_0_0q mirror:OpenSSL_1_0_1l mirror:OpenSSL_0_9_8zd mirror:OpenSSL_1_0_0p mirror:OpenSSL_1_0_1k mirror:OpenSSL-fips-2_0_8 mirror:OpenSSL_1_0_1j mirror:OpenSSL_1_0_0o mirror:OpenSSL_0_9_8zc mirror:OpenSSL_1_0_2-beta3 mirror:OpenSSL_0_9_8zb mirror:OpenSSL_1_0_0n mirror:OpenSSL_1_0_1i mirror:OpenSSL_1_0_2-beta2 mirror:OpenSSL-fips-2_0_7 mirror:OpenSSL_1_0_1h mirror:OpenSSL_1_0_0m mirror:OpenSSL_0_9_8za mirror:OpenSSL-fips-2_0_6 mirror:OpenSSL_1_0_1g mirror:OpenSSL_1_0_2-beta1 mirror:OpenSSL_1_0_0l mirror:OpenSSL_1_0_1f mirror:OpenSSL-fips-2_0_4 mirror:OpenSSL-fips-2_0_5 mirror:OpenSSL-fips-2_0_3 mirror:OpenSSL-fips-2_0_2 mirror:OpenSSL_1_0_1e mirror:OpenSSL_1_0_0k mirror:OpenSSL_1_0_1d mirror:OpenSSL_0_9_8y mirror:OpenSSL-fips-2_0-pl1 mirror:OpenSSL-fips-2_0_1 mirror:OpenSSL_1_0_1c mirror:OpenSSL_1_0_0j mirror:OpenSSL_0_9_8x mirror:OpenSSL_1_0_1b mirror:OpenSSL_0_9_8w mirror:OpenSSL_1_0_1a mirror:OpenSSL_0_9_8v mirror:OpenSSL_1_0_0i mirror:OpenSSL_1_0_1 mirror:OpenSSL_1_0_0h mirror:OpenSSL_0_9_8u mirror:OpenSSL_1_0_1-beta3 mirror:OpenSSL_1_0_1-beta2 mirror:OpenSSL-fips-2_0-rc9 mirror:OpenSSL-fips-2_0 mirror:OpenSSL_1_0_0g mirror:OpenSSL_0_9_8t mirror:OpenSSL_0_9_8s mirror:OpenSSL_1_0_0f mirror:OpenSSL-fips-2_0-rc8 mirror:OpenSSL_1_0_1-beta1 mirror:OpenSSL-fips-2_0-rc7 mirror:OpenSSL-fips-2_0-rc6 mirror:OpenSSL-fips-2_0-rc5 mirror:OpenSSL-fips-2_0-rc4 mirror:OpenSSL-fips-2_0-rc3 mirror:OpenSSL-fips-2_0-rc2 mirror:OpenSSL-fips-2_0-rc1 mirror:OpenSSL-fips-1_2_3 mirror:OpenSSL-fips-1_2_2 mirror:OpenSSL-fips-1_2_1 mirror:OpenSSL_1_0_0e mirror:OpenSSL_1_0_0d mirror:OpenSSL_0_9_8r mirror:OpenSSL_0_9_8q mirror:OpenSSL_1_0_0c mirror:OpenSSL_0_9_8p mirror:OpenSSL_1_0_0b mirror:OpenSSL_0_9_8o mirror:OpenSSL_1_0_0a mirror:OpenSSL_1_0_0 mirror:OpenSSL_0_9_8n mirror:OpenSSL_0_9_8m mirror:OpenSSL_0_9_8m-beta1 mirror:OpenSSL_1_0_0-beta5 mirror:OpenSSL_1_0_0-beta4 mirror:OpenSSL_0_9_8l mirror:OpenSSL_1_0_0-beta3 mirror:OpenSSL_1_0_0-beta2 mirror:OpenSSL_1_0_0-beta1 mirror:OpenSSL_0_9_8k mirror:OpenSSL_0_9_8j mirror:OpenSSL_0_9_8i mirror:OpenSSL_0_9_8h mirror:OpenSSL_0_9_8g mirror:OpenSSL_0_9_8f mirror:OpenSSL-fips-1_2_0 mirror:FIPS_098_TEST_8 mirror:FIPS_098_TEST_7 mirror:FIPS_098_TEST_6 mirror:FIPS_098_TEST_5 mirror:FIPS_098_TEST_4 mirror:FIPS_098_TEST_3 mirror:FIPS_098_TEST_2 mirror:FIPS_098_TEST_1 mirror:OpenSSL_0_9_7m mirror:OpenSSL_0_9_8e mirror:OpenSSL_0_9_7l mirror:OpenSSL_0_9_8d mirror:OpenSSL_0_9_8c mirror:OpenSSL_0_9_7k mirror:OpenSSL_0_9_7j mirror:OpenSSL_0_9_8b mirror:OpenSSL_FIPS_1_0 mirror:OpenSSL_0_9_7i mirror:OpenSSL_0_9_8a mirror:OpenSSL_0_9_7h mirror:OpenSSL_0_9_8 mirror:FIPS_TEST_10 mirror:OpenSSL_0_9_8-beta6 mirror:OpenSSL_0_9_8-beta5 mirror:FIPS_TEST_9 mirror:OpenSSL_0_9_8-beta4 mirror:OpenSSL_0_9_8-beta3 mirror:BEN_FIPS_TEST_8 mirror:OpenSSL_0_9_8-beta2 mirror:OpenSSL_0_9_8-beta1 mirror:OpenSSL_0_9_7g mirror:OpenSSL_0_9_7f mirror:BEN_FIPS_TEST_7 mirror:BEN_FIPS_TEST_6 mirror:OpenSSL_0_9_7e mirror:OpenSSL_0_9_7d mirror:OpenSSL-engine-0_9_6m mirror:OpenSSL_0_9_6m mirror:LEVITTE_after_const mirror:LEVITTE_before_const mirror:BEN_FIPS_TEST_5 mirror:BEN_FIPS_TEST_4 mirror:OpenSSL-engine-0_9_6l mirror:OpenSSL_0_9_6l mirror:BEN_FIPS_TEST_3 mirror:BEN_FIPS_TEST_2 mirror:BEN_FIPS_TEST_1 mirror:OpenSSL-engine-0_9_6k mirror:OpenSSL_0_9_6k mirror:OpenSSL_0_9_7c mirror:OpenSSL-engine-0_9_6j mirror:OpenSSL_0_9_7b mirror:OpenSSL_0_9_6j mirror:OpenSSL-engine-0_9_6i mirror:OpenSSL_0_9_6i mirror:OpenSSL_0_9_7a mirror:OpenSSL_0_9_7 mirror:OpenSSL_0_9_7-beta6 mirror:STATE_after_zlib mirror:STATE_before_zlib mirror:OpenSSL_0_9_7-beta5 mirror:OpenSSL-engine-0_9_6h mirror:OpenSSL_0_9_6h mirror:OpenSSL_0_9_7-beta4 mirror:OpenSSL-engine-0_9_6g mirror:OpenSSL_0_9_6g mirror:OpenSSL-engine-0_9_6f mirror:OpenSSL_0_9_6f mirror:OpenSSL_0_9_7-beta3 mirror:OpenSSL-engine-0_9_6e mirror:OpenSSL_0_9_6e mirror:OpenSSL_0_9_7-beta2 mirror:OpenSSL_0_9_7-beta1 mirror:AFTER_COMPAQ_PATCH mirror:BEFORE_COMPAQ_PATCH mirror:OpenSSL-engine-0_9_6d mirror:OpenSSL_0_9_6d mirror:OpenSSL-engine-0_9_6d-beta1 mirror:OpenSSL_0_9_6d-beta1 mirror:OpenSSL-engine-0_9_6c mirror:OpenSSL_0_9_6c mirror:OpenSSL-engine-0_9_6b mirror:OpenSSL_0_9_6b mirror:OpenSSL_0_9_6a mirror:OpenSSL-engine-0_9_6a mirror:OpenSSL-engine-0_9_6a-beta3 mirror:OpenSSL_0_9_6a-beta3 mirror:OpenSSL-engine-0_9_6a-beta2 mirror:OpenSSL_0_9_6a-beta2 mirror:OpenSSL-engine-0_9_6a-beta1 mirror:OpenSSL_0_9_6a-beta1 mirror:rsaref mirror:BEFORE_engine mirror:OpenSSL_0_9_6-beta2 mirror:OpenSSL_0_9_6-beta1 mirror:OpenSSL_0_9_6 mirror:OpenSSL-engine-0_9_6 mirror:OpenSSL-engine-0_9_6-beta3 mirror:OpenSSL_0_9_6-beta3 mirror:OpenSSL-engine-0_9_6-beta2 mirror:OpenSSL-engine-0_9_6-beta1 mirror:OpenSSL_0_9_5 mirror:OpenSSL_0_9_5a mirror:OpenSSL_0_9_5a-beta2 mirror:OpenSSL_0_9_5a-beta1 mirror:OpenSSL_0_9_5beta2 mirror:OpenSSL_0_9_5beta1 mirror:OpenSSL_0_9_4 mirror:OpenSSL_0_9_3a mirror:OpenSSL_0_9_3 mirror:OpenSSL_0_9_3beta2 mirror:OpenSSL_0_9_3beta1 mirror:OpenSSL_0_9_2b mirror:OpenSSL_0_9_1c mirror:SSLeay_0_9_1b mirror:SSLeay_0_9_0b mirror:SSLeay_0_8_1b

2 Commits
feature/me ... tls1.3-dra

Author SHA1 Message Date
Roelof duToit
d4d9864411 Update PR#3925 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3925)
 2017-07-14 11:19:07 +01:00
Roelof duToit
a071d72b82 Retry SSL_read on ERROR_WANT_READ. 
This resolves the retry issue in general, but also the specific case where a TLS 1.3 server sends a post-handshake NewSessionTicket message prior to appdata.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3925)
 2017-07-14 11:19:07 +01:00
16806 changed files with 342059 additions and 1405031 deletions
Expand all files Collapse all files

297
.clang-format
View File

@@ -1,297 +0,0 @@
---
BasedOnStyle: WebKit
###################################
#
# OpenSSL Customizations start here.
#
# Customizing whitespace config should be avoided, but WebKit C style
# does specify this for C. (with C++ being the other way around) Due
# to limitations in clang-format it's not possible for it to default
# to C today, it defaults to C++. Therefore we force this to the
# WebKit C style value. If we ever have C++ code we will have to
# consider how to deal with this.
PointerAlignment: Right
#
# we add matches for /** and /*- at the top
# of a comment block to protect comments as
# per STYLE.md
CommentPragmas: '(^ IWYU pragma:|^\*$|^-$)'
# OpenSSL uses macros extensively. Tell clang-format about them.
TypenameMacros: ['LHASH_OF', 'STACK_OF']
StatementMacros:
- "DECLARE_AES_EVP"
- "DECLARE_ASN1_ALLOC_FUNCTIONS"
- "DECLARE_ASN1_ALLOC_FUNCTIONS_attr"
- "DECLARE_ASN1_ALLOC_FUNCTIONS_name"
- "DECLARE_ASN1_ALLOC_FUNCTIONS_name_attr"
- "DECLARE_ASN1_DUP_FUNCTION"
- "DECLARE_ASN1_DUP_FUNCTION_attr"
- "DECLARE_ASN1_DUP_FUNCTION_name"
- "DECLARE_ASN1_DUP_FUNCTION_name_attr"
- "DECLARE_ASN1_ENCODE_FUNCTIONS"
- "DECLARE_ASN1_ENCODE_FUNCTIONS_attr"
- "DECLARE_ASN1_ENCODE_FUNCTIONS_const"
- "DECLARE_ASN1_ENCODE_FUNCTIONS_name"
- "DECLARE_ASN1_ENCODE_FUNCTIONS_name_attr"
- "DECLARE_ASN1_ENCODE_FUNCTIONS_only"
- "DECLARE_ASN1_ENCODE_FUNCTIONS_only_attr"
- "DECLARE_ASN1_FUNCTIONS"
- "DECLARE_ASN1_FUNCTIONS_attr"
- "DECLARE_ASN1_FUNCTIONS_const"
- "DECLARE_ASN1_FUNCTIONS_fname"
- "DECLARE_ASN1_FUNCTIONS_name"
- "DECLARE_ASN1_FUNCTIONS_name_attr"
- "DECLARE_ASN1_ITEM"
- "DECLARE_ASN1_ITEM_attr"
- "DECLARE_ASN1_NDEF_FUNCTION"
- "DECLARE_ASN1_NDEF_FUNCTION_attr"
- "DECLARE_ASN1_PRINT_FUNCTION"
- "DECLARE_ASN1_PRINT_FUNCTION_attr"
- "DECLARE_ASN1_PRINT_FUNCTION_fname"
- "DECLARE_ASN1_PRINT_FUNCTION_fname_attr"
- "DECLARE_COMPARISON"
- "DECLARE_COMPARISONS"
- "DECLARE_DISPATCH"
- "DECLARE_HT_VALUE_TYPE_FNS"
- "DECLARE_LHASH_COMP_FN"
- "DECLARE_LHASH_DOALL_ARG_FN"
- "DECLARE_LHASH_HASH_FN"
- "DECLARE_LIST_OF"
- "DECLARE_ML_KEM_PRVKEYDATA"
- "DECLARE_ML_KEM_PUBKEYDATA"
- "DECLARE_ML_KEM_VARIANT_KEYDATA"
- "DECLARE_OBJ_BSEARCH_CMP_FN"
- "DECLARE_OBJ_BSEARCH_GLOBAL_CMP_FN"
- "DECLARE_PEM_read"
- "DECLARE_PEM_read_attr"
- "DECLARE_PEM_read_bio"
- "DECLARE_PEM_read_bio_attr"
- "DECLARE_PEM_read_bio_ex"
- "DECLARE_PEM_read_bio_ex_attr"
- "DECLARE_PEM_read_ex"
- "DECLARE_PEM_read_ex_attr"
- "DECLARE_PEM_read_fp"
- "DECLARE_PEM_read_fp_attr"
- "DECLARE_PEM_read_fp_ex_attr"
- "DECLARE_PEM_rw"
- "DECLARE_PEM_rw_attr"
- "DECLARE_PEM_rw_cb"
- "DECLARE_PEM_rw_cb_attr"
- "DECLARE_PEM_rw_cb_ex"
- "DECLARE_PEM_rw_cb_ex_attr"
- "DECLARE_PEM_rw_const"
- "DECLARE_PEM_rw_const_attr"
- "DECLARE_PEM_rw_ex"
- "DECLARE_PEM_rw_ex_attr"
- "DECLARE_PEM_write"
- "DECLARE_PEM_write_attr"
- "DECLARE_PEM_write_bio"
- "DECLARE_PEM_write_bio_attr"
- "DECLARE_PEM_write_bio_const"
- "DECLARE_PEM_write_bio_const_attr"
- "DECLARE_PEM_write_bio_ex"
- "DECLARE_PEM_write_bio_ex_attr"
- "DECLARE_PEM_write_cb"
- "DECLARE_PEM_write_cb_attr"
- "DECLARE_PEM_write_cb_bio"
- "DECLARE_PEM_write_cb_bio_attr"
- "DECLARE_PEM_write_cb_bio_ex_attr"
- "DECLARE_PEM_write_cb_ex"
- "DECLARE_PEM_write_cb_ex_attr"
- "DECLARE_PEM_write_cb_ex_bio"
- "DECLARE_PEM_write_cb_fp"
- "DECLARE_PEM_write_cb_fp_attr"
- "DECLARE_PEM_write_cb_fp_ex_attr"
- "DECLARE_PEM_write_const"
- "DECLARE_PEM_write_const_attr"
- "DECLARE_PEM_write_ex"
- "DECLARE_PEM_write_ex_attr"
- "DECLARE_PEM_write_fp"
- "DECLARE_PEM_write_fp_attr"
- "DECLARE_PEM_write_fp_const"
- "DECLARE_PEM_write_fp_const_attr"
- "DECLARE_PEM_write_fp_ex_attr"
- "DECLARE_RUN_ONCE"
- "DECLARE_VARIANT"
- "IMPLEMENT_aead_cipher"
- "IMPLEMENT_aead_cipher_pipeline"
- "IMPLEMENT_ARIA_CFBR"
- "IMPLEMENT_ASN1_ALLOC_FUNCTIONS"
- "IMPLEMENT_ASN1_ALLOC_FUNCTIONS_fname"
- "IMPLEMENT_ASN1_ALLOC_FUNCTIONS_pfname"
- "IMPLEMENT_ASN1_DUP_FUNCTION"
- "IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname"
- "IMPLEMENT_ASN1_ENCODE_FUNCTIONS_fname"
- "IMPLEMENT_ASN1_FUNCTIONS"
- "IMPLEMENT_ASN1_FUNCTIONS_const"
- "IMPLEMENT_ASN1_FUNCTIONS_ENCODE_name"
- "IMPLEMENT_ASN1_FUNCTIONS_fname"
- "IMPLEMENT_ASN1_FUNCTIONS_name"
- "IMPLEMENT_ASN1_MSTRING"
- "IMPLEMENT_ASN1_NDEF_FUNCTION"
- "IMPLEMENT_ASN1_PRINT_FUNCTION"
- "IMPLEMENT_ASN1_PRINT_FUNCTION_fname"
- "IMPLEMENT_ASN1_STRING_FUNCTIONS"
- "IMPLEMENT_ASN1_TYPE"
- "IMPLEMENT_ASN1_TYPE_ex"
- "IMPLEMENT_BLAKE_functions"
- "IMPLEMENT_BLOCK_CIPHER"
- "IMPLEMENT_CFBR"
- "IMPLEMENT_cipher"
- "IMPLEMENT_CIPHER"
- "IMPLEMENT_CIPHER_HW_CBC"
- "IMPLEMENT_CIPHER_HW_CFB"
- "IMPLEMENT_CIPHER_HW_COPYCTX"
- "IMPLEMENT_CIPHER_HW_ECB"
- "IMPLEMENT_CIPHER_HW_OFB"
- "IMPLEMENT_CRMF_CTRL_FUNC"
- "IMPLEMENT_cts_cipher"
- "IMPLEMENT_des_cipher"
- "IMPLEMENT_DIGEST"
- "IMPLEMENT_digest_functions"
- "IMPLEMENT_digest_functions_with_settable_ctx"
- "IMPLEMENT_dtls1_meth_func"
- "IMPLEMENT_DYNAMIC_BIND_FN"
- "IMPLEMENT_DYNAMIC_CHECK_FN"
- "IMPLEMENT_ECX_VARIANT"
- "IMPLEMENT_EXTERN_ASN1"
- "IMPLEMENT_generic_cipher"
- "IMPLEMENT_generic_cipher_func"
- "IMPLEMENT_generic_cipher_genfn"
- "IMPLEMENT_HT_VALUE_TYPE_FNS"
- "IMPLEMENT_KECCAK_functions"
- "IMPLEMENT_KMAC_functions"
- "IMPLEMENT_KMAC_TABLE"
- "IMPLEMENT_LEGACY_ERR_LOAD"
- "IMPLEMENT_LEGACY_EVP_MD_METH"
- "IMPLEMENT_LEGACY_EVP_MD_METH_LC"
- "IMPLEMENT_LEGACY_EVP_MD_METH_SHA3"
- "IMPLEMENT_LEGACY_EVP_MD_METH_SHAKE"
- "IMPLEMENT_LHASH_COMP_FN"
- "IMPLEMENT_LHASH_DOALL_ARG"
- "IMPLEMENT_LHASH_DOALL_ARG_CONST"
- "IMPLEMENT_LHASH_DOALL_ARG_FN"
- "IMPLEMENT_LHASH_HASH_FN"
- "IMPLEMENT_MS"
- "IMPLEMENT_MSBLOB"
- "IMPLEMENT_OBJ_BSEARCH_CMP_FN"
- "IMPLEMENT_OBJ_BSEARCH_GLOBAL_CMP_FN"
- "IMPLEMENT_PEM_provided_rw"
- "IMPLEMENT_PEM_provided_rw_cb"
- "IMPLEMENT_PEM_provided_write"
- "IMPLEMENT_PEM_provided_write_bio"
- "IMPLEMENT_PEM_provided_write_body_fallback"
- "IMPLEMENT_PEM_provided_write_body_fallback_cb"
- "IMPLEMENT_PEM_provided_write_body_main"
- "IMPLEMENT_PEM_provided_write_body_pass"
- "IMPLEMENT_PEM_provided_write_body_vars"
- "IMPLEMENT_PEM_provided_write_cb"
- "IMPLEMENT_PEM_provided_write_cb_bio"
- "IMPLEMENT_PEM_provided_write_cb_fp"
- "IMPLEMENT_PEM_provided_write_cb_to"
- "IMPLEMENT_PEM_provided_write_fp"
- "IMPLEMENT_PEM_provided_write_to"
- "IMPLEMENT_PEM_read"
- "IMPLEMENT_PEM_read_bio"
- "IMPLEMENT_PEM_read_fp"
- "IMPLEMENT_PEM_rw"
- "IMPLEMENT_PEM_rw_cb"
- "IMPLEMENT_PEM_rw_const"
- "IMPLEMENT_PEM_write"
- "IMPLEMENT_PEM_write_bio"
- "IMPLEMENT_PEM_write_bio_const"
- "IMPLEMENT_PEM_write_cb"
- "IMPLEMENT_PEM_write_cb_bio"
- "IMPLEMENT_PEM_write_cb_bio_const"
- "IMPLEMENT_PEM_write_cb_const"
- "IMPLEMENT_PEM_write_cb_fp"
- "IMPLEMENT_PEM_write_cb_fp_const"
- "IMPLEMENT_PEM_write_const"
- "IMPLEMENT_PEM_write_fp"
- "IMPLEMENT_PEM_write_fp_const"
- "IMPLEMENT_quic_meth_func"
- "IMPLEMENT_SHA3_functions"
- "IMPLEMENT_SHAKE_functions"
- "IMPLEMENT_SSL_TEST_BOOL_OPTION"
- "IMPLEMENT_SSL_TEST_INT_OPTION"
- "IMPLEMENT_SSL_TEST_STRING_OPTION"
- "IMPLEMENT_ssl3_meth_func"
- "IMPLEMENT_STATIC_ASN1_ALLOC_FUNCTIONS"
- "IMPLEMENT_STATIC_ASN1_ENCODE_FUNCTIONS"
- "IMPLEMENT_tdes_cipher"
- "IMPLEMENT_TEST_SUITE"
- "IMPLEMENT_TEST_SUITE_LEGACY"
- "IMPLEMENT_TEST_SUITE_MSBLOB"
- "IMPLEMENT_TEST_SUITE_PARAMS"
- "IMPLEMENT_TEST_SUITE_PROTECTED_PVK"
- "IMPLEMENT_TEST_SUITE_UNPROTECTED_PVK"
- "IMPLEMENT_tls_meth_func"
- "IMPLEMENT_var_keylen_cipher"
- "IMPLEMENT_var_keylen_cipher_func"
- "IMPLEMENT_WRAP_CIPHER"
- "ASN1_ADB_END"
- "ASN1_CHOICE_END"
- "ASN1_CHOICE_END_cb"
- "ASN1_CHOICE_END_name"
- "ASN1_CHOICE_END_selector"
- "ASN1_F_ASN1_FIND_END 0"
- "ASN1_ITEM_TEMPLATE_END"
- "ASN1_NDEF_SEQUENCE_END"
- "ASN1_NDEF_SEQUENCE_END_cb"
- "ASN1_SEQUENCE_END"
- "ASN1_SEQUENCE_END_cb"
- "ASN1_SEQUENCE_END_enc"
- "ASN1_SEQUENCE_END_name"
- "ASN1_SEQUENCE_END_ref"
- "static_ASN1_SEQUENCE_END"
# This isn't quite right, but it causes clang-format to do a slightly better
# job formatting this macro.
- "ASN1_EX_TEMPLATE_TYPE"
- "LAZY"
#
# Include sorting should be disabled until post 4.0
#
#SortIncludes:
# Enabled: false
# IgnoreCase: false
# IgnoreExtension: false
SortIncludes: Never
IncludeBlocks: Preserve
IncludeCategories:
# # deprecated must always be first
# - Regex: '^"internal/deprecated.h"'
# Priority: -10
# SortPriority: 0
# CaseSensitive: false
# # bio_local is special
# - Regex: '^"bio_local.h"'
# Priority: -1
# SortPriority: 0
# CaseSensitive: false
# - Regex: '^"crypto/.*\.h"'
# Priority: 5
# SortPriority: 0
# CaseSensitive: false
# - Regex: '^"internal/.*\.h"'
# Priority: 4
# SortPriority: 0
# CaseSensitive: false
# - Regex: '^<openssl/.*\.h>'
# Priority: 3
# SortPriority: 0
# CaseSensitive: false
# - Regex: '^<.*\.h>'
# Priority: 1
# SortPriority: 0
# CaseSensitive: false
# # we do not currently include C++ style files, in case we ever do?
# - Regex: '^<.*'
# Priority: 2
# SortPriority: 0
# CaseSensitive: false
# - Regex: '.*'
# Priority: 6
# SortPriority: 0
# CaseSensitive: false
...

452
.codespellrc
View File

@@ -1,452 +0,0 @@
[codespell]
ignore-regex = \b[a-zA-Z][a-zA-Z]\b
uri-ignore-words-list =
standarts
ignore-words-list =
aas,
Aas,
AAS,
abd,
ABD,
accreting,
ADDAD,
addin,
adin,
AFAIR,
afile,
afterAll,
AfterAll,
Ake,
ALine,
allEdges,
alloced,
alloco,
allws,
alo,
Alo,
alow,
ALS,
alsptd,
ang,
ans,
anS,
ANS,
aNULL,
archType,
arithmetics,
assertIn,
ategory,
atLeast,
AtLeast,
atMost,
biom,
bion,
bootup,
BRE,
Buda,
buildd,
bve,
CAF,
cann,
CANN,
cant,
Chang,
checkin,
childs,
ciph,
circularly,
Circularly,
claus,
Claus,
clen,
CLOS,
co-ordinate,
co-ordinates,
Collet,
Collison,
compilability,
compileTime,
CompileTime,
complies,
COMPLIES,
configury,
consumation,
couldn,
crasher,
crashers,
crate,
Crate,
CRATE,
creat,
CREAT,
CrOS,
crypted,
CRYPTED,
currentY,
DAA,
datas,
debbugs,
Debbugs,
DELET,
dependancies,
dependancy,
dependant,
deque,
Deque,
dota,
doubleclick,
doubleClick,
DoubleClick,
dout,
Dout,
DOUT,
dum,
dur,
Dur,
Durin,
ect,
ECT,
ede,
EDE,
endianess,
endin,
engineerr,
ENGINEerr,
equest,
equests,
FileTest,
FILETEST,
filetests,
flate,
Flate,
FLATE,
fpr,
FPR,
FPT,
gord,
gost,
Gost,
GOST,
Hart,
hasTable,
hel,
hist,
HIST,
HSI,
htmp,
ifset,
igest,
iif,
IIF,
implementor,
Implementor,
implementors,
Implementors,
inactivate,
inbrace,
indention,
indx,
ine,
informat,
inh,
inout,
inOut,
InOut,
INOUT,
ISCONNECTION,
isnt,
ist,
IST,
keep-alives,
keypair,
keyPair,
Keypair,
KeyPair,
KEYPAIR,
keypairs,
keyPairs,
Keypairs,
KeyPairs,
keyserver,
LAMDA,
larg,
leapYear,
LOd,
LOD,
Maked,
Manger,
Manuel,
ment,
Merget,
minimise,
mis,
Mis,
MIS,
mitre,
Mitre,
MITRE,
mmaped,
msdos,
MSDOS,
nam,
Nam,
NAM,
nclusion,
Ned,
nin,
Nin,
nmake,
NMake,
NMAKE,
NOo,
notin,
Notin,
NotIn,
numer,
OCE,
offsetp,
ois,
onText,
OnText,
openin,
OptIn,
OPTIO,
origN,
outin,
paeth,
Paeth,
PAETH,
parm,
pARM,
Parm,
PARM,
parms,
pARMS,
Parms,
PARMs,
PARMS,
pass-thru,
passin,
poping,
pres,
Pres,
prevEnd,
pris,
PullRequest,
que,
re-usable,
Re-usable,
re-use,
Re-use,
re-used,
Re-used,
re-uses,
Re-uses,
re-using,
Re-using,
readd,
Readd,
readded,
Readded,
regArg,
regArgs,
requestor,
Requestor,
requestors,
rewinded,
roperties,
sav,
SEH,
ser,
Ser,
SER,
servent,
sHolder,
shouldBe,
shouldnot,
SHS,
siz,
SIZ,
SME,
SOM,
Sorce,
sover,
splitted,
statics,
Statics,
strRange,
succes,
technics,
testss,
therefor,
Therefor,
therefrom,
Thi,
thirdparty,
thirdParty,
Thirdparty,
ThirdParty,
THIRDPARTY,
thru,
Thur,
THUR,
tmplate,
tne,
tolen,
tthe,
ture,
uis,
UIs,
upto,
upTo,
uptodate,
upToDate,
UpToDate,
useable,
Useable,
userA,
UserA,
usign,
varN,
vertexes,
vew,
vor,
WAN,
wasn,
Widgits,
Wirth,
wont,
WRONLY,
WTH
skip =
[cC]hange.[lL]og*,
[cC]hange[lL]og*,
[cC]hanges,
[cC]hanges[._-]*,
*__*__*.html,
*_8h_source.html,
*_8h.html,
*.asc,
*.bin,
*.crt,
*.css.map,
*.eps,
*.fr.utf-8,
*.git,
*.html.de,
*.html.es,
*.html.fr,
*.html.ko.euc-kr,
*.html.pt-br,
*.info_[0-9],
*.ipynb,
*.ja.utf8,
*.js.map,
*.min.js,
*.pdf,
*.pem,
*.po,
*.ppm,
*.ps,
*.rtf,
*.sum,
*.svg,
*.svn,
*.tr.utf8,
*.xpm,
*.zh-cn.utf8,
*.zlib,
*[._-][cC]hanges,
*[._-]CHANGES,
*/.mailmap,
*/.versions/*,
*/[eE]ncode/*,
*/[eE]ncodings/*,
*/[lL]ang/*,
*/[lL]anguage/*,
*/[lL]anguages/*,
*/[lL]ocale,
*/[mM]ath[jJ]ax/*,
*/[tT]hird*[pP]arty/*,
*/[tT]ranslation/*,
*/[tT]ranslations/*,
*/*.desktop,
*/*.desktop.in,
*/*[^a/]test/*,
*/*[^a/]tests/*,
*/*[lL]ocal[ei]*/*,
*/3rd*[pP]arty/*,
*/aspell/*,
*/AUTHORS*,
*/charsets/*,
*/chrtrans/*,
*/codepage/*,
*/data/*,
*/deps/*,
*/dict/*,
*/dictionaries/*,
*/doc*/[a-df-z][a-z]/*,
*/doc*/[a-z][a-z][_-][a-zA-Z][a-zA-Z]/*,
*/doc*/e[a-mo-z]/*,
*/extern/*,
*/external/*,
*/externals/*,
*/help/[a-df-z][a-z]/*,
*/help/[a-z][a-z]_[A-Z][A-Z]/*,
*/help/es/*,
*/i18n/*,
*/icu/*,
*/info/[a-df-z][a-z]/*,
*/info/[a-z][a-z]_[A-Z][A-Z]/*,
*/info/es/*,
*/intl/*,
*/l10n/*,
*/langmap/*,
*/langs/*,
*/LICENSE,
*/man*/[a-df-z][a-z]/*,
*/man*/[a-z][a-z][_-][a-zA-Z][a-zA-Z]/*,
*/man*/e[a-mo-z]/*,
*/messages[_./][a-df-z][a-z][_./]*,
*/messages[_./][a-z][a-z]_[A-Z][A-Z][_./]*,
*/messages[_./]es[_./]*,
*/rfc[1-9]*.txt,
*/runtime/*,
*/searchindex.js,
*/test*/*,
*/test/danetest.in,
*/test/data2.bin,
*/test/recipes/30-test_evp_data/evppkey_kas.txt,
*/test/recipes/30-test_evp_data/evppkey.txt,
*/unicode/*,
*/Unicode/*,
*/unicore/*,
*/vendor/*,
*/vendors/*,
*/yarn.lock,
*codespell-check.sh,
*lorem-ipsum*,
*man[12345657]/*
/fonts/*,
ABOUT-NLS,
authors.xml,
CHANGE.log*,
CHANGELOG*,
CHANGES,
CHANGES[._-]*,
CONTRIBUTORS*,
CREDITS,
CREDITS.TXT,
DONATIONS,
jquery.js,
jquery.min.map,
localization*-[a-z][a-z]_[a-zA-Z][a-zA-Z].*,
localization*-[a-z][a-z].*,
MAINTAINERS,
NormalizationTest.txt,
package-lock.json,
THANKS*,
UnicodeData.txt

11
.ctags.d/add-dir.ctags
View File

@@ -1,11 +0,0 @@
#
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# Allow ctags to load configuration file under the sub directories.
--optlib-dir=+./.ctags.d

13
.ctags.d/exclude.ctags
View File

@@ -1,13 +0,0 @@
#
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# List file names or patterns you want ctags to ignore.
--exclude=.ctags.d
--exclude=test
--exclude=check-format-test-positives.c

11
.ctags.d/langmap.ctags
View File

@@ -1,11 +0,0 @@
#
# Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
--langmap=C:+.h
--langmap=C:+.inc

18
.ctags.d/openssl-stage1/10extrac-macrodefs.ctags
View File

@@ -1,18 +0,0 @@
#
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
# This file is only for extracting macro definitions.
--langmap=C:+.h
-o -
--sort=no
--languages=C
-R
--fields-C=+{macrodef}
--fields=+{signature}

1
.ctags.d/openssl-stage2/.gitignore vendored
View File

@@ -1 +0,0 @@
*macro-definitons.ctags

9
.ctags.d/openssl-stage2/10expand-macros.ctags
View File

@@ -1,9 +0,0 @@
#
# Copyright 2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
#
--param-CPreProcessor._expand=1

4
.git-blame-ignore-revs
View File

@@ -1,4 +0,0 @@
# Run util/openssl-format-source -v -c .
0f113f3ee4d629ef9a4a30911b22b224772085e5
# 4.0-POST-CLANG-FORMAT-WEBKIT
2fab90bb5e1937f1c2125eab144f7f6c39e70087

16
.gitattributes vendored
View File

@@ -1,19 +1,3 @@
*.bin binary
*.der binary
/fuzz/corpora/** binary
*.pfx binary
test/recipes/15-test_ml_dsa_codecs_data/*.dat binary
test/recipes/15-test_ml_kem_codecs_data/*.dat binary
# For git archive
fuzz/corpora/** export-ignore
Configurations/*.norelease.conf export-ignore
# We generally avoid anything with a name starting with a period.
# However, .ctags.d is precious, so we don't ignore that.
.* export-ignore
.ctags.d !export-ignore
util/mktar.sh export-ignore
krb5 export-ignore
pyca-cryptography export-ignore
dev export-ignore
gost-engine export-ignore

1
.github/CODEOWNERS vendored
View File

@@ -1 +0,0 @@
/.github/workflows/ @quarckster

1
.github/FUNDING.yml vendored
View File

@@ -1 +0,0 @@
github: openssl

27
.github/ISSUE_TEMPLATE.md vendored
View File

@@ -1,27 +0,0 @@
<!--
NOTE:
If you're asking about how to use OpenSSL, this isn't the right
forum. Please see our User Support resources:
https://github.com/openssl/openssl/blob/master/SUPPORT.md
If relevant, please remember to tell us in what OpenSSL version you
found the issue.
Please remember to put ``` lines before and after any commands plus
output and code, like this:
```
$ echo output output output
output output output
```
```
#include <stdio.h>
int main() {
int foo = 1;
printf("%d\n", foo);
}
```
-->

53
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@@ -1,53 +0,0 @@
---
name: Bug report
labels: 'issue: bug report'
about: Report a defect in the software
---
<!--
Thank you for your bug report. If this is your first one,
please take the time to read the following lines before posting it.
NOTE:
If you're asking about how to use OpenSSL, this isn't the right
forum. Please see our User Support resources:
https://github.com/openssl/openssl/blob/master/SUPPORT.md
Please remember to tell us in what OpenSSL version you found the issue.
For build issues:
If this is a build issue, please include the configuration output
as well as a log of all errors. Don't forget to include the exact
commands you typed.
With OpenSSL before 1.1.1, the configuration output comes from the
configuration command. With OpenSSL 1.1.1 and on, it's the output
of `perl configdata.pm --dump`
For other issues:
If it isn't a build issue, example code or commands to reproduce
the issue is highly appreciated.
Also, please remember to tell us if you worked with your own
OpenSSL build or if it is system provided.
Please remember to put ``` lines before and after any commands plus
output and code, like this:
```
$ echo output output output
output output output
```
```
#include <stdio.h>
int main() {
int foo = 1;
printf("%d\n", foo);
}
```
-->

14
.github/ISSUE_TEMPLATE/documentation.md vendored
View File

@@ -1,14 +0,0 @@
---
name: Documentation
labels: 'issue: documentation'
about: Report an error in (or missing) documentation
---
<!--
Thank you for taking the time to report a documentation issue.
Please remember to tell us which OpenSSL version you are using and then
briefly describe the documentation error and where you encountered it
(e.g., in which manual page). If you are missing the documentation for a
certain command or API function, please tell us its name.
-->

34
.github/ISSUE_TEMPLATE/feature_request.md vendored
View File

@@ -1,34 +0,0 @@
---
name: Feature request
labels: 'issue: feature request'
about: Propose a feature you would like to see added in the software
---
<!--
Thank you for your feature request. If this is your first one,
please take the time to read the following lines before posting it.
NOTE:
If you're asking about how to use OpenSSL, this isn't the right
forum. Please see our User Support resources:
https://github.com/openssl/openssl/blob/master/SUPPORT.md
Please remember to put ``` lines before and after any commands plus
output and code, like this:
```
$ echo output output output
output output output
```
```
#include <stdio.h>
int main() {
int foo = 1;
printf("%d\n", foo);
}
```
-->

10
.github/ISSUE_TEMPLATE/question.md vendored
View File

@@ -1,10 +0,0 @@
---
name: Question
labels: 'issue: question'
about: Please use Q&A in Discussions instead
---
Please do NOT use issues to ask questions about OpenSSL.
Instead, please use the [Q&A category in Discussions](<https://github.com/openssl/openssl/discussions/new?category=q-a>)
to ask your question.

4
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -1,11 +1,11 @@
<!--
Thank you for your pull request. Please review these requirements:
Contributors guide: https://github.com/openssl/openssl/blob/master/CONTRIBUTING.md
Contributors guide: https://github.com/openssl/openssl/blob/master/CONTRIBUTING
Other than that, provide a description above this comment if there isn't one already
If this fixes a GitHub issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message.
If this fixes a github issue, make sure to have a line saying 'Fixes #XXXX' (without quotes) in the commit message.
-->
##### Checklist

17
.github/dependabot.yml vendored
View File

@@ -1,17 +0,0 @@
version: 2
updates:
- package-ecosystem: "github-actions"
directory: "/"
schedule:
interval: "daily"
commit-message:
prefix: "Dependabot update\n\nCLA: trivial\n\n"
include: "scope"
labels:
- "dependencies"
- "cla: trivial"
- "approval: review pending"
reviewers:
- "openssl/committers"
cooldown:
default-days: 7

67
.github/workflows/backport.yml vendored
View File

@@ -1,67 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Backports CI
on: [pull_request]
permissions:
contents: read
jobs:
check_backports:
strategy:
fail-fast: false
matrix:
release: [
{
branch: '3.6',
cppflags: ''
}, {
branch: '3.5',
cppflags: 'CPPFLAGS=-ansi'
}, {
branch: '3.4',
cppflags: 'CPPFLAGS=-ansi'
}, {
branch: '3.3',
cppflags: 'CPPFLAGS=-ansi',
}, {
branch: '3.2',
cppflags: 'CPPFLAGS=-ansi'
}, {
branch: '3.0',
cppflags: 'CPPFLAGS=-ansi'
}
]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
if: ${{ contains(join(github.event.pull_request.labels.*.name,','),matrix.release.branch) }}
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
persist-credentials: false
- name: cherry-pick
if: ${{ contains(join(github.event.pull_request.labels.*.name,','),matrix.release.branch) }}
run: |
REFEND=$(git rev-parse HEAD)
REFSTART=$(git rev-parse $REFEND~${{ github.event.pull_request.commits }})
git checkout ${{ format('openssl-{0}', matrix.release.branch) }}
git config user.name "OpenSSL Machine"
git config user.email "openssl-machine@openssl.org"
echo Cherry-picking $REFSTART..$REFEND
git cherry-pick $REFSTART..$REFEND
- name: config
if: ${{ contains(join(github.event.pull_request.labels.*.name,','),matrix.release.branch) }}
run: ${{ matrix.release.cppflags }} ./config --strict-warnings --banner=Configured no-asm enable-fips --strict-warnings -D_DEFAULT_SOURCE && perl configdata.pm --dump
- name: make
if: ${{ contains(join(github.event.pull_request.labels.*.name,','),matrix.release.branch) }}
run: make -s -j4
- name: make test
if: ${{ contains(join(github.event.pull_request.labels.*.name,','),matrix.release.branch) }}
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}

820
.github/workflows/ci.yml vendored
View File

@@ -1,820 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: GitHub CI
on: [pull_request, push]
# for some reason, this does not work:
# variables:
# BUILDOPTS: "-j4"
# HARNESS_JOBS: "${HARNESS_JOBS:-4}"
# for some reason, this does not work:
# before_script:
# - make="make -s"
permissions:
contents: read
env:
OSSL_RUN_CI_TESTS: 1
jobs:
check_update:
runs-on: ubuntu-latest
steps:
- name: install unifdef
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install unifdef
- uses: actions/checkout@v5
with:
fetch-depth: 0
persist-credentials: false
- name: config
run: ./config --strict-warnings --banner=Configured enable-fips && perl configdata.pm --dump
- name: make build_generated
run: make -s build_generated
- name: make update
run: make update
- name: git diff
run: git diff --exit-code
check_docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config --strict-warnings --banner=Configured enable-fips && perl configdata.pm --dump
- name: make build_generated
run: make -s build_generated
- name: make doc-nits
run: make doc-nits
- name: make help
run: make help
- name: make md-nits
run: |
sudo gem install mdl
make md-nits
# This checks that we use ANSI C language syntax and semantics.
# We are not as strict with libraries, but rather adapt to what's
# expected to be available in a certain version of each platform.
check-c99:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: CPPFLAGS='-std=c99 -D_XOPEN_SOURCE=1 -D_POSIX_C_SOURCE=200809L' ./config --strict-warnings --banner=Configured enable-sslkeylog no-asm no-secure-memory no-makedepend enable-buildtest-c++ enable-fips enable-lms && perl configdata.pm --dump
- name: make
run: make -s -j4
basic_gcc:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: localegen
run: sudo locale-gen tr_TR.UTF-8
- name: fipsvendor
# Make one fips build use a customized FIPS vendor
run: echo "FIPS_VENDOR=CI" >> VERSION.dat
- name: config
# enable-quic is on by default, but we leave it here to check we're testing the explicit enable somewhere
run: CC=gcc ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-sslkeylog enable-fips enable-quic enable-lms && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: check fipsvendor
run: |
util/wrap.pl -fips apps/openssl list -providers | grep 'name: CI FIPS Provider for OpenSSL$'
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@basic-gcc"
path: artifacts.tar.gz
basic_clang:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=clang ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@basic-clang"
path: artifacts.tar.gz
linux-arm64:
runs-on: ubuntu-24.04-arm
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config --strict-warnings enable-demos enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@linux-arm64"
path: artifacts.tar.gz
linux-x86:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: run container
run: |
CONTAINER_ID=$(podman run -d -v $(pwd):/mnt -w /mnt --platform=linux/i386 docker.io/i386/debian:13 sleep infinity)
echo "CONTAINER_ID=$CONTAINER_ID" >> "$GITHUB_ENV"
- name: install dependencies
run:
podman exec -t $CONTAINER_ID sh -c "apt-get update && apt-get install -y gcc perl make"
- name: config
run: |
podman exec -t $CONTAINER_ID sh -c \
"./config --strict-warnings linux-x86 enable-demos enable-fips enable-lms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace"
- name: config dump
run: |
podman exec -t $CONTAINER_ID sh -c \
"./configdata.pm --dump"
- name: make
run: |
podman exec -t $CONTAINER_ID sh -c \
"make -j"
- name: get cpu info
run: |
cat /proc/cpuinfo
podman exec -t $CONTAINER_ID sh -c \
"./util/opensslwrap.sh version -c"
- name: make test
run: |
podman exec -t $CONTAINER_ID sh -c \
".github/workflows/make-test"
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@linux-x86"
path: artifacts.tar.gz
freebsd-x86_64:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
shutdown_vm: false
run: |
sudo pkg install -y gcc perl5
./config --strict-warnings enable-fips enable-lms enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
shutdown_vm: false
run: ./configdata.pm --dump
- name: make
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
shutdown_vm: false
run: make -j4
- name: make test
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
run: |
./util/opensslwrap.sh version -c
.github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@BSD-x86_64"
path: artifacts.tar.gz
minimal:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-bulk no-pic no-asm no-lms -DOPENSSL_NO_SECURE_MEMORY -DOPENSSL_SMALL_FOOTPRINT && perl configdata.pm --dump
- name: make
run: make -j4 # verbose, so no -s here
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@minimal"
path: artifacts.tar.gz
no-deprecated:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-deprecated enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@no-deprecated"
path: artifacts.tar.gz
no-shared-ubuntu:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@no-shared-ubuntu"
path: artifacts.tar.gz
no-shared-macos:
runs-on: macos-14
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-shared no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
sysctl machdep.cpu
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@no-shared-macos-14"
path: artifacts.tar.gz
non-caching:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan no-cached-fetch no-fips no-dtls no-tls1 no-tls1-method no-tls1_1 no-tls1_1-method no-async && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="-test_fuzz* -test_ssl_* -test_sslapi -test_evp -test_cmp_http -test_verify -test_cms -test_store -test_enc -[01][0-9]"
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@non-caching"
path: artifacts.tar.gz
address_ub_sanitizer:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-lms && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@address_ub_sanitizer"
path: artifacts.tar.gz
fuzz_tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: ./config --strict-warnings --banner=Configured --debug -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION enable-asan enable-ubsan enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-weak-ssl-ciphers enable-ssl3 enable-ssl3-method enable-nextprotoneg && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0 TESTS="test_fuzz*"
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@fuzz_tests"
path: artifacts.tar.gz
if-no-files-found: ignore
memory_sanitizer:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
# --debug -O1 is to produce a debug build that runs in a reasonable amount of time
run: CC=clang ./config --strict-warnings --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips enable-lms no-slh-dsa && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test OPENSSL_TEST_RAND_ORDER=0
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@memory_sanitizer"
path: artifacts.tar.gz
threads_sanitizer:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: CC=clang ./config --strict-warnings --banner=Configured no-shared no-fips -g -fsanitize=thread && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test V=1 TESTS="test_lhash test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@threads_sanitizer"
path: artifacts.tar.gz
enable_non-default_options:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: modprobe tls
run: sudo modprobe tls
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-ec enable-ssl-trace enable-zlib enable-zlib-dynamic enable-crypto-mdebug enable-egd enable-ktls enable-fips enable-lms no-threads && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@enable_non-default_options"
path: artifacts.tar.gz
full_featured:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: modprobe tls
run: sudo modprobe tls
- name: Enable sctp
run: sudo modprobe sctp
- name: Enable auth in sctp
run: sudo sysctl -w net.sctp.auth_enable=1
- name: install extra config support
run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo enable-ktls enable-fips enable-lms enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-zlib enable-zstd && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@full_featured"
path: artifacts.tar.gz
no-legacy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured enable-demos enable-h3demo no-legacy enable-fips enable-lms && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@no-legacy"
path: artifacts.tar.gz
legacy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-demos enable-h3demo no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@legacy"
path: artifacts.tar.gz
# out-of-source-and-install checks multiple things at the same time:
# - That building, testing and installing works from an out-of-source
# build tree
# - That building, testing and installing works with a read-only source
# tree
out-of-readonly-source-and-install-ubuntu:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
path: ./source
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
working-directory: ./source
- name: make source read-only
run: chmod -R a-w ./source
- name: create build and install directories
run: |
mkdir ./build
mkdir ./install
- name: config
run: |
../source/config --banner=Configured enable-demos enable-h3demo enable-fips enable-lms enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
perl configdata.pm --dump
working-directory: ./build
- name: make
run: make -s -j4
working-directory: ./build
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
working-directory: ./build
- name: make test
run: ../source/.github/workflows/make-test
working-directory: ./build
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@out-of-readonly-source-and-install-ubuntu"
path: build/artifacts.tar.gz
- name: make install
run: make install
working-directory: ./build
out-of-readonly-source-and-install-macos:
runs-on: macos-15
steps:
- uses: actions/checkout@v5
with:
path: ./source
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
working-directory: ./source
- name: make source read-only
run: chmod -R a-w ./source
- name: create build and install directories
run: |
mkdir ./build
mkdir ./install
- name: config
run: |
../source/config --banner=Configured enable-fips enable-lms enable-demos enable-h3demo enable-quic enable-acvp-tests --strict-warnings --prefix=$(cd ../install; pwd)
perl configdata.pm --dump
working-directory: ./build
- name: make
run: make -s -j4
working-directory: ./build
- name: get cpu info
run: |
sysctl machdep.cpu
./util/opensslwrap.sh version -c
working-directory: ./build
- name: make test
run: ../source/.github/workflows/make-test
working-directory: ./build
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@out-of-readonly-source-and-install-macos-15"
path: build/artifacts.tar.gz
- name: make install
run: make install
working-directory: ./build
external-tests-misc:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
submodules: recursive
persist-credentials: false
- name: package installs
run: |
sudo apt-get update
sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy gdb libtls-dev wget gpg
- name: install cpanm and Test2::V0 for gost_engine testing
uses: perl-actions/install-with-cpanm@10d60f00b4073f484fc29d45bfbe2f776397ab3d # v1.7
with:
install: Test2::V0
- name: setup hostname workaround
run: sudo hostname localhost
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-external-tests no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- uses: dtolnay/rust-toolchain@0f44b27771c32bda9f458f75a1e241b09791b331
with:
toolchain: stable
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: test external gost-engine
run: make test TESTS="test_external_gost_engine"
- name: test external krb5
run: make test TESTS="test_external_krb5"
- name: test external tlsfuzzer
run: make test TESTS="test_external_tlsfuzzer"
- name: test external Cloudflare quiche
run: make test TESTS="test_external_cf_quiche" VERBOSE=1
- name: test external rpki client
run: make test TESTS="test_external_rpki-client-portable"
- name: test ability to produce debuginfo files
run: |
make debuginfo
gdb < <(echo -e "file ./libcrypto.so.4\nquit") > ./results
grep -q "Reading symbols from.*libcrypto\.so\.4\.debug" results
external-tests-oqs-provider:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
submodules: recursive
persist-credentials: false
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-external-tests && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: test external oqs-provider
run: make test TESTS="test_external_oqsprovider"
external-tests-pkcs11-provider:
runs-on: ubuntu-latest
container: fedora:latest
steps:
- name: package installs
run: |
dnf install -y perl-FindBin perl-IPC-Cmd perl-File-Compare perl-File-Copy perl-Test-Simple perl-Test-Harness python3 make g++ perl git meson opensc expect kryoptic
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora and pkcs11-provider submodule
run: |
git config --global --add safe.directory /__w/openssl/openssl
git submodule update --init --depth 1 fuzz/corpora
git submodule update --init --depth 1 pkcs11-provider
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-external-tests no-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
# Run all tests except external tests to make sure they work fine on Fedora because
# this is the only job running on Fedora, only then execute pkcs11-provider external
# test.
- name: test (except external tests)
run: make test TESTS="-test_external_*"
- name: test external pkcs11-provider
run: make test TESTS="test_external_pkcs11_provider" VERBOSE=1
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
external-tests-pyca:
runs-on: ubuntu-latest
strategy:
matrix:
PYTHON:
- 3.9
steps:
- uses: actions/checkout@v5
with:
submodules: recursive
persist-credentials: false
- name: package installs
run: |
sudo apt-get update
sudo apt-get -yq install pkgconf libssl-dev
- name: Configure OpenSSL
run: ./config --strict-warnings --banner=Configured --debug enable-external-tests && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: Setup Python
uses: actions/setup-python@v6.0.0
with:
python-version: ${{ matrix.PYTHON }}
- uses: dtolnay/rust-toolchain@0f44b27771c32bda9f458f75a1e241b09791b331
with:
toolchain: stable
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: test external pyca
run: make test TESTS="test_external_pyca" VERBOSE=1

82
.github/workflows/compiler-zoo.yml vendored
View File

@@ -1,82 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Compiler Zoo CI
on: [push]
permissions:
contents: read
jobs:
gcc:
strategy:
fail-fast: false
matrix:
gcc: [gcc-9, gcc-10, gcc-11, gcc-12, gcc-13, gcc-14]
runs-on: ubuntu-24.04
steps:
- name: install packages
run: |
sudo apt-get update
sudo apt-get -y install ${{ matrix.gcc }}
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
env:
CC: ${{ matrix.gcc }}
run: |
./config --strict-warnings --banner=Configured no-shared enable-fips
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
clang:
strategy:
fail-fast: false
matrix:
clang: [clang-11, clang-12, clang-13, clang-14, clang-15, clang-16, clang-17, clang-18, clang-19, clang-20]
runs-on: ubuntu-22.04
steps:
- name: install packages
run: |
set -euo pipefail
VERSION=$(awk -F- '{print $NF}' <<< ${{ matrix.clang }})
wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc
echo "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-$VERSION main" | sudo tee -a /etc/apt/sources.list
sudo apt-get update || true
sudo apt-get -y install ${{ matrix.clang }}
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
env:
CC: ${{ matrix.clang }}
run: |
./config --strict-warnings --banner=Configured no-shared enable-fips
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}

135
.github/workflows/coveralls.yml vendored
View File

@@ -1,135 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Coverage
on:
schedule:
- cron: '15 02 * * *'
workflow_dispatch:
inputs:
branch:
description: Branch to measure coverage
required: true
default: master
extra_config:
description: Extra options for configuration script
default: ""
permissions:
contents: read
jobs:
define-matrix:
runs-on: ubuntu-latest
outputs:
branches: ${{ steps.branches.outputs.branches }}
steps:
- name: Define branches
id: branches
env:
GITHUB_EVENT_INPUTS_BRANCH: ${{ github.event.inputs.branch }}
GITHUB_EVENT_INPUTS_EXTRA_CONFIG: ${{ github.event.inputs.extra_config }}
run: |
if [ "${{ github.event_name}}" = "workflow_dispatch" ]; then
MATRIX=$(cat << EOF
[{
"branch": "${GITHUB_EVENT_INPUTS_BRANCH}",
"extra_config": "${GITHUB_EVENT_INPUTS_EXTRA_CONFIG}"
}]
EOF
)
else
MATRIX=$(cat << EOF
[{
"branch": "openssl-3.6",
"extra_config": "no-afalgeng enable-fips enable-tfo"
},{
"branch": "openssl-3.5",
"extra_config": "no-afalgeng enable-fips enable-tfo"
},{
"branch": "openssl-3.4",
"extra_config": "no-afalgeng enable-fips enable-tfo"
}, {
"branch": "openssl-3.3",
"extra_config": "no-afalgeng enable-fips enable-tfo"
}, {
"branch": "openssl-3.2",
"extra_config": "no-afalgeng enable-fips enable-tfo"
}, {
"branch": "openssl-3.1",
"extra_config": "no-afalgeng enable-fips"
}, {
"branch": "openssl-3.0",
"extra_config": "no-afalgeng enable-fips"
}, {
"branch": "master",
"extra_config": "enable-fips enable-tfo enable-lms enable-crypto-mdebug enable-allocfail-tests"
}]
EOF
)
fi
echo "branches<<EOF"$'\n'"$MATRIX"$'\n'EOF >> "$GITHUB_OUTPUT"
coverage:
if: github.repository == 'openssl/openssl'
needs: define-matrix
permissions:
checks: write # for coverallsapp/github-action to create new checks
contents: read # for actions/checkout to fetch code
strategy:
fail-fast: false
matrix:
branches: ${{ fromJSON(needs.define-matrix.outputs.branches) }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
submodules: recursive
ref: ${{ matrix.branches.branch }}
persist-credentials: false
- name: cache commit id
run: |
echo "githubid=`/usr/bin/git log -1 --format='%H'`" >>$GITHUB_ENV
- name: package installs
run: |
sudo apt-get update
sudo apt-get -yq install lcov
sudo apt-get -yq install bison gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python3 python3-paste python3-pyrad slapd tcsh python3-virtualenv virtualenv python3-kdcproxy
- name: install Test2::V0 for gost_engine testing
uses: perl-actions/install-with-cpanm@10d60f00b4073f484fc29d45bfbe2f776397ab3d #v1.7
with:
install: Test2::V0
- name: setup hostname workaround
run: sudo hostname localhost
- name: config
run: CC=gcc ./config --debug --coverage ${{ matrix.branches.extra_config }} no-asm enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 enable-buildtest-c++ enable-ssl-trace enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test TESTS='-test_external_krb5' EVP_TEST_EXTENDED=1
- name: generate coverage info
run: lcov -d . -c
--exclude "${PWD}/test/*"
--exclude "${PWD}/fuzz/*"
--exclude "/usr/include/*"
--ignore-errors mismatch
--branch-coverage
-o ./lcov.info
- name: Coveralls upload
uses: coverallsapp/github-action@648a8eb78e6d50909eff900e4ec85cab4524a45b #v2.3.6
with:
github-token: ${{ secrets.github_token }}
git-branch: ${{ matrix.branches.branch }}
git-commit: ${{ env.githubid }}
path-to-lcov: ./lcov.info

237
.github/workflows/cross-compiles.yml vendored
View File

@@ -1,237 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Cross Compile
on: [pull_request, push]
permissions:
contents: read
jobs:
cross-compilation:
strategy:
fail-fast: false
matrix:
# The platform matrix specifies:
# arch: the architecture to build for, this defines the tool-chain
# prefix {arch}- and the Debian compiler package gcc-{arch}
# name.
# libs: the Debian package for the necessary link/runtime libraries.
# target: the OpenSSL configuration target to use, this is passed
# directly to the config command line.
# fips: set to "no" to disable building FIPS, leave unset to
# build the FIPS provider.
# tests: omit this to run all the tests using QEMU, set it to "none"
# to never run the tests, otherwise its value is passed to
# the "make test" command to allow selective disabling of
# tests.
# qemucpu: optional; string that describes CPU properties.
# The string will be used to set the QEMU_CPU variable.
# opensslcapsname: optional; string that describes the postfix of the
# OpenSSL environment variable that defines CPU
# capabilities. E.g. "foo" will result in an
# environment variable with the name OPENSSL_foo.
# opensslcaps: optional; if opensslcapsname (see above) is set, then
# this string will be used as content for the OpenSSL
# capabilities variable.
# ppa: Launchpad PPA repository to download packages from.
platform: [
{
arch: i386-pc-msdosdjgpp,
libs: libc-djgpp-dev libwatt-djgpp-dev djgpp-utils,
target: no-threads 386 DJGPP,
tests: none,
ppa: jwt27/djgpp-toolchain
}, {
arch: aarch64-linux-gnu,
libs: libc6-dev-arm64-cross,
target: linux-aarch64,
fips: no
}, {
arch: alpha-linux-gnu,
libs: libc6.1-dev-alpha-cross,
target: linux-alpha-gcc,
fips: no
}, {
arch: arm-linux-gnueabi,
libs: libc6-dev-armel-cross,
target: linux-armv4,
fips: no,
tests: -test_includes -test_store -test_x509_store
}, {
arch: arm-linux-gnueabihf,
libs: libc6-dev-armhf-cross,
target: linux-armv4,
fips: no,
tests: -test_includes -test_store -test_x509_store
}, {
# gcc hppa seems to have some potential compiler issues
# with -O2 on this platform, reduce optimization to -01
arch: hppa-linux-gnu,
libs: libc6-dev-hppa-cross,
target: -static -O1 linux-generic32,
fips: no,
tests: -test_includes -test_store -test_x509_store
}, {
arch: m68k-linux-gnu,
libs: libc6-dev-m68k-cross,
target: -static -m68040 linux-latomic -Wno-stringop-overflow,
fips: no,
tests: -test_includes -test_store -test_x509_store
}, {
arch: mips-linux-gnu,
libs: libc6-dev-mips-cross,
target: -static linux-mips32,
fips: no,
tests: -test_includes -test_store -test_x509_store
}, {
arch: mips64-linux-gnuabi64,
libs: libc6-dev-mips64-cross,
target: -static linux64-mips64,
fips: no
}, {
arch: mipsel-linux-gnu,
libs: libc6-dev-mipsel-cross,
target: linux-mips32,
fips: no,
tests: -test_includes -test_store -test_x509_store
}, {
arch: powerpc64le-linux-gnu,
libs: libc6-dev-ppc64el-cross,
target: linux-ppc64le,
fips: no
}, {
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no
}, {
arch: s390x-linux-gnu,
libs: libc6-dev-s390x-cross,
target: linux64-s390x,
fips: no
}, {
arch: sh4-linux-gnu,
libs: libc6-dev-sh4-cross,
target: no-async linux-latomic,
fips: no,
tests: -test_includes -test_store -test_x509_store
},
# These build with shared libraries but they crash when run
# They mirror static builds above in order to cover more of the
# code base.
{
arch: hppa-linux-gnu,
libs: libc6-dev-hppa-cross,
target: linux-generic32,
tests: none
}, {
arch: m68k-linux-gnu,
libs: libc6-dev-m68k-cross,
target: -mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic,
tests: none
}, {
arch: mips-linux-gnu,
libs: libc6-dev-mips-cross,
target: linux-mips32,
tests: none
}, {
arch: mips64-linux-gnuabi64,
libs: libc6-dev-mips64-cross,
target: linux64-mips64,
tests: none
},
# This build doesn't execute either with or without shared libraries.
{
arch: sparc64-linux-gnu,
libs: libc6-dev-sparc64-cross,
target: linux64-sparcv9,
tests: none
}
]
runs-on: ubuntu-latest
steps:
- name: install package repository
if: matrix.platform.ppa != ''
run: |
sudo add-apt-repository ppa:${{ matrix.platform.ppa }}
- name: install packages
run: |
sudo apt-get update
sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install \
gcc-${{ matrix.platform.arch }} \
${{ matrix.platform.libs }}
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config with FIPS
if: matrix.platform.fips != 'no'
run: |
./config --banner=Configured --strict-warnings enable-fips enable-lms \
--cross-compile-prefix=${{ matrix.platform.arch }}- \
${{ matrix.platform.target }}
- name: config without FIPS
if: matrix.platform.fips == 'no'
run: |
./config --banner=Configured --strict-warnings enable-lms \
--cross-compile-prefix=${{ matrix.platform.arch }}- \
${{ matrix.platform.target }}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: install qemu
if: matrix.platform.tests != 'none'
run: sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install qemu-user
- name: Set QEMU environment
if: matrix.platform.qemucpu != ''
run: echo "QEMU_CPU=${{ matrix.platform.qemucpu }}" >> $GITHUB_ENV
- name: Set OpenSSL caps environment
if: matrix.platform.opensslcapsname != ''
run: echo "OPENSSL_${{ matrix.platform.opensslcapsname }}=\
${{ matrix.platform.opensslcaps }}" >> $GITHUB_ENV
- name: get cpu info
if: matrix.platform.tests != 'none'
run: |
cat /proc/cpuinfo
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} ./util/opensslwrap.sh version -c
- name: make all tests
if: github.event_name == 'push' && matrix.platform.tests == ''
run: |
.github/workflows/make-test \
TESTS="-test_afalg" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: make some tests
if: github.event_name == 'push' && matrix.platform.tests != 'none' && matrix.platform.tests != ''
run: |
.github/workflows/make-test \
TESTS="${{ matrix.platform.tests }} -test_afalg" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: make evp tests
if: github.event_name == 'pull_request' && matrix.platform.tests != 'none'
run: |
.github/workflows/make-test \
TESTS="test_evp*" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "cross-compiles@${{ matrix.platform.arch }}"
path: artifacts.tar.gz
if-no-files-found: ignore

26
.github/workflows/deploy-docs-openssl-org.yml vendored
View File

@@ -1,26 +0,0 @@
name: "Trigger docs.openssl.org deployment"
on:
push:
branches:
- "openssl-3.[0-9]+"
- "master"
paths:
- "doc/man*/**"
permissions: {}
jobs:
trigger:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: "Trigger deployment workflow"
run: |
gh workflow run -f branch=${GITHUB_REF_NAME} deploy-site.yaml
sleep 3
RUN_ID=$(gh run list -w deploy-site.yaml -L 1 --json databaseId -q ".[0].databaseId")
gh run watch ${RUN_ID} --exit-status
env:
GH_REPO: "openssl/openssl-docs"
GH_TOKEN: ${{ secrets.OPENSSL_MACHINE_TOKEN }}

123
.github/workflows/fips-checksums.yml vendored
View File

@@ -1,123 +0,0 @@
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: FIPS Check and ABIDIFF
on: [pull_request]
permissions:
contents: read
jobs:
compute-checksums:
runs-on: ubuntu-latest
steps:
- name: install unifdef
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install unifdef
- name: create build dirs
run: |
mkdir ./build-pristine
mkdir ./source-pristine
mkdir ./build
mkdir ./source
mkdir ./artifact
- uses: actions/checkout@v5
with:
repository: ${{ github.event.pull_request.base.repo.full_name }}
ref: ${{ github.event.pull_request.base.ref }}
path: source-pristine
persist-credentials: false
- name: config pristine
run: ../source-pristine/config enable-fips
working-directory: ./build-pristine
- name: config pristine dump
run: ./configdata.pm --dump
working-directory: ./build-pristine
- name: make build_generated pristine
run: make -s build_generated
working-directory: ./build-pristine
- name: make fips-checksums pristine
run: make fips-checksums
working-directory: ./build-pristine
- uses: actions/checkout@v5
with:
path: source
persist-credentials: false
- name: config
run: ../source/config enable-fips
working-directory: ./build
- name: config dump
run: ./configdata.pm --dump
working-directory: ./build
- name: make build_generated
run: make -s build_generated
working-directory: ./build
- name: make fips-checksums
run: make fips-checksums
working-directory: ./build
- name: update checksums
run: |
cp -a build-pristine/providers/fips.module.sources.new source/providers/fips.module.sources
cp -a build-pristine/providers/fips-sources.checksums.new source/providers/fips-sources.checksums
cp -a build-pristine/providers/fips.checksum.new source/providers/fips.checksum
- name: make diff-fips-checksums
run: make diff-fips-checksums && touch ../artifact/fips_unchanged || ( touch ../artifact/fips_changed ; echo FIPS CHANGED )
working-directory: ./build
- name: save PR number
run: echo ${{ github.event.number }} > ./artifact/pr_num
- name: save artifact
uses: actions/upload-artifact@v4
with:
name: fips_checksum
path: artifact/
compute-abidiff:
runs-on: ubuntu-latest
env:
BUILD_OPTS: -g --strict-warnings enable-ktls enable-fips enable-egd enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-sctp enable-ssl3 enable-ssl3-method enable-trace enable-zlib enable-zstd
steps:
- name: create build dirs
run: |
mkdir ./build-pristine
mkdir ./source-pristine
mkdir ./build
mkdir ./source
mkdir ./artifact
- name: install extra config support
run: sudo apt-get -y install libsctp-dev abigail-tools libzstd-dev zstd
- uses: actions/checkout@v5
with:
repository: ${{ github.event.pull_request.base.repo.full_name }}
ref: ${{ github.event.pull_request.base.ref }}
path: source-pristine
persist-credentials: false
- name: config pristine
run: ../source-pristine/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
working-directory: ./build-pristine
- name: make pristine
run: make -s -j4
working-directory: ./build-pristine
- uses: actions/checkout@v5
with:
path: source
persist-credentials: false
- name: config
run: ../source/config --banner=Configured $BUILD_OPTS && perl configdata.pm --dump
working-directory: ./build
- name: make
run: make -s -j4
working-directory: ./build
- name: abidiff
run: abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libcrypto.so ./build/libcrypto.so && abidiff --headers-dir1 build-pristine/include/openssl --headers-dir2 build/include/openssl --drop-private-types ./build-pristine/libssl.so ./build/libssl.so && touch ./artifact/abi_unchanged || ( touch ./artifact/abi_changed ; echo ABI CHANGED )
- name: save PR number
run: echo ${{ github.event.number }} > ./artifact/pr_num
- name: save artifact
uses: actions/upload-artifact@v5
with:
name: abidiff
path: artifact/

141
.github/workflows/fips-label.yml vendored
View File

@@ -1,141 +0,0 @@
# Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: FIPS and ABI Changed Label
on:
workflow_run:
workflows: ["FIPS Check and ABIDIFF"]
types:
- completed
permissions:
contents: read
jobs:
apply-label:
permissions:
actions: read
pull-requests: write
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.event == 'pull_request' }}
steps:
- name: 'Download fipscheck artifact'
if: ${{ github.event.workflow_run.conclusion == 'success' }}
uses: actions/github-script@v8
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "fips_checksum"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
- run: unzip artifact.zip
if: ${{ github.event.workflow_run.conclusion == 'success' }}
- name: 'Check artifact and apply'
if: ${{ github.event.workflow_run.conclusion == 'success' }}
uses: actions/github-script@v8
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
var fs = require('fs');
var pr_num = Number(fs.readFileSync('./pr_num'));
if ( fs.existsSync('./fips_changed') ) {
github.rest.issues.addLabels({
issue_number: pr_num,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['severity: fips change']
});
} else if ( fs.existsSync('./fips_unchanged') ) {
var labels = await github.rest.issues.listLabelsOnIssue({
issue_number: pr_num,
owner: context.repo.owner,
repo: context.repo.repo
});
for ( var label in labels.data ) {
if (labels.data[label].name == 'severity: fips change') {
github.rest.issues.removeLabel({
issue_number: pr_num,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'severity: fips change'
});
}
}
}
- name: 'Cleanup artifact'
if: ${{ github.event.workflow_run.conclusion == 'success' }}
run: rm artifact.zip pr_num
- name: 'Download abidiff artifact'
if: ${{ github.event.workflow_run.conclusion == 'success' }}
uses: actions/github-script@v8
with:
script: |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({
owner: context.repo.owner,
repo: context.repo.repo,
run_id: ${{github.event.workflow_run.id }},
});
var matchArtifact = artifacts.data.artifacts.filter((artifact) => {
return artifact.name == "abidiff"
})[0];
var download = await github.rest.actions.downloadArtifact({
owner: context.repo.owner,
repo: context.repo.repo,
artifact_id: matchArtifact.id,
archive_format: 'zip',
});
var fs = require('fs');
fs.writeFileSync('${{github.workspace}}/artifact.zip', Buffer.from(download.data));
- run: unzip artifact.zip
if: ${{ github.event.workflow_run.conclusion == 'success' }}
- name: 'Check artifact and apply'
if: ${{ github.event.workflow_run.conclusion == 'success' }}
uses: actions/github-script@v8
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
var fs = require('fs');
var pr_num = Number(fs.readFileSync('./pr_num'));
if ( fs.existsSync('./abi_changed') ) {
github.rest.issues.addLabels({
issue_number: pr_num,
owner: context.repo.owner,
repo: context.repo.repo,
labels: ['severity: ABI change']
});
} else if ( fs.existsSync('./abi_unchanged') ) {
var labels = await github.rest.issues.listLabelsOnIssue({
issue_number: pr_num,
owner: context.repo.owner,
repo: context.repo.repo
});
for ( var label in labels.data ) {
if (labels.data[label].name == 'severity: ABI change') {
github.rest.issues.removeLabel({
issue_number: pr_num,
owner: context.repo.owner,
repo: context.repo.repo,
name: 'severity: ABI change'
});
}
}
}

81
.github/workflows/fuzz-checker.yml vendored
View File

@@ -1,81 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Fuzz-checker CI
on: [push]
permissions:
contents: read
jobs:
fuzz-checker:
strategy:
fail-fast: false
matrix:
fuzzy: [
{
name: AFL,
config: enable-fuzz-afl no-module,
install: afl++,
cc: afl-clang-fast
}, {
name: libFuzzer,
config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function,
libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
install: libfuzzer-18-dev,
cc: clang-18,
linker: clang++-18,
tests: -test_memleak
}, {
name: libFuzzer+,
config: enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION,
libs: --with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer,
extra: enable-fips enable-lms enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment enable-tls1_3 enable-weak-ssl-ciphers enable-rc5 enable-md2 enable-ssl3 enable-ssl3-method enable-nextprotoneg,
install: libfuzzer-18-dev,
cc: clang-18,
linker: clang++-18,
tests: -test_memleak
}
]
runs-on: ubuntu-24.04
steps:
- name: install packages
run: |
sudo apt-get update
sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install ${{ matrix.fuzzy.install }}
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: |
CC=${{ matrix.fuzzy.cc }} ./config --banner=Configured no-shared \
${{ matrix.fuzzy.config }} ${{ matrix.fuzzy.libs }} ${{ matrix.fuzzy.extra }}
- name: config dump
run: ./configdata.pm --dump
- name: make with explicit linker
if: matrix.fuzzy.linker != ''
run: LDCMD=${{ matrix.fuzzy.linker }} make -s -j4
- name: make sans explicit linker
if: matrix.fuzzy.linker == ''
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test restricted
if: matrix.fuzzy.tests != ''
run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4} TESTS="${{ matrix.fuzzy.tests }}"
- name: make test all
if: matrix.fuzzy.tests == ''
run: AFL_MAP_SIZE=300000 make test HARNESS_JOBS=${HARNESS_JOBS:-4}

106
.github/workflows/interop-tests.yml vendored
View File

@@ -1,106 +0,0 @@
# Notes:
# /__w/openssl is the path that github bind-mounts into the container so the ci
# filesystem for this job can be reached. Please note that any changes made to
# this job involving file system paths should be made prefixed with, or relative
# to that directory
name: Interoperability tests with GnuTLS, NSS and OpenSSH
on:
schedule:
- cron: '55 02 * * *'
workflow_dispatch:
permissions: {}
jobs:
test:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-22.04
container:
image: docker.io/fedora:40
options: --sysctl net.ipv6.conf.lo.disable_ipv6=0
timeout-minutes: 90
strategy:
fail-fast: false
matrix:
COMPONENT: [gnutls, nss]
env:
COMPONENT: ${{ matrix.COMPONENT }}
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: Display environment
run: export
- name : Install needed tools
run: |
dnf -y install perl gcc rpmdevtools dnf-utils make tmt-all beakerlib \
fips-mode-setup crypto-policies-scripts
- name: install interop tests
run: |
cd ${GITHUB_WORKSPACE}
git clone --branch=openssl-v0.1 --depth=1 https://gitlab.com/redhat-crypto/tests/interop.git
- name: build openssl as an rpm
run: |
mkdir -p /build/SPECS && cd /build && echo -e "%_topdir /build\n%_lto_cflags %{nil}" >~/.rpmmacros && rpmdev-setuptree
cd /build && cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.spec SPECS/ && \
cd SPECS/ && source ${GITHUB_WORKSPACE}/VERSION.dat && \
sed -i "s/soversion 3/soversion $SHLIB_VERSION/;s/^Version: .*\$/Version: $MAJOR.$MINOR.$PATCH/" openssl.spec && \
sed -i 's/^Release: .*$/Release: dev/' openssl.spec
yum-builddep -y /build/SPECS/openssl.spec # just for sure nothing is missing
mkdir -p /build/SOURCES
tar --transform "s/^__w\/openssl\/openssl/openssl-$MAJOR.$MINOR.$PATCH/" -czf /build/SOURCES/openssl-$MAJOR.$MINOR.$PATCH.tar.gz /__w/openssl/openssl/
rpmbuild -bb /build/SPECS/openssl.spec
rpm -i --force /build/RPMS/x86_64/openssl-*
cp ${GITHUB_WORKSPACE}/interop/openssl/openssl.cnf /etc/pki/tls/openssl.cnf
- name: Run interop tests
run: |
cd interop
tmt run -av plans -n interop tests -f "tag: interop-openssl & tag: interop-$COMPONENT" provision -h local --feeling-safe execute -h tmt --interactive
openssl version
echo "Finished - important to prevent unwanted output truncating"
openssh_interop:
if: github.repository == 'openssl/openssl'
name: "openssh interop ${{ matrix.branch.openssl }}"
strategy:
fail-fast: false
matrix:
branch: [
{ openssl: 'master', openssh: 'openssl-master', openssl_config: 'no-docs'},
{ openssl: 'openssl-3.6', openssh: 'openssl-3.6', openssl_config: 'no-docs'},
{ openssl: 'openssl-3.5', openssh: 'openssl-3.5', openssl_config: 'no-docs'},
{ openssl: 'openssl-3.4', openssh: 'openssl-3.4', openssl_config: 'no-docs'},
{ openssl: 'openssl-3.3', openssh: 'openssl-3.3', openssl_config: 'no-docs'},
{ openssl: 'openssl-3.2', openssh: 'openssl-3.2', openssl_config: 'no-docs'},
{ openssl: 'openssl-3.0', openssh: 'openssl-3.0', openssl_config: ''}
]
runs-on: ubuntu-latest
env:
EPHEMERAL_VM: yes
TEST_SSH_UNSAFE_PERMISSIONS: 1
TEST_SSH_HOSTBASED_AUTH: yes
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
ref: ${{ matrix.branch.openssl }}
fetch-depth: 1
- name: config
run: ./config --banner=Configured -fPIC --prefix=/opt/openssl ${{ matrix.openssl_config }} shared -Wl,-rpath,/opt/openssl/lib64 && perl configdata.pm --dump
- name: make
run: |
make -s -j4
make -s -j4 install_sw
- name: install dependencies of openssh
run: |
sudo apt-get update
sudo apt-get -yq install autoconf zlib1g-dev
- name: run openssh
run: |
git clone --branch master --depth 1 https://github.com/openssh/openssh-portable.git
cd openssh-portable
sh ./.github/setup_ci.sh ${{ matrix.branch.openssh }} ubuntu-latest
autoreconf
sh ./.github/configure.sh ${{ matrix.branch.openssh }}
make clean
make -s -j4
sh ./.github/run_test.sh

48
.github/workflows/make-release.yml vendored
View File

@@ -1,48 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: "Make release"
on:
push:
tags:
- "openssl-*"
permissions: {}
jobs:
release:
runs-on: "releaser"
steps:
- name: "Checkout"
uses: "actions/checkout@v5"
with:
fetch-depth: 1
ref: ${{ github.ref_name }}
github-server-url: "https://github.openssl.org/"
repository: "openssl/openssl"
token: ${{ secrets.GHE_TOKEN }}
path: ${{ github.ref_name }}
persist-credentials: false
- name: "Prepare assets"
env:
SIGNING_KEY_UID: ${{ vars.signing_key_uid }}
run: |
cd "$GITHUB_REF_NAME"
./util/mktar.sh
mkdir -p assets && mv "$GITHUB_REF_NAME.tar.gz" assets/ && cd assets
openssl sha1 -r "$GITHUB_REF_NAME.tar.gz" > "$GITHUB_REF_NAME.tar.gz.sha1"
openssl sha256 -r "$GITHUB_REF_NAME.tar.gz" > "$GITHUB_REF_NAME.tar.gz.sha256"
gpg -u "$SIGNING_KEY_UID" -o "$GITHUB_REF_NAME.tar.gz.asc" -sba "$GITHUB_REF_NAME.tar.gz"
- name: "Create release"
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN }}
run: |
VERSION=$(echo "$GITHUB_REF_NAME" | cut -d "-" -f 2-)
PRE_RELEASE=$([[ "$GITHUB_REF_NAME" =~ alpha|beta ]] && echo "-p" || echo "")
NOTES=$(curl -s "https://api.openssl.org/release-metadata/news/?version=$VERSION&capture_title=False")
gh release create "$GITHUB_REF_NAME" $PRE_RELEASE -t "OpenSSL $VERSION" -d --notes "$NOTES" -R "$GITHUB_REPOSITORY" "$GITHUB_REF_NAME/assets/"*

43
.github/workflows/make-test vendored
View File

@@ -1,43 +0,0 @@
#!/usr/bin/env bash
set -eo pipefail
cleanup() {
# Remove if nothing was generated.
[ -d artifacts ] && find artifacts -type d -empty -delete
}
trap cleanup EXIT
# Make a central directory to store all output artifacts of our test run to
# avoid having to configure multiple upload-artifacts steps in the workflow
# file.
OSSL_CI_ARTIFACTS_PATH="artifacts/"
if [ -n "${GITHUB_RUN_NUMBER}" ]; then
OSSL_CI_ARTIFACTS_PATH="artifacts/github-${GITHUB_JOB}-${GITHUB_RUN_NUMBER}-${GITHUB_RUN_ID}/"
fi
mkdir -p "$OSSL_CI_ARTIFACTS_PATH"
export OSSL_CI_ARTIFACTS_PATH="$(cd "$OSSL_CI_ARTIFACTS_PATH"; pwd)"
# Run the tests. This might fail, but we need to capture artifacts anyway.
set +e
make test HARNESS_JOBS=${HARNESS_JOBS:-4} "$@"
RESULT=$?
set -e
# Move an interesting subset of the test-runs data we want into the artifacts
# staging directory.
for test_name in quic_multistream; do
if [ -d "test-runs/test_${test_name}" ]; then
mv "test-runs/test_${test_name}" "$OSSL_CI_ARTIFACTS_PATH/"
fi
done
# Log the artifact tree.
echo "::group::List of artifact files generated"
echo "Test suite exited with $RESULT, artifacts path is $OSSL_CI_ARTIFACTS_PATH"
(cd "$OSSL_CI_ARTIFACTS_PATH"; find . -type f | sort)
echo "::endgroup::"
echo "Archive artifacts"
tar -czf artifacts.tar.gz $OSSL_CI_ARTIFACTS_PATH
exit $RESULT

343
.github/workflows/os-zoo.yml vendored
View File

@@ -1,343 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: OS Zoo CI
on:
schedule:
- cron: '50 02 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
alpine:
if: github.repository == 'openssl/openssl'
strategy:
fail-fast: false
matrix:
tag: [edge, latest]
cc: [gcc, clang]
runs-on: ubuntu-latest
container:
image: docker.io/library/alpine:${{ matrix.tag }}
env:
# See https://www.openwall.com/lists/musl/2022/02/16/14
# for the reason why -Wno-sign-compare is needed with clang
# -Wno-stringop-overflow is needed to silence a bogus
# warning on new fortify-headers with gcc
EXTRA_CFLAGS: ${{ matrix.cc == 'clang' && '-Wno-sign-compare' || matrix.tag == 'edge' && '-Wno-stringop-overflow' || '' }}
CC: ${{ matrix.cc }}
steps:
- name: install packages
run: apk --no-cache add build-base perl linux-headers ${{ matrix.cc }}
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: |
./config --strict-warnings --banner=Configured no-shared enable-fips \
${EXTRA_CFLAGS}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
linux:
if: github.repository == 'openssl/openssl'
strategy:
fail-fast: false
matrix:
zoo:
- image: docker.io/library/debian:11
install: apt-get update && apt-get install -y gcc make perl
- image: docker.io/library/debian:12
install: apt-get update && apt-get install -y gcc make perl
- image: docker.io/library/debian:trixie
install: apt-get update && apt-get install -y gcc make perl
- image: docker.io/library/ubuntu:20.04
install: apt-get update && apt-get install -y gcc make perl
- image: docker.io/library/ubuntu:22.04
install: apt-get update && apt-get install -y gcc make perl
- image: docker.io/library/ubuntu:24.04
install: apt-get update && apt-get install -y gcc make perl
- image: docker.io/library/fedora:41
install: dnf install -y gcc make perl-core
- image: docker.io/library/fedora:42
install: dnf install -y gcc make perl-core
- image: docker.io/library/centos:8
install: |
sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && \
sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* && \
dnf install -y gcc make perl-core
- image: docker.io/library/rockylinux:8
install: dnf install -y gcc make perl-core
- image: docker.io/library/rockylinux:9
install: dnf install -y gcc make perl-core
runs-on: ubuntu-latest
container: ${{ matrix.zoo.image }}
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: install packages
run: ${{ matrix.zoo.install }}
- name: config
run: ./config
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
macos:
if: github.repository == 'openssl/openssl'
strategy:
fail-fast: false
matrix:
os: [macos-14, macos-15, macos-15-intel]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured enable-fips enable-demos enable-h3demo
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
sysctl machdep.cpu
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
windows:
if: github.repository == 'openssl/openssl'
strategy:
fail-fast: false
matrix:
platform:
- os: windows-2022
vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat
- os: windows-2025
vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat
runs-on: ${{ matrix.platform.os }}
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: install nasm
run: |
choco install nasm
"C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
- name: prepare the build directory
run: mkdir _build
- name: config
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
perl ..\Configure --banner=Configured --strict-warnings no-makedepend enable-fips
perl configdata.pm --dump
- name: build
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
nmake /S
- name: download coreinfo
run: |
mkdir _build\coreinfo
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
- name: get cpu info
working-directory: _build
run: |
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
apps/openssl.exe version -c
- name: test
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4
linux-arm64:
runs-on: ubuntu-24.04-arm
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -j4
- name: get cpu info
run: ./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
linux-x86:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: run container
run: |
CONTAINER_ID=$(podman run -d -v $(pwd):/mnt -w /mnt --platform=linux/i386 docker.io/i386/debian:13 sleep infinity)
echo "CONTAINER_ID=$CONTAINER_ID" >> "$GITHUB_ENV"
- name: install dependencies
run:
podman exec -t $CONTAINER_ID sh -c "apt-get update && apt-get install -y gcc perl make"
- name: config
run: |
podman exec -t $CONTAINER_ID sh -c \
"./config --strict-warnings linux-x86 enable-demos enable-fips enable-lms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace"
- name: config dump
run: |
podman exec -t $CONTAINER_ID sh -c \
"./configdata.pm --dump"
- name: make
run: |
podman exec -t $CONTAINER_ID sh -c \
"make -j"
- name: get cpu info
run: |
cat /proc/cpuinfo
podman exec -t $CONTAINER_ID sh -c \
"./util/opensslwrap.sh version -c"
- name: make test
run: |
podman exec -t $CONTAINER_ID sh -c \
".github/workflows/make-test"
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@linux-x86"
path: artifacts.tar.gz
linux-ppc64le:
runs-on: linux-ppc64le
if: github.repository == 'openssl/openssl'
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
linux-s390x:
runs-on: linux-s390x
if: github.repository == 'openssl/openssl'
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config --strict-warnings enable-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
linux-riscv64:
runs-on: linux-riscv64
if: github.repository == 'openssl/openssl'
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -j8
- name: get cpu info
run: ./util/opensslwrap.sh version -c
- name: make test
env:
OPENSSL_riscvcap: RV64GC_ZBA_ZBB_ZBC_ZBS_ZKT_V
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
freebsd-x86_64:
runs-on: ubuntu-latest
if: github.repository == 'openssl/openssl'
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
shutdown_vm: false
run: |
sudo pkg install -y gcc perl5
./config --strict-warnings enable-fips enable-ec_nistp_64_gcc_128 enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-trace
- name: config dump
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
shutdown_vm: false
run: ./configdata.pm --dump
- name: make
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
shutdown_vm: false
run: make -j4
- name: make test
uses: cross-platform-actions/action@46e8d7fb25520a8d6c64fd2b7a1192611da98eda #v0.30.0
with:
operating_system: freebsd
version: "13.4"
run: |
./util/opensslwrap.sh version -c
.github/workflows/make-test

41
.github/workflows/oss-fuzz.yml vendored
View File

@@ -1,41 +0,0 @@
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: CIFuzz
on:
schedule:
- cron: '50 01 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
Fuzzing:
runs-on: ubuntu-latest
steps:
- name: Clear unnecessary files
run: |
df
sudo rm -rf /usr/share/dotnet /usr/share/swift /usr/local/.ghcup /usr/local/share/powershell /usr/local/share/chromium /usr/local/lib/android /usr/local/lib/node_modules
df
- name: Build Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: 'openssl'
dry-run: false
- name: Run Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: 'openssl'
fuzz-seconds: 600
dry-run: false
- name: Upload Crash
uses: actions/upload-artifact@v5
if: failure()
with:
name: artifacts
path: ./out/artifacts

53
.github/workflows/perl-minimal-checker.yml vendored
View File

@@ -1,53 +0,0 @@
# Copyright 2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Jobs run per pull request submission
name: Perl-minimal-checker CI
on: [pull_request, push]
permissions:
contents: read
jobs:
perl-minimal-checker:
runs-on: ubuntu-latest
steps:
- name: Install perl 5.10
run: |
pushd /tmp
mkdir perl
wget https://www.cpan.org/src/5.0/perl-5.10.1.tar.bz2
tar xf perl-5.10.1.tar.bz2
cd perl-5.10.1
./Configure -des -Dprefix=/tmp/perl -A ccflags='-Wno-incompatible-pointer-types' -A define:malloctype='void *' -A define:freetype='void' -Dlibs='-ldl -lm -lutil -lc'
make -j $(nproc) perl
make install
popd
- name: Install Test::More 0.96
run: |
pushd /tmp
wget https://cpan.metacpan.org/authors/id/M/MS/MSCHWERN/Test-Simple-0.96.tar.gz
tar xf Test-Simple-0.96.tar.gz
cd Test-Simple-0.96
PATH="/tmp/perl/bin:$PATH"
perl Makefile.PL
make -j$(nproc) && make install
perl -MTest::More -e 'print "$Test::More::VERSION\n"'
popd
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: Build openssl
run: ./config && make -j $(nproc)
- name: Install sed
run: sudo apt update && sudo apt install sed
- name: Check minimal version compliance
run: |
PM_FILES=($(find . -name "*.pm"))
perl -v
status=0
for p in "${PM_FILES[@]}"; do perl -I"$(pwd)/util/perl" -I"$(pwd)" -I"$(pwd)/external/perl/Text-Template-1.56/lib" -c "$p" | sed -n '/@INC/{p; q1}' || status=1; done;
exit $status

278
.github/workflows/prov-compat-label.yml vendored
View File

@@ -1,278 +0,0 @@
# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This verifies that FIPS and legacy providers built against some earlier
# released versions continue to run against the current branch.
name: Provider compatibility for PRs
on: [pull_request]
permissions:
contents: read
env:
opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
jobs:
fips-releases:
if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
strategy:
matrix:
release: [
# Formally released versions should be added here.
# `dir' it the directory inside the tarball.
# `tgz' is the name of the tarball.
# `url' is the download URL.
{
dir: openssl-3.0.0,
tgz: openssl-3.0.0.tar.gz,
url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz",
},
{
dir: openssl-3.0.8,
tgz: openssl-3.0.8.tar.gz,
url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz",
},
{
dir: openssl-3.0.9,
tgz: openssl-3.0.9.tar.gz,
url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz",
},
{
dir: openssl-3.1.2,
tgz: openssl-3.1.2.tar.gz,
url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz",
},
]
runs-on: ubuntu-latest
steps:
- name: create download directory
run: mkdir downloads
- name: download release source
run: wget --no-verbose ${{ matrix.release.url }}
working-directory: downloads
- name: unpack release source
run: tar xzf downloads/${{ matrix.release.tgz }}
- name: localegen
run: sudo locale-gen tr_TR.UTF-8
- name: config release
run: |
./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
working-directory: ${{ matrix.release.dir }}
- name: config dump release
run: ./configdata.pm --dump
working-directory: ${{ matrix.release.dir }}
- name: make release
run: make -s -j4
working-directory: ${{ matrix.release.dir }}
- name: create release artifacts
run: |
tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }}
- name: show module versions from release
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.release.dir }}
- uses: actions/upload-artifact@v5
with:
name: ${{ matrix.release.tgz }}
path: ${{ matrix.release.tgz }}
retention-days: 7
development-branches:
if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
strategy:
matrix:
branch: [
# Currently supported FIPS capable branches should be added here.
# `name' is the branch name used to checkout out.
# `dir' directory that will be used to build and test in.
# `tgz' is the name of the tarball use to keep the artifacts of
# the build.
{
name: '',
dir: PR,
tgz: PR.tar.gz,
}, {
name: openssl-3.0,
dir: branch-3.0,
tgz: branch-3.0.tar.gz,
}, {
name: openssl-3.3,
dir: branch-3.3,
tgz: branch-3.3.tar.gz,
}, {
name: openssl-3.4,
dir: branch-3.4,
tgz: branch-3.4.tar.gz,
}, {
name: openssl-3.5,
dir: branch-3.5,
tgz: branch-3.5.tar.gz,
}, {
name: openssl-3.6,
dir: branch-3.6,
tgz: branch-3.6.tar.gz,
}, {
name: master,
dir: branch-master,
tgz: branch-master.tar.gz,
},
]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
path: ${{ matrix.branch.dir }}
repository: openssl/openssl
ref: ${{ matrix.branch.name }}
persist-credentials: false
- name: localegen
run: sudo locale-gen tr_TR.UTF-8
- name: config branch
run: |
./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
working-directory: ${{ matrix.branch.dir }}
- name: config dump current
run: ./configdata.pm --dump
working-directory: ${{ matrix.branch.dir }}
- name: make branch
run: make -s -j4
working-directory: ${{ matrix.branch.dir }}
- name: create branch artifacts
run: |
tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }}
- name: show module versions from branch
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.branch.dir }}
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
working-directory: ${{ matrix.branch.dir }}
- uses: actions/upload-artifact@v5
with:
name: ${{ matrix.branch.tgz }}
path: ${{ matrix.branch.tgz }}
retention-days: 7
cross-testing:
if: ${{ contains(github.event.pull_request.labels.*.name,'extended tests') }}
needs: [fips-releases, development-branches]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# These can't be figured out earlier and included here as a variable
# substitution.
#
# Note that releases are not used as a test environment for
# later providers. Problems in these situations ought to be
# caught by cross branch testing before the release.
tree_a: [ branch-3.6, branch-3.5, branch-3.4, branch-3.3, branch-3.0,
openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
tree_b: [ PR ]
include:
- tree_a: PR
tree_b: branch-master
- tree_a: PR
tree_b: branch-3.6
- tree_a: PR
tree_b: branch-3.5
- tree_a: PR
tree_b: branch-3.4
- tree_a: PR
tree_b: branch-3.3
- tree_a: PR
tree_b: branch-3.0
steps:
- name: early exit checks
id: early_exit
env:
B_BRANCH: ${{ matrix.tree_b }}
PR_LABELS: ${{ toJson(github.event.pull_request.labels.*.name) }}
run: |
b_ver=${B_BRANCH#branch-}
b_label="branch: $b_ver"
if [[ "$PR_LABELS" == *"$b_label"* ]]; then
echo "Skipping branches modified by the PR"
echo "skip=true" >> "$GITHUB_OUTPUT"
else
echo "skip=false" >> "$GITHUB_OUTPUT"
fi
- uses: actions/download-artifact@v6.0.0
if: steps.early_exit.outputs.skip != 'true'
with:
name: ${{ matrix.tree_a }}.tar.gz
- name: unpack first build
if: steps.early_exit.outputs.skip != 'true'
run: tar xzf "${{ matrix.tree_a }}.tar.gz"
- uses: actions/download-artifact@v6.0.0
if: steps.early_exit.outputs.skip != 'true'
with:
name: ${{ matrix.tree_b }}.tar.gz
- name: unpack second build
if: steps.early_exit.outputs.skip != 'true'
run: tar xzf "${{ matrix.tree_b }}.tar.gz"
- name: set up cross validation of FIPS from A with tree from B
if: steps.early_exit.outputs.skip != 'true'
run: |
cp providers/fips.so ../${{ matrix.tree_b }}/providers/
cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/
working-directory: ${{ matrix.tree_a }}
- name: show module versions from cross validation
if: steps.early_exit.outputs.skip != 'true'
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.tree_b }}
- name: get cpu info
if: steps.early_exit.outputs.skip != 'true'
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
working-directory: ${{ matrix.tree_b }}
- name: run cross validation tests of FIPS from A with tree from B
if: steps.early_exit.outputs.skip != 'true'
run: |
make test HARNESS_JOBS=${HARNESS_JOBS:-4}
working-directory: ${{ matrix.tree_b }}

277
.github/workflows/provider-compatibility.yml vendored
View File

@@ -1,277 +0,0 @@
# Copyright 2023-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This verifies that FIPS and legacy providers built against some earlier
# released versions continue to run against the current branch.
name: Provider compatibility across versions
# Please note there is no point in running this job on PR as the tests
# will always run against the tips of the branches in the main repository
# and not the branch from the PR.
# Use the `extended tests` label to run provider compatibility checks
# on PRs.
on:
schedule:
- cron: '10 02 * * *'
workflow_dispatch:
permissions:
contents: read
env:
opts: enable-rc5 enable-md2 enable-ssl3 enable-weak-ssl-ciphers enable-zlib
jobs:
fips-releases:
if: github.repository == 'openssl/openssl'
strategy:
matrix:
release: [
# Formally released versions should be added here.
# `dir' it the directory inside the tarball.
# `tgz' is the name of the tarball.
# `url' is the download URL.
{
dir: openssl-3.0.0,
tgz: openssl-3.0.0.tar.gz,
url: "https://www.openssl.org/source/old/3.0/openssl-3.0.0.tar.gz",
},
{
dir: openssl-3.0.8,
tgz: openssl-3.0.8.tar.gz,
url: "https://www.openssl.org/source/openssl-3.0.8.tar.gz",
},
{
dir: openssl-3.0.9,
tgz: openssl-3.0.9.tar.gz,
url: "https://www.openssl.org/source/openssl-3.0.9.tar.gz",
},
{
dir: openssl-3.1.2,
tgz: openssl-3.1.2.tar.gz,
url: "https://www.openssl.org/source/openssl-3.1.2.tar.gz",
},
]
runs-on: ubuntu-latest
steps:
- name: create download directory
run: mkdir downloads
- name: download release source
run: wget --no-verbose ${{ matrix.release.url }}
working-directory: downloads
- name: unpack release source
run: tar xzf downloads/${{ matrix.release.tgz }}
- name: localegen
run: sudo locale-gen tr_TR.UTF-8
- name: config release
run: |
./config --banner=Configured enable-shared enable-fips ${{ env.opts }}
working-directory: ${{ matrix.release.dir }}
- name: config dump release
run: ./configdata.pm --dump
working-directory: ${{ matrix.release.dir }}
- name: make release
run: make -s -j4
working-directory: ${{ matrix.release.dir }}
- name: create release artifacts
run: |
tar cz -H posix -f ${{ matrix.release.tgz }} ${{ matrix.release.dir }}
- name: show module versions from release
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.release.dir }}
- uses: actions/upload-artifact@v5
with:
name: ${{ matrix.release.tgz }}
path: ${{ matrix.release.tgz }}
retention-days: 7
development-branches:
if: github.repository == 'openssl/openssl'
strategy:
matrix:
branch: [
# Currently supported FIPS capable branches should be added here.
# `name' is the branch name used to checkout out.
# `dir' directory that will be used to build and test in.
# `tgz' is the name of the tarball use to keep the artifacts of
# the build.
# `extra_config` adds extra config build option for the branch.
{
name: openssl-3.0,
dir: branch-3.0,
tgz: branch-3.0.tar.gz,
extra_config: "",
}, {
name: openssl-3.3,
dir: branch-3.3,
tgz: branch-3.3.tar.gz,
extra_config: "",
}, {
name: openssl-3.4,
dir: branch-3.4,
tgz: branch-3.4.tar.gz,
extra_config: "",
}, {
name: openssl-3.5,
dir: branch-3.5,
tgz: branch-3.5.tar.gz,
extra_config: "",
}, {
name: openssl-3.6,
dir: branch-3.6,
tgz: branch-3.6.tar.gz,
extra_config: "enable-lms",
}, {
name: master,
dir: branch-master,
tgz: branch-master.tar.gz,
extra_config: "enable-lms",
},
]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
path: ${{ matrix.branch.dir }}
repository: openssl/openssl
ref: ${{ matrix.branch.name }}
persist-credentials: false
- name: localegen
run: sudo locale-gen tr_TR.UTF-8
- name: config branch
run: |
./config --banner=Configured enable-shared enable-fips ${{ env.opts }} ${{ matrix.branch.extra_config }}
working-directory: ${{ matrix.branch.dir }}
- name: config dump current
run: ./configdata.pm --dump
working-directory: ${{ matrix.branch.dir }}
- name: make branch
run: make -s -j4
working-directory: ${{ matrix.branch.dir }}
- name: create branch artifacts
run: |
tar cz -H posix -f ${{ matrix.branch.tgz }} ${{ matrix.branch.dir }}
- name: show module versions from branch
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.branch.dir }}
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
working-directory: ${{ matrix.branch.dir }}
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
working-directory: ${{ matrix.branch.dir }}
- uses: actions/upload-artifact@v5
with:
name: ${{ matrix.branch.tgz }}
path: ${{ matrix.branch.tgz }}
retention-days: 7
cross-testing:
if: github.repository == 'openssl/openssl'
needs: [fips-releases, development-branches]
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
# These can't be figured out earlier and included here as a variable
# substitution.
#
# Note that releases are not used as a test environment for
# later providers. Problems in these situations ought to be
# caught by cross branch testing before the release.
tree_a: [ branch-master, branch-3.6, branch-3.5, branch-3.4, branch-3.3,
branch-3.0,
openssl-3.0.0, openssl-3.0.8, openssl-3.0.9, openssl-3.1.2 ]
tree_b: [ branch-master, branch-3.6, branch-3.5, branch-3.4, branch-3.3,
branch-3.0 ]
steps:
- name: early exit checks
id: early_exit
run: |
if [ "${{ matrix.tree_a }}" = "${{ matrix.tree_b }}" ]; then
echo "Skipping because both are the same version"
echo "skip=true" >> "$GITHUB_OUTPUT"
else
echo "skip=false" >> "$GITHUB_OUTPUT"
fi
- uses: actions/download-artifact@v6.0.0
if: steps.early_exit.outputs.skip != 'true'
with:
name: ${{ matrix.tree_a }}.tar.gz
- name: unpack first build
if: steps.early_exit.outputs.skip != 'true'
run: tar xzf "${{ matrix.tree_a }}.tar.gz"
- uses: actions/download-artifact@v6.0.0
if: steps.early_exit.outputs.skip != 'true'
with:
name: ${{ matrix.tree_b }}.tar.gz
- name: unpack second build
if: steps.early_exit.outputs.skip != 'true'
run: tar xzf "${{ matrix.tree_b }}.tar.gz"
- name: set up cross validation of FIPS from A with tree from B
if: steps.early_exit.outputs.skip != 'true'
run: |
cp providers/fips.so ../${{ matrix.tree_b }}/providers/
cp providers/fipsmodule.cnf ../${{ matrix.tree_b }}/providers/
working-directory: ${{ matrix.tree_a }}
- name: show module versions from cross validation
if: steps.early_exit.outputs.skip != 'true'
run: |
./util/wrap.pl -fips apps/openssl list -provider-path providers \
-provider base \
-provider default \
-provider fips \
-provider legacy \
-providers
working-directory: ${{ matrix.tree_b }}
- name: get cpu info
if: steps.early_exit.outputs.skip != 'true'
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
working-directory: ${{ matrix.tree_b }}
- name: run cross validation tests of FIPS from A with tree from B
if: steps.early_exit.outputs.skip != 'true'
run: |
make test HARNESS_JOBS=${HARNESS_JOBS:-4}
working-directory: ${{ matrix.tree_b }}

265
.github/workflows/riscv-more-cross-compiles.yml vendored
View File

@@ -1,265 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Cross Compile for RISC-V Extensions
on:
pull_request:
types: [opened, reopened, edited, synchronize]
push:
schedule:
- cron: '35 02 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
cross-compilation-riscv:
# pull request title contains 'riscv'
# pull request title contains 'RISC-V'
# pull request body contains '[riscv ci]'
# push event commit message contains '[riscv ci]'
# cron job
# manual dispatch
if: contains(github.event.pull_request.title, 'riscv') || contains(github.event.pull_request.title, 'RISC-V') || contains(github.event.pull_request.body, '[riscv ci]') || contains(github.event.head_commit.message, '[riscv ci]') || (github.event_name == 'schedule' && github.repository == 'openssl/openssl') || github.event_name == 'workflow_dispatch'
strategy:
fail-fast: false
matrix:
# The platform matrix specifies:
# arch: the architecture to build for, this defines the tool-chain
# prefix {arch}- and the Debian compiler package gcc-{arch}
# name.
# libs: the Debian package for the necessary link/runtime libraries.
# target: the OpenSSL configuration target to use, this is passed
# directly to the config command line.
# fips: set to "no" to disable building FIPS, leave unset to
# build the FIPS provider.
# tests: omit this to run all the tests using QEMU, set it to "none"
# to never run the tests, otherwise its value is passed to
# the "make test" command to allow selective disabling of
# tests.
# qemucpu: optional; string that describes CPU properties.
# The string will be used to set the QEMU_CPU variable.
# opensslcapsname: optional; string that describes the postfix of the
# OpenSSL environment variable that defines CPU
# capabilities. E.g. "foo" will result in an
# environment variable with the name OPENSSL_foo.
# opensslcaps: optional; if opensslcapsname (see above) is set, then
# this string will be used as content for the OpenSSL
# capabilities variable.
# ppa: Launchpad PPA repository to download packages from.
platform: [
# Scalar Crypto
{
# RV64GC with bitmanip and scalar crypto extensions
# crypto/aes/asm/aes-riscv64-zkn.pl
# crypto/modes/gcm128.c
# The following paths only use ZBB
# crypto/sha/asm/sha256-riscv64-zbb.pl
# crypto/sha/asm/sha512-riscv64-zbb.pl
# crypto/sm3/asm/sm3-riscv64-zbb.pl
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
qemucpu: "rv64,zbb=true,zbc=true,zbkb=true,zknd=true,zkne=true",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_zbb_zbc_zbkb_zknd_zkne"
}, {
# RV64GC ZBC ZBB, but without ZBKB
# crypto/modes/gcm128.c
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
qemucpu: "rv64,zbc=true,zbb=true,zbkb=false",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_zbc_zbb"
}, {
# RV64GC ZBC, but without ZBB/ZBKB
# crypto/modes/gcm128.c
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
qemucpu: "rv64,zbc=true,zbb=false,zbkb=false",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_zbc"
}, {
# Vector Crypto
# RV64GC V ZBB, but without ZVKB
# For chacha20 vector-only path from #24069
# crypto/chacha/asm/chacha-riscv64-v-zbb.pl
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
qemucpu: "rv64,v=true,vlen=128,zbb=true,zvbb=false,zvkb=false",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_v_zbb"
}, {
# RV64GC V ZVKG, but without ZVKB
# crypto/modes/gcm128.c
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
# do not use zvkb flag for qemucpu as ubuntu-latest (24.04) uses QEMU 8.2.2
# see https://lists.nongnu.org/archive/html/qemu-devel/2024-05/msg02231.html
# Should be zvkg=true,zvbb=false,zvkb=false
qemucpu: "rv64,v=true,vlen=128,zvkg=true,zvbb=false",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_v_zvkg"
}, {
# RV64GC V ZVKB ZVBC, but without ZVKG
# crypto/modes/gcm128.c
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
# do not use zvkb flag for qemucpu as ubuntu-latest (24.04) uses QEMU 8.2.2
# see https://lists.nongnu.org/archive/html/qemu-devel/2024-05/msg02231.html
# Should be zvkb=true,zvbc=true,zvkg=false
qemucpu: "rv64,v=true,vlen=128,zvbb=true,zvbc=true,zvkg=false",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_v_zvkb_zvbc"
}, {
# RV64GC V ZVKNED, but without ZVBB/ZVKB/ZVKG
# crypto/aes/asm/aes-riscv64-zvkned.pl
# providers/implementations/ciphers/cipher_aes_xts_hw.c
# providers/implementations/ciphers/cipher_aes_hw_rv64i.inc
# providers/implementations/ciphers/cipher_aes_gcm_hw_rv64i.inc
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
qemucpu: "rv64,v=true,vlen=128,zvkned=true,zvbb=false,zvkb=false,zvkg=false",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_v_zvkned"
}, {
# RV64GC with all currently OpenSSL-supported extensions
# crypto/chacha/chacha_riscv.c (with ZVKB)
# crypto/modes/gcm128.c (with ZVKG/ZVKB)
# crypto/sm3/asm/sm3-riscv64-zvksh.pl
# crypto/sm4/asm/sm4-riscv64-zvksed.pl
# crypto/aes/asm/aes-riscv64-zvbb-zvkg-zvkned.pl
# crypto/aes/asm/aes-riscv64-zvkb-zvkned.pl
# crypto/modes/asm/ghash-riscv64-zvkg.pl
# crypto/modes/asm/aes-gcm-riscv64-zvkb-zvkg-zvkned.pl
# crypto/modes/asm/ghash-riscv64-zvkb-zvbc.pl
# crypto/sha/asm/sha256-riscv64-zvkb-zvknha_or_zvknhb.pl
# crypto/sha/asm/sha512-riscv64-zvkb-zvknhb.pl
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: linux64-riscv64,
fips: no,
qemucpu: "rv64,zba=true,zbb=true,zbc=true,zbs=true,zbkb=true,zbkc=true,zbkx=true,zknd=true,zkne=true,zknh=true,zksed=true,zksh=true,zkr=true,zkt=true,v=true,vlen=128,zvbb=true,zvbc=true,zvkb=true,zvkg=true,zvkned=true,zvknha=true,zvknhb=true,zvksed=true,zvksh=true",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_zba_zbb_zbc_zbs_zbkb_zbkc_zbkx_zknd_zkne_zknh_zksed_zksh_zkr_zkt_v_zvbb_zvbc_zvkb_zvkg_zvkned_zvknha_zvknhb_zvksed_zvksh"
}, {
# Inline asm
# zbb/zbkb:
# include/crypto/md32_common.h
# include/crypto/modes.h
# crypto/chacha/chacha_enc.c
# crypto/des/des_local.h
# zknh (zbt/zpn not available in QEMU):
# crypto/sha/sha512.c
# crypto/sha/sha256.c
# zksh:
# crypto/sm3/sm3_local.h
arch: riscv64-linux-gnu,
libs: libc6-dev-riscv64-cross,
target: -march=rv64gc_zbb_zbkb_zknh_zksh linux64-riscv64,
fips: no,
qemucpu: "rv64,zbb=true,zbkb=true,zknh=true,zksh=true",
opensslcapsname: riscvcap, # OPENSSL_riscvcap
opensslcaps: "rv64gc_inlineasm" # for uploading artifact
}
]
runs-on: ubuntu-latest
steps:
- name: install package repository
if: matrix.platform.ppa != ''
run: |
sudo add-apt-repository ppa:${{ matrix.platform.ppa }}
- name: install packages
run: |
sudo apt-get update
sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install \
gcc-${{ matrix.platform.arch }} \
${{ matrix.platform.libs }}
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config with FIPS
if: matrix.platform.fips != 'no'
run: |
./config --banner=Configured --strict-warnings enable-fips enable-lms \
--cross-compile-prefix=${{ matrix.platform.arch }}- \
${{ matrix.platform.target }}
- name: config without FIPS
if: matrix.platform.fips == 'no'
run: |
./config --banner=Configured --strict-warnings enable-lms \
--cross-compile-prefix=${{ matrix.platform.arch }}- \
${{ matrix.platform.target }}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: install qemu
if: matrix.platform.tests != 'none'
run: sudo apt-get -yq --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install qemu-user
- name: Set QEMU environment
if: matrix.platform.qemucpu != ''
run: echo "QEMU_CPU=${{ matrix.platform.qemucpu }}" >> $GITHUB_ENV
- name: Set OpenSSL caps environment
if: matrix.platform.opensslcapsname != ''
run: echo "OPENSSL_${{ matrix.platform.opensslcapsname }}=\
${{ matrix.platform.opensslcaps }}" >> $GITHUB_ENV
- name: get cpu info
run: cat /proc/cpuinfo
- name: get openssl cpu info
if: matrix.platform.tests != 'none'
run: QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }} ./util/opensslwrap.sh info -cpusettings
- name: make all tests
if: github.event_name == 'push' && matrix.platform.tests == ''
run: |
.github/workflows/make-test \
TESTS="-test_afalg" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: make some tests
if: github.event_name == 'push' && matrix.platform.tests != 'none' && matrix.platform.tests != ''
run: |
.github/workflows/make-test \
TESTS="${{ matrix.platform.tests }} -test_afalg" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: make evp tests
if: github.event_name == 'pull_request' && matrix.platform.tests != 'none'
run: |
.github/workflows/make-test \
TESTS="test_evp*" \
QEMU_LD_PREFIX=/usr/${{ matrix.platform.arch }}
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "cross-compiles-riscv@${{ matrix.platform.opensslcaps }}"
path: artifacts.tar.gz
if-no-files-found: ignore

67
.github/workflows/run-checker-ci.yml vendored
View File

@@ -1,67 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# Jobs run per pull request submission
name: Run-checker CI
on: [pull_request, push]
permissions:
contents: read
env:
OSSL_RUN_CI_TESTS: 1
jobs:
run-checker:
strategy:
fail-fast: false
matrix:
opt: [
no-cmp,
no-cms,
no-dgram,
no-dh,
no-dtls,
no-ec,
no-ecx,
no-ml-dsa,
no-ml-kem,
no-http,
no-legacy,
no-sock,
no-sm2,
no-stdio,
no-threads,
no-thread-pool,
no-default-thread-pool,
no-tls,
no-tls1_2,
no-tls1_3,
enable-trace enable-fips,
no-ui,
no-quic
]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=clang ./config --banner=Configured --strict-warnings ${{ matrix.opt }}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
- name: Check platform symbol usage
run: ./util/checkplatformsyms.pl ./util/platform_symbols/unix-symbols.txt ./libcrypto.so ./libssl.so
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}

441
.github/workflows/run-checker-daily.yml vendored
View File

@@ -1,441 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Run-checker daily
# Jobs run daily
on:
schedule:
- cron: '30 02 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
run-checker:
if: github.repository == 'openssl/openssl'
strategy:
fail-fast: false
matrix:
opt: [
386,
no-apps,
no-argon2,
no-aria,
no-asan,
no-asm,
no-async,
no-atexit,
no-autoalginit,
no-autoerrinit,
no-autoload-config,
no-bf,
no-blake2,
no-buildtest-c++,
no-bulk,
no-cached-fetch,
no-camellia,
no-cast,
no-chacha,
no-cmac,
no-comp,
enable-crypto-mdebug,
enable-crypto-mdebug-backtrace,
no-ct,
enable-demos,
no-deprecated,
no-des,
no-docs,
no-dsa,
no-dtls1,
no-dtls1_2,
no-dtls1_2-method,
no-dtls1-method,
no-ecdh,
no-ecdsa,
enable-ec_nistp_64_gcc_128,
enable-egd,
# enable-external-tests, # Requires extra setup
enable-fips,
enable-fips enable-acvp-tests,
enable-fips no-tls1_3,
enable-fips no-des no-dsa no-ec2m,
# enable-fuzz-afl, # Requires extra setup
# enable-fuzz-libfuzzer, # Requires extra setup
no-gost,
enable-h3demo,
enable-heartbeats,
enable-hqinterop,
no-hw,
no-idea,
enable-lms,
no-makedepend,
enable-md2,
no-md4,
no-mdc2,
no-msan,
no-multiblock,
no-nextprotoneg,
no-ocb,
no-pic,
no-poly1305,
no-posix-io,
no-psk,
no-rc2,
enable-rc5,
no-rdrand,
no-rfc3779,
no-ripemd,
no-rmd160,
no-scrypt,
no-secure-memory,
no-seed,
no-shared,
no-siphash,
no-siv,
no-sm2-precomp,
no-sm3,
no-sm4,
no-sock,
no-sse2,
no-ssl,
no-ssl-trace,
enable-ssl3,
enable-ssl3-method,
enable-sslkeylog,
no-shared,
no-tests,
enable-tfo,
no-tls1,
no-tls1_1,
no-tls1_1-method,
no-tls1_2-method,
no-tls1-method,
enable-trace,
no-ubsan,
no-ui-console,
enable-unit-test,
no-uplink,
no-weak-ssl-ciphers,
no-whirlpool,
enable-zlib-dynamic,
-DOPENSSL_PEDANTIC_ZEROIZATION,
-DOPENSSL_PEDANTIC_ZEROIZATION enable-fips,
-DOPENSSL_NO_BUILTIN_OVERFLOW_CHECKING,
-DSSL3_ALIGN_PAYLOAD=4,
-DOPENSSL_TLS_SECURITY_LEVEL=0
]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=clang ./config --strict-warnings --banner=Configured --strict-warnings ${{ matrix.opt }}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
run-checker-sctp:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Install Dependencies for sctp option
run: |
sudo apt-get update
sudo apt-get -yq install lksctp-tools libsctp-dev
- name: Check SCTP and enable auth
id: sctp_auth
continue-on-error: true
run: |
checksctp
sudo sysctl -w net.sctp.auth_enable=1
- name: config
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
run: CC=clang ./config --strict-warnings --banner=Configured enable-sctp
- name: config dump
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
run: ./configdata.pm --dump
- name: make
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
if: steps.sctp_auth.outcome == 'success' && steps.sctp_auth.conclusion == 'success'
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
enable_brotli_dynamic:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: install brotli
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install brotli libbrotli1 libbrotli-dev
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings enable-comp enable-brotli enable-brotli-dynamic && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
enable_zstd_dynamic:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: install zstd
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install zstd libzstd1 libzstd-dev
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings enable-comp enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
enable_brotli_and_zstd_dynamic:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: install brotli and zstd
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install brotli libbrotli1 libbrotli-dev
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install zstd libzstd1 libzstd-dev
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings enable-comp enable-brotli enable-brotli-dynamic enable-zstd enable-zstd-dynamic && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
malloc_failure_testing:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-asan enable-crypto-mdebug enable-allocfail-tests && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
continue-on-error: true
run: |
make TESTS="test_memfail" test
enable_brotli_and_asan_ubsan:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: install brotli
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install brotli libbrotli1 libbrotli-dev
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-brotli -DPEDANTIC && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
enable_zstd_and_asan_ubsan:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- name: install zstd
run: |
sudo apt-get update
sudo apt-get -yq --no-install-suggests --no-install-recommends --allow-unauthenticated --allow-downgrades --allow-remove-essential --allow-change-held-packages install zstd libzstd1 libzstd-dev
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: ./config --strict-warnings --banner=Configured --debug enable-asan enable-ubsan enable-comp enable-zstd -DPEDANTIC && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
enable_tfo:
if: github.repository == 'openssl/openssl'
strategy:
matrix:
os: [ubuntu-latest, macos-15, macos-15-intel]
runs-on: ${{matrix.os}}
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=gcc ./config --strict-warnings --banner=Configured enable-tfo && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: ./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
enable_buildtest:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --strict-warnings --banner=Configured no-asm no-makedepend enable-buildtest-c++ enable-fips -D_DEFAULT_SOURCE && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
memory_sanitizer_slh_dsa:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
# --debug -O1 is to produce a debug build that runs in a reasonable amount of time
run: CC=clang ./config --strict-warnings --banner=Configured --debug no-shared -O1 -fsanitize=memory -DOSSL_SANITIZE_MEMORY -fno-optimize-sibling-calls enable-rc5 enable-md2 enable-ec_nistp_64_gcc_128 enable-fips && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4} OPENSSL_TEST_RAND_ORDER=0
bn_debug:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: config
run: ./config --debug --strict-warnings -DBN_DEBUG --banner=Configured -DOPENSSL_NO_SECURE_MEMORY && perl configdata.pm --dump
- name: make
run: make -j4 # verbose, so no -s here
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: .github/workflows/make-test
- name: save artifacts
if: success() || failure()
uses: actions/upload-artifact@v5
with:
name: "ci@bn_debug"
path: artifacts.tar.gz

113
.github/workflows/run-checker-merge.yml vendored
View File

@@ -1,113 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Run-checker merge
# Jobs run per merge to master
on: [push]
permissions:
contents: read
jobs:
run-checker:
strategy:
fail-fast: false
matrix:
opt: [
enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function,
no-dso,
no-ec2m enable-fips,
no-shared,
no-err,
no-filenames,
enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function,
no-module,
no-ocsp,
no-pinshared,
no-srp,
no-srtp,
no-ts,
no-integrity-only-ciphers,
enable-weak-ssl-ciphers,
enable-zlib,
enable-pie,
]
runs-on: ubuntu-latest
steps:
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: CC=clang ./config --strict-warnings --banner=Configured ${{ matrix.opt }}
- name: config dump
run: ./configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
if [ -x apps/openssl ] ; then ./util/opensslwrap.sh version -c ; fi
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
jitter:
runs-on: ubuntu-latest
steps:
- name: checkout openssl
uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout jitter
uses: actions/checkout@v5
with:
repository: smuellerDD/jitterentropy-library
ref: v3.5.0
path: jitter
persist-credentials: false
- name: build jitter
run: make -C jitter/
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: config
run: ./config --with-rand-seed=none enable-jitter enable-fips-jitter --with-jitter-include=jitter/ --with-jitter-lib=jitter/ -DOPENSSL_DEFAULT_SEED_SRC=JITTER && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test HARNESS_JOBS=${HARNESS_JOBS:-4}
threads_sanitizer_atomic_fallback:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: Adjust ASLR for sanitizer
run: |
sudo cat /proc/sys/vm/mmap_rnd_bits
sudo sysctl -w vm.mmap_rnd_bits=28
- name: config
run: CC=clang ./config --strict-warnings --banner=Configured no-shared no-fips -g -fsanitize=thread -DBROKEN_CLANG_ATOMICS && perl configdata.pm --dump
- name: make
run: make -s -j4
- name: get cpu info
run: |
cat /proc/cpuinfo
./util/opensslwrap.sh version -c
- name: make test
run: make test V=1 TESTS="test_lhash test_threads test_internal_provider test_provfetch test_provider test_pbe test_evp_kdf test_pkcs12 test_store test_evp test_quic*"

203
.github/workflows/run_quic_interop.yml vendored
View File

@@ -1,203 +0,0 @@
name: "Run openssl quic interop testing"
on:
schedule:
- cron: '40 02 * * *'
workflow_dispatch:
inputs:
only_interop:
type: boolean
required: false
default: false
description: "Run only interop jobs (skip building/pushing containers)"
permissions: {}
jobs:
update_quay_container:
if: ${{ github.repository == 'openssl/openssl' && !inputs.only_interop }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: "log in to quay.io"
run: |
docker login -u openssl-ci+machine -p ${{ secrets.QUAY_IO_PASSWORD }} quay.io
- name: "Build container"
run: |
cd test/quic-openssl-docker/
docker build -t quay.io/openssl-ci/openssl-quic-interop:latest .
- name: "Push to quay"
run: |
docker push quay.io/openssl-ci/openssl-quic-interop:latest
update_msquic_quay_container:
if: ${{ github.repository == 'openssl/openssl' && !inputs.only_interop }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
repository: microsoft/msquic
ref: main
submodules: recursive
persist-credentials: false
- name: "log in to quay.io"
run: |
docker login -u openssl-ci+machine -p ${{ secrets.QUAY_IO_PASSWORD }} quay.io
- name: Patch qns.Dockerfile
run: |
sed -i 's/RUN cmake -DQUIC_BUILD_TOOLS=on -DQUIC_ENABLE_LOGGING=on ../RUN cmake -DQUIC_BUILD_TOOLS=on -DQUIC_ENABLE_LOGGING=on -DQUIC_TLS_LIB=openssl ../' ./scripts/qns.Dockerfile
if grep -q "RUN cmake -DQUIC_BUILD_TOOLS=on -DQUIC_ENABLE_LOGGING=on -DQUIC_TLS_LIB=openssl .." ./scripts/qns.Dockerfile; then echo "Patched successfully"; else exit 1; fi
- name: "Build container"
run: |
docker build -f ./scripts/qns.Dockerfile -t quay.io/openssl-ci/msquic-openssl:latest .
- name: "Push to quay"
run: |
docker push quay.io/openssl-ci/msquic-openssl:latest
run_quic_interop_openssl_client:
if: ${{ !inputs.only_interop }}
needs: [update_quay_container, update_msquic_quay_container]
runs-on: ubuntu-latest
strategy:
matrix:
tests: [http3, transfer, handshake, retry, chacha20, resumption, multiplexing, ipv6]
servers: [quic-go, ngtcp2, mvfst, quiche, nginx, msquic, haproxy, msquic-openssl]
exclude:
- servers: msquic
tests: retry
- servers: msquic-openssl
tests: retry
fail-fast: false
steps: &client_steps
- uses: actions/checkout@v5
with:
repository: 'quic-interop/quic-interop-runner'
fetch-depth: 0
persist-credentials: false
- name: Install python requirements
run: |
for i in {1..3}; do pip install -r requirements.txt && break; sleep 10; done
- name: Add tshark repo
run: |
for i in {1..3}; do sudo add-apt-repository ppa:wireshark-dev/stable && break; sleep 10; done
- name: Update apt repos
run: |
for i in {1..3}; do sudo apt-get update && break; sleep 10; done
- name: Install tshark
run: |
for i in {1..3}; do sudo apt-get install -y tshark && break; sleep 10; done
- name: Patch implementations file
run: |
jq '. + {
"openssl": { image: "quay.io/openssl-ci/openssl-quic-interop"
, url: "https://github.com/openssl/openssl"
, role: "both"
},
"msquic-openssl": { image: "quay.io/openssl-ci/msquic-openssl"
, url: "https://github.com/microsoft/msquic"
, role: "both"
}}' ./implementations.json > ./implementations.tmp
mv ./implementations.tmp implementations.json
- name: Set up docker
uses: docker/setup-docker-action@efe9e3891a4f7307e689f2100b33a155b900a608 # v4.5.0
with:
version: "28.1.1"
- name: Set up docker compose
uses: docker/setup-compose-action@364cc21a5de5b1ee4a7f5f9d3fa374ce0ccde746 # v1.2.0
with:
version: "v2.36.2"
- name: Check docker version
run: |
docker version
docker compose version
- name: "Run interop with openssl client"
run: |
python3 ./run.py -c openssl -t ${{ matrix.tests }} -s ${{ matrix.servers }} --log-dir ./logs-client -d
run_quic_interop_openssl_server:
if: ${{ !inputs.only_interop }}
needs: [update_quay_container, update_msquic_quay_container]
runs-on: ubuntu-latest
strategy:
matrix:
tests: [http3, transfer, handshake, retry, chacha20, resumption, amplificationlimit, ipv6]
clients: [quic-go, ngtcp2, mvfst, quiche, msquic, openssl, chrome, msquic-openssl]
exclude:
- clients: mvfst
tests: amplificationlimit
fail-fast: false
steps: &server_steps
- uses: actions/checkout@v5
with:
repository: 'quic-interop/quic-interop-runner'
fetch-depth: 0
persist-credentials: false
- name: Install python requirements
run: |
for i in {1..3}; do pip install -r requirements.txt && break; done
- name: Add tshark repo
run: |
for i in {1..3}; do sudo add-apt-repository ppa:wireshark-dev/stable && break; done
- name: Update apt repos
run: |
for i in {1..3}; do sudo apt-get update && break; done
- name: Install tshark
run: |
for i in {1..3}; do sudo apt-get install -y tshark && break; done
- name: Patch implementations file
run: |
jq '. + {
"openssl": { image: "quay.io/openssl-ci/openssl-quic-interop"
, url: "https://github.com/openssl/openssl"
, role: "both"
},
"msquic-openssl": { image: "quay.io/openssl-ci/msquic-openssl"
, url: "https://github.com/microsoft/msquic"
, role: "both"
}}' ./implementations.json > ./implementations.tmp
mv ./implementations.tmp implementations.json
- name: Set up docker
uses: docker/setup-docker-action@efe9e3891a4f7307e689f2100b33a155b900a608 # v4.5.0
with:
version: "28.1.1"
- name: Set up docker compose
uses: docker/setup-compose-action@364cc21a5de5b1ee4a7f5f9d3fa374ce0ccde746 # v1.2.0
with:
version: "v2.36.2"
- name: Check docker version
run: |
docker version
docker compose version
- name: "Run interop with openssl server"
run: |
python3 ./run.py -s openssl -t "${{ matrix.tests }}" -c "${{ matrix.clients }}" --log-dir ./logs-server -d
run_quic_interop_openssl_client_only:
if: ${{ inputs.only_interop }}
runs-on: ubuntu-latest
strategy:
matrix:
tests: [http3, transfer, handshake, retry, chacha20, resumption, multiplexing, ipv6]
servers: [quic-go, ngtcp2, mvfst, quiche, nginx, msquic, haproxy, msquic-openssl]
exclude:
- servers: msquic
tests: retry
- servers: msquic-openssl
tests: retry
fail-fast: false
steps: *client_steps
run_quic_interop_openssl_server_only:
if: ${{ inputs.only_interop }}
runs-on: ubuntu-latest
strategy:
matrix:
tests: [http3, transfer, handshake, retry, chacha20, resumption, amplificationlimit, ipv6]
clients: [quic-go, ngtcp2, mvfst, quiche, msquic, openssl, chrome, msquic-openssl]
exclude:
- clients: mvfst
tests: amplificationlimit
fail-fast: false
steps: *server_steps

42
.github/workflows/static-analysis-on-prem.yml vendored
View File

@@ -1,42 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Static Analysis On Prem
on:
schedule:
- cron: '25 02 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
coverity-analysis:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
container: quay.io/openssl-ci/coverity-analysis:2024.3.1
steps:
- name: Put license
run: echo ${{ secrets.COVERITY_LICENSE }} | base64 -d > /opt/coverity-analysis/bin/license.dat
- name: Put auth key file
run: |
echo ${{ secrets.COVERITY_AUTH_KEY }} | base64 -d > /auth_key_file.txt
chmod 0600 /auth_key_file.txt
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: Config
run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
- name: Config dump
run: ./configdata.pm --dump
- name: Make
run: cov-build --dir cov-int make -s -j4
- name: Analyze
run: cov-analyze --dir cov-int --strip-path $(pwd)
- name: Commit defects
run: cov-commit-defects --url https://coverity.openssl.org:443 --stream OpenSSL --dir cov-int --auth-key-file /auth_key_file.txt

49
.github/workflows/static-analysis.yml vendored
View File

@@ -1,49 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Static Analysis
#Run once a day
on:
schedule:
- cron: '20 02 * * *'
workflow_dispatch:
permissions:
contents: read
jobs:
coverity:
if: github.repository == 'openssl/openssl'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: tool download
run: |
wget https://scan.coverity.com/download/linux64 \
--post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
--progress=dot:giga -O coverity_tool.tgz
- name: config
run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
- name: config dump
run: ./configdata.pm --dump
- name: tool install
run: tar xzf coverity_tool.tgz
- name: make
run: ./cov-analysis*/bin/cov-build --dir cov-int make -s -j4
- name: archive
run: tar czvf openssl.tgz cov-int
- name: Coverity upload
run: |
curl --form token="${{ secrets.COVERITY_TOKEN }}" \
--form email=openssl-commits@openssl.org \
--form file=@openssl.tgz \
--form version="`date -u -I` `git rev-parse --short HEAD`" \
--form description="analysis of `git branch --show-current`" \
https://scan.coverity.com/builds?project=openssl%2Fopenssl

30
.github/workflows/style-checks.yml vendored
View File

@@ -1,30 +0,0 @@
# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Coding style validation
on: [pull_request]
jobs:
check-style:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v5
- uses: actions/setup-python@v6
- name: "Get changed files"
env:
NUMBER: ${{ github.event.pull_request.number }}
GH_TOKEN: ${{ github.token }}
run: |
{
echo 'CHANGED_FILES<<EOF'
gh pr view $NUMBER --json files --jq '.files.[].path'
echo EOF
} >> "$GITHUB_ENV"
- uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd #v3.0.1
with:
extra_args: "--files $CHANGED_FILES"

222
.github/workflows/windows.yml vendored
View File

@@ -1,222 +0,0 @@
# Copyright 2021-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Windows GitHub CI
on: [pull_request, push]
permissions:
contents: read
jobs:
shared:
# Run a job for each of the specified target architectures:
strategy:
matrix:
platform:
- arch: amd64
os: windows-2022
config: enable-lms enable-fips
vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat
- arch: amd64
os: windows-2025
config: enable-lms enable-fips no-thread-pool no-quic
vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat
- arch: x86
os: windows-2022
config: no-fips enable-lms
vcvars: C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars32.bat
runs-on: ${{ matrix.platform.os }}
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: install nasm
run: |
choco install nasm ${{ matrix.platform.arch == 'x86' && '--x86' || '' }}
"C:\Program Files${{ matrix.platform.arch == 'x86' && ' (x86)' || '' }}\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
- name: prepare the build directory
run: mkdir _build
- name: config
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
perl ..\Configure --banner=Configured --strict-warnings no-makedepend -DOSSL_WINCTX=openssl ${{ matrix.platform.config }}
perl configdata.pm --dump
- name: build
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
nmake /S
- name: download coreinfo
run: |
mkdir _build\coreinfo
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
- name: Gather openssl version info
working-directory: _build
run: |
apps/openssl.exe version -v
apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
- name: Set registry keys
working-directory: _build
run: |
echo ${Env:OSSL_VERSION}
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
- name: get cpu info
working-directory: _build
continue-on-error: true
run: |
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
./apps/openssl.exe version -c
- name: Check platform symbol usage
working-directory: _build
run: perl ../util/checkplatformsyms.pl ../util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll
- name: test
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4
- name: install
# Run on 64 bit only as 32 bit is slow enough already
if: ${{ matrix.platform.arch == 'amd64' }}
working-directory: _build
shell: cmd
run: |
call "${{ matrix.platform.vcvars }}"
mkdir _dest
nmake install DESTDIR=_dest
plain:
runs-on: windows-2022
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: prepare the build directory
run: mkdir _build
- name: config
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
perl ..\Configure --banner=Configured --strict-warnings enable-demos no-makedepend no-shared no-fips enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-trace enable-crypto-mdebug -DOSSL_WINCTX=openssl VC-WIN64A-masm
perl configdata.pm --dump
- name: build
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake /S
- name: download coreinfo
run: |
mkdir _build\coreinfo
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
- name: get cpu info
working-directory: _build
continue-on-error: true
run: |
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
./apps/openssl.exe version -c
- name: test
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake test VERBOSE_FAILURE=yes HARNESS_JOBS=4
minimal:
runs-on: windows-2022
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: prepare the build directory
run: mkdir _build
- name: config
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
perl ..\Configure --banner=Configured --strict-warnings enable-demos no-makedepend no-bulk no-deprecated no-fips no-asm no-threads -DOPENSSL_SMALL_FOOTPRINT -DOSSL_WINCTX=openssl
perl configdata.pm --dump
- name: build
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake
- name: download coreinfo
run: |
mkdir _build\coreinfo
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
- name: get cpu info
working-directory: _build
continue-on-error: true
run: |
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
./apps/openssl.exe version -c
- name: test
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake test VERBOSE_FAILURE=yes TESTS=-test_fuzz* HARNESS_JOBS=4
cygwin:
# Run a job for each of the specified target architectures:
strategy:
matrix:
os:
- windows-2022
platform:
- arch: win64
config: -DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips
# are we really learning sth new from win32? So let's save some CO2 for now disabling this
# - arch: win32
# config: -DCMAKE_C_COMPILER=gcc --strict-warnings no-fips
runs-on: ${{ matrix.os }}
env:
CYGWIN_NOWINPATH: 1
SHELLOPTS: igncr
# Don't overwhelm github CI VMs:
MAKE_PARAMS: -j 4
steps:
# Checkout before cygwin can mess with PATH...
- uses: actions/checkout@v5
with:
persist-credentials: false
- uses: cygwin/cygwin-install-action@f2009323764960f80959895c7bc3bb30210afe4d #v6
with:
packages: perl git make gcc-core
- name: Check repo
run: cygcheck -V
- name: Full cygcheck status
run: cygcheck -s -v -r -h
# Activate this if checkout action fails:
# - name: Clone repo
# run: bash -c "pwd && git clone --branch ${{ github.ref_name }} --depth 1 https://github.com/${{ github.repository }}.git"
- name: Full build
run: bash -c "gcc --version && ./config ${{ matrix.platform.config }} && make $MAKE_PARAMS"
# Disable testing for now. TBD: Need local cygwin installation to debug .
# - name: Run openssl tests
# run: bash -c "cd openssl && make V=1 test"

150
.github/workflows/windows_comp.yml vendored
View File

@@ -1,150 +0,0 @@
# Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Windows Compression GitHub CI
on:
pull_request:
paths:
- 'crypto/comp/*.c'
- '.github/workflows/windows_comp.yml'
push:
paths:
- '**.c'
permissions:
contents: read
jobs:
zstd:
runs-on: windows-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: install nasm
run: |
choco install nasm
"C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
- name: prepare the build directory
run: mkdir _build
- name: Get zstd
run: |
vcpkg install zstd:x64-windows
"C:\vcpkg\packages\zstd_x64-windows\bin" | Out-File -FilePath "$env:GITHUB_PATH" -Append
- name: config
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
perl ..\Configure --strict-warnings enable-comp enable-zstd --with-zstd-include=C:\vcpkg\packages\zstd_x64-windows\include --with-zstd-lib=C:\vcpkg\packages\zstd_x64-windows\lib\zstd.lib no-makedepend -DOSSL_WINCTX=openssl VC-WIN64A
perl configdata.pm --dump
- name: build
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake
- name: Gather openssl version info
working-directory: _build
run: |
apps/openssl.exe version -v
apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
- name: Set registry keys
working-directory: _build
run: |
echo ${Env:OSSL_VERSION}
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
- name: download coreinfo
run: |
mkdir _build\coreinfo
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
- name: get cpu info
working-directory: _build
continue-on-error: true
run: |
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
./apps/openssl.exe version -c
- name: Check platform symbol usage
run: |
perl ./util/checkplatformsyms.pl ./util/platform_symbols/windows-symbols.txt libcrypto-3-x64.dll ./libssl-3-x64.dll
- name: test
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake test VERBOSE_FAILURE=yes TESTS="-test_fuzz* -test_fipsload" HARNESS_JOBS=4
brotli:
runs-on: windows-latest
steps:
- uses: actions/checkout@v5
with:
persist-credentials: false
- name: checkout fuzz/corpora submodule
run: git submodule update --init --depth 1 fuzz/corpora
- name: install nasm
run: |
choco install nasm
"C:\Program Files\NASM" | Out-File -FilePath "$env:GITHUB_PATH" -Append
- name: prepare the build directory
run: mkdir _build
- name: Get brotli
run: |
vcpkg install brotli:x64-windows
"C:\vcpkg\packages\brotli_x64-windows\bin" | Out-File -FilePath "$env:GITHUB_PATH" -Append
- name: config
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
perl ..\Configure --strict-warnings enable-comp enable-brotli --with-brotli-include=C:\vcpkg\packages\brotli_x64-windows\include --with-brotli-lib=C:\vcpkg\packages\brotli_x64-windows\lib no-makedepend -DOSSL_WINCTX=openssl VC-WIN64A
perl configdata.pm --dump
- name: build
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake
- name: Gather openssl version info
working-directory: _build
run: |
apps/openssl.exe version -v
apps/openssl.exe version -v | %{($_ -split '\s+')[1]}
apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'}
echo "OSSL_VERSION=$(apps/openssl.exe version -v | %{($_ -split '\s+')[1] -replace '([0-9]+\.[0-9]+)(\..*)','$1'})" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf8 -Append
- name: Set registry keys
working-directory: _build
run: |
echo ${Env:OSSL_VERSION}
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe add HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v MODULESDIR /t REG_EXPAND_SZ /d TESTOPENSSLDIR /reg:32
reg.exe query HKLM\SOFTWARE\OpenSSL-${Env:OSSL_VERSION}-openssl /v OPENSSLDIR /reg:32
- name: download coreinfo
run: |
mkdir _build\coreinfo
Invoke-WebRequest -Uri "https://download.sysinternals.com/files/Coreinfo.zip" -outfile "_build\coreinfo\Coreinfo.zip"
- name: get cpu info
working-directory: _build
continue-on-error: true
run: |
7z.exe x coreinfo/Coreinfo.zip
./Coreinfo64.exe -accepteula -f
./apps/openssl.exe version -c
- name: test
working-directory: _build
shell: cmd
run: |
call "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\VC\Auxiliary\Build\vcvars64.bat"
nmake test VERBOSE_FAILURE=yes TESTS="-test_fuzz* -test_fipsload" HARNESS_JOBS=4

285
.gitignore vendored
View File

@@ -2,24 +2,21 @@
/.dir-locals.el
# Top level excludes
/Makefile.in
/Makefile
/Makefile.orig
/MINFO
/TABLE
/*.pc
/rehash.time
/inc.*
/makefile.*
/out.*
/tmp.*
/configdata.pm
/builddata.pm
/installdata.pm
# Exporters
/*.pc
/OpenSSLConfig*.cmake
/exporters/*.pc
/exporters/OpenSSLConfig*.cmake
# *all* Makefiles
Makefile
# ... except in demos
!/demos/*/Makefile
# Links under apps
/apps/CA.pl
@@ -29,158 +26,9 @@
# Auto generated headers
/crypto/buildinf.h
/include/crypto/*_conf.h
/include/openssl/asn1.h
/include/openssl/asn1t.h
/include/openssl/bio.h
/include/openssl/cmp.h
/include/openssl/cms.h
/include/openssl/comp.h
/include/openssl/conf.h
/include/openssl/configuration.h
/include/openssl/crmf.h
/include/openssl/crypto.h
/include/openssl/ct.h
/include/openssl/err.h
/include/openssl/ess.h
/include/openssl/fipskey.h
/include/openssl/lhash.h
/include/openssl/ocsp.h
/include/openssl/opensslv.h
/include/openssl/pkcs12.h
/include/openssl/pkcs7.h
/include/openssl/safestack.h
/include/openssl/srp.h
/include/openssl/ssl.h
/include/openssl/ui.h
/include/openssl/x509.h
/include/openssl/x509v3.h
/include/openssl/x509_acert.h
/include/openssl/x509_vfy.h
/include/openssl/core_names.h
# Auto generated parameter name files
/crypto/params_idx.c
# Auto generated doc files
doc/man1/openssl-*.pod
# Auto generated der files
providers/common/der/der_slh_dsa_gen.c
providers/common/der/der_digests_gen.c
providers/common/der/der_dsa_gen.c
providers/common/der/der_ec_gen.c
providers/common/der/der_ecx_gen.c
providers/common/der/der_rsa_gen.c
providers/common/der/der_wrap_gen.c
providers/common/der/der_sm2_gen.c
providers/common/der/der_ml_dsa_gen.c
providers/common/der/der_hkdf_gen.c
providers/common/include/prov/der_slh_dsa.h
providers/common/include/prov/der_dsa.h
providers/common/include/prov/der_ec.h
providers/common/include/prov/der_ecx.h
providers/common/include/prov/der_rsa.h
providers/common/include/prov/der_digests.h
providers/common/include/prov/der_wrap.h
providers/common/include/prov/der_sm2.h
providers/common/include/prov/der_ml_dsa.h
providers/common/include/prov/der_hkdf.h
providers/implementations/asymciphers/rsa_enc.inc
providers/implementations/asymciphers/sm2_enc.inc
providers/implementations/exchange/dh_exch.inc
providers/implementations/exchange/ecdh_exch.inc
providers/implementations/exchange/ecx_exch.inc
providers/implementations/encode_decode/decode_der2key.inc
providers/implementations/encode_decode/decode_epki2pki.inc
providers/implementations/encode_decode/decode_pem2der.inc
providers/implementations/encode_decode/decode_pvk2key.inc
providers/implementations/encode_decode/decode_spki2typespki.inc
providers/implementations/encode_decode/encode_key2any.inc
providers/implementations/encode_decode/encode_key2ms.inc
providers/implementations/kdfs/argon2.inc
providers/implementations/kdfs/hkdf.inc
providers/implementations/kdfs/hmacdrbg_kdf.inc
providers/implementations/kdfs/kbkdf.inc
providers/implementations/kdfs/krb5kdf.inc
providers/implementations/kdfs/pbkdf1.inc
providers/implementations/kdfs/pbkdf2.inc
providers/implementations/kdfs/pkcs12kdf.inc
providers/implementations/kdfs/pvkkdf.inc
providers/implementations/kdfs/scrypt.inc
providers/implementations/kdfs/sshkdf.inc
providers/implementations/kdfs/sskdf.inc
providers/implementations/kdfs/tls1_prf.inc
providers/implementations/kdfs/x942kdf.inc
providers/implementations/kem/ec_kem.inc
providers/implementations/kem/ecx_kem.inc
providers/implementations/kem/ml_kem_kem.inc
providers/implementations/kem/rsa_kem.inc
providers/implementations/keymgmt/ml_dsa_kmgmt.inc
providers/implementations/keymgmt/ml_kem_kmgmt.inc
providers/implementations/keymgmt/mlx_kmgmt.inc
providers/implementations/signature/dsa_sig.inc
providers/implementations/signature/ecdsa_sig.inc
providers/implementations/keymgmt/dh_kmgmt.inc
providers/implementations/keymgmt/dsa_kmgmt.inc
providers/implementations/keymgmt/ecx_kmgmt.inc
providers/implementations/keymgmt/lms_kmgmt.inc
providers/implementations/keymgmt/mac_legacy_kmgmt.inc
providers/implementations/keymgmt/ml_dsa_kmgmt.inc
providers/implementations/keymgmt/ml_kem_kmgmt.inc
providers/implementations/keymgmt/mlx_kmgmt.inc
providers/implementations/keymgmt/slh_dsa_kmgmt.inc
providers/implementations/keymgmt/template_kmgmt.inc
providers/implementations/signature/eddsa_sig.inc
providers/implementations/signature/ml_dsa_sig.inc
providers/implementations/signature/rsa_sig.inc
providers/implementations/signature/slh_dsa_sig.inc
providers/implementations/signature/sm2_sig.inc
providers/implementations/skeymgmt/generic.inc
providers/implementations/storemgmt/file_store_any2obj.inc
providers/implementations/storemgmt/file_store.inc
providers/implementations/storemgmt/winstore_store.inc
providers/implementations/ciphers/cipher_aes_cbc_hmac_sha.inc
providers/implementations/ciphers/cipher_aes_cbc_hmac_sha_etm.inc
providers/implementations/ciphers/cipher_aes_gcm_siv.inc
providers/implementations/ciphers/cipher_aes_ocb.inc
providers/implementations/ciphers/cipher_aes_siv.inc
providers/implementations/ciphers/cipher_aes_wrp.inc
providers/implementations/ciphers/cipher_aes_xts.inc
providers/implementations/ciphers/ciphercommon.inc
providers/implementations/ciphers/ciphercommon_ccm.inc
providers/implementations/ciphers/ciphercommon_gcm.inc
providers/implementations/ciphers/cipher_chacha20.inc
providers/implementations/ciphers/cipher_chacha20_poly1305.inc
providers/implementations/ciphers/cipher_null.inc
providers/implementations/ciphers/cipher_rc4_hmac_md5.inc
providers/implementations/ciphers/cipher_sm2_xts.c
providers/implementations/ciphers/cipher_sm4_xts.inc
providers/implementations/digests/blake2_prov.inc
providers/implementations/digests/digestcommon.inc
providers/implementations/digests/mdc2_prov.inc
providers/implementations/digests/sha3_prov.inc
providers/implementations/include/prov/blake2_params.inc
providers/implementations/macs/cmac_prov.inc
providers/implementations/macs/gmac_prov.inc
providers/implementations/macs/hmac_prov.inc
providers/implementations/macs/kmac_prov.inc
providers/implementations/macs/poly1305_prov.inc
providers/implementations/macs/siphash_prov.inc
providers/implementations/rands/drbg_ctr.inc
providers/implementations/rands/drbg_hash.inc
providers/implementations/rands/drbg_hmac.inc
providers/implementations/rands/fips_crng_test.inc
providers/implementations/rands/seed_src.inc
providers/implementations/rands/seed_src_jitter.inc
providers/implementations/rands/test_rng.inc
# error code files
/crypto/err/openssl.txt.old
/engines/e_afalg.txt.old
/engines/e_capi.txt.old
/engines/e_dasync.txt.old
/engines/e_ossltest.txt.old
/crypto/include/internal/*_conf.h
/openssl/include/opensslconf.h
/util/domd
# Executables
/apps/openssl
@@ -201,91 +49,16 @@ providers/implementations/rands/test_rng.inc
/test/ssltest_old
/test/x509aux
/test/v3ext
/test/versions
/test/ossl_shim/ossl_shim
/test/rsa_complex
/test/confdump
/test/bio_prefix_text
/test/evp_extra_test2
/test/evp_pkey_ctx_new_from_name
/test/threadstest_fips
/test/timing_load_creds
# Demo applications
/demos/bio/client-arg
/demos/bio/client-conf
/demos/bio/saccept
/demos/bio/sconnect
/demos/bio/server-arg
/demos/bio/server-cmod
/demos/bio/server-conf
/demos/cipher/aesccm
/demos/cipher/aesgcm
/demos/cipher/aeskeywrap
/demos/cipher/ariacbc
/demos/cms/cms_comp
/demos/cms/cms_ddec
/demos/cms/cms_dec
/demos/cms/cms_denc
/demos/cms/cms_enc
/demos/cms/cms_sign
/demos/cms/cms_sign2
/demos/cms/cms_uncomp
/demos/cms/cms_ver
/demos/digest/BIO_f_md
/demos/digest/EVP_MD_demo
/demos/digest/EVP_MD_stdin
/demos/digest/EVP_MD_xof
/demos/encode/ec_encode
/demos/encode/rsa_encode
/demos/encrypt/rsa_encrypt
/demos/guide/quic-client-block
/demos/guide/quic-client-non-block
/demos/guide/quic-hq-interop
/demos/guide/quic-multi-stream
/demos/guide/quic-server-block
/demos/guide/quic-server-non-block
/demos/guide/tls-client-block
/demos/guide/tls-client-non-block
/demos/http3/libnghttp3.pc
/demos/http3/nghttp3/
/demos/http3/ossl-nghttp3-demo
/demos/http3/ossl-nghttp3-demo-server
/demos/kdf/argon2
/demos/kdf/hkdf
/demos/kdf/pbkdf2
/demos/kdf/scrypt
/demos/keyexch/x25519
/demos/mac/cmac-aes256
/demos/mac/gmac
/demos/mac/hmac-sha512
/demos/mac/poly1305
/demos/pkey/EVP_PKEY_DSA_keygen
/demos/pkey/EVP_PKEY_DSA_paramfromdata
/demos/pkey/EVP_PKEY_DSA_paramgen
/demos/pkey/EVP_PKEY_DSA_paramvalidate
/demos/pkey/EVP_PKEY_EC_keygen
/demos/pkey/EVP_PKEY_RSA_keygen
/demos/quic/server/server
/demos/quic/poll-server/quic-server-ssl-poll-http
/demos/signature/EVP_DSA_Signature_demo
/demos/signature/EVP_EC_Signature_demo
/demos/signature/EVP_ED_Signature_demo
/demos/signature/rsa_pss_direct
/demos/signature/rsa_pss_hash
/demos/smime/smdec
/demos/smime/smenc
/demos/smime/smsign
/demos/smime/smsign2
/demos/smime/smver
/demos/sslecho/sslecho
# Certain files that get created by tests on the fly
/test-runs
/test/*.ss
/test/*.srl
/test/.rnd
/test/test*.pem
/test/newkey.pem
/test/*.log
/test/buildtest_*
/test/provider_internal_test.cnf
/test/fipsmodule.cnf
/providers/fipsmodule.cnf
# Fuzz stuff.
# Anything without an extension is an executable on Unix, so we keep files
@@ -298,20 +71,14 @@ providers/implementations/rands/test_rng.inc
!/fuzz/*.*
# Misc auto generated files
/doc/man7/openssl_user_macros.pod
/include/openssl/opensslconf.h
/tools/c_rehash
/tools/c_rehash.pl
/util/shlib_wrap.sh
/util/wrap.pl
/tags
/TAGS
*.map
*.ld
/apps/progs.c
/apps/progs.h
# macOS
.DS_Store
/crypto.map
/ssl.map
# Windows (legacy)
/tmp32
@@ -324,6 +91,7 @@ providers/implementations/rands/test_rng.inc
/out32dll.dbg
/inc32
/MINFO
/ms/.rnd
/ms/bcb.mak
/ms/libeay32.def
/ms/nt.mak
@@ -333,6 +101,7 @@ providers/implementations/rands/test_rng.inc
# Files created on other branches that are not held in git, and are not
# needed on this branch
/include/openssl/asn1_mac.h
/include/openssl/des_old.h
/include/openssl/fips.h
/include/openssl/fips_rand.h
@@ -356,15 +125,11 @@ providers/implementations/rands/test_rng.inc
/test/fips_test_suite.c
/test/shatest.c
# Generated docs directories
/doc/html
/doc/man
##### Generic patterns
# Auto generated assembly language source files
*.s
!/crypto/*/asm/*.s
/crypto/*.S
/crypto/arm*.S
/crypto/*/*.S
*.asm
!/crypto/*/asm/*.asm
@@ -395,7 +160,6 @@ providers/implementations/rands/test_rng.inc
*.exp
*.lib
*.pdb
*.tds
*.ilk
*.def
*.rc
@@ -409,15 +173,8 @@ Makefile.save
*.bak
cscope.*
*.d
!.ctags.d
*.d.tmp
pod2htmd.tmp
MAKE0[0-9][0-9][0-9].@@@
# Windows manifest files
*.manifest
doc-nits
# LSP (Language Server Protocol) support
.cache/
compile_commands.json

34
.gitmodules vendored
View File

@@ -1,3 +1,7 @@
[submodule "boringssl"]
path = boringssl
url = https://boringssl.googlesource.com/boringssl
[submodule "pyca.cryptography"]
path = pyca-cryptography
url = https://github.com/pyca/cryptography.git
@@ -5,33 +9,3 @@
[submodule "krb5"]
path = krb5
url = https://github.com/krb5/krb5
[submodule "gost-engine"]
path = gost-engine
url = https://github.com/gost-engine/engine
update = rebase
[submodule "wycheproof"]
path = wycheproof
url = https://github.com/google/wycheproof
[submodule "tlsfuzzer"]
path = tlsfuzzer
url = https://github.com/tlsfuzzer/tlsfuzzer
[submodule "python-ecdsa"]
path = python-ecdsa
url = https://github.com/tlsfuzzer/python-ecdsa
[submodule "tlslite-ng"]
path = tlslite-ng
url = https://github.com/tlsfuzzer/tlslite-ng
[submodule "oqs-provider"]
path = oqs-provider
url = https://github.com/open-quantum-safe/oqs-provider.git
[submodule "cloudflare-quiche"]
path = cloudflare-quiche
url = https://github.com/cloudflare/quiche
[submodule "fuzz/corpora"]
path = fuzz/corpora
url = https://github.com/openssl/fuzz-corpora
branch = main
[submodule "pkcs11-provider"]
path = pkcs11-provider
url = https://github.com/latchset/pkcs11-provider.git

13
.pre-commit-config.yaml
View File

@@ -1,13 +0,0 @@
repos:
- repo: "https://github.com/codespell-project/codespell"
rev: "v2.4.1"
hooks:
- id: "codespell"
args: ["--config=.codespellrc"]
- repo: "https://github.com/pre-commit/mirrors-clang-format"
rev: "v21.1.6"
hooks:
- id: "clang-format"
types_or: []
files: '\.c\.in$|\.h\.in$|\.c$|\.h$'
args: ["--style=file"]

11
.travis-create-release.sh Normal file
View File

@@ -0,0 +1,11 @@
#! /bin/sh
# $1 is expected to be $TRAVIS_OS_NAME
./Configure dist
if [ "$1" == osx ]; then
make NAME='_srcdist' TARFILE='_srcdist.tar' \
TAR_COMMAND='$(TAR) $(TARFLAGS) -cvf -' tar
else
make TARFILE='_srcdist.tar' NAME='_srcdist' dist
fi

219
.travis.yml Normal file
View File

@@ -0,0 +1,219 @@
dist: trusty
sudo: required
language: c
cache: ccache
git:
submodules: false
before_install:
- if [ -n "$COVERALLS" ]; then
pip install --user cpp-coveralls;
fi;
- if expr "$CONFIG_OPTS" ":" ".*enable-external-tests" > /dev/null; then
git submodule update --init --recursive;
fi;
addons:
apt:
packages:
- ccache
- golang-1.6
os:
- linux
compiler:
- clang
- gcc
env:
- CONFIG_OPTS="" DESTDIR="_install" TESTS="-test_fuzz"
- CONFIG_OPTS="no-asm -Werror --debug no-afalgeng no-shared enable-crypto-mdebug enable-rc5 enable-md2 enable-aria" TESTS="-test_fuzz"
- CONFIG_OPTS="no-asm --strict-warnings" BUILDONLY="yes" CHECKDOCS="yes"
matrix:
include:
- os: linux
addons:
apt:
packages:
- gcc-5
- g++-5
sources:
- ubuntu-toolchain-r-test
compiler: gcc-5
env: CONFIG_OPTS="--strict-warnings enable-tls1_3" TESTS="-test_fuzz" COMMENT="Move to the BORINGTEST build when interoperable"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: CONFIG_OPTS="--strict-warnings no-deprecated" BUILDONLY="yes"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: i686-w64-mingw32-gcc
env: CONFIG_OPTS="no-stdio" BUILDONLY="yes"
- os: linux
addons:
apt:
packages:
- gcc-5
- g++-5
sources:
- ubuntu-toolchain-r-test
compiler: gcc-5
env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug --coverage no-asm enable-rc5 enable-md2 enable-aria enable-ec_nistp_64_gcc_128 enable-ssl3 enable-ssl3-method enable-nextprotoneg enable-weak-ssl-ciphers no-shared -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION" COVERALLS="yes" BORINGSSL_TESTS="yes" CXX="g++-5"
- os: linux
addons:
apt:
packages:
- gcc-5
- g++-5
sources:
- ubuntu-toolchain-r-test
compiler: gcc-5
env: EXTENDED_TEST="yes" CONFIG_OPTS="--debug enable-ssl3 enable-ssl3-method enable-weak-ssl-ciphers enable-external-tests" BORINGSSL_TESTS="yes" CXX="g++-5" TESTS=95
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: EXTENDED_TEST="yes" CONFIG_OPTS="enable-msan"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-aria enable-ssl3 enable-ssl3-method enable-nextprotoneg -fno-sanitize=alignment no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"
- os: linux
addons:
apt:
packages:
- clang-3.9
sources:
- llvm-toolchain-trusty-3.9
- ubuntu-toolchain-r-test
compiler: clang-3.9
env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-asan enable-rc5 enable-md2 enable-aria no-shared -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION"
- os: linux
addons:
apt:
packages:
- gcc-5
- g++-5
sources:
- ubuntu-toolchain-r-test
compiler: gcc-5
env: EXTENDED_TEST="yes" CONFIG_OPTS="no-asm enable-ubsan enable-rc5 enable-md2 enable-aria -DPEDANTIC"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: i686-w64-mingw32-gcc
env: EXTENDED_TEST="yes" CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
- os: linux
addons:
apt:
packages:
- binutils-mingw-w64
- gcc-mingw-w64
compiler: x86_64-w64-mingw32-gcc
env: EXTENDED_TEST="yes" CONFIG_OPTS="no-pic" TESTS="-test_fuzz"
exclude:
- os: linux
compiler: clang
- os: osx
compiler: gcc
before_script:
- env
- if [ "$TRAVIS_PULL_REQUEST" != "false" -a -n "$EXTENDED_TEST" ]; then
(git log -1 $TRAVIS_COMMIT_RANGE | grep '\[extended tests\]' > /dev/null) || exit 0;
fi
- if [ -n "$DESTDIR" ]; then
sh .travis-create-release.sh $TRAVIS_OS_NAME;
tar -xvzf _srcdist.tar.gz;
mkdir _build;
cd _build;
srcdir=../_srcdist;
top=..;
else
srcdir=.;
top=.;
fi
- if [ "$CC" == i686-w64-mingw32-gcc ]; then
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw $CONFIG_OPTS -Wno-pedantic-ms-format;
elif [ "$CC" == x86_64-w64-mingw32-gcc ]; then
export CROSS_COMPILE=${CC%%gcc}; unset CC;
$srcdir/Configure mingw64 $CONFIG_OPTS -Wno-pedantic-ms-format;
else
if which ccache >/dev/null && [ "$CC" != clang-3.9 ]; then
CC="ccache $CC";
fi;
$srcdir/config -v $CONFIG_OPTS;
fi
- cd $top
script:
- if [ -z "$BUILDONLY" ]; then
make="make -s";
else
make="make";
fi
- top=${PWD}
- if [ -n "$DESTDIR" ]; then
cd _build;
fi
- $make update
- if [ -n "$CHECKDOCS" ]; then
$make doc-nits;
fi
- $make
- if [ -z "$BUILDONLY" ]; then
if [ -n "$CROSS_COMPILE" ]; then
sudo dpkg --add-architecture i386;
sudo apt-get update;
sudo apt-get -yq --no-install-suggests --no-install-recommends --force-yes install wine;
export EXE_SHELL="wine" WINEPREFIX=`pwd`;
fi;
if [ -e krb5/src ]; then
sudo apt-get -yq install bison dejagnu gettext keyutils ldap-utils libldap2-dev libkeyutils-dev python-cjson python-paste python-pyrad slapd tcl-dev tcsh;
fi;
HARNESS_VERBOSE=yes BORING_RUNNER_DIR=$top/boringssl/ssl/test/runner make test;
else
$make build_tests;
fi
- if [ -n "$DESTDIR" ]; then
mkdir "$top/$DESTDIR";
$make install install_docs DESTDIR="$top/$DESTDIR";
fi
- cd $top
after_success:
- if [ -n "$COVERALLS" ]; then
coveralls -b . --gcov gcov-5 --gcov-options '\-lp';
fi;
notifications:
email:
secure: "xeGNgWO7aoaDgRvcZubposqMsj36aU8c6F0oHfw+rUqltCQ14IgYCUwzocmR2O+Pa7B3Cx5VjMfBFHbQaajZsfod8vu7g+aGq/zkjwbhsr/SR4dljJjFJXLGZjIalm9KgP6KInmVDuINfCqP+MHIY5lZkNI7DMcyHDhVc5nSKvCXV7xTDNgmstvh8rB/z51WfHDqGqfBtiuK5FDNxmvYK8OFJ5W94Lu9LDlizcxwK3GAj7arOui7Z5w8bQ6p4seUE3IvJL1Zbj0pZHxvNb6Zeb2Pn8QF1qLlN8YmBktD4aiw0ce4wYRiL87uLgcOxZY7SVXtv2XYFIYWapU/FKjCqa6vK93V/H9eZWEIYNMKnN3wXm2beqVdnKek3OeGJ8v0y7MbSfuLfRtBqbTSNYnpU1Zuo4MQAvHvEPuwCAYkYQajOSRplMH5sULFKptuVqNtOMfjL8jHb8AEoL1acYIk43ydxeYrzzas4fqgCDJ52573/u0RNdF1lkQBLkuM365OB8VRqtpnoxcdEIY/qBc/8TzZ24fxyrs5qdHFcxGSgpN2EP6cJMqpvkemnCNSdhxUqfzm22N7a3O8+4LFSBGOnHto/PwdsvF/01yGYL0LoZTnoO1i6x7AMJPBh+eyDU0ZjGhj/msjmqeb9C8vRqQ+1WjHrIS1iqCD0Czib8tUPD4="

2
ACKNOWLEDGEMENTS Normal file
View File

@@ -0,0 +1,2 @@
Please https://www.openssl.org/community/thanks.html for the current
acknowledgements.

6
ACKNOWLEDGEMENTS.md
View File

@@ -1,6 +0,0 @@
Acknowledgements
================
Please see our [Thanks!][] page for the current acknowledgements.
[Thanks!]: https://www.openssl.org/community/thanks.html

21
AUTHORS Normal file
View File

@@ -0,0 +1,21 @@
Andy Polyakov
Ben Laurie
Bodo Möller
Emilia Käsper
Eric Young
Geoff Thorpe
Holger Reif
Kurt Roeckx
Lutz Jänicke
Mark J. Cox
Matt Caswell
Nils Larsch
Paul C. Sutton
Ralf S. Engelschall
Rich Salz
Richard Levitte
Stephen Henson
Steve Marquess
Tim Hudson
Ulf Möller
Viktor Dukhovni

53
AUTHORS.md
View File

@@ -1,53 +0,0 @@
Authors
=======
This is the list of OpenSSL authors for copyright purposes.
It does not necessarily list everyone who has contributed code,
since in some cases, their employer may be the copyright holder.
To see the full list of contributors, see the revision history in
source control.
Groups
------
* OpenSSL Software Services, Inc.
* OpenSSL Software Foundation, Inc.
* Google LLC
Individuals
-----------
* Andy Polyakov
* Ben Laurie
* Ben Kaduk
* Bernd Edlinger
* Bodo Möller
* David Benjamin
* David von Oheimb
* Dmitry Belyavskiy (Дмитрий Белявский)
* Emilia Käsper
* Eric Young
* Geoff Thorpe
* Holger Reif
* Kurt Roeckx
* Lutz Jänicke
* Mark J. Cox
* Matt Caswell
* Matthias St. Pierre
* Nicola Tuveri
* Nils Larsch
* Patrick Steuer
* Paul Dale
* Paul C. Sutton
* Paul Yang
* Ralf S. Engelschall
* Rich Salz
* Richard Levitte
* Shane Lontis
* Stephen Henson
* Steve Marquess
* Tim Hudson
* Tomáš Mráz
* Ulf Möller
* Valerii Krygin
* Viktor Dukhovni

12525
CHANGES Normal file
View File

File diff suppressed because it is too large Load Diff

21851
CHANGES.md
View File

File diff suppressed because it is too large Load Diff

6
CODE-OF-CONDUCT.md
View File

@@ -1,6 +0,0 @@
Code of Conduct
===============
The OpenSSL [Code of Conduct] is published on the project's website.
[Code of Conduct]: https://www.openssl.org/community/conduct.html

54
CONTRIBUTING Normal file
View File

@@ -0,0 +1,54 @@
HOW TO CONTRIBUTE PATCHES TO OpenSSL
------------------------------------
(Please visit https://www.openssl.org/community/getting-started.html for
other ideas about how to contribute.)
Development is coordinated on the openssl-dev mailing list (see the
above link or https://mta.openssl.org for information on subscribing).
If you are unsure as to whether a feature will be useful for the general
OpenSSL community you might want to discuss it on the openssl-dev mailing
list first. Someone may be already working on the same thing or there
may be a good reason as to why that feature isn't implemented.
To submit a patch, make a pull request on GitHub. If you think the patch
could use feedback from the community, please start a thread on openssl-dev
to discuss it.
Having addressed the following items before the PR will help make the
acceptance and review process faster:
1. Anything other than trivial contributions will require a contributor
licensing agreement, giving us permission to use your code. See
https://www.openssl.org/policies/cla.html for details.
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
year(s) updated):
Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
Licensed under the OpenSSL license (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
https://www.openssl.org/source/license.html
3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits; You will be asked to remove
them before a patch is considered acceptable.
4. Patches should follow our coding style (see
https://www.openssl.org/policies/codingstyle.html) and compile without
warnings. Where gcc or clang is available you should use the
--strict-warnings Configure option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
Clean builds via Travis and AppVeyor are expected, and done whenever
a PR is created or updated.
5. When at all possible, patches should include tests. These can
either be added to an existing test, or completely new. Please see
test/README for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the "pod" files in doc/man[1357]
for examples of our style.

112
CONTRIBUTING.md
View File

@@ -1,112 +0,0 @@
HOW TO CONTRIBUTE TO OpenSSL
============================
Please visit our [Getting Started] page for other ideas about how to contribute.
[Getting Started]: <https://openssl-library.org/community/getting-started>
Development is done on GitHub in the [openssl/openssl] repository.
[openssl/openssl]: <https://github.com/openssl/openssl>
To request a new feature, ask a question, or report a bug,
please open an [issue on GitHub](https://github.com/openssl/openssl/issues).
To submit a patch or implement a new feature, please open a
[pull request on GitHub](https://github.com/openssl/openssl/pulls).
If you are thinking of making a large contribution,
open an issue for it before starting work, to get comments from the community.
Someone may be already working on the same thing,
or there may be special reasons why a feature is not implemented.
Similarly, if you plan to submit many pull requests, please start with
a representative sample (no more than 3 or 4) and open an issue
explaining your process. The OpenSSL project has limited resources,
especially when it comes to reviewers, so we appreciate advanced
communication before submitting many pull requests. In addition,
contributors should personally evaluate potential patches generated by
automated tools.
To make it easier to review and accept your pull request, please follow these
guidelines:
1. Anything other than a trivial contribution requires a [Contributor
License Agreement] (CLA), giving us permission to use your code.
If your contribution is too small to require a CLA (e.g., fixing a spelling
mistake), then place the text "`CLA: trivial`" on a line by itself below
the rest of your commit message separated by an empty line, like this:
```
One-line summary of trivial change
Optional main body of commit message. It might contain a sentence
or two explaining the trivial change.
CLA: trivial
```
It is not sufficient to only place the text "`CLA: trivial`" in the GitHub
pull request description.
[Contributor License Agreement]: <https://www.openssl.org/policies/cla.html>
To amend a missing "`CLA: trivial`" line after submission, do the following:
```
git commit --amend
# add the line, save and quit the editor
git push -f [<repository> [<branch>]]
```
2. All source files should start with the following text (with
appropriate comment characters at the start of each line and the
year(s) updated):
```
Copyright 20xx-20yy The OpenSSL Project Authors. All Rights Reserved.
Licensed under the Apache License 2.0 (the "License"). You may not use
this file except in compliance with the License. You can obtain a copy
in the file LICENSE in the source distribution or at
https://www.openssl.org/source/license.html
```
3. Patches should be as current as possible; expect to have to rebase
often. We do not accept merge commits, you will have to remove them
(usually by rebasing) before it will be acceptable.
4. Code provided should follow our [coding style] and [documentation policy]
and compile without warnings.
There is a [Perl tool](util/check-format.pl) that helps
finding code formatting mistakes and other coding style nits.
Where `gcc` or `clang` is available, you should use the
`--strict-warnings` `Configure` option. OpenSSL compiles on many varied
platforms: try to ensure you only use portable features.
Clean builds via GitHub Actions are required. They are started automatically
whenever a PR is created or updated by committers.
[coding style]: https://openssl-library.org/policies/technical/coding-style/
[documentation policy]: https://openssl-library.org/policies/technical/documentation-policy/
5. When at all possible, code contributions should include tests. These can
either be added to an existing test, or completely new. Please see
[test/README.md](test/README.md) for information on the test framework.
6. New features or changed functionality must include
documentation. Please look at the `.pod` files in `doc/man[1357]` for
examples of our style. Run `make doc-nits` to make sure that your
documentation changes are clean.
7. For user visible changes (API changes, behaviour changes, ...),
consider adding a note in [CHANGES.md](CHANGES.md).
This could be a summarising description of the change, and could
explain the grander details.
Have a look through existing entries for inspiration.
Please note that this is NOT simply a copy of git-log one-liners.
Also note that security fixes get an entry in [CHANGES.md](CHANGES.md).
This file helps users get more in-depth information of what comes
with a specific release without having to sift through the higher
noise ratio in git-log.
8. Guidelines on how to integrate error output of new crypto library modules
can be found in [crypto/err/README.md](crypto/err/README.md).

361
Configurations/00-base-templates.conf
View File

@@ -1,202 +1,295 @@
# -*- Mode: perl -*-
my %targets=(
%targets=(
DEFAULTS => {
template => 1,
cflags => "",
cppflags => "",
lflags => "",
defines => [],
includes => [],
lib_cflags => "",
lib_cppflags => "",
lib_defines => [],
thread_scheme => "(unknown)", # Assume we don't know
thread_defines => [],
apps_aux_src => "",
cpuid_asm_src => "mem_clr.c",
uplink_aux_src => "",
bn_asm_src => "bn_asm.c",
ec_asm_src => "",
des_asm_src => "des_enc.c fcrypt_b.c",
aes_asm_src => "aes_core.c aes_cbc.c",
bf_asm_src => "bf_enc.c",
md5_asm_src => "",
cast_asm_src => "c_enc.c",
rc4_asm_src => "rc4_enc.c rc4_skey.c",
rmd160_asm_src => "",
rc5_asm_src => "rc5_enc.c",
wp_asm_src => "wp_block.c",
cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c",
modes_asm_src => "",
padlock_asm_src => "",
chacha_asm_src => "chacha_enc.c",
poly1305_asm_src => "",
unistd => "<unistd.h>",
shared_target => "",
shared_cflag => "",
shared_defines => [],
shared_ldflag => "",
shared_rcflag => "",
shared_extension => "",
#### Defaults for the benefit of the config targets who don't inherit
#### a BASE and assume Unix defaults
#### THESE WILL DISAPPEAR IN OpenSSL 1.2
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
AR => "(unused)",
ARFLAGS => "(unused)",
CC => "cc",
HASHBANGPERL => "/usr/bin/env perl",
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
#### THESE WILL BE ENABLED IN OpenSSL 1.2
#HASHBANGPERL => "PERL", # Only Unix actually cares
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
},
BASE_common => {
template => 1,
enable => [],
disable => [],
defines =>
sub {
my @defs = ( 'OPENSSL_BUILDING_OPENSSL' );
push @defs, "BROTLI" unless $disabled{brotli};
push @defs, "BROTLI_SHARED" unless $disabled{"brotli-dynamic"};
my @defs = ();
push @defs, "ZLIB" unless $disabled{zlib};
push @defs, "ZLIB_SHARED" unless $disabled{"zlib-dynamic"};
push @defs, "ZSTD" unless $disabled{zstd};
push @defs, "ZSTD_SHARED" unless $disabled{"zstd-dynamic"};
return [ @defs ];
},
includes =>
sub {
my @incs = ();
push @incs, $withargs{jitter_include}
if !$disabled{jitter} && $withargs{jitter_include};
push @incs, $withargs{brotli_include}
if !$disabled{brotli} && $withargs{brotli_include};
push @incs, $withargs{zlib_include}
if !$disabled{zlib} && $withargs{zlib_include};
push @incs, $withargs{zstd_include}
if !$disabled{zstd} && $withargs{zstd_include};
return [ @incs ];
},
},
BASE_unix => {
inherit_from => [ "BASE_common" ],
template => 1,
AR => "ar",
ARFLAGS => "qc",
CC => "cc",
OBJCOPY => "objcopy",
bin_cflags =>
sub {
my @flags = ();
if (!defined($disabled{pie})) {
push(@flags, "-fPIE");
}
return join(" ", @flags);
},
bin_lflags =>
sub {
my @flags = ();
if (!defined($disabled{pie})) {
push(@flags, "-pie");
}
return join(" ", @flags);
},
lflags =>
sub {
my @libs = ();
push(@libs, "-L".$withargs{jitter_lib}) if $withargs{jitter_lib};
push(@libs, "-L".$withargs{zlib_lib}) if $withargs{zlib_lib};
push(@libs, "-L".$withargs{brotli_lib}) if $withargs{brotli_lib};
push(@libs, "-L".$withargs{zstd_lib}) if $withargs{zstd_lib};
return join(" ", @libs);
},
ex_libs =>
sub {
my @libs = ();
push(@libs, "-l:libjitterentropy.a") if !defined($disabled{jitter});
push(@libs, "-lz") if !defined($disabled{zlib}) && defined($disabled{"zlib-dynamic"});
if (!defined($disabled{brotli}) && defined($disabled{"brotli-dynamic"})) {
push(@libs, "-lbrotlienc");
push(@libs, "-lbrotlidec");
push(@libs, "-lbrotlicommon");
push(@libs, "-lm");
unless ($disabled{zlib}) {
if (defined($disabled{"zlib-dynamic"})) {
if (defined($withargs{zlib_lib})) {
return "-L".$withargs{zlib_lib}." -lz";
} else {
return "-lz";
}
}
}
push(@libs, "-lzstd") if !defined($disabled{zstd}) && defined($disabled{"zstd-dynamic"});
return join(" ", @libs);
},
HASHBANGPERL => "/usr/bin/env perl", # Only Unix actually cares
RANLIB => sub { which("$config{cross_compile_prefix}ranlib")
? "ranlib" : "" },
RC => "windres",
return (); },
build_scheme => [ "unified", "unix" ],
build_file => "Makefile",
perl_platform => 'Unix',
},
BASE_Windows => {
inherit_from => [ "BASE_common" ],
template => 1,
lib_defines =>
sub {
my @defs = ();
unless ($disabled{"zlib-dynamic"}) {
my $zlib = $withargs{zlib_lib} // "ZLIB1";
push @defs, 'LIBZ=' . (quotify("perl", $zlib))[0];
}
return [ @defs ];
},
ex_libs =>
sub {
my @libs = ();
unless ($disabled{zlib}) {
if (defined($disabled{"zlib-dynamic"})) {
push(@libs, $withargs{zlib_lib} // "ZLIB1");
return $withargs{zlib_lib} // "ZLIB1";
}
}
unless ($disabled{zstd}) {
if (defined($disabled{"zstd-dynamic"})) {
push(@libs, $withargs{zstd_lib} // "libzstd");
}
}
unless ($disabled{brotli}) {
if (defined($disabled{"brotli-dynamic"})) {
my $path = "";
if (defined($withargs{brotli_lib})) {
$path = $withargs{brotli_lib} . "\\";
}
push(@libs, $path . "brotlicommon.lib");
push(@libs, $path . "brotlidec.lib");
push(@libs, $path . "brotlienc.lib");
}
}
return join(" ", @libs);
return ();
},
MT => "mt",
MTFLAGS => "-nologo",
ld => "link",
lflags => "/nologo",
loutflag => "/out:",
ar => "lib",
arflags => "/nologo",
aroutflag => "/out:",
rc => "rc",
rcoutflag => "/fo",
mt => "mt",
mtflags => "-nologo",
mtinflag => "-manifest ",
mtoutflag => "-outputresource:",
build_file => "makefile",
build_scheme => [ "unified", "windows" ],
perl_platform => 'Windows',
},
BASE_VMS => {
inherit_from => [ "BASE_common" ],
template => 1,
includes =>
add(sub {
my @incs = ();
# GNV$ZLIB_INCLUDE is the standard logical name for later
# zlib incarnations.
push @incs, 'GNV$ZLIB_INCLUDE:'
if !$disabled{zlib} && !$withargs{zlib_include};
return [ @incs ];
}),
build_file => "descrip.mms",
build_scheme => [ "unified", "VMS" ],
},
uplink_common => {
template => 1,
apps_aux_src => add("../ms/applink.c"),
uplink_aux_src => add("../ms/uplink.c"),
defines => add("OPENSSL_USE_APPLINK"),
},
x86_uplink => {
inherit_from => [ "uplink_common" ],
template => 1,
uplink_aux_src => add("uplink-x86.s"),
},
x86_64_uplink => {
inherit_from => [ "uplink_common" ],
template => 1,
uplink_aux_src => add("uplink-x86_64.s"),
},
ia64_uplink => {
inherit_from => [ "uplink_common" ],
template => 1,
uplink_aux_src => add("uplink-ia64.s"),
},
x86_asm => {
template => 1,
cpuid_asm_src => "x86cpuid.s",
bn_asm_src => "bn-586.s co-586.s x86-mont.s x86-gf2m.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86.s",
des_asm_src => "des-586.s crypt586.s",
aes_asm_src => "aes-586.s vpaes-x86.s aesni-x86.s",
bf_asm_src => "bf-586.s",
md5_asm_src => "md5-586.s",
cast_asm_src => "cast-586.s",
sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s",
rc4_asm_src => "rc4-586.s",
rmd160_asm_src => "rmd-586.s",
rc5_asm_src => "rc5-586.s",
wp_asm_src => "wp_block.c wp-mmx.s",
cmll_asm_src => "cmll-x86.s",
modes_asm_src => "ghash-x86.s",
padlock_asm_src => "e_padlock-x86.s",
chacha_asm_src => "chacha-x86.s",
poly1305_asm_src=> "poly1305-x86.s",
},
x86_elf_asm => {
template => 1,
inherit_from => [ "x86_asm" ],
perlasm_scheme => "elf"
},
x86_64_asm => {
template => 1,
cpuid_asm_src => "x86_64cpuid.s",
bn_asm_src => "asm/x86_64-gcc.c x86_64-mont.s x86_64-mont5.s x86_64-gf2m.s rsaz_exp.c rsaz-x86_64.s rsaz-avx2.s",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-x86_64.s",
aes_asm_src => "aes-x86_64.s vpaes-x86_64.s bsaes-x86_64.s aesni-x86_64.s aesni-sha1-x86_64.s aesni-sha256-x86_64.s aesni-mb-x86_64.s",
md5_asm_src => "md5-x86_64.s",
sha1_asm_src => "sha1-x86_64.s sha256-x86_64.s sha512-x86_64.s sha1-mb-x86_64.s sha256-mb-x86_64.s",
rc4_asm_src => "rc4-x86_64.s rc4-md5-x86_64.s",
wp_asm_src => "wp-x86_64.s",
cmll_asm_src => "cmll-x86_64.s cmll_misc.c",
modes_asm_src => "ghash-x86_64.s aesni-gcm-x86_64.s",
padlock_asm_src => "e_padlock-x86_64.s",
chacha_asm_src => "chacha-x86_64.s",
poly1305_asm_src=> "poly1305-x86_64.s",
},
ia64_asm => {
template => 1,
cpuid_asm_src => "ia64cpuid.s",
bn_asm_src => "bn-ia64.s ia64-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-ia64.s",
md5_asm_src => "md5-ia64.s",
sha1_asm_src => "sha1-ia64.s sha256-ia64.s sha512-ia64.s",
rc4_asm_src => "rc4-ia64.s rc4_skey.c",
modes_asm_src => "ghash-ia64.s",
perlasm_scheme => "void"
},
sparcv9_asm => {
template => 1,
cpuid_asm_src => "sparcv9cap.c sparccpuid.S",
bn_asm_src => "asm/sparcv8plus.S sparcv9-mont.S sparcv9a-mont.S vis3-mont.S sparct4-mont.S sparcv9-gf2m.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-sparcv9.S",
des_asm_src => "des_enc-sparc.S fcrypt_b.c dest4-sparcv9.S",
aes_asm_src => "aes_core.c aes_cbc.c aes-sparcv9.S aest4-sparcv9.S aesfx-sparcv9.S",
md5_asm_src => "md5-sparcv9.S",
sha1_asm_src => "sha1-sparcv9.S sha256-sparcv9.S sha512-sparcv9.S",
cmll_asm_src => "camellia.c cmll_misc.c cmll_cbc.c cmllt4-sparcv9.S",
modes_asm_src => "ghash-sparcv9.S",
poly1305_asm_src=> "poly1305-sparcv9.S",
perlasm_scheme => "void"
},
sparcv8_asm => {
template => 1,
cpuid_asm_src => "",
bn_asm_src => "asm/sparcv8.S",
des_asm_src => "des_enc-sparc.S fcrypt_b.c",
perlasm_scheme => "void"
},
alpha_asm => {
template => 1,
cpuid_asm_src => "alphacpuid.s",
bn_asm_src => "bn_asm.c alpha-mont.S",
sha1_asm_src => "sha1-alpha.S",
modes_asm_src => "ghash-alpha.S",
perlasm_scheme => "void"
},
mips32_asm => {
template => 1,
bn_asm_src => "bn-mips.S mips-mont.S",
aes_asm_src => "aes_cbc.c aes-mips.S",
sha1_asm_src => "sha1-mips.S sha256-mips.S",
},
mips64_asm => {
inherit_from => [ "mips32_asm" ],
template => 1,
sha1_asm_src => add("sha512-mips.S"),
poly1305_asm_src=> "poly1305-mips.S",
},
s390x_asm => {
template => 1,
cpuid_asm_src => "s390xcap.c s390xcpuid.S",
bn_asm_src => "asm/s390x.S s390x-mont.S s390x-gf2m.s",
aes_asm_src => "aes-s390x.S aes-ctr.fake aes-xts.fake",
sha1_asm_src => "sha1-s390x.S sha256-s390x.S sha512-s390x.S",
rc4_asm_src => "rc4-s390x.s",
modes_asm_src => "ghash-s390x.S",
chacha_asm_src => "chacha-s390x.S",
poly1305_asm_src=> "poly1305-s390x.S",
},
armv4_asm => {
template => 1,
cpuid_asm_src => "armcap.c armv4cpuid.S",
bn_asm_src => "bn_asm.c armv4-mont.S armv4-gf2m.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv4.S",
aes_asm_src => "aes_cbc.c aes-armv4.S bsaes-armv7.S aesv8-armx.S",
sha1_asm_src => "sha1-armv4-large.S sha256-armv4.S sha512-armv4.S",
modes_asm_src => "ghash-armv4.S ghashv8-armx.S",
chacha_asm_src => "chacha-armv4.S",
poly1305_asm_src=> "poly1305-armv4.S",
perlasm_scheme => "void"
},
aarch64_asm => {
template => 1,
cpuid_asm_src => "armcap.c arm64cpuid.S",
ec_asm_src => "ecp_nistz256.c ecp_nistz256-armv8.S",
bn_asm_src => "bn_asm.c armv8-mont.S",
aes_asm_src => "aes_core.c aes_cbc.c aesv8-armx.S vpaes-armv8.S",
sha1_asm_src => "sha1-armv8.S sha256-armv8.S sha512-armv8.S",
modes_asm_src => "ghashv8-armx.S",
chacha_asm_src => "chacha-armv8.S",
poly1305_asm_src=> "poly1305-armv8.S",
},
parisc11_asm => {
template => 1,
cpuid_asm_src => "pariscid.s",
bn_asm_src => "bn_asm.c parisc-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-parisc.s",
sha1_asm_src => "sha1-parisc.s sha256-parisc.s sha512-parisc.s",
rc4_asm_src => "rc4-parisc.s",
modes_asm_src => "ghash-parisc.s",
perlasm_scheme => "32"
},
parisc20_64_asm => {
template => 1,
inherit_from => [ "parisc11_asm" ],
perlasm_scheme => "64",
},
ppc32_asm => {
template => 1,
cpuid_asm_src => "ppccpuid.s ppccap.c",
bn_asm_src => "bn-ppc.s ppc-mont.s",
aes_asm_src => "aes_core.c aes_cbc.c aes-ppc.s vpaes-ppc.s aesp8-ppc.s",
sha1_asm_src => "sha1-ppc.s sha256-ppc.s sha512-ppc.s sha256p8-ppc.s sha512p8-ppc.s",
modes_asm_src => "ghashp8-ppc.s",
chacha_asm_src => "chacha-ppc.s",
poly1305_asm_src=> "poly1305-ppc.s poly1305-ppcfp.s",
},
ppc64_asm => {
inherit_from => [ "ppc32_asm" ],
template => 1,
ec_asm_src => "ecp_nistz256.c ecp_nistz256-ppc64.s",
perl_platform => 'VMS',
},
);

2128
Configurations/10-main.conf
View File

File diff suppressed because it is too large Load Diff

300
Configurations/15-android.conf
View File

@@ -1,300 +0,0 @@
#### Android...
#
# See NOTES-Android.md for details, and don't miss platform-specific
# comments below...
{
use File::Spec::Functions;
my $android_ndk = {};
my %triplet = (
arm => "arm-linux-androideabi",
arm64 => "aarch64-linux-android",
mips => "mipsel-linux-android",
mips64 => "mips64el-linux-android",
riscv64 => "riscv64-linux-android",
x86 => "i686-linux-android",
x86_64 => "x86_64-linux-android",
);
sub android_ndk {
unless (%$android_ndk) {
if ($now_printing =~ m|^android|) {
return $android_ndk = { bn_ops => "BN_AUTO" };
}
my $ndk_var;
my $ndk;
foreach (qw(ANDROID_NDK_ROOT ANDROID_NDK)) {
$ndk_var = $_;
$ndk = $ENV{$ndk_var};
last if defined $ndk;
}
die "\$ANDROID_NDK_ROOT is not defined" if (!$ndk);
my $is_standalone_toolchain = -f "$ndk/AndroidVersion.txt";
my $ndk_src_props = "$ndk/source.properties";
my $is_ndk = -f $ndk_src_props;
if ($is_ndk == $is_standalone_toolchain) {
die "\$ANDROID_NDK_ROOT=$ndk is invalid";
}
$ndk = canonpath($ndk);
my $ndkver = undef;
if (open my $fh, "<$ndk_src_props") {
local $_;
while(<$fh>) {
if (m|Pkg\.Revision\s*=\s*([0-9]+)|) {
$ndkver = $1;
last;
}
}
close $fh;
}
my ($sysroot, $api, $arch);
$config{target} =~ m|[^-]+-([^-]+)$|; # split on dash
$arch = $1;
if ($sysroot = $ENV{CROSS_SYSROOT}) {
$sysroot =~ m|/android-([0-9]+)/arch-(\w+)/?$|;
($api, $arch) = ($1, $2);
} elsif ($is_standalone_toolchain) {
$sysroot = "$ndk/sysroot";
} else {
$api = "*";
# see if user passed -D__ANDROID_API__=N
foreach (@{$useradd{CPPDEFINES}}, @{$user{CPPFLAGS}}) {
if (m|__ANDROID_API__=([0-9]+)|) {
$api = $1;
last;
}
}
if (-d "$ndk/platforms") {
# list available platforms (numerically)
my @platforms = sort { $a =~ m/-([0-9]+)$/; my $aa = $1;
$b =~ m/-([0-9]+)$/; $aa <=> $1;
} glob("$ndk/platforms/android-$api");
die "no $ndk/platforms/android-$api" if ($#platforms < 0);
$sysroot = "@platforms[$#platforms]/arch-$arch";
$sysroot =~ m|/android-([0-9]+)/arch-$arch|;
$api = $1;
} elsif ($api eq "*") {
# r22 Removed platforms dir, use this JSON file
my $path = "$ndk/meta/platforms.json";
open my $fh, $path or die "Could not open '$path' $!";
while (<$fh>) {
if (/"max": (\d+),/) {
$api = $1;
last;
}
}
close $fh;
}
die "Could not get default API Level" if ($api eq "*");
}
die "no sysroot=$sysroot" if (length $sysroot && !-d $sysroot);
my $triarch = $triplet{$arch};
my $cflags;
my $cppflags;
# see if there is NDK clang on $PATH, "universal" or "standalone"
if (which("clang") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
my $host=$1;
# harmonize with gcc default
my $arm = $ndkver > 16 ? "armv7a" : "armv5te";
(my $tridefault = $triarch) =~ s/^arm-/$arm-/;
(my $tritools = $triarch) =~ s/(?:x|i6)86(_64)?-.*/x86$1/;
if (length $sysroot) {
$cflags .= " -target $tridefault "
. "-gcc-toolchain \$($ndk_var)/toolchains"
. "/$tritools-4.9/prebuilt/$host";
$user{CC} = "clang" if ($user{CC} !~ m|clang|);
} else {
$user{CC} = "$tridefault$api-clang";
}
$user{CROSS_COMPILE} = undef;
if (which("llvm-ar") =~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
$user{AR} = "llvm-ar";
$user{ARFLAGS} = [ "rs" ];
$user{RANLIB} = ":";
}
} elsif ($is_standalone_toolchain) {
my $cc = $user{CC} // "clang";
# One can probably argue that both clang and gcc should be
# probed, but support for "standalone toolchain" was added
# *after* announcement that gcc is being phased out, so
# favouring clang is considered adequate. Those who insist
# have option to enforce test for gcc with CC=gcc.
if (which("$triarch-$cc") !~ m|^$ndk|) {
die "no NDK $triarch-$cc on \$PATH";
}
$user{CC} = $cc;
$user{CROSS_COMPILE} = "$triarch-";
} elsif ($user{CC} eq "clang") {
die "no NDK clang on \$PATH";
} else {
if (which("$triarch-gcc") !~ m|^$ndk/.*/prebuilt/([^/]+)/|) {
die "no NDK $triarch-gcc on \$PATH";
}
$cflags .= " -mandroid";
$user{CROSS_COMPILE} = "$triarch-";
}
if (length $sysroot) {
if (!-d "$sysroot/usr/include") {
my $incroot = "$ndk/sysroot/usr/include";
die "no $incroot" if (!-d $incroot);
die "no $incroot/$triarch" if (!-d "$incroot/$triarch");
$incroot =~ s|^$ndk/||;
$cppflags = "-D__ANDROID_API__=$api";
$cppflags .= " -isystem \$($ndk_var)/$incroot/$triarch";
$cppflags .= " -isystem \$($ndk_var)/$incroot";
}
$sysroot =~ s|^$ndk/||;
$sysroot = " --sysroot=\$($ndk_var)/$sysroot";
}
$android_ndk = {
cflags => $cflags . $sysroot,
cppflags => $cppflags,
bn_ops => $arch =~ m/64$/ ? "SIXTY_FOUR_BIT_LONG"
: "BN_LLONG",
};
}
return $android_ndk;
}
}
my %targets = (
"android" => {
inherit_from => [ "linux-generic32" ],
template => 1,
################################################################
# Special note about -pie. The underlying reason is that
# Lollipop refuses to run non-PIE. But what about older systems
# and NDKs? -fPIC was never problem, so the only concern is -pie.
# Older toolchains, e.g. r4, appear to handle it and binaries
# turn out mostly functional. "Mostly" means that oldest
# Androids, such as Froyo, fail to handle executable, but newer
# systems are perfectly capable of executing binaries targeting
# Froyo. Keep in mind that in the nutshell Android builds are
# about JNI, i.e. shared libraries, not applications.
cflags => add(sub { android_ndk()->{cflags} }),
cppflags => add(sub { android_ndk()->{cppflags} }),
cxxflags => add(sub { android_ndk()->{cflags} }),
bn_ops => sub { android_ndk()->{bn_ops} },
bin_cflags => "-fPIE",
bin_lflags => "-pie",
enable => [ ],
shared_extension => ".so",
},
"android-arm" => {
################################################################
# Contemporary Android applications can provide multiple JNI
# providers in .apk, targeting multiple architectures. Among
# them there is "place" for two ARM flavours: generic eabi and
# armv7-a/hard-float. However, it should be noted that OpenSSL's
# ability to engage NEON is not constrained by ABI choice, nor
# is your ability to call OpenSSL from your application code
# compiled with floating-point ABI other than default 'soft'.
# (Latter thanks to __attribute__((pcs("aapcs"))) declaration.)
# This means that choice of ARM libraries you provide in .apk
# is driven by application needs. For example if application
# itself benefits from NEON or is floating-point intensive, then
# it might be appropriate to provide both libraries. Otherwise
# just generic eabi would do. But in latter case it would be
# appropriate to
#
# ./Configure android-arm -D__ARM_MAX_ARCH__=8
#
# in order to build "universal" binary and allow OpenSSL take
# advantage of NEON when it's available.
#
# Keep in mind that (just like with linux-armv4) we rely on
# compiler defaults, which is not necessarily what you had
# in mind, in which case you would have to pass additional
# -march and/or -mfloat-abi flags. NDK defaults to armv5te.
# Newer NDK versions reportedly require additional -latomic.
#
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'armv4',
perlasm_scheme => "void",
},
"android-arm64" => {
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'aarch64',
perlasm_scheme => "linux64",
shared_ldflag => add("-Wl,-z,max-page-size=16384"),
},
"android-mips" => {
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'mips32',
perlasm_scheme => "o32",
},
"android-mips64" => {
################################################################
# You are more than likely have to specify target processor
# on ./Configure command line. Trouble is that toolchain's
# default is MIPS64r6 (at least in r10d), but there are no
# such processors around (or they are too rare to spot one).
# Actual problem is that MIPS64r6 is binary incompatible
# with previous MIPS ISA versions, in sense that unlike
# prior versions original MIPS binary code will fail.
#
inherit_from => [ "android" ],
bn_ops => add("RC4_CHAR"),
asm_arch => 'mips64',
perlasm_scheme => "64",
},
"android-x86" => {
inherit_from => [ "android" ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
bn_ops => add("RC4_INT"),
asm_arch => 'x86',
perlasm_scheme => "android",
ex_libs => add(threads("-latomic")),
},
"android-x86_64" => {
inherit_from => [ "android" ],
bn_ops => add("RC4_INT"),
asm_arch => 'x86_64',
perlasm_scheme => "elf",
shared_ldflag => add("-Wl,-z,max-page-size=16384"),
},
"android-riscv64" => {
inherit_from => [ "android" ],
asm_arch => 'riscv64',
perlasm_scheme => "linux64",
},
####################################################################
# Backward compatible targets, (might) require $CROSS_SYSROOT
#
"android-armeabi" => {
inherit_from => [ "android-arm" ],
},
"android64" => {
inherit_from => [ "android" ],
},
"android64-aarch64" => {
inherit_from => [ "android-arm64" ],
},
"android64-x86_64" => {
inherit_from => [ "android-x86_64" ],
},
"android64-mips64" => {
inherit_from => [ "android-mips64" ],
},
);

89
Configurations/15-ios.conf
View File

@@ -1,89 +0,0 @@
#### iPhoneOS/iOS
#
# `xcrun` targets require an Xcode that can determine the correct C compiler via
# `xcrun -sdk iphoneos`. This has been standard in Xcode for a while now - any recent
# Xcode should do. If the Xcode on the build machine doesn't support this then use
# the legacy targets at the end of this file. These require manual definition of
# environment variables.
#
my %targets = (
"ios-common" => {
template => 1,
inherit_from => [ "darwin-common" ],
sys_id => "iOS",
disable => [ "async" ],
},
"ios-xcrun" => {
inherit_from => [ "ios-common" ],
# It should be possible to go below iOS 6 and even add -arch armv6,
# thus targeting iPhone pre-3GS, but it's assumed to be irrelevant
# at this point.
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch armv7 -fno-common"),
asm_arch => 'armv4',
perlasm_scheme => "ios32",
},
"ios64-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphoneos cc",
cflags => add("-arch arm64 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG RC4_CHAR",
asm_arch => 'aarch64',
perlasm_scheme => "ios64",
},
"iossimulator-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
},
"iossimulator-arm64-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
cflags => add("-arch arm64 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
asm_arch => 'aarch64',
perlasm_scheme => "ios64",
},
"iossimulator-i386-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
cflags => add("-arch i386 -fno-common"),
bn_ops => "BN_LLONG",
asm_arch => 'x86',
perlasm_scheme => "macosx",
},
"iossimulator-x86_64-xcrun" => {
inherit_from => [ "ios-common" ],
CC => "xcrun -sdk iphonesimulator cc",
cflags => add("-arch x86_64 -fno-common"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
asm_arch => 'x86_64',
perlasm_scheme => "macosx",
},
# It takes three prior-set environment variables to make it work:
#
# CROSS_COMPILE=/where/toolchain/is/usr/bin/ [note ending slash]
# CROSS_TOP=/where/SDKs/are
# CROSS_SDK=iPhoneOSx.y.sdk
#
# Exact paths vary with Xcode releases, but for couple of last ones
# they would look like this:
#
# CROSS_COMPILE=`xcode-select --print-path`/Toolchains/XcodeDefault.xctoolchain/usr/bin/
# CROSS_TOP=`xcode-select --print-path`/Platforms/iPhoneOS.platform/Developer
# CROSS_SDK=iPhoneOS.sdk
#
"iphoneos-cross" => {
inherit_from => [ "ios-common" ],
cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\" -fno-common"),
},
"ios-cross" => {
inherit_from => [ "ios-xcrun" ],
CC => "cc",
cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""),
},
"ios64-cross" => {
inherit_from => [ "ios64-xcrun" ],
CC => "cc",
cflags => add("-isysroot \"\$(CROSS_TOP)/SDKs/\$(CROSS_SDK)\""),
},
);

121
Configurations/50-cppbuilder.conf
View File

@@ -1,121 +0,0 @@
my %targets = (
"BC-32" => {
inherit_from => [ "BASE_Windows" ],
sys_id => "WIN32",
bn_ops => "BN_LLONG",
thread_scheme => "winthreads",
cc => "bcc32c",
CPP => "cpp32 -oCON -Sc -Sr",
defines => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN32",
"L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp",
"_strnicmp=strnicmp", "_malloca=malloc",
"_freea=free", "_setmode=setmode"),
cflags => picker(default => add("-q -c",
threads("-tM"),
shared("-tR")),
debug => "-Od -v -vi- -D_DEBUG",
release => "-O2"),
bin_cflags => "-tWC",
lib_cflags => shared("-tWD -D_WINDLL -D_DLL"),
coutflag => "-o",
# -Sx isn't documented, but 'cpp32 -H -S' explains it:
#
# -Sx Omit preprocessed text in output
makedepcmd => "cpp32 -oCON -Sx -Hp",
makedep_scheme => "embarcadero",
LD => "ilink32",
LDFLAGS => picker(default => "-x -Gn -q -w-dup",
debug => '-j"$(BDS)\lib\win32c\debug" ' .
'-L"$(BDS)\lib\win32c\debug" -v',
release => '-j"$(BDS)\lib\win32c\release" ' .
'-L"$(BDS)\lib\win32c\release"'),
bin_lflags => "-ap -Tpe c0x32.obj wildargs.obj",
ldoutflag => ",",
ldpostoutflag => ",,",
ld_resp_delim => " +\n",
ex_libs => add(sub {
my @ex_libs = ("import32.lib",
($disabled{shared}
? ($disabled{threads} ? "cw32.lib" : "cw32mt.lib")
: ($disabled{threads} ? "cw32i.lib" : "cw32mti.lib")));
push @ex_libs, "ws2_32.lib" unless $disabled{sock};
return join(" ", @ex_libs);
}),
AR => "tlib",
ARFLAGS => "/P256 /N /u",
ar_resp_delim => " &\n",
RC => "brcc32",
RCFLAGS => '-i"$(BDS)\include\windows\sdk"',
rcoutflag => "-fo",
shared_target => "win-shared",
shared_ldflag => "-aa -Tpd c0d32.obj",
lddefflag => ",",
ldresflag => ",",
ld_implib_rule => 'implib -a $< $**',
dso_scheme => "win32",
shared_defflag => '',
perl_platform => 'Windows::cppbuilder',
uplink_arch => 'common',
},
"BC-64" => {
inherit_from => [ "BASE_Windows" ],
sys_id => "WIN64",
bn_ops => "BN_LLONG",
thread_scheme => "winthreads",
cc => "bcc64",
CPP => "cpp64 -oCON -Sc -Sr",
defines => add("WIN32_LEAN_AND_MEAN", "OPENSSL_SYS_WIN64",
"L_ENDIAN", "DSO_WIN32", "_stricmp=stricmp",
"_strnicmp=strnicmp", "_setmode=setmode"),
cflags => picker(default => add("-q -c",
threads("-tM"),
shared("-tR")),
debug => "-Od -v -vi- -D_DEBUG",
release => "-O2"),
bin_cflags => "-tWC",
lib_cflags => shared("-tWD -D_WINDLL -D_DLL"),
coutflag => "-o",
# -Sx isn't documented, but 'cpp64 -H -S' explains it:
#
# -Sx Omit preprocessed text in output
makedepcmd => "cpp64 -oCON -Sx -Hp",
makedep_scheme => "embarcadero",
LD => "ilink64",
LDFLAGS => picker(default => "-x -Gn -q -w-dup",
debug => '-j"$(BDS)\lib\win64\debug" ' .
'-L"$(BDS)\lib\win64\debug" -v',
release => '-j"$(BDS)\lib\win64\release" ' .
'-L"$(BDS)\lib\win64\release"'),
bin_lflags => "-ap -Tpe c0x64.o wildargs.o",
ldoutflag => ",",
ldpostoutflag => ",,",
ld_resp_delim => " +\n",
ex_libs => add(sub {
my @ex_libs = ("import64.a",
($disabled{shared}
? ($disabled{threads} ? "cw64.a" : "cw64mt.a")
: ($disabled{threads} ? "cw64i.a" : "cw64mti.a")));
push @ex_libs, "ws2_32.a" unless $disabled{sock};
return join(" ", @ex_libs);
}),
AR => "tlib",
ARFLAGS => "/P256 /N /u",
ar_resp_delim => " &\n",
RC => "brcc32",
RCFLAGS => '-i"$(BDS)\include\windows\sdk"',
rcoutflag => "-fo",
shared_target => "win-shared",
shared_ldflag => "-aa -Tpd c0d64.o",
lddefflag => ",",
ldresflag => ",",
ld_implib_rule => 'implib -a $< $**',
dso_scheme => "win64",
shared_defflag => '',
perl_platform => 'Windows::cppbuilder',
uplink_arch => 'common',
}
);

13
Configurations/50-djgpp.conf
View File

@@ -2,17 +2,14 @@
# and rely entirely on the OpenSSL community to help is fine
# tune and test.
my %targets = (
%targets = (
"DJGPP" => {
inherit_from => [ "BASE_unix" ],
CC => "gcc",
CFLAGS => "-fomit-frame-pointer -O2 -Wall",
cflags => "-I\$(WATT_ROOT)/inc -DTERMIOS -DL_ENDIAN",
inherit_from => [ asm("x86_asm") ],
cc => "gcc",
cflags => "-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall",
sys_id => "MSDOS",
lflags => add("-L\$(WATT_ROOT)/lib"),
ex_libs => add("-lwatt"),
ex_libs => add("-L/dev/env/WATT_ROOT/lib -lwatt"),
bn_ops => "BN_LLONG",
asm_arch => 'x86',
perlasm_scheme => "a.out",
},
);

20
Configurations/50-haiku.conf
View File

@@ -1,15 +1,11 @@
my %targets = (
%targets = (
"haiku-common" => {
template => 1,
CC => "cc",
CFLAGS => add_before(picker(default => "-Wall",
cc => "cc",
cflags => add_before(picker(default => "-DL_ENDIAN -Wall -include \$(SRCDIR)/os-dep/haiku.h",
debug => "-g -O0",
release => "-O2")),
cflags => add_before("-DL_ENDIAN -include \$(SRCDIR)/os-dep/haiku.h",
release => "-O2"),
threads("-D_REENTRANT")),
AR => "ar",
ARFLAGS => "qc",
HASHBANGPERL => "/bin/env perl",
sys_id => "HAIKU",
ex_libs => "-lnetwork",
perlasm_scheme => "elf",
@@ -18,14 +14,12 @@ my %targets = (
shared_target => "gnu-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-shared",
perl_platform => 'Unix',
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"haiku-x86" => {
inherit_from => [ "haiku-common" ],
CFLAGS => add(picker(release => "-fomit-frame-pointer")),
inherit_from => [ "haiku-common", asm("x86_elf_asm") ],
cflags => add(picker(release => "-fomit-frame-pointer")),
bn_ops => "BN_LLONG",
asm_arch => 'x86',
perlasm_scheme => 'elf',
},
"haiku-x86_64" => {
inherit_from => [ "haiku-common" ],

15
Configurations/50-masm.conf
View File

@@ -7,17 +7,16 @@
# proven to be daunting task. This is experimental target, for
# production builds stick with [up-to-date version of] nasm.
my %targets = (
%targets = (
"VC-WIN64A-masm" => {
inherit_from => [ "VC-WIN64-common" ],
AS => "ml64",
ASFLAGS => "/nologo /Zi",
inherit_from => [ "VC-WIN64-common", asm("x86_64_asm"),
sub { $disabled{shared} ? () : "x86_64_uplink" } ],
as => "ml64",
asflags => "/nologo /c /Cp /Cx /Zi",
asoutflag => "/Fo",
asflags => "/c /Cp /Cx",
sys_id => "WIN64A",
uplink_arch => 'x86_64',
asm_arch => 'x86_64',
bn_asm_src => sub { return undef unless @_;
my $r=join(" ",@_); $r=~s|asm/x86_64-gcc|bn_asm|; $r; },
perlasm_scheme => "masm",
multilib => "-x64",
},
);

285
Configurations/50-nonstop.conf
View File

@@ -1,285 +0,0 @@
#### Nonstop configurations
# Common for all
'nonstop-common' => {
inherit_from => [ 'BASE_unix' ],
template => 1,
cc => 'c99',
cflags => add_before(picker(debug => '-g -O0',
release => '-g -O2'),
'-Wextensions',
'-Wnowarn=203,220,272,734,770,1506',
'-Wbuild_neutral_library',
'-Wverbose'),
defines => add('OPENSSL_VPROC=$(OPENSSL_VPROC)',
'_XOPEN_SOURCE',
'_XOPEN_SOURCE_EXTENDED=1',
'_TANDEM_SOURCE',
'__NSK_OPTIONAL_TYPES__',
'B_ENDIAN'),
perl => '/usr/bin/perl',
shared_target => 'nonstop-shared',
shared_extension => ".so",
ex_libs => add('-lrld'),
enable => ['egd'],
# Not currently inherited
disable => ['atexit'],
dso_scheme => 'DLFCN',
sys_id => 'TANDEM',
},
######################################################################
# Additional variant settings, to be combined with nonstop-common
# Note that these do not inherit anything. However, the diverse values
# are merged with other entries in an 'inherit_from'.
#
# These combine:
# - System architecture (MIPS, Itanium, or x86)
# - Execution environment (oss [default] or guardian)
#
# Unfortunately, they can't be separated into independent templates, because
# a number of the above are encoded as different linkers, and by consequence,
# different c99 linker flags (-Wld, -Weld, and -Wxld)
#
# In addition, the are modifiers for:
# - Size of long + pointer (ilp32 [default] and lp64)
# - Float type (neutral and tandem)
#
# Unfortunately, because the float types affect the linker settings, those
# are divided per system architecture
#
# MIPS + guardian (unused but present for convenience):
'nonstop-archenv-mips-guardian' => {
template => 1,
defines => ['NO_GETPID'],
cflags => '-Wtarget=tns/r -Wsystype=guardian',
lflags => '-Wld="-set systype guardian"',
shared_ldflag => '-Wshared -Wld="-soname $(@:lib%.so=%)"',
shared_defflag => '-Wld_obey=',
shared_argfileflag => '-Wld_obey=',
},
# Itanium + guardian:
'nonstop-archenv-itanium-guardian' => {
template => 1,
defines => ['NO_GETPID'],
cflags => '-Wtarget=tns/e -Wsystype=guardian',
lflags => '-Weld="-set systype guardian"',
shared_ldflag => '-Wshared -Weld="-soname $(@:lib%.so=%)"',
shared_defflag => '-Weld_obey=',
shared_argfileflag => '-Weld_obey=',
},
# x86 + guardian:
'nonstop-archenv-x86_64-guardian' => {
template => 1,
defines => ['NO_GETPID'],
cflags => '-Wtarget=tns/x -Wsystype=guardian',
lflags => '-Wxld="-set systype guardian"',
shared_ldflag => '-Wshared -Wxld="-soname $(@:lib%.so=%)"',
shared_defflag => '-Wxld_obey=',
shared_argfileflag => '-Wxld_obey=',
},
# MIPS + oss (unused but present for convenience):
'nonstop-archenv-mips-oss' => {
template => 1,
cflags => '-Wtarget=tns/r -Wsystype=oss',
lflags => '-Wld="-set systype oss"',
shared_ldflag => '-Wshared',
shared_defflag => '-Wld_obey=',
shared_argfileflag => '-Wld_obey=',
},
# Itanium + oss:
'nonstop-archenv-itanium-oss' => {
template => 1,
cflags => '-Wtarget=tns/e -Wsystype=oss',
lflags => '-Weld="-set systype oss"',
shared_ldflag => '-Wshared',
shared_defflag => '-Weld_obey=',
shared_argfileflag => '-Weld_obey=',
},
# x86_64 + oss:
'nonstop-archenv-x86_64-oss' => {
template => 1,
cflags => '-Wtarget=tns/x -Wsystype=oss',
lflags => '-Wxld="-set systype oss"',
shared_ldflag => '-Wshared',
shared_defflag => '-Wxld_obey=',
shared_argfileflag => '-Wxld_obey=',
},
# Size variants
'nonstop-ilp32' => {
template => 1,
cflags => '-Wilp32',
bn_ops => 'THIRTY_TWO_BIT',
},
'nonstop-lp64-itanium' => {
template => 1,
cflags => '-Wlp64',
bn_ops => 'SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR',
},
'nonstop-lp64-x86_64' => {
template => 1,
cflags => '-Wlp64',
lflags => '-Wxld="-set data_model lp64"',
bn_ops => 'SIXTY_FOUR_BIT',
},
# Float variants
'nonstop-nfloat-mips' => {
template => 1,
lflags => '-Wld="-set floattype neutral_float"',
},
'nonstop-tfloat-mips' => {
template => 1,
lflags => '-Wld="-set floattype tandem_float"',
},
'nonstop-efloat-itanium' => {
template => 1,
cflags => '-WIEEE_float',
lflags => '-Weld="-set floattype ieee_float"',
},
'nonstop-nfloat-itanium' => {
template => 1,
lflags => '-Weld="-set floattype neutral_float"',
},
'nonstop-tfloat-itanium' => {
template => 1,
cflags => '-WTandem_float',
lflags => '-Weld="-set floattype tandem_float"',
},
'nonstop-efloat-x86_64' => {
template => 1,
cflags => '-WIEEE_float',
lflags => '-Wxld="-set floattype ieee_float"',
},
'nonstop-nfloat-x86_64' => {
template => 1,
lflags => '-Wxld="-set floattype neutral_float"',
},
'nonstop-tfloat-x86_64' => {
template => 1,
cflags => '-WTandem_float',
lflags => '-Wxld="-set floattype tandem_float"',
},
######################################################################
# Build models
'nonstop-model-put' => {
template => 1,
disable => ['secure-memory'],
defines => ['_PUT_MODEL_',
'_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
ex_libs => '-lput',
},
######################################################################
# Build models
'nonstop-model-klt' => {
template => 1,
disable => ['secure-memory'],
defines => ['_KLT_MODEL_',
'_REENTRANT', '_THREAD_SUPPORT_FUNCTIONS'],
ex_libs => '-lklt',
},
######################################################################
# Now for the entries themselves, let's combine things!
'nonstop-nsx' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-ilp32',
'nonstop-efloat-x86_64' ],
disable => ['threads','atexit'],
},
'nonstop-nsx_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-ilp32',
'nonstop-efloat-x86_64',
'nonstop-model-put' ],
multilib => '-put',
multibin => '-put',
disable => ['atexit'],
},
'nonstop-nsx_64' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-lp64-x86_64',
'nonstop-efloat-x86_64' ],
multilib => '64',
multibin => '64',
disable => ['threads','atexit'],
},
'nonstop-nsx_64_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-lp64-x86_64',
'nonstop-efloat-x86_64',
'nonstop-model-put' ],
multilib => '64-put',
multibin => '64-put',
disable => ['atexit'],
},
'nonstop-nsx_64_klt' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-oss',
'nonstop-lp64-x86_64',
'nonstop-efloat-x86_64',
'nonstop-model-klt' ],
multilib => '64-klt',
multibin => '64-klt',
disable => ['atexit'],
},
'nonstop-nsx_g' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-guardian',
'nonstop-ilp32', 'nonstop-nfloat-x86_64' ],
disable => ['threads','atexit'],
},
'nonstop-nsx_g_tandem' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-x86_64-guardian',
'nonstop-ilp32', 'nonstop-tfloat-x86_64' ],
disable => ['threads','atexit'],
},
'nonstop-nsv' => {
inherit_from => [ 'nonstop-nsx' ],
},
'nonstop-nse' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-ilp32',
'nonstop-efloat-itanium' ],
disable => ['threads','atexit'],
},
'nonstop-nse_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-ilp32',
'nonstop-efloat-itanium',
'nonstop-model-put' ],
multilib => '-put',
multibin => '-put',
disable => ['atexit'],
},
'nonstop-nse_64' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-lp64-itanium',
'nonstop-efloat-itanium' ],
multilib => '64',
multibin => '64',
disable => ['threads','atexit'],
},
'nonstop-nse_64_put' => {
inherit_from => [ 'nonstop-common',
'nonstop-archenv-itanium-oss',
'nonstop-lp64-itanium',
'nonstop-efloat-itanium',
'nonstop-model-put' ],
multilib => '64-put',
multibin => '64-put',
disable => ['atexit'],
},

11
Configurations/50-os390.conf
View File

@@ -1,11 +0,0 @@
## -*- mode: perl; -*-
(
# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
"OS390-Unix" => {
inherit_from => [ "BASE_unix" ],
cc => "cc",
cflags => "-O -DB_ENDIAN -DCHARSET_EBCDIC",
bn_ops => "THIRTY_TWO_BIT RC4_CHAR",
thread_scheme => "(unknown)",
}
);

14
Configurations/50-vms-x86_64.conf
View File

@@ -1,14 +0,0 @@
## -*- mode: perl; -*-
# OpenVMS cross compilation of x86_64 binaries on Itanium. This doesn't
# fit the usual cross compilation parameters that are used on Unixly machines
(
'vms-x86_64-cross-ia64' => {
inherit_from => [ 'vms-generic' ],
CC => 'XCC',
bn_ops => 'SIXTY_FOUR_BIT',
pointer_size => '',
setup_commands => [ '@SYS$MANAGER:X86_XTOOLS$SYLOGIN.COM' ],
}
);

36
Configurations/50-win-clang-cl.conf
View File

@@ -1,36 +0,0 @@
## -*- mode: perl; -*-
# Windows on Arm clang-cl targets.
#
my %targets = (
"VC-WIN64-CLANGASM-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
multilib => "-arm64",
asm_arch => "aarch64",
AS => "clang-cl.exe",
ASFLAGS => "/nologo /Zi --target=arm64-pc-windows-msvc",
asflags => "/c",
asoutflag => "/Fo",
perlasm_scheme => "win64",
uplink_arch => 'armv8',
},
"VC-CLANG-WIN64-CLANGASM-ARM" => {
CC => "clang-cl",
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
multilib => "-arm64",
asm_arch => "aarch64",
CFLAGS => add("--target=arm64-pc-windows-msvc"),
AS => "clang-cl.exe",
ASFLAGS => "/nologo /Zi --target=arm64-pc-windows-msvc",
asflags => "/c",
asoutflag => "/Fo",
perlasm_scheme => "win64",
uplink_arch => 'armv8',
},
);

37
Configurations/50-win-hybridcrt.conf
View File

@@ -1,37 +0,0 @@
## -*- mode: perl; -*-
# Windows HybridCRT targets.
#
# https://github.com/microsoft/WindowsAppSDK/blob/77761e244289fda6b3d5f14c7bded189fed4fb89/docs/Coding-Guidelines/HybridCRT.md
# Link statically against the runtime and STL, but link dynamically against the CRT by ignoring the static CRT
# lib and instead linking against the Universal CRT DLL import library. This "Hybrid" linking mechanism is
# supported according to the CRT maintainer. Dynamic linking against the CRT makes the binaries a bit smaller
# than they would otherwise be if the CRT, runtime, and STL were all statically linked in.
sub remove_from_flags {
my ($toRemove, $flags) = @_;
$flags =~ s/$toRemove//;
return $flags;
}
my %targets = (
"VC-WIN32-HYBRIDCRT" => {
inherit_from => [ "VC-WIN32" ],
cflags => sub {
remove_from_flags(qr/\/MDd?\s/, add(picker(debug => "/MTd",
release => "/MT"))->(@_))
},
lflags => add(picker(debug => "/NODEFAULTLIB:libucrtd.lib /DEFAULTLIB:ucrtd.lib",
release => "/NODEFAULTLIB:libucrt.lib /DEFAULTLIB:ucrt.lib")),
},
"VC-WIN64A-HYBRIDCRT" => {
inherit_from => [ "VC-WIN64A" ],
cflags => sub {
remove_from_flags(qr/\/MDd?\s/, add(picker(debug => "/MTd",
release => "/MT"))->(@_))
},
lflags => add(picker(debug => "/NODEFAULTLIB:libucrtd.lib /DEFAULTLIB:ucrtd.lib",
release => "/NODEFAULTLIB:libucrt.lib /DEFAULTLIB:ucrt.lib")),
},
);

137
Configurations/50-win-onecore.conf
View File

@@ -1,137 +0,0 @@
## -*- mode: perl; -*-
# Windows OneCore targets.
#
# OneCore is new API stability "contract" that transcends Desktop, IoT and
# Mobile[?] Windows editions. It's a set up "umbrella" libraries that
# export subset of Win32 API that are common to all Windows 10 devices.
#
# OneCore Configuration temporarily dedicated for console applications
# due to disabled event logging, which is incompatible with one core.
# Error messages are provided via standard error only.
# TODO: extend error handling to use ETW based eventing
# (Or rework whole error messaging)
my $UWP_info = {};
sub UWP_info {
unless (%$UWP_info) {
my $SDKver = `powershell -Command \"& {\$(Get-Item \\\"hklm:\\SOFTWARE\\WOW6432Node\\Microsoft\\Microsoft SDKs\\Windows\\\").GetValue(\\\"CurrentVersion\\\")}\"`;
$SDKver =~ s|\R$||;
my @SDKver_split = split(/\./, $SDKver);
# SDK version older than 10.0.17763 don't support our ASM builds
if ($SDKver_split[0] < 10
|| ($SDKver_split[0] == 10
&& $SDKver_split[1] == 0
&& $SDKver_split[2] < 17763)) {
$UWP_info->{disable} = [ 'asm' ];
} else {
$UWP_info->{disable} = [ ];
}
}
return $UWP_info;
}
my %targets = (
"VC-WIN32-ONECORE" => {
inherit_from => [ "VC-WIN32" ],
# /NODEFAULTLIB:kernel32.lib is needed, because MSVCRT.LIB has
# hidden reference to kernel32.lib, but we don't actually want
# it in "onecore" build.
lflags => add("/NODEFAULTLIB:kernel32.lib"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
"VC-WIN64A-ONECORE" => {
inherit_from => [ "VC-WIN64A" ],
lflags => add("/NODEFAULTLIB:kernel32.lib"),
defines => add("OPENSSL_SYS_WIN_CORE"),
ex_libs => "onecore.lib",
},
# Windows on ARM targets. ARM compilers are additional components in
# VS2017, i.e. they are not installed by default. And when installed,
# there are no "ARM Tool Command Prompt"s on Start menu, you have
# to locate vcvarsall.bat and act accordingly. VC-WIN32-ARM has
# received limited testing with evp_test.exe on Windows 10 IoT Core,
# but not VC-WIN64-ARM, no hardware... In other words they are not
# actually supported...
#
# Another thing to keep in mind [in cross-compilation scenario such
# as this one] is that target's file system has nothing to do with
# compilation system's one. This means that you're are likely to use
# --prefix and --openssldir with target-specific values. 'nmake install'
# step is effectively meaningless in cross-compilation case, though
# it might be useful to 'nmake install DESTDIR=S:\ome\where' where you
# can point Visual Studio to when compiling custom application code.
"VC-WIN32-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "BN_LLONG RC4_CHAR",
lflags => add("/NODEFAULTLIB:kernel32.lib"),
ex_libs => "onecore.lib",
multilib => "-arm",
},
"VC-WIN64-ARM" => {
inherit_from => [ "VC-noCE-common" ],
defines => add("_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE",
"OPENSSL_SYS_WIN_CORE"),
bn_ops => "SIXTY_FOUR_BIT RC4_CHAR",
lflags => add("/NODEFAULTLIB:kernel32.lib"),
ex_libs => "onecore.lib",
multilib => "-arm64",
},
# Universal Windows Platform (UWP) App Support
# TODO
#
# The 'disable' attribute should have 'uplink'.
# however, these are checked in some 'inherit_from', which is processed
# very early, before the 'disable' attributes are seen.
# This is a problem that needs to be resolved in Configure first.
#
# But if you want to build library with Windows 10 Version 1809 SDK or
# earlier, the 'disable' attribute should also have 'asm'.
"VC-WIN32-UWP" => {
inherit_from => [ "VC-WIN32-ONECORE" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
"VC-WIN64A-UWP" => {
inherit_from => [ "VC-WIN64A-ONECORE" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
"VC-WIN32-ARM-UWP" => {
inherit_from => [ "VC-WIN32-ARM" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
"VC-WIN64-ARM-UWP" => {
inherit_from => [ "VC-WIN64-ARM" ],
lflags => add("/APPCONTAINER"),
defines => add("WINAPI_FAMILY=WINAPI_FAMILY_APP",
"_WIN32_WINNT=0x0A00"),
dso_scheme => "",
disable => sub { [ 'ui-console', 'stdio', 'async', 'uplink',
@{ UWP_info()->{disable} } ] },
ex_libs => "WindowsApp.lib",
},
);

112
Configurations/90-team.conf Normal file
View File

@@ -0,0 +1,112 @@
## -*- mode: perl; -*-
## Build configuration targets for openssl-team members
%targets = (
"purify" => {
cc => "purify gcc",
cflags => "-g -Wall",
thread_scheme => "(unknown)",
ex_libs => add(" ","-lsocket -lnsl"),
},
"debug" => {
cc => "gcc",
cflags => "-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror",
thread_scheme => "(unknown)",
},
"debug-erbridge" => {
inherit_from => [ "x86_64_asm" ],
cc => "gcc",
cflags => combine("$gcc_devteam_warn -DBN_DEBUG -DCONF_DEBUG -m64 -DL_ENDIAN -DTERMIO -g",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "linux-shared",
shared_cflag => "-fPIC",
shared_ldflag => "-m64",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
multilib => "64",
},
"debug-linux-pentium" => {
inherit_from => [ "x86_elf_asm" ],
cc => "gcc",
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentium -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
},
"debug-linux-ppro" => {
inherit_from => [ "x86_elf_asm" ],
cc => "gcc",
cflags => combine("-DBN_DEBUG -DREF_DEBUG -DCONF_DEBUG -DBN_CTX_DEBUG -DL_ENDIAN -g -mcpu=pentiumpro -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
thread_scheme => "pthreads",
dso_scheme => "dlfcn",
},
"debug-linux-ia32-aes" => {
cc => "gcc",
cflags => combine("-DL_ENDIAN -O3 -fomit-frame-pointer -Wall",
threads("-D_REENTRANT")),
ex_libs => add(" ","-ldl"),
bn_ops => "BN_LLONG",
cpuid_asm_src => "x86cpuid.s",
bn_asm_src => "bn-586.s co-586.s x86-mont.s",
des_asm_src => "des-586.s crypt586.s",
aes_asm_src => "aes_x86core.s aes_cbc.s aesni-x86.s",
bf_asm_src => "bf-586.s",
md5_asm_src => "md5-586.s",
sha1_asm_src => "sha1-586.s sha256-586.s sha512-586.s",
cast_asm_src => "cast-586.s",
rc4_asm_src => "rc4-586.s",
rmd160_asm_src => "rmd-586.s",
rc5_asm_src => "rc5-586.s",
wp_asm_src => "wp_block.s wp-mmx.s",
modes_asm_src => "ghash-x86.s",
padlock_asm_src => "e_padlock-x86.s",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "linux-shared",
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"dist" => {
cc => "cc",
cflags => "-O",
thread_scheme => "(unknown)",
},
"debug-test-64-clang" => {
inherit_from => [ "x86_64_asm" ],
cc => "clang",
cflags => combine("$gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
threads("${BSDthreads}")),
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "elf",
dso_scheme => "dlfcn",
shared_target => "bsd-gcc-shared",
shared_cflag => "-fPIC",
shared_extension => ".so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
},
"darwin64-debug-test-64-clang" => {
inherit_from => [ "x86_64_asm" ],
cc => "clang",
cflags => combine("-arch x86_64 -DL_ENDIAN $gcc_devteam_warn -Wno-error=overlength-strings -Wno-error=extended-offsetof -Wno-error=language-extension-token -Wno-error=unused-const-variable -Wstrict-overflow -Qunused-arguments -DBN_DEBUG -DCONF_DEBUG -DDEBUG_SAFESTACK -DDEBUG_UNUSED -g3 -O3 -pipe",
threads("${BSDthreads}")),
sys_id => "MACOSX",
bn_ops => "SIXTY_FOUR_BIT_LONG",
thread_scheme => "pthreads",
perlasm_scheme => "macosx",
dso_scheme => "dlfcn",
shared_target => "darwin-shared",
shared_cflag => "-fPIC -fno-common",
shared_ldflag => "-arch x86_64 -dynamiclib",
shared_extension => ".\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
},
);

715
Configurations/README Normal file
View File

@@ -0,0 +1,715 @@
Intro
=====
This directory contains a few sets of files that are used for
configuration in diverse ways:
*.conf Target platform configurations, please read
'Configurations of OpenSSL target platforms' for more
information.
*.tmpl Build file templates, please read 'Build-file
programming with the "unified" build system' as well
as 'Build info files' for more information.
*.pm Helper scripts / modules for the main `Configure`
script. See 'Configure helper scripts for more
information.
Configurations of OpenSSL target platforms
==========================================
Target configurations are a collection of facts that we know about
different platforms and their capabilities. We organise them in a
hash table, where each entry represent a specific target.
In each table entry, the following keys are significant:
inherit_from => Other targets to inherit values from.
Explained further below. [1]
template => Set to 1 if this isn't really a platform
target. Instead, this target is a template
upon which other targets can be built.
Explained further below. [1]
sys_id => System identity for systems where that
is difficult to determine automatically.
cc => The C compiler command, usually one of "cc",
"gcc" or "clang". This command is normally
also used to link object files and
libraries into the final program.
cxx => The C++ compiler command, usually one of
"c++", "g++" or "clang++". This command is
also used when linking a program where at
least one of the object file is made from
C++ source.
cflags => Flags that are used at all times when
compiling C object files.
cxxflags => Flags that are used at all times when
compiling C++ object files. If unset, it
gets the same value as cflags.
defines => As an alternative, macro definitions may be
present here instead of in `cflags'. If
given here, they MUST be as an array of the
string such as "MACRO=value", or just
"MACRO" for definitions without value.
shared_cflag => Extra compilation flags used when
compiling for shared libraries, typically
something like "-fPIC".
(linking is a complex thing, see [3] below)
ld => Linker command, usually not defined
(meaning the compiler command is used
instead).
(NOTE: this is here for future use, it's
not implemented yet)
lflags => Flags that are used when linking apps.
shared_ldflag => Flags that are used when linking shared
or dynamic libraries.
plib_lflags => Extra linking flags to appear just before
the libraries on the command line.
ex_libs => Extra libraries that are needed when
linking.
ar => The library archive command, the default is
"ar".
(NOTE: this is here for future use, it's
not implemented yet)
arflags => Flags to be used with the library archive
command.
ranlib => The library archive indexing command, the
default is 'ranlib' it it exists.
unistd => An alternative header to the typical
'<unistd.h>'. This is very rarely needed.
shared_extension => File name extension used for shared
libraries.
obj_extension => File name extension used for object files.
On unix, this defaults to ".o" (NOTE: this
is here for future use, it's not
implemented yet)
exe_extension => File name extension used for executable
files. On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
thread_scheme => The type of threads is used on the
configured platform. Currently known
values are "(unknown)", "pthreads",
"uithreads" (a.k.a solaris threads) and
"winthreads". Except for "(unknown)", the
actual value is currently ignored but may
be used in the future. See further notes
below [2].
dso_scheme => The type of dynamic shared objects to build
for. This mostly comes into play with
engines, but can be used for other purposes
as well. Valid values are "DLFCN"
(dlopen() et al), "DLFCN_NO_H" (for systems
that use dlopen() et al but do not have
fcntl.h), "DL" (shl_load() et al), "WIN32"
and "VMS".
perlasm_scheme => The perlasm method used to created the
assembler files used when compiling with
assembler implementations.
shared_target => The shared library building method used.
This is a target found in Makefile.shared.
build_scheme => The scheme used to build up a Makefile.
In its simplest form, the value is a string
with the name of the build scheme.
The value may also take the form of a list
of strings, if the build_scheme is to have
some options. In this case, the first
string in the list is the name of the build
scheme.
Currently recognised build scheme is "unified".
For the "unified" build scheme, this item
*must* be an array with the first being the
word "unified" and the second being a word
to identify the platform family.
multilib => On systems that support having multiple
implementations of a library (typically a
32-bit and a 64-bit variant), this is used
to have the different variants in different
directories.
bn_ops => Building options (was just bignum options in
the earlier history of this option, hence the
name). This is a string of words that describe
algorithms' implementation parameters that
are optimal for the designated target platform,
such as the type of integers used to build up
the bignum, different ways to implement certain
ciphers and so on. To fully comprehend the
meaning, the best is to read the affected
source.
The valid words are:
THIRTY_TWO_BIT bignum limbs are 32 bits,
this is default if no
option is specified, it
works on any supported
system [unless "wider"
limb size is implied in
assembly code];
BN_LLONG bignum limbs are 32 bits,
but 64-bit 'unsigned long
long' is used internally
in calculations;
SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
and sizeof(long) is 8;
SIXTY_FOUR_BIT bignums limbs are 64 bits,
but execution environment
is ILP32;
RC4_CHAR RC4 key schedule is made
up of 'unsigned char's;
RC4_INT RC4 key schedule is made
up of 'unsigned int's;
EXPORT_VAR_AS_FN for shared libraries,
export vars as
accessor functions.
apps_extra_src => Extra source to build apps/openssl, as
needed by the target.
cpuid_asm_src => assembler implementation of cpuid code as
well as OPENSSL_cleanse().
Default to mem_clr.c
bn_asm_src => Assembler implementation of core bignum
functions.
Defaults to bn_asm.c
ec_asm_src => Assembler implementation of core EC
functions.
des_asm_src => Assembler implementation of core DES
encryption functions.
Defaults to 'des_enc.c fcrypt_b.c'
aes_asm_src => Assembler implementation of core AES
functions.
Defaults to 'aes_core.c aes_cbc.c'
bf_asm_src => Assembler implementation of core BlowFish
functions.
Defaults to 'bf_enc.c'
md5_asm_src => Assembler implementation of core MD5
functions.
sha1_asm_src => Assembler implementation of core SHA1,
functions, and also possibly SHA256 and
SHA512 ones.
cast_asm_src => Assembler implementation of core CAST
functions.
Defaults to 'c_enc.c'
rc4_asm_src => Assembler implementation of core RC4
functions.
Defaults to 'rc4_enc.c rc4_skey.c'
rmd160_asm_src => Assembler implementation of core RMD160
functions.
rc5_asm_src => Assembler implementation of core RC5
functions.
Defaults to 'rc5_enc.c'
wp_asm_src => Assembler implementation of core WHIRLPOOL
functions.
cmll_asm_src => Assembler implementation of core CAMELLIA
functions.
Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
modes_asm_src => Assembler implementation of cipher modes,
currently the functions gcm_gmult_4bit and
gcm_ghash_4bit.
padlock_asm_src => Assembler implementation of core parts of
the padlock engine. This is mandatory on
any platform where the padlock engine might
actually be built.
[1] as part of the target configuration, one can have a key called
'inherit_from' that indicate what other configurations to inherit
data from. These are resolved recursively.
Inheritance works as a set of default values that can be overridden
by corresponding key values in the inheriting configuration.
Note 1: any configuration table can be used as a template.
Note 2: pure templates have the attribute 'template => 1' and
cannot be used as build targets.
If several configurations are given in the 'inherit_from' array,
the values of same attribute are concatenated with space
separation. With this, it's possible to have several smaller
templates for different configuration aspects that can be combined
into a complete configuration.
instead of a scalar value or an array, a value can be a code block
of the form 'sub { /* your code here */ }'. This code block will
be called with the list of inherited values for that key as
arguments. In fact, the concatenation of strings is really done
by using 'sub { join(" ",@_) }' on the list of inherited values.
An example:
"foo" => {
template => 1,
haha => "ha ha",
hoho => "ho",
ignored => "This should not appear in the end result",
},
"bar" => {
template => 1,
haha => "ah",
hoho => "haho",
hehe => "hehe"
},
"laughter" => {
inherit_from => [ "foo", "bar" ],
hehe => sub { join(" ",(@_,"!!!")) },
ignored => "",
}
The entry for "laughter" will become as follows after processing:
"laughter" => {
haha => "ha ha ah",
hoho => "ho haho",
hehe => "hehe !!!",
ignored => ""
}
[2] OpenSSL is built with threading capabilities unless the user
specifies 'no-threads'. The value of the key 'thread_scheme' may
be "(unknown)", in which case the user MUST give some compilation
flags to Configure.
[3] OpenSSL has three types of things to link from object files or
static libraries:
- shared libraries; that would be libcrypto and libssl.
- shared objects (sometimes called dynamic libraries); that would
be the engines.
- applications; those are apps/openssl and all the test apps.
Very roughly speaking, linking is done like this (words in braces
represent the configuration settings documented at the beginning
of this file):
shared libraries:
{ld} $(CFLAGS) {shared_ldflag} -shared -o libfoo.so \
-Wl,--whole-archive libfoo.a -Wl,--no-whole-archive \
{plib_lflags} -lcrypto {ex_libs}
shared objects:
{ld} $(CFLAGS) {shared_ldflag} -shared -o libeng.so \
blah1.o blah2.o {plib_lflags} -lcrypto {ex_libs}
applications:
{ld} $(CFLAGS) {lflags} -o app \
app1.o utils.o {plib_lflags} -lssl -lcrypto {ex_libs}
Historically, the target configurations came in form of a string with
values separated by colons. This use is deprecated. The string form
looked like this:
"target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
Build info files
================
The build.info files that are spread over the source tree contain the
minimum information needed to build and distribute OpenSSL. It uses a
simple and yet fairly powerful language to determine what needs to be
built, from what sources, and other relationships between files.
For every build.info file, all file references are relative to the
directory of the build.info file for source files, and the
corresponding build directory for built files if the build tree
differs from the source tree.
When processed, every line is processed with the perl module
Text::Template, using the delimiters "{-" and "-}". The hashes
%config and %target are passed to the perl fragments, along with
$sourcedir and $builddir, which are the locations of the source
directory for the current build.info file and the corresponding build
directory, all relative to the top of the build tree.
To begin with, things to be built are declared by setting specific
variables:
PROGRAMS=foo bar
LIBS=libsomething
ENGINES=libeng
SCRIPTS=myhack
EXTRA=file1 file2
Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
without extensions. The build file templates will figure them out.
For each thing to be built, it is then possible to say what sources
they are built from:
PROGRAMS=foo bar
SOURCE[foo]=foo.c common.c
SOURCE[bar]=bar.c extra.c common.c
It's also possible to tell some other dependencies:
DEPEND[foo]=libsomething
DEPEND[libbar]=libsomethingelse
(it could be argued that 'libsomething' and 'libsomethingelse' are
source as well. However, the files given through SOURCE are expected
to be located in the source tree while files given through DEPEND are
expected to be located in the build tree)
It's also possible to depend on static libraries explicitely:
DEPEND[foo]=libsomething.a
DEPEND[libbar]=libsomethingelse.a
This should be rarely used, and care should be taken to make sure it's
only used when supported. For example, native Windows build doesn't
support build static libraries and DLLs at the same time, so using
static libraries on Windows can only be done when configured
'no-shared'.
For some libraries, we maintain files with public symbols and their
slot in a transfer vector (important on some platforms). It can be
declared like this:
ORDINALS[libcrypto]=crypto
The value is not the name of the file in question, but rather the
argument to util/mkdef.pl that indicates which file to use.
One some platforms, shared libraries come with a name that's different
from their static counterpart. That's declared as follows:
SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}
The example is from Cygwin, which has a required naming convention.
Sometimes, it makes sense to rename an output file, for example a
library:
RENAME[libfoo]=libbar
That lines has "libfoo" get renamed to "libbar". While it makes no
sense at all to just have a rename like that (why not just use
"libbar" everywhere?), it does make sense when it can be used
conditionally. See a little further below for an example.
In some cases, it's desirable to include some source files in the
shared form of a library only:
SHARED_SOURCE[libfoo]=dllmain.c
For any file to be built, it's also possible to tell what extra
include paths the build of their source files should use:
INCLUDE[foo]=include
In some cases, one might want to generate some source files from
others, that's done as follows:
GENERATE[foo.s]=asm/something.pl $(CFLAGS)
GENERATE[bar.s]=asm/bar.S
The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except the the first
item muct be the generator file. It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.
Sometimes, the generator file itself depends on other files, for
example if it is a perl script that depends on other perl modules.
This can be expressed using DEPEND like this:
DEPEND[asm/something.pl]=../perlasm/Foo.pm
There may also be cases where the exact file isn't easily specified,
but an inclusion directory still needs to be specified. INCLUDE can
be used in that case:
INCLUDE[asm/something.pl]=../perlasm
NOTE: GENERATE lines are limited to one command only per GENERATE.
As a last resort, it's possible to have raw build file lines, between
BEGINRAW and ENDRAW lines as follows:
BEGINRAW[Makefile(unix)]
haha.h: {- $builddir -}/Makefile
echo "/* haha */" > haha.h
ENDRAW[Makefile(unix)]
The word within square brackets is the build_file configuration item
or the build_file configuration item followed by the second word in the
build_scheme configuration item for the configured target within
parenthesis as shown above. For example, with the following relevant
configuration items:
build_file => "build.ninja"
build_scheme => [ "unified", "unix" ]
... these lines will be considered:
BEGINRAW[build.ninja]
build haha.h: echo "/* haha */" > haha.h
ENDRAW[build.ninja]
BEGINRAW[build.ninja(unix)]
build hoho.h: echo "/* hoho */" > hoho.h
ENDRAW[build.ninja(unix)]
Should it be needed because the recipes within a RAW section might
clash with those generated by Configure, it's possible to tell it
not to generate them with the use of OVERRIDES, for example:
SOURCE[libfoo]=foo.c bar.c
OVERRIDES=bar.o
BEGINRAW[Makefile(unix)]
bar.o: bar.c
$(CC) $(CFLAGS) -DSPECIAL -c -o $@ $<
ENDRAW[Makefile(unix)]
See the documentation further up for more information on configuration
items.
Finally, you can have some simple conditional use of the build.info
information, looking like this:
IF[1]
something
ELSIF[2]
something other
ELSE
something else
ENDIF
The expression in square brackets is interpreted as a string in perl,
and will be seen as true if perl thinks it is, otherwise false. For
example, the above would have "something" used, since 1 is true.
Together with the use of Text::Template, this can be used as
conditions based on something in the passed variables, for example:
IF[{- $disabled{shared} -}]
LIBS=libcrypto
SOURCE[libcrypto]=...
ELSE
LIBS=libfoo
SOURCE[libfoo]=...
ENDIF
or:
# VMS has a cultural standard where all libraries are prefixed.
# For OpenSSL, the choice is 'ossl_'
IF[{- $config{target} =~ /^vms/ -}]
RENAME[libcrypto]=ossl_libcrypto
RENAME[libssl]=ossl_libssl
ENDIF
Build-file programming with the "unified" build system
======================================================
"Build files" are called "Makefile" on Unix-like operating systems,
"descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.
To use the "unified" build system, the target configuration needs to
set the three items 'build_scheme', 'build_file' and 'build_command'.
In the rest of this section, we will assume that 'build_scheme' is set
to "unified" (see the configurations documentation above for the
details).
For any name given by 'build_file', the "unified" system expects a
template file in Configurations/ named like the build file, with
".tmpl" appended, or in case of possible ambiguity, a combination of
the second 'build_scheme' list item and the 'build_file' name. For
example, if 'build_file' is set to "Makefile", the template could be
Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
In case both Configurations/unix-Makefile.tmpl and
Configurations/Makefile.tmpl are present, the former takes
precedence.
The build-file template is processed with the perl module
Text::Template, using "{-" and "-}" as delimiters that enclose the
perl code fragments that generate configuration-dependent content.
Those perl fragments have access to all the hash variables from
configdata.pem.
The build-file template is expected to define at least the following
perl functions in a perl code fragment enclosed with "{-" and "-}".
They are all expected to return a string with the lines they produce.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
generator => [ "generatingfile", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file *without*
extension, src2obj() is expected to add that.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files (also *without*
extension) to build this library.
libobj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding static library file
or object files.
called like this:
libobj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ],
ordinals => [ "word", "/PATH/TO/ordfile" ]);
'lib' has the intended library file name *without*
extension, libobj2shlib is expected to add that.
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files (also *without* extension) to build
this library. 'ordinals' MAY be present, and when
it is, its value is an array where the word is
"crypto" or "ssl" and the file is one of the ordinal
files util/libeay.num or util/ssleay.num in the
source directory.
This function has a choice; it can use the
corresponding static library as input to make the
shared library, or the list of object files.
obj2dso - function that produces build file lines to build a
dynamic shared object file from object files.
called like this:
obj2dso(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as libobj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...). The differences
are subtle, one of the most visible ones is that the
resulting shareable library is produced from object
files only.
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files (also
*without* extension) to build this library. 'deps'
has the list of library files (also *without*
extension) that the programs needs to be linked
with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
In all cases, file file paths are relative to the build tree top, and
the build file actions run with the build tree top as current working
directory.
Make sure to end the section with these functions with a string that
you thing is appropriate for the resulting build file. If nothing
else, end it like this:
""; # Make sure no lingering values end up in the Makefile
-}
Configure helper scripts
========================
Configure uses helper scripts in this directory:
Checker scripts
---------------
These scripts are per platform family, to check the integrity of the
tools used for configuration and building. The checker script used is
either {build_platform}-{build_file}-checker.pm or
{build_platform}-checker.pm, where {build_platform} is the second
'build_scheme' list element from the configuration target data, and
{build_file} is 'build_file' from the same target data.
If the check succeeds, the script is expected to end with a non-zero
expression. If the check fails, the script can end with a zero, or
with a `die`.

604
Configurations/README-design.md
View File

@@ -1,604 +0,0 @@
Design document for the unified scheme data
===========================================
How are things connected?
-------------------------
The unified scheme takes all its data from the `build.info` files seen
throughout the source tree. These files hold the minimum information
needed to build end product files from diverse sources. See the
section on `build.info` files below.
From the information in `build.info` files, `Configure` builds up an
information database as a hash table called `%unified_info`, which is
stored in configdata.pm, found at the top of the build tree (which may
or may not be the same as the source tree).
[`Configurations/common.tmpl`](common.tmpl) uses the data from `%unified_info` to
generate the rules for building end product files as well as
intermediary files with the help of a few functions found in the
build-file templates. See the section on build-file templates further
down for more information.
build.info files
----------------
As mentioned earlier, `build.info` files are meant to hold the minimum
information needed to build output files, and therefore only (with a
few possible exceptions [1]) have information about end products (such
as scripts, library files and programs) and source files (such as C
files, C header files, assembler files, etc). Intermediate files such
as object files are rarely directly referred to in `build.info` files (and
when they are, it's always with the file name extension `.o`), they are
inferred by `Configure`. By the same rule of minimalism, end product
file name extensions (such as `.so`, `.a`, `.exe`, etc) are never mentioned
in `build.info`. Their file name extensions will be inferred by the
build-file templates, adapted for the platform they are meant for (see
sections on `%unified_info` and build-file templates further down).
The variables `PROGRAMS`, `LIBS`, `MODULES` and `SCRIPTS` are used to declare
end products. There are variants for them with `_NO_INST` as suffix
(`PROGRAM_NO_INST` etc) to specify end products that shouldn't get installed.
The variables `SOURCE`, `DEPEND`, `INCLUDE` and `DEFINE` are indexed by a
produced file, and their values are the source used to produce that
particular produced file, extra dependencies, include directories
needed, or C macros to be defined.
All their values in all the `build.info` throughout the source tree are
collected together and form a set of programs, libraries, modules and
scripts to be produced, source files, dependencies, etc etc etc.
Let's have a pretend example, a very limited contraption of OpenSSL,
composed of the program `apps/openssl`, the libraries `libssl` and
`libcrypto`, an module `engines/ossltest` and their sources and
dependencies.
# build.info
LIBS=libcrypto libssl
INCLUDE[libcrypto]=include
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
This is the top directory `build.info` file, and it tells us that two
libraries are to be built, the include directory `include/` shall be
used throughout when building anything that will end up in each
library, and that the library `libssl` depend on the library
`libcrypto` to function properly.
# apps/build.info
PROGRAMS=openssl
SOURCE[openssl]=openssl.c
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=../libssl
This is the `build.info` file in `apps/`, one may notice that all file
paths mentioned are relative to the directory the `build.info` file is
located in. This one tells us that there's a program to be built
called `apps/openss` (the file name extension will depend on the
platform and is therefore not mentioned in the `build.info` file). It's
built from one source file, `apps/openssl.c`, and building it requires
the use of `.` and `include/` include directories (both are declared
from the point of view of the `apps/` directory), and that the program
depends on the library `libssl` to function properly.
# crypto/build.info
LIBS=../libcrypto
SOURCE[../libcrypto]=aes.c evp.c cversion.c
DEPEND[cversion.o]=buildinf.h
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[buildinf.h]=../Makefile
DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
This is the `build.info` file in `crypto/`, and it tells us a little more
about what's needed to produce `libcrypto`. LIBS is used again to
declare that `libcrypto` is to be produced. This declaration is
really unnecessary as it's already mentioned in the top `build.info`
file, but can make the info file easier to understand. This is to
show that duplicate information isn't an issue.
This `build.info` file informs us that `libcrypto` is built from a few
source files, `crypto/aes.c`, `crypto/evp.c` and `crypto/cversion.c`.
It also shows us that building the object file inferred from
`crypto/cversion.c` depends on `crypto/buildinf.h`. Finally, it
also shows the possibility to declare how some files are generated
using some script, in this case a perl script, and how such scripts
can be declared to depend on other files, in this case a perl module.
Two things are worth an extra note:
`DEPEND[cversion.o]` mentions an object file. DEPEND indexes is the
only location where it's valid to mention them
# ssl/build.info
LIBS=../libssl
SOURCE[../libssl]=tls.c
This is the build.info file in `ssl/`, and it tells us that the
library `libssl` is built from the source file `ssl/tls.c`.
# engines/build.info
MODULES=dasync
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
INCLUDE[dasync]=../include
MODULES_NO_INST=ossltest
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto.a
INCLUDE[ossltest]=../include
This is the `build.info` file in `engines/`, telling us that two modules
called `engines/dasync` and `engines/ossltest` shall be built, that
`dasync`'s source is `engines/e_dasync.c` and `ossltest`'s source is
`engines/e_ossltest.c` and that the include directory `include/` may
be used when building anything that will be part of these modules.
Also, both modules depend on the library `libcrypto` to function
properly. `ossltest` is explicitly linked with the static variant of
the library `libcrypto`. Finally, only `dasync` is being installed, as
`ossltest` is only for internal testing.
When `Configure` digests these `build.info` files, the accumulated
information comes down to this:
LIBS=libcrypto libssl
SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
DEPEND[crypto/cversion.o]=crypto/buildinf.h
INCLUDE[libcrypto]=include
SOURCE[libssl]=ssl/tls.c
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
PROGRAMS=apps/openssl
SOURCE[apps/openssl]=apps/openssl.c
INCLUDE[apps/openssl]=. include
DEPEND[apps/openssl]=libssl
MODULES=engines/dasync
SOURCE[engines/dasync]=engines/e_dasync.c
DEPEND[engines/dasync]=libcrypto
INCLUDE[engines/dasync]=include
MODULES_NO_INST=engines/ossltest
SOURCE[engines/ossltest]=engines/e_ossltest.c
DEPEND[engines/ossltest]=libcrypto.a
INCLUDE[engines/ossltest]=include
GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[crypto/buildinf.h]=Makefile
DEPEND[util/mkbuildinf.pl]=util/Foo.pm
A few notes worth mentioning:
`LIBS` may be used to declare routine libraries only.
`PROGRAMS` may be used to declare programs only.
`MODULES` may be used to declare modules only.
The indexes for `SOURCE` must only be end product files, such as
libraries, programs or modules. The values of `SOURCE` variables must
only be source files (possibly generated).
`INCLUDE` and `DEPEND` shows a relationship between different files
(usually produced files) or between files and directories, such as a
program depending on a library, or between an object file and some
extra source file.
When `Configure` processes the `build.info` files, it will take it as
truth without question, and will therefore perform very few checks.
If the build tree is separate from the source tree, it will assume
that all built files and up in the build directory and that all source
files are to be found in the source tree, if they can be found there.
`Configure` will assume that source files that can't be found in the
source tree (such as `crypto/bildinf.h` in the example above) are
generated and will be found in the build tree.
The `%unified_info` database
----------------------------
The information in all the `build.info` get digested by `Configure` and
collected into the `%unified_info` database, divided into the following
indexes:
depends => a hash table containing 'file' => [ 'dependency' ... ]
pairs. These are directly inferred from the DEPEND
variables in build.info files.
modules => a list of modules. These are directly inferred from
the MODULES variable in build.info files.
generate => a hash table containing 'file' => [ 'generator' ... ]
pairs. These are directly inferred from the GENERATE
variables in build.info files.
includes => a hash table containing 'file' => [ 'include' ... ]
pairs. These are directly inferred from the INCLUDE
variables in build.info files.
install => a hash table containing 'type' => [ 'file' ... ] pairs.
The types are 'programs', 'libraries', 'modules' and
'scripts', and the array of files list the files of
that type that should be installed.
libraries => a list of libraries. These are directly inferred from
the LIBS variable in build.info files.
programs => a list of programs. These are directly inferred from
the PROGRAMS variable in build.info files.
scripts => a list of scripts. There are directly inferred from
the SCRIPTS variable in build.info files.
sources => a hash table containing 'file' => [ 'sourcefile' ... ]
pairs. These are indirectly inferred from the SOURCE
variables in build.info files. Object files are
mentioned in this hash table, with source files from
SOURCE variables, and AS source files for programs and
libraries.
shared_sources =>
a hash table just like 'sources', but only as source
files (object files) for building shared libraries.
As an example, here is how the `build.info` files example from the
section above would be digested into a `%unified_info` table:
our %unified_info = (
"depends" =>
{
"apps/openssl" =>
[
"libssl",
],
"crypto/buildinf.h" =>
[
"Makefile",
],
"crypto/cversion.o" =>
[
"crypto/buildinf.h",
],
"engines/dasync" =>
[
"libcrypto",
],
"engines/ossltest" =>
[
"libcrypto.a",
],
"libssl" =>
[
"libcrypto",
],
"util/mkbuildinf.pl" =>
[
"util/Foo.pm",
],
},
"modules" =>
[
"engines/dasync",
"engines/ossltest",
],
"generate" =>
{
"crypto/buildinf.h" =>
[
"util/mkbuildinf.pl",
"\"\$(CC)",
"\$(CFLAGS)\"",
"\"$(PLATFORM)\"",
],
},
"includes" =>
{
"apps/openssl" =>
[
".",
"include",
],
"engines/ossltest" =>
[
"include"
],
"libcrypto" =>
[
"include",
],
"libssl" =>
[
"include",
],
"util/mkbuildinf.pl" =>
[
"util",
],
}
"install" =>
{
"modules" =>
[
"engines/dasync",
],
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
},
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
"sources" =>
{
"apps/openssl" =>
[
"apps/openssl.o",
],
"apps/openssl.o" =>
[
"apps/openssl.c",
],
"crypto/aes.o" =>
[
"crypto/aes.c",
],
"crypto/cversion.o" =>
[
"crypto/cversion.c",
],
"crypto/evp.o" =>
[
"crypto/evp.c",
],
"engines/e_dasync.o" =>
[
"engines/e_dasync.c",
],
"engines/dasync" =>
[
"engines/e_dasync.o",
],
"engines/e_ossltest.o" =>
[
"engines/e_ossltest.c",
],
"engines/ossltest" =>
[
"engines/e_ossltest.o",
],
"libcrypto" =>
[
"crypto/aes.c",
"crypto/cversion.c",
"crypto/evp.c",
],
"libssl" =>
[
"ssl/tls.c",
],
"ssl/tls.o" =>
[
"ssl/tls.c",
],
},
);
As can be seen, everything in `%unified_info` is fairly simple suggest
of information. Still, it tells us that to build all programs, we
must build `apps/openssl`, and to build the latter, we will need to
build all its sources (`apps/openssl.o` in this case) and all the
other things it depends on (such as `libssl`). All those dependencies
need to be built as well, using the same logic, so to build `libssl`,
we need to build `ssl/tls.o` as well as `libcrypto`, and to build the
latter...
Build-file templates
--------------------
Build-file templates are essentially build-files (such as `Makefile` on
Unix) with perl code fragments mixed in. Those perl code fragment
will generate all the configuration dependent data, including all the
rules needed to build end product files and intermediary files alike.
At a minimum, there must be a perl code fragment that defines a set of
functions that are used to generates specific build-file rules, to
build static libraries from object files, to build shared libraries
from static libraries, to programs from object files and libraries,
etc.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file with `.o`
extension, src2obj() is expected to change it to
something more suitable for the platform.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files to build this library.
libobj2shlib - backward compatibility function that's used the
same way as obj2shlib (described next), and was
expected to build the shared library from the
corresponding static library when that was suitable.
NOTE: building a shared library from a static
library is now DEPRECATED, as they no longer share
object files. Attempting to do this will fail.
obj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding object files.
called like this:
obj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the base (static) library file name
*without* extension. This is useful in case
supporting files are needed (such as import
libraries on Windows).
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files to build this library.
obj2dso - function that produces build file lines to build a
dynamic shared object file from object files.
called like this:
obj2dso(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as obj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...).
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files to build
this library. 'deps' has the list of library files
(also *without* extension) that the programs needs
to be linked with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
Along with the build-file templates is the driving template
[`Configurations/common.tmpl`](common.tmpl), which looks through all the
information in `%unified_info` and generates all the rulesets to build libraries,
programs and all intermediate files, using the rule generating
functions defined in the build-file template.
As an example with the smaller `build.info` set we've seen as an
example, producing the rules to build `libcrypto` would result in the
following calls:
# Note: obj2shlib will only be called if shared libraries are
# to be produced.
# Note 2: obj2shlib must convert the '.o' extension to whatever
# is suitable on the local platform.
obj2shlib(shlib => "libcrypto",
objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ],
deps => [ ]);
obj2lib(lib => "libcrypto"
objs => [ "crypto/aes.o", "crypto/evp.o", "crypto/cversion.o" ]);
src2obj(obj => "crypto/aes.o"
srcs => [ "crypto/aes.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/evp.o"
srcs => [ "crypto/evp.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/cversion.o"
srcs => [ "crypto/cversion.c" ],
deps => [ "crypto/buildinf.h" ],
incs => [ "include" ],
intent => "lib");
generatesrc(src => "crypto/buildinf.h",
generator => [ "util/mkbuildinf.pl", "\"$(CC)",
"$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
generator_incs => [ "util" ],
generator_deps => [ "util/Foo.pm" ],
incs => [ ],
deps => [ ],
intent => "lib");
The returned strings from all those calls are then concatenated
together and written to the resulting build-file.

654
Configurations/README.design Normal file
View File

@@ -0,0 +1,654 @@
Design document for the unified scheme data
===========================================
How are things connected?
-------------------------
The unified scheme takes all its data from the build.info files seen
throughout the source tree. These files hold the minimum information
needed to build end product files from diverse sources. See the
section on build.info files below.
From the information in build.info files, Configure builds up an
information database as a hash table called %unified_info, which is
stored in configdata.pm, found at the top of the build tree (which may
or may not be the same as the source tree).
Configurations/common.tmpl uses the data from %unified_info to
generate the rules for building end product files as well as
intermediary files with the help of a few functions found in the
build-file templates. See the section on build-file templates further
down for more information.
build.info files
----------------
As mentioned earlier, build.info files are meant to hold the minimum
information needed to build output files, and therefore only (with a
few possible exceptions [1]) have information about end products (such
as scripts, library files and programs) and source files (such as C
files, C header files, assembler files, etc). Intermediate files such
as object files are rarely directly referred to in build.info files (and
when they are, it's always with the file name extension .o), they are
inferred by Configure. By the same rule of minimalism, end product
file name extensions (such as .so, .a, .exe, etc) are never mentioned
in build.info. Their file name extensions will be inferred by the
build-file templates, adapted for the platform they are meant for (see
sections on %unified_info and build-file templates further down).
The variables PROGRAMS, LIBS, ENGINES and SCRIPTS are used to declare
end products. There are variants for them with '_NO_INST' as suffix
(PROGRAM_NO_INST etc) to specify end products that shouldn't get
installed.
The variables SOURCE, DEPEND, INCLUDE and ORDINALS are indexed by a
produced file, and their values are the source used to produce that
particular produced file, extra dependencies, include directories
needed, and ordinal files (explained further below.
All their values in all the build.info throughout the source tree are
collected together and form a set of programs, libraries, engines and
scripts to be produced, source files, dependencies, etc etc etc.
Let's have a pretend example, a very limited contraption of OpenSSL,
composed of the program 'apps/openssl', the libraries 'libssl' and
'libcrypto', an engine 'engines/ossltest' and their sources and
dependencies.
# build.info
LIBS=libcrypto libssl
ORDINALS[libcrypto]=crypto
ORDINALS[libssl]=ssl
INCLUDE[libcrypto]=include
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
This is the top directory build.info file, and it tells us that two
libraries are to be built, there are some ordinals to be used to
declare what symbols in those libraries are seen as public, the
include directory 'include/' shall be used throughout when building
anything that will end up in each library, and that the library
'libssl' depend on the library 'libcrypto' to function properly.
# apps/build.info
PROGRAMS=openssl
SOURCE[openssl]=openssl.c
INCLUDE[openssl]=.. ../include
DEPEND[openssl]=../libssl
This is the build.info file in 'apps/', one may notice that all file
paths mentioned are relative to the directory the build.info file is
located in. This one tells us that there's a program to be built
called 'apps/openssl' (the file name extension will depend on the
platform and is therefore not mentioned in the build.info file). It's
built from one source file, 'apps/openssl.c', and building it requires
the use of '.' and 'include' include directories (both are declared
from the point of view of the 'apps/' directory), and that the program
depends on the library 'libssl' to function properly.
# crypto/build.info
LIBS=../libcrypto
SOURCE[../libcrypto]=aes.c evp.c cversion.c
DEPEND[cversion.o]=buildinf.h
GENERATE[buildinf.h]=../util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[buildinf.h]=../Makefile
DEPEND[../util/mkbuildinf.pl]=../util/Foo.pm
This is the build.info file in 'crypto', and it tells us a little more
about what's needed to produce 'libcrypto'. LIBS is used again to
declare that 'libcrypto' is to be produced. This declaration is
really unnecessary as it's already mentioned in the top build.info
file, but can make the info file easier to understand. This is to
show that duplicate information isn't an issue.
This build.info file informs us that 'libcrypto' is built from a few
source files, 'crypto/aes.c', 'crypto/evp.c' and 'crypto/cversion.c'.
It also shows us that building the object file inferred from
'crypto/cversion.c' depends on 'crypto/buildinf.h'. Finally, it
also shows the possibility to declare how some files are generated
using some script, in this case a perl script, and how such scripts
can be declared to depend on other files, in this case a perl module.
Two things are worth an extra note:
'DEPEND[cversion.o]' mentions an object file. DEPEND indexes is the
only location where it's valid to mention them
Lines in 'BEGINRAW'..'ENDRAW' sections must always mention files as
seen from the top directory, no exception.
# ssl/build.info
LIBS=../libssl
SOURCE[../libssl]=tls.c
This is the build.info file in 'ssl/', and it tells us that the
library 'libssl' is built from the source file 'ssl/tls.c'.
# engines/build.info
ENGINES=dasync
SOURCE[dasync]=e_dasync.c
DEPEND[dasync]=../libcrypto
INCLUDE[dasync]=../include
ENGINES_NO_INST=ossltest
SOURCE[ossltest]=e_ossltest.c
DEPEND[ossltest]=../libcrypto.a
INCLUDE[ossltest]=../include
This is the build.info file in 'engines/', telling us that two engines
called 'engines/dasync' and 'engines/ossltest' shall be built, that
dasync's source is 'engines/e_dasync.c' and ossltest's source is
'engines/e_ossltest.c' and that the include directory 'include/' may
be used when building anything that will be part of these engines.
Also, both engines depend on the library 'libcrypto' to function
properly. ossltest is explicitly linked with the static variant of
the library 'libcrypto'. Finally, only dasync is being installed, as
ossltest is only for internal testing.
When Configure digests these build.info files, the accumulated
information comes down to this:
LIBS=libcrypto libssl
ORDINALS[libcrypto]=crypto
SOURCE[libcrypto]=crypto/aes.c crypto/evp.c crypto/cversion.c
DEPEND[crypto/cversion.o]=crypto/buildinf.h
INCLUDE[libcrypto]=include
ORDINALS[libssl]=ssl
SOURCE[libssl]=ssl/tls.c
INCLUDE[libssl]=include
DEPEND[libssl]=libcrypto
PROGRAMS=apps/openssl
SOURCE[apps/openssl]=apps/openssl.c
INCLUDE[apps/openssl]=. include
DEPEND[apps/openssl]=libssl
ENGINES=engines/dasync
SOURCE[engines/dasync]=engines/e_dasync.c
DEPEND[engines/dasync]=libcrypto
INCLUDE[engines/dasync]=include
ENGINES_NO_INST=engines/ossltest
SOURCE[engines/ossltest]=engines/e_ossltest.c
DEPEND[engines/ossltest]=libcrypto.a
INCLUDE[engines/ossltest]=include
GENERATE[crypto/buildinf.h]=util/mkbuildinf.pl "$(CC) $(CFLAGS)" "$(PLATFORM)"
DEPEND[crypto/buildinf.h]=Makefile
DEPEND[util/mkbuildinf.pl]=util/Foo.pm
A few notes worth mentioning:
LIBS may be used to declare routine libraries only.
PROGRAMS may be used to declare programs only.
ENGINES may be used to declare engines only.
The indexes for SOURCE and ORDINALS must only be end product files,
such as libraries, programs or engines. The values of SOURCE
variables must only be source files (possibly generated)
INCLUDE and DEPEND shows a relationship between different files
(usually produced files) or between files and directories, such as a
program depending on a library, or between an object file and some
extra source file.
When Configure processes the build.info files, it will take it as
truth without question, and will therefore perform very few checks.
If the build tree is separate from the source tree, it will assume
that all built files and up in the build directory and that all source
files are to be found in the source tree, if they can be found there.
Configure will assume that source files that can't be found in the
source tree (such as 'crypto/bildinf.h' in the example above) are
generated and will be found in the build tree.
The %unified_info database
--------------------------
The information in all the build.info get digested by Configure and
collected into the %unified_info database, divided into the following
indexes:
depends => a hash table containing 'file' => [ 'dependency' ... ]
pairs. These are directly inferred from the DEPEND
variables in build.info files.
engines => a list of engines. These are directly inferred from
the ENGINES variable in build.info files.
generate => a hash table containing 'file' => [ 'generator' ... ]
pairs. These are directly inferred from the GENERATE
variables in build.info files.
includes => a hash table containing 'file' => [ 'include' ... ]
pairs. These are directly inferred from the INCLUDE
variables in build.info files.
install => a hash table containing 'type' => [ 'file' ... ] pairs.
The types are 'programs', 'libraries', 'engines' and
'scripts', and the array of files list the files of
that type that should be installed.
libraries => a list of libraries. These are directly inferred from
the LIBS variable in build.info files.
ordinals => a hash table containing 'file' => [ 'word', 'ordfile' ]
pairs. 'file' and 'word' are directly inferred from
the ORDINALS variables in build.info files, while the
file 'ofile' comes from internal knowledge in
Configure.
programs => a list of programs. These are directly inferred from
the PROGRAMS variable in build.info files.
rawlines => a list of build-file lines. These are a direct copy of
the BEGINRAW..ENDRAW lines in build.info files. Note:
only the BEGINRAW..ENDRAW section for the current
platform are copied, the rest are ignored.
scripts => a list of scripts. There are directly inferred from
the SCRIPTS variable in build.info files.
sources => a hash table containing 'file' => [ 'sourcefile' ... ]
pairs. These are indirectly inferred from the SOURCE
variables in build.info files. Object files are
mentioned in this hash table, with source files from
SOURCE variables, and AS source files for programs and
libraries.
shared_sources =>
a hash table just like 'sources', but only as source
files (object files) for building shared libraries.
As an example, here is how the build.info files example from the
section above would be digested into a %unified_info table:
our %unified_info = (
"depends" =>
{
"apps/openssl" =>
[
"libssl",
],
"crypto/buildinf.h" =>
[
"Makefile",
],
"crypto/cversion.o" =>
[
"crypto/buildinf.h",
],
"engines/dasync" =>
[
"libcrypto",
],
"engines/ossltest" =>
[
"libcrypto.a",
],
"libssl" =>
[
"libcrypto",
],
"util/mkbuildinf.pl" =>
[
"util/Foo.pm",
],
},
"engines" =>
[
"engines/dasync",
"engines/ossltest",
],
"generate" =>
{
"crypto/buildinf.h" =>
[
"util/mkbuildinf.pl",
"\"\$(CC)",
"\$(CFLAGS)\"",
"\"$(PLATFORM)\"",
],
},
"includes" =>
{
"apps/openssl" =>
[
".",
"include",
],
"engines/ossltest" =>
[
"include"
],
"libcrypto" =>
[
"include",
],
"libssl" =>
[
"include",
],
"util/mkbuildinf.pl" =>
[
"util",
],
}
"install" =>
{
"engines" =>
[
"engines/dasync",
],
"libraries" =>
[
"libcrypto",
"libssl",
],
"programs" =>
[
"apps/openssl",
],
},
"libraries" =>
[
"libcrypto",
"libssl",
],
"ordinals" =>
{
"libcrypto" =>
[
"crypto",
"util/libcrypto.num",
],
"libssl" =>
[
"ssl",
"util/libssl.num",
],
},
"programs" =>
[
"apps/openssl",
],
"rawlines" =>
[
],
"sources" =>
{
"apps/openssl" =>
[
"apps/openssl.o",
],
"apps/openssl.o" =>
[
"apps/openssl.c",
],
"crypto/aes.o" =>
[
"crypto/aes.c",
],
"crypto/cversion.o" =>
[
"crypto/cversion.c",
],
"crypto/evp.o" =>
[
"crypto/evp.c",
],
"engines/e_dasync.o" =>
[
"engines/e_dasync.c",
],
"engines/dasync" =>
[
"engines/e_dasync.o",
],
"engines/e_ossltest.o" =>
[
"engines/e_ossltest.c",
],
"engines/ossltest" =>
[
"engines/e_ossltest.o",
],
"libcrypto" =>
[
"crypto/aes.c",
"crypto/cversion.c",
"crypto/evp.c",
],
"libssl" =>
[
"ssl/tls.c",
],
"ssl/tls.o" =>
[
"ssl/tls.c",
],
},
);
As can be seen, everything in %unified_info is fairly simple suggest
of information. Still, it tells us that to build all programs, we
must build 'apps/openssl', and to build the latter, we will need to
build all its sources ('apps/openssl.o' in this case) and all the
other things it depends on (such as 'libssl'). All those dependencies
need to be built as well, using the same logic, so to build 'libssl',
we need to build 'ssl/tls.o' as well as 'libcrypto', and to build the
latter...
Build-file templates
--------------------
Build-file templates are essentially build-files (such as Makefile on
Unix) with perl code fragments mixed in. Those perl code fragment
will generate all the configuration dependent data, including all the
rules needed to build end product files and intermediary files alike.
At a minimum, there must be a perl code fragment that defines a set of
functions that are used to generates specific build-file rules, to
build static libraries from object files, to build shared libraries
from static libraries, to programs from object files and libraries,
etc.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file *without*
extension, src2obj() is expected to add that.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library file name *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files (also *without*
extension) to build this library.
libobj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding static library file
or object files.
called like this:
libobj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ],
ordinals => [ "word", "/PATH/TO/ordfile" ]);
'lib' has the intended library file name *without*
extension, libobj2shlib is expected to add that.
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files (also *without* extension) to build
this library. 'ordinals' MAY be present, and when
it is, its value is an array where the word is
"crypto" or "ssl" and the file is one of the ordinal
files util/libcrypto.num or util/libssl.num in the
source directory.
This function has a choice; it can use the
corresponding static library as input to make the
shared library, or the list of object files.
obj2dynlib - function that produces build file lines to build a
dynamically loadable library file ("libfoo.so" on
Unix) from object files.
called like this:
obj2dynlib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as libobj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...). The differences
are subtle, one of the most visible ones is that the
resulting shareable library is produced from object
files only.
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable file name
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files (also
*without* extension) to build this library. 'deps'
has the list of library files (also *without*
extension) that the programs needs to be linked
with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script file name.
'sources' has the list of source files to build the
resulting script from.
Along with the build-file templates is the driving engine
Configurations/common.tmpl, which looks through all the information in
%unified_info and generates all the rulesets to build libraries,
programs and all intermediate files, using the rule generating
functions defined in the build-file template.
As an example with the smaller build.info set we've seen as an
example, producing the rules to build 'libcrypto' would result in the
following calls:
# Note: libobj2shlib will only be called if shared libraries are
# to be produced.
# Note 2: libobj2shlib gets both the name of the static library
# and the names of all the object files that go into it. It's up
# to the implementation to decide which to use as input.
# Note 3: common.tmpl peals off the ".o" extension from all object
# files, as the platform at hand may have a different one.
libobj2shlib(shlib => "libcrypto",
lib => "libcrypto",
objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ],
deps => [ ]
ordinals => [ "crypto", "util/libcrypto.num" ]);
obj2lib(lib => "libcrypto"
objs => [ "crypto/aes", "crypto/evp", "crypto/cversion" ]);
src2obj(obj => "crypto/aes"
srcs => [ "crypto/aes.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/evp"
srcs => [ "crypto/evp.c" ],
deps => [ ],
incs => [ "include" ],
intent => "lib");
src2obj(obj => "crypto/cversion"
srcs => [ "crypto/cversion.c" ],
deps => [ "crypto/buildinf.h" ],
incs => [ "include" ],
intent => "lib");
generatesrc(src => "crypto/buildinf.h",
generator => [ "util/mkbuildinf.pl", "\"$(CC)",
"$(CFLAGS)\"", "\"$(PLATFORM)\"" ],
generator_incs => [ "util" ],
generator_deps => [ "util/Foo.pm" ],
incs => [ ],
deps => [ ],
intent => "lib");
The returned strings from all those calls are then concatenated
together and written to the resulting build-file.

674
Configurations/README.md
View File

@@ -1,674 +0,0 @@
Intro
=====
This directory contains a few sets of files that are used for
configuration in diverse ways:
*.conf Target platform configurations, please read
'Configurations of OpenSSL target platforms' for more
information.
*.tmpl Build file templates, please read 'Build-file
programming with the "unified" build system' as well
as 'Build info files' for more information.
*.pm Helper scripts / modules for the main `Configure`
script. See 'Configure helper scripts for more
information.
Configurations of OpenSSL target platforms
==========================================
Configuration targets are a collection of facts that we know about
different platforms and their capabilities. We organise them in a
hash table, where each entry represent a specific target.
Note that configuration target names must be unique across all config
files. The Configure script does check that a config file doesn't
have config targets that shadow config targets from other files.
In each table entry, the following keys are significant:
inherit_from => Other targets to inherit values from.
Explained further below. [1]
template => Set to 1 if this isn't really a platform
target. Instead, this target is a template
upon which other targets can be built.
Explained further below. [1]
sys_id => System identity for systems where that
is difficult to determine automatically.
enable => Enable specific configuration features.
This MUST be an array of words.
disable => Disable specific configuration features.
This MUST be an array of words.
Note: if the same feature is both enabled
and disabled, disable wins.
as => The assembler command. This is not always
used (for example on Unix, where the C
compiler is used instead).
asflags => Default assembler command flags [4].
cpp => The C preprocessor command, normally not
given, as the build file defaults are
usually good enough.
cppflags => Default C preprocessor flags [4].
defines => As an alternative, macro definitions may be
given here instead of in 'cppflags' [4].
If given here, they MUST be as an array of
the string such as "MACRO=value", or just
"MACRO" for definitions without value.
includes => As an alternative, inclusion directories
may be given here instead of in 'cppflags'
[4]. If given here, the MUST be an array
of strings, one directory specification
each.
cc => The C compiler command, usually one of "cc",
"gcc" or "clang". This command is normally
also used to link object files and
libraries into the final program.
cxx => The C++ compiler command, usually one of
"c++", "g++" or "clang++". This command is
also used when linking a program where at
least one of the object file is made from
C++ source.
cflags => Defaults C compiler flags [4].
cxxflags => Default C++ compiler flags [4]. If unset,
it gets the same value as cflags.
(linking is a complex thing, see [3] below)
ld => Linker command, usually not defined
(meaning the compiler command is used
instead).
(NOTE: this is here for future use, it's
not implemented yet)
lflags => Default flags used when linking apps,
shared libraries or DSOs [4].
ex_libs => Extra libraries that are needed when
linking shared libraries, DSOs or programs.
The value is also assigned to Libs.private
in $(libdir)/pkgconfig/libcrypto.pc.
shared_cppflags => Extra C preprocessor flags used when
processing C files for shared libraries.
shared_cflag => Extra C compiler flags used when compiling
for shared libraries, typically something
like "-fPIC".
shared_ldflag => Extra linking flags used when linking
shared libraries.
module_cppflags
module_cflags
module_ldflags => Has the same function as the corresponding
'shared_' attributes, but for building DSOs.
When unset, they get the same values as the
corresponding 'shared_' attributes.
ar => The library archive command, the default is
"ar".
(NOTE: this is here for future use, it's
not implemented yet)
arflags => Flags to be used with the library archive
command. On Unix, this includes the
command letter, 'r' by default.
ranlib => The library archive indexing command, the
default is 'ranlib' it it exists.
unistd => An alternative header to the typical
'<unistd.h>'. This is very rarely needed.
shared_extension => File name extension used for shared
libraries.
obj_extension => File name extension used for object files.
On unix, this defaults to ".o" (NOTE: this
is here for future use, it's not
implemented yet)
exe_extension => File name extension used for executable
files. On unix, this defaults to "" (NOTE:
this is here for future use, it's not
implemented yet)
shlib_variant => A "variant" identifier inserted between the base
shared library name and the extension. On "unixy"
platforms (BSD, Linux, Solaris, MacOS/X, ...) this
supports installation of custom OpenSSL libraries
that don't conflict with other builds of OpenSSL
installed on the system. The variant identifier
becomes part of the SONAME of the library and also
any symbol versions (symbol versions are not used or
needed with MacOS/X). For example, on a system
where a default build would normally create the SSL
shared library as 'libssl.so -> libssl.so.1.1' with
the value of the symlink as the SONAME, a target
definition that sets 'shlib_variant => "-abc"' will
create 'libssl.so -> libssl-abc.so.1.1', again with
an SONAME equal to the value of the symlink. The
symbol versions associated with the variant library
would then be 'OPENSSL_ABC_<version>' rather than
the default 'OPENSSL_<version>'. The string inserted
into symbol versions is obtained by mapping all
letters in the "variant" identifier to uppercase
and all non-alphanumeric characters to '_'.
thread_scheme => The type of threads is used on the
configured platform. Currently known
values are "(unknown)", "pthreads",
"uithreads" (a.k.a solaris threads) and
"winthreads". Except for "(unknown)", the
actual value is currently ignored but may
be used in the future. See further notes
below [2].
dso_scheme => The type of dynamic shared objects to build
for. This mostly comes into play with
modules, but can be used for other purposes
as well. Valid values are "DLFCN"
(dlopen() et al), "DLFCN_NO_H" (for systems
that use dlopen() et al but do not have
fcntl.h), "DL" (shl_load() et al), "WIN32"
and "VMS".
asm_arch => The architecture to be used for compiling assembly
source. This acts as a selector in build.info files.
uplink_arch => The architecture to be used for compiling uplink
source. This acts as a selector in build.info files.
This is separate from asm_arch because it's compiled
even when 'no-asm' is given, even though it contains
assembler source.
perlasm_scheme => The perlasm method used to create the
assembler files used when compiling with
assembler implementations.
shared_target => The shared library building method used.
This serves multiple purposes:
- as index for targets found in shared_info.pl.
- as linker script generation selector.
To serve both purposes, the index for shared_info.pl
should end with '-shared', and this suffix will be
removed for use as a linker script generation
selector. Note that the latter is only used if
'shared_defflag' is defined.
build_scheme => The scheme used to build up a Makefile.
In its simplest form, the value is a string
with the name of the build scheme.
The value may also take the form of a list
of strings, if the build_scheme is to have
some options. In this case, the first
string in the list is the name of the build
scheme.
Currently recognised build scheme is "unified".
For the "unified" build scheme, this item
*must* be an array with the first being the
word "unified" and the second being a word
to identify the platform family.
multilib => On systems that support having multiple
implementations of a library (typically a
32-bit and a 64-bit variant), this is used
to have the different variants in different
directories.
multibin => On systems that support having multiple
implementations of a library and binaries
(typically a 32-bit and a 64-bit variant),
this is used to have the different variants
in different binary directories. This setting
works in conjunction with multilib.
bn_ops => Building options (was just bignum options in
the earlier history of this option, hence the
name). This is a string of words that describe
algorithms' implementation parameters that
are optimal for the designated target platform,
such as the type of integers used to build up
the bignum, different ways to implement certain
ciphers and so on. To fully comprehend the
meaning, the best is to read the affected
source.
The valid words are:
THIRTY_TWO_BIT bignum limbs are 32 bits,
this is default if no
option is specified, it
works on any supported
system [unless "wider"
limb size is implied in
assembly code];
BN_LLONG bignum limbs are 32 bits,
but 64-bit 'unsigned long
long' is used internally
in calculations;
SIXTY_FOUR_BIT_LONG bignum limbs are 64 bits
and sizeof(long) is 8;
SIXTY_FOUR_BIT bignums limbs are 64 bits,
but execution environment
is ILP32;
RC4_CHAR RC4 key schedule is made
up of 'unsigned char's;
Note: should not be used
for new configuration
targets
RC4_INT RC4 key schedule is made
up of 'unsigned int's;
Note: should not be used
for new configuration
targets
[1] as part of the target configuration, one can have a key called
`inherit_from` that indicates what other configurations to inherit
data from. These are resolved recursively.
Inheritance works as a set of default values that can be overridden
by corresponding key values in the inheriting configuration.
Note 1: any configuration table can be used as a template.
Note 2: pure templates have the attribute `template => 1` and
cannot be used as build targets.
If several configurations are given in the `inherit_from` array,
the values of same attribute are concatenated with space
separation. With this, it's possible to have several smaller
templates for different configuration aspects that can be combined
into a complete configuration.
Instead of a scalar value or an array, a value can be a code block
of the form `sub { /* your code here */ }`. This code block will
be called with the list of inherited values for that key as
arguments. In fact, the concatenation of strings is really done
by using `sub { join(" ",@_) }` on the list of inherited values.
An example:
"foo" => {
template => 1,
haha => "ha ha",
hoho => "ho",
ignored => "This should not appear in the end result",
},
"bar" => {
template => 1,
haha => "ah",
hoho => "haho",
hehe => "hehe"
},
"laughter" => {
inherit_from => [ "foo", "bar" ],
hehe => sub { join(" ",(@_,"!!!")) },
ignored => "",
}
The entry for "laughter" will become as follows after processing:
"laughter" => {
haha => "ha ha ah",
hoho => "ho haho",
hehe => "hehe !!!",
ignored => ""
}
[2] OpenSSL is built with threading capabilities unless the user
specifies `no-threads`. The value of the key `thread_scheme` may
be `(unknown)`, in which case the user MUST give some compilation
flags to `Configure`.
[3] OpenSSL has three types of things to link from object files or
static libraries:
- shared libraries; that would be libcrypto and libssl.
- shared objects (sometimes called dynamic libraries); that would
be the modules.
- applications; those are apps/openssl and all the test apps.
Very roughly speaking, linking is done like this (words in braces
represent the configuration settings documented at the beginning
of this file):
shared libraries:
{ld} $(CFLAGS) {lflags} {shared_ldflag} -o libfoo.so \
foo/something.o foo/somethingelse.o {ex_libs}
shared objects:
{ld} $(CFLAGS) {lflags} {module_ldflags} -o libeng.so \
blah1.o blah2.o -lcrypto {ex_libs}
applications:
{ld} $(CFLAGS) {lflags} -o app \
app1.o utils.o -lssl -lcrypto {ex_libs}
[4] There are variants of these attribute, prefixed with `lib_`,
`dso_` or `bin_`. Those variants replace the unprefixed attribute
when building library, DSO or program modules specifically.
Historically, the target configurations came in form of a string with
values separated by colons. This use is deprecated. The string form
looked like this:
"target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:
{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:
{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:
{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:
{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:
{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:
{arflags}:{multilib}"
Build info files
================
The `build.info` files that are spread over the source tree contain the
minimum information needed to build and distribute OpenSSL. It uses a
simple and yet fairly powerful language to determine what needs to be
built, from what sources, and other relationships between files.
For every `build.info` file, all file references are relative to the
directory of the `build.info` file for source files, and the
corresponding build directory for built files if the build tree
differs from the source tree.
When processed, every line is processed with the perl module
Text::Template, using the delimiters `{-` and `-}`. The hashes
`%config` and `%target` are passed to the perl fragments, along with
$sourcedir and $builddir, which are the locations of the source
directory for the current `build.info` file and the corresponding build
directory, all relative to the top of the build tree.
`Configure` only knows inherently about the top `build.info` file. For
any other directory that has one, further directories to look into
must be indicated like this:
SUBDIRS=something someelse
On to things to be built; they are declared by setting specific
variables:
PROGRAMS=foo bar
LIBS=libsomething
MODULES=libeng
SCRIPTS=myhack
Note that the files mentioned for PROGRAMS, LIBS and MODULES *must* be
without extensions. The build file templates will figure them out.
For each thing to be built, it is then possible to say what sources
they are built from:
PROGRAMS=foo bar
SOURCE[foo]=foo.c common.c
SOURCE[bar]=bar.c extra.c common.c
It's also possible to tell some other dependencies:
DEPEND[foo]=libsomething
DEPEND[libbar]=libsomethingelse
(it could be argued that 'libsomething' and 'libsomethingelse' are
source as well. However, the files given through SOURCE are expected
to be located in the source tree while files given through DEPEND are
expected to be located in the build tree)
It's also possible to depend on static libraries explicitly:
DEPEND[foo]=libsomething.a
DEPEND[libbar]=libsomethingelse.a
This should be rarely used, and care should be taken to make sure it's
only used when supported. For example, native Windows build doesn't
support building static libraries and DLLs at the same time, so using
static libraries on Windows can only be done when configured
`no-shared`.
In some cases, it's desirable to include some source files in the
shared form of a library only:
SHARED_SOURCE[libfoo]=dllmain.c
For any file to be built, it's also possible to tell what extra
include paths the build of their source files should use:
INCLUDE[foo]=include
It's also possible to specify C macros that should be defined:
DEFINE[foo]=FOO BAR=1
In some cases, one might want to generate some source files from
others, that's done as follows:
GENERATE[foo.s]=asm/something.pl $(CFLAGS)
GENERATE[bar.s]=asm/bar.S
The value of each GENERATE line is a command line or part of it.
Configure places no rules on the command line, except that the first
item must be the generator file. It is, however, entirely up to the
build file template to define exactly how those command lines should
be handled, how the output is captured and so on.
Sometimes, the generator file itself depends on other files, for
example if it is a perl script that depends on other perl modules.
This can be expressed using DEPEND like this:
DEPEND[asm/something.pl]=../perlasm/Foo.pm
There may also be cases where the exact file isn't easily specified,
but an inclusion directory still needs to be specified. INCLUDE can
be used in that case:
INCLUDE[asm/something.pl]=../perlasm
NOTE: GENERATE lines are limited to one command only per GENERATE.
Finally, you can have some simple conditional use of the `build.info`
information, looking like this:
IF[1]
something
ELSIF[2]
something other
ELSE
something else
ENDIF
The expression in square brackets is interpreted as a string in perl,
and will be seen as true if perl thinks it is, otherwise false. For
example, the above would have "something" used, since 1 is true.
Together with the use of Text::Template, this can be used as
conditions based on something in the passed variables, for example:
IF[{- $disabled{shared} -}]
LIBS=libcrypto
SOURCE[libcrypto]=...
ELSE
LIBS=libfoo
SOURCE[libfoo]=...
ENDIF
Build-file programming with the "unified" build system
======================================================
"Build files" are called `Makefile` on Unix-like operating systems,
`descrip.mms` for MMS on VMS, `makefile` for `nmake` on Windows, etc.
To use the "unified" build system, the target configuration needs to
set the three items `build_scheme`, `build_file` and `build_command`.
In the rest of this section, we will assume that `build_scheme` is set
to "unified" (see the configurations documentation above for the
details).
For any name given by `build_file`, the "unified" system expects a
template file in `Configurations/` named like the build file, with
`.tmpl` appended, or in case of possible ambiguity, a combination of
the second `build_scheme` list item and the `build_file` name. For
example, if `build_file` is set to `Makefile`, the template could be
`Configurations/Makefile.tmpl` or `Configurations/unix-Makefile.tmpl`.
In case both `Configurations/unix-Makefile.tmpl` and
`Configurations/Makefile.tmpl` are present, the former takes precedence.
The build-file template is processed with the perl module
Text::Template, using `{-` and `-}` as delimiters that enclose the
perl code fragments that generate configuration-dependent content.
Those perl fragments have access to all the hash variables from
configdata.pem.
The build-file template is expected to define at least the following
perl functions in a perl code fragment enclosed with `{-` and `-}`.
They are all expected to return a string with the lines they produce.
generatesrc - function that produces build file lines to generate
a source file from some input.
It's called like this:
generatesrc(src => "PATH/TO/tobegenerated",
generator => [ "generatingfile", ... ]
generator_incs => [ "INCL/PATH", ... ]
generator_deps => [ "dep1", ... ]
generator => [ "generatingfile", ... ]
incs => [ "INCL/PATH", ... ],
deps => [ "dep1", ... ],
intent => one of "libs", "dso", "bin" );
'src' has the name of the file to be generated.
'generator' is the command or part of command to
generate the file, of which the first item is
expected to be the file to generate from.
generatesrc() is expected to analyse and figure out
exactly how to apply that file and how to capture
the result. 'generator_incs' and 'generator_deps'
are include directories and files that the generator
file itself depends on. 'incs' and 'deps' are
include directories and files that are used if $(CC)
is used as an intermediary step when generating the
end product (the file indicated by 'src'). 'intent'
indicates what the generated file is going to be
used for.
src2obj - function that produces build file lines to build an
object file from source files and associated data.
It's called like this:
src2obj(obj => "PATH/TO/objectfile",
srcs => [ "PATH/TO/sourcefile", ... ],
deps => [ "dep1", ... ],
incs => [ "INCL/PATH", ... ]
intent => one of "lib", "dso", "bin" );
'obj' has the intended object file with '.o'
extension, src2obj() is expected to change it to
something more suitable for the platform.
'srcs' has the list of source files to build the
object file, with the first item being the source
file that directly corresponds to the object file.
'deps' is a list of explicit dependencies. 'incs'
is a list of include file directories. Finally,
'intent' indicates what this object file is going
to be used for.
obj2lib - function that produces build file lines to build a
static library file ("libfoo.a" in Unix terms) from
object files.
called like this:
obj2lib(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ]);
'lib' has the intended library filename *without*
extension, obj2lib is expected to add that. 'objs'
has the list of object files to build this library.
libobj2shlib - backward compatibility function that's used the
same way as obj2shlib (described next), and was
expected to build the shared library from the
corresponding static library when that was suitable.
NOTE: building a shared library from a static
library is now DEPRECATED, as they no longer share
object files. Attempting to do this will fail.
obj2shlib - function that produces build file lines to build a
shareable object library file ("libfoo.so" in Unix
terms) from the corresponding object files.
called like this:
obj2shlib(shlib => "PATH/TO/shlibfile",
lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile", ... ]);
'lib' has the base (static) library filename
*without* extension. This is useful in case
supporting files are needed (such as import
libraries on Windows).
'shlib' has the corresponding shared library name
*without* extension. 'deps' has the list of other
libraries (also *without* extension) this library
needs to be linked with. 'objs' has the list of
object files to build this library.
obj2dso - function that produces build file lines to build a
dynamic shared object file from object files.
called like this:
obj2dso(lib => "PATH/TO/libfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/otherlibfile",
... ]);
This is almost the same as obj2shlib, but the
intent is to build a shareable library that can be
loaded in runtime (a "plugin"...).
obj2bin - function that produces build file lines to build an
executable file from object files.
called like this:
obj2bin(bin => "PATH/TO/binfile",
objs => [ "PATH/TO/objectfile", ... ],
deps => [ "PATH/TO/libfile", ... ]);
'bin' has the intended executable filename
*without* extension, obj2bin is expected to add
that. 'objs' has the list of object files to build
this library. 'deps' has the list of library files
(also *without* extension) that the programs needs
to be linked with.
in2script - function that produces build file lines to build a
script file from some input.
called like this:
in2script(script => "PATH/TO/scriptfile",
sources => [ "PATH/TO/infile", ... ]);
'script' has the intended script filename.
'sources' has the list of source files to build the
resulting script from.
In all cases, file file paths are relative to the build tree top, and
the build file actions run with the build tree top as current working
directory.
Make sure to end the section with these functions with a string that
you thing is appropriate for the resulting build file. If nothing
else, end it like this:
""; # Make sure no lingering values end up in the Makefile
-}
Configure helper scripts
========================
Configure uses helper scripts in this directory:
Checker scripts
---------------
These scripts are per platform family, to check the integrity of the
tools used for configuration and building. The checker script used is
either `{build_platform}-{build_file}-checker.pm` or
`{build_platform}-checker.pm`, where `{build_platform}` is the second
`build_scheme` list element from the configuration target data, and
`{build_file}` is `build_file` from the same target data.
If the check succeeds, the script is expected to end with a non-zero
expression. If the check fails, the script can end with a zero, or
with a `die`.

266
Configurations/common.tmpl Normal file
View File

@@ -0,0 +1,266 @@
{- # -*- Mode: perl -*-
use File::Basename;
# A cache of objects for which a recipe has already been generated
my %cache;
# resolvedepends and reducedepends work in tandem to make sure
# there are no duplicate dependencies and that they are in the
# right order. This is especially used to sort the list of
# libraries that a build depends on.
sub extensionlesslib {
my @result = map { $_ =~ /(\.a)?$/; $` } @_;
return @result if wantarray;
return $result[0];
}
sub resolvedepends {
my $thing = shift;
my $extensionlessthing = extensionlesslib($thing);
my @listsofar = @_; # to check if we're looping
my @list = @{$unified_info{depends}->{$thing} //
$unified_info{depends}->{$extensionlessthing}};
my @newlist = ();
if (scalar @list) {
foreach my $item (@list) {
my $extensionlessitem = extensionlesslib($item);
# It's time to break off when the dependency list starts looping
next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
push @newlist, $item, resolvedepends($item, @listsofar, $item);
}
}
@newlist;
}
sub reducedepends {
my @list = @_;
my @newlist = ();
my %replace = ();
while (@list) {
my $item = shift @list;
my $extensionlessitem = extensionlesslib($item);
if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
if ($item ne $extensionlessitem) {
# If this instance of the library is explicitely static, we
# prefer that to any shared library name, since it must have
# been done on purpose.
$replace{$extensionlessitem} = $item;
}
} else {
push @newlist, $item;
}
}
map { $replace{$_} // $_; } @newlist;
}
# is_installed checks if a given file will be installed (i.e. they are
# not defined _NO_INST in build.info)
sub is_installed {
my $product = shift;
if (grep { $product eq $_ }
map { (@{$unified_info{install}->{$_}}) }
keys %{$unified_info{install}}) {
return 1;
}
return 0;
}
# dogenerate is responsible for producing all the recipes that build
# generated source files. It recurses in case a dependency is also a
# generated source file.
sub dogenerate {
my $src = shift;
return "" if $cache{$src};
my $obj = shift;
my $bin = shift;
my %opts = @_;
if ($unified_info{generate}->{$src}) {
die "$src is generated by Configure, should not appear in build file\n"
if ref $unified_info{generate}->{$src} eq "";
my $script = $unified_info{generate}->{$src}->[0];
$OUT .= generatesrc(src => $src,
generator => $unified_info{generate}->{$src},
generator_incs => $unified_info{includes}->{$script},
generator_deps => $unified_info{depends}->{$script},
deps => $unified_info{depends}->{$src},
incs => [ @{$unified_info{includes}->{$bin}},
@{$unified_info{includes}->{$obj}} ],
%opts);
foreach (@{$unified_info{depends}->{$src}}) {
dogenerate($_, $obj, $bin, %opts);
}
}
$cache{$src} = 1;
}
# doobj is responsible for producing all the recipes that build
# object files as well as dependency files.
sub doobj {
my $obj = shift;
return "" if $cache{$obj};
(my $obj_no_o = $obj) =~ s|\.o$||;
my $bin = shift;
my %opts = @_;
if (@{$unified_info{sources}->{$obj}}) {
$OUT .= src2obj(obj => $obj_no_o,
product => $bin,
srcs => $unified_info{sources}->{$obj},
deps => $unified_info{depends}->{$obj},
incs => [ @{$unified_info{includes}->{$bin}},
@{$unified_info{includes}->{$obj}} ],
%opts);
foreach ((@{$unified_info{sources}->{$obj}},
@{$unified_info{depends}->{$obj}})) {
dogenerate($_, $obj, $bin, %opts);
}
}
$cache{$obj} = 1;
}
# dolib is responsible for building libraries. It will call
# libobj2shlib is shared libraries are produced, and obj2lib in all
# cases. It also makes sure all object files for the library are
# built.
sub dolib {
my $lib = shift;
return "" if $cache{$lib};
unless ($disabled{shared} || $lib =~ /\.a$/) {
my %ordinals =
$unified_info{ordinals}->{$lib}
? (ordinals => $unified_info{ordinals}->{$lib}) : ();
$OUT .= libobj2shlib(shlib => $unified_info{sharednames}->{$lib},
lib => $lib,
objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
(@{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}}) ],
deps => [ reducedepends(resolvedepends($lib)) ],
installed => is_installed($lib),
%ordinals);
foreach (@{$unified_info{shared_sources}->{$lib}}) {
doobj($_, $lib, intent => "lib", installed => is_installed($lib));
}
}
$OUT .= obj2lib(lib => $lib,
objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
@{$unified_info{sources}->{$lib}} ]);
foreach (@{$unified_info{sources}->{$lib}}) {
doobj($_, $lib, intent => "lib", installed => is_installed($lib));
}
$cache{$lib} = 1;
}
# doengine is responsible for building engines. It will call
# obj2dso, and also makes sure all object files for the library
# are built.
sub doengine {
my $lib = shift;
return "" if $cache{$lib};
$OUT .= obj2dso(lib => $lib,
objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
(@{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}}) ],
deps => [ resolvedepends($lib) ],
installed => is_installed($lib));
foreach ((@{$unified_info{sources}->{$lib}},
@{$unified_info{shared_sources}->{$lib}})) {
doobj($_, $lib, intent => "dso", installed => is_installed($lib));
}
$cache{$lib} = 1;
}
# dobin is responsible for building programs. It will call obj2bin,
# and also makes sure all object files for the library are built.
sub dobin {
my $bin = shift;
return "" if $cache{$bin};
my $deps = [ reducedepends(resolvedepends($bin)) ];
$OUT .= obj2bin(bin => $bin,
objs => [ map { (my $x = $_) =~ s|\.o$||; $x }
@{$unified_info{sources}->{$bin}} ],
deps => $deps,
installed => is_installed($bin));
foreach (@{$unified_info{sources}->{$bin}}) {
doobj($_, $bin, intent => "bin", installed => is_installed($bin));
}
$cache{$bin} = 1;
}
# dobin is responsible for building scripts from templates. It will
# call in2script.
sub doscript {
my $script = shift;
return "" if $cache{$script};
$OUT .= in2script(script => $script,
sources => $unified_info{sources}->{$script},
installed => is_installed($script));
$cache{$script} = 1;
}
sub dodir {
my $dir = shift;
return "" if !exists(&generatedir) or $cache{$dir};
$OUT .= generatedir(dir => $dir,
deps => $unified_info{dirinfo}->{$dir}->{deps},
%{$unified_info{dirinfo}->{$_}->{products}});
$cache{$dir} = 1;
}
# Start with populating the cache with all the overrides
%cache = map { $_ => 1 } @{$unified_info{overrides}};
# For convenience collect information regarding directories where
# files are generated, those generated files and the end product
# they end up in where applicable. Then, add build rules for those
# directories
if (exists &generatedir) {
my %loopinfo = ( "dso" => [ @{$unified_info{engines}} ],
"lib" => [ @{$unified_info{libraries}} ],
"bin" => [ @{$unified_info{programs}} ],
"script" => [ @{$unified_info{scripts}} ] );
foreach my $type (keys %loopinfo) {
foreach my $product (@{$loopinfo{$type}}) {
my %dirs = ();
my $pd = dirname($product);
# We already have a "test" target, and the current directory
# is just silly to make a target for
$dirs{$pd} = 1 unless $pd eq "test" || $pd eq ".";
foreach (@{$unified_info{sources}->{$product}}) {
my $d = dirname($_);
# We don't want to create targets for source directories
# when building out of source
next if ($config{sourcedir} ne $config{builddir}
&& $d =~ m|^\Q$config{sourcedir}\E|);
# We already have a "test" target, and the current directory
# is just silly to make a target for
next if $d eq "test" || $d eq ".";
$dirs{$d} = 1;
push @{$unified_info{dirinfo}->{$d}->{deps}}, $_
if $d ne $pd;
}
foreach (keys %dirs) {
push @{$unified_info{dirinfo}->{$_}->{products}->{$type}},
$product;
}
}
}
}
# Build mandatory generated headers
foreach (@{$unified_info{depends}->{""}}) { dogenerate($_); }
# Build all known libraries, engines, programs and scripts.
# Everything else will be handled as a consequence.
foreach (@{$unified_info{libraries}}) { dolib($_); }
foreach (@{$unified_info{engines}}) { doengine($_); }
foreach (@{$unified_info{programs}}) { dobin($_); }
foreach (@{$unified_info{scripts}}) { doscript($_); }
foreach (sort keys %{$unified_info{dirinfo}}) { dodir($_); }
# Finally, should there be any applicable BEGINRAW/ENDRAW sections,
# they are added here.
$OUT .= $_."\n" foreach @{$unified_info{rawlines}};
-}

31
Configurations/common0.tmpl
View File

@@ -1,31 +0,0 @@
{- # -*- Mode: perl -*-
# Commonly used list of generated files
# The reason for the complexity is that the build.info files provide
# GENERATE rules for *all* platforms without discrimination, while the
# build files only want those for a particular build. Therefore, we
# need to extrapolate exactly what we need to generate. The way to do
# that is to extract all possible source files from diverse tables and
# filter out all that are not generated
my %generatables =
map { $_ => 1 }
( # The sources of stuff may be generated
( map { @{$unified_info{sources}->{$_}} }
keys %{$unified_info{sources}} ),
$disabled{shared}
? ()
: ( map { @{$unified_info{shared_sources}->{$_}} }
keys %{$unified_info{shared_sources}} ),
# Things we explicitly depend on are usually generated
( map { $_ eq "" ? () : @{$unified_info{depends}->{$_}} }
keys %{$unified_info{depends}} ));
our @generated =
sort ( ( grep { defined $unified_info{generate}->{$_} }
sort keys %generatables ),
# Scripts are assumed to be generated, so add them too
( grep { defined $unified_info{sources}->{$_} }
@{$unified_info{scripts}} ) );
# Avoid strange output
"";
-}

1383
Configurations/descrip.mms.tmpl
View File

File diff suppressed because it is too large Load Diff

556
Configurations/gentemplate.pm
View File

@@ -1,556 +0,0 @@
package gentemplate;
use strict;
use warnings;
use Carp;
use Exporter;
use vars qw($VERSION @ISA @EXPORT @EXPORT_OK %EXPORT_TAGS);
@ISA = qw(Exporter);
@EXPORT = qw(gentemplate);
use File::Basename;
sub gentemplate {
my %opts = @_;
my $generator = OpenSSL::GenTemplate->new(%opts);
# Build mandatory header file generators
foreach (@{$generator->{info}->{depends}->{""}}) { $generator->dogenerate($_); }
# Build all known targets, libraries, modules, programs and scripts.
# Everything else will be handled as a consequence.
foreach (@{$generator->{info}->{targets}}) { $generator->dotarget($_); }
foreach (@{$generator->{info}->{libraries}}) { $generator->dolib($_); }
foreach (@{$generator->{info}->{modules}}) { $generator->domodule($_); }
foreach (@{$generator->{info}->{programs}}) { $generator->dobin($_); }
foreach (@{$generator->{info}->{scripts}}) { $generator->doscript($_); }
foreach (sort keys %{$generator->{info}->{htmldocs}}) { $generator->dodocs('html', $_); }
foreach (sort keys %{$generator->{info}->{mandocs}}) { $generator->dodocs('man', $_); }
foreach (sort keys %{$generator->{info}->{dirinfo}}) { $generator->dodir($_); }
}
package OpenSSL::GenTemplate;
use OpenSSL::Util;
sub new {
my $class = shift;
my %opts = @_;
my $data = {
output => $opts{output},
config => $opts{config} // {},
disabled => $opts{disabled} // {},
info => $opts{unified_info} // {},
};
return bless $data, $class;
};
sub emit {
my $self = shift;
my $name = shift;
my %opts = @_;
my $fh = $self->{output};
die "No name?" unless $name;
print $fh "{-\n ", $name, '(', dump_data(\%opts), ');', " \n-}"
unless defined $opts{attrs}->{skip};
}
my $debug_resolvedepends = $ENV{BUILDFILE_DEBUG_DEPENDS};
my $debug_rules = $ENV{BUILDFILE_DEBUG_RULES};
# A cache of objects for which a recipe has already been generated
our %cache;
# collectdepends, expanddepends and reducedepends work together to make
# sure there are no duplicate or weak dependencies and that they are in
# the right order. This is used to sort the list of libraries that a
# build depends on.
sub extensionlesslib {
my @result = map { $_ =~ /(\.a)?$/; $` } @_;
return @result if wantarray;
return $result[0];
}
# collectdepends dives into the tree of dependencies and returns
# a list of all the non-weak ones.
sub collectdepends {
my $self = shift;
return () unless @_;
my $thing = shift;
my $extensionlessthing = extensionlesslib($thing);
my @listsofar = @_; # to check if we're looping
my @list = @{ $self->{info}->{depends}->{$thing} //
$self->{info}->{depends}->{$extensionlessthing}
// [] };
my @newlist = ();
print STDERR "DEBUG[collectdepends] $thing > ", join(' ', @listsofar), "\n"
if $debug_resolvedepends;
foreach my $item (@list) {
my $extensionlessitem = extensionlesslib($item);
# It's time to break off when the dependency list starts looping
next if grep { extensionlesslib($_) eq $extensionlessitem } @listsofar;
# Don't add anything here if the dependency is weak
next if defined $self->{info}->{attributes}->{depends}->{$thing}->{$item}->{'weak'};
my @resolved = $self->collectdepends($item, @listsofar, $item);
push @newlist, $item, @resolved;
}
print STDERR "DEBUG[collectdepends] $thing < ", join(' ', @newlist), "\n"
if $debug_resolvedepends;
@newlist;
}
# expanddepends goes through a list of stuff, checks if they have any
# dependencies, and adds them at the end of the current position if
# they aren't already present later on.
sub expanddepends {
my $self = shift;
my @after = ( @_ );
print STDERR "DEBUG[expanddepends]> ", join(' ', @after), "\n"
if $debug_resolvedepends;
my @before = ();
while (@after) {
my $item = shift @after;
print STDERR "DEBUG[expanddepends]\\ ", join(' ', @before), "\n"
if $debug_resolvedepends;
print STDERR "DEBUG[expanddepends] - ", $item, "\n"
if $debug_resolvedepends;
my @middle = (
$item,
map {
my $x = $_;
my $extlessx = extensionlesslib($x);
if (grep { $extlessx eq extensionlesslib($_) } @before
and
!grep { $extlessx eq extensionlesslib($_) } @after) {
print STDERR "DEBUG[expanddepends] + ", $x, "\n"
if $debug_resolvedepends;
( $x )
} else {
print STDERR "DEBUG[expanddepends] ! ", $x, "\n"
if $debug_resolvedepends;
()
}
} @{$self->{info}->{depends}->{$item} // []}
);
print STDERR "DEBUG[expanddepends] = ", join(' ', @middle), "\n"
if $debug_resolvedepends;
print STDERR "DEBUG[expanddepends]/ ", join(' ', @after), "\n"
if $debug_resolvedepends;
push @before, @middle;
}
print STDERR "DEBUG[expanddepends]< ", join(' ', @before), "\n"
if $debug_resolvedepends;
@before;
}
# reducedepends looks through a list, and checks if each item is
# repeated later on. If it is, the earlier copy is dropped.
sub reducedepends {
my @list = @_;
print STDERR "DEBUG[reducedepends]> ", join(' ', @list), "\n"
if $debug_resolvedepends;
my @newlist = ();
my %replace = ();
while (@list) {
my $item = shift @list;
my $extensionlessitem = extensionlesslib($item);
if (grep { $extensionlessitem eq extensionlesslib($_) } @list) {
if ($item ne $extensionlessitem) {
# If this instance of the library is explicitly static, we
# prefer that to any shared library name, since it must have
# been done on purpose.
$replace{$extensionlessitem} = $item;
}
} else {
push @newlist, $item;
}
}
@newlist = map { $replace{$_} // $_; } @newlist;
print STDERR "DEBUG[reducedepends]< ", join(' ', @newlist), "\n"
if $debug_resolvedepends;
@newlist;
}
# Do it all
# This takes multiple inputs and combine them into a single list of
# interdependent things. The returned value will include all the input.
# Callers are responsible for taking away the things they are building.
sub resolvedepends {
my $self = shift;
print STDERR "DEBUG[resolvedepends] START (", join(', ', @_), ")\n"
if $debug_resolvedepends;
my @all =
reducedepends($self->expanddepends(map { ( $_, $self->collectdepends($_) ) } @_));
print STDERR "DEBUG[resolvedepends] END (", join(', ', @_), ") : ",
join(',', map { "\n $_" } @all), "\n"
if $debug_resolvedepends;
@all;
}
# dogenerate is responsible for producing all the recipes that build
# generated source files. It recurses in case a dependency is also a
# generated source file.
sub dogenerate {
my $self = shift;
my $src = shift;
# Safety measure
return "" unless defined $self->{info}->{generate}->{$src};
return "" if $cache{$src};
my $obj = shift;
my $bin = shift;
my %opts = @_;
if ($self->{info}->{generate}->{$src}) {
die "$src is generated by Configure, should not appear in build file\n"
if ref $self->{info}->{generate}->{$src} eq "";
my $script = $self->{info}->{generate}->{$src}->[0];
my %attrs = %{$self->{info}->{attributes}->{generate}->{$src} // {}};
$self->emit('generatesrc',
src => $src,
product => $bin,
generator => $self->{info}->{generate}->{$src},
generator_incs => $self->{info}->{includes}->{$script} // [],
generator_deps => $self->{info}->{depends}->{$script} // [],
deps => $self->{info}->{depends}->{$src} // [],
incs => [ defined $obj ? @{$self->{info}->{includes}->{$obj} // []} : (),
defined $bin ? @{$self->{info}->{includes}->{$bin} // []} : () ],
defs => [ defined $obj ? @{$self->{info}->{defines}->{$obj} // []} : (),
defined $bin ? @{$self->{info}->{defines}->{$bin} // []} : () ],
attrs => { %attrs },
%opts);
foreach (@{$self->{info}->{depends}->{$src} // []}) {
$self->dogenerate($_, $obj, $bin, %opts);
}
# The generator itself may be is generated
if ($self->{info}->{generate}->{$script}) {
$self->dogenerate($script, $obj, $bin, %opts);
}
}
$cache{$src} = 1;
}
sub dotarget {
my $self = shift;
my $target = shift;
return "" if $cache{$target};
$self->emit('generatetarget',
target => $target,
deps => $self->{info}->{depends}->{$target} // []);
foreach (@{$self->{info}->{depends}->{$target} // []}) {
$self->dogenerate($_);
}
$cache{$target} = 1;
}
# doobj is responsible for producing all the recipes that build
# object files as well as dependency files.
sub doobj {
my $self = shift;
my $obj = shift;
return "" if $cache{$obj};
my $bin = shift;
my %opts = @_;
if (@{$self->{info}->{sources}->{$obj} // []}) {
my @srcs = @{$self->{info}->{sources}->{$obj}};
my @deps = @{$self->{info}->{depends}->{$obj} // []};
my @incs = ( @{$self->{info}->{includes}->{$obj} // []},
@{$self->{info}->{includes}->{$bin} // []} );
my @defs = ( @{$self->{info}->{defines}->{$obj} // []},
@{$self->{info}->{defines}->{$bin} // []} );
print STDERR "DEBUG[doobj] \@srcs for $obj ($bin) : ",
join(",", map { "\n $_" } @srcs), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \@deps for $obj ($bin) : ",
join(",", map { "\n $_" } @deps), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \@incs for $obj ($bin) : ",
join(",", map { "\n $_" } @incs), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \@defs for $obj ($bin) : ",
join(",", map { "\n $_" } @defs), "\n"
if $debug_rules;
print STDERR "DEBUG[doobj] \%opts for $obj ($bin) : ", ,
join(",", map { "\n $_ = $opts{$_}" } sort keys %opts), "\n"
if $debug_rules;
$self->emit('src2obj',
obj => $obj, product => $bin,
srcs => [ @srcs ], deps => [ @deps ],
incs => [ @incs ], defs => [ @defs ],
%opts);
foreach ((@{$self->{info}->{sources}->{$obj}},
@{$self->{info}->{depends}->{$obj} // []})) {
$self->dogenerate($_, $obj, $bin, %opts);
}
}
$cache{$obj} = 1;
}
# Helper functions to grab all applicable intermediary files.
# This is particularly useful when a library is given as source
# rather than a dependency. In that case, we consider it to be a
# container with object file references, or possibly references
# to further libraries to pilfer in the same way.
sub getsrclibs {
my $self = shift;
my $section = shift;
# For all input, see if it sources static libraries. If it does,
# return them together with the result of a recursive call.
map { ( $_, getsrclibs($section, $_) ) }
grep { $_ =~ m|\.a$| }
map { @{$self->{info}->{$section}->{$_} // []} }
@_;
}
sub getlibobjs {
my $self = shift;
my $section = shift;
# For all input, see if it's an intermediary file (library or object).
# If it is, collect the result of a recursive call, or if that returns
# an empty list, the element itself. Return the result.
map {
my @x = $self->getlibobjs($section, @{$self->{info}->{$section}->{$_}});
@x ? @x : ( $_ );
}
grep { defined $self->{info}->{$section}->{$_} }
@_;
}
# dolib is responsible for building libraries. It will call
# obj2shlib if shared libraries are produced, and obj2lib in all
# cases. It also makes sure all object files for the library are
# built.
sub dolib {
my $self = shift;
my $lib = shift;
return "" if $cache{$lib};
my %attrs = %{$self->{info}->{attributes}->{libraries}->{$lib} // {}};
my @deps = ( $self->resolvedepends(getsrclibs('sources', $lib)) );
# We support two types of objs, those who are specific to this library
# (they end up in @objs) and those that we get indirectly, via other
# libraries (they end up in @foreign_objs). We get the latter any time
# someone has done something like this in build.info:
# SOURCE[libfoo.a]=libbar.a
# The indirect object files must be kept in a separate array so they
# don't get rebuilt unnecessarily (and with incorrect auxiliary
# information).
#
# Object files can't be collected commonly for shared and static
# libraries, because we contain their respective object files in
# {shared_sources} and {sources}, and because the implications are
# slightly different for each library form.
#
# We grab all these "foreign" object files recursively with getlibobjs().
unless ($self->{disabled}->{shared} || $lib =~ /\.a$/) {
# If this library sources other static libraries and those
# libraries are marked {noinst}, there's no need to include
# all of their object files. Instead, we treat those static
# libraries as dependents alongside any other library this
# one depends on, and let symbol resolution do its job.
my @sourced_libs = ();
my @objs = ();
my @foreign_objs = ();
my @deps = ();
foreach (@{$self->{info}->{shared_sources}->{$lib} // []}) {
if ($_ !~ m|\.a$|) {
push @objs, $_;
} elsif ($self->{info}->{attributes}->{libraries}->{$_}->{noinst}) {
push @deps, $_;
} else {
push @deps, $self->getsrclibs('sources', $_);
push @foreign_objs, $self->getlibobjs('sources', $_);
}
}
@deps = ( grep { $_ ne $lib } $self->resolvedepends($lib, @deps) );
print STDERR "DEBUG[dolib:shlib] \%attrs for $lib : ", ,
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if %attrs && $debug_rules;
print STDERR "DEBUG[dolib:shlib] \@deps for $lib : ",
join(",", map { "\n $_" } @deps), "\n"
if @deps && $debug_rules;
print STDERR "DEBUG[dolib:shlib] \@objs for $lib : ",
join(",", map { "\n $_" } @objs), "\n"
if @objs && $debug_rules;
print STDERR "DEBUG[dolib:shlib] \@foreign_objs for $lib : ",
join(",", map { "\n $_" } @foreign_objs), "\n"
if @foreign_objs && $debug_rules;
$self->emit('obj2shlib',
lib => $lib,
attrs => { %attrs },
objs => [ @objs, @foreign_objs ],
deps => [ @deps ]);
foreach (@objs) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $self->{info}->{sources}->{$_}) {
if($_ =~ /\.a$/) {
$self->dolib($_);
} else {
$self->doobj($_, $lib, intent => "shlib", attrs => { %attrs });
}
} else {
$self->dogenerate($_, undef, undef, intent => "lib");
}
}
}
{
# When putting static libraries together, we cannot rely on any
# symbol resolution, so for all static libraries used as source for
# this one, as well as other libraries they depend on, we simply
# grab all their object files unconditionally,
# Symbol resolution will happen when any program, module or shared
# library is linked with this one.
my @objs = ();
my @sourcedeps = ();
my @foreign_objs = ();
foreach (@{$self->{info}->{sources}->{$lib}}) {
if ($_ !~ m|\.a$|) {
push @objs, $_;
} else {
push @sourcedeps, $_;
}
}
@sourcedeps = ( grep { $_ ne $lib } $self->resolvedepends(@sourcedeps) );
print STDERR "DEBUG[dolib:lib] : \@sourcedeps for $_ : ",
join(",", map { "\n $_" } @sourcedeps), "\n"
if @sourcedeps && $debug_rules;
@foreign_objs = $self->getlibobjs('sources', @sourcedeps);
print STDERR "DEBUG[dolib:lib] \%attrs for $lib : ", ,
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if %attrs && $debug_rules;
print STDERR "DEBUG[dolib:lib] \@objs for $lib : ",
join(",", map { "\n $_" } @objs), "\n"
if @objs && $debug_rules;
print STDERR "DEBUG[dolib:lib] \@foreign_objs for $lib : ",
join(",", map { "\n $_" } @foreign_objs), "\n"
if @foreign_objs && $debug_rules;
$self->emit('obj2lib',
lib => $lib, attrs => { %attrs },
objs => [ @objs, @foreign_objs ]);
foreach (@objs) {
$self->doobj($_, $lib, intent => "lib", attrs => { %attrs });
}
}
$cache{$lib} = 1;
}
# domodule is responsible for building modules. It will call
# obj2dso, and also makes sure all object files for the library
# are built.
sub domodule {
my $self = shift;
my $module = shift;
return "" if $cache{$module};
my %attrs = %{$self->{info}->{attributes}->{modules}->{$module} // {}};
my @objs = @{$self->{info}->{sources}->{$module}};
my @deps = ( grep { $_ ne $module }
$self->resolvedepends($module) );
print STDERR "DEBUG[domodule] \%attrs for $module :",
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if $debug_rules;
print STDERR "DEBUG[domodule] \@objs for $module : ",
join(",", map { "\n $_" } @objs), "\n"
if $debug_rules;
print STDERR "DEBUG[domodule] \@deps for $module : ",
join(",", map { "\n $_" } @deps), "\n"
if $debug_rules;
$self->emit('obj2dso',
module => $module,
attrs => { %attrs },
objs => [ @objs ],
deps => [ @deps ]);
foreach (@{$self->{info}->{sources}->{$module}}) {
# If this is somehow a compiled object, take care of it that way
# Otherwise, it might simply be generated
if (defined $self->{info}->{sources}->{$_}) {
$self->doobj($_, $module, intent => "dso", attrs => { %attrs });
} else {
$self->dogenerate($_, undef, $module, intent => "dso");
}
}
$cache{$module} = 1;
}
# dobin is responsible for building programs. It will call obj2bin,
# and also makes sure all object files for the library are built.
sub dobin {
my $self = shift;
my $bin = shift;
return "" if $cache{$bin};
my %attrs = %{$self->{info}->{attributes}->{programs}->{$bin} // {}};
my @objs = @{$self->{info}->{sources}->{$bin}};
my @deps = ( grep { $_ ne $bin } $self->resolvedepends($bin) );
print STDERR "DEBUG[dobin] \%attrs for $bin : ",
join(",", map { "\n $_ = $attrs{$_}" } sort keys %attrs), "\n"
if %attrs && $debug_rules;
print STDERR "DEBUG[dobin] \@objs for $bin : ",
join(",", map { "\n $_" } @objs), "\n"
if @objs && $debug_rules;
print STDERR "DEBUG[dobin] \@deps for $bin : ",
join(",", map { "\n $_" } @deps), "\n"
if @deps && $debug_rules;
$self->emit('obj2bin',
bin => $bin,
attrs => { %attrs },
objs => [ @objs ],
deps => [ @deps ]);
foreach (@objs) {
$self->doobj($_, $bin, intent => "bin", attrs => { %attrs });
}
$cache{$bin} = 1;
}
# doscript is responsible for building scripts from templates. It will
# call in2script.
sub doscript {
my $self = shift;
my $script = shift;
return "" if $cache{$script};
$self->emit('in2script',
script => $script,
attrs => $self->{info}->{attributes}->{scripts}->{$script} // {},
sources => $self->{info}->{sources}->{$script});
$cache{$script} = 1;
}
sub dodir {
my $self = shift;
my $dir = shift;
return "" if !exists(&generatedir) or $cache{$dir};
$self->emit('generatedir',
dir => $dir,
deps => $self->{info}->{dirinfo}->{$dir}->{deps} // [],
%{$self->{info}->{dirinfo}->{$_}->{products}});
$cache{$dir} = 1;
}
# dodocs is responsible for building documentation from .pods.
# It will call generatesrc.
sub dodocs {
my $self = shift;
my $type = shift;
my $section = shift;
foreach my $doc (@{$self->{info}->{"${type}docs"}->{$section}}) {
next if $cache{$doc};
$self->emit('generatesrc',
src => $doc,
generator => $self->{info}->{generate}->{$doc});
foreach ((@{$self->{info}->{depends}->{$doc} // []})) {
$self->dogenerate($_, undef, undef);
}
$cache{$doc} = 1;
}
}
1;

18
Configurations/platform.pm
View File

@@ -1,18 +0,0 @@
package platform;
use strict;
use warnings;
use vars qw(@ISA);
# Callers must make sure @INC has the build directory
use configdata;
my $module = $target{perl_platform} || 'Unix';
(my $module_path = $module) =~ s|::|/|g;
require "platform/$module_path.pm";
@ISA = ("platform::$module");
1;
__END__

47
Configurations/platform/AIX.pm
View File

@@ -1,47 +0,0 @@
package platform::AIX;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::Unix;
@ISA = qw(platform::Unix);
# Assume someone set @INC right before loading this module
use configdata;
sub dsoext { '.so' }
sub shlibextsimple { return '.so' if $target{shared_target} eq "aix-solib";
'.a'}
# In shared mode, the default static library names clashes with the final
# "simple" full shared library name, so we add '_a' to the basename of the
# static libraries in that case, unless in solib mode (using only .so
# files for shared libraries, and not packaging them inside archives)
sub staticname {
return platform::Unix->staticname($_[1]) if $target{shared_target} eq "aix-solib";
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
return platform::BASE->staticname($_[1]) . ($disabled{shared} ? '' : '_a');
}
# In solib mode, we do not install the simple symlink (we install the import
# library). In regular mode, we install the symlink.
sub sharedlib_simple {
return undef if $target{shared_target} eq "aix-solib";
return platform::Unix->sharedlib_simple($_[1], $_[0]->shlibextsimple());
}
# In solib mode, we install the import library. In regular mode, we have
# no import library.
sub sharedlib_import {
return platform::Unix->sharedlib_simple($_[1]) if $target{shared_target} eq "aix-solib";
return undef;
}

99
Configurations/platform/BASE.pm
View File

@@ -1,99 +0,0 @@
package platform::BASE;
use strict;
use warnings;
use Carp;
# Assume someone set @INC right before loading this module
use configdata;
# Globally defined "platform specific" extensions, available for uniformity
sub depext { '.d' }
# Functions to convert internal file representations to platform specific
# ones. Note that these all depend on extension functions that MUST be
# defined per platform.
#
# Currently known internal or semi-internal extensions are:
#
# .a For libraries that are made static only.
# Internal libraries only.
# .o For object files.
# .s, .S Assembler files. This is an actual extension on Unix
# .res Resource file. This is an actual extension on Windows
sub binname { return $_[1] } # Name of executable binary
sub dsoname { return $_[1] } # Name of dynamic shared object (DSO)
sub sharedname { return __isshared($_[1]) ? $_[1] : undef } # Name of shared lib
sub staticname { return __base($_[1], '.a') } # Name of static lib
# Convenience function to convert the shlib version to an acceptable part
# of a file or directory name. By default, we consider it acceptable as is.
sub shlib_version_as_filename { return $config{shlib_version} }
# Convenience functions to convert the possible extension of an input file name
sub bin { return $_[0]->binname($_[1]) . $_[0]->binext() }
sub dso { return $_[0]->dsoname($_[1]) . $_[0]->dsoext() }
sub sharedlib { return __concat($_[0]->sharedname($_[1]), $_[0]->shlibext()) }
sub staticlib { return $_[0]->staticname($_[1]) . $_[0]->libext() }
# More convenience functions for intermediary files
sub def { return __base($_[1], '.ld') . $_[0]->defext() }
sub obj { return __base($_[1], '.o') . $_[0]->objext() }
sub res { return __base($_[1], '.res') . $_[0]->resext() }
sub dep { return __base($_[1], '.o') . $_[0]->depext() } # <- objname
sub asm { return __base($_[1], '.s') . $_[0]->asmext() }
# Another set of convenience functions for standard checks of certain
# internal extensions and conversion from internal to platform specific
# extension. Note that the latter doesn't deal with libraries because
# of ambivalence
sub isdef { return $_[1] =~ m|\.ld$|; }
sub isobj { return $_[1] =~ m|\.o$|; }
sub isres { return $_[1] =~ m|\.res$|; }
sub isasm { return $_[1] =~ m|\.s$|; }
sub iscppasm { return $_[1] =~ m|\.S$|; }
sub isstaticlib { return $_[1] =~ m|\.a$|; }
sub convertext {
if ($_[0]->isdef($_[1])) { return $_[0]->def($_[1]); }
if ($_[0]->isobj($_[1])) { return $_[0]->obj($_[1]); }
if ($_[0]->isres($_[1])) { return $_[0]->res($_[1]); }
if ($_[0]->isasm($_[1])) { return $_[0]->asm($_[1]); }
if ($_[0]->isstaticlib($_[1])) { return $_[0]->staticlib($_[1]); }
return $_[1];
}
# Helpers ############################################################
# __base EXPR, LIST
# This returns the given path (EXPR) with the matching suffix from LIST stripped
sub __base {
my $path = shift;
foreach (@_) {
if ($path =~ m|\Q${_}\E$|) {
return $`;
}
}
return $path;
}
# __isshared EXPR
# EXPR is supposed to be a library name. This will return true if that library
# can be assumed to be a shared library, otherwise false
sub __isshared {
return !($disabled{shared} || $_[0] =~ /\.a$/);
}
# __concat LIST
# Returns the concatenation of all elements of LIST if none of them is
# undefined. If one of them is undefined, returns undef instead.
sub __concat {
my $result = '';
foreach (@_) {
return undef unless defined $_;
$result .= $_;
}
return $result;
}
1;

22
Configurations/platform/Cygwin.pm
View File

@@ -1,22 +0,0 @@
package platform::Cygwin;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::mingw;
@ISA = qw(platform::mingw);
# Assume someone set @INC right before loading this module
use configdata;
sub sharedname {
my $class = shift;
my $lib = platform::mingw->sharedname(@_);
$lib =~ s|^lib|cyg| if defined $lib;
return $lib;
}
1;

89
Configurations/platform/Unix.pm
View File

@@ -1,89 +0,0 @@
package platform::Unix;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::BASE;
@ISA = qw(platform::BASE);
# Assume someone set @INC right before loading this module
use configdata;
sub binext { $target{exe_extension} || '' }
sub dsoext { $target{dso_extension} || platform->shlibextsimple()
|| '.so' }
# Because these are also used in scripts and not just Makefile, we must
# convert $(SHLIB_VERSION_NUMBER) to the actual number.
sub shlibext { (my $x = $target{shared_extension}
|| '.so.$(SHLIB_VERSION_NUMBER)')
=~ s|\.\$\(SHLIB_VERSION_NUMBER\)
|.$config{shlib_version}|x;
$x; }
sub libext { $target{lib_extension} || '.a' }
sub defext { $target{def_extension} || '.ld' }
sub objext { $target{obj_extension} || '.o' }
sub depext { $target{obj_extension} || '.d' }
# Other extra that aren't defined in platform::BASE
sub shlibextsimple { (my $x = $target{shared_extension} || '.so')
=~ s|\.\$\(SHLIB_VERSION_NUMBER\)||;
$x; }
sub shlibvariant { $target{shlib_variant} || "" }
sub makedepcmd { $disabled{makedepend} ? undef : $config{makedepcmd} }
# No conversion of assembler extension on Unix
sub asm {
return $_[1];
}
# At some point, we might decide that static libraries are called something
# other than the default...
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
# We currently return the same name anyway... but we might choose to
# append '_static' or '_a' some time in the future.
return platform::BASE->staticname($_[1]);
}
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
($_[0]->shlibvariant() // ''));
}
sub sharedname_simple {
return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
}
sub sharedlib_simple {
# This function returns the simplified shared library name (no version
# or variant in the shared library file name) if the simple variants of
# the base name or the suffix differ from the full variants of the same.
# Note: if $_[1] isn't a shared library name, then $_[0]->sharedname()
# and $_[0]->sharedname_simple() will return undef. This needs being
# accounted for.
my $name = $_[0]->sharedname($_[1]);
my $simplename = $_[0]->sharedname_simple($_[1]);
my $ext = $_[0]->shlibext();
# Allow override of the extension passed in as parameter
my $simpleext = $_[2];
$simpleext = $_[0]->shlibextsimple() unless defined $simpleext;
return undef unless defined $simplename && defined $name;
return undef if ($name eq $simplename && $ext eq $simpleext);
return platform::BASE::__concat($simplename, $simpleext);
}
sub sharedlib_import {
return undef;
}
1;

65
Configurations/platform/VMS.pm
View File

@@ -1,65 +0,0 @@
package platform::VMS;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::BASE;
@ISA = qw(platform::BASE);
# Assume someone set @INC right before loading this module
use configdata;
# VMS has a cultural standard where all installed libraries are prefixed.
# For OpenSSL, the choice is 'ossl$' (this prefix was claimed in a
# conversation with VSI, Tuesday January 26 2016)
sub osslprefix { 'OSSL$' }
sub binext { '.EXE' }
sub dsoext { '.EXE' }
sub shlibext { '.EXE' }
sub libext { '.OLB' }
sub defext { '.OPT' }
sub objext { '.OBJ' }
sub depext { '.D' }
sub asmext { '.ASM' }
# Other extra that aren't defined in platform::BASE
sub shlibvariant { $target{shlib_variant} || '' }
sub optext { '.OPT' }
sub optname { return $_[1] }
sub opt { return $_[0]->optname($_[1]) . $_[0]->optext() }
# Other projects include the pointer size in the name of installed libraries,
# so we do too.
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
return platform::BASE::__concat($_[0]->osslprefix(),
platform::BASE->staticname($_[1]),
$target{pointer_size});
}
# To enable installation of multiple major OpenSSL releases, we include the
# version number in installed shared library names.
my $sover_filename =
join('', map { sprintf "%02d", $_ } split(m|\.|, $config{shlib_version}));
sub shlib_version_as_filename {
return $sover_filename;
}
sub sharedname {
return platform::BASE::__concat($_[0]->osslprefix(),
platform::BASE->sharedname($_[1]),
$_[0]->shlib_version_as_filename(),
($_[0]->shlibvariant() // ''),
"_shr$target{pointer_size}");
}
1;

64
Configurations/platform/Windows.pm
View File

@@ -1,64 +0,0 @@
package platform::Windows;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::BASE;
@ISA = qw(platform::BASE);
# Assume someone set @INC right before loading this module
use configdata;
sub binext { '.exe' }
sub dsoext { '.dll' }
sub shlibext { '.dll' }
sub libext { '.lib' }
sub defext { '.def' }
sub objext { '.obj' }
sub depext { '.d' }
sub asmext { '.asm' }
# Other extra that aren't defined in platform::BASE
sub resext { '.res' }
sub shlibextimport { '.lib' }
sub shlibvariant { $target{shlib_variant} || '' }
sub staticname {
# Non-installed libraries are *always* static, and their names remain
# the same, except for the mandatory extension
my $in_libname = platform::BASE->staticname($_[1]);
return $in_libname
if $unified_info{attributes}->{libraries}->{$_[1]}->{noinst};
# To make sure not to clash with an import library, we make the static
# variant of our installed libraries get '_static' added to their names.
return platform::BASE->staticname($_[1])
. ($disabled{shared} ? '' : '_static');
}
# To mark forward compatibility, we include the OpenSSL major release version
# number in the installed shared library names.
(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
sub shlib_version_as_filename {
return $sover_filename
}
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
"-",
$_[0]->shlib_version_as_filename(),
($_[0]->shlibvariant() // ''));
}
sub sharedname_import {
return platform::BASE::__isshared($_[1]) ? $_[1] : undef;
}
sub sharedlib_import {
return platform::BASE::__concat($_[0]->sharedname_import($_[1]),
$_[0]->shlibextimport());
}
1;

44
Configurations/platform/Windows/MSVC.pm
View File

@@ -1,44 +0,0 @@
package platform::Windows::MSVC;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::Windows;
@ISA = qw(platform::Windows);
# Assume someone set @INC right before loading this module
use configdata;
sub pdbext { '.pdb' }
# It's possible that this variant of |sharedname| should be in Windows.pm.
# However, this variant was VC only in 1.1.1, so we maintain that here until
# further notice.
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
"-",
$_[0]->shlib_version_as_filename(),
($target{multilib} // '' ),
($_[0]->shlibvariant() // ''));
}
sub staticlibpdb {
return platform::BASE::__concat($_[0]->staticname($_[1]), $_[0]->pdbext());
}
sub sharedlibpdb {
return platform::BASE::__concat($_[0]->sharedname($_[1]), $_[0]->pdbext());
}
sub dsopdb {
return platform::BASE::__concat($_[0]->dsoname($_[1]), $_[0]->pdbext());
}
sub binpdb {
return platform::BASE::__concat($_[0]->binname($_[1]), $_[0]->pdbext());
}
1;

16
Configurations/platform/Windows/cppbuilder.pm
View File

@@ -1,16 +0,0 @@
package platform::Windows::cppbuilder;
use vars qw(@ISA);
require platform::Windows::MSVC;
@ISA = qw(platform::Windows::MSVC);
sub pdbext { '.tds' }
# C++Builder's Clang-based compilers prepend an underscore to __cdecl-convention
# C functions, and the linker needs those as the InternalName in the .def file.
sub export2internal {
return "_$_[1]";
}
1;

51
Configurations/platform/mingw.pm
View File

@@ -1,51 +0,0 @@
package platform::mingw;
use strict;
use warnings;
use Carp;
use vars qw(@ISA);
require platform::Unix;
@ISA = qw(platform::Unix);
# Assume someone set @INC right before loading this module
use configdata;
sub binext { '.exe' }
sub objext { '.obj' }
sub libext { '.a' }
sub dsoext { '.dll' }
sub defext { '.def' }
# Other extra that aren't defined in platform::BASE
sub resext { '.res.obj' }
sub shlibext { '.dll' }
sub shlibextimport { $target{shared_import_extension} || '.dll.a' }
sub shlibextsimple { undef }
sub makedepcmd { $disabled{makedepend} ? undef : $config{makedepcmd} }
(my $sover_filename = $config{shlib_version}) =~ s|\.|_|g;
sub shlib_version_as_filename {
return $sover_filename;
}
sub sharedname {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
"-",
$_[0]->shlib_version_as_filename(),
($config{target} eq "mingw64"
? "-x64" : ""));
}
# With Mingw and other DLL producers, there isn't any "simpler" shared
# library name. However, there is a static import library.
sub sharedlib_simple {
return undef;
}
sub sharedlib_import {
return platform::BASE::__concat(platform::BASE->sharedname($_[1]),
$_[0]->shlibextimport());
}
1;

100
Configurations/shared-info.pl
View File

@@ -1,100 +0,0 @@
#! /usr/bin/env perl
# -*- mode: perl; -*-
# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
# This is a collection of extra attributes to be used as input for creating
# shared libraries, currently on any Unix variant, including Unix like
# environments on Windows.
sub detect_gnu_ld {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -Wl,-V /dev/null 2>&1`;
return grep /^GNU ld/, @lines;
}
sub detect_gnu_cc {
my @lines =
`$config{CROSS_COMPILE}$config{CC} -v 2>&1`;
return grep /gcc/, @lines;
}
my %shared_info;
%shared_info = (
'gnu-shared' => {
shared_ldflag => '-shared -Wl,-Bsymbolic',
shared_sonameflag => '-Wl,-soname=',
},
'linux-shared' => sub {
return {
%{$shared_info{'gnu-shared'}},
shared_defflag => '-Wl,--version-script=',
dso_ldflags =>
(grep /(?:^|\s)-fsanitize/,
@{$config{CFLAGS}}, @{$config{cflags}})
? ''
: '-Wl,-z,defs',
};
},
'bsd-gcc-shared' => sub { return $shared_info{'linux-shared'}; },
'bsd-gcc-nodef-shared' => sub {
return {
%{$shared_info{'gnu-shared'}},
shared_defflags => '-Wl,--version-script=',
};
},
'darwin-shared' => {
module_ldflags => '-bundle',
shared_ldflag => '-dynamiclib -current_version $(SHLIB_VERSION_NUMBER) -compatibility_version $(SHLIB_VERSION_NUMBER)',
shared_sonameflag => '-install_name $(libdir)/',
},
'cygwin-shared' => {
shared_ldflag => '-shared -Wl,--enable-auto-image-base',
shared_impflag => '-Wl,--out-implib=',
},
'mingw-shared' => sub {
return {
%{$shared_info{'cygwin-shared'}},
# def_flag made to empty string so it still generates
# something
shared_defflag => '',
shared_argfileflag => '@',
};
},
'alpha-osf1-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
module_ldflags => '-shared -Wl,-Bsymbolic',
shared_ldflag => '-shared -Wl,-Bsymbolic -set_version $(SHLIB_VERSION_NUMBER)',
};
},
'svr3-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => '-G',
shared_sonameflag => '-h ',
};
},
'svr5-shared' => sub {
return $shared_info{'gnu-shared'} if detect_gnu_ld();
return {
shared_ldflag => detect_gnu_cc() ? '-shared' : '-G',
shared_sonameflag => '-h ',
};
},
'solaris-gcc-shared' => sub {
return $shared_info{'linux-shared'} if detect_gnu_ld();
return {
# Note: we should also have -shared here, but because some
# config targets define it with an added -static-libgcc
# following it, we don't want to change the order. This
# forces all solaris gcc config targets to define shared_ldflag
shared_ldflag => '-Wl,-Bsymbolic',
shared_defflag => "-Wl,-M,",
shared_sonameflag => "-Wl,-h,",
};
},
);

2327
Configurations/unix-Makefile.tmpl
View File

File diff suppressed because it is too large Load Diff

2
Configurations/unix-checker.pm
View File

@@ -1,4 +1,4 @@
#! /usr/bin/env perl
#! /usr/bin/perl
use Config;

4
Configurations/windows-checker.pm
View File

@@ -1,4 +1,4 @@
#! /usr/bin/env perl
#! /usr/bin/perl
use Config;
@@ -6,7 +6,7 @@ use Config;
# we expect for the platform
use File::Spec::Functions qw(:DEFAULT rel2abs);
if (!$ENV{CONFIGURE_INSIST} && rel2abs('.') !~ m|\\|) {
if (rel2abs('.') !~ m|\\|) {
die <<EOF;
******************************************************************************

1168
Configurations/windows-makefile.tmpl
View File

File diff suppressed because it is too large Load Diff

4015
Configure
View File

File diff suppressed because it is too large Load Diff

2
FAQ Normal file
View File

@@ -0,0 +1,2 @@
The FAQ is now maintained on the web:
https://www.openssl.org/docs/faq.html

Some files were not shown because too many files have changed in this diff Show More