summaryrefslogtreecommitdiffstats
path: root/Configure (follow)
Commit message (Collapse)AuthorAgeFilesLines
* ch_init(): Add braces to appease older clang compilersTomas Mraz2023-08-251-0/+1
| | | | | | | | | | | | | They produce a warning `suggest braces around initialization of subobject` otherwise. Add -Wno-missing-braces to silence old clang compilers And drop unnecessary braces in zeroing initializers. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21823)
* Optimize SM2 on aarch64Xu Yizhou2023-08-241-0/+1
| | | | | | | | Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20754)
* no-module should not imply disabling DSO loading supportTomas Mraz2023-07-171-4/+1
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21459)
* Disable QUIC if TLSv1.3 is disabledMatt Caswell2023-07-061-0/+1
| | | | | | | | | | QUIC depends on TLSv1.3, so if the latter is disabled then we must do the same for QUIC. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21332)
* Enable QUIC by defaultMatt Caswell2023-07-061-3/+1
| | | | | | | | | | | | | | | Ensure builds enable QUIC without explicitly having to ask for it. To disable QUIC pass "no-quic" to Configure. As a result we can remove all use of "enable-quic" from the various CI runs. We also add a CHANGES and NEWS entry for QUIC support. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21332)
* add no-docs optionVladimír Kotal2023-06-281-0/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21240)
* Allow to disable apps building with no-appsVladimír Kotal2023-06-231-0/+1
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21212)
* configure: introduce no-ecx to remove ECX related featureYi Li2023-06-141-1/+2
| | | | | | | | | | | This can effectively reduce the binary size for platforms that don't need ECX feature(~100KB). Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20781)
* build.info: Introduce special syntax for dependencies on script modulesRichard Levitte2023-06-081-8/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The DEPEND statement, when applied on files generated with GENERATE, may be used to specify script modules that the template to be generated from depends on. In short, this sort of depend: DEPEND[generated]=util/perl/OpenSSL/something.pm ... would generate a perl run that has the inclusion directory 'util/perl/OpenSSL' and 'something' as the module to be loaded. However, the package name for this module is 'OpenSSL::something', so to load it the way it's expected, the inclusion directory should be 'util/perl', and the module to be loaded should be specified as 'OpenSSL/something' (to be massaged into a proper module name by the build file template). To allow this, we introduce a file syntax, where a single '|' is used as a directory separator, to delineate what part should be used as the inclustion directory, and which part the module name to be loaded should be derived from: DEPEND[generated]=util/perl|OpenSSL/something.pm Fixes #21112 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21117)
* allow to disable httpVladimír Kotal2023-06-061-1/+4
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21108)
* Added ability to pass additional ASFLAGS to ConfigureMathias Berchtold2023-04-251-0/+1
| | | | | | | | | | | This allows additional command line options to be passed to the assembler. For example: Configure VC-WIN64A ASFLAGS=--reproducible Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20813)
* Fix Configure test for -mips in CFLAGSMike Gilbert2023-03-191-1/+1
| | | | | | | | | | | | | | We want to add -mips2 or -mips3 only if the user hasn't already specified a mips version in CFLAGS. The existing test was a double-negative. CLA: trivial Fixes: https://github.com/openssl/openssl/issues/20214 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20273)
* providers: add Argon2 KDFČestmír Kalina2023-03-171-0/+3
| | | | | | | | | | https://datatracker.ietf.org/doc/rfc9106/ Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12256)
* Use $config{build_file} instead of $target{build_file}Richard Levitte2023-02-011-4/+4
| | | | | | | | | | | | If the user specifies an alternative build file than the default, this alternative is recorded in $config{build_file}, not $target{build_file}. Therefore, the former should be used, leaving the latter as a mere default. This is a bug. While fixing it, document it better too. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20173)
* QUIC: Dummy Handshake Layer for PrototypingHugo Landau2023-01-131-1/+2
| | | | | | | | | | | This disables -Wtype-limits / -Wtautological-constant-out-of-range-compare. Since it generates warnings for valid and reasonable code, IMO this actually encourages people to write worse code. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* Convert ZLIB defines to OPENSSL_NO_ZLIBTodd Short2022-10-181-1/+1
| | | | | | | | | Use the normal OPENSSL_NO_ prefix to enable/disable ZLIB Make `BIO_f_zlib()` always available. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Add ZSTD compression support (RFC8478bis)Todd Short2022-10-181-1/+18
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Add brotli compression support (RFC7924)Todd Short2022-10-181-3/+20
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* crypto: add preemptive threading supportČestmír Kalina2022-10-171-16/+3
| | | | | | | | | | | | | | | | | | | | | Some primitives are designed to be used in a multi-threaded environment, if supported, e.g., Argon2. This patch adds support for preemptive threading and basic synchronization primitives for platforms compliant with POSIX threads or Windows CRT. Native functions are wrapped to provide a common (internal) API. Threading support can be disabled at compile time. If enabled, threading is disabled by default and needs to be explicitly enabled by the user. Thread enablement requires an explicit limit on the number of threads that OpenSSL may spawn (non-negative integer/infinity). The limit may be changed. Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12255)
* Configure: add thread-pool and default-thread-poolČestmír Kalina2022-10-171-1/+23
| | | | | | | | Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12255)
* Fix detection of ktls support in cross-compile environment on LinuxTomas Mraz2022-09-191-10/+3
| | | | | | | | Fixes #19212 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19213)
* Add support for loading root CAs from Windows crypto APIHugo Landau2022-09-141-0/+7
| | | | | | | | Fixes #18020. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18070)
* Always automatically add -DPEDANTIC with enable-ubsanTomas Mraz2022-08-231-3/+1
| | | | | | | | To avoid reports like: #19028 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19029)
* Don't try to make configuration leanerRichard Levitte2022-07-241-52/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | This partially reverts Github PR #16378: commit 764cf5b26306a8712e8b3d41599c44dc5ed07a25, titled "Configuration: only produce a new configdata.pm if it has changed contents" Unfortunately, the attempt to make configuration leaner didn't take into account all the files that may or may not affect the outcome of `configdata.pm`, and most of all, didn't take into account that `Makefile` has clauses of its own to determined when a reconfiguration is needed, all based on time stamps. Something as simple as a changed `Configurations/10-main.conf`, where the change doesn't affect the resulting `configdata.pm` gets `make` into a reconfiguration loop, because `configdata.pm` is older than `10-main.conf`. The lesson to remember is not to try to outsmart `make` in cases like this. We retain the other parts of the PR mentioned, as they are still valid. needed to be taken into account (all the Configurations/*.conf as well as all the build.info) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/18832)
* Configure: Add disablable for QUIC, disabled by defaultTomas Mraz2022-06-031-1/+5
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18307)
* Building: For the FIPS module checksum, keep track of configuration,hRichard Levitte2022-05-221-2/+7
| | | | | | | | | | | | The FIPS module checksum needs to know that configuration.h is generated from configuration.h.in, so that information is conserved. To make this possible, it's now possible to have attributes with the GENERATE keyword, and the attribute "skip" is added to make a keyword a no-op, which makes it informative only. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/16378)
* Configuration: produce include/openssl/configuration.h when configuringRichard Levitte2022-05-221-2/+5
| | | | | | | | | | | | | | | | | The goal is to avoid having too much of the OpenSSL source rebuilt because include/openssl/configuration.h, or even because it was a Makefile target that was called upon (some make implementations consider the use of a target as an update of that target, even if it wasn't really updated). To resolve this, we move the production of include/openssl/configuration.h to configdata.pm, and only update it if there were any actual changes. Fixes #16377 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/16378)
* Configuration: only produce a new configdata.pm if it has changed contentsRichard Levitte2022-05-221-16/+54
| | | | | | | | | | | | | | | The goal is to avoid having too much of the OpenSSL source rebuilt because configdata.pm got a new time stamp. The conditions for updating configdata.pm are now: 1. its time stamp is older than Configure's, or... 2. its contents has changed. Fixes #16377 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/16378)
* Update copyright yearMatt Caswell2022-05-031-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* Configure: don't try to be clever when configuring afalgengRoss Burton2022-03-221-14/+1
| | | | | | | | | | | | | | | | | | | | | | | If the afalgeng is enabled then Configure tries to be clever but fails, by only actually building afalgeng if it isn't being cross-compiled and if the current kernel is 4.1+. This means that everyone cross compiling, or whose builder machines are running older kernels (not uncommon for build farms), can't enable afalgeng. Instead remove the cleverness and simply enable/disable as requested. Fixes #7687 CLA: trivial Signed-off-by: Ross Burton <ross.burton@arm.com> Change-Id: I023b6cb535d5b5811823d4814fa939de3f304886 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7688)
* Add TFO support to socket BIO and s_client/s_serverTodd Short2022-03-101-1/+4
| | | | | | | | | | | Supports Linux, MacOS and FreeBSD Disabled by default, enabled via `enabled-tfo` Some tests Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8692)
* Fix typosDimitris Apostolou2022-01-051-2/+2
| | | | | | Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17392)
* Fix Configure variable spillAlexandros Roussos2021-12-231-11/+11
| | | | | | | | | | | | | | | * Evaluating code-refs in Configure can sometimes set the default variable `$_` * Prevent spillage influencing the target property by using named variable in loop CLA: trivial Fixes gh-17321 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17322)
* Add support for BSD-ppc, BSD-ppc64 and BSD-ppc64le configurationspkubaj2021-12-091-1/+1
| | | | | | | | | | | OpenSSL assumes AT_HWCAP = 16 (as on Linux), but on FreeBSD AT_HWCAP = 25 Switch to using AT_HWCAP, and setting it to 16 if it is not defined. CLA: trivial Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17090)
* Replace CONFIG_NOWAIT env var with -w optionRich Salz2021-08-201-1/+3
| | | | | | | | And document the -w option Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16325)
* config: enable ACVP test case if FIPS is enabled.Pauli2021-07-171-2/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16095)
* Configure: Reflect that We don't build loader_attic when dynamic-engine is ↵Richard Levitte2021-06-231-0/+1
| | | | | | | disabled Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15858)
* Configure: Allow spaces around '=' in all build.info statementsRichard Levitte2021-06-111-16/+16
| | | | | | | | | | This was allowed already for some statements, but not consistently for all. Fixes #15684 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15691)
* Enable ssl-trace by defaultArran Cudbard-Bell2021-06-101-2/+1
| | | | | | | | There doesn't appear to be a good reason to omit protocol message tracing by default. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15665)
* Configure: variable expand GENERATE values tooRichard Levitte2021-06-021-1/+1
| | | | | | | | | | | Internal documentation doesn't allow for any exception... Therefore, even GENERATE values should be variable expanded. (there are historical reasons why GENERATE was excepted from variable expansion, that aren't applicable any more) Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15554)
* Rework and make DEBUG macros consistent.Rich Salz2021-05-281-3/+2
| | | | | | | | | | | | | | | | | | | | Remove unused -DCONF_DEBUG and -DBN_CTX_DEBUG. Rename REF_PRINT to REF_DEBUG for consistency, and add a new tracing category and use it for printing reference counts. Rename -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG Fix BN_DEBUG_RAND so it compiles and, when set, force DEBUG_RAND to be set also. Rename engine_debug_ref to be ENGINE_REF_PRINT also for consistency. Fixes #15357 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15353)
* Fix -static builds on masterTom Cosgrove2021-05-261-4/+4
| | | | | | | | | | | Pull in Todd Short's fix cfd7225fbb from 1.1.1, which moves the disabling of pic, threads and statics to before they are checked. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15214)
* Make it possible to disable the loader_attic engineRichard Levitte2021-05-221-0/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15320)
* configure: build list of image filesPauli2021-05-221-2/+17
| | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15399)
* Clean up the "fips" option to ConfigureMatt Caswell2021-05-211-8/+1
| | | | | | | | | Don't die if someone says "fips" instead of "enable-fips" Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15346)
* build.info: Make it possible to set attributes on SOURCE / SHARED_SOURCE stmtsRichard Levitte2021-05-191-10/+43
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15332)
* Rework how a build file (Makefile, ...) is producedRichard Levitte2021-05-191-4/+2
| | | | | | | | | | | | | | | | | | | The memory footprint of how we produced the Makefile was quite... important, because we have all the processing in one perl snippet, and generate the details of the build file by appending to the "magic" variable $OUT. The result is that this variable gets to hold the majority of the build file text, and depending on memory reallocation strategies for strings, the heap may hold multiple (possibly not just a few) copies of this string, almost all of them "freed" but still taking up space. This has resulted in memory exhaustion. We therefore change strategy, and generate the build file in two phases, where the first phase generates the full template using small perl snippets for each detail, and the second phase processes this template. This is much kinder to process memory. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15310)
* Add --banner config optionRich Salz2021-05-141-17/+24
| | | | | | | | | | Use it in the automated workflows. Fixes: #15247 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15248)
* acvp-test: disable the ACVP testing code by defaultPauli2021-05-021-0/+1
| | | | | | | It's only useful for the FIPS lab and shouldn't be in production. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15092)
* acvp: fix the no-acvp_test buildPauli2021-04-301-1/+1
| | | | | | | | A pair of the disabled string checks were incorrect. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/15082)