Move uplink file information to build.info files

This file information was hidden in config target files, when they
should really be part of build.info like any other file we build
f

Move uplink file information to build.info files

This file information was hidden in config target files, when they
should really be part of build.info like any other file we build
from. With build.info variables, the task became much easier.

We take the opportunity to move apps_init_src and apps_aux_src to
apps/build.info as well, and to clean up apps/build.info.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

show more ...

Configure: add mechanism to specify uplink target architecture

As preparation for moving uplink file specs to build.info files, we
must make sure there is still some base information to

Configure: add mechanism to specify uplink target architecture

As preparation for moving uplink file specs to build.info files, we
must make sure there is still some base information to help select the
correct files.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

show more ...

Configure: allow conditions and variable values to have variable references

This will allow building variables on other variables, and to have
conditions based on variable contents.

Configure: allow conditions and variable values to have variable references

This will allow building variables on other variables, and to have
conditions based on variable contents.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)

show more ...

Fix no-ec with no-dh

Make sure that the combination of no-ec with no-dh builds successfully.
If neither ec or dh are available then TLSv1.3 is not possible.

Reviewed-by: Richard

Fix no-ec with no-dh

Make sure that the combination of no-ec with no-dh builds successfully.
If neither ec or dh are available then TLSv1.3 is not possible.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9156)

show more ...

Allow TLSv1.3 in a no-ec build

Now that we have TLSv1.3 FFDHE support there is no reason why we should
not allow TLSv1.3 to be used in a no-ec build. This commit enables that
to happ

Allow TLSv1.3 in a no-ec build

Now that we have TLSv1.3 FFDHE support there is no reason why we should
not allow TLSv1.3 to be used in a no-ec build. This commit enables that
to happen.

It also fixes no-ec which was previously broken.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9156)

show more ...

Configure: Add support for variables in build.info files

Variables have the syntax defined with this regular expression:

\$([[:alpha:]_][[:alnum:]_]*)

They are always l

Configure: Add support for variables in build.info files

Variables have the syntax defined with this regular expression:

\$([[:alpha:]_][[:alnum:]_]*)

They are always local to the build.info they are defined in, and are
defined like this:

$VAR=text

Expansion is done very simply, any reference to the variable (with the
exact same variable syntax) is replaced with its defined value.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9144)

show more ...

Configure: count basenames for all library sources

Make sure that each basename only appears once. This is due to the
static library archiver on Unix, that indexes archived object files

Configure: count basenames for all library sources

Make sure that each basename only appears once. This is due to the
static library archiver on Unix, that indexes archived object files by
base name only, thereby making base name clashes... interesting.

This is a safety net for OpenSSL developer!

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9133)

show more ...

Ensure code is compiled with correct BIGNUM assembler defines

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from http

Ensure code is compiled with correct BIGNUM assembler defines

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9130)

show more ...

Improve the Windows OneCore target support. (Add targets for building libraries for Windows Store apps.)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <mat

Improve the Windows OneCore target support. (Add targets for building libraries for Windows Store apps.)

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8917)

show more ...

Remove last references to DEBUG_SAFESTACK

The DEBUG_SAFESTACK preprocessor define is obsolete since 2008
when the non-safestack code was removed by commit 985de8634000.

Reviewed

Remove last references to DEBUG_SAFESTACK

The DEBUG_SAFESTACK preprocessor define is obsolete since 2008
when the non-safestack code was removed by commit 985de8634000.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9070)

show more ...

Ensure we get all the right defines for AES assembler in FIPS module

There are various C macro definitions that are passed via the compiler
to enable AES assembler optimisation. We need

Ensure we get all the right defines for AES assembler in FIPS module

There are various C macro definitions that are passed via the compiler
to enable AES assembler optimisation. We need to make sure that these
defines are also passed during compilation of the FIPS module.

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9038)

show more ...

Configure: Remove extra warning and sanitizer options from CXXFLAGS

We add the extra warning and sanitizer options to check our code,
which is entirely in C. We support C++ compilers un

Configure: Remove extra warning and sanitizer options from CXXFLAGS

We add the extra warning and sanitizer options to check our code,
which is entirely in C. We support C++ compilers uniquely for the
sake of certain external test suites, and those projects can probably
sanitize their own code themselves.

[extended tests]

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9013)

show more ...

Clear CRMF vs CMP confusion

In the development of the CRMF sub-system, there seems to have been
some confusion as to what configuration option should be used.
'no-crmf' was added, bu

Clear CRMF vs CMP confusion

In the development of the CRMF sub-system, there seems to have been
some confusion as to what configuration option should be used.
'no-crmf' was added, but the C macro guards were using OPENSSL_NO_CMP
rather than OPENSSL_NO_CRMF...

In fact, we want 'no-cmp', but since the CRMF code is part of CMP, we
need 'no-crmf' to depend on 'no-cmp'. We do this by making 'crmf' a
silent "option" that get affected by 'cmp' by way of %disable_cascades.
This allows options to be "aliases" for a set of other ones, silent or
not.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8897)

show more ...

Allow setting RCFLAGS as Configure option or environment variable

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://gi

Allow setting RCFLAGS as Configure option or environment variable

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8803)

show more ...

Configure: process shared-info.pl later

The reason is that the shared-info attributes may depend on %disabled,
so we need to process all enablings/disablings first.

Reviewed-by:

Configure: process shared-info.pl later

The reason is that the shared-info attributes may depend on %disabled,
so we need to process all enablings/disablings first.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8846)

show more ...

Recognise clang -fsanitize options and translate them

Because we depend on knowing if clang's address, memory or undefinedbehavior
sanitizers are enabled, we make an extra effort to dete

Recognise clang -fsanitize options and translate them

Because we depend on knowing if clang's address, memory or undefinedbehavior
sanitizers are enabled, we make an extra effort to detect them among the
C flags, and adjust the %disabled values accordingly.

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/8778)

show more ...

Configure: make disabling stuff easier and safer

Disabling one thing may mean having to disable other things as well.
We already have a process to auto-disable things through cascading,

Configure: make disabling stuff easier and safer

Disabling one thing may mean having to disable other things as well.
We already have a process to auto-disable things through cascading,
but that was under-used.

Making the cascading mechanism available through a function to be
called to disable stuff makes it more automatic, and helps us when we
forget how different disabling options affect others.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)

show more ...

Configure: recognise -static even if given through variables

Fixes #8787

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)

Configure: merge all of %user and %useradd into %config earlier

This came about with the realisation that upper case CFLAGS, LDFLAGS
and so on aren't treated much after that, and this ma

Configure: merge all of %user and %useradd into %config earlier

This came about with the realisation that upper case CFLAGS, LDFLAGS
and so on aren't treated much after that, and this makes figuring out
user added flags significantly easier, just look in %config.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8812)

show more ...

Add a legacy provider and put MD2 in it

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8541)

Add a no-fips Configure option

Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8537)

Configuration / build: make it possible to disable building of modules

While we're at it, sort out inconsistencies with the build of modules:
- not building shared libraries means not bu

Configuration / build: make it possible to disable building of modules

While we're at it, sort out inconsistencies with the build of modules:
- not building shared libraries means not building dynamic engines.
However, other modules may still be built.
- not having DSO functionality doesn't mean not to build modules (even
though we can't use them from apps linked with libraries that are
built this way).

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)

show more ...

Build cleanup: don't use SHARED_SOURCE with modules

SHARED_SOURCE is reserved for products that are expected to come in
dual shared / non-shared form, i.e. the routine libraries like

Build cleanup: don't use SHARED_SOURCE with modules

SHARED_SOURCE is reserved for products that are expected to come in
dual shared / non-shared form, i.e. the routine libraries like
libcrypto and libssl, to distinguish source that should only appear in
their shared form.

Modules are always shared, so there's no need for them to have this
type of distinction.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8623)

show more ...

Restore the "heartbeats" configuration option among the deprecated

Removing the option entirely would break builds unnecessarily, so
let's make it deprecated.

Reviewed-by: Matt

Restore the "heartbeats" configuration option among the deprecated

Removing the option entirely would break builds unnecessarily, so
let's make it deprecated.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8632)

show more ...

Rework DSO API conditions and configuration option

'no-dso' is meaningless, as it doesn't get any macro defined.
Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may

Rework DSO API conditions and configuration option

'no-dso' is meaningless, as it doesn't get any macro defined.
Therefore, we remove all checks of OPENSSL_NO_DSO. However, there may
be some odd platforms with no DSO scheme. For those, we generate the
internal macro DSO_NONE aand use it.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/#8622)

show more ...