README 26.4 KB
Newer Older
1
Configurations of OpenSSL target platforms
2
==========================================
3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41

Target configurations are a collection of facts that we know about
different platforms and their capabilities.  We organise them in a
hash table, where each entry represent a specific target.

In each table entry, the following keys are significant:

        inherit_from    => Other targets to inherit values from.
                           Explained further below. [1]
        template        => Set to 1 if this isn't really a platform
                           target.  Instead, this target is a template
                           upon which other targets can be built.
                           Explained further below.  [1]

        sys_id          => System identity for systems where that
                           is difficult to determine automatically.

        cc              => The compiler command, usually one of "cc",
                           "gcc" or "clang".  This command is normally
                           also used to link object files and
                           libraries into the final program.
        cflags          => Flags that are used at all times when
                           compiling.
        debug_cflags    => Extra compilation flags used when making a
                           debug build (when Configure receives the
                           --debug option).  Typically something like
                           "-g -O0".
        release_cflags  => Extra compilation flags used when making a
                           release build (when Configure receives the
                           --release option, or doesn't receive the
                           --debug option).  Typically something like
                           "-O" or "-O3".
        thread_cflags   => Extra compilation flags used when
                           compiling with threading enabled.
                           Explained further below.  [2]
        shared_cflag    => Extra compilation flags used when
                           compiling for shared libraries, typically
                           something like "-fPIC".

42 43
        (linking is a complex thing, see [3] below)
        ld              => Linker command, usually not defined
44 45 46 47
                           (meaning the compiler command is used
                           instead).
                           (NOTE: this is here for future use, it's
                           not implemented yet)
48 49 50 51 52 53 54
        lflags          => Flags that are used when linking apps.
        shared_ldflag   => Flags that are used when linking shared
                           or dynamic libraries.
        plib_lflags     => Extra linking flags to appear just before
                           the libraries on the command line.
        ex_libs         => Extra libraries that are needed when
                           linking.
55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96

        debug_lflags    => Like debug_cflags, but used when linking.
        release_lflags  => Like release_cflags, but used when linking.

        ar              => The library archive command, the default is
                           "ar".
                           (NOTE: this is here for future use, it's
                           not implemented yet)
        arflags         => Flags to be used with the library archive
                           command.

        ranlib          => The library archive indexing command, the
                           default is 'ranlib' it it exists.

        unistd          => An alternative header to the typical
                           '<unistd.h>'.  This is very rarely needed.

        shared_extension => File name extension used for shared
                            libraries. 
        obj_extension   => File name extension used for object files.
                           On unix, this defaults to ".o" (NOTE: this
                           is here for future use, it's not
                           implemented yet)
        exe_extension   => File name extension used for executable
                           files.  On unix, this defaults to "" (NOTE:
                           this is here for future use, it's not
                           implemented yet)

        dso_scheme      => The type of dynamic shared objects to build
                           for.  This mostly comes into play with
                           engines, but can be used for other purposes
                           as well.  Valid values are "DLFCN"
                           (dlopen() et al), "DLFCN_NO_H" (for systems
                           that use dlopen() et al but do not have
                           fcntl.h), "DL" (shl_load() et al), "WIN32"
                           and "VMS".
        perlasm_scheme  => The perlasm method used to created the
                           assembler files used when compiling with
                           assembler implementations.
        shared_target   => The shared library building method used.
                           This is a target found in Makefile.shared.
        build_scheme    => The scheme used to build up a Makefile.
97 98 99 100 101 102 103 104
                           In its simplest form, the value is a string
                           with the name of the build scheme.
                           The value may also take the form of a list
                           of strings, if the build_scheme is to have
                           some options.  In this case, the first
                           string in the list is the name of the build
                           scheme.
                           Currently recognised build schemes are
105 106 107 108 109
                           "mk1mf" and "unixmake" and "unified".
                           For the "unified" build scheme, this item
                           *must* be an array with the first being the
                           word "unified" and the second being a word
                           to identify the platform family.
110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133

        multilib        => On systems that support having multiple
                           implementations of a library (typically a
                           32-bit and a 64-bit variant), this is used
                           to have the different variants in different
                           directories.

        bn_ops          => Building options (was just bignum options
                           in the earlier history of this option,
                           hence the name).  This a string of words
                           that describe properties on the designated
                           target platform, such as the type of
                           integers used to build up the bitnum,
                           different ways to implement certain ciphers
                           and so on.  To fully comprehend the
                           meaning, the best is to read the affected
                           source.
                           The valid words are:

                           BN_LLONG     use 'unsigned long long' in
                                        some bignum calculations.
                                        This has no value when
                                        SIXTY_FOUR_BIT or
                                        SIXTY_FOUR_BIT_LONG is given.
134
                           RC4_CHAR     makes the basic RC4 unit of
135 136 137 138 139 140 141 142 143 144 145 146 147 148
                                        calculation an unsigned char.
                           SIXTY_FOUR_BIT       processor registers
                                                are 64 bits, long is
                                                32 bits, long long is
                                                64 bits.
                           SIXTY_FOUR_BIT_LONG  processor registers
                                                are 64 bits, long is
                                                64 bits.
                           THIRTY_TWO_BIT       processor registers
                                                are 32 bits.
                           EXPORT_VAR_AS_FN     for shared libraries,
                                                export vars as
                                                accessor functions.

149
        cpuid_asm_src   => assembler implementation of cpuid code as
150
                           well as OPENSSL_cleanse().
151 152
                           Default to mem_clr.c
        bn_asm_src      => Assembler implementation of core bignum
153
                           functions.
154 155
                           Defaults to bn_asm.c
        ec_asm_src      => Assembler implementation of core EC
156
                           functions.
157
        des_asm_src     => Assembler implementation of core DES
158
                           encryption functions.
159 160
                           Defaults to 'des_enc.c fcrypt_b.c'
        aes_asm_src     => Assembler implementation of core AES
161
                           functions.
162 163
                           Defaults to 'aes_core.c aes_cbc.c'
        bf_asm_src      => Assembler implementation of core BlowFish
164
                           functions.
165 166
                           Defaults to 'bf_enc.c'
        md5_asm_src     => Assembler implementation of core MD5
167
                           functions.
168
        sha1_asm_src    => Assembler implementation of core SHA1,
169 170
                           functions, and also possibly SHA256 and
                           SHA512 ones.
171
        cast_asm_src    => Assembler implementation of core CAST
172
                           functions.
173 174
                           Defaults to 'c_enc.c'
        rc4_asm_src     => Assembler implementation of core RC4
175
                           functions.
176 177
                           Defaults to 'rc4_enc.c rc4_skey.c'
        rmd160_asm_src  => Assembler implementation of core RMD160
178
                           functions.
179
        rc5_asm_src     => Assembler implementation of core RC5
180
                           functions.
181 182
                           Defaults to 'rc5_enc.c'
        wp_asm_src      => Assembler implementation of core WHIRLPOOL
183
                           functions.
184
        cmll_asm_src    => Assembler implementation of core CAMELLIA
185
                           functions.
186 187 188 189 190
                           Defaults to 'camellia.c cmll_misc.c cmll_cbc.c'
        modes_asm_src   => Assembler implementation of cipher modes,
                           currently the functions gcm_gmult_4bit and
                           gcm_ghash_4bit.
        padlock_asm_src => Assembler implementation of core parts of
191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252
                           the padlock engine.  This is mandatory on
                           any platform where the padlock engine might
                           actually be built.


[1] as part of the target configuration, one can have a key called
    'inherit_from' that indicate what other configurations to inherit
    data from.  These are resolved recursively.

    Inheritance works as a set of default values that can be overriden
    by corresponding key values in the inheriting configuration.

    Note 1: any configuration table can be used as a template.
    Note 2: pure templates have the attribute 'template => 1' and
            cannot be used as build targets.

    If several configurations are given in the 'inherit_from' array,
    the values of same attribute are concatenated with space
    separation.  With this, it's possible to have several smaller
    templates for different configuration aspects that can be combined
    into a complete configuration.

    instead of a scalar value or an array, a value can be a code block
    of the form 'sub { /* your code here */ }'.  This code block will
    be called with the list of inherited values for that key as
    arguments.  In fact, the concatenation of strings is really done
    by using 'sub { join(" ",@_) }' on the list of inherited values.

    An example:

        "foo" => {
                template => 1,
                haha => "ha ha",
                hoho => "ho",
                ignored => "This should not appear in the end result",
        },
        "bar" => {
                template => 1,
                haha => "ah",
                hoho => "haho",
                hehe => "hehe"
        },
        "laughter" => {
                inherit_from => [ "foo", "bar" ],
                hehe => sub { join(" ",(@_,"!!!")) },
                ignored => "",
        }

        The entry for "laughter" will become as follows after processing:

        "laughter" => {
                haha => "ha ha ah",
                hoho => "ho haho",
                hehe => "hehe !!!",
                ignored => ""
        }

[2] OpenSSL is built with threading capabilities unless the user
    specifies 'no-threads'.  The value of the key 'thread_cflags' may
    be "(unknown)", in which case the user MUST give some compilation
    flags to Configure.

253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277
[3] OpenSSL has three types of things to link from object files or
    static libraries:

    - shared libraries; that would be libcrypto and libssl.
    - shared objects (sometimes called dynamic libraries);  that would
      be the engines.
    - applications; those are apps/openssl and all the test apps.

    Very roughly speaking, linking is done like this (words in braces
    represent the configuration settings documented at the beginning
    of this file):

    shared libraries:
        {ld} $(CFLAGS) {shared_ldflag} -shared -o libfoo.so \
            -Wl,--whole-archive libfoo.a -Wl,--no-whole-archive \
            {plib_lflags} -lcrypto {ex_libs}

    shared objects:
        {ld} $(CFLAGS) {shared_ldflag} -shared -o libeng.so \
            blah1.o blah2.o {plib_lflags} -lcrypto {ex_libs}

    applications:
        {ld} $(CFLAGS) {lflags} -o app \
            app1.o utils.o {plib_lflags} -lssl -lcrypto {ex_libs}

278 279

Historically, the target configurations came in form of a string with
280 281
values separated by colons.  This use is deprecated.  The string form
looked like this:
282

R
Richard Levitte 已提交
283
   "target" => "{cc}:{cflags}:{unistd}:{thread_cflag}:{sys_id}:{lflags}:{bn_ops}:{cpuid_obj}:{bn_obj}:{ec_obj}:{des_obj}:{aes_obj}:{bf_obj}:{md5_obj}:{sha1_obj}:{cast_obj}:{rc4_obj}:{rmd160_obj}:{rc5_obj}:{wp_obj}:{cmll_obj}:{modes_obj}:{padlock_obj}:{perlasm_scheme}:{dso_scheme}:{shared_target}:{shared_cflag}:{shared_ldflag}:{shared_extension}:{ranlib}:{arflags}:{multilib}"
284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349 350 351 352 353 354 355 356 357 358 359 360 361 362 363 364 365 366 367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429


Build info files
================

The build.info files that are spread over the source tree contain the
minimum information needed to build and distribute OpenSSL.  It uses a
simple and yet fairly powerful language to determine what needs to be
built, from what sources, and other relationships between files.

For every build.info file, all file references are relative to the
directory of the build.info file for source files, and the
corresponding build directory for built files if the build tree
differs from the source tree.

When processed, every line is processed with the perl module
Text::Template, using the delimiters "{-" and "-}".  The hashes
%config and %target are passed to the perl fragments, along with
$sourcedir and $builddir, which are the locations of the source
directory for the current build.info file and the corresponding build
directory, all relative to the top of the build tree.

To begin with, things to be built are declared by setting specific
variables:

    PROGRAMS=foo bar
    LIBS=libsomething
    ENGINES=libeng
    SCRIPTS=myhack
    EXTRA=file1 file2

Note that the files mentioned for PROGRAMS, LIBS and ENGINES *must* be
without extensions.  The build file templates will figure them out.

For each thing to be built, it is then possible to say what sources
they are built from:

    PROGRAMS=foo bar
    SOURCE[foo]=foo.c common.c
    SOURCE[bar]=bar.c extra.c common.c

It's also possible to tell some other dependencies:

    DEPEND[foo]=libsomething
    DEPEND[libbar]=libsomethingelse

(it could be argued that 'libsomething' and 'libsomethingelse' are
source as well.  However, the files given through SOURCE are expected
to be located in the source tree while files given through DEPEND are
expected to be located in the build tree)

For some libraries, we maintain files with public symbols and their
slot in a transfer vector (important on some platforms).  It can be
declared like this:

    ORDINALS[libcrypto]=crypto

The value is not the name of the file in question, but rather the
argument to util/mkdef.pl that indicates which file to use.

One some platforms, shared libraries come with a name that's different
from their static counterpart.  That's declared as follows:

    SHARED_NAME[libfoo]=cygfoo-{- $config{shlibver} -}

The example is from Cygwin, which has a required naming convention.

Sometimes, it makes sense to rename an output file, for example a
library:

    RENAME[libfoo]=libbar

That lines has "libfoo" get renamed to "libbar".  While it makes no
sense at all to just have a rename like that (why not just use
"libbar" everywhere?), it does make sense when it can be used
conditionally.  See a little further below for an example.

For any file to be built, it's also possible to tell what extra
include paths the build of their source files should use:

    INCLUDE[foo]=include

It's possible to have raw build file lines, between BEGINRAW and
ENDRAW lines as follows:

    BEGINRAW[Makefile(unix)]
    haha.h: {- $builddir -}/Makefile
        echo "/* haha */" > haha.h
    ENDRAW[Makefile(unix)]

The word withing square brackets is the build_file configuration item
or the build_file configuration item followed by the second word in the
build_scheme configuration item for the configured target within
parenthesis as shown above.  For example, with the following relevant
configuration items:

   build_file   => "build.ninja"
   build_scheme => [ "unified", "unix" ]

... these lines will be considered:

   BEGINRAW[build.ninja]
   build haha.h: echo "/* haha */" > haha.h
   ENDRAW[build.ninja]

   BEGINRAW[build.ninja(unix)]
   build hoho.h: echo "/* hoho */" > hoho.h
   ENDRAW[build.ninja(unix)]

See the documentation further up for more information on configuration
items.

Finally, you can have some simple conditional use of the build.info
information, looking like this:

    IF[1]
     something
    ELSIF[2]
     something other
    ELSE
     something else
    ENDIF

The expression in square brackets is interpreted as a string in perl,
and will be seen as true if perl thinks it is, otherwise false.  For
example, the above would have "something" used, since 1 is true.

Together with the use of Text::Template, this can be used as
conditions based on something in the passed variables, for example:

    IF[{- $config{no_shared} -}]
      LIBS=libcrypto
      SOURCE[libcrypto]=...
    ELSE
      LIBS=libfoo
      SOURCE[libfoo]=...
    ENDIF

or:

    # VMS has a cultural standard where all libraries are prefixed.
    # For OpenSSL, the choice is 'ossl_'
    IF[{- $config{target} =~ /^vms/ -}]
     RENAME[libcrypto]=ossl_libcrypto
     RENAME[libssl]=ossl_libssl
    ENDIF
430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600


Build-file programming with the "unified" build system
======================================================

"Build files" are called "Makefile" on Unix-like operating systems,
"descrip.mms" for MMS on VMS, "makefile" for nmake on Windows, etc.

To use the "unified" build system, the target configuration needs to
set the three items 'build_scheme', 'build_file' and 'build_command'.
In the rest of this section, we will assume that 'build_scheme' is set
to "unified" (see the configurations documentation above for the
details).

For any name given by 'build_file', the "unified" system expects a
template file in Configurations/ named like the build file, with
".tmpl" appended, or in case of possible ambiguity, a combination of
the second 'build_scheme' list item and the 'build_file' name.  For
example, if 'build_file' is set to "Makefile", the template could be
Configurations/Makefile.tmpl or Configurations/unix-Makefile.tmpl.
In case both Configurations/unix-Makefile.tmpl and
Configurations/Makefile.tmpl are present, the former takes
precedence.

The build-file template is processed with the perl module
Text::Template, using "{-" and "-}" as delimiters that enclose the
perl code fragments that generate configuration-dependent content.
Those perl fragments have access to all the hash variables from
configdata.pem.

The build-file template is expected to define at least the following
perl functions in a perl code fragment enclosed with "{-" and "-}".
They are all expected to return a string with the lines they produce.

    src2dep     - function that produces build file lines to get the
                  dependencies for an object file into a dependency
                  file.

                  It's called like this:

                        src2dep(obj => "PATH/TO/objectfile",
                                srcs => [ "PATH/TO/sourcefile", ... ],
                                incs => [ "INCL/PATH", ... ]);

                  'obj' has the dependent object file as well as
                  object file the dependencies are for; it's *without*
                  extension, src2dep() is expected to add that.
                  'srcs' has the list of source files to build the
                  object file, with the first item being the source
                  file that directly corresponds to the object file.
                  'incs' is a list of include file directories.

    src2obj     - function that produces build file lines to build an
                  object file from source files and associated data.

                  It's called like this:

                        src2obj(obj => "PATH/TO/objectfile",
                                srcs => [ "PATH/TO/sourcefile", ... ],
                                deps => [ "dep1", ... ],
                                incs => [ "INCL/PATH", ... ]);

                  'obj' has the intended object file *without*
                  extension, src2obj() is expected to add that.
                  'srcs' has the list of source files to build the
                  object file, with the first item being the source
                  file that directly corresponds to the object file.
                  'deps' is a list of dependencies.  'incs' is a list
                  of include file directories.

    obj2lib     - function that produces build file lines to build a
                  static library file ("libfoo.a" in Unix terms) from
                  object files.

                  called like this:

                        obj2lib(lib => "PATH/TO/libfile",
                                objs => [ "PATH/TO/objectfile", ... ]);

                  'lib' has the intended library file name *without*
                  extension, obj2lib is expected to add that.  'objs'
                  has the list of object files (also *without*
                  extension) to build this library.

    libobj2shlib - function that produces build file lines to build a
                  shareable object library file ("libfoo.so" in Unix
                  terms) from the corresponding static library file
                  or object files.

                  called like this:

                        libobj2shlib(shlib => "PATH/TO/shlibfile",
                                     lib => "PATH/TO/libfile",
                                     objs => [ "PATH/TO/objectfile", ... ],
                                     deps => [ "PATH/TO/otherlibfile", ... ],
                                     ordinals => [ "word", "/PATH/TO/ordfile" ]);

                  'lib' has the intended library file name *without*
                  extension, libobj2shlib is expected to add that.
                  'shlib' has the correcponding shared library name
                  *without* extension.  'deps' has the list of other
                  libraries (also *without* extension) this library
                  needs to be linked with.  'objs' has the list of
                  object files (also *without* extension) to build
                  this library.  'ordinals' MAY be present, and when
                  it is, its value is an array where the word is
                  "crypto" or "ssl" and the file is one of the ordinal
                  files util/libeay.num or util/ssleay.num in the
                  source directory.

                  This function has a choice; it can use the
                  corresponding static library as input to make the
                  shared library, or the list of object files.

    obj2dynlib  - function that produces build file lines to build a
                  dynamically loadable library file ("libfoo.so" on
                  Unix) from object files.

                  called like this:

                        obj2dynlib(lib => "PATH/TO/libfile",
                                   objs => [ "PATH/TO/objectfile", ... ],
                                   deps => [ "PATH/TO/otherlibfile",
                                   ... ]);

                  This is almost the same as libobj2shlib, but the
                  intent is to build a shareable library that can be
                  loaded in runtime (a "plugin"...).  The differences
                  are subtle, one of the most visible ones is that the
                  resulting shareable library is produced from object
                  files only.

    obj2bin     - function that produces build file lines to build an
                  executable file from object files.

                  called like this:

                        obj2bin(bin => "PATH/TO/binfile",
                                objs => [ "PATH/TO/objectfile", ... ],
                                deps => [ "PATH/TO/libfile", ... ]);

                  'bin' has the intended executable file name
                  *without* extension, obj2bin is expected to add
                  that.  'objs' has the list of object files (also
                  *without* extension) to build this library.  'deps'
                  has the list of library files (also *without*
                  extension) that the programs needs to be linked
                  with.

    in2script   - function that produces build file lines to build a
                  script file from some input.

                  called like this:

                        in2script(script => "PATH/TO/scriptfile",
                                  sources => [ "PATH/TO/infile", ... ]);

                  'script' has the intended script file name.
                  'sources' has the list of source files to build the
                  resulting script from.

In all cases, file file paths are relative to the build tree top, and
the build file actions run with the build tree top as current working
directory.

Make sure to end the section with these functions with a string that
you thing is apropriate for the resulting build file.  If nothing
else, end it like this:

      "";       # Make sure no lingering values end up in the Makefile
    -}