Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NMatt Caswell <matt@openssl.org>

They now default to " " as separator, but that can be overridden by
having a hash with parameters as last argument.  The only currently
recognised parameter is `separator'.

The special separator `undef' will force the result to become a list
rather than a concatenated string.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

In the earlier change, where static libraries get built with position
independent code, OPENSSL_PIC was removed by mistake.  This adds it
back.
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

The commit 1288f26f says that it fixes no-async, but instead seems to break
it. Therefore revert that change and fix no-async.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

This way, we can use them as conditions instead of relying to more or
less obscure aliases in %config or variables directly in Configure.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Reviewed-by: NRich Salz <rsalz@openssl.org>

Preserved for now for those who have scripts with the option
"no-ssl2".  We warn that it's deprecated, and ignore it otherwise.

In response to RT#4330
Reviewed-by: NRich Salz <rsalz@openssl.org>

Building shared libraries or not is not the same as building position
independent code or not.  It's true that if you don't build PIC, you
can't build shared libraries.  However, you may very well want to
build only static libraries but still want PIC code.

Therefore, we introduce a new configuration option "pic", which is
enabled by default or explicitely with "enable-pic", or disabled with
"no-pic" or "disable-pic".  Of course, if "pic" is disabled, "shared"
and "dynamic-engine" are automatically disabled as well.
Reviewed-by: NRich Salz <rsalz@openssl.org>

We were kinda sorta using a mix of $disabled{"static-engine" and
$disabled{"dynamic-engine"} in Configure.  Let's avoid confusion,
choose one of them and stick to it.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Until now, the engines in engines/ were only built as dynamicaly
loadable ones if shared libraries were built.

We not dissociate the two and can build dynamicaly loadable engines
even if we only build static libcrypto and libssl.  This is controlled
with the option (enable|disable|no)-static-engine, defaulting to
no-static-engine.

Note that the engines in crypto/engine/ (dynamic and cryptodev) will
always be built into libcrypto.
Reviewed-by: NRich Salz <rsalz@openssl.org>

This takes us away from the idea that we know exactly how our static
libraries are going to get used.  Instead, we make them available to
build shareable things with, be it other shared libraries or DSOs.

On the other hand, we also have greater control of when the shared
library cflags.  They will never be used with object files meant got
binaries, such as apps/openssl or test/test*.

With unified, we take this a bit further and prepare for having to
deal with extra cflags specifically to be used with DSOs (dynamic
engines), libraries and binaries (applications).
Reviewed-by: NRich Salz <rsalz@openssl.org>

Better libclean that removes the exact files that have been built,
nothing more and nothing less.

Corrected typo

A couple of editorial changes.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Then it can pass around the information where it belongs.  The
Makefile templates pick it up along with other target data, the
DSO module gets to pick up the information through
crypto/include/internal/dso_conf.h
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Adding uplink and applink to some builds was done by "magic", the
configuration for "mingw" only had a macro definition, the Configure
would react to its presence by adding the uplink source files to
cpuid_asm_src, and crypto/build.info inherited dance to get it
compiled, and Makefile.shared made sure applink.o would be
appropriately linked in.  That was a lot under the hood.

To replace this, we create a few template configurations in
Configurations/00-base-templates.conf, inherit one of them in the
"mingw" configuration, the rest is just about refering to the
$target{apps_aux_src} / $target{apps_obj} in the right places.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

All those flags existed because we had all the dependencies versioned
in the repository, and wanted to have it be consistent, no matter what
the local configuration was.  Now that the dependencies are gone from
the versioned Makefile.ins, it makes much more sense to use the exact
same flags as when compiling the object files.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Add -DBIO_DEBUG to --strict-warnings.
Remove comments about outdated debugging ifdef guards.
Remove md_rand ifdef guarding an assert; it doesn't seem used.
Remove the conf guards in conf_api since we use OPENSSL_assert, not assert.
For pkcs12 stuff put OPENSSL_ in front of the macro name.
Merge TLS_DEBUG into SSL_DEBUG.
Various things just turned on/off asserts, mainly for checking non-NULL
arguments, which is now removed: camellia, bn_ctx, crypto/modes.
Remove some old debug code, that basically just printed things to stderr:
  DEBUG_PRINT_UNKNOWN_CIPHERSUITES, DEBUG_ZLIB, OPENSSL_RI_DEBUG,
  RL_DEBUG, RSA_DEBUG, SCRYPT_DEBUG.
Remove OPENSSL_SSL_DEBUG_BROKEN_PROTOCOL.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

Thanks to Viktor for additional review.
Reviewed-by: NRichard Levitte <levitte@openssl.org>

"or" has lower priority than "||" and works better to have Perl less
confused.
Reviewed-by: NRich Salz <rsalz@openssl.org>

Although I explicitly don't care about the tinfoil-hat reason given in
the initial opening of RT#3628, that "paths usually contain private
information", there *are* situations where it's useful to eliminate the
filenames from the compiled binary.

The two reasons we do care about in the context of firmware such as EDK2
are that it allows for a smaller footprint, and it is also a necessary
component of a binary-reproducible build.

To that end, introduce OPENSSL_FILE and OPENSSL_LINE macros, defining
them to __FILE__ and __LINE__ respectively in the normal case, but to
"" and 0 when OPENSSL_NO_FILENAMES is set.

This is mostly a naïve invocation of
 $ sed 's/__\([FL]I[NL]E\)__/OPENSSL_\1/g' -i `git grep -l __LINE__`
but with a few instances change to just print the function name instead
(although those probably need to die anyway) and test cases left untouched.
Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

For example, this works instead of giving a big error message (note
the lack of '--unified'):

    mkdir ../_build
    (cd ../_build/; ../openssl-src/config; make)
Reviewed-by: NAndy Polyakov <appro@openssl.org>

The previous fix wasn't right.

Also, change all (^|\s) and (\s|$) constructs to (?:^|\s) and (?:\s|$).
Perl seems to like that better.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

When OPENSSL_NO_ASYNC is set, make ASYNC_{un,}block_pause() do nothing.
This prevents md_rand.c from failing to build. Probably better to do it
this way than to wrap every instance in an explicit #ifdef.

A bunch of new socket code got added to a new file crypto/bio/b_addr.c.
Make it all go away if OPENSSL_NO_SOCK is defined.

Allow configuration with no-ripemd, no-ts, no-ui
We use these for the UEFI build.

Also remove the 'Really???' comment from no-err and no-locking. We use
those too.

We need to drop the crypto/engine directory from the build too, and also
set OPENSSL_NO_ENGINE
Signed-off-by: NRich Salz <rsalz@openssl.org>
Reviewed-by: NTim Hudson <tjh@openssl.org>

Reviewed-by: NViktor Dukhovni <viktor@openssl.org>

Macro definitions "should" be found in $config{defines}, but some
configs haven't transfered macro definitions from their 'cflags'
settings (which isn't mandatory anyway), so check both places.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

This check is meaningless on VMS and only produce an error because the
underlying shell (DCL) doesn't understand sh syntax such as '2>&1'.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Depending on user preferences, Configure might get something like
--PREFIX=blah just as well as --prefix=blah, or "SHARED" just as well
as "shared".  On VMS, let's therefore lowercase at least the portion
of the argument before a possible equal sign.

For good measure, we lowercase the arguments to be checked in
config.com as well.  The original argument is sent on to Configure,
however.
Reviewed-by: NAndy Polyakov <appro@openssl.org>

To force it on anyone using --strict-warnings was the wrong move, as
this is an option best left to those who know what they're doing.

Use with care!
Reviewed-by: NAndy Polyakov <appro@openssl.org>

Reviewed-by: NRichard Levitte <levitte@openssl.org>

The previous method had some unfortunate consequences with
--strict-warnings.  To counteract, revert part of the previous change
and move down the block of code that adds the user cflags and defines.
Reviewed-by: NRich Salz <rsalz@openssl.org>