This was allowed already for some statements, but not consistently for all.
Fixes#15684
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15691)
There doesn't appear to be a good reason to omit protocol message tracing by default.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15665)
Internal documentation doesn't allow for any exception... Therefore,
even GENERATE values should be variable expanded.
(there are historical reasons why GENERATE was excepted from variable
expansion, that aren't applicable any more)
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15554)
Remove unused -DCONF_DEBUG and -DBN_CTX_DEBUG.
Rename REF_PRINT to REF_DEBUG for consistency, and add a new
tracing category and use it for printing reference counts.
Rename -DDEBUG_UNUSED to -DUNUSED_RESULT_DEBUG
Fix BN_DEBUG_RAND so it compiles and, when set, force DEBUG_RAND to
be set also.
Rename engine_debug_ref to be ENGINE_REF_PRINT also for consistency.
Fixes#15357
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15353)
Pull in Todd Short's fix cfd7225fbb from 1.1.1, which moves the disabling
of pic, threads and statics to before they are checked.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15214)
Don't die if someone says "fips" instead of "enable-fips"
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15346)
The memory footprint of how we produced the Makefile was quite...
important, because we have all the processing in one perl snippet, and
generate the details of the build file by appending to the "magic"
variable $OUT. The result is that this variable gets to hold the
majority of the build file text, and depending on memory reallocation
strategies for strings, the heap may hold multiple (possibly not just
a few) copies of this string, almost all of them "freed" but still
taking up space. This has resulted in memory exhaustion.
We therefore change strategy, and generate the build file in two
phases, where the first phase generates the full template using small
perl snippets for each detail, and the second phase processes this
template. This is much kinder to process memory.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15310)
Use it in the automated workflows.
Fixes: #15247
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15248)
A pair of the disabled string checks were incorrect.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/15082)
Building the fips provider in addition to the default provider
effectively doubles the build time. Since many users will not
need fips support, it is now disabled by default.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13684)
Previously, we had dependency making pretty much hard coded in the
build file templates, with a bit of an exception for Unix family
platforms, where we had different cases depending on what dependency
making program was found.
With the Embarcadero C++ builder, a separate scheme appeared, with a
different logic.
This change merges the two, and introduces two config target
attributes:
makedepcmd The program to use, where this is relevant.
This replaces the earlier configuration
attribute 'makedepprog'.
makedep_scheme This is a keyword that can be used by build
files templates to produce different sorts of
commands, but most importantly, to pass as
argument to util/add-depend.pl, which uses
this keyword as a "producer" for the
dependency lines.
If the config target doesn't define the 'makedep_scheme' attribute,
Configure tries to figure it out by looking for GCC compatible
compilers or for the 'makedepend' command.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/15006)
With this option, the openssl command line tool is not created. Without that
it is impossible to create the fipsmodule.cnf file that the tests would
otherwise depend upon.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14979)
We just detect this at compile time instead.
This avoids cross-compilation problems where the host platform supports
128-bit ints, but the target platform does not (or vice versa). This was
causing a problem on some platforms where, dependent on the CFLAGS, 128 bit
ints were either supported or not.
Fixes#14804
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14941)
Add a config variable "use_int128" to indicate if 128-bit integers are
supported or not at the configure time. This makes it easier to
automatically select 64-bit versus 32-bit implementation for curve448.
Signed-off-by: Amitay Isaacs <amitay@ozlabs.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14784)
Fixes: #14629
Signed-off-by: Randall S. Becker <rsbecker@nexbridge.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14634)
All files that are given to DEPEND statements in build.info files are
being checked against GENERATE statements, to see if it's reasonable
to look for them in the source tree or not. This was only done for .h
files, for reasons that are lost in history. We now change that check
to look at all files instead.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14598)
Our goal is to be able to produce fipsmodule.cnf with the help of
'openssl fipsinstall', using the openssl program that we build.
This refactors the generatesrc code in all the build file templates to
replace $generator and $generator_incs with $gen0, $gen_args and $gen_incs,
which makes it easier and more consistent to manipulate different bits
of the generator command, and also keeps the variable names consistent
while not overly long.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
We need to add something for the 'tests' target to depend on, so a
special syntax for those is introduced:
DEPEND[|tests|]=fipsmodule.cnf
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14320)
The OTC decided that all low level APIs should be deprecated. This extends
to SRP, even though at the current time there is no "EVP" interface to it.
This could be added in a future release.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14132)
Even if EC and DH are disabled then we may still be able to use TLSv1.3
if we have groups that have been plugged in by an external provider.
Fixes#13767
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13916)
This sort of duplication is permitted, as the end result will be a single
item anyway, but we might as well warn to avoid future confusion.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13824)
If the given sources are GENERATEd, we check those generators as well.
This ensures that the declarations in the diverse build.info files are
consistent with existing files.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13824)
The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so
this is simply a cleanup of the remains.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13700)
If we specify no-engine then this should cascade to also mean
no-dynamic-engine. The store test was only checking whether
dynamic-engine was disabled, meaning that some tests were failing
in a no-engine build.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13502)
Some very basic config targets don't defined the 'shared_target'
attribute at all. This wasn't handled well enough in Configure.
This also cleans away an explicit reference to the ossltest engine in
Configurations/unix-Makefile.tmpl, which isn't necessary since the
build.info attributes were added.
Fixesopenssl/web#197
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13031)
This line wasn't properly handled:
SCRIPTS{misc,linkname=tsget}=tsget.pl
It generated an attribute "linkname=tsget" with the value 1, instead of
what it should have, an attribute "linkname" with the value "tsget".
Fixes#12341
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12344)
'absolutedir' does a thorough job ensuring that we have a "real" path
to both source and build directory, unencumbered by symbolic links.
However, that isn't enough on case insensitive file systems on Unix
flavored platforms, where it's possible to stand in, for example,
/PATH/TO/Work/openssl, and then do this:
perl ../../work/openssl/Configure
... and thereby having it look like the source directory and the build
directory aren't the same.
We solve this by having a closer look at the computed source and build
directories, and making sure they are exactly the same strings if they
are in fact the same directory.
This is especially important when making symbolic links based on this
directories, but may have other ramifications as well.
Fixes#12323
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12337)
Change default FIPS HMAC KEY from all-zero's
Use default FIPSKEY if not given on command line.
Make all -macopt in fipsinstall optional
Make all tests, except fipsinstall, use the default -macopt and
-mac_name flags.
Define and use FIPSDIR variable on VMS/MMS.
Also use SRCDIR/BLDDIR in SRCTOP/BLDTOP.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12235)
'config' is now a mere wrapper for backward compatibility.
All documentation is changed accordingly.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
These options were coded in util/perl/OpenSSL/config.pm, but that got
removed when the OpenSSL::config::main() function was removed. We're
not putting them back, but in 'Configure'.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
map_guess() is now table driven, just like get_system().
Additionally, it now takes a config hash table and returns one of its
own. This way, 'Configure' can pass whatever it has already found to
OpenSSL::config::get_platform(), and easily merge the returned hash
table into its %config.
This also gets rid of variables that we no longer need. That includes
$PERL and all the $__CNF_ environment variables.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
Previously, ./config would check if "$target-$CC", then "$target"
exists and choose the one that does. This is now moved to Configure.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11230)
For FIPS validation purposes - Automated Cryptographic Validation Protocol (ACVP) tests need to be
performed. (See https://github.com/usnistgov/ACVP). These tests are very similiar to the old CAVS tests.
This PR uses a hardwired subset of these test vectors to perform similiar operations,
to show the usage and prove that the API's are able to perform the required operations.
It may also help with communication with the lab (i.e- The lab could add a test here to show
a unworking use case - which we can then address).
The EVP layer performs these tests instead of calling lower level API's
as was done in the old FOM.
Some of these tests require access to internals that are not normally allowed/required.
The config option 'acvp_tests' (enabled by default) has been added so that this
access may be removed.
The mechanism has been implemented as additional OSSL_PARAM values that can be set and get.
A callback mechanism did not seem to add any additional benefit.
These params will not be added to the gettables lists.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11572)
./config --with-rand-seed=egd
need to defines OPENSSL_RAND_SEED_EGD and OPENSSL_NO_EGD
so get rid of OPENSSL_NO_EGD (compiles but I did not really test EGD)
./config --with-rand-seed=devrandom
does not work since wait_random_seeded works under the assumption
that OPENSSL_RAND_SEED_GETRANDOM is supposed to be enabled as well,
that is usually the case, but not when only devrandom is enabled.
Skip the wait code in this special case.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/11848)
It seems that in older perl versions '(?P' doesn't interact very well
with '(?|' or '(?:'.
Since we make extensive use of '(?P' in build.info parsing, we avoid
combining that with '(?|' and '(?:' when parsing build.info variables,
and end up parsing variable modifier twice (first generally, and then
parse that result into the modifier components).
Fixes#11694
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11737)
The 'config' script checked for a bunch of crypto/ sub-system
directories, and added 'no-' options if they weren't there.
We move it to 'Configure' in an effort to simplify 'config' for
further work.
Note: this is pretty much a historical thing. In modern OpenSSL, it's
much simpler to edit the SUBDIRS statement in crypto/build.info.
However, it's been claimed the there are those who still remove some
of these sub-system sources.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11217)
There were some remaining old code and comments that don't serve a
purpose any longer.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Use case: having a variable with multiple source files in its value,
and wanting to refer to the corresponding object file.
$SRCS=foo.c bar.c
SOURCE[program]=$SRCS
DEPEND[${SRCS/.c/.o}]=prog.h
GENERATE[prog.h]=...
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
So far, the "index" part of KEYWORD[whatever] could only handle one
item. There are cases, however, where we want to add the exact same
value to multiple items. This is especially helpful if a variable
that may have multi-item values are used in the "index" part.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/11185)
Adding support for "no-secure-memory" was simple, a one-liner.
Fixing all the "ifdef OPENSSL_SECURE_MEMORY" to be "ifndef NO_xxx"
was a bit more work. My original goof, for not following the OpenSSL
pattern "ifndef NO_" used everywhere else.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/11023)
In C, we have macros like OPENSSL_NO_DEPRECATED_3_0 to check if some
section of code should be disabled to simulate a removal of things
deprecated in the version.
In perl, we had to check $disabled{deprecated} and compare
$config{api} with the proper version code, which is doable but tedious
and error prone.
This change adds $disabled{'deprecated-x.y'} (x.y being a version
number) which directly corresponds to OPENSSL_NO_DEPRECATED_x_y, for
use in build.info conditions, test recipes and other perl stuff.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11027)
@{$config{LDFLAGS}} isn't necessarily split up in pieces, so we need
to check for '-static' with a regexp rather than with an exact string
match.
Fixes#10867
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10878)
This regexp was used a bit too uncontrolled, which had it split flag
values where it should not have.
Fixes#10792
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10793)
Use of the low level AES functions has been informally discouraged for a
long time. We now formally deprecate them.
Applications should instead use the EVP APIs, e.g. EVP_EncryptInit_ex,
EVP_EncryptUpdate, EVP_EncryptFinal_ex, and the equivalently named decrypt
functions.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/10580)
Fixes#8322
The leak-checking (and backtrace option, on some platforms) provided
by crypto-mdebug and crypto-mdebug-backtrace have been mostly neutered;
only the "make malloc fail" capability remains. OpenSSL recommends using
the compiler's leak-detection instead.
The OPENSSL_DEBUG_MEMORY environment variable is no longer used.
CRYPTO_mem_ctrl(), CRYPTO_set_mem_debug(), CRYPTO_mem_leaks(),
CRYPTO_mem_leaks_fp() and CRYPTO_mem_leaks_cb() return a failure code.
CRYPTO_mem_debug_{malloc,realloc,free}() have been removed. All of the
above are now deprecated.
Merge (now really small) mem_dbg.c into mem.c
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10572)
If _CALL_ELF is defined to be 2, it's an ELFv2 system.
Conditionally switch to the v2 perlasm scheme.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8883)
The computation of macros and configdata.pm related data from %disabled
was done much too early, leaving later disablings without real support.
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10566)
This makes it possible to chain GENERATOR statements, which allows
constructs like this:
GENERATE[something.html]=something.pod
GENERATE[something.pod]=something.pod.in
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6236)
At some point in time, there was a 'no-deprecated' configuration
option, which had the effect of hiding all declarations of deprecated
stuff, i.e. make the public API look like they were all removed.
At some point in time, there was a '--api' configuration option, which
had the effect of having the public API look like it did in the version
given as value, on a best effort basis. In practice, this was used to
get different implementations of BN_zero(), depending on the desired
API compatibility level.
At some later point in time, '--api' was changed to mean the same as
'no-deprecated', but only for the deprecations up to and including the
desired API compatibility level. BN_zero() has been set to the
pre-1.0.0 implementation ever since, unless 'no-deprecation' has been
given.
This change turns these options back to their original meaning, but
with the slight twist that when combined, i.e. both '--api' and
'no-deprecated' is given, the declarations that are marked deprecated
up to an including the desired API compatibility level are hidden,
simulating that they have been removed.
If no desired API compatibility level has been given, then
configuration sets the current OpenSSL version by default.
Furthermore, the macro OPENSSL_API_LEVEL is now used exclusively to
check what API compatibility level is desired. For checking in code
if `no-deprecated` has been configured for the desired API
compatibility level, macros for each supported level is generated,
such as OPENSSL_NO_DEPRECATED_1_1_1, corresponding to the use of
DEPRECATEDIN_ macros, such as DEPRECATEDIN_1_1_1().
Just like before, to set an API compatibility level when building an
application, define OPENSSL_API_COMPAT with an appropriate value. If
it's desirable to hide deprecated functions up to and including that
level, additionally define OPENSSL_NO_DEPRECATED (the value is
ignored).
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10364)
- Check for the <sys/ktls.h> header to determine if KTLS support
is available.
- Populate a tls_enable structure with session key material for
supported algorithms. At present, AES-GCM128/256 and AES-CBC128/256
with SHA1 and SHA2-256 HMACs are supported. For AES-CBC, only MtE
is supported.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10045)
'VERSION' is a very easy file to parse, as opposed to a header file.
We also have the benefit of holding the version information in one
very well known place and can then generate all other version texts
as we see fit, for example opensslv.h.
Fixes#10203
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10205)
Currently the Configure command only supports passing UNIX style
options (`-opt`) to the compiler. Passing Windows style options
(`/opt`) yields an error. Fortunately, the compiler accepts both
types of options, nevertheless this commit fixes that discrimination
of Windows users.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9961)
The build.info grammar's regular expressions were a horrible read.
By assigning certain sub-expressions to variables, we hope to make
it a little more readable.
Also, the handling of build.info attributes is reworked to use a
common function instead of having copies of the same code.
Finally, the attributes are reorganized to specify if they belong with
programs, libraries, modules or scripts. This will enable more
intricate attribute assignment in changes to come.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10088)
This makes the legacy provider available regardless of building conditions.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9637)
That will make it possible to assign different goals for translation
units depending on need.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9637)
To have the configdata.pm text embedded in Configure was kind of ugly,
and becomes clearer if put into a template file, configdata.pm.in. We
can then use OpenSSL::Template to generate it.
We also modify configdata.pm to be the build file generator, and run
it from Configure. The benefit with that is that developers who
tinker and play with the build file can do a "factory reset" without
having to go through the configuration process, i.e. they can re-use
the config data the already have.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9693)
The module with_fallback.pm was kind of clunky and required a transfer
module. This change replaces if with a much more generic pragma type
module, which simply appends given directories to @INC (as opposed to
the 'lib' pragma, which prepends the directories to @INC).
This also supports having a file MODULES.txt with sub-directories to
modules. This ensures that we don't have to spray individual module
paths throughout our perl code, but can have them collected in one
place.
(do note that there is a 'fallback' module on CPAN. However, it isn't
part of the core perl, and it has no support the any MODULES.txt kind
of construct)
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9826)
While gcc ignores unknown options of the type '-Wno-xxx', clang by default issues
a warning [-Wunknown-warning-option] (see [3]), which together with '-Werror'
causes the build to fail. This turned out to be a problem on the 1.0.2 stable branch
in the case of the '-Wextended-offsetof' option, which was removed in version 6.0.0,
but needs to be kept here in order to support older clang versions, too (see #9446).
Incidentally, master and 1.1.1 branch already contained the -Wno-unknown-warning-option
option. Due to its special role and its importance, this commit adds an explaining
commit message and moves the option to the front.
[extended tests]
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9447)
DEFINE[] definitions end up pushed in @{$config{defines}} instead of
being added to the output file list of defines. This allows for the
unusual case where we need something to be defined globally, so it
gets picked up by anything using $(CPPFLAGS).
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/9679)
We only export functions, not global, so remove the config option
and some of the #ifdef stuff.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9285)
Because of that we can remove OPENSSL_UNISTD and some other
macros from e_os2.h and opensslconf.h
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9204)
Remove the *_asm templates in Configurations/00-base-templates.conf,
all attempts to inherit them, and the asm() perl function.
[extended tests]
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9166)