[openssl-commits] [openssl] master update

Richard Levitte levitte at openssl.org
Mon Feb 22 14:40:44 UTC 2016


The branch master has been updated
       via  d5bdf6812439b607d08924ef875cadcf0d6e9698 (commit)
       via  9de94148780d4b84765849896d831be62b30fc33 (commit)
       via  ae48242c81b849e5ef038592a6f4e5c595890376 (commit)
       via  19ab579060aa261bb1f7ed3dcd102471dfd556ee (commit)
      from  2b9608b049eb33269f9b900e9e5f1c37fc1a1563 (commit)


- Log -----------------------------------------------------------------
commit d5bdf6812439b607d08924ef875cadcf0d6e9698
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon Feb 22 10:01:42 2016 +0100

    Add a "no-pic" build for Travis
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 9de94148780d4b84765849896d831be62b30fc33
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon Feb 22 10:16:50 2016 +0100

    Rewrite CHANGES to add some commentary about the "pic" option
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit ae48242c81b849e5ef038592a6f4e5c595890376
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon Feb 22 02:09:11 2016 +0100

    Introduce the "pic" / "no-pic" config option
    
    Building shared libraries or not is not the same as building position
    independent code or not.  It's true that if you don't build PIC, you
    can't build shared libraries.  However, you may very well want to
    build only static libraries but still want PIC code.
    
    Therefore, we introduce a new configuration option "pic", which is
    enabled by default or explicitely with "enable-pic", or disabled with
    "no-pic" or "disable-pic".  Of course, if "pic" is disabled, "shared"
    and "dynamic-engine" are automatically disabled as well.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

commit 19ab579060aa261bb1f7ed3dcd102471dfd556ee
Author: Richard Levitte <levitte at openssl.org>
Date:   Mon Feb 22 02:06:05 2016 +0100

    Use $disabled{"dynamic-engine"} internally
    
    We were kinda sorta using a mix of $disabled{"static-engine" and
    $disabled{"dynamic-engine"} in Configure.  Let's avoid confusion,
    choose one of them and stick to it.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>

-----------------------------------------------------------------------

Summary of changes:
 .travis.yml                           |  1 +
 CHANGES                               | 22 ++++++++++-----
 Configure                             | 53 ++++++++++++++++++++++++-----------
 test/recipes/70-test_sslcertstatus.t  |  2 +-
 test/recipes/70-test_sslextension.t   |  2 +-
 test/recipes/70-test_sslsessiontick.t |  2 +-
 test/recipes/70-test_sslskewith0p.t   |  2 +-
 test/recipes/70-test_sslvertol.t      |  2 +-
 test/recipes/70-test_tlsextms.t       |  2 +-
 test/recipes/90-test_networking.t     |  2 +-
 10 files changed, 60 insertions(+), 30 deletions(-)

diff --git a/.travis.yml b/.travis.yml
index 001180e..49cf782 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -27,6 +27,7 @@ compiler:
 env:
     - CONFIG_OPTS=""
     - CONFIG_OPTS="shared"
+    - CONFIG_OPTS="no-pic"
     - CONFIG_OPTS="no-asm"
     - CONFIG_OPTS="--debug --strict-warnings enable-crypto-mdebug enable-rc5 enable-md2"
     - CONFIG_OPTS="--unified"
diff --git a/CHANGES b/CHANGES
index d60d655..3baef73 100644
--- a/CHANGES
+++ b/CHANGES
@@ -5,13 +5,17 @@
  Changes between 1.0.2f and 1.1.0  [xx XXX xxxx]
 
   *) Configuration change; it's now possible to build dynamic engines
-     without having to build shared libraries and vice versa.  The
-     only requirement for building dynamic engines is the presence of
-     the DSO module, so configuring "disable-dso" will automatically
-     disable dynamic engines.  Dynamic engines are enabled by default,
-     and can be disabled with "enable-static-engine".
-     This only applies to the engines in engines/, those in
-     crypto/engine/ will always be built into libcrypto (i.e. "static").
+     without having to build shared libraries and vice versa.  This
+     only applies to the engines in engines/, those in crypto/engine/
+     will always be built into libcrypto (i.e. "static").
+
+     Building dynamic engines is enabled by default; to disable, use
+     the configuration option "disable-dynamic-engine".
+
+     The only requirements for building dynamic engines is the
+     presence of the DSO module and building with position independent
+     code, so they will also automatically be disabled if configuring
+     with "disable-dso" or "disable pic".
 
      The macros OPENSSL_NO_STATIC_ENGINE and OPENSSL_NO_DYNAMIC_ENGINE
      are also taken away from openssl/opensslconf.h, as they are
@@ -24,6 +28,10 @@
      object files.  This means other libraries that use routines from
      libcrypto / libssl can be made into shared libraries regardless
      of how OpenSSL was configured.
+
+     If this isn't desirable, the configuration options "disable-pic"
+     or "no-pic" can be used to disable the use of PIC.  This will
+     also disable building shared libraries and dynamic engines.
      [Richard Levitte]
 
   *) Removed JPAKE code.  It was experimental and has no wide use.
diff --git a/Configure b/Configure
index 1cb5ace..7942a59 100755
--- a/Configure
+++ b/Configure
@@ -46,6 +46,8 @@ my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lx
 #               multithreaded applications (default is "threads" if we
 #               know how to do it)
 # [no-]shared	[don't] try to create shared libraries when supported.
+# [no-]pic      [don't] try to build position independent code when supported.
+#               If disabled, it also disables shared and dynamic-engines.
 # no-asm        do not use assembler
 # no-dso        do not compile in any native shared-library methods. This
 #               will ensure that all methods just return NULL.
@@ -284,6 +286,7 @@ my @disablables = (
     "nextprotoneg",
     "ocb",
     "ocsp",
+    "pic",
     "poly1305",
     "posix-io",
     "psk",
@@ -384,6 +387,9 @@ my @disable_cascades = (
 
     # Without DSO, we can't load dynamic engines, so don't build them dynamic
     "dso"               => [ "dynamic-engine" ],
+
+    # Without position independent code, there can be no shared libraries or DSOs
+    "pic"               => [ "shared", "dynamic-engine" ],
     );
 
 # Avoid protocol support holes.  Also disable all versions below N, if version
@@ -550,11 +556,11 @@ foreach (@argvcopy)
                         }
                 elsif ($1 eq "static-engine")
                         {
-                        $disabled{"static-engine"} = "option";
+                        delete $disabled{"dynamic-engine"};
                         }
                 elsif ($1 eq "dynamic-engine")
                         {
-                        delete $disabled{"static-engine"};
+                        $disabled{"dynamic-engine"} = "option";
                         }
                 else
                         {
@@ -565,11 +571,11 @@ foreach (@argvcopy)
 		{
                 if ($1 eq "static-engine")
                         {
-                        delete $disabled{"static-engine"};
+                        $disabled{"dynamic-engine"} = "option";
                         }
                 elsif ($1 eq "dynamic-engine")
                         {
-                        $disabled{"static-engine"} = "option";
+                        delete $disabled{"dynamic-engine"};
                         }
 		my $algo = $1;
 		delete $disabled{$algo};
@@ -764,9 +770,11 @@ foreach (sort (keys %disabled))
 		{ $no_threads = 1; }
 	elsif (/^shared$/)
 		{ $config{no_shared} = 1; }
+	elsif (/^pic$/)
+		{ }
 	elsif (/^zlib$/)
 		{ $zlib = 0; }
-	elsif (/^static-engine$/)
+	elsif (/^dynamic-engine$/)
 		{ }
 	elsif (/^zlib-dynamic$/)
 		{ }
@@ -1000,21 +1008,33 @@ if (defined($disabled{"deprecated"})) {
 
 if ($target{shared_target} eq "")
 	{
-	$no_shared_warn = 1 if !$config{no_shared} && !$config{fips};
+	$no_shared_warn = 1
+	    if ((!$config{no_shared} || !$disabled{"dynamic-engine"})
+		&& !$config{fips});
 	$config{no_shared} = 1;
+	$disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} =
+	    "no-shared-target";
 	}
 
-if ($disabled{"static-engine"}) {
-        push @{$config{defines}}, "OPENSSL_NO_STATIC_ENGINE";
-        $config{dynamic_engines} = 1;
-} else {
+if ($disabled{"dynamic-engine"}) {
         push @{$config{defines}}, "OPENSSL_NO_DYNAMIC_ENGINE";
         $config{dynamic_engines} = 0;
+} else {
+        push @{$config{defines}}, "OPENSSL_NO_STATIC_ENGINE";
+        $config{dynamic_engines} = 1;
 }
 
 #
 # Platform fix-ups
 #
+
+# This saves the build files from having to check
+if ($disabled{pic})
+	{
+	$target{shared_cflag} = $target{shared_ldflag} =
+		$target{shared_rcflag} = "";
+	}
+
 if ($target{sys_id} ne "")
 	{
 	push @{$config{openssl_sys_defines}}, "OPENSSL_SYS_$target{sys_id}";
@@ -1049,7 +1069,7 @@ if (!$no_asm) {
     if ($target{md5_asm_src}) {
 	push @{$config{defines}}, "MD5_ASM";
     }
-    $target{cast_asm_src}=$table{BASE}->{cast_asm_src} if (!$config{no_shared}); # CAST assembler is not PIC
+    $target{cast_asm_src}=$table{BASE}->{cast_asm_src} unless $disabled{pic}; # CAST assembler is not PIC
     if ($target{rmd160_asm_src}) {
 	push @{$config{defines}}, "RMD160_ASM";
     }
@@ -1385,7 +1405,7 @@ if ($builder eq "unified") {
         }
 
         die <<"EOF" if scalar @engines and !$config{dynamic_engines};
-ENGINES can only be used if configured with 'static-enginex'.
+ENGINES can only be used if configured with 'dynamic-engine'.
 This is usually a fault in a build.info file.
 EOF
         foreach (@engines) {
@@ -1849,10 +1869,11 @@ EOF
 
 print <<"EOF" if ($no_shared_warn);
 
-You gave the option 'shared', which is not supported on this platform, so
-we will pretend you gave the option 'no-shared'.  If you know how to implement
-shared libraries, please let us know (but please first make sure you have
-tried with a current version of OpenSSL).
+The options 'shared', 'pic' and 'dynamic-engine' aren't supported on this
+platform, so we will pretend you gave the option 'no-pic', which also disables
+'shared' and 'dynamic-engine'.  If you know how to implement shared libraries
+or position independent code, please let us know (but please first make sure
+you have tried with a current version of OpenSSL).
 EOF
 
 ###### TO BE REMOVED BEFORE FINAL RELEASE
diff --git a/test/recipes/70-test_sslcertstatus.t b/test/recipes/70-test_sslcertstatus.t
index 9987e79..ffcb279 100755
--- a/test/recipes/70-test_sslcertstatus.t
+++ b/test/recipes/70-test_sslcertstatus.t
@@ -64,7 +64,7 @@ plan skip_all => "TLSProxy isn't usable on $^O"
     if $^O =~ /^VMS$/;
 
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
-    if disabled("engine") || disabled("dynamic_engines");
+    if disabled("engine") || disabled("dynamic-engine");
 
 $ENV{OPENSSL_ENGINES} = bldtop_dir("engines");
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
diff --git a/test/recipes/70-test_sslextension.t b/test/recipes/70-test_sslextension.t
index 6ad4130..93bb6fe 100755
--- a/test/recipes/70-test_sslextension.t
+++ b/test/recipes/70-test_sslextension.t
@@ -64,7 +64,7 @@ plan skip_all => "TLSProxy isn't usable on $^O"
     if $^O =~ /^VMS$/;
 
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
-    if disabled("engine") || disabled("dynamic_engines");
+    if disabled("engine") || disabled("dynamic-engine");
 
 $ENV{OPENSSL_ENGINES} = bldtop_dir("engines");
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
diff --git a/test/recipes/70-test_sslsessiontick.t b/test/recipes/70-test_sslsessiontick.t
index cd6e483..16ef4ea 100755
--- a/test/recipes/70-test_sslsessiontick.t
+++ b/test/recipes/70-test_sslsessiontick.t
@@ -65,7 +65,7 @@ plan skip_all => "TLSProxy isn't usable on $^O"
     if $^O =~ /^VMS$/;
 
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
-    if disabled("engine") || disabled("dynamic_engines");
+    if disabled("engine") || disabled("dynamic-engine");
 
 $ENV{OPENSSL_ENGINES} = bldtop_dir("engines");
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
diff --git a/test/recipes/70-test_sslskewith0p.t b/test/recipes/70-test_sslskewith0p.t
index eaf37b6..850820d 100755
--- a/test/recipes/70-test_sslskewith0p.t
+++ b/test/recipes/70-test_sslskewith0p.t
@@ -64,7 +64,7 @@ plan skip_all => "TLSProxy isn't usable on $^O"
     if $^O =~ /^VMS$/;
 
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
-    if disabled("engine") || disabled("dynamic_engines");
+    if disabled("engine") || disabled("dynamic-engine");
 
 plan skip_all => "dh is not supported by this OpenSSL build"
     if disabled("dh");
diff --git a/test/recipes/70-test_sslvertol.t b/test/recipes/70-test_sslvertol.t
index f89bc87..02c9a3b 100755
--- a/test/recipes/70-test_sslvertol.t
+++ b/test/recipes/70-test_sslvertol.t
@@ -64,7 +64,7 @@ plan skip_all => "TLSProxy isn't usable on $^O"
     if $^O =~ /^VMS$/;
 
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
-    if disabled("engine") || disabled("dynamic_engines");
+    if disabled("engine") || disabled("dynamic-engine");
 
 $ENV{OPENSSL_ENGINES} = bldtop_dir("engines");
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
diff --git a/test/recipes/70-test_tlsextms.t b/test/recipes/70-test_tlsextms.t
index 27b5347..763b0af 100644
--- a/test/recipes/70-test_tlsextms.t
+++ b/test/recipes/70-test_tlsextms.t
@@ -65,7 +65,7 @@ plan skip_all => "TLSProxy isn't usable on $^O"
     if $^O =~ /^VMS$/;
 
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
-    if disabled("engine") || disabled("dynamic_engines");
+    if disabled("engine") || disabled("dynamic-engine");
 
 $ENV{OPENSSL_ENGINES} = bldtop_dir("engines");
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';
diff --git a/test/recipes/90-test_networking.t b/test/recipes/90-test_networking.t
index 5297be0..84d616d 100644
--- a/test/recipes/90-test_networking.t
+++ b/test/recipes/90-test_networking.t
@@ -64,7 +64,7 @@ plan skip_all => "TLSProxy isn't usable on $^O"
     if $^O =~ /^VMS$/;
 
 plan skip_all => "$test_name needs the dynamic engine feature enabled"
-    if disabled("engine") || disabled("dynamic_engines");
+    if disabled("engine") || disabled("dynamic-engine");
 
 $ENV{OPENSSL_ENGINES} = bldtop_dir("engines");
 $ENV{OPENSSL_ia32cap} = '~0x200000200000000';


More information about the openssl-commits mailing list