Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Initial import

  • Loading branch information...
commit afd56985cea5e3f7d5affc7b43a9a7d084fc7c24 0 parents
Martin Dietze authored
Showing with 44,168 additions and 0 deletions.
  1. +8,490 −0 CHANGES
  2. +968 −0 CHANGES.SSLeay
  3. +2,094 −0 Configure
  4. +965 −0 FAQ
  5. +350 −0 INSTALL
  6. +47 −0 INSTALL.DJGPP
  7. +72 −0 INSTALL.MacOS
  8. +454 −0 INSTALL.NW
  9. +31 −0 INSTALL.OS2
  10. +299 −0 INSTALL.VMS
  11. +321 −0 INSTALL.W32
  12. +66 −0 INSTALL.W64
  13. +74 −0 INSTALL.WCE
  14. +127 −0 LICENSE
  15. +62 −0 MacOS/GUSI_Init.cpp
  16. +2,753 −0 MacOS/GetHTTPS.src/CPStringUtils.cpp
  17. +104 −0 MacOS/GetHTTPS.src/CPStringUtils.hpp
  18. +170 −0 MacOS/GetHTTPS.src/ErrorHandling.cpp
  19. +147 −0 MacOS/GetHTTPS.src/ErrorHandling.hpp
  20. +209 −0 MacOS/GetHTTPS.src/GetHTTPS.cpp
  21. +1,607 −0 MacOS/GetHTTPS.src/MacSocket.cpp
  22. +103 −0 MacOS/GetHTTPS.src/MacSocket.h
  23. +4,940 −0 MacOS/OpenSSL.mcp.hqx
  24. +476 −0 MacOS/Randomizer.cpp
  25. +43 −0 MacOS/Randomizer.h
  26. +18 −0 MacOS/TODO
  27. +9 −0 MacOS/_MWERKS_GUSI_prefix.h
  28. +9 −0 MacOS/_MWERKS_prefix.h
  29. +5 −0 MacOS/buildinf.h
  30. +820 −0 MacOS/mklinks.as.hqx
  31. +116 −0 MacOS/opensslconf.h
  32. +732 −0 Makefile
  33. +730 −0 Makefile.org
  34. +609 −0 Makefile.shared
  35. +511 −0 NEWS
  36. +228 −0 Netware/build.bat
  37. +113 −0 Netware/cpy_tests.bat
  38. +624 −0 Netware/do_tests.pl
  39. +254 −0 Netware/globals.txt
  40. +19 −0 Netware/readme.txt
  41. +112 −0 Netware/set_env.bat
  42. +197 −0 PROBLEMS
  43. +218 −0 README
  44. +187 −0 README.ASN1
  45. +289 −0 README.ENGINE
  46. +18 −0 VMS/TODO
  47. +34 −0 VMS/VMSify-conf.pl
  48. +4 −0 VMS/WISHLIST.TXT
  49. +79 −0 VMS/install.com
  50. +371 −0 VMS/mkshared.com
  51. +1 −0  VMS/multinet_shr.opt
  52. +46 −0 VMS/openssl_utils.com
  53. +1 −0  VMS/socketshr_shr.opt
  54. +1 −0  VMS/tcpip_shr_decc.opt
  55. +28 −0 VMS/test-includes.com
  56. +1 −0  VMS/ucx_shr_decc.opt
  57. +1 −0  VMS/ucx_shr_decc_log.opt
  58. +1 −0  VMS/ucx_shr_vaxc.opt
  59. +220 −0 apps/CA.com
  60. +189 −0 apps/CA.pl
  61. +189 −0 apps/CA.pl.in
  62. +198 −0 apps/CA.sh
  63. +985 −0 apps/Makefile
  64. +218 −0 apps/app_rand.c
  65. +2,571 −0 apps/apps.c
  66. +367 −0 apps/apps.h
  67. +444 −0 apps/asn1pars.c
  68. +1 −0  apps/ca-cert.srl
  69. +15 −0 apps/ca-key.pem
  70. +11 −0 apps/ca-req.pem
  71. +2,993 −0 apps/ca.c
  72. +11 −0 apps/cert.pem
  73. +208 −0 apps/ciphers.c
  74. +24 −0 apps/client.pem
  75. +1,347 −0 apps/cms.c
  76. +446 −0 apps/crl.c
  77. +345 −0 apps/crl2p7.c
  78. +14 −0 apps/demoCA/cacert.pem
  79. +39 −0 apps/demoCA/index.txt
  80. +24 −0 apps/demoCA/private/cakey.pem
  81. +1 −0  apps/demoCA/serial
  82. +552 −0 apps/dgst.c
  83. +352 −0 apps/dh.c
  84. +10 −0 apps/dh1024.pem
  85. +12 −0 apps/dh2048.pem
  86. +18 −0 apps/dh4096.pem
  87. +9 −0 apps/dh512.pem
  88. +557 −0 apps/dhparam.c
  89. +40 −0 apps/dsa-ca.pem
  90. +46 −0 apps/dsa-pca.pem
  91. +333 −0 apps/dsa.c
  92. +9 −0 apps/dsa1024.pem
  93. +6 −0 apps/dsa512.pem
  94. +6 −0 apps/dsap.pem
Sorry, we could not display the entire diff because too many files (2,087) changed.
8,490 CHANGES
8,490 additions, 0 deletions not shown
968 CHANGES.SSLeay
@@ -0,0 +1,968 @@
+This file contains the changes for the SSLeay library up to version
+0.9.0b. For later changes, see the file "CHANGES".
+
+ SSLeay CHANGES
+ ______________
+
+Changes between 0.8.x and 0.9.0b
+
+10-Apr-1998
+
+I said the next version would go out at easter, and so it shall.
+I expect a 0.9.1 will follow with portability fixes in the next few weeks.
+
+This is a quick, meet the deadline. Look to ssl-users for comments on what
+is new etc.
+
+eric (about to go bushwalking for the 4 day easter break :-)
+
+16-Mar-98
+ - Patch for Cray T90 from Wayne Schroeder <schroede@SDSC.EDU>
+ - Lots and lots of changes
+
+29-Jan-98
+ - ASN1_BIT_STRING_set_bit()/ASN1_BIT_STRING_get_bit() from
+ Goetz Babin-Ebell <babinebell@trustcenter.de>.
+ - SSL_version() now returns SSL2_VERSION, SSL3_VERSION or
+ TLS1_VERSION.
+
+7-Jan-98
+ - Finally reworked the cipher string to ciphers again, so it
+ works correctly
+ - All the app_data stuff is now ex_data with funcion calls to access.
+ The index is supplied by a function and 'methods' can be setup
+ for the types that are called on XXX_new/XXX_free. This lets
+ applications get notified on creation and destruction. Some of
+ the RSA methods could be implemented this way and I may do so.
+ - Oh yes, SSL under perl5 is working at the basic level.
+
+15-Dec-97
+ - Warning - the gethostbyname cache is not fully thread safe,
+ but it should work well enough.
+ - Major internal reworking of the app_data stuff. More functions
+ but if you were accessing ->app_data directly, things will
+ stop working.
+ - The perlv5 stuff is working. Currently on message digests,
+ ciphers and the bignum library.
+
+9-Dec-97
+ - Modified re-negotiation so that server initated re-neg
+ will cause a SSL_read() to return -1 should retry.
+ The danger otherwise was that the server and the
+ client could end up both trying to read when using non-blocking
+ sockets.
+
+4-Dec-97
+ - Lots of small changes
+ - Fix for binaray mode in Windows for the FILE BIO, thanks to
+ Bob Denny <rdenny@dc3.com>
+
+17-Nov-97
+ - Quite a few internal cleanups, (removal of errno, and using macros
+ defined in e_os.h).
+ - A bug in ca.c, pointed out by yasuyuki-ito@d-cruise.co.jp, where
+ the automactic naming out output files was being stuffed up.
+
+29-Oct-97
+ - The Cast5 cipher has been added. MD5 and SHA-1 are now in assember
+ for x86.
+
+21-Oct-97
+ - Fixed a bug in the BIO_gethostbyname() cache.
+
+15-Oct-97
+ - cbc mode for blowfish/des/3des is now in assember. Blowfish asm
+ has also been improved. At this point in time, on the pentium,
+ md5 is %80 faster, the unoptimesed sha-1 is %79 faster,
+ des-cbc is %28 faster, des-ede3-cbc is %9 faster and blowfish-cbc
+ is %62 faster.
+
+12-Oct-97
+ - MEM_BUF_grow() has been fixed so that it always sets the buf->length
+ to the value we are 'growing' to. Think of MEM_BUF_grow() as the
+ way to set the length value correctly.
+
+10-Oct-97
+ - I now hash for certificate lookup on the raw DER encoded RDN (md5).
+ This breaks things again :-(. This is efficent since I cache
+ the DER encoding of the RDN.
+ - The text DN now puts in the numeric OID instead of UNKNOWN.
+ - req can now process arbitary OIDs in the config file.
+ - I've been implementing md5 in x86 asm, much faster :-).
+ - Started sha1 in x86 asm, needs more work.
+ - Quite a few speedups in the BN stuff. RSA public operation
+ has been made faster by caching the BN_MONT_CTX structure.
+ The calulating of the Ai where A*Ai === 1 mod m was rather
+ expensive. Basically a 40-50% speedup on public operations.
+ The RSA speedup is now 15% on pentiums and %20 on pentium
+ pro.
+
+30-Sep-97
+ - After doing some profiling, I added x86 adm for bn_add_words(),
+ which just adds 2 arrays of longs together. A %10 speedup
+ for 512 and 1024 bit RSA on the pentium pro.
+
+29-Sep-97
+ - Converted the x86 bignum assembler to us the perl scripts
+ for generation.
+
+23-Sep-97
+ - If SSL_set_session() is passed a NULL session, it now clears the
+ current session-id.
+
+22-Sep-97
+ - Added a '-ss_cert file' to apps/ca.c. This will sign selfsigned
+ certificates.
+ - Bug in crypto/evp/encode.c where by decoding of 65 base64
+ encoded lines, one line at a time (via a memory BIO) would report
+ EOF after the first line was decoded.
+ - Fix in X509_find_by_issuer_and_serial() from
+ Dr Stephen Henson <shenson@bigfoot.com>
+
+19-Sep-97
+ - NO_FP_API and NO_STDIO added.
+ - Put in sh config command. It auto runs Configure with the correct
+ parameters.
+
+18-Sep-97
+ - Fix x509.c so if a DSA cert has different parameters to its parent,
+ they are left in place. Not tested yet.
+
+16-Sep-97
+ - ssl_create_cipher_list() had some bugs, fixes from
+ Patrick Eisenacher <eisenach@stud.uni-frankfurt.de>
+ - Fixed a bug in the Base64 BIO, where it would return 1 instead
+ of -1 when end of input was encountered but should retry.
+ Basically a Base64/Memory BIO interaction problem.
+ - Added a HMAC set of functions in preporarion for TLS work.
+
+15-Sep-97
+ - Top level makefile tweak - Cameron Simpson <cs@zip.com.au>
+ - Prime generation spead up %25 (512 bit prime, pentium pro linux)
+ by using montgomery multiplication in the prime number test.
+
+11-Sep-97
+ - Ugly bug in ssl3_write_bytes(). Basically if application land
+ does a SSL_write(ssl,buf,len) where len > 16k, the SSLv3 write code
+ did not check the size and tried to copy the entire buffer.
+ This would tend to cause memory overwrites since SSLv3 has
+ a maximum packet size of 16k. If your program uses
+ buffers <= 16k, you would probably never see this problem.
+ - Fixed a new errors that were cause by malloc() not returning
+ 0 initialised memory..
+ - SSL_OP_NETSCAPE_CA_DN_BUG was being switched on when using
+ SSL_CTX_set_options(ssl_ctx,SSL_OP_ALL); which was a bad thing
+ since this flags stops SSLeay being able to handle client
+ cert requests correctly.
+
+08-Sep-97
+ - SSL_SESS_CACHE_NO_INTERNAL_LOOKUP option added. When switched
+ on, the SSL server routines will not use a SSL_SESSION that is
+ held in it's cache. This in intended to be used with the session-id
+ callbacks so that while the session-ids are still stored in the
+ cache, the decision to use them and how to look them up can be
+ done by the callbacks. The are the 'new', 'get' and 'remove'
+ callbacks. This can be used to determine the session-id
+ to use depending on information like which port/host the connection
+ is coming from. Since the are also SSL_SESSION_set_app_data() and
+ SSL_SESSION_get_app_data() functions, the application can hold
+ information against the session-id as well.
+
+03-Sep-97
+ - Added lookup of CRLs to the by_dir method,
+ X509_load_crl_file() also added. Basically it means you can
+ lookup CRLs via the same system used to lookup certificates.
+ - Changed things so that the X509_NAME structure can contain
+ ASN.1 BIT_STRINGS which is required for the unique
+ identifier OID.
+ - Fixed some problems with the auto flushing of the session-id
+ cache. It was not occuring on the server side.
+
+02-Sep-97
+ - Added SSL_CTX_sess_cache_size(SSL_CTX *ctx,unsigned long size)
+ which is the maximum number of entries allowed in the
+ session-id cache. This is enforced with a simple FIFO list.
+ The default size is 20*1024 entries which is rather large :-).
+ The Timeout code is still always operating.
+
+01-Sep-97
+ - Added an argument to all the 'generate private key/prime`
+ callbacks. It is the last parameter so this should not
+ break existing code but it is needed for C++.
+ - Added the BIO_FLAGS_BASE64_NO_NL flag for the BIO_f_base64()
+ BIO. This lets the BIO read and write base64 encoded data
+ without inserting or looking for '\n' characters. The '-A'
+ flag turns this on when using apps/enc.c.
+ - RSA_NO_PADDING added to help BSAFE functionality. This is a
+ very dangerous thing to use, since RSA private key
+ operations without random padding bytes (as PKCS#1 adds) can
+ be attacked such that the private key can be revealed.
+ - ASN.1 bug and rc2-40-cbc and rc4-40 added by
+ Dr Stephen Henson <shenson@bigfoot.com>
+
+31-Aug-97 (stuff added while I was away)
+ - Linux pthreads by Tim Hudson (tjh@cryptsoft.com).
+ - RSA_flags() added allowing bypass of pub/priv match check
+ in ssl/ssl_rsa.c - Tim Hudson.
+ - A few minor bugs.
+
+SSLeay 0.8.1 released.
+
+19-Jul-97
+ - Server side initated dynamic renegotiation is broken. I will fix
+ it when I get back from holidays.
+
+15-Jul-97
+ - Quite a few small changes.
+ - INVALID_SOCKET usage cleanups from Alex Kiernan <alex@hisoft.co.uk>
+
+09-Jul-97
+ - Added 2 new values to the SSL info callback.
+ SSL_CB_START which is passed when the SSL protocol is started
+ and SSL_CB_DONE when it has finished sucsessfully.
+
+08-Jul-97
+ - Fixed a few bugs problems in apps/req.c and crypto/asn1/x_pkey.c
+ that related to DSA public/private keys.
+ - Added all the relevent PEM and normal IO functions to support
+ reading and writing RSAPublic keys.
+ - Changed makefiles to use ${AR} instead of 'ar r'
+
+07-Jul-97
+ - Error in ERR_remove_state() that would leave a dangling reference
+ to a free()ed location - thanks to Alex Kiernan <alex@hisoft.co.uk>
+ - s_client now prints the X509_NAMEs passed from the server
+ when requesting a client cert.
+ - Added a ssl->type, which is one of SSL_ST_CONNECT or
+ SSL_ST_ACCEPT. I had to add it so I could tell if I was
+ a connect or an accept after the handshake had finished.
+ - SSL_get_client_CA_list(SSL *s) now returns the CA names
+ passed by the server if called by a client side SSL.
+
+05-Jul-97
+ - Bug in X509_NAME_get_text_by_OBJ(), looking starting at index
+ 0, not -1 :-( Fix from Tim Hudson (tjh@cryptsoft.com).
+
+04-Jul-97
+ - Fixed some things in X509_NAME_add_entry(), thanks to
+ Matthew Donald <matthew@world.net>.
+ - I had a look at the cipher section and though that it was a
+ bit confused, so I've changed it.
+ - I was not setting up the RC4-64-MD5 cipher correctly. It is
+ a MS special that appears in exported MS Money.
+ - Error in all my DH ciphers. Section 7.6.7.3 of the SSLv3
+ spec. I was missing the two byte length header for the
+ ClientDiffieHellmanPublic value. This is a packet sent from
+ the client to the server. The SSL_OP_SSLEAY_080_CLIENT_DH_BUG
+ option will enable SSLeay server side SSLv3 accept either
+ the correct or my 080 packet format.
+ - Fixed a few typos in crypto/pem.org.
+
+02-Jul-97
+ - Alias mapping for EVP_get_(digest|cipher)byname is now
+ performed before a lookup for actual cipher. This means
+ that an alias can be used to 're-direct' a cipher or a
+ digest.
+ - ASN1_read_bio() had a bug that only showed up when using a
+ memory BIO. When EOF is reached in the memory BIO, it is
+ reported as a -1 with BIO_should_retry() set to true.
+
+01-Jul-97
+ - Fixed an error in X509_verify_cert() caused by my
+ miss-understanding how 'do { contine } while(0);' works.
+ Thanks to Emil Sit <sit@mit.edu> for educating me :-)
+
+30-Jun-97
+ - Base64 decoding error. If the last data line did not end with
+ a '=', sometimes extra data would be returned.
+ - Another 'cut and paste' bug in x509.c related to setting up the
+ STDout BIO.
+
+27-Jun-97
+ - apps/ciphers.c was not printing due to an editing error.
+ - Alex Kiernan <alex@hisoft.co.uk> send in a nice fix for
+ a library build error in util/mk1mf.pl
+
+26-Jun-97
+ - Still did not have the auto 'experimental' code removal
+ script correct.
+ - A few header tweaks for Watcom 11.0 under Win32 from
+ Rolf Lindemann <Lindemann@maz-hh.de>
+ - 0 length OCTET_STRING bug in asn1_parse
+ - A minor fix with an non-existent function in the MS .def files.
+ - A few changes to the PKCS7 stuff.
+
+25-Jun-97
+ SSLeay 0.8.0 finally it gets released.
+
+24-Jun-97
+ Added a SSL_OP_EPHEMERAL_RSA option which causes all SSLv3 RSA keys to
+ use a temporary RSA key. This is experimental and needs some more work.
+ Fixed a few Win16 build problems.
+
+23-Jun-97
+ SSLv3 bug. I was not doing the 'lookup' of the CERT structure
+ correctly. I was taking the SSL->ctx->default_cert when I should
+ have been using SSL->cert. The bug was in ssl/s3_srvr.c
+
+20-Jun-97
+ X509_ATTRIBUTES were being encoded wrongly by apps/reg.c and the
+ rest of the library. Even though I had the code required to do
+ it correctly, apps/req.c was doing the wrong thing. I have fixed
+ and tested everything.
+
+ Missing a few #ifdef FIONBIO sections in crypto/bio/bss_acpt.c.
+
+19-Jun-97
+ Fixed a bug in the SSLv2 server side first packet handling. When
+ using the non-blocking test BIO, the ssl->s2->first_packet flag
+ was being reset when a would-block failure occurred when reading
+ the first 5 bytes of the first packet. This caused the checking
+ logic to run at the wrong time and cause an error.
+
+ Fixed a problem with specifying cipher. If RC4-MD5 were used,
+ only the SSLv3 version would be picked up. Now this will pick
+ up both SSLv2 and SSLv3 versions. This required changing the
+ SSL_CIPHER->mask values so that they only mask the ciphers,
+ digests, authentication, export type and key-exchange algorithms.
+
+ I found that when a SSLv23 session is established, a reused
+ session, of type SSLv3 was attempting to write the SSLv2
+ ciphers, which were invalid. The SSL_METHOD->put_cipher_by_char
+ method has been modified so it will only write out cipher which
+ that method knows about.
+
+
+ Changes between 0.8.0 and 0.8.1
+
+ *) Mostly bug fixes.
+ There is an Ephemeral DH cipher problem which is fixed.
+
+ SSLeay 0.8.0
+
+This version of SSLeay has quite a lot of things different from the
+previous version.
+
+Basically check all callback parameters, I will be producing documentation
+about how to use things in th future. Currently I'm just getting 080 out
+the door. Please not that there are several ways to do everything, and
+most of the applications in the apps directory are hybrids, some using old
+methods and some using new methods.
+
+Have a look in demos/bio for some very simple programs and
+apps/s_client.c and apps/s_server.c for some more advanced versions.
+Notes are definitly needed but they are a week or so away.
+
+Anyway, some quick nots from Tim Hudson (tjh@cryptsoft.com)
+---
+Quick porting notes for moving from SSLeay-0.6.x to SSLeay-0.8.x to
+get those people that want to move to using the new code base off to
+a quick start.
+
+Note that Eric has tidied up a lot of the areas of the API that were
+less than desirable and renamed quite a few things (as he had to break
+the API in lots of places anyrate). There are a whole pile of additional
+functions for making dealing with (and creating) certificates a lot
+cleaner.
+
+01-Jul-97
+Tim Hudson
+tjh@cryptsoft.com
+
+---8<---
+
+To maintain code that uses both SSLeay-0.6.x and SSLeay-0.8.x you could
+use something like the following (assuming you #include "crypto.h" which
+is something that you really should be doing).
+
+#if SSLEAY_VERSION_NUMBER >= 0x0800
+#define SSLEAY8
+#endif
+
+buffer.h -> splits into buffer.h and bio.h so you need to include bio.h
+ too if you are working with BIO internal stuff (as distinct
+ from simply using the interface in an opaque manner)
+
+#include "bio.h" - required along with "buffer.h" if you write
+ your own BIO routines as the buffer and bio
+ stuff that was intermixed has been separated
+ out
+
+envelope.h -> evp.h (which should have been done ages ago)
+
+Initialisation ... don't forget these or you end up with code that
+is missing the bits required to do useful things (like ciphers):
+
+SSLeay_add_ssl_algorithms()
+(probably also want SSL_load_error_strings() too but you should have
+ already had that call in place)
+
+SSL_CTX_new() - requires an extra method parameter
+ SSL_CTX_new(SSLv23_method())
+ SSL_CTX_new(SSLv2_method())
+ SSL_CTX_new(SSLv3_method())
+
+ OR to only have the server or the client code
+ SSL_CTX_new(SSLv23_server_method())
+ SSL_CTX_new(SSLv2_server_method())
+ SSL_CTX_new(SSLv3_server_method())
+ or
+ SSL_CTX_new(SSLv23_client_method())
+ SSL_CTX_new(SSLv2_client_method())
+ SSL_CTX_new(SSLv3_client_method())
+
+SSL_set_default_verify_paths() ... renamed to the more appropriate
+SSL_CTX_set_default_verify_paths()
+
+If you want to use client certificates then you have to add in a bit
+of extra stuff in that a SSLv3 server sends a list of those CAs that
+it will accept certificates from ... so you have to provide a list to
+SSLeay otherwise certain browsers will not send client certs.
+
+SSL_CTX_set_client_CA_list(ctx,SSL_load_client_CA_file(s_cert_file));
+
+
+X509_NAME_oneline(X) -> X509_NAME_oneline(X,NULL,0)
+ or provide a buffer and size to copy the
+ result into
+
+X509_add_cert -> X509_STORE_add_cert (and you might want to read the
+ notes on X509_NAME structure changes too)
+
+
+VERIFICATION CODE
+=================
+
+The codes have all be renamed from VERIFY_ERR_* to X509_V_ERR_* to
+more accurately reflect things.
+
+The verification callback args are now packaged differently so that
+extra fields for verification can be added easily in future without
+having to break things by adding extra parameters each release :-)
+
+X509_cert_verify_error_string -> X509_verify_cert_error_string
+
+
+BIO INTERNALS
+=============
+
+Eric has fixed things so that extra flags can be introduced in
+the BIO layer in future without having to play with all the BIO
+modules by adding in some macros.
+
+The ugly stuff using
+ b->flags ~= (BIO_FLAGS_RW|BIO_FLAGS_SHOULD_RETRY)
+becomes
+ BIO_clear_retry_flags(b)
+
+ b->flags |= (BIO_FLAGS_READ|BIO_FLAGS_SHOULD_RETRY)
+becomes
+ BIO_set_retry_read(b)
+
+Also ... BIO_get_retry_flags(b), BIO_set_flags(b)
+
+
+
+OTHER THINGS
+============
+
+X509_NAME has been altered so that it isn't just a STACK ... the STACK
+is now in the "entries" field ... and there are a pile of nice functions
+for getting at the details in a much cleaner manner.
+
+SSL_CTX has been altered ... "cert" is no longer a direct member of this
+structure ... things are now down under "cert_store" (see x509_vfy.h) and
+things are no longer in a CERTIFICATE_CTX but instead in a X509_STORE.
+If your code "knows" about this level of detail then it will need some
+surgery.
+
+If you depending on the incorrect spelling of a number of the error codes
+then you will have to change your code as these have been fixed.
+
+ENV_CIPHER "type" got renamed to "nid" and as that is what it actually
+has been all along so this makes things clearer.
+ify_cert_error_string(ctx->error));
+
+SSL_R_NO_CIPHER_WE_TRUST -> SSL_R_NO_CIPHER_LIST
+ and SSL_R_REUSE_CIPHER_LIST_NOT_ZERO
+
+
+
+ Changes between 0.7.x and 0.8.0
+
+ *) There have been lots of changes, mostly the addition of SSLv3.
+ There have been many additions from people and amongst
+ others, C2Net has assisted greatly.
+
+ Changes between 0.7.x and 0.7.x
+
+ *) Internal development version only
+
+SSLeay 0.6.6 13-Jan-1997
+
+The main additions are
+
+- assember for x86 DES improvments.
+ From 191,000 per second on a pentium 100, I now get 281,000. The inner
+ loop and the IP/FP modifications are from
+ Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk>. Many thanks for his
+ contribution.
+- The 'DES macros' introduced in 0.6.5 now have 3 types.
+ DES_PTR1, DES_PTR2 and 'normal'. As per before, des_opts reports which
+ is best and there is a summery of mine in crypto/des/options.txt
+- A few bug fixes.
+- Added blowfish. It is not used by SSL but all the other stuff that
+ deals with ciphers can use it in either ecb, cbc, cfb64 or ofb64 modes.
+ There are 3 options for optimising Blowfish. BF_PTR, BF_PTR2 and 'normal'.
+ BF_PTR2 is pentium/x86 specific. The correct option is setup in
+ the 'Configure' script.
+- There is now a 'get client certificate' callback which can be
+ 'non-blocking'. If more details are required, let me know. It will
+ documented more in SSLv3 when I finish it.
+- Bug fixes from 0.6.5 including the infamous 'ca' bug. The 'make test'
+ now tests the ca program.
+- Lots of little things modified and tweaked.
+
+ SSLeay 0.6.5
+
+After quite some time (3 months), the new release. I have been very busy
+for the last few months and so this is mostly bug fixes and improvments.
+
+The main additions are
+
+- assember for x86 DES. For all those gcc based systems, this is a big
+ improvement. From 117,000 DES operation a second on a pentium 100,
+ I now get 191,000. I have also reworked the C version so it
+ now gives 148,000 DESs per second.
+- As mentioned above, the inner DES macros now have some more variant that
+ sometimes help, sometimes hinder performance. There are now 3 options
+ DES_PTR (ptr vs array lookup), DES_UNROLL (full vs partial loop unrolling)
+ and DES_RISC (a more register intensive version of the inner macro).
+ The crypto/des/des_opts.c program, when compiled and run, will give
+ an indication of the correct options to use.
+- The BIO stuff has been improved. Read doc/bio.doc. There are now
+ modules for encryption and base64 encoding and a BIO_printf() function.
+- The CA program will accept simple one line X509v3 extensions in the
+ ssleay.cnf file. Have a look at the example. Currently this just
+ puts the text into the certificate as an OCTET_STRING so currently
+ the more advanced X509v3 data types are not handled but this is enough
+ for the netscape extensions.
+- There is the start of a nicer higher level interface to the X509
+ strucutre.
+- Quite a lot of bug fixes.
+- CRYPTO_malloc_init() (or CRYPTO_set_mem_functions()) can be used
+ to define the malloc(), free() and realloc() routines to use
+ (look in crypto/crypto.h). This is mostly needed for Windows NT/95 when
+ using DLLs and mixing CRT libraries.
+
+In general, read the 'VERSION' file for changes and be aware that some of
+the new stuff may not have been tested quite enough yet, so don't just plonk
+in SSLeay 0.6.5 when 0.6.4 used to work and expect nothing to break.
+
+SSLeay 0.6.4 30/08/96 eay
+
+I've just finished some test builds on Windows NT, Windows 3.1, Solaris 2.3,
+Solaris 2.5, Linux, IRIX, HPUX 10 and everthing seems to work :-).
+
+The main changes in this release
+
+- Thread safe. have a read of doc/threads.doc and play in the mt directory.
+ For anyone using 0.6.3 with threads, I found 2 major errors so consider
+ moving to 0.6.4. I have a test program that builds under NT and
+ solaris.
+- The get session-id callback has changed. Have a read of doc/callback.doc.
+- The X509_cert_verify callback (the SSL_verify callback) now
+ has another argument. Have a read of doc/callback.doc
+- 'ca -preserve', sign without re-ordering the DN. Not tested much.
+- VMS support.
+- Compile time memory leak detection can now be built into SSLeay.
+ Read doc/memory.doc
+- CONF routines now understand '\', '\n', '\r' etc. What this means is that
+ the SPKAC object mentioned in doc/ns-ca.doc can be on multiple lines.
+- 'ssleay ciphers' added, lists the default cipher list for SSLeay.
+- RC2 key setup is now compatable with Netscape.
+- Modifed server side of SSL implementation, big performance difference when
+ using session-id reuse.
+
+0.6.3
+
+Bug fixes and the addition of some nice stuff to the 'ca' program.
+Have a read of doc/ns-ca.doc for how hit has been modified so
+it can be driven from a CGI script. The CGI script is not provided,
+but that is just being left as an excersize for the reader :-).
+
+0.6.2
+
+This is most bug fixes and functionality improvements.
+
+Additions are
+- More thread debugging patches, the thread stuff is still being
+ tested, but for those keep to play with stuff, have a look in
+ crypto/cryptlib.c. The application needs to define 1 (or optionaly
+ a second) callback that is used to implement locking. Compiling
+ with LOCK_DEBUG spits out lots of locking crud :-).
+ This is what I'm currently working on.
+- SSL_CTX_set_default_passwd_cb() can be used to define the callback
+ function used in the SSL*_file() functions used to load keys. I was
+ always of the opinion that people should call
+ PEM_read_RSAPrivateKey() and pass the callback they want to use, but
+ it appears they just want to use the SSL_*_file() function() :-(.
+- 'enc' now has a -kfile so a key can be read from a file. This is
+ mostly used so that the passwd does not appear when using 'ps',
+ which appears imposible to stop under solaris.
+- X509v3 certificates now work correctly. I even have more examples
+ in my tests :-). There is now a X509_EXTENSION type that is used in
+ X509v3 certificates and CRLv2.
+- Fixed that signature type error :-(
+- Fixed quite a few potential memory leaks and problems when reusing
+ X509, CRL and REQ structures.
+- EVP_set_pw_prompt() now sets the library wide default password
+ prompt.
+- The 'pkcs7' command will now, given the -print_certs flag, output in
+ pem format, all certificates and CRL contained within. This is more
+ of a pre-emtive thing for the new verisign distribution method. I
+ should also note, that this also gives and example in code, of how
+ to do this :-), or for that matter, what is involved in going the
+ other way (list of certs and crl -> pkcs7).
+- Added RSA's DESX to the DES library. It is also available via the
+ EVP_desx_cbc() method and via 'enc desx'.
+
+SSLeay 0.6.1
+
+The main functional changes since 0.6.0 are as follows
+- Bad news, the Microsoft 060 DLL's are not compatable, but the good news is
+ that from now on, I'll keep the .def numbers the same so they will be.
+- RSA private key operations are about 2 times faster that 0.6.0
+- The SSL_CTX now has more fields so default values can be put against
+ it. When an SSL structure is created, these default values are used
+ but can be overwritten. There are defaults for cipher, certificate,
+ private key, verify mode and callback. This means SSL session
+ creation can now be
+ ssl=SSL_new()
+ SSL_set_fd(ssl,sock);
+ SSL_accept(ssl)
+ ....
+ All the other uglyness with having to keep a global copy of the
+ private key and certificate/verify mode in the server is now gone.
+- ssl/ssltest.c - one process talking SSL to its self for testing.
+- Storage of Session-id's can be controled via a session_cache_mode
+ flag. There is also now an automatic default flushing of
+ old session-id's.
+- The X509_cert_verify() function now has another parameter, this
+ should not effect most people but it now means that the reason for
+ the failure to verify is now available via SSL_get_verify_result(ssl).
+ You don't have to use a global variable.
+- SSL_get_app_data() and SSL_set_app_data() can be used to keep some
+ application data against the SSL structure. It is upto the application
+ to free the data. I don't use it, but it is available.
+- SSL_CTX_set_cert_verify_callback() can be used to specify a
+ verify callback function that completly replaces my certificate
+ verification code. Xcert should be able to use this :-).
+ The callback is of the form int app_verify_callback(arg,ssl,cert).
+ This needs to be documented more.
+- I have started playing with shared library builds, have a look in
+ the shlib directory. It is very simple. If you need a numbered
+ list of functions, have a look at misc/crypto.num and misc/ssl.num.
+- There is some stuff to do locking to make the library thread safe.
+ I have only started this stuff and have not finished. If anyone is
+ keen to do so, please send me the patches when finished.
+
+So I have finally made most of the additions to the SSL interface that
+I thought were needed.
+
+There will probably be a pause before I make any non-bug/documentation
+related changes to SSLeay since I'm feeling like a bit of a break.
+
+eric - 12 Jul 1996
+I saw recently a comment by some-one that we now seem to be entering
+the age of perpetual Beta software.
+Pioneered by packages like linux but refined to an art form by
+netscape.
+
+I too wish to join this trend with the anouncement of SSLeay 0.6.0 :-).
+
+There are quite a large number of sections that are 'works in
+progress' in this package. I will also list the major changes and
+what files you should read.
+
+BIO - this is the new IO structure being used everywhere in SSLeay. I
+started out developing this because of microsoft, I wanted a mechanism
+to callback to the application for all IO, so Windows 3.1 DLL
+perversion could be hidden from me and the 15 different ways to write
+to a file under NT would also not be dictated by me at library build
+time. What the 'package' is is an API for a data structure containing
+functions. IO interfaces can be written to conform to the
+specification. This in not intended to hide the underlying data type
+from the application, but to hide it from SSLeay :-).
+I have only really finished testing the FILE * and socket/fd modules.
+There are also 'filter' BIO's. Currently I have only implemented
+message digests, and it is in use in the dgst application. This
+functionality will allow base64/encrypto/buffering modules to be
+'push' into a BIO without it affecting the semantics. I'm also
+working on an SSL BIO which will hide the SSL_accept()/SLL_connet()
+from an event loop which uses the interface.
+It is also possible to 'attach' callbacks to a BIO so they get called
+before and after each operation, alowing extensive debug output
+to be generated (try running dgst with -d).
+
+Unfortunaly in the conversion from 0.5.x to 0.6.0, quite a few
+functions that used to take FILE *, now take BIO *.
+The wrappers are easy to write
+
+function_fp(fp,x)
+FILE *fp;
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL) error.....
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=function_bio(b,x);
+ BIO_free(b);
+ return(ret);
+ }
+Remember, there are no functions that take FILE * in SSLeay when
+compiled for Windows 3.1 DLL's.
+
+--
+I have added a general EVP_PKEY type that can hold a public/private
+key. This is now what is used by the EVP_ functions and is passed
+around internally. I still have not done the PKCS#8 stuff, but
+X509_PKEY is defined and waiting :-)
+
+--
+For a full function name listings, have a look at ms/crypt32.def and
+ms/ssl32.def. These are auto-generated but are complete.
+Things like ASN1_INTEGER_get() have been added and are in here if you
+look. I have renamed a few things, again, have a look through the
+function list and you will probably find what you are after. I intend
+to at least put a one line descrition for each one.....
+
+--
+Microsoft - thats what this release is about, read the MICROSOFT file.
+
+--
+Multi-threading support. I have started hunting through the code and
+flaging where things need to be done. In a state of work but high on
+the list.
+
+--
+For random numbers, edit e_os.h and set DEVRANDOM (it's near the top)
+be be you random data device, otherwise 'RFILE' in e_os.h
+will be used, in your home directory. It will be updated
+periodically. The environment variable RANDFILE will override this
+choice and read/write to that file instead. DEVRANDOM is used in
+conjunction to the RFILE/RANDFILE. If you wish to 'seed' the random
+number generator, pick on one of these files.
+
+--
+
+The list of things to read and do
+
+dgst -d
+s_client -state (this uses a callback placed in the SSL state loop and
+ will be used else-where to help debug/monitor what
+ is happening.)
+
+doc/why.doc
+doc/bio.doc <- hmmm, needs lots of work.
+doc/bss_file.doc <- one that is working :-)
+doc/session.doc <- it has changed
+doc/speed.doc
+ also play with ssleay version -a. I have now added a SSLeay()
+ function that returns a version number, eg 0600 for this release
+ which is primarily to be used to check DLL version against the
+ application.
+util/* Quite a few will not interest people, but some may, like
+ mk1mf.pl, mkdef.pl,
+util/do_ms.sh
+
+try
+cc -Iinclude -Icrypto -c crypto/crypto.c
+cc -Iinclude -Issl -c ssl/ssl.c
+You have just built the SSLeay libraries as 2 object files :-)
+
+Have a general rummage around in the bin stall directory and look at
+what is in there, like CA.sh and c_rehash
+
+There are lots more things but it is 12:30am on a Friday night and I'm
+heading home :-).
+
+eric 22-Jun-1996
+This version has quite a few major bug fixes and improvements. It DOES NOT
+do SSLv3 yet.
+
+The main things changed
+- A Few days ago I added the s_mult application to ssleay which is
+ a demo of an SSL server running in an event loop type thing.
+ It supports non-blocking IO, I have finally gotten it right, SSL_accept()
+ can operate in non-blocking IO mode, look at the code to see how :-).
+ Have a read of doc/s_mult as well. This program leaks memory and
+ file descriptors everywhere but I have not cleaned it up yet.
+ This is a demo of how to do non-blocking IO.
+- The SSL session management has been 'worked over' and there is now
+ quite an expansive set of functions to manipulate them. Have a read of
+ doc/session.doc for some-things I quickly whipped up about how it now works.
+ This assume you know the SSLv2 protocol :-)
+- I can now read/write the netscape certificate format, use the
+ -inform/-outform 'net' options to the x509 command. I have not put support
+ for this type in the other demo programs, but it would be easy to add.
+- asn1parse and 'enc' have been modified so that when reading base64
+ encoded files (pem format), they do not require '-----BEGIN' header lines.
+ The 'enc' program had a buffering bug fixed, it can be used as a general
+ base64 -> binary -> base64 filter by doing 'enc -a -e' and 'enc -a -d'
+ respecivly. Leaving out the '-a' flag in this case makes the 'enc' command
+ into a form of 'cat'.
+- The 'x509' and 'req' programs have been fixed and modified a little so
+ that they generate self-signed certificates correctly. The test
+ script actually generates a 'CA' certificate and then 'signs' a
+ 'user' certificate. Have a look at this shell script (test/sstest)
+ to see how things work, it tests most possible combinations of what can
+ be done.
+- The 'SSL_set_pref_cipher()' function has been 'fixed' and the prefered name
+ of SSL_set_cipher_list() is now the correct API (stops confusion :-).
+ If this function is used in the client, only the specified ciphers can
+ be used, with preference given to the order the ciphers were listed.
+ For the server, if this is used, only the specified ciphers will be used
+ to accept connections. If this 'option' is not used, a default set of
+ ciphers will be used. The SSL_CTX_set_cipher_list(SSL_CTX *ctx) sets this
+ list for all ciphers started against the SSL_CTX. So the order is
+ SSL cipher_list, if not present, SSL_CTX cipher list, if not
+ present, then the library default.
+ What this means is that normally ciphers like
+ NULL-MD5 will never be used. The only way this cipher can be used
+ for both ends to specify to use it.
+ To enable or disable ciphers in the library at build time, modify the
+ first field for the cipher in the ssl_ciphers array in ssl/ssl_lib.c.
+ This file also contains the 'pref_cipher' list which is the default
+ cipher preference order.
+- I'm not currently sure if the 'rsa -inform net' and the 'rsa -outform net'
+ options work. They should, and they enable loading and writing the
+ netscape rsa private key format. I will be re-working this section of
+ SSLeay for the next version. What is currently in place is a quick and
+ dirty hack.
+- I've re-written parts of the bignum library. This gives speedups
+ for all platforms. I now provide assembler for use under Windows NT.
+ I have not tested the Windows 3.1 assembler but it is quite simple code.
+ This gives RSAprivate_key operation encryption times of 0.047s (512bit key)
+ and 0.230s (1024bit key) on a pentium 100 which I consider reasonable.
+ Basically the times available under linux/solaris x86 can be achieve under
+ Windows NT. I still don't know how these times compare to RSA's BSAFE
+ library but I have been emailing with people and with their help, I should
+ be able to get my library's quite a bit faster still (more algorithm changes).
+ The object file crypto/bn/asm/x86-32.obj should be used when linking
+ under NT.
+- 'make makefile.one' in the top directory will generate a single makefile
+ called 'makefile.one' This makefile contains no perl references and
+ will build the SSLeay library into the 'tmp' and 'out' directories.
+ util/mk1mf.pl >makefile.one is how this makefile is
+ generated. The mk1mf.pl command take several option to generate the
+ makefile for use with cc, gcc, Visual C++ and Borland C++. This is
+ still under development. I have only build .lib's for NT and MSDOS
+ I will be working on this more. I still need to play with the
+ correct compiler setups for these compilers and add some more stuff but
+ basically if you just want to compile the library
+ on a 'non-unix' platform, this is a very very good file to start with :-).
+ Have a look in the 'microsoft' directory for my current makefiles.
+ I have not yet modified things to link with sockets under Windows NT.
+ You guys should be able to do this since this is actually outside of the
+ SSLeay scope :-). I will be doing it for myself soon.
+ util/mk1mf.pl takes quite a few options including no-rc, rsaref and no-sock
+ to build without RC2/RC4, to require RSAref for linking, and to
+ build with no socket code.
+
+- Oh yes, the cipher that was reported to be compatible with RSA's RC2 cipher
+ that was posted to sci.crypt has been added to the library and SSL.
+ I take the view that if RC2 is going to be included in a standard,
+ I'll include the cipher to make my package complete.
+ There are NO_RC2, NO_RC4 and NO_IDEA macros to remove these ciphers
+ at compile time. I have not tested this recently but it should all work
+ and if you are in the USA and don't want RSA threatening to sue you,
+ you could probably remove the RC4/RC2 code inside these sections.
+ I may in the future include a perl script that does this code
+ removal automatically for those in the USA :-).
+- I have removed all references to sed in the makefiles. So basically,
+ the development environment requires perl and sh. The build environment
+ does not (use the makefile.one makefile).
+ The Configure script still requires perl, this will probably stay that way
+ since I have perl for Windows NT :-).
+
+eric (03-May-1996)
+
+PS Have a look in the VERSION file for more details on the changes and
+ bug fixes.
+I have fixed a few bugs, added alpha and x86 assembler and generally cleaned
+things up. This version will be quite stable, mostly because I'm on
+holidays until 10-March-1996. For any problems in the interum, send email
+to Tim Hudson <tjh@mincom.oz.au>.
+
+SSLeay 0.5.0
+
+12-12-95
+This is going out before it should really be released.
+
+I leave for 11 weeks holidays on the 22-12-95 and so I either sit on
+this for 11 weeks or get things out. It is still going to change a
+lot in the next week so if you do grab this version, please test and
+give me feed back ASAP, inculuding questions on how to do things with
+the library. This will prompt me to write documentation so I don't
+have to answer the same question again :-).
+
+This 'pre' release version is for people who are interested in the
+library. The applications will have to be changed to use
+the new version of the SSL interface. I intend to finish more
+documentation before I leave but until then, look at the programs in
+the apps directory. As far as code goes, it is much much nicer than
+the old version.
+
+The current library works, has no memory leaks (as far as I can tell)
+and is far more bug free that 0.4.5d. There are no global variable of
+consequence (I believe) and I will produce some documentation that
+tell where to look for those people that do want to do multi-threaded
+stuff.
+
+There should be more documentation. Have a look in the
+doc directory. I'll be adding more before I leave, it is a start
+by mostly documents the crypto library. Tim Hudson will update
+the web page ASAP. The spelling and grammar are crap but
+it is better than nothing :-)
+
+Reasons to start playing with version 0.5.0
+- All the programs in the apps directory build into one ssleay binary.
+- There is a new version of the 'req' program that generates certificate
+ requests, there is even documentation for this one :-)
+- There is a demo certification authorithy program. Currently it will
+ look at the simple database and update it. It will generate CRL from
+ the data base. You need to edit the database by hand to revoke a
+ certificate, it is my aim to use perl5/Tk but I don't have time to do
+ this right now. It will generate the certificates but the management
+ scripts still need to be written. This is not a hard task.
+- Things have been cleaned up alot.
+- Have a look at the enc and dgst programs in the apps directory.
+- It supports v3 of x509 certiticates.
+
+
+Major things missing.
+- I have been working on (and thinging about) the distributed x509
+ hierachy problem. I have not had time to put my solution in place.
+ It will have to wait until I come back.
+- I have not put in CRL checking in the certificate verification but
+ it would not be hard to do. I was waiting until I could generate my
+ own CRL (which has only been in the last week) and I don't have time
+ to put it in correctly.
+- Montgomery multiplication need to be implemented. I know the
+ algorithm, just ran out of time.
+- PKCS#7. I can load and write the DER version. I need to re-work
+ things to support BER (if that means nothing, read the ASN1 spec :-).
+- Testing of the higher level digital envelope routines. I have not
+ played with the *_seal() and *_open() type functions. They are
+ written but need testing. The *_sign() and *_verify() functions are
+ rock solid.
+- PEM. Doing this and PKCS#7 have been dependant on the distributed
+ x509 heirachy problem. I started implementing my ideas, got
+ distracted writing a CA program and then ran out of time. I provide
+ the functionality of RSAref at least.
+- Re work the asm. code for the x86. I've changed by low level bignum
+ interface again, so I really need to tweak the x86 stuff. gcc is
+ good enough for the other boxes.
+
2,094 Configure
@@ -0,0 +1,2094 @@
+:
+eval 'exec perl -S $0 ${1+"$@"}'
+ if $running_under_some_shell;
+##
+## Configure -- OpenSSL source tree configuration script
+##
+
+require 5.000;
+eval 'use strict;';
+
+print STDERR "Warning: perl module strict not found.\n" if ($@);
+
+# see INSTALL for instructions.
+
+my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [enable-montasm] [no-asm] [no-dso] [no-krb5] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] os/compiler[:flags]\n";
+
+# Options:
+#
+# --openssldir install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
+# --prefix option is given; /usr/local/ssl otherwise)
+# --prefix prefix for the OpenSSL include, lib and bin directories
+# (Default: the OPENSSLDIR directory)
+#
+# --install_prefix Additional prefix for package builders (empty by
+# default). This needn't be set in advance, you can
+# just as well use "make INSTALL_PREFIX=/whatever install".
+#
+# --with-krb5-dir Declare where Kerberos 5 lives. The libraries are expected
+# to live in the subdirectory lib/ and the header files in
+# include/. A value is required.
+# --with-krb5-lib Declare where the Kerberos 5 libraries live. A value is
+# required.
+# (Default: KRB5_DIR/lib)
+# --with-krb5-include Declare where the Kerberos 5 header files live. A
+# value is required.
+# (Default: KRB5_DIR/include)
+# --with-krb5-flavor Declare what flavor of Kerberos 5 is used. Currently
+# supported values are "MIT" and "Heimdal". A value is required.
+#
+# --test-sanity Make a number of sanity checks on the data in this file.
+# This is a debugging tool for OpenSSL developers.
+#
+# no-hw-xxx do not compile support for specific crypto hardware.
+# Generic OpenSSL-style methods relating to this support
+# are always compiled but return NULL if the hardware
+# support isn't compiled.
+# no-hw do not compile support for any crypto hardware.
+# [no-]threads [don't] try to create a library that is suitable for
+# multithreaded applications (default is "threads" if we
+# know how to do it)
+# [no-]shared [don't] try to create shared libraries when supported.
+# no-asm do not use assembler
+# no-dso do not compile in any native shared-library methods. This
+# will ensure that all methods just return NULL.
+# no-krb5 do not compile in any KRB5 library or code.
+# [no-]zlib [don't] compile support for zlib compression.
+# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
+# library and will be loaded in run-time by the OpenSSL library.
+# enable-montasm 0.9.8 branch only: enable Montgomery x86 assembler backport
+# from 0.9.9
+# 386 generate 80386 code
+# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
+# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
+# -<xxx> +<xxx> compiler options are passed through
+#
+# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
+# provided to stack calls. Generates unique stack functions for
+# each possible stack type.
+# DES_PTR use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
+# DES_RISC1 use different DES_ENCRYPT macro that helps reduce register
+# dependancies but needs to more registers, good for RISC CPU's
+# DES_RISC2 A different RISC variant.
+# DES_UNROLL unroll the inner DES loop, sometimes helps, somtimes hinders.
+# DES_INT use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
+# This is used on the DEC Alpha where long is 8 bytes
+# and int is 4
+# BN_LLONG use the type 'long long' in crypto/bn/bn.h
+# MD2_CHAR use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
+# MD2_LONG use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
+# IDEA_SHORT use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
+# IDEA_LONG use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
+# RC2_SHORT use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
+# RC2_LONG use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
+# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+# RC4_LONG use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
+# RC4_INDEX define RC4_INDEX in crypto/rc4/rc4_locl.h. This turns on
+# array lookups instead of pointer use.
+# RC4_CHUNK enables code that handles data aligned at long (natural CPU
+# word) boundary.
+# RC4_CHUNK_LL enables code that handles data aligned at long long boundary
+# (intended for 64-bit CPUs running 32-bit OS).
+# BF_PTR use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
+# BF_PTR2 intel specific version (generic version is more efficient).
+#
+# Following are set automatically by this script
+#
+# MD5_ASM use some extra md5 assember,
+# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86
+# RMD160_ASM use some extra ripemd160 assember,
+# SHA256_ASM sha256_block is implemented in assembler
+# SHA512_ASM sha512_block is implemented in assembler
+# AES_ASM ASE_[en|de]crypt is implemented in assembler
+
+# Minimum warning options... any contributions to OpenSSL should at least get
+# past these.
+
+my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DOPENSSL_NO_DEPRECATED";
+
+my $strict_warnings = 0;
+
+my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";
+
+# MD2_CHAR slags pentium pros
+my $x86_gcc_opts="RC4_INDEX MD2_INT";
+
+# MODIFY THESE PARAMETERS IF YOU ARE GOING TO USE THE 'util/speed.sh SCRIPT
+# Don't worry about these normally
+
+my $tcc="cc";
+my $tflags="-fast -Xa";
+my $tbn_mul="";
+my $tlib="-lnsl -lsocket";
+#$bits1="SIXTEEN_BIT ";
+#$bits2="THIRTY_TWO_BIT ";
+my $bits1="THIRTY_TWO_BIT ";
+my $bits2="SIXTY_FOUR_BIT ";
+
+my $x86_elf_asm="x86cpuid-elf.o:bn86-elf.o co86-elf.o MAYBE-MO86-elf.o:dx86-elf.o yx86-elf.o:ax86-elf.o:bx86-elf.o:mx86-elf.o:sx86-elf.o s512sse2-elf.o:cx86-elf.o:rx86-elf.o rc4_skey.o:rm86-elf.o:r586-elf.o";
+my $x86_coff_asm="x86cpuid-cof.o:bn86-cof.o co86-cof.o MAYBE-MO86-cof.o:dx86-cof.o yx86-cof.o:ax86-cof.o:bx86-cof.o:mx86-cof.o:sx86-cof.o s512sse2-cof.o:cx86-cof.o:rx86-cof.o rc4_skey.o:rm86-cof.o:r586-cof.o";
+my $x86_out_asm="x86cpuid-out.o:bn86-out.o co86-out.o MAYBE-MO86-out.o:dx86-out.o yx86-out.o:ax86-out.o:bx86-out.o:mx86-out.o:sx86-out.o s512sse2-out.o:cx86-out.o:rx86-out.o rc4_skey.o:rm86-out.o:r586-out.o";
+
+my $x86_64_asm="x86_64cpuid.o:x86_64-gcc.o x86_64-mont.o::aes-x86_64.o::md5-x86_64.o:sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o::rc4-x86_64.o::";
+my $ia64_asm=":bn-ia64.o::aes_core.o aes_cbc.o aes-ia64.o:::sha1-ia64.o sha256-ia64.o sha512-ia64.o::rc4-ia64.o rc4_skey.o::";
+
+my $no_asm="::::::::::";
+
+# As for $BSDthreads. Idea is to maintain "collective" set of flags,
+# which would cover all BSD flavors. -pthread applies to them all,
+# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
+# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
+# which has to be accompanied by explicit -D_THREAD_SAFE and
+# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
+# seems to be sufficient?
+my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";
+
+#config-string $cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags
+
+my %table=(
+# File 'TABLE' (created by 'make TABLE') contains the data from this list,
+# formatted for better readability.
+
+
+#"b", "${tcc}:${tflags}::${tlib}:${bits1}:${tbn_mul}::",
+#"bl-4c-2c", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR MD2_CHAR:${tbn_mul}::",
+#"bl-4c-ri", "${tcc}:${tflags}::${tlib}:${bits1}BN_LLONG RC4_CHAR RC4_INDEX:${tbn_mul}::",
+#"b2-is-ri-dp", "${tcc}:${tflags}::${tlib}:${bits2}IDEA_SHORT RC4_INDEX DES_PTR:${tbn_mul}::",
+
+# Our development configs
+"purify", "purify gcc:-g -DPURIFY -Wall::(unknown)::-lsocket -lnsl::::",
+"debug", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -ggdb -g2 -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror::(unknown)::-lefence::::",
+"debug-ben", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown):::::bn86-elf.o co86-elf.o",
+"debug-ben-openbsd","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+"debug-ben-openbsd-debug","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DOPENSSL_OPENBSD_DEV_CRYPTO -DOPENSSL_NO_ASM -g3 -O2 -pedantic -Wall -Wshadow -Werror -pipe::(unknown)::::",
+"debug-ben-debug", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -O2 -pipe::(unknown)::::::",
+"debug-ben-debug-noopt", "gcc:$gcc_devteam_warn -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -ggdb3 -pipe::(unknown)::::::",
+"debug-ben-strict", "gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DCONST_STRICT -O2 -Wall -Wshadow -Werror -Wpointer-arith -Wcast-qual -Wwrite-strings -pipe::(unknown)::::::",
+"debug-rse","cc:-DTERMIOS -DL_ENDIAN -pipe -O -g -ggdb3 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-bodo", "gcc:-DL_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DBIO_PAIR_DEBUG -DPEDANTIC -g -march=i486 -pedantic -Wshadow -Wall -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+"debug-ulf", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DBN_DEBUG_RAND -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations:::CYGWIN32:::${no_asm}:win32:cygwin-shared:::.dll",
+"debug-steve64", "gcc:$gcc_devteam_warn -m64 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve32", "gcc:$gcc_devteam_warn -m32 -DL_ENDIAN -DCONF_DEBUG -DDEBUG_SAFESTACK -g -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve-opt", "gcc:$gcc_devteam_warn -m64 -O3 -DL_ENDIAN -DTERMIO -DCONF_DEBUG -DDEBUG_SAFESTACK -g -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-steve", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DPEDANTIC -m32 -g -pedantic -Wno-long-long -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared",
+"debug-steve-linux-pseudo64", "gcc:-DL_ENDIAN -DREF_CHECK -DCONF_DEBUG -DBN_CTX_DEBUG -DDEBUG_SAFESTACK -DCRYPTO_MDEBUG_ALL -DOPENSSL_NO_ASM -g -mcpu=i486 -Wall -Werror -Wshadow -pipe::-D_REENTRANT::-rdynamic -ldl:SIXTY_FOUR_BIT:${no_asm}:dlfcn:linux-shared",
+"debug-levitte-linux-elf","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-elf-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-levitte-linux-noasm-extreme","gcc:-DLEVITTE_DEBUG -DREF_CHECK -DCONF_DEBUG -DBN_DEBUG -DBN_DEBUG_RAND -DCRYPTO_MDEBUG -DENGINE_CONF_DEBUG -DOPENSSL_NO_ASM -DL_ENDIAN -DTERMIO -D_POSIX_SOURCE -DPEDANTIC -ggdb -g3 -mcpu=i486 -pedantic -ansi -Wall -W -Wundef -Wshadow -Wcast-align -Wstrict-prototypes -Wmissing-prototypes -Wno-long-long -Wundef -Wconversion -pipe::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-geoff","gcc:-DBN_DEBUG -DBN_DEBUG_RAND -DBN_STRICT -DPURIFY -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_ASM -DOPENSSL_NO_INLINE_ASM -DL_ENDIAN -DTERMIO -DPEDANTIC -O1 -ggdb2 -Wall -Werror -Wundef -pedantic -Wshadow -Wpointer-arith -Wbad-function-cast -Wcast-align -Wsign-compare -Wmissing-prototypes -Wmissing-declarations -Wno-long-long::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-pentium","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentium -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-ppro","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -mcpu=pentiumpro -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn",
+"debug-linux-elf","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-lefence -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-elf-noefence","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DL_ENDIAN -DTERMIO -g -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic32","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-generic64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DTERMIO -g -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-linux-x86_64","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -m64 -DL_ENDIAN -DTERMIO -g -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"dist", "cc:-O::(unknown)::::::",
+
+# Basic configs that should work on any (32 and less bit) box
+"gcc", "gcc:-O3::(unknown):::BN_LLONG:::",
+"cc", "cc:-O::(unknown)::::::",
+
+####VOS Configurations
+"vos-gcc","gcc:-O3 -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
+"debug-vos-gcc","gcc:-O0 -g -Wall -D_POSIX_C_SOURCE=200112L -D_BSD -DB_ENDIAN -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG::(unknown):VOS:-Wl,-map:BN_LLONG:${no_asm}:::::.so:",
+
+#### Solaris x86 with GNU C setups
+# -DOPENSSL_NO_INLINE_ASM switches off inline assembler. We have to do it
+# here because whenever GNU C instantiates an assembler template it
+# surrounds it with #APP #NO_APP comment pair which (at least Solaris
+# 7_x86) /usr/ccs/bin/as fails to assemble with "Illegal mnemonic"
+# error message.
+"solaris-x86-gcc","gcc:-O3 -fomit-frame-pointer -march=pentium -Wall -DL_ENDIAN -DOPENSSL_NO_INLINE_ASM::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -shared -static-libgcc might appear controversial, but modules taken
+# from static libgcc do not have relocations and linking them into our
+# shared objects doesn't have any negative side-effects. On the contrary,
+# doing so makes it possible to use gcc shared build with Sun C. Given
+# that gcc generates faster code [thanks to inline assembler], I would
+# actually recommend to consider using gcc shared build even with vendor
+# compiler:-)
+# <appro@fy.chalmers.se>
+"solaris64-x86_64-gcc","gcc:-m64 -O3 -Wall -DL_ENDIAN -DMD32_REG_T=int::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-fPIC:-m64 -shared -static-libgcc:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### Solaris x86 with Sun C setups
+"solaris-x86-cc","cc:-fast -O -Xa::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-x86_64-cc","cc:-fast -xarch=amd64 -xstrconst -Xa -DL_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:solaris-shared:-KPIC:-xarch=amd64 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### SPARC Solaris with GNU C setups
+"solaris-sparcv7-gcc","gcc:-O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-gcc","gcc:-mv8 -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -m32 should be safe to add as long as driver recognizes -mcpu=ultrasparc
+"solaris-sparcv9-gcc","gcc:-m32 -mcpu=ultrasparc -O3 -fomit-frame-pointer -Wall -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-gcc","gcc:-m64 -mcpu=ultrasparc -O3 -Wall -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-m64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+####
+"debug-solaris-sparcv8-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -O -g -mv8 -Wall -DB_ENDIAN::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-gcc","gcc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -DPEDANTIC -O -g -mcpu=ultrasparc -pedantic -ansi -Wall -Wshadow -Wno-long-long -D__EXTENSIONS__ -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-fPIC:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### SPARC Solaris with Sun C setups
+# SC4.0 doesn't pass 'make test', upgrade to SC5.0 or SC4.2.
+# SC4.2 is ok, better than gcc even on bn as long as you tell it -xarch=v8
+# SC5.0 note: Compiler common patch 107357-01 or later is required!
+"solaris-sparcv7-cc","cc:-xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR:${no_asm}:dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv8-cc","cc:-xarch=v8 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris-sparcv9-cc","cc:-xtarget=ultra -xarch=v8plus -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"solaris64-sparcv9-cc","cc:-xtarget=ultra -xarch=v9 -xO5 -xstrconst -xdepend -Xa -DB_ENDIAN::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:solaris-shared:-KPIC:-xarch=v9 -G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR):/usr/ccs/bin/ar rs",
+####
+"debug-solaris-sparcv8-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xarch=v8 -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-solaris-sparcv9-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG_ALL -xtarget=ultra -xarch=v8plus -g -O -xstrconst -Xa -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-lsocket -lnsl -ldl:BN_LLONG RC4_CHAR RC4_CHUNK_LL DES_PTR DES_RISC1 DES_UNROLL BF_PTR::sparcv8plus.o::::::::::dlfcn:solaris-shared:-KPIC:-G -dy -z text:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### SunOS configs, assuming sparc for the gcc one.
+#"sunos-cc", "cc:-O4 -DNOPROTO -DNOCONST::(unknown):SUNOS::DES_UNROLL:${no_asm}::",
+"sunos-gcc","gcc:-O3 -mv8 -Dssize_t=int::(unknown):SUNOS::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL DES_PTR DES_RISC1:${no_asm}::",
+
+#### IRIX 5.x configs
+# -mips2 flag is added by ./config when appropriate.
+"irix-gcc","gcc:-O3 -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK DES_UNROLL DES_RISC2 DES_PTR BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-cc", "cc:-O2 -use_readonly_const -DTERMIOS -DB_ENDIAN::(unknown):::BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:irix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### IRIX 6.x configs
+# Only N32 and N64 ABIs are supported. If you need O32 ABI build, invoke
+# './Configure irix-cc -o32' manually.
+"irix-mips3-gcc","gcc:-mabi=n32 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::MD2_CHAR RC4_INDEX RC4_CHAR RC4_CHUNK_LL DES_UNROLL DES_RISC2 DES_PTR BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix-mips3-cc", "cc:-n32 -mips3 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::DES_PTR RC4_CHAR RC4_CHUNK_LL DES_RISC2 DES_UNROLL BF_PTR SIXTY_FOUR_BIT::bn-mips3.o::::::::::dlfcn:irix-shared::-n32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# N64 ABI builds.
+"irix64-mips4-gcc","gcc:-mabi=64 -mips4 -O3 -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-mabi=64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"irix64-mips4-cc", "cc:-64 -mips4 -O2 -use_readonly_const -G0 -rdata_shared -DTERMIOS -DB_ENDIAN -DBN_DIV3W::-D_SGI_MP_SOURCE:::RC4_CHAR RC4_CHUNK DES_RISC2 DES_UNROLL SIXTY_FOUR_BIT_LONG::bn-mips3.o::::::::::dlfcn:irix-shared::-64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### Unified HP-UX ANSI C configs.
+# Special notes:
+# - Originally we were optimizing at +O4 level. It should be noted
+# that the only difference between +O3 and +O4 is global inter-
+# procedural analysis. As it has to be performed during the link
+# stage the compiler leaves behind certain pseudo-code in lib*.a
+# which might be release or even patch level specific. Generating
+# the machine code for and analyzing the *whole* program appears
+# to be *extremely* memory demanding while the performance gain is
+# actually questionable. The situation is intensified by the default
+# HP-UX data set size limit (infamous 'maxdsiz' tunable) of 64MB
+# which is way too low for +O4. In other words, doesn't +O3 make
+# more sense?
+# - Keep in mind that the HP compiler by default generates code
+# suitable for execution on the host you're currently compiling at.
+# If the toolkit is ment to be used on various PA-RISC processors
+# consider './config +DAportable'.
+# - +DD64 is chosen in favour of +DA2.0W because it's meant to be
+# compatible with *future* releases.
+# - If you run ./Configure hpux-parisc-[g]cc manually don't forget to
+# pass -D_REENTRANT on HP-UX 10 and later.
+# - -DMD32_XARRAY triggers workaround for compiler bug we ran into in
+# 32-bit message digests. (For the moment of this writing) HP C
+# doesn't seem to "digest" too many local variables (they make "him"
+# chew forever:-). For more details look-up MD32_XARRAY comment in
+# crypto/sha/sha_lcl.h.
+# <appro@fy.chalmers.se>
+#
+# Since there is mention of this in shlib/hpux10-cc.sh
+"hpux-parisc-cc-o4","cc:-Ae +O4 +ESlit -z -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc-gcc","gcc:-O3 -DB_ENDIAN -DBN_DIV2W::-D_REENTRANT::-Wl,+s -ldld:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-gcc","gcc:-march=2.0 -O3 -DB_ENDIAN -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT RC4_CHAR RC4_CHUNK DES_PTR DES_UNROLL DES_RISC1::pa-risc2.o::::::::::dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:-fpic:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# More attempts at unified 10.X and 11.X targets for HP C compiler.
+#
+# Chris Ruemmler <ruemmler@cup.hp.com>
+# Kevin Steves <ks@hp.se>
+"hpux-parisc-cc","cc:+O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc1_0-cc","cc:+DAportable +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY::-D_REENTRANT::-Wl,+s -ldld:MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-parisc2-cc","cc:+DA2.0 +DS2.0 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-Wl,+s -ldld:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2.o::::::::::dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-parisc2-cc","cc:+DD64 +O3 +Optrs_strongly_typed -Ae +ESlit -DB_ENDIAN -DMD32_XARRAY -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX RC4_CHAR DES_UNROLL DES_RISC1 DES_INT::pa-risc2W.o::::::::::dlfcn:hpux-shared:+Z:+DD64 -b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# HP/UX IA-64 targets
+"hpux-ia64-cc","cc:-Ae +DD32 +O2 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD32 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# Frank Geurts <frank.geurts@nl.abnamro.com> has patiently assisted with
+# with debugging of the following config.
+"hpux64-ia64-cc","cc:-Ae +DD64 +O3 +Olit=all -z -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:+Z:+DD64 -b:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# GCC builds...
+"hpux-ia64-gcc","gcc:-O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux64-ia64-gcc","gcc:-mlp64 -O3 -DB_ENDIAN -D_REENTRANT::::-ldl:SIXTY_FOUR_BIT_LONG MD2_CHAR RC4_INDEX DES_UNROLL DES_RISC1 DES_INT:${ia64_asm}:dlfcn:hpux-shared:-fpic:-mlp64 -shared:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+# Legacy HPUX 9.X configs...
+"hpux-cc", "cc:-DB_ENDIAN -DBN_DIV2W -DMD32_XARRAY -Ae +ESlit +O2 -z::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:+Z:-b:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"hpux-gcc", "gcc:-DB_ENDIAN -DBN_DIV2W -O3::(unknown)::-Wl,+s -ldld:DES_PTR DES_UNROLL DES_RISC1:${no_asm}:dl:hpux-shared:-fPIC:-shared:.sl.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### HP MPE/iX http://jazz.external.hp.com/src/openssl/
+"MPE/iX-gcc", "gcc:-D_ENDIAN -DBN_DIV2W -O3 -D_POSIX_SOURCE -D_SOCKET_SOURCE -I/SYSLOG/PUB::(unknown):MPE:-L/SYSLOG/PUB -lsyslog -lsocket -lcurses:BN_LLONG DES_PTR DES_UNROLL DES_RISC1:::",
+
+# DEC Alpha OSF/1/Tru64 targets.
+#
+# "What's in a name? That which we call a rose
+# By any other word would smell as sweet."
+#
+# - William Shakespeare, "Romeo & Juliet", Act II, scene II.
+#
+# For gcc, the following gave a %50 speedup on a 164 over the 'DES_INT' version
+#
+"osf1-alpha-gcc", "gcc:-O3::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_UNROLL DES_RISC1:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
+"osf1-alpha-cc", "cc:-std1 -tune host -O4 -readonly_strings::(unknown):::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared:::.so",
+"tru64-alpha-cc", "cc:-std1 -tune host -fast -readonly_strings::-pthread:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${no_asm}:dlfcn:alpha-osf1-shared::-msym:.so",
+
+####
+#### Variety of LINUX:-)
+####
+# *-generic* is endian-neutral target, but ./config is free to
+# throw in -D[BL]_ENDIAN, whichever appropriate...
+"linux-generic32","gcc:-DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc", "gcc:-DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc32.o::::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### IA-32 targets...
+"linux-ia32-icc", "icc:-DL_ENDIAN -DTERMIO -O2 -no_cpprt::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-KPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-elf", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-aout", "gcc:-DL_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -march=i486 -Wall::(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}",
+####
+"linux-generic64","gcc:-DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL BF_PTR:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ppc64", "gcc:-m64 -DB_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL::linux_ppc64.o::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64", "gcc:-DL_ENDIAN -DTERMIO -O3 -Wall::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-ecc","ecc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-ia64-icc","icc:-DL_ENDIAN -DTERMIO -O2 -Wall -no_cpprt::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-x86_64", "gcc:-m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DMD32_REG_T=int::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### SPARC Linux setups
+# Ray Miller <ray.miller@computing-services.oxford.ac.uk> has patiently
+# assisted with debugging of following two configs.
+"linux-sparcv8","gcc:-mv8 -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -DBN_DIV2W::-D_REENTRANT::-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# it's a real mess with -mcpu=ultrasparc option under Linux, but
+# -Wa,-Av8plus should do the trick no matter what.
+"linux-sparcv9","gcc:-m32 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall -Wa,-Av8plus -DBN_DIV2W::-D_REENTRANT:ULTRASPARC:-ldl:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::sparcv8plus.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:linux-shared:-fPIC:-m32:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# GCC 3.1 is a requirement
+"linux64-sparcv9","gcc:-m64 -mcpu=ultrasparc -DB_ENDIAN -DTERMIO -O3 -fomit-frame-pointer -Wall::-D_REENTRANT:ULTRASPARC:-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::::::::::::dlfcn:linux-shared:-fPIC:-m64:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+#### Alpha Linux with GNU C and Compaq C setups
+# Special notes:
+# - linux-alpha+bwx-gcc is ment to be used from ./config only. If you
+# ought to run './Configure linux-alpha+bwx-gcc' manually, do
+# complement the command line with -mcpu=ev56, -mcpu=ev6 or whatever
+# which is appropriate.
+# - If you use ccc keep in mind that -fast implies -arch host and the
+# compiler is free to issue instructions which gonna make elder CPU
+# choke. If you wish to build "blended" toolkit, add -arch generic
+# *after* -fast and invoke './Configure linux-alpha-ccc' manually.
+#
+# <appro@fy.chalmers.se>
+#
+"linux-alpha-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha+bwx-gcc","gcc:-O3 -DL_ENDIAN -DTERMIO::-D_REENTRANT::-ldl:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_RISC1 DES_UNROLL:${no_asm}:dlfcn:linux-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"linux-alpha-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+"linux-alpha+bwx-ccc","ccc:-fast -readonly_strings -DL_ENDIAN -DTERMIO::-D_REENTRANT:::SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC1 DES_UNROLL:${no_asm}",
+
+#### *BSD [do see comment about ${BSDthreads} above!]
+"BSD-generic32","gcc:-DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -Wall::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"debug-BSD-x86-elf", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall -g::${BSDthreads}:::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-sparcv8", "gcc:-DB_ENDIAN -DTERMIOS -O3 -mv8 -Wall::${BSDthreads}:::BN_LLONG RC2_CHAR RC4_INDEX DES_INT DES_UNROLL::sparcv8.o:des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"BSD-generic64","gcc:-DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# -DMD32_REG_T=int doesn't actually belong in sparc64 target, it
+# simply *happens* to work around a compiler bug in gcc 3.3.3,
+# triggered by RIPEMD160 code.
+"BSD-sparc64", "gcc:-DB_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC2_CHAR RC4_CHUNK DES_INT DES_PTR DES_RISC2 BF_PTR:::des_enc-sparc.o fcrypt_b.o:::::::::dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-ia64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK:${ia64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"BSD-x86_64", "gcc:-DL_ENDIAN -DTERMIOS -O3 -DMD32_REG_T=int -Wall::${BSDthreads}:::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT DES_UNROLL:${x86_64_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"bsdi-elf-gcc", "gcc:-DPERL5 -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall::(unknown)::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+"nextstep", "cc:-O -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+"nextstep3.3", "cc:-O3 -Wall:<libc.h>:(unknown):::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:::",
+
+# NCR MP-RAS UNIX ver 02.03.01
+"ncr-scde","cc:-O6 -Xa -Hoff=BEHAVED -686 -Hwide -Hiw::(unknown)::-lsocket -lnsl -lc89:${x86_gcc_des} ${x86_gcc_opts}:::",
+
+# QNX
+"qnx4", "cc:-DL_ENDIAN -DTERMIO::(unknown):::${x86_gcc_des} ${x86_gcc_opts}:",
+"QNX6", "gcc:-DTERMIOS::::-lsocket::${no_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"QNX6-i386", "gcc:-DL_ENDIAN -DTERMIOS -O2 -Wall::::-lsocket:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:bsd-gcc-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### SCO/Caldera targets.
+#
+# Originally we had like unixware-*, unixware-*-pentium, unixware-*-p6, etc.
+# Now we only have blended unixware-* as it's the only one used by ./config.
+# If you want to optimize for particular microarchitecture, bypass ./config
+# and './Configure unixware-7 -Kpentium_pro' or whatever appropriate.
+# Note that not all targets include assembler support. Mostly because of
+# lack of motivation to support out-of-date platforms with out-of-date
+# compiler drivers and assemblers. Tim Rice <tim@multitalents.net> has
+# patiently assisted to debug most of it.
+#
+# UnixWare 2.0x fails destest with -O.
+"unixware-2.0","cc:-DFILIO_H -DNO_STRINGS_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-2.1","cc:-O -DFILIO_H::-Kthread::-lsocket -lnsl -lresolv -lx:${x86_gcc_des} ${x86_gcc_opts}:::",
+"unixware-7","cc:-O -DFILIO_H -Kalloca::-Kthread::-lsocket -lnsl:BN_LLONG MD2_CHAR RC4_INDEX ${x86_gcc_des}:${x86_elf_asm}:dlfcn:svr5-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"unixware-7-gcc","gcc:-DL_ENDIAN -DFILIO_H -O3 -fomit-frame-pointer -march=pentium -Wall::-D_REENTRANT::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:gnu-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+# SCO 5 - Ben Laurie <ben@algroup.co.uk> says the -O breaks the SCO cc.
+"sco5-cc", "cc:-belf::(unknown)::-lsocket -lnsl:${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-Kpic::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"sco5-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lsocket -lnsl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:svr3-shared:-fPIC::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+
+#### IBM's AIX.
+"aix3-cc", "cc:-O -DB_ENDIAN -qmaxmem=16384::(unknown):AIX::BN_LLONG RC4_CHAR:::",
+"aix-gcc", "gcc:-O -DB_ENDIAN::-pthread:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-gcc","gcc:-maix64 -O -DB_ENDIAN::-pthread:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-maix64 -shared -Wl,-G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X64",
+# Below targets assume AIX 5. Idea is to effectively disregard $OBJECT_MODE
+# at build time. $OBJECT_MODE is respected at ./config stage!
+"aix-cc", "cc:-q32 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::BN_LLONG RC4_CHAR::aix_ppc32.o::::::::::dlfcn:aix-shared::-q32 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 32",
+"aix64-cc", "cc:-q64 -O -DB_ENDIAN -qmaxmem=16384 -qro -qroconst::-qthreaded:AIX::SIXTY_FOUR_BIT_LONG RC4_CHAR::aix_ppc64.o::::::::::dlfcn:aix-shared::-q64 -G:.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)::-X 64",
+
+#
+# Cray T90 and similar (SDSC)
+# It's Big-endian, but the algorithms work properly when B_ENDIAN is NOT
+# defined. The T90 ints and longs are 8 bytes long, and apparently the
+# B_ENDIAN code assumes 4 byte ints. Fortunately, the non-B_ENDIAN and
+# non L_ENDIAN code aligns the bytes in each word correctly.
+#
+# The BIT_FIELD_LIMITS define is to avoid two fatal compiler errors:
+#'Taking the address of a bit field is not allowed. '
+#'An expression with bit field exists as the operand of "sizeof" '
+# (written by Wayne Schroeder <schroede@SDSC.EDU>)
+#
+# j90 is considered the base machine type for unicos machines,
+# so this configuration is now called "cray-j90" ...
+"cray-j90", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG DES_INT:::",
+
+#
+# Cray T3E (Research Center Juelich, beckman@acl.lanl.gov)
+#
+# The BIT_FIELD_LIMITS define was written for the C90 (it seems). I added
+# another use. Basically, the problem is that the T3E uses some bit fields
+# for some st_addr stuff, and then sizeof and address-of fails
+# I could not use the ams/alpha.o option because the Cray assembler, 'cam'
+# did not like it.
+"cray-t3e", "cc: -DBIT_FIELD_LIMITS -DTERMIOS::(unknown):CRAY::SIXTY_FOUR_BIT_LONG RC4_CHUNK DES_INT:::",
+
+# DGUX, 88100.
+"dgux-R3-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown):::RC4_INDEX DES_UNROLL:::",
+"dgux-R4-gcc", "gcc:-O3 -fomit-frame-pointer::(unknown)::-lnsl -lsocket:RC4_INDEX DES_UNROLL:::",
+"dgux-R4-x86-gcc", "gcc:-O3 -fomit-frame-pointer -DL_ENDIAN::(unknown)::-lnsl -lsocket:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}",
+
+# Sinix/ReliantUNIX RM400
+# NOTE: The CDS++ Compiler up to V2.0Bsomething has the IRIX_CC_BUG optimizer problem. Better use -g */
+"ReliantUNIX","cc:-KPIC -g -DTERMIOS -DB_ENDIAN::-Kthread:SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:BN_LLONG DES_PTR DES_RISC2 DES_UNROLL BF_PTR:${no_asm}:dlfcn:reliantunix-shared:::.so.\$(SHLIB_MAJOR).\$(SHLIB_MINOR)",
+"SINIX","cc:-O::(unknown):SNI:-lsocket -lnsl -lc -L/usr/ucblib -lucb:RC4_INDEX RC4_CHAR:::",
+"SINIX-N","/usr/ucb/cc:-O2 -misaligned::(unknown)::-lucb:RC4_INDEX RC4_CHAR:::",
+
+# SIEMENS BS2000/OSD: an EBCDIC-based mainframe
+"BS2000-OSD","c89:-O -XLLML -XLLMK -XL -DB_ENDIAN -DTERMIOS -DCHARSET_EBCDIC::(unknown)::-lsocket -lnsl:THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+
+# OS/390 Unix an EBCDIC-based Unix system on IBM mainframe
+# You need to compile using the c89.sh wrapper in the tools directory, because the
+# IBM compiler does not like the -L switch after any object modules.
+#
+"OS390-Unix","c89.sh:-O -DB_ENDIAN -DCHARSET_EBCDIC -DNO_SYS_PARAM_H -D_ALL_SOURCE::(unknown):::THIRTY_TWO_BIT DES_PTR DES_UNROLL MD2_CHAR RC4_INDEX RC4_CHAR BF_PTR:::",
+
+# Win64 targets, WIN64I denotes IA-64 and WIN64A - AMD64
+"VC-WIN64I","cl::::WIN64I::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32",
+"VC-WIN64A","cl::::WIN64A::SIXTY_FOUR_BIT RC4_CHUNK_LL DES_INT EXPORT_VAR_AS_FN:${no_asm}:win32",
+
+# Visual C targets
+"VC-NT","cl::::WINNT::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
+"VC-CE","cl::::WINCE::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
+"VC-WIN32","cl::::WIN32::BN_LLONG RC4_INDEX EXPORT_VAR_AS_FN ${x86_gcc_opts}:${no_asm}:win32",
+
+# Borland C++ 4.5
+"BC-32","bcc32::::WIN32::BN_LLONG DES_PTR RC4_INDEX EXPORT_VAR_AS_FN:${no_asm}:win32",
+
+# MinGW
+"mingw", "gcc:-mno-cygwin -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall -D_WIN32_WINNT=0x333:::MINGW32:-lwsock32 -lgdi32:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts} EXPORT_VAR_AS_FN:${x86_coff_asm}:win32:cygwin-shared:-D_WINDLL -DOPENSSL_USE_APPLINK:-mno-cygwin -shared:.dll.a",
+
+# UWIN
+"UWIN", "cc:-DTERMIOS -DL_ENDIAN -O -Wall:::UWIN::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
+
+# Cygwin
+"Cygwin-pre1.3", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -m486 -Wall::(unknown):CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${no_asm}:win32",
+"Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O3 -march=i486 -Wall:::CYGWIN32::BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_coff_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+"debug-Cygwin", "gcc:-DTERMIOS -DL_ENDIAN -march=i486 -Wall -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DOPENSSL_NO_ASM -g -Wformat -Wshadow -Wmissing-prototypes -Wmissing-declarations -Werror:::CYGWIN32:::${no_asm}:dlfcn:cygwin-shared:-D_WINDLL:-shared:.dll.a",
+
+# NetWare from David Ward (dsward@novell.com)
+# requires either MetroWerks NLM development tools, or gcc / nlmconv
+# NetWare defaults socket bio to WinSock sockets. However,
+# the builds can be configured to use BSD sockets instead.
+# netware-clib => legacy CLib c-runtime support
+"netware-clib", "mwccnlm::::::${x86_gcc_opts}::",
+"netware-clib-bsdsock", "mwccnlm::::::${x86_gcc_opts}::",
+"netware-clib-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -I/ndk/ws295sdk/include -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
+"netware-clib-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/nwsdk/include/nlm -DNETWARE_BSDSOCK -DNETDB_USE_INTERNET -DL_ENDIAN -DNETWARE_CLIB -DOPENSSL_SYSNAME_NETWARE -O2 -Wall:::::${x86_gcc_opts}::",
+# netware-libc => LibC/NKS support
+"netware-libc", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-bsdsock", "mwccnlm::::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -I/ndk/libc/include/winsock -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
+"netware-libc-bsdsock-gcc", "i586-netware-gcc:-nostdinc -I/ndk/libc/include -DNETWARE_BSDSOCK -DL_ENDIAN -DNETWARE_LIBC -DOPENSSL_SYSNAME_NETWARE -DTERMIO -O2 -Wall:::::BN_LLONG ${x86_gcc_opts}::",
+
+# DJGPP
+"DJGPP", "gcc:-I/dev/env/WATT_ROOT/inc -DTERMIOS -DL_ENDIAN -fomit-frame-pointer -O2 -Wall:::MSDOS:-L/dev/env/WATT_ROOT/lib -lwatt:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_out_asm}:",
+
+# Ultrix from Bernhard Simon <simon@zid.tuwien.ac.at>
+"ultrix-cc","cc:-std1 -O -Olimit 2500 -DL_ENDIAN::(unknown):::::::",
+"ultrix-gcc","gcc:-O3 -DL_ENDIAN::(unknown):::BN_LLONG::::",
+# K&R C is no longer supported; you need gcc on old Ultrix installations
+##"ultrix","cc:-O2 -DNOPROTO -DNOCONST -DL_ENDIAN::(unknown):::::::",
+
+##### MacOS X (a.k.a. Rhapsody or Darwin) setup
+"rhapsody-ppc-cc","cc:-O3 -DB_ENDIAN::(unknown):MACOSX_RHAPSODY::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}::",
+"darwin-ppc-cc","cc:-arch ppc -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-ppc-cc","cc:-arch ppc64 -O3 -DB_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc64.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-arch ppc64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin-i386-cc","cc:-arch i386 -O3 -fomit-frame-pointer -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-i386-cc","cc:-arch i386 -g3 -DL_ENDIAN::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch i386 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"darwin64-x86_64-cc","cc:-arch x86_64 -O3 -fomit-frame-pointer -DL_ENDIAN -DMD32_REG_T=int -Wall::-D_REENTRANT:MACOSX:-Wl,-search_paths_first%:SIXTY_FOUR_BIT_LONG RC4_CHAR RC4_CHUNK DES_INT DES_UNROLL:${no_asm}:dlfcn:darwin-shared:-fPIC -fno-common:-arch x86_64 -dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+"debug-darwin-ppc-cc","cc:-DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DB_ENDIAN -g -Wall -O::-D_REENTRANT:MACOSX::BN_LLONG RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR::osx_ppc32.o::::::::::dlfcn:darwin-shared:-fPIC -fno-common:-dynamiclib:.\$(SHLIB_MAJOR).\$(SHLIB_MINOR).dylib",
+
+##### A/UX
+"aux3-gcc","gcc:-O2 -DTERMIO::(unknown):AUX:-lbsd:RC4_CHAR RC4_CHUNK DES_UNROLL BF_PTR:::",
+
+##### Sony NEWS-OS 4.x
+"newsos4-gcc","gcc:-O -DB_ENDIAN::(unknown):NEWS4:-lmld -liberty:BN_LLONG RC4_CHAR RC4_CHUNK DES_PTR DES_RISC1 DES_UNROLL BF_PTR::::",
+
+##### GNU Hurd
+"hurd-x86", "gcc:-DL_ENDIAN -DTERMIOS -O3 -fomit-frame-pointer -march=i486 -Wall::-D_REENTRANT::-ldl:BN_LLONG ${x86_gcc_des} ${x86_gcc_opts}:${x86_elf_asm}:dlfcn:linux-shared:-fPIC",
+
+##### OS/2 EMX
+"OS2-EMX", "gcc::::::::",
+
+##### VxWorks for various targets
+"vxworks-ppc405","ccppc:-g -msoft-float -mlongcall -DCPU=PPC405 -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
+"vxworks-ppc750","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h \$(DEBUG_FLAG):::VXWORKS:-r:::::",
+"vxworks-ppc750-debug","ccppc:-ansi -nostdinc -DPPC750 -D_REENTRANT -fvolatile -fno-builtin -fno-for-scope -fsigned-char -Wall -msoft-float -mlongcall -DCPU=PPC604 -I\$(WIND_BASE)/target/h -DBN_DEBUG -DREF_CHECK -DCONF_DEBUG -DCRYPTO_MDEBUG -DPEDANTIC -DDEBUG_SAFESTACK -DDEBUG -g:::VXWORKS:-r:::::",
+"vxworks-ppc860","ccppc:-nostdinc -msoft-float -DCPU=PPC860 -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r:::::",
+"vxworks-mipsle","ccmips:-B\$(WIND_BASE)/host/\$(WIND_HOST_TYPE)/lib/gcc-lib/ -DL_ENDIAN -EL -Wl,-EL -mips2 -mno-branch-likely -G 0 -fno-builtin -msoft-float -DCPU=MIPS32 -DMIPSEL -DNO_STRINGS_H -I\$(WIND_BASE)/target/h:::VXWORKS:-r::${no_asm}::::::ranlibmips:",
+
+##### Compaq Non-Stop Kernel (Tandem)
+"tandem-c89","c89:-Ww -D__TANDEM -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1 -D_TANDEM_SOURCE -DB_ENDIAN::(unknown):::THIRTY_TWO_BIT:::",
+
+);
+
+my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
+ VC-NT VC-CE VC-WIN32
+ BC-32 OS2-EMX
+ netware-clib netware-clib-bsdsock
+ netware-libc netware-libc-bsdsock);
+
+my $idx = 0;
+my $idx_cc = $idx++;
+my $idx_cflags = $idx++;
+my $idx_unistd = $idx++;
+my $idx_thread_cflag = $idx++;
+my $idx_sys_id = $idx++;
+my $idx_lflags = $idx++;
+my $idx_bn_ops = $idx++;
+my $idx_cpuid_obj = $idx++;
+my $idx_bn_obj = $idx++;
+my $idx_des_obj = $idx++;
+my $idx_aes_obj = $idx++;
+my $idx_bf_obj = $idx++;
+my $idx_md5_obj = $idx++;
+my $idx_sha1_obj = $idx++;
+my $idx_cast_obj = $idx++;
+my $idx_rc4_obj = $idx++;
+my $idx_rmd160_obj = $idx++;
+my $idx_rc5_obj = $idx++;
+my $idx_dso_scheme = $idx++;
+my $idx_shared_target = $idx++;
+my $idx_shared_cflag = $idx++;
+my $idx_shared_ldflag = $idx++;
+my $idx_shared_extension = $idx++;
+my $idx_ranlib = $idx++;
+my $idx_arflags = $idx++;
+
+my $prefix="";
+my $libdir="";
+my $openssldir="";
+my $exe_ext="";
+my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
+my $cross_compile_prefix="";
+my $fipslibdir="/usr/local/ssl/fips-1.0/lib/";
+my $nofipscanistercheck=0;
+my $fipsdso=0;
+my $fipscanisterinternal="n";
+my $baseaddr="0xFB00000";
+my $no_threads=0;
+my $threads=0;
+my $no_shared=0; # but "no-shared" is default
+my $zlib=1; # but "no-zlib" is default
+my $no_krb5=0; # but "no-krb5" is implied unless "--with-krb5-..." is used
+my $no_rfc3779=1; # but "no-rfc3779" is default
+my $montasm=1; # but "no-montasm" is default
+my $no_asm=0;
+my $no_dso=0;
+my $no_gmp=0;
+my @skip=();
+my $Makefile="Makefile";
+my $des_locl="crypto/des/des_locl.h";
+my $des ="crypto/des/des.h";
+my $bn ="crypto/bn/bn.h";
+my $md2 ="crypto/md2/md2.h";
+my $rc4 ="crypto/rc4/rc4.h";
+my $rc4_locl="crypto/rc4/rc4_locl.h";
+my $idea ="crypto/idea/idea.h";
+my $rc2 ="crypto/rc2/rc2.h";
+my $bf ="crypto/bf/bf_locl.h";
+my $bn_asm ="bn_asm.o";
+my $des_enc="des_enc.o fcrypt_b.o";
+my $fips_des_enc="fips_des_enc.o";
+my $aes_enc="aes_core.o aes_cbc.o";
+my $bf_enc ="bf_enc.o";
+my $cast_enc="c_enc.o";
+my $rc4_enc="rc4_enc.o rc4_skey.o";
+my $rc5_enc="rc5_enc.o";
+my $md5_obj="";
+my $sha1_obj="";
+my $rmd160_obj="";
+my $processor="";
+my $default_ranlib;
+my $perl;
+my $fips=0;
+
+
+# All of the following is disabled by default (RC5 was enabled before 0.9.8):
+
+my %disabled = ( # "what" => "comment" [or special keyword "experimental"]
+ "camellia" => "default",
+ "capieng" => "default",
+ "cms" => "default",
+ "gmp" => "default",
+ "jpake" => "experimental",
+ "mdc2" => "default",
+ "montasm" => "default", # explicit option in 0.9.8 only (implicitly enabled in 0.9.9)
+ "rc5" => "default",
+ "rfc3779" => "default",
+ "seed" => "default",
+ "shared" => "default",
+ "zlib" => "default",
+ "zlib-dynamic" => "default"
+ );
+my @experimental = ();
+
+# This is what $depflags will look like with the above defaults
+# (we need this to see if we should advise the user to run "make depend"):
+my $default_depflags = " -DOPENSSL_NO_CAMELLIA -DOPENSSL_NO_CAPIENG -DOPENSSL_NO_CMS -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MDC2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SEED";
+
+
+# Explicit "no-..." options will be collected in %disabled along with the defaults.
+# To remove something from %disabled, use "enable-foo" (unless it's experimental).
+# For symmetry, "disable-foo" is a synonym for "no-foo".
+
+# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
+# We will collect such requests in @experimental.
+# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.
+
+
+my $no_sse2=0;
+
+&usage if ($#ARGV < 0);
+
+my $flags;
+my $depflags;
+my $openssl_experimental_defines;
+my $openssl_algorithm_defines;
+my $openssl_thread_defines;
+my $openssl_sys_defines="";
+my $openssl_other_defines;
+my $libs;
+my $libkrb5="";
+my $target;
+my $options;
+my $symlink;
+my $make_depend=0;
+my %withargs=();
+
+my @argvcopy=@ARGV;
+my $argvstring="";
+my $argv_unprocessed=1;
+
+while($argv_unprocessed)
+ {
+ $flags="";
+ $depflags="";
+ $openssl_experimental_defines="";
+ $openssl_algorithm_defines="";
+ $openssl_thread_defines="";
+ $openssl_sys_defines="";
+ $openssl_other_defines="";
+ $libs="";
+ $target="";
+ $options="";
+ $symlink=1;
+
+ $argv_unprocessed=0;
+ $argvstring=join(' ',@argvcopy);
+
+PROCESS_ARGS:
+ foreach (@argvcopy)
+ {
+ s /^-no-/no-/; # some people just can't read the instructions
+
+ # rewrite some options in "enable-..." form
+ s /^-?-?shared$/enable-shared/;
+ s /^threads$/enable-threads/;
+ s /^zlib$/enable-zlib/;
+ s /^zlib-dynamic$/enable-zlib-dynamic/;
+
+ if (/^no-(.+)$/ || /^disable-(.+)$/)
+ {
+ if (!($disabled{$1} eq "experimental"))
+ {
+ if ($1 eq "ssl")
+ {
+ $disabled{"ssl2"} = "option(ssl)";
+ $disabled{"ssl3"} = "option(ssl)";
+ }
+ elsif ($1 eq "tls")
+ {
+ $disabled{"tls1"} = "option(tls)"
+ }
+ else
+ {
+ $disabled{$1} = "option";
+ }
+ }
+ }
+ elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
+ {
+ my $algo = $1;
+ if ($disabled{$algo} eq "experimental")
+ {
+ die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
+ unless (/^experimental-/);
+ push @experimental, $algo;
+ }
+ delete $disabled{$algo};
+
+ $threads = 1 if ($algo eq "threads");
+ }
+ elsif (/^--test-sanity$/)
+ {
+ exit(&test_sanity());
+ }
+ elsif (/^--strict-warnings/)
+ {
+ $strict_warnings = 1;
+ }
+ elsif (/^reconfigure/ || /^reconf/)
+ {
+ if (open(IN,"<$Makefile"))
+ {
+ while (<IN>)
+ {
+ chomp;
+ if (/^CONFIGURE_ARGS=(.*)/)
+ {
+ $argvstring=$1;
+ @argvcopy=split(' ',$argvstring);
+ die "Incorrect data to reconfigure, please do a normal configuration\n"
+ if (grep(/^reconf/,@argvcopy));
+ print "Reconfiguring with: $argvstring\n";
+ $argv_unprocessed=1;
+ close(IN);
+ last PROCESS_ARGS;
+ }
+ }
+ close(IN);
+ }
+ die "Insufficient data to reconfigure, please do a normal configuration\n";
+ }
+ elsif (/^386$/)
+ { $processor=386; }
+ elsif (/^fips$/)
+ {
+ $fips=1;
+ }
+ elsif (/^rsaref$/)
+ {
+ # No RSAref support any more since it's not needed.
+ # The check for the option is there so scripts aren't
+ # broken
+ }
+ elsif (/^nofipscanistercheck$/)
+ {
+ $fips = 1;
+ $nofipscanistercheck = 1;
+ }
+ elsif (/^fipscanisterbuild$/)
+ {
+ $fips = 1;
+ $nofipscanistercheck = 1;
+ $fipslibdir="";
+ $fipscanisterinternal="y";
+ }
+ elsif (/^fipsdso$/)
+ {
+ $fips = 1;
+ $nofipscanistercheck = 1;
+ $fipslibdir="";
+ $fipscanisterinternal="y";
+ $fipsdso = 1;
+ }
+ elsif (/^[-+]/)
+ {
+ if (/^-[lL](.*)$/)
+ {
+ $libs.=$_." ";
+ }
+ elsif (/^-[^-]/ or /^\+/)
+ {
+ $flags.=$_." ";
+ }
+ elsif (/^--prefix=(.*)$/)
+ {
+ $prefix=$1;
+ }
+ elsif (/^--libdir=(.*)$/)
+ {
+ $libdir=$1;
+ }
+ elsif (/^--openssldir=(.*)$/)
+ {
+ $openssldir=$1;
+ }
+ elsif (/^--install.prefix=(.*)$/)
+ {
+ $install_prefix=$1;
+ }
+ elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
+ {
+ $withargs{"krb5-".$1}=$2;
+ }
+ elsif (/^--with-zlib-lib=(.*)$/)
+ {
+ $withargs{"zlib-lib"}=$1;
+ }
+ elsif (/^--with-zlib-include=(.*)$/)
+ {
+ $withargs{"zlib-include"}="-I$1";
+ }
+ elsif (/^--with-fipslibdir=(.*)$/)
+ {
+ $fipslibdir="$1/";
+ }
+ elsif (/^--with-baseaddr=(.*)$/)
+ {
+ $baseaddr="$1";
+ }
+ else
+ {
+ print STDERR $usage;
+ exit(1);
+ }
+ }
+ elsif ($_ =~ /^([^:]+):(.+)$/)
+ {
+ eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
+ $target=$1;
+ }
+ else
+ {
+ die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
+ $target=$_;
+ }
+
+ unless ($_ eq $target || /^no-/ || /^disable-/)
+ {
+ # "no-..." follows later after implied disactivations
+ # have been derived. (Don't take this too seroiusly,
+ # we really only write OPTIONS to the Makefile out of
+ # nostalgia.)
+
+ if ($options eq "")
+ { $options = $_; }
+ else
+ { $options .= " ".$_; }
+ }
+ }
+ }
+
+
+
+if ($processor eq "386")
+ {
+ $disabled{"sse2"} = "forced";
+ }
+
+if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "")
+ {
+ $disabled{"krb5"} = "krb5-flavor not specified";
+ }
+
+if (!defined($disabled{"zlib-dynamic"}))
+ {
+ # "zlib-dynamic" was specifically enabled, so enable "zlib"
+ delete $disabled{"zlib"};
+ }
+
+if (defined($disabled{"rijndael"}))
+ {
+ $disabled{"aes"} = "forced";
+ }
+if (defined($disabled{"des"}))
+ {
+ $disabled{"mdc2"} = "forced";
+ }
+if (defined($disabled{"ec"}))
+ {
+ $disabled{"ecdsa"} = "forced";
+ $disabled{"ecdh"} = "forced";
+ }
+
+# SSL 2.0 requires MD5 and RSA
+if (defined($disabled{"md5"}) || defined($disabled{"rsa"}))
+ {
+ $disabled{"ssl2"} = "forced";
+ }
+
+# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
+if (defined($disabled{"md5"}) || defined($disabled{"sha"})
+ || (defined($disabled{"rsa"})
+ && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
+ {
+ $disabled{"ssl3"} = "forced";
+ $disabled{"tls1"} = "forced";
+ }
+
+if (defined($disabled{"tls1"}))
+ {
+ $disabled{"tlsext"} = "forced";
+ }
+
+if ($target eq "TABLE") {
+ foreach $target (sort keys %table) {
+ print_table_entry($target);
+ }
+ exit 0;
+}
+
+if ($target eq "LIST") {
+ foreach (sort keys %table) {
+ print;
+ print "\n";
+ }
+ exit 0;
+}
+
+if ($target =~ m/^CygWin32(-.*)$/) {
+ $target = "Cygwin".$1;
+}
+
+print "Configuring for $target\n";
+
+&usage if (!defined($table{$target}));
+
+my @fields = split(/\s*:\s*/,$table{$target} . ":" x 30 , -1);
+my $cc = $fields[$idx_cc];
+# Allow environment CC to override compiler...
+if($ENV{CC}) {
+ $cc = $ENV{CC};
+}
+my $cflags = $fields[$idx_cflags];
+my $unistd = $fields[$idx_unistd];
+my $thread_cflag = $fields[$idx_thread_cflag];
+my $sys_id = $fields[$idx_sys_id];
+my $lflags = $fields[$idx_lflags];
+my $bn_ops = $fields[$idx_bn_ops];
+my $cpuid_obj = $fields[$idx_cpuid_obj];
+my $bn_obj = $fields[$idx_bn_obj];
+my $des_obj = $fields[$idx_des_obj];
+my $aes_obj = $fields[$idx_aes_obj];
+my $bf_obj = $fields[$idx_bf_obj];
+my $md5_obj = $fields[$idx_md5_obj];
+my $sha1_obj = $fields[$idx_sha1_obj];
+my $cast_obj = $fields[$idx_cast_obj];
+my $rc4_obj = $fields[$idx_rc4_obj];
+my $rmd160_obj = $fields[$idx_rmd160_obj];
+my $rc5_obj = $fields[$idx_rc5_obj];
+my $dso_scheme = $fields[$idx_dso_scheme];
+my $shared_target = $fields[$idx_shared_target];
+my $shared_cflag = $fields[$idx_shared_cflag];
+my $shared_ldflag = $fields[$idx_shared_ldflag];
+my $shared_extension = $fields[$idx_shared_extension];
+my $ranlib = $ENV{'RANLIB'} || $fields[$idx_ranlib];
+my $ar = $ENV{'AR'} || "ar";
+my $arflags = $fields[$idx_arflags];
+
+if ($fips)
+ {
+ delete $disabled{"shared"} if ($disabled{"shared"} eq "default");
+ $disabled{"asm"}="forced"
+ if ($target !~ "VC\-.*" &&
+ "$cpuid_obj:$bn_obj:$aes_obj:$des_obj:$sha1_obj" eq "::::");
+ }
+
+foreach (sort @experimental)
+ {
+ my $ALGO;
+ ($ALGO = $_) =~ tr/[a-z]/[A-Z]/;
+
+ # opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
+ $openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
+ $cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
+ }
+
+foreach (sort (keys %disabled))
+ {
+ $options .= " no-$_";
+
+ printf " no-%-12s %-10s", $_, "[$disabled{$_}]";
+
+ if (/^dso$/)
+ { $no_dso = 1; }
+ elsif (/^threads$/)
+ { $no_threads = 1; }
+ elsif (/^shared$/)
+ { $no_shared = 1; }
+ elsif (/^zlib$/)
+ { $zlib = 0; }
+ elsif (/^montasm$/)
+ { $montasm = 0; }
+ elsif (/^static-engine$/)
+ { }
+ elsif (/^zlib-dynamic$/)
+ { }
+ elsif (/^symlinks$/)
+ { $symlink = 0; }
+ elsif (/^sse2$/)
+ { $no_sse2 = 1; }
+ else
+ {
+ my ($ALGO, $algo);
+ ($ALGO = $algo = $_) =~ tr/[a-z]/[A-Z]/;
+
+ if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
+ {
+ $openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n";
+ print " OPENSSL_NO_$ALGO";
+
+ if (/^err$/) { $flags .= "-DOPENSSL_NO_ERR "; }
+ elsif (/^asm$/) { $no_asm = 1; }
+ }
+ else
+ {
+ $openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n";
+ print " OPENSSL_NO_$ALGO";
+
+ if (/^krb5$/)
+ { $no_krb5 = 1; }
+ else
+ {
+ push @skip, $algo;
+ print " (skip dir)";
+
+ $depflags .= " -DOPENSSL_NO_$ALGO";
+ }
+ }
+ }
+
+ print "\n";
+ }
+
+my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;
+
+$IsMK1MF=1 if ($target eq "mingw" && $^O ne "cygwin" && !is_msys());
+
+$no_shared = 0 if ($fipsdso && !$IsMK1MF);
+
+$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target eq "mingw");
+$exe_ext=".nlm" if ($target =~ /netware/);
+$exe_ext=".pm" if ($target =~ /vos/);
+if ($openssldir eq "" and $prefix eq "")
+ {
+ if ($fips)
+ {
+ $openssldir="/usr/local/ssl/fips";
+ }
+ else
+ {
+ $openssldir="/usr/local/ssl";
+ }
+ }
+$prefix=$openssldir if $prefix eq "";
+
+$libdir="lib" if $libdir eq "";
+
+$default_ranlib= &which("ranlib") or $default_ranlib="true";
+$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
+ or $perl="perl";
+my $make = $ENV{'MAKE'} || "make";
+
+$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";
+
+chop $openssldir if $openssldir =~ /\/$/;
+chop $prefix if $prefix =~ /.\/$/;
+
+$openssldir=$prefix . "/ssl" if $openssldir eq "";
+$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;
+
+
+print "IsMK1MF=$IsMK1MF\n";
+
+# '%' in $lflags is used to split flags to "pre-" and post-flags
+my ($prelflags,$postlflags)=split('%',$lflags);
+if (defined($postlflags)) { $lflags=$postlflags; }
+else { $lflags=$prelflags; undef $prelflags; }
+
+my $no_shared_warn=0;
+my $no_user_cflags=0;
+
+if ($flags ne "") { $cflags="$flags$cflags"; }
+else { $no_user_cflags=1; }
+
+# Kerberos settings. The flavor must be provided from outside, either through
+# the script "config" or manually.
+if (!$no_krb5)
+ {
+ my ($lresolv, $lpath, $lext);
+ if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
+ {
+ die "Sorry, Heimdal is currently not supported\n";
+ }
+ ##### HACK to force use of Heimdal.
+ ##### WARNING: Since we don't really have adequate support for Heimdal,
+ ##### using this will break the build. You'll have to make
+ ##### changes to the source, and if you do, please send
+ ##### patches to openssl-dev@openssl.org
+ if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
+ {
+ warn "Heimdal isn't really supported. Your build WILL break\n";
+ warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
+ $withargs{"krb5-dir"} = "/usr/heimdal"
+ if $withargs{"krb5-dir"} eq "";
+ $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
+ "/lib -lgssapi -lkrb5 -lcom_err"
+ if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
+ $cflags="-DKRB5_HEIMDAL $cflags";
+ }
+ if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
+ {
+ $withargs{"krb5-dir"} = "/usr/kerberos"
+ if $withargs{"krb5-dir"} eq "";
+ $withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
+ "/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
+ if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
+ $cflags="-DKRB5_MIT $cflags";
+ $withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
+ if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
+ {
+ $cflags="-DKRB5_MIT_OLD11 $cflags";
+ }
+ }
+ LRESOLV:
+ foreach $lpath ("/lib", "/usr/lib")
+ {
+ foreach $lext ("a", "so")
+ {
+ $lresolv = "$lpath/libresolv.$lext";
+ last LRESOLV if (-r "$lresolv");
+ $lresolv = "";
+ }
+ }
+ $withargs{"krb5-lib"} .= " -lresolv"
+ if ("$lresolv" ne "");
+ $withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
+ if $withargs{"krb5-include"} eq "" &&
+ $withargs{"krb5-dir"} ne "";
+ }
+
+# The DSO code currently always implements all functions so that no
+# applications will have to worry about that from a compilation point
+# of view. However, the "method"s may return zero unless that platform
+# has support compiled in for them. Currently each method is enabled
+# by a define "DSO_<name>" ... we translate the "dso_scheme" config
+# string entry into using the following logic;
+my $dso_cflags;
+if (!$no_dso && $dso_scheme ne "")
+ {
+ $dso_scheme =~ tr/[a-z]/[A-Z]/;
+ if ($dso_scheme eq "DLFCN")
+ {
+ $dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
+ }
+ elsif ($dso_scheme eq "DLFCN_NO_H")
+ {
+ $dso_cflags = "-DDSO_DLFCN";
+ }
+ else
+ {
+ $dso_cflags = "-DDSO_$dso_scheme";
+ }
+ $cflags = "$dso_cflags $cflags";
+ }
+
+my $thread_cflags;
+my $thread_defines;
+if ($thread_cflag ne "(unknown)" && !$no_threads)
+ {
+ # If we know how to do it, support threads by default.
+ $threads = 1;
+ }
+if ($thread_cflag eq "(unknown)" && $threads)
+ {
+ # If the user asked for "threads", [s]he is also expected to
+ # provide any system-dependent compiler options that are
+ # necessary.
+ if ($no_user_cflags)
+ {
+ print "You asked for multi-threading support, but didn't\n";
+ print "provide any system-specific compiler options\n";
+ exit(1);
+ }
+ $thread_cflags="-DOPENSSL_THREADS $cflags" ;
+ $thread_defines .= "#define OPENSSL_THREADS\n";
+ }
+else
+ {
+ $thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags";
+ $thread_defines .= "#define OPENSSL_THREADS\n";
+# my $def;
+# foreach $def (split ' ',$thread_cflag)
+# {
+# if ($def =~ s/^-D// && $def !~ /^_/)
+# {
+# $thread_defines .= "#define $def\n";
+# }
+# }
+ }
+
+$lflags="$libs$lflags" if ($libs ne "");
+
+if ($no_asm)
+ {
+ $cpuid_obj=$bn_obj=$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj="";
+ $sha1_obj=$md5_obj=$rmd160_obj="";
+ $cflags=~s/\-D[BL]_ENDIAN// if ($fips);
+ $thread_cflags=~s/\-D[BL]_ENDIAN// if ($fips);
+ }
+if ($montasm)
+ {
+ $bn_obj =~ s/MAYBE-MO86-/mo86-/;
+ }
+else
+ {
+ $bn_obj =~ s/MAYBE-MO86-[a-z.]*//;
+ }
+
+if (!$no_shared)
+ {
+ $cast_obj=""; # CAST assembler is not PIC
+ }
+
+if ($threads)
+ {
+ $cflags=$thread_cflags;
+ $openssl_thread_defines .= $thread_defines;
+ }
+
+if ($zlib)
+ {
+ $cflags = "-DZLIB $cflags";
+ if (defined($disabled{"zlib-dynamic"}))
+ {
+ $lflags = "$lflags -lz";
+ }
+ else
+ {
+ $cflags = "-DZLIB_SHARED $cflags";
+ }
+ }
+
+# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
+my $shared_mark = "";
+if ($shared_target eq "")
+ {
+ $no_shared_warn = 1 if !$no_shared && !$fips;
+ $no_shared = 1;
+ }
+if (!$no_shared)
+ {
+ if ($shared_cflag ne "")
+ {
+ $cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
+ }
+ }
+
+if (!$IsMK1MF)
+ {
+ if ($no_shared)
+ {
+ $openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
+ }
+ else
+ {
+ $openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
+ }
+ }
+
+$cpuid_obj.=" uplink.o uplink-cof.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);
+
+#
+# Platform fix-ups
+#
+if ($target =~ /\-icc$/) # Intel C compiler
+ {
+ my $iccver=0;
+ if (open(FD,"$cc -V 2>&1 |"))
+ {
+ while(<FD>) { $iccver=$1 if (/Version ([0-9]+)\./); }
+ close(FD);
+ }
+ if ($iccver>=8)
+ {
+ # Eliminate unnecessary dependency from libirc.a. This is
+ # essential for shared library support, as otherwise
+ # apps/openssl can end up in endless loop upon startup...
+ $cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset";
+ }
+ if ($iccver>=9)
+ {
+ $cflags.=" -i-static";
+ $cflags=~s/\-no_cpprt/-no-cpprt/;
+ }
+ if ($iccver>=10)
+ {
+ $cflags=~s/\-i\-static/-static-intel/;
+ }
+ }
+
+# Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time
+# linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on
+# .so objects. Apparently application RPATH is not global and does
+# not apply to .so linked with other .so. Problem manifests itself
+# when libssl.so fails to load libcrypto.so. One can argue that we
+# should engrave this into Makefile.shared rules or into BSD-* config
+# lines above. Meanwhile let's try to be cautious and pass -rpath to
+# linker only when --prefix is not /usr.
+if ($target =~ /^BSD\-/)
+ {
+ $shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
+ }
+
+if ($sys_id ne "")
+ {
+ #$cflags="-DOPENSSL_SYSNAME_$sys_id $cflags";
+ $openssl_sys_defines="#define OPENSSL_SYSNAME_$sys_id\n";
+ }
+
+if ($ranlib eq "")
+ {
+ $ranlib = $default_ranlib;
+ }
+
+#my ($bn1)=split(/\s+/,$bn_obj);
+#$bn1 = "" unless defined $bn1;
+#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
+#$bn_obj="$bn1";
+
+$cpuid_obj="" if ($processor eq "386");
+
+$bn_obj = $bn_asm unless $bn_obj ne "";
+# bn86* is the only one implementing bn_*_part_words
+$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn86/);
+$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /bn86/);
+
+$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /\-mont|mo86\-/);
+
+if ($fips)
+ {
+ $openssl_other_defines.="#define OPENSSL_FIPS\n";
+ }
+
+$des_obj=$des_enc unless ($des_obj =~ /\.o$/);
+$bf_obj=$bf_enc unless ($bf_obj =~ /\.o$/);
+$cast_obj=$cast_enc unless ($cast_obj =~ /\.o$/);
+$rc4_obj=$rc4_enc unless ($rc4_obj =~ /\.o$/);
+$rc5_obj=$rc5_enc unless ($rc5_obj =~ /\.o$/);
+if ($sha1_obj =~ /\.o$/)
+ {
+# $sha1_obj=$sha1_enc;
+ $cflags.=" -DSHA1_ASM" if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/);
+ $cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/);
+ $cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/);
+ if ($sha1_obj =~ /sse2/)
+ { if ($no_sse2)
+ { $sha1_obj =~ s/\S*sse2\S+//; }
+ elsif ($cflags !~ /OPENSSL_IA32_SSE2/)
+ { $cflags.=" -DOPENSSL_IA32_SSE2"; }
+ }
+ }
+if ($md5_obj =~ /\.o$/)
+ {
+# $md5_obj=$md5_enc;
+ $cflags.=" -DMD5_ASM";
+ }
+if ($rmd160_obj =~ /\.o$/)
+ {
+# $rmd160_obj=$rmd160_enc;
+ $cflags.=" -DRMD160_ASM";
+ }
+if ($aes_obj =~ /\.o$/)
+ {
+ $cflags.=" -DAES_ASM";
+ }
+else {
+ $aes_obj=$aes_enc;
+ }
+
+# "Stringify" the C flags string. This permits it to be made part of a string
+# and works as well on command lines.
+$cflags =~ s/([\\\"])/\\\1/g;
+
+my $version = "unknown";
+my $version_num = "unknown";
+my $major = "unknown";
+my $minor = "unknown";
+my $shlib_version_number = "unknown";
+my $shlib_version_history = "unknown";
+my $shlib_major = "unknown";
+my $shlib_minor = "unknown";
+
+open(IN,'<crypto/opensslv.h') || die "unable to read opensslv.h:$!\n";
+while (<IN>)
+ {
+ $version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
+ $version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
+ $shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
+ $shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
+ }
+close(IN);
+if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }
+
+if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
+ {
+ $major=$1;
+ $minor=$2;
+ }
+
+if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
+ {
+ $shlib_major=$1;
+ $shlib_minor=$2;
+ }
+
+if ($strict_warnings)
+ {
+ my $wopt;
+ die "ERROR --strict-warnings requires gcc" unless ($cc =~ /gcc$/);
+ foreach $wopt (split /\s+/, $gcc_devteam_warn)
+ {
+ $cflags .= " $wopt" unless ($cflags =~ /$wopt/)
+ }
+ }
+
+open(IN,'<Makefile.org') || die "unable to read Makefile.org:$!\n";
+unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
+open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
+print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
+my $sdirs=0;
+while (<IN>)
+ {
+ chomp;
+ $sdirs = 1 if /^SDIRS=/;
+ if ($sdirs) {
+ my $dir;
+ foreach $dir (@skip) {
+ s/(\s)$dir\s/$1/;
+ s/\s$dir$//;
+ }
+ }
+ $sdirs = 0 unless /\\$/;
+ s/fips // if (/^DIRS=/ && !$fips);
+ s/engines // if (/^DIRS=/ && $disabled{"engine"});
+ s/^VERSION=.*/VERSION=$version/;
+ s/^MAJOR=.*/MAJOR=$major/;
+ s/^MINOR=.*/MINOR=$minor/;
+ s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
+ s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
+ s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
+ s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
+ s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
+ s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
+ s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
+ s/^LIBDIR=.*$/LIBDIR=$libdir/;
+ s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
+ s/^PLATFORM=.*$/PLATFORM=$target/;
+ s/^OPTIONS=.*$/OPTIONS=$options/;
+ s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
+ if ($cross_compile_prefix)
+ {
+ s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/;
+ s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
+ s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
+ }
+ else {
+ s/^CC=.*$/CC= $cc/;
+ s/^AR=\s*ar/AR= $ar/;
+ s/^RANLIB=.*/RANLIB= $ranlib/;
+ }
+ s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc";
+ s/^CFLAG=.*$/CFLAG= $cflags/;
+ s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
+ s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
+ s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
+ s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
+ s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
+ s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
+ s/^DES_ENC=.*$/DES_ENC= $des_obj/;
+ s/^AES_ASM_OBJ=.*$/AES_ASM_OBJ= $aes_obj/;
+ s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
+ s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
+ s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
+ s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
+ s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
+ s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
+ s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
+ s/^PROCESSOR=.*/PROCESSOR= $processor/;
+ s/^ARFLAGS=.*/ARFLAGS= $arflags/;
+ s/^PERL=.*/PERL= $perl/;