Configure

:
eval 'exec perl -S $0 ${1+"$@"}'
    if $running_under_some_shell;
##
##  Configure -- OpenSSL source tree configuration script
##  If editing this file, run this command before committing
##	make -f Makefile.org TABLE
##

require 5.000;
use strict;
use File::Basename;
use File::Spec::Functions;

# see INSTALL for instructions.

my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [experimental-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-dso] [no-krb5] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--test-sanity] [--config=FILE] os/compiler[:flags]\n";

# Options:
#
# --config      add the given configuration file, which will be read after
#               any "Configurations*" files that are found in the same
#               directory as this script.
# --openssldir  install OpenSSL in OPENSSLDIR (Default: DIR/ssl if the
#               --prefix option is given; /usr/local/ssl otherwise)
# --prefix      prefix for the OpenSSL include, lib and bin directories
#               (Default: the OPENSSLDIR directory)
#
# --install_prefix  Additional prefix for package builders (empty by
#               default).  This needn't be set in advance, you can
#               just as well use "make INSTALL_PREFIX=/whatever install".
#
# --with-krb5-dir  Declare where Kerberos 5 lives.  The libraries are expected
#		to live in the subdirectory lib/ and the header files in
#		include/.  A value is required.
# --with-krb5-lib  Declare where the Kerberos 5 libraries live.  A value is
#		required.
#		(Default: KRB5_DIR/lib)
# --with-krb5-include  Declare where the Kerberos 5 header files live.  A
#		value is required.
#		(Default: KRB5_DIR/include)
# --with-krb5-flavor  Declare what flavor of Kerberos 5 is used.  Currently
#		supported values are "MIT" and "Heimdal".  A value is required.
#
# --test-sanity Make a number of sanity checks on the data in this file.
#               This is a debugging tool for OpenSSL developers.
#
# --cross-compile-prefix Add specified prefix to binutils components.
#
# no-hw-xxx     do not compile support for specific crypto hardware.
#               Generic OpenSSL-style methods relating to this support
#               are always compiled but return NULL if the hardware
#               support isn't compiled.
# no-hw         do not compile support for any crypto hardware.
# [no-]threads  [don't] try to create a library that is suitable for
#               multithreaded applications (default is "threads" if we
#               know how to do it)
# [no-]shared	[don't] try to create shared libraries when supported.
# no-asm        do not use assembler
# no-dso        do not compile in any native shared-library methods. This
#               will ensure that all methods just return NULL.
# no-krb5       do not compile in any KRB5 library or code.
# [no-]zlib     [don't] compile support for zlib compression.
# zlib-dynamic	Like "zlib", but the zlib library is expected to be a shared
#		library and will be loaded in run-time by the OpenSSL library.
# sctp          include SCTP support
# 386           generate 80386 code
# no-sse2	disables IA-32 SSE2 code, above option implies no-sse2
# no-<cipher>   build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
#
# DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items
#		provided to stack calls. Generates unique stack functions for
#		each possible stack type.
# DES_PTR	use pointer lookup vs arrays in the DES in crypto/des/des_locl.h
# DES_RISC1	use different DES_ENCRYPT macro that helps reduce register
#		dependancies but needs to more registers, good for RISC CPU's
# DES_RISC2	A different RISC variant.
# DES_UNROLL	unroll the inner DES loop, sometimes helps, somtimes hinders.
# DES_INT	use 'int' instead of 'long' for DES_LONG in crypto/des/des.h
#		This is used on the DEC Alpha where long is 8 bytes
#		and int is 4
# BN_LLONG	use the type 'long long' in crypto/bn/bn.h
# MD2_CHAR	use 'char' instead of 'int' for MD2_INT in crypto/md2/md2.h
# MD2_LONG	use 'long' instead of 'int' for MD2_INT in crypto/md2/md2.h
# IDEA_SHORT	use 'short' instead of 'int' for IDEA_INT in crypto/idea/idea.h
# IDEA_LONG	use 'long' instead of 'int' for IDEA_INT in crypto/idea/idea.h
# RC2_SHORT	use 'short' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
# RC2_LONG	use 'long' instead of 'int' for RC2_INT in crypto/rc2/rc2.h
# RC4_CHAR	use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
# RC4_LONG	use 'long' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
# RC4_INDEX	define RC4_INDEX in crypto/rc4/rc4_locl.h.  This turns on
#		array lookups instead of pointer use.
# RC4_CHUNK	enables code that handles data aligned at long (natural CPU
#		word) boundary.
# RC4_CHUNK_LL	enables code that handles data aligned at long long boundary
#		(intended for 64-bit CPUs running 32-bit OS).
# BF_PTR	use 'pointer arithmatic' for Blowfish (unsafe on Alpha).
# BF_PTR2	intel specific version (generic version is more efficient).
#
# Following are set automatically by this script
#
# MD5_ASM	use some extra md5 assember,
# SHA1_ASM	use some extra sha1 assember, must define L_ENDIAN for x86
# RMD160_ASM	use some extra ripemd160 assember,
# SHA256_ASM	sha256_block is implemented in assembler
# SHA512_ASM	sha512_block is implemented in assembler
# AES_ASM	ASE_[en|de]crypt is implemented in assembler

# Minimum warning options... any contributions to OpenSSL should at least get
# past these.

my $gcc_devteam_warn = "-Wall -pedantic -DPEDANTIC -Wno-long-long -Wsign-compare -Wmissing-prototypes -Wshadow -Wformat -Wtype-limits -Werror -DCRYPTO_MDEBUG_ALL -DCRYPTO_MDEBUG_ABORT -DREF_CHECK -DDEBUG_UNUSED";

my $clang_disabled_warnings = "-Wno-unused-parameter -Wno-missing-field-initializers -Wno-language-extension-token -Wno-extended-offsetof";

my $strict_warnings = 0;

my $x86_gcc_des="DES_PTR DES_RISC1 DES_UNROLL";

# MD2_CHAR slags pentium pros
my $x86_gcc_opts="RC4_INDEX MD2_INT";

#$bits1="SIXTEEN_BIT ";
#$bits2="THIRTY_TWO_BIT ";
my $bits1="THIRTY_TWO_BIT ";
my $bits2="SIXTY_FOUR_BIT ";

# As for $BSDthreads. Idea is to maintain "collective" set of flags,
# which would cover all BSD flavors. -pthread applies to them all,
# but is treated differently. OpenBSD expands is as -D_POSIX_THREAD
# -lc_r, which is sufficient. FreeBSD 4.x expands it as -lc_r,
# which has to be accompanied by explicit -D_THREAD_SAFE and
# sometimes -D_REENTRANT. FreeBSD 5.x expands it as -lc_r, which
# seems to be sufficient?
my $BSDthreads="-pthread -D_THREAD_SAFE -D_REENTRANT";

# table of known configurations, read in from files
#
# The content of each entry can take one of two forms:
#
# - old style config-string, colon seperated fields with exactly the
#   following structure.:
#
#	$cc : $cflags : $unistd : $thread_cflag : $sys_id : $lflags : $bn_ops : $cpuid_obj : $bn_obj : $ec_obj : $des_obj : $aes_obj : $bf_obj : $md5_obj : $sha1_obj : $cast_obj : $rc4_obj : $rmd160_obj : $rc5_obj : $wp_obj : $cmll_obj : $modes_obj : $engines_obj : $perlasm_scheme : $dso_scheme : $shared_target : $shared_cflag : $shared_ldflag : $shared_extension : $ranlib : $arflags : $multilib
#
#   We use the stringtohash function - defined below - to combine with the
#   fields and form a proper hash table from the string.
#
# - direct transfer of old style config string to hash table, using the names
#   of the fields as keys:
#
#	{
#	  cc => $cc,
#	  cflags => $cflags,
#	  unistd => $unistd,
#	  thread_cflag => $thread_cflag,
#	  sys_id => $sys_id,
#	  lflags => $lflags,
#	  bn_ops => $bn_ops,
#	  cpuid_obj => $cpuid_obj,
#	  bn_obj => $bn_obj,
#	  ec_obj => $ec_obj,
#	  des_obj => $des_obj,
#	  aes_obj => $aes_obj,
#	  bf_obj => $bf_obj,
#	  md5_obj => $md5_obj,
#	  sha1_obj => $sha1_obj,
#	  cast_obj => $cast_obj,
#	  rc4_obj => $rc4_obj,
#	  rmd160_obj => $rmd160_obj,
#	  rc5_obj => $rc5_obj,
#	  wp_obj => $wp_obj,
#	  cmll_obj => $cmll_obj,
#	  modes_obj => $modes_obj,
#	  engines_obj => $engines_obj,
#	  perlasm_scheme => $perlasm_scheme,
#	  dso_scheme => $dso_scheme,
#	  shared_target => $shared_target,
#	  shared_cflag => $shared_cflag,
#	  shared_ldflag => $shared_ldflag,
#	  shared_extension => $shared_extension,
#	  ranlib => $ranlib,
#	  arflags => $arflags,
#	  multilib => $multilib
#	}
#
# - new style config hash table, which has additional attributes for debug
#   and non-debug flags to be added to the common flags, for cflags and lflags:
#
#	{
#	  cc => $cc,
#	  cflags => $cflags,
#	  debug_cflags => $debug_cflags,
#	  release_cflags => $release_cflags,
#	  unistd => $unistd,
#	  thread_cflag => $thread_cflag,
#	  sys_id => $sys_id,
#	  lflags => $lflags,
#	  debug_lflags => $debug_lflags,
#	  release_lflags => $release_lflags,
#	  bn_ops => $bn_ops,
#	  cpuid_obj => $cpuid_obj,
#	  bn_obj => $bn_obj,
#	  ec_obj => $ec_obj,
#	  des_obj => $des_obj,
#	  aes_obj => $aes_obj,
#	  bf_obj => $bf_obj,
#	  md5_obj => $md5_obj,
#	  sha1_obj => $sha1_obj,
#	  cast_obj => $cast_obj,
#	  rc4_obj => $rc4_obj,
#	  rmd160_obj => $rmd160_obj,
#	  rc5_obj => $rc5_obj,
#	  wp_obj => $wp_obj,
#	  cmll_obj => $cmll_obj,
#	  modes_obj => $modes_obj,
#	  engines_obj => $engines_obj,
#	  dso_scheme => $dso_scheme,
#	  shared_target => $shared_target,
#	  shared_cflag => $shared_cflag,
#	  shared_ldflag => $shared_ldflag,
#	  shared_extension => $shared_extension,
#	  ranlib => $ranlib,
#	  arflags => $arflags,
#	  multilib => $multilib
#	}
#
# The configuration reader will do what it can to translate everything into
# new style config hash tables, including merging $target and debug-$target
# if they are similar enough.
#
# The configuration hashes can refer to templates in two different manners:
#
# - as part of the hash, one can have a key called 'inherit_from' that
#   indicate what other configuration hashes to inherit data from.
#   These are resolved recursively.
#
#   Inheritance works as a set of default values that can be overriden
#   by corresponding attribute values in the inheriting configuration.
#
#   If several configurations are given in the 'inherit_from' array, the
#   values of same attribute are concatenated with space separation.
#   With this, it's possible to have several smaller templates for
#   different configuration aspects that can be combined into a complete
#   configuration.
#
#   Example:
#
#	"foo" => {
#		template => 1,
#		haha => "haha",
#		hoho => "ho"
#	},
#	"bar" => {
#		template => 1,
#		hoho => "ho",
#		hehe => "hehe"
#	},
#	"laughter" => {
#		inherit_from => [ "foo", "bar" ],
#	}
#
#	The entry for "foo" will become as follows after processing:
#
#	"laughter" => {
#		haha => "haha",
#		hoho => "ho ho",
#		hehe => "hehe"
#	}
#
#   Note 1: any entry from the table can be used as a template.
#   Note 2: pure templates have the attribute 'template => 1' and cannot
#           be used as targets.
#
# - instead of a string, one can have a code block of the form
#   'sub { /* your code here */ }', where the arguments are the list of
#   inherited values for that key.  In fact, the concatenation of strings
#   is really done by using 'sub { join(" ",@_) }' on the list of inherited
#   values.
#
#   Example:
#
#	"foo" => {
#		template => 1,
#		haha => "ha ha",
#		hoho => "ho",
#		ignored => "This should not appear in the end result",
#	},
#	"bar" => {
#		template => 1,
#		haha => "ah",
#		hoho => "haho",
#		hehe => "hehe"
#	},
#	"laughter" => {
#		inherit_from => [ "foo", "bar" ],
#		hehe => sub { join(" ",(@_,"!!!")) },
#		ignored => "",
#	}
#
#	The entry for "foo" will become as follows after processing:
#
#	"laughter" => {
#		haha => "ha ha ah",
#		hoho => "ho haho",
#		hehe => "hehe !!!",
#		ignored => ""
#	}
#

my %table=(

    # All these templates are merely a translation of the corresponding
    # variables further up.
    #
    # Note: as long as someone might use old style configuration strings,
    # or we bother supporting that, those variables need to stay

    x86_asm => {
	template	=> 1,
	cpuid_obj	=> "x86cpuid.o",
	bn_obj		=> "bn-586.o co-586.o x86-mont.o x86-gf2m.o",
	ec_obj		=> "ecp_nistz256.o ecp_nistz256-x86.o",
	des_obj		=> "des-586.o crypt586.o",
	aes_obj		=> "aes-586.o vpaes-x86.o aesni-x86.o",
	bf_obj		=> "bf-586.o",
	md5_obj		=> "md5-586.o",
	sha1_obj	=> "sha1-586.o sha256-586.o sha512-586.o",
	rc4_obj		=> "rc4-586.o",
	rmd160_obj	=> "rmd-586.o",
	rc5_obj		=> "rc5-586.o",
	wp_obj		=> "wp_block.o wp-mmx.o",
	cmll_obj	=> "cmll-x86.o",
	modes_obj	=> "ghash-x86.o",
	engines_obj	=> "e_padlock-x86.o"
    },
    x86_elf_asm => {
	template	=> 1,
	inherit_from	=> [ "x86_asm" ],
	perlasm_scheme	=> "elf"
    },
    x86_64_asm => {
	template	=> 1,
	cpuid_obj       => "x86_64cpuid.o",
	bn_obj          => "x86_64-gcc.o x86_64-mont.o x86_64-mont5.o x86_64-gf2m.o rsaz_exp.o rsaz-x86_64.o rsaz-avx2.o",
	ec_obj          => "ecp_nistz256.o ecp_nistz256-x86_64.o",
	aes_obj         => "aes-x86_64.o vpaes-x86_64.o bsaes-x86_64.o aesni-x86_64.o aesni-sha1-x86_64.o aesni-sha256-x86_64.o aesni-mb-x86_64.o",
	md5_obj         => "md5-x86_64.o",
	sha1_obj        => "sha1-x86_64.o sha256-x86_64.o sha512-x86_64.o sha1-mb-x86_64.o sha256-mb-x86_64.o",
	rc4_obj         => "rc4-x86_64.o rc4-md5-x86_64.o",
	wp_obj          => "wp-x86_64.o",
	cmll_obj        => "cmll-x86_64.o cmll_misc.o",
	modes_obj       => "ghash-x86_64.o aesni-gcm-x86_64.o",
	engines_obj     => "e_padlock-x86_64.o"
    },
    ia64_asm => {
	template	=> 1,
	cpuid_obj       => "ia64cpuid.o",
	bn_obj          => "bn-ia64.o ia64-mont.o",
	aes_obj         => "aes_core.o aes_cbc.o aes-ia64.o",
	md5_obj         => "md5-ia64.o",
	sha1_obj        => "sha1-ia64.o sha256-ia64.o sha512-ia64.o",
	rc4_obj         => "rc4-ia64.o rc4_skey.o",
	modes_obj       => "ghash-ia64.o",
	perlasm_scheme	=> "void"
    },
    sparcv9_asm => {
	template	=> 1,
	cpuid_obj       => "sparcv9cap.o sparccpuid.o",
	bn_obj          => "bn-sparcv9.o sparcv9-mont.o sparcv9a-mont.o vis3-mont.o sparct4-mont.o sparcv9-gf2m.o",
        ec_obj          => "ecp_nistz256.o ecp_nistz256-sparcv9.o",
	des_obj         => "des_enc-sparc.o fcrypt_b.o dest4-sparcv9.o",
	aes_obj         => "aes_core.o aes_cbc.o aes-sparcv9.o aest4-sparcv9.o",
	md5_obj         => "md5-sparcv9.o",
	sha1_obj        => "sha1-sparcv9.o sha256-sparcv9.o sha512-sparcv9.o",
	cmll_obj        => "camellia.o cmll_misc.o cmll_cbc.o cmllt4-sparcv9.o",
	modes_obj       => "ghash-sparcv9.o",
	perlasm_scheme	=> "void"
    },
    sparcv8_asm => {
	template	=> 1,
	cpuid_obj       => "",
	bn_obj          => "sparcv8.o",
	des_obj         => "des_enc-sparc.o fcrypt_b.o",
	perlasm_scheme	=> "void"
    },
    alpha_asm => {
	template	=> 1,
	cpuid_obj       => "alphacpuid.o",
	bn_obj          => "bn_asm.o alpha-mont.o",
	sha1_obj        => "sha1-alpha.o",
	modes_obj       => "ghash-alpha.o",
	perlasm_scheme	=> "void"
    },
    mips32_asm => {
	template	=> 1,
	bn_obj          => "bn-mips.o mips-mont.o",
	aes_obj         => "aes_cbc.o aes-mips.o",
	sha1_obj        => "sha1-mips.o sha256-mips.o",
    },
    mips64_asm => {
	inherit_from	=> [ "mips32_asm" ],
	template	=> 1,
	sha1_obj        => sub { join(" ", @_, "sha512-mips.o") }
    },
    s390x_asm => {
	template	=> 1,
	cpuid_obj       => "s390xcap.o s390xcpuid.o",
	bn_obj          => "bn-s390x.o s390x-mont.o s390x-gf2m.o",
	aes_obj         => "aes-s390x.o aes-ctr.o aes-xts.o",
	sha1_obj        => "sha1-s390x.o sha256-s390x.o sha512-s390x.o",
	rc4_obj         => "rc4-s390x.o",
	modes_obj       => "ghash-s390x.o",
    },
    armv4_asm => {
	template	=> 1,
	cpuid_obj       => "armcap.o armv4cpuid.o",
	bn_obj          => "bn_asm.o armv4-mont.o armv4-gf2m.o",
	ec_obj          => "ecp_nistz256.o ecp_nistz256-armv4.o",
	aes_obj         => "aes_cbc.o aes-armv4.o bsaes-armv7.o aesv8-armx.o",
	sha1_obj        => "sha1-armv4-large.o sha256-armv4.o sha512-armv4.o",
	modes_obj       => "ghash-armv4.o ghashv8-armx.o",
	perlasm_scheme	=> "void"
    },
    aarch64_asm => {
	template	=> 1,
	cpuid_obj       => "armcap.o arm64cpuid.o mem_clr.o",
	ec_obj          => "ecp_nistz256.o ecp_nistz256-armv8.o",
	bn_obj          => "bn_asm.o armv8-mont.o",
	aes_obj         => "aes_core.o aes_cbc.o aesv8-armx.o vpaes-armv8.o",
	sha1_obj        => "sha1-armv8.o sha256-armv8.o sha512-armv8.o",
	modes_obj       => "ghashv8-armx.o",
    },
    parisc11_asm => {
	template	=> 1,
	cpuid_obj       => "pariscid.o",
	bn_obj          => "bn_asm.o parisc-mont.o",
	aes_obj         => "aes_core.o aes_cbc.o aes-parisc.o",
	sha1_obj        => "sha1-parisc.o sha256-parisc.o sha512-parisc.o",
	rc4_obj         => "rc4-parisc.o",
	modes_obj       => "ghash-parisc.o",
	perlasm_scheme	=> "32"
    },
    parisc20_64_asm => {
	template	=> 1,
	inherit_from	=> [ "parisc11_asm" ],
	bn_obj          => sub { my $r=join(" ",@_); $r=~s/bn_asm/pa-risc2W/; $r; },
	perlasm_scheme	=> "64",
    },
    ppc64_asm => {
	template	=> 1,
	cpuid_obj       => "ppccpuid.o ppccap.o",
	bn_obj          => "bn-ppc.o ppc-mont.o ppc64-mont.o",
	aes_obj         => "aes_core.o aes_cbc.o aes-ppc.o vpaes-ppc.o aesp8-ppc.o",
	sha1_obj        => "sha1-ppc.o sha256-ppc.o sha512-ppc.o sha256p8-ppc.o sha512p8-ppc.o",
	modes_obj       => "ghashp8-ppc.o",
    },
    ppc32_asm => {
	inherit_from	=> [ "ppc64_asm" ],
	template	=> 1
    },
);

{   my $no_asm_templates=0;
    foreach (@ARGV) { $no_asm_templates=1 if (/^\-?no\-asm$/); }
    sub asm { $no_asm_templates?():@_; }
}


sub stringtohash {
    my $in = shift @_;
    if (ref($in) eq "HASH") {
	return $in;
    }
    my @stringsequence = (
	"cc",
	"cflags",
	"unistd",
	"thread_cflag",
	"sys_id",
	"lflags",
	"bn_ops",
	"cpuid_obj",
	"bn_obj",
	"ec_obj",
	"des_obj",
	"aes_obj",
	"bf_obj",
	"md5_obj",
	"sha1_obj",
	"cast_obj",
	"rc4_obj",
	"rmd160_obj",
	"rc5_obj",
	"wp_obj",
	"cmll_obj",
	"modes_obj",
	"engines_obj",
	"perlasm_scheme",
	"dso_scheme",
	"shared_target",
	"shared_cflag",
	"shared_ldflag",
	"shared_extension",
	"ranlib",
	"arflags",
	"multilib",
	);

    # return a ref to a hash, that's what the outer braces are for.
    return { map { shift @stringsequence => $_ } split /:/, $in };
};

# Read configuration target stanzas from a file, so that people can have
# local files with their own definitions
sub read_config {
	my $fname = shift;
	open(CONFFILE, "< $fname")
		or die "Can't open configuration file '$fname'!\n";
        my $x = $/;
        undef $/;
	my $content = <CONFFILE>;
        $/ = $x;
	close(CONFFILE);
	my %targets = ();
	eval $content;

	# Make sure we have debug- targets first
	my @keys =
	    sort {
		my $a_nd = $a =~ m/^debug-/ ? $' :$a;
		my $b_nd = $b =~ m/^debug-/ ? $' :$b;
		my $res = 0;

		if (($a_nd == $a) == ($b_nd == $b)) {
		    # they are both debug- or not, compare them as they are
		    $res = $a cmp $b;
		} elsif ($a_nd != $a) {
		    # $a is debug-, make it lesser
		    $res = -1;
		} else {
		    # $b is debug-, make $a greater
		    $res = 1;
		}
		$res;
	    } keys %targets;

	foreach (@keys) {
	    if (ref($targets{$_}) ne "HASH") {
		# Value is assumed to be a string.  Split it up to
		# become a hash table of parameters.  Also, try to
		# merge debug- variants with the non-debug target.

		# Start with converting the value from a string to a
		# standardised hash of fields.  Using $tohash is safe,
		# if the input is already a hash ref, it's just returned
		# back.
		$targets{$_} = stringtohash($targets{$_});

		# If the current target is a debug target, there might
		# be a corresponding non-debug target that we can merge
		# with.  If it isn't a debug- target, we've already done
		# as much merging as we can and do not need to bother
		# with that any more.
		if ($_ =~ m/^debug-/) {
		    my $debugkey = $_;
		    my $nondebugkey = $';
		    my $debug = $targets{$debugkey};
		    my $nondebug;

		    if ($targets{$nondebugkey}) {
			$nondebug = stringtohash($targets{$nondebugkey});
		    }

		    if ($nondebug) {
			# There's both a debug and non-debug variant of
			# this target, so we should try to merge them
			# together.

			# First, check that the non-debug variant isn't
			# already built up with all it should have.
			if ($nondebug->{debug_cflags}
			    || $nondebug->{release_cflags}
			    || $nondebug->{debug_lflags}
			    || $nondebug->{release_lflags}) {
			    warn "there's a debug target $debugkey to be merged with a target $nondebugkey, but the latter seems to already have both nodebug and debug information.  This requires human intervention.  Skipping $debugkey...";
			    next;
			}

			# Now, check similarity.
			# For keys they have in common, support that
			# cflags and lflags can differ, otherwise they
			# must have exactly the same values for them
			# to be merged into one.
			my $similarenough = 1;
			for (keys %{$debug}) {
			    if ($nondebug->{$_} ne $debug->{$_}
				&& $_ !~ m/^[cl]flags$/) {
				$similarenough = 0;
				last;
			    }
			}

			if ($similarenough) {
			    # Here's where the magic happens, split the
			    # options in the debug and non-debug variants
			    # cflags and ldflags into three strings each,
			    # one with common flags, one with extra debug
			    # flags and one with extra non-debug flags.

			    # The result ends up in %h_nondebug, which
			    # becomes the merged variant when we're done.
			    # for each of cflags and lflags, they are
			    # replaced with cflags, debug_cflags,
			    # release_cflags and similar for lflags.
			    #
			    # The purpose is that 'cflags' should be
			    # used together with 'debug_cflags' or
			    # 'release_cflags' depending on what the
			    # user asks for.
			    foreach (("cflags", "lflags")) {
				my @list_d = split /\s+/, $debug->{$_};
				my @list_nd = split /\s+/, $nondebug->{$_};
				my %presence = (); # bitmap
						   # 1: present in @list_d
						   # 2: present in @list_nd
						   # 3: present in both
				map { $presence{$_} += 1; } @list_d;
				map { $presence{$_} += 2; } @list_nd;

				delete $nondebug->{$_};
				# Note: we build from the original lists to
				# preserve order, it might be important
				$nondebug->{"debug-".$_} =
				    join(" ",
					 grep { $presence{$_} == 1 } @list_d);
				$nondebug->{"nodebug-".$_} =
				    join(" ",
					 grep { $presence{$_} == 2 } @list_nd);
				$nondebug->{$_} =
				    join(" ",
					 grep { $presence{$_} == 3 } @list_d);
			    }

			    $targets{$nondebugkey} = $nondebug;
			    delete $targets{$debugkey};
			}
		    }
		}
	    }
	}

	%table = (%table, %targets);

	# Local function to resolve inheritance
	my $resolve_inheritance;
	$resolve_inheritance =
	    sub {
		my $target = shift;
		my @breadcrumbs = @_;

		if (grep { $_ eq $target } @breadcrumbs) {
		    die "inherit_from loop!  target backtrace:\n  "
			,$target,"\n  ",join("\n  ", @breadcrumbs),"\n";
		}

		# Recurse through all inheritances.  They will be resolved on
		# the fly, so when this operation is done, they will all just
		# be a bunch of attributes with string values.
		# What we get here, though, are keys with references to lists
		# of the combined values of them all.  We will deal with lists
		# after this stage is done.
		my %combined_inheritance = ();
		if ($table{$target}->{inherit_from}) {
		    foreach (@{$table{$target}->{inherit_from}}) {
			my %inherited_config =
			    $resolve_inheritance->($_, $target, @breadcrumbs);

			# 'template' is a marker that's considered private to
			# the config that had it.
			delete $inherited_config{template};

			map {
			    if (!$combined_inheritance{$_}) {
				$combined_inheritance{$_} = [];
			    }
			    push @{$combined_inheritance{$_}}, $inherited_config{$_};
			} keys %inherited_config;
		    }
		}

		# We won't need inherit_from in this target any more, since
		# we've resolved all the inheritances that lead to this
		delete $table{$target}->{inherit_from};

		# Now is the time to deal with those lists.  Here's the place
		# to decide what shall be done with those lists, all based on
		# the values of the target we're currently dealing with.
		# - If a value is a coderef, it will be executed with the list
		#   of inherited values as arguments.
		# - If the corresponding key doesn't have a value at all or is
		#   the emoty string, the inherited value list will be run
		#   through the default combiner (below), and the result
		#   becomes this target's value.
		# - Otherwise, this target's value is assumed to be a string
		#   that will simply override the inherited list of values.
		my $default_combiner = sub { join(' ',@_) };

		my %all_keys =
		    map { $_ => 1 } (keys %combined_inheritance,
				     keys %{$table{$target}});
		foreach (sort keys %all_keys) {

		    # Current target doesn't have a value for the current key?
		    # Assign it the default combiner, the rest of this loop
		    # body will handle it just like any other coderef.
		    if (!exists $table{$target}->{$_}) {
			$table{$target}->{$_} = $default_combiner;
		    }

		    my $valuetype = ref($table{$target}->{$_});
		    if ($valuetype eq "CODE") {
			# CODE reference, execute it with the inherited values
			# as arguments.
			$table{$target}->{$_} =
			    $table{$target}->{$_}->(@{$combined_inheritance{$_}});
		    } elsif ($valuetype eq "") {
			# Scalar, just leave it as is.
		    } else {
			# Some other type of reference that we don't handle.
			# Better to abort at this point.
			die "cannot handle reference type $valuetype,"
			    ," found in target $target -> $_\n";
		    }
		}

		# Finally done, return the result.
		%{$table{$target}};
	};

	# Go through all new targets and resolve inheritance and template
	# references.
	foreach (keys %targets) {
	    # We're ignoring the returned values here, they are only valuable
	    # to the inner recursion of this function.
	    $resolve_inheritance->($_);
	}
}

my ($vol, $dir, $dummy) = File::Spec->splitpath($0);
my $pattern = File::Spec->catpath($vol, $dir, "Configurations/*.conf");
foreach (sort glob($pattern) ) {
    &read_config($_);
}

my @MK1MF_Builds=qw(VC-WIN64I VC-WIN64A
		    debug-VC-WIN64I debug-VC-WIN64A
		    VC-NT VC-CE VC-WIN32 debug-VC-WIN32
		    BC-32
		    netware-clib netware-clib-bsdsock
		    netware-libc netware-libc-bsdsock);

my $prefix="";
my $libdir="";
my $openssldir="";
my $exe_ext="";
my $install_prefix= "$ENV{'INSTALL_PREFIX'}";
my $cross_compile_prefix="";
my $fipslibdir="/usr/local/ssl/fips-2.0/lib/";
my $nofipscanistercheck=0;
my $baseaddr="0xFB00000";
my $no_threads=0;
my $threads=0;
my $no_shared=0; # but "no-shared" is default
my $zlib=1;      # but "no-zlib" is default
my $no_krb5=0;   # but "no-krb5" is implied unless "--with-krb5-..." is used
my $no_rfc3779=1; # but "no-rfc3779" is default
my $no_asm=0;
my $no_dso=0;
my $no_gmp=0;
my @skip=();
my $Makefile="Makefile";
my $des_locl="crypto/des/des_locl.h";
my $des	="include/openssl/des.h";
my $bn	="include/openssl/bn.h";
my $md2	="include/openssl/md2.h";
my $rc4	="include/openssl/rc4.h";
my $rc4_locl="crypto/rc4/rc4_locl.h";
my $idea	="include/openssl/idea.h";
my $rc2	="include/openssl/rc2.h";
my $bf	="crypto/bf/bf_locl.h";
my $bn_asm	="bn_asm.o";
my $des_enc="des_enc.o fcrypt_b.o";
my $aes_enc="aes_core.o aes_cbc.o";
my $bf_enc	="bf_enc.o";
my $cast_enc="c_enc.o";
my $rc4_enc="rc4_enc.o rc4_skey.o";
my $rc5_enc="rc5_enc.o";
my $cmll_enc="camellia.o cmll_misc.o cmll_cbc.o";
my $processor="";
my $default_ranlib;
my $perl;
my $fips=0;

# All of the following is disabled by default (RC5 was enabled before 0.9.8):

my %disabled = ( # "what"         => "comment" [or special keyword "experimental"]
		 "deprecated" => "default",
		 "ec_nistp_64_gcc_128" => "default",
		 "gmp"		  => "default",
		 "jpake"          => "experimental",
		 "md2"            => "default",
		 "rc5"            => "default",
		 "rfc3779"	  => "default",
		 "sctp"       => "default",
		 "shared"         => "default",
		 "ssl-trace"	  => "default",
		 "store"	  => "experimental",
		 "unit-test"	  => "default",
		 "zlib"           => "default",
		 "zlib-dynamic"   => "default"
	       );
my @experimental = ();

# This is what $depflags will look like with the above defaults
# (we need this to see if we should advise the user to run "make depend"):
my $default_depflags = " -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_EC_NISTP_64_GCC_128 -DOPENSSL_NO_GMP -DOPENSSL_NO_JPAKE -DOPENSSL_NO_MD2 -DOPENSSL_NO_RC5 -DOPENSSL_NO_RFC3779 -DOPENSSL_NO_SCTP -DOPENSSL_NO_SSL_TRACE -DOPENSSL_NO_STORE -DOPENSSL_NO_UNIT_TEST";

# Explicit "no-..." options will be collected in %disabled along with the defaults.
# To remove something from %disabled, use "enable-foo" (unless it's experimental).
# For symmetry, "disable-foo" is a synonym for "no-foo".

# For features called "experimental" here, a more explicit "experimental-foo" is needed to enable.
# We will collect such requests in @experimental.
# To avoid accidental use of experimental features, applications will have to use -DOPENSSL_EXPERIMENTAL_FOO.


my $no_sse2=0;

&usage if ($#ARGV < 0);

my $flags;
my $depflags;
my $openssl_experimental_defines;
my $openssl_algorithm_defines;
my $openssl_thread_defines;
my $openssl_sys_defines="";
my $openssl_other_defines;
my $libs;
my $libkrb5="";
my $target;
my $options;
my $make_depend=0;
my %withargs=();
my $build_prefix = "release_";

my @argvcopy=@ARGV;
my $argvstring="";
my $argv_unprocessed=1;

while($argv_unprocessed)
	{
	$flags="";
	$depflags="";
	$openssl_experimental_defines="";
	$openssl_algorithm_defines="";
	$openssl_thread_defines="";
	$openssl_sys_defines="";
	$openssl_other_defines="";
	$libs="";
	$target="";
	$options="";

	$argv_unprocessed=0;
	$argvstring=join(' ',@argvcopy);

PROCESS_ARGS:
	foreach (@argvcopy)
		{
		s /^-no-/no-/; # some people just can't read the instructions

		# rewrite some options in "enable-..." form
		s /^-?-?shared$/enable-shared/;
		s /^sctp$/enable-sctp/;
		s /^threads$/enable-threads/;
		s /^zlib$/enable-zlib/;
		s /^zlib-dynamic$/enable-zlib-dynamic/;

		if (/^no-(.+)$/ || /^disable-(.+)$/)
			{
			if (!($disabled{$1} eq "experimental"))
				{
				if ($1 eq "ssl")
					{
					$disabled{"ssl3"} = "option(ssl)";
					}
				elsif ($1 eq "tls")
					{
					$disabled{"tls1"} = "option(tls)"
					}
				elsif ($1 eq "ssl3-method")
					{
					$disabled{"ssl3-method"} = "option(ssl)";
					$disabled{"ssl3"} = "option(ssl)";
					}
				else
					{
					$disabled{$1} = "option";
					}
				}
			}
		elsif (/^enable-(.+)$/ || /^experimental-(.+)$/)
			{
			my $algo = $1;
			if ($disabled{$algo} eq "experimental")
				{
				die "You are requesting an experimental feature; please say 'experimental-$algo' if you are sure\n"
					unless (/^experimental-/);
				push @experimental, $algo;
				}
			delete $disabled{$algo};

			$threads = 1 if ($algo eq "threads");
			}
		elsif (/^--test-sanity$/)
			{
			exit(&test_sanity());
			}
		elsif (/^--strict-warnings$/)
			{
			$strict_warnings = 1;
			}
		elsif (/^--debug$/)
			{
			$build_prefix = "debug_";
			}
		elsif (/^--release$/)
			{
			$build_prefix = "release_";
			}
		elsif (/^reconfigure/ || /^reconf/)
			{
			if (open(IN,"<$Makefile"))
				{
				while (<IN>)
					{
					chomp;
					if (/^CONFIGURE_ARGS=(.*)/)
						{
						$argvstring=$1;
						@argvcopy=split(' ',$argvstring);
						die "Incorrect data to reconfigure, please do a normal configuration\n"
							if (grep(/^reconf/,@argvcopy));
						print "Reconfiguring with: $argvstring\n";
						$argv_unprocessed=1;
						close(IN);
						last PROCESS_ARGS;
						}
					}
				close(IN);
				}
			die "Insufficient data to reconfigure, please do a normal configuration\n";
			}
		elsif (/^386$/)
			{ $processor=386; }
		elsif (/^fips$/)
			{
			$fips=1;
			}
		elsif (/^rsaref$/)
			{
			# No RSAref support any more since it's not needed.
			# The check for the option is there so scripts aren't
			# broken
			}
		elsif (/^nofipscanistercheck$/)
			{
			$fips = 1;
			$nofipscanistercheck = 1;
			}
		elsif (/^[-+]/)
			{
			if (/^--prefix=(.*)$/)
				{
				$prefix=$1;
				}
			elsif (/^--libdir=(.*)$/)
				{
				$libdir=$1;
				}
			elsif (/^--openssldir=(.*)$/)
				{
				$openssldir=$1;
				}
			elsif (/^--install.prefix=(.*)$/)
				{
				$install_prefix=$1;
				}
			elsif (/^--with-krb5-(dir|lib|include|flavor)=(.*)$/)
				{
				$withargs{"krb5-".$1}=$2;
				}
			elsif (/^--with-zlib-lib=(.*)$/)
				{
				$withargs{"zlib-lib"}=$1;
				}
			elsif (/^--with-zlib-include=(.*)$/)
				{
				$withargs{"zlib-include"}="-I$1";
				}
			elsif (/^--with-fipslibdir=(.*)$/)
				{
				$fipslibdir="$1/";
				}
			elsif (/^--with-baseaddr=(.*)$/)
				{
				$baseaddr="$1";
				}
			elsif (/^--cross-compile-prefix=(.*)$/)
				{
				$cross_compile_prefix=$1;
				}
			elsif (/^--config=(.*)$/)
				{
				read_config $1;
				}
			elsif (/^-[lL](.*)$/ or /^-Wl,/)
				{
				$libs.=$_." ";
				}
			else	# common if (/^[-+]/), just pass down...
				{
				$_ =~ s/%([0-9a-f]{1,2})/chr(hex($1))/gei;
				$flags.=$_." ";
				}
			}
		elsif ($_ =~ /^([^:]+):(.+)$/)
			{
			eval "\$table{\$1} = \"$2\""; # allow $xxx constructs in the string
			$target=$1;
			}
		else
			{
			die "target already defined - $target (offending arg: $_)\n" if ($target ne "");
			$target=$_;
			}

		unless ($_ eq $target || /^no-/ || /^disable-/)
			{
			# "no-..." follows later after implied disactivations
			# have been derived.  (Don't take this too seroiusly,
			# we really only write OPTIONS to the Makefile out of
			# nostalgia.)

			if ($options eq "")
				{ $options = $_; }
			else
				{ $options .= " ".$_; }
			}
		}
	}



if ($processor eq "386")
	{
	$disabled{"sse2"} = "forced";
	}

if (!defined($withargs{"krb5-flavor"}) || $withargs{"krb5-flavor"} eq "")
	{
	$disabled{"krb5"} = "krb5-flavor not specified";
	}

if (!defined($disabled{"zlib-dynamic"}))
	{
	# "zlib-dynamic" was specifically enabled, so enable "zlib"
	delete $disabled{"zlib"};
	}

if (defined($disabled{"rijndael"}))
	{
	$disabled{"aes"} = "forced";
	}
if (defined($disabled{"des"}))
	{
	$disabled{"mdc2"} = "forced";
	}
if (defined($disabled{"ec"}))
	{
	$disabled{"ecdsa"} = "forced";
	$disabled{"ecdh"} = "forced";
	}

# SSL 3.0 and TLS requires MD5 and SHA and either RSA or DSA+DH
if (defined($disabled{"md5"}) || defined($disabled{"sha"})
    || (defined($disabled{"rsa"})
        && (defined($disabled{"dsa"}) || defined($disabled{"dh"}))))
	{
	$disabled{"ssl3"} = "forced";
	$disabled{"tls1"} = "forced";
	}

if (defined($disabled{"tls1"}))
	{
	$disabled{"tlsext"} = "forced";
	}

if (defined($disabled{"ec"}) || defined($disabled{"dsa"})
    || defined($disabled{"dh"}))
	{
	$disabled{"gost"} = "forced";
	}

# SRP and HEARTBEATS require TLSEXT
if (defined($disabled{"tlsext"}))
	{
	$disabled{"srp"} = "forced";
	$disabled{"heartbeats"} = "forced";
	}

if ($target eq "TABLE") {
	foreach $target (sort keys %table) {
		print_table_entry($target, "TABLE");
	}
	exit 0;
}

if ($target eq "LIST") {
	foreach (sort keys %table) {
		print;
		print "\n";
	}
	exit 0;
}

if ($target eq "HASH") {
	print "%table = (\n";
	foreach (sort keys %table) {
		print_table_entry($_, "HASH");
	}
	exit 0;
}

if ($target =~ m/^CygWin32(-.*)$/) {
	$target = "Cygwin".$1;
}

print "Configuring for $target\n";

# Support for legacy targets having a name starting with 'debug-'
my ($d, $t) = $target =~ m/^(debug-)?(.*)$/;
if ($d) {
    $build_prefix = "debug_";

    # If we do not find debug-foo in the table, the target is set to foo,
    # but only if the foo target has a noon-empty debug_cflags or debug_lflags
    # attribute.
    if (!$table{$target} && ($table{$t}->{debug_cflags}
			     || $table{$t}->{debug_lflags})) {
	$target = $t;
    }
}

&usage if (!defined($table{$target})
	   || $table{$target}->{template}
	   || ($build_prefix eq "debug_"
	       && $target !~ /^debug-/
	       && !($table{$target}->{debug_cflags}
		    || $table{$target}->{debug_lflags})));

if ($fips)
	{
	delete $disabled{"shared"} if ($disabled{"shared"} eq "default");
	}

foreach (sort (keys %disabled))
	{
	$options .= " no-$_";

	printf "    no-%-12s %-10s", $_, "[$disabled{$_}]";

	if (/^dso$/)
		{ $no_dso = 1; }
	elsif (/^threads$/)
		{ $no_threads = 1; }
	elsif (/^shared$/)
		{ $no_shared = 1; }
	elsif (/^zlib$/)
		{ $zlib = 0; }
	elsif (/^static-engine$/)
		{ }
	elsif (/^zlib-dynamic$/)
		{ }
	elsif (/^sse2$/)
		{ $no_sse2 = 1; }
	else
		{
		my ($ALGO, $algo);
		($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/;

		if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/)
			{
			$openssl_other_defines .= "#define OPENSSL_NO_$ALGO\n";
			print " OPENSSL_NO_$ALGO";

			if (/^err$/)	{ $flags .= "-DOPENSSL_NO_ERR "; }
			elsif (/^asm$/)	{ $no_asm = 1; }
			}
		else
			{
			($ALGO,$algo) = ("RMD160","rmd160") if ($algo eq "ripemd");

			$openssl_algorithm_defines .= "#define OPENSSL_NO_$ALGO\n";
			print " OPENSSL_NO_$ALGO";

			if (/^krb5$/)
				{ $no_krb5 = 1; }
			else
				{
				push @skip, $algo;
				# fix-up crypto/directory name(s)
				$skip[$#skip]="whrlpool" if $algo eq "whirlpool";
				$skip[$#skip]="ripemd" if $algo eq "rmd160";

				print " (skip dir)";

				$depflags .= " -DOPENSSL_NO_$ALGO";
				}
			}
		}

	print "\n";
	}

my $exp_cflags = "";

foreach (sort @experimental)
	{
	my $ALGO;
	($ALGO = $_) =~ tr/[a-z]/[A-Z]/;

	# opensslconf.h will set OPENSSL_NO_... unless OPENSSL_EXPERIMENTAL_... is defined
	$openssl_experimental_defines .= "#define OPENSSL_NO_$ALGO\n";
	$exp_cflags .= " -DOPENSSL_EXPERIMENTAL_$ALGO";
	}

my $IsMK1MF=scalar grep /^$target$/,@MK1MF_Builds;

$exe_ext=".exe" if ($target eq "Cygwin" || $target eq "DJGPP" || $target =~ /^mingw/);
$exe_ext=".nlm" if ($target =~ /netware/);
$exe_ext=".pm"  if ($target =~ /vos/);
$openssldir="/usr/local/ssl" if ($openssldir eq "" and $prefix eq "");
$prefix=$openssldir if $prefix eq "";

$default_ranlib= &which("ranlib") or $default_ranlib="true";
$perl=$ENV{'PERL'} or $perl=&which("perl5") or $perl=&which("perl")
  or $perl="perl";
my $make = $ENV{'MAKE'} || "make";

$cross_compile_prefix=$ENV{'CROSS_COMPILE'} if $cross_compile_prefix eq "";

chop $openssldir if $openssldir =~ /\/$/;
chop $prefix if $prefix =~ /.\/$/;

$openssldir=$prefix . "/ssl" if $openssldir eq "";
$openssldir=$prefix . "/" . $openssldir if $openssldir !~ /(^\/|^[a-zA-Z]:[\\\/])/;


print "IsMK1MF=$IsMK1MF\n";

# Allow environment CC to override compiler...
my $cc = $ENV{CC} || $table{$target}->{cc};

# For cflags and lflags, add the debug_ or release_ attributes
# Do it in such a way that no spurious space is appended (hence the grep).
my $cflags = join(" ",
		  grep { $_ } ($table{$target}->{cflags},
			       $table{$target}->{$build_prefix."cflags"}));
my $lflags = join(" ",
		  grep { $_ } ($table{$target}->{lflags},
			       $table{$target}->{$build_prefix."lflags"}));

my $unistd = $table{$target}->{unistd};
my $thread_cflag = $table{$target}->{thread_cflag};
my $sys_id = $table{$target}->{sys_id};
my $bn_ops = $table{$target}->{bn_ops};
my $cpuid_obj = $table{$target}->{cpuid_obj};
my $bn_obj = $table{$target}->{bn_obj};
my $ec_obj = $table{$target}->{ec_obj};
my $des_obj = $table{$target}->{des_obj};
my $aes_obj = $table{$target}->{aes_obj};
my $bf_obj = $table{$target}->{bf_obj};
my $md5_obj = $table{$target}->{md5_obj};
my $sha1_obj = $table{$target}->{sha1_obj};
my $cast_obj = $table{$target}->{cast_obj};
my $rc4_obj = $table{$target}->{rc4_obj};
my $rmd160_obj = $table{$target}->{rmd160_obj};
my $rc5_obj = $table{$target}->{rc5_obj};
my $wp_obj = $table{$target}->{wp_obj};
my $cmll_obj = $table{$target}->{cmll_obj};
my $modes_obj = $table{$target}->{modes_obj};
my $engines_obj = $table{$target}->{engines_obj};
my $perlasm_scheme = $table{$target}->{perlasm_scheme};
my $dso_scheme = $table{$target}->{dso_scheme};
my $shared_target = $table{$target}->{shared_target};
my $shared_cflag = $table{$target}->{shared_cflag};
my $shared_ldflag = $table{$target}->{shared_ldflag};
my $shared_extension = $table{$target}->{shared_extension};
my $ranlib = $ENV{'RANLIB'} || $table{$target}->{ranlib};
my $ar = $ENV{'AR'} || "ar";
my $arflags = $table{$target}->{arflags};
my $multilib = $table{$target}->{multilib};

# if $prefix/lib$multilib is not an existing directory, then
# assume that it's not searched by linker automatically, in
# which case adding $multilib suffix causes more grief than
# we're ready to tolerate, so don't...
$multilib="" if !-d "$prefix/lib$multilib";

$libdir="lib$multilib" if $libdir eq "";

$cflags = "$cflags$exp_cflags";

# '%' in $lflags is used to split flags to "pre-" and post-flags
my ($prelflags,$postlflags)=split('%',$lflags);
if (defined($postlflags))	{ $lflags=$postlflags;	}
else				{ $lflags=$prelflags; undef $prelflags;	}

if ($target =~ /^mingw/ && `$cc --target-help 2>&1` !~ m/\-mno\-cygwin/m)
	{
	$cflags =~ s/\-mno\-cygwin\s*//;
	$shared_ldflag =~ s/\-mno\-cygwin\s*//;
	}

if ($target =~ /linux.*\-mips/ && !$no_asm && $flags !~ /\-m(ips|arch=)/) {
	# minimally required architecture flags for assembly modules
	$cflags="-mips2 $cflags" if ($target =~ /mips32/);
	$cflags="-mips3 $cflags" if ($target =~ /mips64/);
}

my $no_shared_warn=0;
my $no_user_cflags=0;

if ($flags ne "")	{ $cflags="$flags$cflags"; }
else			{ $no_user_cflags=1;       }

# Kerberos settings.  The flavor must be provided from outside, either through
# the script "config" or manually.
if (!$no_krb5)
	{
	my ($lresolv, $lpath, $lext);
	if ($withargs{"krb5-flavor"} =~ /^[Hh]eimdal$/)
		{
		die "Sorry, Heimdal is currently not supported\n";
		}
	##### HACK to force use of Heimdal.
	##### WARNING: Since we don't really have adequate support for Heimdal,
	#####          using this will break the build.  You'll have to make
	#####          changes to the source, and if you do, please send
	#####          patches to openssl-dev@openssl.org
	if ($withargs{"krb5-flavor"} =~ /^force-[Hh]eimdal$/)
		{
		warn "Heimdal isn't really supported.  Your build WILL break\n";
		warn "If you fix the problems, please send a patch to openssl-dev\@openssl.org\n";
		$withargs{"krb5-dir"} = "/usr/heimdal"
			if $withargs{"krb5-dir"} eq "";
		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
			"/lib -lgssapi -lkrb5 -lcom_err"
			if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
		$cflags="-DKRB5_HEIMDAL $cflags";
		}
	if ($withargs{"krb5-flavor"} =~ /^[Mm][Ii][Tt]/)
		{
		$withargs{"krb5-dir"} = "/usr/kerberos"
			if $withargs{"krb5-dir"} eq "";
		$withargs{"krb5-lib"} = "-L".$withargs{"krb5-dir"}.
			"/lib -lgssapi_krb5 -lkrb5 -lcom_err -lk5crypto"
			if $withargs{"krb5-lib"} eq "" && !$IsMK1MF;
		$cflags="-DKRB5_MIT $cflags";
		$withargs{"krb5-flavor"} =~ s/^[Mm][Ii][Tt][._-]*//;
		if ($withargs{"krb5-flavor"} =~ /^1[._-]*[01]/)
			{
			$cflags="-DKRB5_MIT_OLD11 $cflags";
			}
		}
	LRESOLV:
	foreach $lpath ("/lib", "/usr/lib")
		{
		foreach $lext ("a", "so")
			{
			$lresolv = "$lpath/libresolv.$lext";
			last LRESOLV	if (-r "$lresolv");
			$lresolv = "";
			}
		}
	$withargs{"krb5-lib"} .= " -lresolv"
		if ("$lresolv" ne "");
	$withargs{"krb5-include"} = "-I".$withargs{"krb5-dir"}."/include"
		if $withargs{"krb5-include"} eq "" &&
		   $withargs{"krb5-dir"} ne "";
	}

# The DSO code currently always implements all functions so that no
# applications will have to worry about that from a compilation point
# of view. However, the "method"s may return zero unless that platform
# has support compiled in for them. Currently each method is enabled
# by a define "DSO_<name>" ... we translate the "dso_scheme" config
# string entry into using the following logic;
my $dso_cflags;
if (!$no_dso && $dso_scheme ne "")
	{
	$dso_scheme =~ tr/[a-z]/[A-Z]/;
	if ($dso_scheme eq "DLFCN")
		{
		$dso_cflags = "-DDSO_DLFCN -DHAVE_DLFCN_H";
		}
	elsif ($dso_scheme eq "DLFCN_NO_H")
		{
		$dso_cflags = "-DDSO_DLFCN";
		}
	else
		{
		$dso_cflags = "-DDSO_$dso_scheme";
		}
	$cflags = "$dso_cflags $cflags";
	}

my $thread_cflags;
my $thread_defines;
if ($thread_cflag ne "(unknown)" && !$no_threads)
	{
	# If we know how to do it, support threads by default.
	$threads = 1;
	}
if ($thread_cflag eq "(unknown)" && $threads)
	{
	# If the user asked for "threads", [s]he is also expected to
	# provide any system-dependent compiler options that are
	# necessary.
	if ($no_user_cflags)
		{
		print "You asked for multi-threading support, but didn't\n";
		print "provide any system-specific compiler options\n";
		exit(1);
		}
	$thread_cflags="-DOPENSSL_THREADS $cflags" ;
	$thread_defines .= "#define OPENSSL_THREADS\n";
	}
else
	{
	$thread_cflags="-DOPENSSL_THREADS $thread_cflag $cflags";
	$thread_defines .= "#define OPENSSL_THREADS\n";
#	my $def;
#	foreach $def (split ' ',$thread_cflag)
#		{
#		if ($def =~ s/^-D// && $def !~ /^_/)
#			{
#			$thread_defines .= "#define $def\n";
#			}
#		}
	}

$lflags="$libs$lflags" if ($libs ne "");

if ($no_asm)
	{
	$cpuid_obj=$bn_obj=$ec_obj=
	$des_obj=$aes_obj=$bf_obj=$cast_obj=$rc4_obj=$rc5_obj=$cmll_obj=
	$modes_obj=$sha1_obj=$md5_obj=$rmd160_obj=$wp_obj=$engines_obj="";
	$cflags=~s/\-D[BL]_ENDIAN//		if ($fips);
	$thread_cflags=~s/\-D[BL]_ENDIAN//	if ($fips);
	}
elsif (defined($disabled{ec2m}))
	{
	$bn_obj =~ s/\w+-gf2m.o//;
	}

if (!$no_shared)
	{
	$cast_obj="";	# CAST assembler is not PIC
	}

if ($threads)
	{
	$cflags=$thread_cflags;
	$openssl_thread_defines .= $thread_defines;
	}

if ($zlib)
	{
	$cflags = "-DZLIB $cflags";
	if (defined($disabled{"zlib-dynamic"}))
		{
		if (defined($withargs{"zlib-lib"}))
			{
			$lflags = "$lflags -L" . $withargs{"zlib-lib"} . " -lz";
			}
		else
			{
			$lflags = "$lflags -lz";
			}
		}
	else
		{
		$cflags = "-DZLIB_SHARED $cflags";
		}
	}

#Build the library with OPENSSL_USE_DEPRECATED if deprecation is not disabled
if(!defined($disabled{"deprecated"}))
	{
	$cflags = "-DOPENSSL_USE_DEPRECATED $cflags";
	}

# You will find shlib_mark1 and shlib_mark2 explained in Makefile.org
my $shared_mark = "";
if ($shared_target eq "")
	{
	$no_shared_warn = 1 if !$no_shared && !$fips;
	$no_shared = 1;
	}
if (!$no_shared)
	{
	if ($shared_cflag ne "")
		{
		$cflags = "$shared_cflag -DOPENSSL_PIC $cflags";
		}
	}

if (!$IsMK1MF)
	{
	# add {no-}static-engine to options to allow mkdef.pl to work without extra arguments
	if ($no_shared)
		{
		$openssl_other_defines.="#define OPENSSL_NO_DYNAMIC_ENGINE\n";
		$options.=" static-engine";
		}
	else
		{
		$openssl_other_defines.="#define OPENSSL_NO_STATIC_ENGINE\n";
		$options.=" no-static-engine";
		}
	}

$cpuid_obj.=" uplink.o uplink-x86.o" if ($cflags =~ /\-DOPENSSL_USE_APPLINK/);

#
# Platform fix-ups
#
if ($target =~ /\-icc$/)	# Intel C compiler
	{
	my $iccver=0;
	if (open(FD,"$cc -V 2>&1 |"))
		{
		while(<FD>) { $iccver=$1 if (/Version ([0-9]+)\./); }
		close(FD);
		}
	if ($iccver>=8)
		{
		$cflags=~s/\-KPIC/-fPIC/;
		# Eliminate unnecessary dependency from libirc.a. This is
		# essential for shared library support, as otherwise
		# apps/openssl can end up in endless loop upon startup...
		$cflags.=" -Dmemcpy=__builtin_memcpy -Dmemset=__builtin_memset";
		}
	if ($iccver>=9)
		{
		$lflags.=" -i-static";
		$lflags=~s/\-no_cpprt/-no-cpprt/;
		}
	if ($iccver>=10)
		{
		$lflags=~s/\-i\-static/-static-intel/;
		}
	if ($iccver>=11)
		{
		$cflags.=" -no-intel-extensions";	# disable Cilk
		$lflags=~s/\-no\-cpprt/-no-cxxlib/;
		}
	}

# Unlike other OSes (like Solaris, Linux, Tru64, IRIX) BSD run-time
# linkers (tested OpenBSD, NetBSD and FreeBSD) "demand" RPATH set on
# .so objects. Apparently application RPATH is not global and does
# not apply to .so linked with other .so. Problem manifests itself
# when libssl.so fails to load libcrypto.so. One can argue that we
# should engrave this into Makefile.shared rules or into BSD-* config
# lines above. Meanwhile let's try to be cautious and pass -rpath to
# linker only when --prefix is not /usr.
if ($target =~ /^BSD\-/)
	{
	$shared_ldflag.=" -Wl,-rpath,\$(LIBRPATH)" if ($prefix !~ m|^/usr[/]*$|);
	}

if ($sys_id ne "")
	{
	#$cflags="-DOPENSSL_SYS_$sys_id $cflags";
	$openssl_sys_defines="#define OPENSSL_SYS_$sys_id\n";
	}

if ($ranlib eq "")
	{
	$ranlib = $default_ranlib;
	}

#my ($bn1)=split(/\s+/,$bn_obj);
#$bn1 = "" unless defined $bn1;
#$bn1=$bn_asm unless ($bn1 =~ /\.o$/);
#$bn_obj="$bn1";

$cpuid_obj="" if ($processor eq "386");

$bn_obj = $bn_asm unless $bn_obj ne "";
# bn-586 is the only one implementing bn_*_part_words
$cflags.=" -DOPENSSL_BN_ASM_PART_WORDS" if ($bn_obj =~ /bn-586/);
$cflags.=" -DOPENSSL_IA32_SSE2" if (!$no_sse2 && $bn_obj =~ /86/);

$cflags.=" -DOPENSSL_BN_ASM_MONT" if ($bn_obj =~ /-mont/);
$cflags.=" -DOPENSSL_BN_ASM_MONT5" if ($bn_obj =~ /-mont5/);
$cflags.=" -DOPENSSL_BN_ASM_GF2m" if ($bn_obj =~ /-gf2m/);

if ($fips)
	{
	$openssl_other_defines.="#define OPENSSL_FIPS\n";
	}

$cpuid_obj="mem_clr.o"	unless ($cpuid_obj =~ /\.o$/);
$des_obj=$des_enc	unless ($des_obj =~ /\.o$/);
$bf_obj=$bf_enc		unless ($bf_obj =~ /\.o$/);
$cast_obj=$cast_enc	unless ($cast_obj =~ /\.o$/);
$rc4_obj=$rc4_enc	unless ($rc4_obj =~ /\.o$/);
$rc5_obj=$rc5_enc	unless ($rc5_obj =~ /\.o$/);
if ($sha1_obj =~ /\.o$/)
	{
#	$sha1_obj=$sha1_enc;
	$cflags.=" -DSHA1_ASM"   if ($sha1_obj =~ /sx86/ || $sha1_obj =~ /sha1/);
	$cflags.=" -DSHA256_ASM" if ($sha1_obj =~ /sha256/);
	$cflags.=" -DSHA512_ASM" if ($sha1_obj =~ /sha512/);
	if ($sha1_obj =~ /sse2/)
	    {	if ($no_sse2)
		{   $sha1_obj =~ s/\S*sse2\S+//;        }
		elsif ($cflags !~ /OPENSSL_IA32_SSE2/)
		{   $cflags.=" -DOPENSSL_IA32_SSE2";    }
	    }
	}
if ($md5_obj =~ /\.o$/)
	{
#	$md5_obj=$md5_enc;
	$cflags.=" -DMD5_ASM";
	}
if ($rmd160_obj =~ /\.o$/)
	{
#	$rmd160_obj=$rmd160_enc;
	$cflags.=" -DRMD160_ASM";
	}
if ($aes_obj =~ /\.o$/)
	{
	$cflags.=" -DAES_ASM" if ($aes_obj =~ m/\baes\-/);;
	# aes-ctr.o is not a real file, only indication that assembler
	# module implements AES_ctr32_encrypt...
	$cflags.=" -DAES_CTR_ASM" if ($aes_obj =~ s/\s*aes\-ctr\.o//);
	# aes-xts.o indicates presence of AES_xts_[en|de]crypt...
	$cflags.=" -DAES_XTS_ASM" if ($aes_obj =~ s/\s*aes\-xts\.o//);
	$aes_obj =~ s/\s*(vpaes|aesni)\-x86\.o//g if ($no_sse2);
	$cflags.=" -DVPAES_ASM" if ($aes_obj =~ m/vpaes/);
	$cflags.=" -DBSAES_ASM" if ($aes_obj =~ m/bsaes/);
	}
else	{
	$aes_obj=$aes_enc;
	}
$wp_obj="" if ($wp_obj =~ /mmx/ && $processor eq "386");
if ($wp_obj =~ /\.o$/ && !$disabled{"whirlpool"})
	{
	$cflags.=" -DWHIRLPOOL_ASM";
	}
else	{
	$wp_obj="wp_block.o";
	}
$cmll_obj=$cmll_enc	unless ($cmll_obj =~ /.o$/);
if ($modes_obj =~ /ghash\-/)
	{
	$cflags.=" -DGHASH_ASM";
	}
if ($ec_obj =~ /ecp_nistz256/)
	{
	$cflags.=" -DECP_NISTZ256_ASM";
	}

# "Stringify" the C flags string.  This permits it to be made part of a string
# and works as well on command lines.
$cflags =~ s/([\\\"])/\\\1/g;

my $version = "unknown";
my $version_num = "unknown";
my $major = "unknown";
my $minor = "unknown";
my $shlib_version_number = "unknown";
my $shlib_version_history = "unknown";
my $shlib_major = "unknown";
my $shlib_minor = "unknown";

open(IN,'<include/openssl/opensslv.h') || die "unable to read opensslv.h:$!\n";
while (<IN>)
	{
	$version=$1 if /OPENSSL.VERSION.TEXT.*OpenSSL (\S+) /;
	$version_num=$1 if /OPENSSL.VERSION.NUMBER.*0x(\S+)/;
	$shlib_version_number=$1 if /SHLIB_VERSION_NUMBER *"([^"]+)"/;
	$shlib_version_history=$1 if /SHLIB_VERSION_HISTORY *"([^"]*)"/;
	}
close(IN);
if ($shlib_version_history ne "") { $shlib_version_history .= ":"; }

if ($version =~ /(^[0-9]*)\.([0-9\.]*)/)
	{
	$major=$1;
	$minor=$2;
	}

if ($shlib_version_number =~ /(^[0-9]*)\.([0-9\.]*)/)
	{
	$shlib_major=$1;
	$shlib_minor=$2;
	}

if ($strict_warnings)
	{
	my $wopt;
	die "ERROR --strict-warnings requires gcc or clang" unless ($cc =~ /gcc$/ or $cc =~ /clang$/);
	foreach $wopt (split /\s+/, $gcc_devteam_warn)
		{
		$cflags .= " $wopt" unless ($cflags =~ /$wopt/)
		}
	}

open(IN,"<Makefile.org") || die "unable to read Makefile.org:$!\n";
unlink("$Makefile.new") || die "unable to remove old $Makefile.new:$!\n" if -e "$Makefile.new";
open(OUT,">$Makefile.new") || die "unable to create $Makefile.new:$!\n";
print OUT "### Generated automatically from Makefile.org by Configure.\n\n";
my $sdirs=0;

while (<IN>)
	{
	chomp;
	$sdirs = 1 if /^SDIRS=/;
	if ($sdirs) {
		my $dir;
		foreach $dir (@skip) {
			s/(\s)$dir /$1/;
			s/\s$dir$//;
			}
		}
	$sdirs = 0 unless /\\$/;
        s/fips // if (/^DIRS=/ && !$fips);
        s/engines // if (/^DIRS=/ && $disabled{"engine"});
	s/ccgost// if (/^ENGDIRS=/ && $disabled{"gost"});
	s/^VERSION=.*/VERSION=$version/;
	s/^MAJOR=.*/MAJOR=$major/;
	s/^MINOR=.*/MINOR=$minor/;
	s/^SHLIB_VERSION_NUMBER=.*/SHLIB_VERSION_NUMBER=$shlib_version_number/;
	s/^SHLIB_VERSION_HISTORY=.*/SHLIB_VERSION_HISTORY=$shlib_version_history/;
	s/^SHLIB_MAJOR=.*/SHLIB_MAJOR=$shlib_major/;
	s/^SHLIB_MINOR=.*/SHLIB_MINOR=$shlib_minor/;
	s/^SHLIB_EXT=.*/SHLIB_EXT=$shared_extension/;
	s/^INSTALLTOP=.*$/INSTALLTOP=$prefix/;
	s/^MULTILIB=.*$/MULTILIB=$multilib/;
	s/^OPENSSLDIR=.*$/OPENSSLDIR=$openssldir/;
	s/^LIBDIR=.*$/LIBDIR=$libdir/;
	s/^INSTALL_PREFIX=.*$/INSTALL_PREFIX=$install_prefix/;
	s/^PLATFORM=.*$/PLATFORM=$target/;
	s/^OPTIONS=.*$/OPTIONS=$options/;
	s/^CONFIGURE_ARGS=.*$/CONFIGURE_ARGS=$argvstring/;
	if ($cross_compile_prefix)
		{
		s/^CC=.*$/CROSS_COMPILE= $cross_compile_prefix\nCC= \$\(CROSS_COMPILE\)$cc/;
		s/^AR=\s*/AR= \$\(CROSS_COMPILE\)/;
		s/^NM=\s*/NM= \$\(CROSS_COMPILE\)/;
		s/^RANLIB=\s*/RANLIB= \$\(CROSS_COMPILE\)/;
		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= \$\(CROSS_COMPILE\)$cc/ if $cc eq "gcc";
		}
	else	{
		s/^CC=.*$/CC= $cc/;
		s/^AR=\s*ar/AR= $ar/;
		s/^RANLIB=.*/RANLIB= $ranlib/;
		s/^MAKEDEPPROG=.*$/MAKEDEPPROG= $cc/ if $cc eq "gcc" || ($cc eq 'cc' && $target =~ /darwin/);
		}
	s/^CFLAG=.*$/CFLAG= $cflags/;
	s/^DEPFLAG=.*$/DEPFLAG=$depflags/;
	s/^PEX_LIBS=.*$/PEX_LIBS= $prelflags/;
	s/^EX_LIBS=.*$/EX_LIBS= $lflags/;
	s/^EXE_EXT=.*$/EXE_EXT= $exe_ext/;
	s/^CPUID_OBJ=.*$/CPUID_OBJ= $cpuid_obj/;
	s/^BN_ASM=.*$/BN_ASM= $bn_obj/;
	s/^EC_ASM=.*$/EC_ASM= $ec_obj/;
	s/^DES_ENC=.*$/DES_ENC= $des_obj/;
	s/^AES_ENC=.*$/AES_ENC= $aes_obj/;
	s/^BF_ENC=.*$/BF_ENC= $bf_obj/;
	s/^CAST_ENC=.*$/CAST_ENC= $cast_obj/;
	s/^RC4_ENC=.*$/RC4_ENC= $rc4_obj/;
	s/^RC5_ENC=.*$/RC5_ENC= $rc5_obj/;
	s/^MD5_ASM_OBJ=.*$/MD5_ASM_OBJ= $md5_obj/;
	s/^SHA1_ASM_OBJ=.*$/SHA1_ASM_OBJ= $sha1_obj/;
	s/^RMD160_ASM_OBJ=.*$/RMD160_ASM_OBJ= $rmd160_obj/;
	s/^WP_ASM_OBJ=.*$/WP_ASM_OBJ= $wp_obj/;
	s/^CMLL_ENC=.*$/CMLL_ENC= $cmll_obj/;
	s/^MODES_ASM_OBJ.=*$/MODES_ASM_OBJ= $modes_obj/;
	s/^ENGINES_ASM_OBJ.=*$/ENGINES_ASM_OBJ= $engines_obj/;
	s/^PERLASM_SCHEME=.*$/PERLASM_SCHEME= $perlasm_scheme/;
	s/^PROCESSOR=.*/PROCESSOR= $processor/;
	s/^ARFLAGS=.*/ARFLAGS= $arflags/;
	s/^PERL=.*/PERL= $perl/;
	s/^KRB5_INCLUDES=.*/KRB5_INCLUDES=$withargs{"krb5-include"}/;
	s/^LIBKRB5=.*/LIBKRB5=$withargs{"krb5-lib"}/;
	s/^LIBZLIB=.*/LIBZLIB=$withargs{"zlib-lib"}/;
	s/^ZLIB_INCLUDE=.*/ZLIB_INCLUDE=$withargs{"zlib-include"}/;
	s/^FIPSLIBDIR=.*/FIPSLIBDIR=$fipslibdir/;
	s/^FIPSCANLIB=.*/FIPSCANLIB=libcrypto/ if $fips;
	s/^SHARED_FIPS=.*/SHARED_FIPS=/;
	s/^SHLIBDIRS=.*/SHLIBDIRS= crypto ssl/;
	s/^BASEADDR=.*/BASEADDR=$baseaddr/;
	s/^SHLIB_TARGET=.*/SHLIB_TARGET=$shared_target/;
	s/^SHLIB_MARK=.*/SHLIB_MARK=$shared_mark/;
	s/^SHARED_LIBS=.*/SHARED_LIBS=\$(SHARED_CRYPTO) \$(SHARED_SSL)/ if (!$no_shared);
	if ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*$/)
		{
		my $sotmp = $1;
		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp/;
		}
	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.dylib$/)
		{
		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.dylib/;
		}
	elsif ($shared_extension ne "" && $shared_extension =~ /^\.s([ol])\.[^\.]*\.[^\.]*$/)
		{
		my $sotmp = $1;
		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.s$sotmp.\$(SHLIB_MAJOR) .s$sotmp/;
		}
	elsif ($shared_extension ne "" && $shared_extension =~ /^\.[^\.]*\.[^\.]*\.dylib$/)
		{
		s/^SHARED_LIBS_LINK_EXTS=.*/SHARED_LIBS_LINK_EXTS=.\$(SHLIB_MAJOR).dylib .dylib/;
		}
	s/^SHARED_LDFLAGS=.*/SHARED_LDFLAGS=$shared_ldflag/;
	print OUT $_."\n";
	}
close(IN);
close(OUT);
rename($Makefile,"$Makefile.bak") || die "unable to rename $Makefile\n" if -e $Makefile;
rename("$Makefile.new",$Makefile) || die "unable to rename $Makefile.new\n";

print "CC            =$cc\n";
print "CFLAG         =$cflags\n";
print "EX_LIBS       =$lflags\n";
print "CPUID_OBJ     =$cpuid_obj\n";
print "BN_ASM        =$bn_obj\n";
print "EC_ASM        =$ec_obj\n";
print "DES_ENC       =$des_obj\n";
print "AES_ENC       =$aes_obj\n";
print "BF_ENC        =$bf_obj\n";
print "CAST_ENC      =$cast_obj\n";
print "RC4_ENC       =$rc4_obj\n";
print "RC5_ENC       =$rc5_obj\n";
print "MD5_OBJ_ASM   =$md5_obj\n";
print "SHA1_OBJ_ASM  =$sha1_obj\n";
print "RMD160_OBJ_ASM=$rmd160_obj\n";
print "CMLL_ENC      =$cmll_obj\n";
print "MODES_OBJ     =$modes_obj\n";
print "ENGINES_OBJ   =$engines_obj\n";
print "PROCESSOR     =$processor\n";
print "RANLIB        =$ranlib\n";
print "ARFLAGS       =$arflags\n";
print "PERL          =$perl\n";
print "KRB5_INCLUDES =",$withargs{"krb5-include"},"\n"
	if $withargs{"krb5-include"} ne "";

my $des_ptr=0;
my $des_risc1=0;
my $des_risc2=0;
my $des_unroll=0;
my $bn_ll=0;
my $def_int=2;
my $rc4_int=$def_int;
my $md2_int=$def_int;
my $idea_int=$def_int;
my $rc2_int=$def_int;
my $rc4_idx=0;
my $rc4_chunk=0;
my $bf_ptr=0;
my @type=("char","short","int","long");
my ($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0);
my $export_var_as_fn=0;

my $des_int;

foreach (sort split(/\s+/,$bn_ops))
	{
	$des_ptr=1 if /DES_PTR/;
	$des_risc1=1 if /DES_RISC1/;
	$des_risc2=1 if /DES_RISC2/;
	$des_unroll=1 if /DES_UNROLL/;
	$des_int=1 if /DES_INT/;
	$bn_ll=1 if /BN_LLONG/;
	$rc4_int=0 if /RC4_CHAR/;
	$rc4_int=3 if /RC4_LONG/;
	$rc4_idx=1 if /RC4_INDEX/;
	$rc4_chunk=1 if /RC4_CHUNK/;
	$rc4_chunk=2 if /RC4_CHUNK_LL/;
	$md2_int=0 if /MD2_CHAR/;
	$md2_int=3 if /MD2_LONG/;
	$idea_int=1 if /IDEA_SHORT/;
	$idea_int=3 if /IDEA_LONG/;
	$rc2_int=1 if /RC2_SHORT/;
	$rc2_int=3 if /RC2_LONG/;
	$bf_ptr=1 if $_ eq "BF_PTR";
	$bf_ptr=2 if $_ eq "BF_PTR2";
	($b64l,$b64,$b32,$b16,$b8)=(0,1,0,0,0) if /SIXTY_FOUR_BIT/;
	($b64l,$b64,$b32,$b16,$b8)=(1,0,0,0,0) if /SIXTY_FOUR_BIT_LONG/;
	($b64l,$b64,$b32,$b16,$b8)=(0,0,1,0,0) if /THIRTY_TWO_BIT/;
	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,1,0) if /SIXTEEN_BIT/;
	($b64l,$b64,$b32,$b16,$b8)=(0,0,0,0,1) if /EIGHT_BIT/;
	$export_var_as_fn=1 if /EXPORT_VAR_AS_FN/;
	}

open(IN,'<crypto/opensslconf.h.in') || die "unable to read crypto/opensslconf.h.in:$!\n";
unlink("include/openssl/opensslconf.h.new") || die "unable to remove old include/openssl/opensslconf.h.new:$!\n" if -e "include/openssl/opensslconf.h.new";
open(OUT,'>include/openssl/opensslconf.h.new') || die "unable to create include/openssl/opensslconf.h.new:$!\n";
print OUT "/* opensslconf.h */\n";
print OUT "/* WARNING: Generated automatically from opensslconf.h.in by Configure. */\n\n";

print OUT "#ifdef  __cplusplus\n";
print OUT "extern \"C\" {\n";
print OUT "#endif\n";
print OUT "/* OpenSSL was configured with the following options: */\n";
my $openssl_algorithm_defines_trans = $openssl_algorithm_defines;
$openssl_experimental_defines =~ s/^\s*#\s*define\s+OPENSSL_NO_(.*)/#ifndef OPENSSL_EXPERIMENTAL_$1\n# ifndef OPENSSL_NO_$1\n#  define OPENSSL_NO_$1\n# endif\n#endif/mg;
$openssl_algorithm_defines_trans =~ s/^\s*#\s*define\s+OPENSSL_(.*)/# if defined(OPENSSL_$1) \&\& !defined($1)\n#  define $1\n# endif/mg;
$openssl_algorithm_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_algorithm_defines = "   /* no ciphers excluded */\n" if $openssl_algorithm_defines eq "";
$openssl_thread_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_sys_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
$openssl_other_defines =~ s/^\s*#\s*define\s+(.*)/#ifndef $1\n# define $1\n#endif/mg;
print OUT $openssl_sys_defines;
print OUT "#ifndef OPENSSL_DOING_MAKEDEPEND\n\n";
print OUT $openssl_experimental_defines;
print OUT "\n";
print OUT $openssl_algorithm_defines;
print OUT "\n#endif /* OPENSSL_DOING_MAKEDEPEND */\n\n";
print OUT $openssl_thread_defines;
print OUT $openssl_other_defines,"\n";

print OUT "/* The OPENSSL_NO_* macros are also defined as NO_* if the application\n";
print OUT "   asks for it.  This is a transient feature that is provided for those\n";
print OUT "   who haven't had the time to do the appropriate changes in their\n";
print OUT "   applications.  */\n";
print OUT "#ifdef OPENSSL_ALGORITHM_DEFINES\n";
print OUT $openssl_algorithm_defines_trans;
print OUT "#endif\n\n";

print OUT "#define OPENSSL_CPUID_OBJ\n\n" if ($cpuid_obj ne "mem_clr.o");

while (<IN>)
	{
	if	(/^#define\s+OPENSSLDIR/)
		{
		my $foo = $openssldir;
		$foo =~ s/\\/\\\\/g;
		print OUT "#define OPENSSLDIR \"$foo\"\n";
		}
	elsif	(/^#define\s+ENGINESDIR/)
		{
		my $foo = "$prefix/$libdir/engines";
		$foo =~ s/\\/\\\\/g;
		print OUT "#define ENGINESDIR \"$foo\"\n";
		}
	elsif	(/^#((define)|(undef))\s+OPENSSL_EXPORT_VAR_AS_FUNCTION/)
		{ printf OUT "#undef OPENSSL_EXPORT_VAR_AS_FUNCTION\n"
			if $export_var_as_fn;
		  printf OUT "#%s OPENSSL_EXPORT_VAR_AS_FUNCTION\n",
			($export_var_as_fn)?"define":"undef"; }
	elsif	(/^#define\s+OPENSSL_UNISTD/)
		{
		$unistd = "<unistd.h>" if $unistd eq "";
		print OUT "#define OPENSSL_UNISTD $unistd\n";
		}
	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT_LONG/)
		{ printf OUT "#%s SIXTY_FOUR_BIT_LONG\n",($b64l)?"define":"undef"; }
	elsif	(/^#((define)|(undef))\s+SIXTY_FOUR_BIT/)
		{ printf OUT "#%s SIXTY_FOUR_BIT\n",($b64)?"define":"undef"; }
	elsif	(/^#((define)|(undef))\s+THIRTY_TWO_BIT/)
		{ printf OUT "#%s THIRTY_TWO_BIT\n",($b32)?"define":"undef"; }
	elsif	(/^#((define)|(undef))\s+SIXTEEN_BIT/)
		{ printf OUT "#%s SIXTEEN_BIT\n",($b16)?"define":"undef"; }
	elsif	(/^#((define)|(undef))\s+EIGHT_BIT/)
		{ printf OUT "#%s EIGHT_BIT\n",($b8)?"define":"undef"; }
	elsif	(/^#((define)|(undef))\s+BN_LLONG\s*$/)
		{ printf OUT "#%s BN_LLONG\n",($bn_ll)?"define":"undef"; }
	elsif	(/^\#define\s+DES_LONG\s+.*/)
		{ printf OUT "#define DES_LONG unsigned %s\n",
			($des_int)?'int':'long'; }
	elsif	(/^\#(define|undef)\s+DES_PTR/)
		{ printf OUT "#%s DES_PTR\n",($des_ptr)?'define':'undef'; }
	elsif	(/^\#(define|undef)\s+DES_RISC1/)
		{ printf OUT "#%s DES_RISC1\n",($des_risc1)?'define':'undef'; }
	elsif	(/^\#(define|undef)\s+DES_RISC2/)
		{ printf OUT "#%s DES_RISC2\n",($des_risc2)?'define':'undef'; }
	elsif	(/^\#(define|undef)\s+DES_UNROLL/)
		{ printf OUT "#%s DES_UNROLL\n",($des_unroll)?'define':'undef'; }
	elsif	(/^#define\s+RC4_INT\s/)
		{ printf OUT "#define RC4_INT unsigned %s\n",$type[$rc4_int]; }
	elsif	(/^#undef\s+RC4_CHUNK/)
		{
		printf OUT "#undef RC4_CHUNK\n" if $rc4_chunk==0;
		printf OUT "#define RC4_CHUNK unsigned long\n" if $rc4_chunk==1;
		printf OUT "#define RC4_CHUNK unsigned long long\n" if $rc4_chunk==2;
		}
	elsif	(/^#((define)|(undef))\s+RC4_INDEX/)
		{ printf OUT "#%s RC4_INDEX\n",($rc4_idx)?"define":"undef"; }
	elsif (/^#(define|undef)\s+I386_ONLY/)
		{ printf OUT "#%s I386_ONLY\n", ($processor eq "386")?
			"define":"undef"; }
	elsif	(/^#define\s+MD2_INT\s/)
		{ printf OUT "#define MD2_INT unsigned %s\n",$type[$md2_int]; }
	elsif	(/^#define\s+IDEA_INT\s/)
		{printf OUT "#define IDEA_INT unsigned %s\n",$type[$idea_int];}
	elsif	(/^#define\s+RC2_INT\s/)
		{printf OUT "#define RC2_INT unsigned %s\n",$type[$rc2_int];}
	elsif (/^#(define|undef)\s+BF_PTR/)
		{
		printf OUT "#undef BF_PTR\n" if $bf_ptr == 0;
		printf OUT "#define BF_PTR\n" if $bf_ptr == 1;
		printf OUT "#define BF_PTR2\n" if $bf_ptr == 2;
	        }
	else
		{ print OUT $_; }
	}
close(IN);
print OUT "#ifdef  __cplusplus\n";
print OUT "}\n";
print OUT "#endif\n";
close(OUT);
rename("include/openssl/opensslconf.h","include/openssl/opensslconf.h.bak") || die "unable to rename include/openssl/opensslconf.h\n" if -e "include/openssl/opensslconf.h";
rename("include/openssl/opensslconf.h.new","include/openssl/opensslconf.h") || die "unable to rename include/openssl/opensslconf.h.new\n";


# Fix the date

print "SIXTY_FOUR_BIT_LONG mode\n" if $b64l;
print "SIXTY_FOUR_BIT mode\n" if $b64;
print "THIRTY_TWO_BIT mode\n" if $b32;
print "SIXTEEN_BIT mode\n" if $b16;
print "EIGHT_BIT mode\n" if $b8;
print "DES_PTR used\n" if $des_ptr;
print "DES_RISC1 used\n" if $des_risc1;
print "DES_RISC2 used\n" if $des_risc2;
print "DES_UNROLL used\n" if $des_unroll;
print "DES_INT used\n" if $des_int;
print "BN_LLONG mode\n" if $bn_ll;
print "RC4 uses u$type[$rc4_int]\n" if $rc4_int != $def_int;
print "RC4_INDEX mode\n" if $rc4_idx;
print "RC4_CHUNK is undefined\n" if $rc4_chunk==0;
print "RC4_CHUNK is unsigned long\n" if $rc4_chunk==1;
print "RC4_CHUNK is unsigned long long\n" if $rc4_chunk==2;
print "MD2 uses u$type[$md2_int]\n" if $md2_int != $def_int;
print "IDEA uses u$type[$idea_int]\n" if $idea_int != $def_int;
print "RC2 uses u$type[$rc2_int]\n" if $rc2_int != $def_int;
print "BF_PTR used\n" if $bf_ptr == 1;
print "BF_PTR2 used\n" if $bf_ptr == 2;

if($IsMK1MF) {
	open (OUT,">crypto/buildinf.h") || die "Can't open buildinf.h";
	printf OUT <<EOF;
#ifndef MK1MF_BUILD
  /* auto-generated by Configure for crypto/cversion.c:
   * for Unix builds, crypto/Makefile.ssl generates functional definitions;
   * Windows builds (and other mk1mf builds) compile cversion.c with
   * -DMK1MF_BUILD and use definitions added to this file by util/mk1mf.pl. */
  #error "Windows builds (PLATFORM=$target) use mk1mf.pl-created Makefiles"
#endif
EOF
	close(OUT);
} else {
	my $make_command = "$make PERL=\'$perl\'";
	my $make_targets = "";
	$make_targets .= " depend" if $depflags ne $default_depflags && $make_depend;
	(system $make_command.$make_targets) == 0 or die "make $make_targets failed"
		if $make_targets ne "";
	if ( $perl =~ m@^/@) {
	    &dofile("tools/c_rehash",$perl,'^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";', '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
	    &dofile("apps/CA.pl",$perl,'^#!/', '#!%s');
	} else {
	    # No path for Perl known ...
	    &dofile("tools/c_rehash",'/usr/local/bin/perl','^#!/', '#!%s','^my \$dir;$', 'my $dir = "' . $openssldir . '";',  '^my \$prefix;$', 'my $prefix = "' . $prefix . '";');
	    &dofile("apps/CA.pl",'/usr/local/bin/perl','^#!/', '#!%s');
	}
	if ($depflags ne $default_depflags && !$make_depend) {
		print <<EOF;

Since you've disabled or enabled at least one algorithm, you need to do
the following before building:

	make depend
EOF
	}
}

# create the ms/version32.rc file if needed
if ($IsMK1MF && ($target !~ /^netware/)) {
	my ($v1, $v2, $v3, $v4);
	if ($version_num =~ /(^[0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})/i) {
		$v1=hex $1;
		$v2=hex $2;
		$v3=hex $3;
		$v4=hex $4;
	}
	open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
	print OUT <<EOF;
#include <winver.h>

LANGUAGE 0x09,0x01

1 VERSIONINFO
  FILEVERSION $v1,$v2,$v3,$v4
  PRODUCTVERSION $v1,$v2,$v3,$v4
  FILEFLAGSMASK 0x3fL
#ifdef _DEBUG
  FILEFLAGS 0x01L
#else
  FILEFLAGS 0x00L
#endif
  FILEOS VOS__WINDOWS32
  FILETYPE VFT_DLL
  FILESUBTYPE 0x0L
BEGIN
    BLOCK "StringFileInfo"
    BEGIN
	BLOCK "040904b0"
	BEGIN
	    // Required:
	    VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
	    VALUE "FileDescription", "OpenSSL Shared Library\\0"
	    VALUE "FileVersion", "$version\\0"
#if defined(CRYPTO)
	    VALUE "InternalName", "libeay32\\0"
	    VALUE "OriginalFilename", "libeay32.dll\\0"
#elif defined(SSL)
	    VALUE "InternalName", "ssleay32\\0"
	    VALUE "OriginalFilename", "ssleay32.dll\\0"
#endif
	    VALUE "ProductName", "The OpenSSL Toolkit\\0"
	    VALUE "ProductVersion", "$version\\0"
	    // Optional:
	    //VALUE "Comments", "\\0"
	    VALUE "LegalCopyright", "Copyright © 1998-2005 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
	    //VALUE "LegalTrademarks", "\\0"
	    //VALUE "PrivateBuild", "\\0"
	    //VALUE "SpecialBuild", "\\0"
	END
    END
    BLOCK "VarFileInfo"
    BEGIN
        VALUE "Translation", 0x409, 0x4b0
    END
END
EOF
	close(OUT);
  }

print <<EOF;

Configured for $target.
EOF

print <<\EOF if (!$no_threads && !$threads);

The library could not be configured for supporting multi-threaded
applications as the compiler options required on this system are not known.
See file INSTALL for details if you need multi-threading.
EOF

print <<\EOF if ($no_shared_warn);

You gave the option 'shared'.  Normally, that would give you shared libraries.
Unfortunately, the OpenSSL configuration doesn't include shared library support
for this platform yet, so it will pretend you gave the option 'no-shared'.  If
you can inform the developpers (openssl-dev\@openssl.org) how to support shared
libraries on this platform, they will at least look at it and try their best
(but please first make sure you have tried with a current version of OpenSSL).
EOF

exit(0);

sub usage
	{
	print STDERR $usage;
	print STDERR "\npick os/compiler from:\n";
	my $j=0;
	my $i;
        my $k=0;
	foreach $i (sort keys %table)
		{
		next if $i =~ /^debug/;
		$k += length($i) + 1;
		if ($k > 78)
			{
			print STDERR "\n";
			$k=length($i);
			}
		print STDERR $i . " ";
		}
	foreach $i (sort keys %table)
		{
		next if $i !~ /^debug/;
		$k += length($i) + 1;
		if ($k > 78)
			{
			print STDERR "\n";
			$k=length($i);
			}
		print STDERR $i . " ";
		}
	print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n";
	exit(1);
	}

sub which
	{
	my($name)=@_;
	my $path;
	foreach $path (split /:/, $ENV{PATH})
		{
		if (-f "$path/$name$exe_ext" and -x _)
			{
			return "$path/$name$exe_ext" unless ($name eq "perl" and
			 system("$path/$name$exe_ext -e " . '\'exit($]<5.0);\''));
			}
		}
	}

sub dofile
	{
	my $f; my $p; my %m; my @a; my $k; my $ff;
	($f,$p,%m)=@_;

	open(IN,"<$f.in") || open(IN,"<$f") || die "unable to open $f:$!\n";
	@a=<IN>;
	close(IN);
	foreach $k (keys %m)
		{
		grep(/$k/ && ($_=sprintf($m{$k}."\n",$p)),@a);
		}
	open(OUT,">$f.new") || die "unable to open $f.new:$!\n";
	print OUT @a;
	close(OUT);
	rename($f,"$f.bak") || die "unable to rename $f\n" if -e $f;
	rename("$f.new",$f) || die "unable to rename $f.new\n";
	}

sub print_table_entry
	{
	my $target = shift;
	my $type = shift;

	# Don't print the templates
	return if $table{$target}->{template};

	if ($type eq "TABLE") {
	    print <<EOF

*** $target
\$cc           = $table{$target}->{cc}
\$cflags       = $table{$target}->{cflags}
\$debug_cflags   = $table{$target}->{debug_cflags}
\$release_cflags = $table{$target}->{release_cflags}
\$unistd       = $table{$target}->{unistd}
\$thread_cflag = $table{$target}->{thread_cflag}
\$sys_id       = $table{$target}->{sys_id}
\$lflags       = $table{$target}->{lflags}
\$debug_lflags   = $table{$target}->{debug_lflags}
\$release_lflags = $table{$target}->{release_lflags}
\$bn_ops       = $table{$target}->{bn_ops}
\$cpuid_obj    = $table{$target}->{cpuid_obj}
\$bn_obj       = $table{$target}->{bn_obj}
\$ec_obj       = $table{$target}->{ec_obj}
\$des_obj      = $table{$target}->{des_obj}
\$aes_obj      = $table{$target}->{aes_obj}
\$bf_obj       = $table{$target}->{bf_obj}
\$md5_obj      = $table{$target}->{md5_obj}
\$sha1_obj     = $table{$target}->{sha1_obj}
\$cast_obj     = $table{$target}->{cast_obj}
\$rc4_obj      = $table{$target}->{rc4_obj}
\$rmd160_obj   = $table{$target}->{rmd160_obj}
\$rc5_obj      = $table{$target}->{rc5_obj}
\$wp_obj       = $table{$target}->{wp_obj}
\$cmll_obj     = $table{$target}->{cmll_obj}
\$modes_obj    = $table{$target}->{modes_obj}
\$engines_obj  = $table{$target}->{engines_obj}
\$perlasm_scheme = $table{$target}->{perlasm_scheme}
\$dso_scheme   = $table{$target}->{dso_scheme}
\$shared_target= $table{$target}->{shared_target}
\$shared_cflag = $table{$target}->{shared_cflag}
\$shared_ldflag = $table{$target}->{shared_ldflag}
\$shared_extension = $table{$target}->{shared_extension}
\$ranlib       = $table{$target}->{ranlib}
\$arflags      = $table{$target}->{arflags}
\$multilib     = $table{$target}->{multilib}
EOF
	} elsif ($type eq "HASH") {
	    my @sequence = (
		"cc",
		"cflags",
		"debug_cflags",
		"release_cflags",
		"unistd",
		"thread_cflag",
		"sys_id",
		"lflags",
		"debug_lflags",
		"release_lflags",
		"bn_ops",
		"cpuid_obj",
		"bn_obj",
		"ec_obj",
		"des_obj",
		"aes_obj",
		"bf_obj",
		"md5_obj",
		"sha1_obj",
		"cast_obj",
		"rc4_obj",
		"rmd160_obj",
		"rc5_obj",
		"wp_obj",
		"cmll_obj",
		"modes_obj",
		"engines_obj",
		"perlasm_scheme",
		"dso_scheme",
		"shared_target",
		"shared_cflag",
		"shared_ldflag",
		"shared_extension",
		"ranlib",
		"arflags",
		"multilib",
		);
	    my $largest =
		length((sort { length($a) <=> length($b) } @sequence)[-1]);
	    print "    '$target' => {\n";
	    foreach (@sequence) {
		if ($table{$target}->{$_}) {
		    print "      '",$_,"'"," " x ($largest - length($_))," => '",$table{$target}->{$_},"',\n";
		}
	    }
	    print "    },\n";
	}
	}

sub test_sanity
	{
	my $errorcnt = 0;

	print STDERR "=" x 70, "\n";
	print STDERR "=== SANITY TESTING!\n";
	print STDERR "=== No configuration will be done, all other arguments will be ignored!\n";
	print STDERR "=" x 70, "\n";

	foreach $target (sort keys %table)
		{
		my $pre_dso_scheme = "perlasm_scheme";
		my $dso_scheme = "dso_scheme";
		my $post_dso_scheme = "shared_target";


		if ($table{$target}->{$pre_dso_scheme} =~ /^(beos|dl|dlfcn|win32|vms)$/)
			{
			$errorcnt++;
			print STDERR "SANITY ERROR: '$target' has the dso_scheme values\n";
			print STDERR "              in the previous field\n";
			}
		elsif ($table{$target}->{$post_dso_scheme} =~ /^(beos|dl|dlfcn|win32|vms)$/)
			{
			$errorcnt++;
			print STDERR "SANITY ERROR: '$target' has the dso_scheme values\n";
			print STDERR "              in the following field\n";
			}
		elsif ($table{$target}->{$dso_scheme} !~ /^(beos|dl|dlfcn|win32|vms|)$/)
			{
			$errorcnt++;
			print STDERR "SANITY ERROR: '$target' has the dso_scheme field = ",$table{$target}->{$dso_scheme},"\n";
			print STDERR "              valid values are 'beos', 'dl', 'dlfcn', 'win32' and 'vms'\n";
			}
		}
	print STDERR "No sanity errors detected!\n" if $errorcnt == 0;
	return $errorcnt;
	}