#! /usr/bin/env perl
# -*- mode: perl; -*-
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
## Configure -- OpenSSL source tree configuration script
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
use File::Path qw/mkpath/;
+use IPC::Cmd qw/can_run/;
# see INSTALL for instructions.
# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
# Following are set automatically by this script
#
-# MD5_ASM use some extra md5 assember,
-# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86
-# RMD160_ASM use some extra ripemd160 assember,
+# MD5_ASM use some extra md5 assembler,
+# SHA1_ASM use some extra sha1 assembler, must define L_ENDIAN for x86
+# RMD160_ASM use some extra ripemd160 assembler,
# SHA256_ASM sha256_block is implemented in assembler
# SHA512_ASM sha512_block is implemented in assembler
# AES_ASM ASE_[en|de]crypt is implemented in assembler
# Minimum warning options... any contributions to OpenSSL should at least get
# past these.
-my $gcc_devteam_warn = "-DPEDANTIC -DREF_DEBUG -DDEBUG_UNUSED -DBIO_DEBUG"
- . " -pedantic"
+# DEBUG_UNUSED enables __owur (warn unused result) checks.
+my $gcc_devteam_warn = "-DDEBUG_UNUSED"
+ # -DPEDANTIC complements -pedantic and is meant to mask code that
+ # is not strictly standard-compliant and/or implementation-specifc,
+ # e.g. inline assembly, disregards to alignment requirements, such
+ # that -pedantic would complain about. Incidentally -DPEDANTIC has
+ # to be used even in sanitized builds, because sanitizer too is
+ # supposed to and does take notice of non-standard behaviour. Then
+ # -pedantic with pre-C9x compiler would also complain about 'long
+ # long' not being supported. As 64-bit algorithms are common now,
+ # it grew impossible to resolve this without sizeable additional
+ # code, so we just tell compiler to be pedantic about everything
+ # but 'long long' type.
+ . " -DPEDANTIC -pedantic -Wno-long-long"
. " -Wall"
- . " -Wno-long-long"
. " -Wsign-compare"
. " -Wmissing-prototypes"
. " -Wshadow"
# resolve_config(target)
#
-# Resolves all the late evalutations, inheritances and so on for the
+# Resolves all the late evaluations, inheritances and so on for the
# chosen target and any target it inherits from.
sub resolve_config;
my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax
my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl"));
+my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR';
+
$config{sourcedir} = abs2rel($srcdir);
$config{builddir} = abs2rel($blddir);
&read_config($_);
}
+if (defined $ENV{$local_config_envname}) {
+ if ($^O eq 'VMS') {
+ # VMS environment variables are logical names,
+ # which can be used as is
+ $pattern = $local_config_envname . ':' . '*.conf';
+ } else {
+ $pattern = catfile($ENV{$local_config_envname}, '*.conf');
+ }
+
+ foreach (sort glob($pattern) ) {
+ &read_config($_);
+ }
+}
+
print "Configuring OpenSSL version $config{version} (0x$config{version_num})\n";
my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
my @dtls = qw(dtls1 dtls1_2);
-# Explicitelly known options that are possible to disable. They can
+# Explicitly known options that are possible to disable. They can
# be regexps, and will be used like this: /^no-${option}$/
# For developers: keep it sorted alphabetically
my @disablables = (
- "aes",
"afalgeng",
+ "asan",
"asm",
"async",
"autoalginit",
"engine",
"err",
"filenames",
+ "fuzz",
+ "gost",
"heartbeats",
- "hmac",
"hw(-.+)?",
"idea",
"makedepend",
"md2",
"md4",
- "md5",
"mdc2",
- "md[-_]ghost94",
"multiblock",
"nextprotoneg",
"ocb",
"rc5",
"rdrand",
"rfc3779",
- "rijndael", # Old AES name
"ripemd",
"rmd160",
- "rsa",
"scrypt",
- "sct",
"sctp",
"seed",
- "sha",
"shared",
"sock",
"srp",
"threads",
"tls",
"ts",
+ "ubsan",
"ui",
"unit-test",
"whirlpool",
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
our %disabled = ( # "what" => "comment"
+ "asan" => "default",
"ec_nistp_64_gcc_128" => "default",
"egd" => "default",
+ "fuzz" => "default",
"md2" => "default",
"rc5" => "default",
"sctp" => "default",
- "shared" => "default",
"ssl-trace" => "default",
"ssl3" => "default",
"ssl3-method" => "default",
+ "ubsan" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"ssl" => [ "ssl3" ],
"ssl3-method" => [ "ssl3" ],
"zlib" => [ "zlib-dynamic" ],
- "rijndael" => [ "aes" ],
"des" => [ "mdc2" ],
"ec" => [ "ecdsa", "ecdh" ],
- "dgram" => [ "dtls" ],
+ "dgram" => [ "dtls", "sctp" ],
+ "sock" => [ "dgram" ],
"dtls" => [ @dtls ],
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
"pic" => [ "shared" ],
"shared" => [ "dynamic-engine" ],
"engine" => [ "afalgeng" ],
+
+ # no-autoalginit is only useful when building non-shared
+ "autoalginit" => [ "shared", "apps" ],
+
+ "stdio" => [ "apps" ],
+ "apps" => [ "tests" ],
+ "comp" => [ "zlib" ],
+ sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
);
# Avoid protocol support holes. Also disable all versions below N, if version
$config{options}="";
$config{build_type} = "release";
-my $classic = 0;
-
my @argvcopy=@ARGV;
if (grep /^reconf(igure)?$/, @argvcopy) {
{
$disabled{$proto} = "option(dtls)";
}
+ $disabled{"dtls"} = "option(dtls)";
}
elsif ($1 eq "ssl")
{
}
elsif (/^[-+]/)
{
- if (/^--classic$/)
- {
- $classic=1;
- }
- elsif (/^--prefix=(.*)$/)
+ if (/^--prefix=(.*)$/)
{
$config{prefix}=$1;
die "Directory given with --prefix MUST be absolute\n"
}
elsif (/^--with-zlib-include=(.*)$/)
{
- $withargs{zlib_include}="-I$1";
+ $withargs{zlib_include}=$1;
}
elsif (/^--with-fipslibdir=(.*)$/)
{
unless ($_ eq $target || /^no-/ || /^disable-/)
{
# "no-..." follows later after implied disactivations
- # have been derived. (Don't take this too seroiusly,
+ # have been derived. (Don't take this too seriously,
# we really only write OPTIONS to the Makefile out of
# nostalgia.)
while (@cascade_copy) {
my ($test, $descendents) = (shift @cascade_copy, shift @cascade_copy);
if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) {
- map {
+ foreach(grep { !defined($disabled{$_}) } @$descendents) {
$new_tocheckfor{$_} = 1; $disabled{$_} = "forced";
- } grep { !defined($disabled{$_}) } @$descendents;
+ }
}
}
@tocheckfor = (keys %new_tocheckfor);
if $config{cross_compile_prefix} eq "";
# Allow overriding the names of some tools. USE WITH CARE
-$config{perl} = $ENV{'PERL'} || which("perl5") || which("perl") || "perl";
+$config{perl} = $ENV{'PERL'} || ($^O ne "VMS" ? $^X : "perl");
$target{cc} = $ENV{'CC'} || $target{cc} || "cc";
-$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} || which("ranlib") || "true";
+$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} ||
+ (scalar can_run("$config{cross_compile_prefix}ranlib") ?
+ "\$(CROSS_COMPILE)ranlib" : "true");
$target{ar} = $ENV{'AR'} || $target{ar} || "ar";
$target{nm} = $ENV{'NM'} || $target{nm} || "nm";
+$target{rc} =
+ $ENV{'RC'} || $ENV{'WINDRES'} || $target{rc} || "windres";
# For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_
# or release_ attributes.
$target{build_scheme} = [ $target{build_scheme} ]
if ref($target{build_scheme}) ne "ARRAY";
-###### TO BE REMOVED WHEN CLASSIC BUILD IS REMOVED
-######
-###### If the user has chosen --classic, we give it to them.
-###### If they try that with an out-of-source config, we complain.
-if ($target{build_scheme}->[0] eq "unified" && $classic) {
- die "Can't perform a classic build out of source tree\n"
- if $srcdir ne $blddir;
-
- $target{build_scheme} = { unix => [ "unixmake" ],
- windows => undef,
- VMS => undef } -> {$target{build_scheme}->[1]};
-
- die "Classic mode unavailable on this platform\n"
- unless defined($target{build_scheme});
-}
-
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
+push @{$config{defines}}, "NDEBUG" if $config{build_type} eq "release";
+
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
{
$config{cflags} .= " -mno-cygwin";
$disabled{threads} = "unavailable";
}
} else {
- # The user chose to enable threads explicitely, let's see
+ # The user chose to enable threads explicitly, let's see
# if there's a chance that's possible
if ($target{thread_scheme} eq "(unknown)") {
# If the user asked for "threads" and we don't have internal
$config{dynamic_engines} = 1;
}
+unless ($disabled{fuzz}) {
+ push @{$config{dirs}}, "fuzz";
+ $config{cflags} .= "-fsanitize-coverage=edge,indirect-calls ";
+}
+
+unless ($disabled{asan}) {
+ $config{cflags} .= "-fsanitize=address ";
+}
+
+unless ($disabled{ubsan}) {
+ # -DPEDANTIC or -fnosanitize=aligmnent may also be required on some
+ # platforms.
+ $config{cflags} .= "-fsanitize=undefined -fno-sanitize-recover=all ";
+}
+
+unless ($disabled{fuzz} && $disabled{asan} && $disabled{ubsan}) {
+ $config{cflags} .= "-fno-omit-frame-pointer -g ";
+}
#
# Platform fix-ups
#
}
close(PIPE);
- $config{makedepprog} = which('makedepend') unless $config{makedepprog};
+ $config{makedepprog} = scalar can_run('makedepend') unless $config{makedepprog};
$disabled{makedepend} = "unavailable" unless $config{makedepprog};
}
if ($builder eq "unified") {
# Store the name of the template file we will build the build file from
# in %config. This may be useful for the build file itself.
- my $build_file_template =
- catfile($srcdir, "Configurations",
- $builder_platform."-".$target{build_file}.".tmpl");
- $build_file_template =
- catfile($srcdir, "Configurations", $target{build_file}.".tmpl")
- if (! -f $build_file_template);
+ my $build_file_template;
+
+ for my $filename (( $builder_platform."-".$target{build_file}.".tmpl",
+ $target{build_file}.".tmpl" )) {
+ if (defined $ENV{$local_config_envname}) {
+ if ($^O eq 'VMS') {
+ # VMS environment variables are logical names,
+ # which can be used as is
+ $build_file_template = $local_config_envname . ':' . $filename;
+ } else {
+ $build_file_template = catfile($ENV{$local_config_envname},
+ $filename);
+ }
+ }
+
+ last if -f $build_file_template;
+
+ $build_file_template = catfile($srcdir, "Configurations", $filename);
+
+ last if -f $build_file_template;
+ }
$config{build_file_template} = $build_file_template;
use lib catdir(dirname(__FILE__),"util");
my %ordinals = ();
my %sources = ();
+ my %shared_sources = ();
my %includes = ();
my %depends = ();
my %renames = ();
qr/^\s*SOURCE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
=> sub { push @{$sources{$1}}, split(/\s+/, $2)
if !@skip || $skip[$#skip] > 0 },
+ qr/^\s*SHARED_SOURCE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
+ => sub { push @{$shared_sources{$1}}, split(/\s+/, $2)
+ if !@skip || $skip[$#skip] > 0 },
qr/^\s*INCLUDE\[((?:\\.|[^\\\]])+)\]\s*=\s*(.*)\s*$/
=> sub { push @{$includes{$1}}, split(/\s+/, $2)
if !@skip || $skip[$#skip] > 0 },
}
}
+ foreach (keys %shared_sources) {
+ my $dest = $_;
+ my $ddest = cleanfile($buildd, $_, $blddir);
+ if ($unified_info{rename}->{$ddest}) {
+ $ddest = $unified_info{rename}->{$ddest};
+ }
+ foreach (@{$shared_sources{$dest}}) {
+ my $s = cleanfile($sourced, $_, $blddir);
+
+ # If it isn't in the source tree, we assume it's generated
+ # in the build tree
+ if (! -f $s) {
+ $s = cleanfile($buildd, $_, $blddir);
+ }
+ # We recognise C and asm files
+ if ($s =~ /\.[csS]\b$/) {
+ (my $o = $_) =~ s/\.[csS]\b$/.o/;
+ $o = cleanfile($buildd, $o, $blddir);
+ $unified_info{shared_sources}->{$ddest}->{$o} = 1;
+ $unified_info{sources}->{$o}->{$s} = 1;
+ } else {
+ die "unrecognised source file type for shared library: $s\n";
+ }
+ }
+ }
+
foreach (keys %generate) {
my $dest = $_;
my $ddest = cleanfile($buildd, $_, $blddir);
foreach (keys %depends) {
my $dest = $_;
- my $ddest = cleanfile($buildd, $_, $blddir);
- if ($unified_info{rename}->{$ddest}) {
- $ddest = $unified_info{rename}->{$ddest};
+ my $ddest = cleanfile($sourced, $_, $blddir);
+
+ # If the destination doesn't exist in source, it can only be
+ # a generated file in the build tree.
+ if (! -f $ddest) {
+ $ddest = cleanfile($buildd, $_, $blddir);
+ if ($unified_info{rename}->{$ddest}) {
+ $ddest = $unified_info{rename}->{$ddest};
+ }
}
foreach (@{$depends{$dest}}) {
my $d = cleanfile($sourced, $_, $blddir);
$d = $unified_info{rename}->{$d};
}
$unified_info{depends}->{$ddest}->{$d} = 1;
- # If we depend on a header file, let's make sure it
- # can get included
- if ($d =~ /\.h$/) {
+ # If we depend on a header file or a perl module, let's make
+ # sure it can get included
+ if ($d =~ /\.(h|pm)$/) {
my $i = dirname($d);
push @{$unified_info{includes}->{$ddest}}, $i
unless grep { $_ eq $i } @{$unified_info{includes}->{$ddest}};
foreach (keys %includes) {
my $dest = $_;
- my $ddest = cleanfile($buildd, $_, $blddir);
- if ($unified_info{rename}->{$ddest}) {
- $ddest = $unified_info{rename}->{$ddest};
+ my $ddest = cleanfile($sourced, $_, $blddir);
+
+ # If the destination doesn't exist in source, it can only be
+ # a generated file in the build tree.
+ if (! -f $ddest) {
+ $ddest = cleanfile($buildd, $_, $blddir);
+ if ($unified_info{rename}->{$ddest}) {
+ $ddest = $unified_info{rename}->{$ddest};
+ }
}
foreach (@{$includes{$dest}}) {
my $i = cleandir($sourced, $_, $blddir);
$unified_info{$_} = [ sort keys %{$unified_info{$_}} ];
}
# Two level structures
- foreach my $l1 (("sources", "ldadd", "depends")) {
+ foreach my $l1 (("sources", "shared_sources", "ldadd", "depends")) {
foreach my $l2 (sort keys %{$unified_info{$l1}}) {
$unified_info{$l1}->{$l2} =
[ sort keys %{$unified_info{$l1}->{$l2}} ];
use Exporter;
#use vars qw(\@ISA \@EXPORT);
our \@ISA = qw(Exporter);
-our \@EXPORT = qw(\%config \%target \%disabled \%withargs \%unified_info);
+our \@EXPORT = qw(\%config \%target \%disabled \%withargs \%unified_info \@disablables);
EOF
print OUT "our %config = (\n";
print OUT <<"EOF";
);
+EOF
+print OUT "our \@disablables = (\n";
+foreach (@disablables) {
+ print OUT " ", quotify("perl", $_), ",\n";
+}
+print OUT <<"EOF";
+);
+
EOF
print OUT "our \%disabled = (\n";
foreach (sort keys %disabled) {
close(OUT);
-print "IsMK1MF =", ($builder eq "mk1mf" ? "yes" : "no"), "\n";
-print "CC =$target{cc}\n";
+print "CC =$config{cross_compile_prefix}$target{cc}\n";
print "CFLAG =$target{cflags} $config{cflags}\n";
print "SHARED_CFLAG =$target{shared_cflag}\n";
print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n";
print "POLY1305_OBJ =$target{poly1305_obj}\n";
print "BLAKE2_OBJ =$target{blake2_obj}\n";
print "PROCESSOR =$config{processor}\n";
-print "RANLIB =$target{ranlib}\n";
+print "RANLIB =", $target{ranlib} eq '$(CROSS_COMPILE)ranlib' ?
+ "$config{cross_compile_prefix}ranlib" :
+ "$target{ranlib}", "\n";
print "ARFLAGS =$target{arflags}\n";
print "PERL =$config{perl}\n";
print "\n";
run_dofile("util/domd", "util/domd.in");
chmod 0755, "util/domd";
},
- mk1mf => sub {
- my $platform = shift;
- # The only reason we do this is to have something to build MINFO from
- build_Makefile();
-
- # create the ms/version32.rc file if needed
- my ($v1, $v2, $v3, $v4);
- if ($config{version_num} =~ /^0x([0-9a-f]{1})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{2})([0-9a-f]{1})L$/i) {
- $v1=hex $1;
- $v2=hex $2;
- $v3=hex $3;
- $v4=hex $4;
- }
- open (OUT,">ms/version32.rc") || die "Can't open ms/version32.rc";
- print OUT <<"EOF";
-#include <winver.h>
-
-LANGUAGE 0x09,0x01
-
-1 VERSIONINFO
- FILEVERSION $v1,$v2,$v3,$v4
- PRODUCTVERSION $v1,$v2,$v3,$v4
- FILEFLAGSMASK 0x3fL
-#ifdef _DEBUG
- FILEFLAGS 0x01L
-#else
- FILEFLAGS 0x00L
-#endif
- FILEOS VOS__WINDOWS32
- FILETYPE VFT_DLL
- FILESUBTYPE 0x0L
-BEGIN
- BLOCK "StringFileInfo"
- BEGIN
- BLOCK "040904b0"
- BEGIN
- // Required:
- VALUE "CompanyName", "The OpenSSL Project, http://www.openssl.org/\\0"
- VALUE "FileDescription", "OpenSSL Shared Library\\0"
- VALUE "FileVersion", "$config{version}\\0"
-#if defined(CRYPTO)
- VALUE "InternalName", "libcrypto32\\0"
- VALUE "OriginalFilename", "libcrypto32.dll\\0"
-#elif defined(SSL)
- VALUE "InternalName", "libssl32\\0"
- VALUE "OriginalFilename", "libssl32.dll\\0"
-#endif
- VALUE "ProductName", "The OpenSSL Toolkit\\0"
- VALUE "ProductVersion", "$config{version}\\0"
- // Optional:
- //VALUE "Comments", "\\0"
- VALUE "LegalCopyright", "Copyright © 1998-2015 The OpenSSL Project. Copyright © 1995-1998 Eric A. Young, Tim J. Hudson. All rights reserved.\\0"
- //VALUE "LegalTrademarks", "\\0"
- //VALUE "PrivateBuild", "\\0"
- //VALUE "SpecialBuild", "\\0"
- END
- END
- BLOCK "VarFileInfo"
- BEGIN
- VALUE "Translation", 0x409, 0x4b0
- END
-END
-EOF
- close(OUT);
- },
);
$builders{$builder}->($builder_platform, @builder_opts);
you have tried with a current version of OpenSSL).
EOF
+print <<"EOF" if (-f catfile($srcdir, "configdata.pm") && $srcdir ne $blddir);
+
+WARNING: there are indications that another build was made in the source
+directory. This build may have picked up artifacts from that build, the
+safest course of action is to clean the source directory and redo this
+configuration.
+EOF
+
exit(0);
######################################################################
}
-# configuration resolver. Will only resolve all the lazy evalutation
-# codeblocks for the chozen target and all those it inherits from,
+# configuration resolver. Will only resolve all the lazy evaluation
+# codeblocks for the chosen target and all those it inherits from,
# recursively
sub resolve_config {
my $target = shift;
# the config that had it.
delete $inherited_config{template};
- map {
+ foreach (keys %inherited_config) {
if (!$combined_inheritance{$_}) {
$combined_inheritance{$_} = [];
}
push @{$combined_inheritance{$_}}, $inherited_config{$_};
- } keys %inherited_config;
+ }
}
}
# - If a value is a coderef, it will be executed with the list of
# inherited values as arguments.
# - If the corresponding key doesn't have a value at all or is the
- # emoty string, the inherited value list will be run through the
+ # empty string, the inherited value list will be run through the
# default combiner (below), and the result becomes this target's
# value.
# - Otherwise, this target's value is assumed to be a string that
return realpath($dir);
}
-sub which
- {
- my($name)=@_;
- my $path;
- foreach $path (split /:/, $ENV{PATH})
- {
- my $fullpath = "$path/$name$target{exe_extension}";
- if (-f $fullpath and -x $fullpath)
- {
- return $fullpath
- unless ($name eq "perl" and
- system("$fullpath -e " . '\'exit($]<5.0);\''));
- }
- }
- }
-
sub quotify {
my %processors = (
perl => sub { my $x = shift;
my $processor =
defined($processors{$for}) ? $processors{$for} : sub { shift; };
- map { $processor->($_); } @_;
+ return map { $processor->($_); } @_;
}
# collect_from_file($filename, $line_concat_cond_re, $line_concat)