#! /usr/bin/env perl
# -*- mode: perl; -*-
+# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the OpenSSL license (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
## Configure -- OpenSSL source tree configuration script
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
use File::Path qw/mkpath/;
+use IPC::Cmd qw/can_run/;
# see INSTALL for instructions.
# RC4_CHAR use 'char' instead of 'int' for RC4_INT in crypto/rc4/rc4.h
# Following are set automatically by this script
#
-# MD5_ASM use some extra md5 assember,
-# SHA1_ASM use some extra sha1 assember, must define L_ENDIAN for x86
-# RMD160_ASM use some extra ripemd160 assember,
+# MD5_ASM use some extra md5 assembler,
+# SHA1_ASM use some extra sha1 assembler, must define L_ENDIAN for x86
+# RMD160_ASM use some extra ripemd160 assembler,
# SHA256_ASM sha256_block is implemented in assembler
# SHA512_ASM sha512_block is implemented in assembler
# AES_ASM ASE_[en|de]crypt is implemented in assembler
# Minimum warning options... any contributions to OpenSSL should at least get
# past these.
-my $gcc_devteam_warn = "-DPEDANTIC -DREF_DEBUG -DDEBUG_UNUSED -DBIO_DEBUG"
- . " -pedantic"
+# DEBUG_UNUSED enables __owur (warn unused result) checks.
+my $gcc_devteam_warn = "-DDEBUG_UNUSED"
+ # -DPEDANTIC complements -pedantic and is meant to mask code that
+ # is not strictly standard-compliant and/or implementation-specifc,
+ # e.g. inline assembly, disregards to alignment requirements, such
+ # that -pedantic would complain about. Incidentally -DPEDANTIC has
+ # to be used even in sanitized builds, because sanitizer too is
+ # supposed to and does take notice of non-standard behaviour. Then
+ # -pedantic with pre-C9x compiler would also complain about 'long
+ # long' not being supported. As 64-bit algorithms are common now,
+ # it grew impossible to resolve this without sizeable additional
+ # code, so we just tell compiler to be pedantic about everything
+ # but 'long long' type.
+ . " -DPEDANTIC -pedantic -Wno-long-long"
. " -Wall"
- . " -Wno-long-long"
. " -Wsign-compare"
. " -Wmissing-prototypes"
. " -Wshadow"
# resolve_config(target)
#
-# Resolves all the late evalutations, inheritances and so on for the
+# Resolves all the late evaluations, inheritances and so on for the
# chosen target and any target it inherits from.
sub resolve_config;
my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax
my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl"));
+my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR';
+
$config{sourcedir} = abs2rel($srcdir);
$config{builddir} = abs2rel($blddir);
&read_config($_);
}
+if (defined $ENV{$local_config_envname}) {
+ if ($^O eq 'VMS') {
+ # VMS environment variables are logical names,
+ # which can be used as is
+ $pattern = $local_config_envname . ':' . '*.conf';
+ } else {
+ $pattern = catfile($ENV{$local_config_envname}, '*.conf');
+ }
+
+ foreach (sort glob($pattern) ) {
+ &read_config($_);
+ }
+}
+
print "Configuring OpenSSL version $config{version} (0x$config{version_num})\n";
my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
my @dtls = qw(dtls1 dtls1_2);
-# Explicitelly known options that are possible to disable. They can
+# Explicitly known options that are possible to disable. They can
# be regexps, and will be used like this: /^no-${option}$/
# For developers: keep it sorted alphabetically
my @disablables = (
- "aes",
"afalgeng",
+ "asan",
"asm",
"async",
"autoalginit",
"engine",
"err",
"filenames",
+ "fuzz",
"gost",
"heartbeats",
- "hmac",
"hw(-.+)?",
"idea",
"makedepend",
"md2",
"md4",
- "md5",
"mdc2",
"multiblock",
"nextprotoneg",
"rfc3779",
"ripemd",
"rmd160",
- "rsa",
"scrypt",
- "sct",
"sctp",
"seed",
- "sha",
"shared",
"sock",
"srp",
"threads",
"tls",
"ts",
+ "ubsan",
"ui",
"unit-test",
"whirlpool",
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
our %disabled = ( # "what" => "comment"
+ "asan" => "default",
"ec_nistp_64_gcc_128" => "default",
"egd" => "default",
+ "fuzz" => "default",
"md2" => "default",
"rc5" => "default",
"sctp" => "default",
- "shared" => "default",
"ssl-trace" => "default",
"ssl3" => "default",
"ssl3-method" => "default",
+ "ubsan" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"ec" => [ "ecdsa", "ecdh" ],
"dgram" => [ "dtls", "sctp" ],
+ "sock" => [ "dgram" ],
"dtls" => [ @dtls ],
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
"pic" => [ "shared" ],
"shared" => [ "dynamic-engine" ],
"engine" => [ "afalgeng" ],
+
+ # no-autoalginit is only useful when building non-shared
+ "autoalginit" => [ "shared", "apps" ],
+
+ "stdio" => [ "apps" ],
+ "apps" => [ "tests" ],
"comp" => [ "zlib" ],
+ sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
);
# Avoid protocol support holes. Also disable all versions below N, if version
$config{options}="";
$config{build_type} = "release";
-my $classic = 0;
-
my @argvcopy=@ARGV;
if (grep /^reconf(igure)?$/, @argvcopy) {
}
elsif (/^[-+]/)
{
- if (/^--classic$/)
- {
- $classic=1;
- }
- elsif (/^--prefix=(.*)$/)
+ if (/^--prefix=(.*)$/)
{
$config{prefix}=$1;
die "Directory given with --prefix MUST be absolute\n"
}
elsif (/^--with-zlib-include=(.*)$/)
{
- $withargs{zlib_include}="-I$1";
+ $withargs{zlib_include}=$1;
}
elsif (/^--with-fipslibdir=(.*)$/)
{
unless ($_ eq $target || /^no-/ || /^disable-/)
{
# "no-..." follows later after implied disactivations
- # have been derived. (Don't take this too seroiusly,
+ # have been derived. (Don't take this too seriously,
# we really only write OPTIONS to the Makefile out of
# nostalgia.)
while (@cascade_copy) {
my ($test, $descendents) = (shift @cascade_copy, shift @cascade_copy);
if (ref($test) eq "CODE" ? $test->() : defined($disabled{$test})) {
- map {
+ foreach(grep { !defined($disabled{$_}) } @$descendents) {
$new_tocheckfor{$_} = 1; $disabled{$_} = "forced";
- } grep { !defined($disabled{$_}) } @$descendents;
+ }
}
}
@tocheckfor = (keys %new_tocheckfor);
if $config{cross_compile_prefix} eq "";
# Allow overriding the names of some tools. USE WITH CARE
-$config{perl} = $ENV{'PERL'} || which("perl5") || which("perl") || "perl";
+$config{perl} = $ENV{'PERL'} || ($^O ne "VMS" ? $^X : "perl");
$target{cc} = $ENV{'CC'} || $target{cc} || "cc";
-$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} || which("ranlib") || "true";
+$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} ||
+ (scalar can_run("$config{cross_compile_prefix}ranlib") ?
+ "\$(CROSS_COMPILE)ranlib" : "true");
$target{ar} = $ENV{'AR'} || $target{ar} || "ar";
$target{nm} = $ENV{'NM'} || $target{nm} || "nm";
+$target{rc} =
+ $ENV{'RC'} || $ENV{'WINDRES'} || $target{rc} || "windres";
# For cflags, lflags, plib_lflags, ex_libs and defines, add the debug_
# or release_ attributes.
$target{build_scheme} = [ $target{build_scheme} ]
if ref($target{build_scheme}) ne "ARRAY";
-###### TO BE REMOVED WHEN CLASSIC BUILD IS REMOVED
-######
-###### If the user has chosen --classic, we give it to them.
-###### If they try that with an out-of-source config, we complain.
-if ($target{build_scheme}->[0] eq "unified" && $classic) {
- die "Can't perform a classic build out of source tree\n"
- if $srcdir ne $blddir;
-
- $target{build_scheme} = { unix => [ "unixmake" ],
- windows => undef,
- VMS => undef } -> {$target{build_scheme}->[1]};
-
- die "Classic mode unavailable on this platform\n"
- unless defined($target{build_scheme});
-}
-
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
+push @{$config{defines}}, "NDEBUG" if $config{build_type} eq "release";
+
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
{
$config{cflags} .= " -mno-cygwin";
$disabled{threads} = "unavailable";
}
} else {
- # The user chose to enable threads explicitely, let's see
+ # The user chose to enable threads explicitly, let's see
# if there's a chance that's possible
if ($target{thread_scheme} eq "(unknown)") {
# If the user asked for "threads" and we don't have internal
$config{dynamic_engines} = 1;
}
+unless ($disabled{fuzz}) {
+ push @{$config{dirs}}, "fuzz";
+ $config{cflags} .= "-fsanitize-coverage=edge,indirect-calls ";
+}
+
+unless ($disabled{asan}) {
+ $config{cflags} .= "-fsanitize=address ";
+}
+
+unless ($disabled{ubsan}) {
+ # -DPEDANTIC or -fnosanitize=aligmnent may also be required on some
+ # platforms.
+ $config{cflags} .= "-fsanitize=undefined -fno-sanitize-recover=all ";
+}
+
+unless ($disabled{fuzz} && $disabled{asan} && $disabled{ubsan}) {
+ $config{cflags} .= "-fno-omit-frame-pointer -g ";
+}
#
# Platform fix-ups
#
}
close(PIPE);
- $config{makedepprog} = which('makedepend') unless $config{makedepprog};
+ $config{makedepprog} = scalar can_run('makedepend') unless $config{makedepprog};
$disabled{makedepend} = "unavailable" unless $config{makedepprog};
}
if ($builder eq "unified") {
# Store the name of the template file we will build the build file from
# in %config. This may be useful for the build file itself.
- my $build_file_template =
- catfile($srcdir, "Configurations",
- $builder_platform."-".$target{build_file}.".tmpl");
- $build_file_template =
- catfile($srcdir, "Configurations", $target{build_file}.".tmpl")
- if (! -f $build_file_template);
+ my $build_file_template;
+
+ for my $filename (( $builder_platform."-".$target{build_file}.".tmpl",
+ $target{build_file}.".tmpl" )) {
+ if (defined $ENV{$local_config_envname}) {
+ if ($^O eq 'VMS') {
+ # VMS environment variables are logical names,
+ # which can be used as is
+ $build_file_template = $local_config_envname . ':' . $filename;
+ } else {
+ $build_file_template = catfile($ENV{$local_config_envname},
+ $filename);
+ }
+ }
+
+ last if -f $build_file_template;
+
+ $build_file_template = catfile($srcdir, "Configurations", $filename);
+
+ last if -f $build_file_template;
+ }
$config{build_file_template} = $build_file_template;
use lib catdir(dirname(__FILE__),"util");
foreach (keys %depends) {
my $dest = $_;
- my $ddest = cleanfile($buildd, $_, $blddir);
- if ($unified_info{rename}->{$ddest}) {
- $ddest = $unified_info{rename}->{$ddest};
+ my $ddest = cleanfile($sourced, $_, $blddir);
+
+ # If the destination doesn't exist in source, it can only be
+ # a generated file in the build tree.
+ if (! -f $ddest) {
+ $ddest = cleanfile($buildd, $_, $blddir);
+ if ($unified_info{rename}->{$ddest}) {
+ $ddest = $unified_info{rename}->{$ddest};
+ }
}
foreach (@{$depends{$dest}}) {
my $d = cleanfile($sourced, $_, $blddir);
$d = $unified_info{rename}->{$d};
}
$unified_info{depends}->{$ddest}->{$d} = 1;
- # If we depend on a header file, let's make sure it
- # can get included
- if ($d =~ /\.h$/) {
+ # If we depend on a header file or a perl module, let's make
+ # sure it can get included
+ if ($d =~ /\.(h|pm)$/) {
my $i = dirname($d);
push @{$unified_info{includes}->{$ddest}}, $i
unless grep { $_ eq $i } @{$unified_info{includes}->{$ddest}};
foreach (keys %includes) {
my $dest = $_;
- my $ddest = cleanfile($buildd, $_, $blddir);
- if ($unified_info{rename}->{$ddest}) {
- $ddest = $unified_info{rename}->{$ddest};
+ my $ddest = cleanfile($sourced, $_, $blddir);
+
+ # If the destination doesn't exist in source, it can only be
+ # a generated file in the build tree.
+ if (! -f $ddest) {
+ $ddest = cleanfile($buildd, $_, $blddir);
+ if ($unified_info{rename}->{$ddest}) {
+ $ddest = $unified_info{rename}->{$ddest};
+ }
}
foreach (@{$includes{$dest}}) {
my $i = cleandir($sourced, $_, $blddir);
close(OUT);
-print "CC =$target{cc}\n";
+print "CC =$config{cross_compile_prefix}$target{cc}\n";
print "CFLAG =$target{cflags} $config{cflags}\n";
print "SHARED_CFLAG =$target{shared_cflag}\n";
print "DEFINES =",join(" ", @{$target{defines}}, @{$config{defines}}),"\n";
print "POLY1305_OBJ =$target{poly1305_obj}\n";
print "BLAKE2_OBJ =$target{blake2_obj}\n";
print "PROCESSOR =$config{processor}\n";
-print "RANLIB =$target{ranlib}\n";
+print "RANLIB =", $target{ranlib} eq '$(CROSS_COMPILE)ranlib' ?
+ "$config{cross_compile_prefix}ranlib" :
+ "$target{ranlib}", "\n";
print "ARFLAGS =$target{arflags}\n";
print "PERL =$config{perl}\n";
print "\n";
you have tried with a current version of OpenSSL).
EOF
+print <<"EOF" if (-f catfile($srcdir, "configdata.pm") && $srcdir ne $blddir);
+
+WARNING: there are indications that another build was made in the source
+directory. This build may have picked up artifacts from that build, the
+safest course of action is to clean the source directory and redo this
+configuration.
+EOF
+
exit(0);
######################################################################
}
-# configuration resolver. Will only resolve all the lazy evalutation
-# codeblocks for the chozen target and all those it inherits from,
+# configuration resolver. Will only resolve all the lazy evaluation
+# codeblocks for the chosen target and all those it inherits from,
# recursively
sub resolve_config {
my $target = shift;
# the config that had it.
delete $inherited_config{template};
- map {
+ foreach (keys %inherited_config) {
if (!$combined_inheritance{$_}) {
$combined_inheritance{$_} = [];
}
push @{$combined_inheritance{$_}}, $inherited_config{$_};
- } keys %inherited_config;
+ }
}
}
# - If a value is a coderef, it will be executed with the list of
# inherited values as arguments.
# - If the corresponding key doesn't have a value at all or is the
- # emoty string, the inherited value list will be run through the
+ # empty string, the inherited value list will be run through the
# default combiner (below), and the result becomes this target's
# value.
# - Otherwise, this target's value is assumed to be a string that
return realpath($dir);
}
-sub which
- {
- my($name)=@_;
- my $path;
- foreach $path (split /:/, $ENV{PATH})
- {
- my $fullpath = "$path/$name$target{exe_extension}";
- if (-f $fullpath and -x $fullpath)
- {
- return $fullpath
- unless ($name eq "perl" and
- system("$fullpath -e " . '\'exit($]<5.0);\''));
- }
- }
- }
-
sub quotify {
my %processors = (
perl => sub { my $x = shift;
my $processor =
defined($processors{$for}) ? $processors{$for} : sub { shift; };
- map { $processor->($_); } @_;
+ return map { $processor->($_); } @_;
}
# collect_from_file($filename, $line_concat_cond_re, $line_concat)