#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
. " -Wshadow"
. " -Wformat"
. " -Wtype-limits"
- . " -Wno-parentheses-equality"
+ . " -Wundef"
. " -Werror"
;
. " -Wconditional-uninitialized"
. " -Wincompatible-pointer-types-discards-qualifiers"
. " -Wmissing-variable-declarations"
+ . " -Wundef"
;
# This adds backtrace information to the memory leak info. Is only used
$config{processor}="";
$config{libdir}="";
$config{cross_compile_prefix}="";
-$config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/";
-my $nofipscanistercheck=0;
-$config{baseaddr}="0xFB00000";
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
-$config{fips}=0;
# Top level directories to build
$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ];
# crypto/ subdirectories to build
$config{sdirs} = [
"objects",
- "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2",
- "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes",
+ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash",
+ "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "chacha", "modes",
"bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
"buffer", "bio", "stack", "lhash", "rand", "err",
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
my @disablables = (
"afalgeng",
+ "aria",
"asan",
"asm",
"async",
"sctp",
"seed",
"shared",
+ "siphash",
"sock",
"srp",
"srtp",
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
our %disabled = ( # "what" => "comment"
+ "aria" => "default",
"asan" => "default",
"crypto-mdebug" => "default",
"crypto-mdebug-backtrace" => "default",
"dgram" => [ "dtls", "sctp" ],
"sock" => [ "dgram" ],
"dtls" => [ @dtls ],
+ sub { 0 == scalar grep { !$disabled{$_} } @dtls }
+ => [ "dtls" ],
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
"md5" => [ "ssl", "tls1", "tls1_1", "dtls1" ],
"dtls1", "dtls1_2" ],
"tls" => [ @tls ],
+ sub { 0 == scalar grep { !$disabled{$_} } @tls }
+ => [ "tls" ],
# SRP and HEARTBEATS require TLSEXT
"tlsext" => [ "srp", "heartbeats" ],
{ $config{processor}=386; }
elsif (/^fips$/)
{
- $config{fips}=1;
+ die "FIPS mode not supported\n";
}
elsif (/^rsaref$/)
{
}
elsif (/^nofipscanistercheck$/)
{
- $config{fips} = 1;
- $nofipscanistercheck = 1;
+ die "FIPS mode not supported\n";
}
elsif (/^[-+]/)
{
{
$withargs{fuzzer_include}=$1;
}
- elsif (/^--with-fipslibdir=(.*)$/)
- {
- $config{fipslibdir}="$1/";
- }
- elsif (/^--with-baseaddr=(.*)$/)
- {
- $config{baseaddr}="$1";
- }
elsif (/^--cross-compile-prefix=(.*)$/)
{
$config{cross_compile_prefix}=$1;
"***** any of asan, msan or ubsan\n";
}
-if ($config{fips})
- {
- delete $disabled{"shared"} if ($disabled{"shared"} =~ /^default/);
- }
-else
- {
- @{$config{dirs}} = grep !/^fips$/, @{$config{dirs}};
- }
-
my @tocheckfor = (keys %disabled);
while (@tocheckfor) {
my %new_tocheckfor = ();
$config{ex_libs}="$libs$config{ex_libs}" if ($libs ne "");
-if ($disabled{asm})
- {
- if ($config{fips})
- {
- @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}};
- @{$target{defines}} = grep !/^[BL]_ENDIAN$/, @{$target{defines}};
- }
- }
-
# If threads aren't disabled, check how possible they are
unless ($disabled{threads}) {
if ($auto_threads) {
if ($target{shared_target} eq "")
{
$no_shared_warn = 1
- if ((!$disabled{shared} || !$disabled{"dynamic-engine"})
- && !$config{fips});
+ if (!$disabled{shared} || !$disabled{"dynamic-engine"});
$disabled{shared} = "no-shared-target";
$disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} =
"no-shared-target";
push @{$config{defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
push @{$config{defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/);
- if ($config{fips}) {
- push @{$config{openssl_other_defines}}, "OPENSSL_FIPS";
- }
-
if ($target{sha1_asm_src}) {
push @{$config{defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/);
push @{$config{defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/);