## Configure -- OpenSSL source tree configuration script
-require 5.10.0;
+use 5.10.0;
use strict;
use Config;
+use FindBin;
+use lib "$FindBin::Bin/util/perl";
use File::Basename;
use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/;
use File::Path qw/mkpath/;
-use if $^O ne "VMS", 'File::Glob' => qw/glob/;
+use OpenSSL::Glob;
# see INSTALL for instructions.
# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
# enable-weak-ssl-ciphers
-# Enable weak ciphers that are disabled by default. This currently
-# only includes RC4 based ciphers.
+# Enable weak ciphers that are disabled by default.
# 386 generate 80386 code in assembly modules
# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
# mentioned '386' option implies this one
# but 'long long' type.
my $gcc_devteam_warn = "-DDEBUG_UNUSED"
- . " -Wswitch"
. " -DPEDANTIC -pedantic -Wno-long-long"
. " -Wall"
+ . " -Wextra"
+ . " -Wno-unused-parameter"
+ . " -Wno-missing-field-initializers"
+ . " -Wswitch"
. " -Wsign-compare"
. " -Wmissing-prototypes"
. " -Wshadow"
# -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
# -Wextended-offsetof -- no, needed in CMS ASN1 code
my $clang_devteam_warn = ""
- . " -Qunused-arguments"
- . " -Wextra"
- . " -Wswitch -Wswitch-default"
- . " -Wno-unused-parameter"
+ . " -Wswitch-default"
. " -Wno-parentheses-equality"
- . " -Wno-missing-field-initializers"
. " -Wno-language-extension-token"
. " -Wno-extended-offsetof"
. " -Wconditional-uninitialized"
. " -Wincompatible-pointer-types-discards-qualifiers"
. " -Wmissing-variable-declarations"
- . " -Wundef"
+ . " -Wno-unknown-warning-option"
;
# This adds backtrace information to the memory leak info. Is only used
@{$configdata::config{perlargv}} : ();
die "Incorrect data to reconfigure, please do a normal configuration\n"
if (grep(/^reconf/,@argvcopy));
- $ENV{CROSS_COMPILE} = $configdata::config{cross_compile_prefix}
- if defined($configdata::config{cross_compile_prefix});
- $ENV{CC} = $configdata::config{cc}
- if defined($configdata::config{cc});
- $ENV{CXX} = $configdata::config{cxx}
- if defined($configdata::config{cxx});
- $ENV{BUILDFILE} = $configdata::config{build_file}
- if defined($configdata::config{build_file});
- $ENV{$local_config_envname} = $configdata::config{local_config_dir}
- if defined($configdata::config{local_config_dir});
+ $config{perlenv} = $configdata::config{perlenv} // {};
print "Reconfiguring with: ", join(" ",@argvcopy), "\n";
- print " CROSS_COMPILE = ",$ENV{CROSS_COMPILE},"\n"
- if $ENV{CROSS_COMPILE};
- print " CC = ",$ENV{CC},"\n" if $ENV{CC};
- print " CXX = ",$ENV{CXX},"\n" if $ENV{CXX};
- print " BUILDFILE = ",$ENV{BUILDFILE},"\n" if $ENV{BUILDFILE};
- print " $local_config_envname = ",$ENV{$local_config_envname},"\n"
- if $ENV{$local_config_envname};
+ foreach (sort keys %{$config{perlenv}}) {
+ print " $_ = $config{perlenv}->{$_}\n";
+ }
} else {
die "Insufficient data to reconfigure, please do a normal configuration\n";
}
&read_config($_);
}
-if (defined $ENV{$local_config_envname}) {
+if (defined env($local_config_envname)) {
if ($^O eq 'VMS') {
# VMS environment variables are logical names,
# which can be used as is
$pattern = $local_config_envname . ':' . '*.conf';
} else {
- $pattern = catfile($ENV{$local_config_envname}, '*.conf');
+ $pattern = catfile(env($local_config_envname), '*.conf');
}
foreach (sort glob($pattern)) {
}
}
-
-print "Configuring OpenSSL version $config{version} ($config{version_num})\n";
-
$config{prefix}="";
$config{openssldir}="";
$config{processor}="";
# crypto/ subdirectories to build
$config{sdirs} = [
"objects",
- "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash",
- "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "chacha", "modes",
+ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash", "sm3",
+ "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "sm4", "chacha", "modes",
"bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
"buffer", "bio", "stack", "lhash", "rand", "err",
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
- "cms", "ts", "srp", "cmac", "ct", "async", "kdf"
+ "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
];
# test/ subdirectories to build
$config{tdirs} = [ "ossl_shim" ];
"ct",
"deprecated",
"des",
+ "devcryptoeng",
"dgram",
"dh",
"dsa",
"seed",
"shared",
"siphash",
+ "sm3",
+ "sm4",
"sock",
"srp",
"srtp",
"tls13downgrade",
"ts",
"ubsan",
- "ui",
+ "ui-console",
"unit-test",
"whirlpool",
"weak-ssl-ciphers",
foreach my $proto ((@tls, @dtls))
{
push(@disablables, $proto);
- push(@disablables, "$proto-method");
+ push(@disablables, "$proto-method") unless $proto eq "tls1_3";
}
my %deprecated_disablables = (
"ssl2" => undef,
"buf-freelists" => undef,
- "ripemd" => "rmd160"
+ "ripemd" => "rmd160",
+ "ui" => "ui-console",
);
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
"asan" => "default",
"crypto-mdebug" => "default",
"crypto-mdebug-backtrace" => "default",
+ "devcryptoeng" => "default",
"ec_nistp_64_gcc_128" => "default",
"egd" => "default",
"external-tests" => "default",
sub { 0 == scalar grep { !$disabled{$_} } @dtls }
=> [ "dtls" ],
- # SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
- "md5" => [ "ssl", "tls1", "tls1_1", "dtls1" ],
- "sha" => [ "ssl", "tls1", "tls1_1", "dtls1" ],
-
- # Additionally, SSL 3.0 requires either RSA or DSA+DH
- sub { $disabled{rsa}
- && ($disabled{dsa} || $disabled{dh}); }
- => [ "ssl" ],
-
- # (D)TLS 1.0 and TLS 1.1 also require either RSA or DSA+DH
- # or ECDSA + ECDH. (D)TLS 1.2 has this requirement as well.
- # (XXX: We don't support PSK-only builds).
- sub { $disabled{rsa}
- && ($disabled{dsa} || $disabled{dh})
- && ($disabled{ecdsa} || $disabled{ecdh}); }
- => [ "tls1", "tls1_1", "tls1_2", "tls1_3",
- "dtls1", "dtls1_2" ],
-
"tls" => [ @tls ],
sub { 0 == scalar grep { !$disabled{$_} } @tls }
=> [ "tls" ],
- # SRP and HEARTBEATS require TLSEXT
- "tlsext" => [ "srp", "heartbeats" ],
-
"crypto-mdebug" => [ "crypto-mdebug-backtrace" ],
# Without DSO, we can't load dynamic engines, so don't build them dynamic
# Without position independent code, there can be no shared libraries or DSOs
"pic" => [ "shared" ],
"shared" => [ "dynamic-engine" ],
- "engine" => [ "afalgeng" ],
+ "engine" => [ "afalgeng", "devcryptoeng" ],
# no-autoalginit is only useful when building non-shared
"autoalginit" => [ "shared", "apps" ],
- "stdio" => [ "apps", "capieng" ],
+ "stdio" => [ "apps", "capieng", "egd" ],
"apps" => [ "tests" ],
+ "tests" => [ "external-tests" ],
"comp" => [ "zlib" ],
"ec" => [ "tls1_3" ],
sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
my %unsupported_options = ();
my %deprecated_options = ();
+# If you change this, update apps/version.c
+my @known_seed_sources = qw(getrandom devrandom os egd none rdcpu librandom);
+my @seed_sources = ();
while (@argvcopy)
{
$_ = shift @argvcopy;
+
+ # Support env variable assignments among the options
+ if (m|^(\w+)=(.+)?$|)
+ {
+ $config{perlenv}->{$1} = $2;
+ next;
+ }
+
# VMS is a case insensitive environment, and depending on settings
# out of our control, we may receive options uppercased. Let's
# downcase at least the part before any equal sign.
{
$withargs{fuzzer_include}=$1;
}
+ elsif (/^--with-rand-seed=(.*)$/)
+ {
+ foreach my $x (split(m|,|, $1))
+ {
+ die "Unknown --with-rand-seed choice $x\n"
+ if ! grep { $x eq $_ } @known_seed_sources;
+ push @seed_sources, $x;
+ }
+ }
elsif (/^--cross-compile-prefix=(.*)$/)
{
$config{cross_compile_prefix}=$1;
{
$libs.=$_." ";
}
+ elsif (/^-framework$/)
+ {
+ $libs.=$_." ".shift(@argvcopy)." ";
+ }
elsif (/^-rpath$/ or /^-R$/)
# -rpath is the OSF1 rpath flag
# -R is the old Solaris rpath flag
}
unless ($_ eq $target || /^no-/ || /^disable-/)
{
- # "no-..." follows later after implied disactivations
+ # "no-..." follows later after implied deactivations
# have been derived. (Don't take this too seriously,
# we really only write OPTIONS to the Makefile out of
# nostalgia.)
"***** any of asan, msan or ubsan\n";
}
+if (scalar(@seed_sources) == 0) {
+ print "Using implicit seed configuration\n";
+ push @seed_sources, 'os';
+}
+die "Cannot seed with none and anything else"
+ if scalar(grep { $_ eq 'none' } @seed_sources) > 0
+ && scalar(@seed_sources) > 1;
+push @{$config{openssl_other_defines}},
+ map { (my $x = $_) =~ tr|[\-a-z]|[_A-Z]|; "OPENSSL_RAND_SEED_$x" }
+ @seed_sources;
+
my @tocheckfor = (keys %disabled);
while (@tocheckfor) {
my %new_tocheckfor = ();
exit 0;
}
+print "Configuring OpenSSL version $config{version} ($config{version_num})\n";
+print "for $target\n";
+
# Backward compatibility?
if ($target =~ m/^CygWin32(-.*)$/) {
$target = "Cygwin".$1;
}
+# Support for legacy targets having a name starting with 'debug-'
+my ($d, $t) = $target =~ m/^(debug-)?(.*)$/;
+if ($d) {
+ $config{build_type} = "debug";
+
+ # If we do not find debug-foo in the table, the target is set to foo.
+ if (!$table{$target}) {
+ $target = $t;
+ }
+}
+$config{target} = $target;
+my %target = resolve_config($target);
+
+&usage if (!%target || $target{template});
+
+my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}});
+$config{conf_files} = [ sort keys %conf_files ];
+%target = ( %{$table{DEFAULTS}}, %target );
+
+foreach my $feature (@{$target{disable}}) {
+ if (exists $deprecated_disablables{$feature}) {
+ warn "***** config $target disables deprecated feature $feature\n";
+ } elsif (!grep { $feature eq $_ } @disablables) {
+ die "***** config $target disables unknown feature $feature\n";
+ }
+ $disabled{$feature} = 'config';
+}
+foreach my $feature (@{$target{enable}}) {
+ if ("default" eq ($disabled{$_} // "")) {
+ if (exists $deprecated_disablables{$feature}) {
+ warn "***** config $target enables deprecated feature $feature\n";
+ } elsif (!grep { $feature eq $_ } @disablables) {
+ die "***** config $target enables unknown feature $feature\n";
+ }
+ delete $disabled{$_};
+ }
+}
+
foreach (sort (keys %disabled))
{
$config{options} .= " no-$_";
print "\n";
}
-print "Configuring for $target\n";
-# Support for legacy targets having a name starting with 'debug-'
-my ($d, $t) = $target =~ m/^(debug-)?(.*)$/;
-if ($d) {
- $config{build_type} = "debug";
-
- # If we do not find debug-foo in the table, the target is set to foo.
- if (!$table{$target}) {
- $target = $t;
- }
-}
-$config{target} = $target;
-my %target = resolve_config($target);
-
-&usage if (!%target || $target{template});
-
-my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}});
-$config{conf_files} = [ sort keys %conf_files ];
-%target = ( %{$table{DEFAULTS}}, %target );
-
$target{cxxflags}=$target{cflags} unless defined $target{cxxflags};
$target{exe_extension}="";
$target{exe_extension}=".exe" if ($config{target} eq "DJGPP"
$target{exe_extension}=".pm" if ($config{target} =~ /vos/);
($target{shared_extension_simple}=$target{shared_extension})
- =~ s|\.\$\(SHLIB_MAJOR\)\.\$\(SHLIB_MINOR\)||;
+ =~ s|\.\$\(SHLIB_VERSION_NUMBER\)||;
$target{dso_extension}=$target{shared_extension_simple};
($target{shared_import_extension}=$target{shared_extension_simple}.".a")
if ($config{target} =~ /^(?:Cygwin|mingw)/);
-$config{cross_compile_prefix} = $ENV{'CROSS_COMPILE'}
+$config{cross_compile_prefix} = env('CROSS_COMPILE')
if $config{cross_compile_prefix} eq "";
# Allow overriding the names of some tools. USE WITH CARE
# the default string.
$config{perl} = ($^O ne "VMS" ? $^X : "perl");
$config{hashbangperl} =
- $ENV{'HASHBANGPERL'} || $ENV{'PERL'} || "/usr/bin/env perl";
-$target{cc} = $ENV{'CC'} || $target{cc} || "cc";
-$target{cxx} = $ENV{'CXX'} || $target{cxx} || "c++";
-$target{ranlib} = $ENV{'RANLIB'} || $target{ranlib} ||
+ env('HASHBANGPERL') || env('PERL') || "/usr/bin/env perl";
+$target{cc} = env('CC') || $target{cc} || "cc";
+$target{cxx} = env('CXX') || $target{cxx} || "c++";
+$target{ranlib} = env('RANLIB') || $target{ranlib} ||
(which("$config{cross_compile_prefix}ranlib") ?
"\$(CROSS_COMPILE)ranlib" : "true");
-$target{ar} = $ENV{'AR'} || $target{ar} || "ar";
-$target{nm} = $ENV{'NM'} || $target{nm} || "nm";
+$target{ar} = env('AR') || $target{ar} || "ar";
+$target{nm} = env('NM') || $target{nm} || "nm";
$target{rc} =
- $ENV{'RC'} || $ENV{'WINDRES'} || $target{rc} || "windres";
+ env('RC') || env('WINDRES') || $target{rc} || "windres";
# Allow overriding the build file name
-$target{build_file} = $ENV{BUILDFILE} || $target{build_file} || "Makefile";
+$target{build_file} = env('BUILDFILE') || $target{build_file} || "Makefile";
# Cache information necessary for reconfiguration
$config{cc} = $target{cc};
}
}
-my $ecc = $target{cc};
-if ($^O ne "VMS" && !$disabled{makedepend}) {
- # Is the compiler gcc or clang? $ecc is used below to see if
- # error-checking can be turned on.
- my $ccpcc = "$config{cross_compile_prefix}$target{cc}";
- open(PIPE, "$ccpcc --version 2>&1 |");
- my $lines = 2;
- while ( <PIPE> ) {
- # Find the version number and save the major.
- m|(?:.*)\b(\d+)\.\d+\.\d+\b(?:.*)|;
- my $compiler_major = $1;
- # We know that GNU C version 3 and up as well as all clang
- # versions support dependency generation
- $config{makedepprog} = $ccpcc
- if (/clang/ || (/gcc/ && $compiler_major >= 3));
- $ecc = "clang" if /clang/;
- $ecc = "gcc" if /gcc/;
- last if ($config{makedepprog} || !$lines--);
+my %predefined;
+
+if ($^O ne "VMS") {
+ my $cc = "$config{cross_compile_prefix}$target{cc}";
+
+ # collect compiler pre-defines from gcc or gcc-alike...
+ open(PIPE, "$cc -dM -E -x c /dev/null 2>&1 |");
+ while (<PIPE>) {
+ m/^#define\s+(\w+(?:\(\w+\))?)(?:\s+(.+))?/ or last;
+ $predefined{$1} = $2 // "";
}
close(PIPE);
- $config{makedepprog} = which('makedepend') unless $config{makedepprog};
- $disabled{makedepend} = "unavailable" unless $config{makedepprog};
+ if (!$disabled{makedepend}) {
+ # We know that GNU C version 3 and up as well as all clang
+ # versions support dependency generation
+ if ($predefined{__GNUC__} >= 3) {
+ $config{makedepprog} = $cc;
+ } else {
+ $config{makedepprog} = which('makedepend');
+ $disabled{makedepend} = "unavailable" unless $config{makedepprog};
+ }
+ }
}
push @{$config{defines}}, $apiflag;
}
+if (defined($predefined{__clang__}) && !$disabled{asm}) {
+ $config{cflags} .= " -Qunused-arguments";
+}
+
if ($strict_warnings)
{
my $wopt;
- die "ERROR --strict-warnings requires gcc or clang"
- unless $ecc eq 'gcc' || $ecc eq 'clang';
+ my $gccver = $predefined{__GNUC__} // -1;
+
+ die "ERROR --strict-warnings requires gcc[>=4] or gcc-alike"
+ unless $gccver >= 4;
+ $gcc_devteam_warn .= " -Wmisleading-indentation" if $gccver >= 6;
foreach $wopt (split /\s+/, $gcc_devteam_warn)
{
$config{cflags} .= " $wopt" unless ($config{cflags} =~ /(?:^|\s)$wopt(?:\s|$)/)
}
- if ($ecc eq "clang")
+ if (defined($predefined{__clang__}))
{
foreach $wopt (split /\s+/, $clang_devteam_warn)
{
my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO});
if ($builder eq "unified") {
- use lib catdir(dirname(__FILE__),"util");
use with_fallback qw(Text::Template);
sub cleandir {
my @build_file_templates = ();
# First, look in the user provided directory, if given
- if (defined $ENV{$local_config_envname}) {
+ if (defined env($local_config_envname)) {
@build_file_templates =
map {
if ($^O eq 'VMS') {
# which can be used as is
$local_config_envname . ':' . $_;
} else {
- catfile($ENV{$local_config_envname}, $_);
+ catfile(env($local_config_envname), $_);
}
}
@build_file_template_names;
my %generate = ();
push @{$config{build_infos}}, catfile(abs2rel($sourced, $blddir), $f);
- my $template = Text::Template->new(TYPE => 'FILE',
- SOURCE => catfile($sourced, $f));
+ my $template =
+ Text::Template->new(TYPE => 'FILE',
+ SOURCE => catfile($sourced, $f),
+ PREPEND => qq{use lib "$FindBin::Bin/util/perl";});
die "Something went wrong with $sourced/$f: $!\n" unless $template;
my @text =
split /^/m,
}
# Additionally, we set up sharednames for libraries that don't
- # have any, as themselves.
- foreach (keys %{$unified_info{libraries}}) {
+ # have any, as themselves. Only for libraries that aren't
+ # explicitly static.
+ foreach (grep !/\.a$/, keys %{$unified_info{libraries}}) {
if (!defined $unified_info{sharednames}->{$_}) {
$unified_info{sharednames}->{$_} = $_
}
}
+
+ # Check that we haven't defined any library as both shared and
+ # explicitly static. That is forbidden.
+ my @doubles = ();
+ foreach (grep /\.a$/, keys %{$unified_info{libraries}}) {
+ (my $l = $_) =~ s/\.a$//;
+ push @doubles, $l if defined $unified_info{sharednames}->{$l};
+ }
+ die "these libraries are both explicitly static and shared:\n ",
+ join(" ", @doubles), "\n"
+ if @doubles;
}
foreach (keys %ordinals) {
print OUT " ", $_, " => [ ", join(", ",
map { quotify("perl", $_) }
@{$config{$_}}), " ],\n";
+ } elsif (ref($config{$_}) eq "HASH") {
+ print OUT " ", $_, " => {";
+ if (scalar keys %{$config{$_}} > 0) {
+ print OUT "\n";
+ foreach my $key (sort keys %{$config{$_}}) {
+ print OUT " ",
+ join(" => ",
+ quotify("perl", $key),
+ defined $config{$_}->{$key}
+ ? quotify("perl", $config{$_}->{$key})
+ : "undef");
+ print OUT ",\n";
+ }
+ print OUT " ";
+ }
+ print OUT "},\n";
} else {
print OUT " ", $_, " => ", quotify("perl", $config{$_}), ",\n"
}
}
}
+sub env
+{
+ my $name = shift;
+
+ # Note that if $ENV{$name} doesn't exist or is undefined,
+ # $config{perlenv}->{$name} will be created with the value
+ # undef. This is intentional.
+
+ $config{perlenv}->{$name} = $ENV{$name}
+ if ! exists $config{perlenv}->{$name};
+ return $config{perlenv}->{$name};
+}
+
# Configuration printer ##############################################
sub print_table_entry
# On non-platforms, we just use file_name_is_absolute().
return file_name_is_absolute($file) unless $^O eq "VMS";
- # If the file spec includes a device or a directpry spec,
+ # If the file spec includes a device or a directory spec,
# file_name_is_absolute() is perfectly safe.
return file_name_is_absolute($file) if $file =~ m|[:\[]|;