#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2017 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the OpenSSL license (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
## Configure -- OpenSSL source tree configuration script
-require 5.10.0;
+use 5.10.0;
use strict;
use Config;
use File::Basename;
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
-# 386 generate 80386 code
# enable-weak-ssl-ciphers
# Enable weak ciphers that are disabled by default. This currently
# only includes RC4 based ciphers.
-# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2
+# 386 generate 80386 code in assembly modules
+# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
+# mentioned '386' option implies this one
# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
# -<xxx> +<xxx> compiler options are passed through
# -static while -static is also a pass-through compiler option (and
# past these.
# DEBUG_UNUSED enables __owur (warn unused result) checks.
+# -DPEDANTIC complements -pedantic and is meant to mask code that
+# is not strictly standard-compliant and/or implementation-specific,
+# e.g. inline assembly, disregards to alignment requirements, such
+# that -pedantic would complain about. Incidentally -DPEDANTIC has
+# to be used even in sanitized builds, because sanitizer too is
+# supposed to and does take notice of non-standard behaviour. Then
+# -pedantic with pre-C9x compiler would also complain about 'long
+# long' not being supported. As 64-bit algorithms are common now,
+# it grew impossible to resolve this without sizeable additional
+# code, so we just tell compiler to be pedantic about everything
+# but 'long long' type.
+
my $gcc_devteam_warn = "-DDEBUG_UNUSED"
- # -DPEDANTIC complements -pedantic and is meant to mask code that
- # is not strictly standard-compliant and/or implementation-specific,
- # e.g. inline assembly, disregards to alignment requirements, such
- # that -pedantic would complain about. Incidentally -DPEDANTIC has
- # to be used even in sanitized builds, because sanitizer too is
- # supposed to and does take notice of non-standard behaviour. Then
- # -pedantic with pre-C9x compiler would also complain about 'long
- # long' not being supported. As 64-bit algorithms are common now,
- # it grew impossible to resolve this without sizeable additional
- # code, so we just tell compiler to be pedantic about everything
- # but 'long long' type.
. " -Wswitch"
. " -DPEDANTIC -pedantic -Wno-long-long"
. " -Wall"
. " -Wshadow"
. " -Wformat"
. " -Wtype-limits"
+ . " -Wundef"
. " -Werror"
;
# TODO(openssl-team): fix problems and investigate if (at least) the
# following warnings can also be enabled:
# -Wcast-align
-# -Wunreachable-code
+# -Wunreachable-code -- no, too ugly/compiler-specific
# -Wlanguage-extension-token -- no, we use asm()
# -Wunused-macros -- no, too tricky for BN and _XOPEN_SOURCE etc
# -Wextended-offsetof -- no, needed in CMS ASN1 code
. " -Wextra"
. " -Wswitch -Wswitch-default"
. " -Wno-unused-parameter"
+ . " -Wno-parentheses-equality"
. " -Wno-missing-field-initializers"
. " -Wno-language-extension-token"
. " -Wno-extended-offsetof"
. " -Wconditional-uninitialized"
. " -Wincompatible-pointer-types-discards-qualifiers"
. " -Wmissing-variable-declarations"
+ . " -Wundef"
;
# This adds backtrace information to the memory leak info. Is only used
$config{processor}="";
$config{libdir}="";
$config{cross_compile_prefix}="";
-$config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/";
-my $nofipscanistercheck=0;
-$config{baseaddr}="0xFB00000";
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
-$config{fips}=0;
# Top level directories to build
$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ];
# crypto/ subdirectories to build
$config{sdirs} = [
"objects",
- "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2",
- "des", "aes", "rc2", "rc4", "rc5", "idea", "bf", "cast", "camellia", "seed", "chacha", "modes",
+ "md2", "md4", "md5", "sha", "mdc2", "hmac", "ripemd", "whrlpool", "poly1305", "blake2", "siphash",
+ "des", "aes", "rc2", "rc4", "rc5", "idea", "aria", "bf", "cast", "camellia", "seed", "chacha", "modes",
"bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
"buffer", "bio", "stack", "lhash", "rand", "err",
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
"cms", "ts", "srp", "cmac", "ct", "async", "kdf"
];
+# test/ subdirectories to build
+$config{tdirs} = [ "ossl_shim" ];
# Known TLS and DTLS protocols
-my @tls = qw(ssl3 tls1 tls1_1 tls1_2);
+my @tls = qw(ssl3 tls1 tls1_1 tls1_2 tls1_3);
my @dtls = qw(dtls1 dtls1_2);
# Explicitly known options that are possible to disable. They can
my @disablables = (
"afalgeng",
+ "aria",
"asan",
"asm",
"async",
"egd",
"engine",
"err",
+ "external-tests",
"filenames",
"fuzz-libfuzzer",
"fuzz-afl",
"sctp",
"seed",
"shared",
+ "siphash",
"sock",
"srp",
"srtp",
"ssl-trace",
"static-engine",
"stdio",
+ "tests",
"threads",
"tls",
+ "tls13downgrade",
"ts",
"ubsan",
"ui",
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
our %disabled = ( # "what" => "comment"
+ "aria" => "default",
"asan" => "default",
"crypto-mdebug" => "default",
"crypto-mdebug-backtrace" => "default",
"ec_nistp_64_gcc_128" => "default",
"egd" => "default",
+ "external-tests" => "default",
"fuzz-libfuzzer" => "default",
"fuzz-afl" => "default",
"heartbeats" => "default",
"md2" => "default",
- "mdc2" => "default",
"msan" => "default",
"rc5" => "default",
"sctp" => "default",
"ssl3" => "default",
"ssl3-method" => "default",
"ubsan" => "default",
+ #TODO(TLS1.3): Temporarily disabled while this is a WIP
+ "tls1_3" => "default",
+ "tls13downgrade" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"dgram" => [ "dtls", "sctp" ],
"sock" => [ "dgram" ],
"dtls" => [ @dtls ],
+ sub { 0 == scalar grep { !$disabled{$_} } @dtls }
+ => [ "dtls" ],
# SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA
"md5" => [ "ssl", "tls1", "tls1_1", "dtls1" ],
sub { $disabled{rsa}
&& ($disabled{dsa} || $disabled{dh})
&& ($disabled{ecdsa} || $disabled{ecdh}); }
- => [ "tls1", "tls1_1", "tls1_2",
+ => [ "tls1", "tls1_1", "tls1_2", "tls1_3",
"dtls1", "dtls1_2" ],
"tls" => [ @tls ],
+ sub { 0 == scalar grep { !$disabled{$_} } @tls }
+ => [ "tls" ],
# SRP and HEARTBEATS require TLSEXT
"tlsext" => [ "srp", "heartbeats" ],
"stdio" => [ "apps", "capieng" ],
"apps" => [ "tests" ],
- "comp" => [ "zlib" ],
+ "comp" => [ "zlib" ],
+ "ec" => [ "tls1_3" ],
sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
sub { !$disabled{"msan"} } => [ "asm" ],
{ $config{processor}=386; }
elsif (/^fips$/)
{
- $config{fips}=1;
+ die "FIPS mode not supported\n";
}
elsif (/^rsaref$/)
{
}
elsif (/^nofipscanistercheck$/)
{
- $config{fips} = 1;
- $nofipscanistercheck = 1;
+ die "FIPS mode not supported\n";
}
elsif (/^[-+]/)
{
{
$withargs{fuzzer_include}=$1;
}
- elsif (/^--with-fipslibdir=(.*)$/)
- {
- $config{fipslibdir}="$1/";
- }
- elsif (/^--with-baseaddr=(.*)$/)
- {
- $config{baseaddr}="$1";
- }
elsif (/^--cross-compile-prefix=(.*)$/)
{
$config{cross_compile_prefix}=$1;
{
$libs.=$_." ";
}
+ elsif (/^-framework$/)
+ {
+ $libs.=$_." ".shift(@argvcopy)." ";
+ }
elsif (/^-rpath$/ or /^-R$/)
# -rpath is the OSF1 rpath flag
# -R is the old Solaris rpath flag
"***** any of asan, msan or ubsan\n";
}
-if ($config{fips})
- {
- delete $disabled{"shared"} if ($disabled{"shared"} =~ /^default/);
- }
-else
- {
- @{$config{dirs}} = grep !/^fips$/, @{$config{dirs}};
- }
-
my @tocheckfor = (keys %disabled);
while (@tocheckfor) {
my %new_tocheckfor = ();
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
+foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm",
+ $builder_platform."-checker.pm")) {
+ my $checker_path = catfile($srcdir, "Configurations", $checker);
+ if (-f $checker_path) {
+ my $fn = $ENV{CONFIGURE_CHECKER_WARN}
+ ? sub { warn $@; } : sub { die $@; };
+ if (! do $checker_path) {
+ if ($@) {
+ $fn->($@);
+ } elsif ($!) {
+ $fn->($!);
+ } else {
+ $fn->("The detected tools didn't match the platform\n");
+ }
+ }
+ last;
+ }
+}
+
push @{$config{defines}}, "NDEBUG" if $config{build_type} eq "release";
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
$config{ex_libs}="$libs$config{ex_libs}" if ($libs ne "");
-if ($disabled{asm})
- {
- if ($config{fips})
- {
- @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}};
- @{$target{defines}} = grep !/^[BL]_ENDIAN$/, @{$target{defines}};
- }
- }
-
# If threads aren't disabled, check how possible they are
unless ($disabled{threads}) {
if ($auto_threads) {
if ($target{shared_target} eq "")
{
$no_shared_warn = 1
- if ((!$disabled{shared} || !$disabled{"dynamic-engine"})
- && !$config{fips});
+ if (!$disabled{shared} || !$disabled{"dynamic-engine"});
$disabled{shared} = "no-shared-target";
$disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} =
"no-shared-target";
$config{dynamic_engines} = 1;
}
-unless ($disabled{"fuzz-libfuzzer"}) {
- $config{cflags} .= "-fsanitize-coverage=edge,indirect-calls ";
-}
-
unless ($disabled{asan}) {
$config{cflags} .= "-fsanitize=address ";
}
push @{$config{defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
push @{$config{defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/);
- if ($config{fips}) {
- push @{$config{openssl_other_defines}}, "OPENSSL_FIPS";
- }
-
if ($target{sha1_asm_src}) {
push @{$config{defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/);
push @{$config{defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/);
if ($target{ec_asm_src} =~ /ecp_nistz256/) {
push @{$config{defines}}, "ECP_NISTZ256_ASM";
}
+ if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) {
+ push @{$config{defines}}, "PADLOCK_ASM";
+ }
if ($target{poly1305_asm_src} ne "") {
push @{$config{defines}}, "POLY1305_ASM";
}
}
}
-if ($user_cflags ne "") { $config{cflags}="$config{cflags}$user_cflags"; }
+if ($user_cflags ne "") { $config{cflags}="$config{cflags}$user_cflags"; $config{cxxflags}="$config{cxxflags}$user_cflags";}
else { $no_user_cflags=1; }
if (@user_defines) { $config{defines}=[ @{$config{defines}}, @user_defines ]; }
else { $no_user_defines=1; }
push @build_infos, [ catdir("engines", $_), "build.info" ]
if (-f catfile($srcdir, "engines", $_, "build.info"));
}
+ foreach (@{$config{tdirs}}) {
+ push @build_infos, [ catdir("test", $_), "build.info" ]
+ if (-f catfile($srcdir, "test", $_, "build.info"));
+ }
$config{build_infos} = [ ];
|| $target_kind eq $target{build_file}."(".$builder_platform.")");
}
},
- qr/^(?:#.*|\s*)$/ => sub { },
+ qr/^\s*(?:#.*)?$/ => sub { },
"OTHERWISE" => sub { die "Something wrong with this line:\n$_\nat $sourced/$f" },
"BEFORE" => sub {
if ($buildinfo_debug) {
}
# Additionally, we set up sharednames for libraries that don't
- # have any, as themselves.
- foreach (keys %{$unified_info{libraries}}) {
+ # have any, as themselves. Only for libraries that aren't
+ # explicitely static.
+ foreach (grep !/\.a$/, keys %{$unified_info{libraries}}) {
if (!defined $unified_info{sharednames}->{$_}) {
$unified_info{sharednames}->{$_} = $_
}
}
+
+ # Check that we haven't defined any library as both shared and
+ # explicitely static. That is forbidden.
+ my @doubles = ();
+ foreach (grep /\.a$/, keys %{$unified_info{libraries}}) {
+ (my $l = $_) =~ s/\.a$//;
+ push @doubles, $l if defined $unified_info{sharednames}->{$l};
+ }
+ die "these libraries are both explicitely static and shared:\n ",
+ join(" ", @doubles), "\n"
+ if @doubles;
}
foreach (keys %ordinals) {
$d = cleanfile($buildd, $_, $blddir);
}
# Take note if the file to depend on is being renamed
+ # Take extra care with files ending with .a, they should
+ # be treated without that extension, and the extension
+ # should be added back after treatment.
+ $d =~ /(\.a)?$/;
+ my $e = $1 // "";
+ $d = $`;
if ($unified_info{rename}->{$d}) {
$d = $unified_info{rename}->{$d};
}
+ $d .= $e;
$unified_info{depends}->{$ddest}->{$d} = 1;
# If we depend on a header file or a perl module, let's make
# sure it can get included
# On non-platforms, we just use file_name_is_absolute().
return file_name_is_absolute($file) unless $^O eq "VMS";
- # If the file spec includes a device or a directpry spec,
+ # If the file spec includes a device or a directory spec,
# file_name_is_absolute() is perfectly safe.
return file_name_is_absolute($file) if $file =~ m|[:\[]|;