## Configure -- OpenSSL source tree configuration script
-require 5.10.0;
+use 5.10.0;
use strict;
use Config;
use File::Basename;
# library and will be loaded in run-time by the OpenSSL library.
# sctp include SCTP support
# enable-weak-ssl-ciphers
-# Enable weak ciphers that are disabled by default. This currently
-# only includes RC4 based ciphers.
+# Enable weak ciphers that are disabled by default.
# 386 generate 80386 code in assembly modules
# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
# mentioned '386' option implies this one
. " -Wswitch"
. " -DPEDANTIC -pedantic -Wno-long-long"
. " -Wall"
+ . " -Wextra"
+ . " -Wno-unused-parameter"
+ . " -Wno-missing-field-initializers"
. " -Wsign-compare"
. " -Wmissing-prototypes"
. " -Wshadow"
# -Wextended-offsetof -- no, needed in CMS ASN1 code
my $clang_devteam_warn = ""
. " -Qunused-arguments"
- . " -Wextra"
- . " -Wswitch -Wswitch-default"
- . " -Wno-unused-parameter"
+ . " -Wswitch-default"
. " -Wno-parentheses-equality"
- . " -Wno-missing-field-initializers"
. " -Wno-language-extension-token"
. " -Wno-extended-offsetof"
. " -Wconditional-uninitialized"
. " -Wincompatible-pointer-types-discards-qualifiers"
. " -Wmissing-variable-declarations"
- . " -Wundef"
;
# This adds backtrace information to the memory leak info. Is only used
}
}
-
-print "Configuring OpenSSL version $config{version} ($config{version_num})\n";
-
$config{prefix}="";
$config{openssldir}="";
$config{processor}="";
$config{libdir}="";
$config{cross_compile_prefix}="";
-$config{fipslibdir}="/usr/local/ssl/fips-2.0/lib/";
-my $nofipscanistercheck=0;
-$config{baseaddr}="0xFB00000";
my $auto_threads=1; # enable threads automatically? true by default
my $default_ranlib;
-$config{fips}=0;
# Top level directories to build
$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ];
"bn", "ec", "rsa", "dsa", "dh", "dso", "engine",
"buffer", "bio", "stack", "lhash", "rand", "err",
"evp", "asn1", "pem", "x509", "x509v3", "conf", "txt_db", "pkcs7", "pkcs12", "comp", "ocsp", "ui",
- "cms", "ts", "srp", "cmac", "ct", "async", "kdf"
+ "cms", "ts", "srp", "cmac", "ct", "async", "kdf", "store"
];
# test/ subdirectories to build
$config{tdirs} = [ "ossl_shim" ];
"ct",
"deprecated",
"des",
+ "devcryptoeng",
"dgram",
"dh",
"dsa",
"tests",
"threads",
"tls",
+ "tls13downgrade",
"ts",
"ubsan",
- "ui",
+ "ui-console",
"unit-test",
"whirlpool",
"weak-ssl-ciphers",
foreach my $proto ((@tls, @dtls))
{
push(@disablables, $proto);
- push(@disablables, "$proto-method");
+ push(@disablables, "$proto-method") unless $proto eq "tls1_3";
}
my %deprecated_disablables = (
"ssl2" => undef,
"buf-freelists" => undef,
- "ripemd" => "rmd160"
+ "ripemd" => "rmd160",
+ "ui" => "ui-console",
);
# All of the following is disabled by default (RC5 was enabled before 0.9.8):
"asan" => "default",
"crypto-mdebug" => "default",
"crypto-mdebug-backtrace" => "default",
+ "devcryptoeng" => "default",
"ec_nistp_64_gcc_128" => "default",
"egd" => "default",
"external-tests" => "default",
"ubsan" => "default",
#TODO(TLS1.3): Temporarily disabled while this is a WIP
"tls1_3" => "default",
+ "tls13downgrade" => "default",
"unit-test" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
# Without position independent code, there can be no shared libraries or DSOs
"pic" => [ "shared" ],
"shared" => [ "dynamic-engine" ],
- "engine" => [ "afalgeng" ],
+ "engine" => [ "afalgeng", "devcryptoeng" ],
# no-autoalginit is only useful when building non-shared
"autoalginit" => [ "shared", "apps" ],
{ $config{processor}=386; }
elsif (/^fips$/)
{
- $config{fips}=1;
+ die "FIPS mode not supported\n";
}
elsif (/^rsaref$/)
{
}
elsif (/^nofipscanistercheck$/)
{
- $config{fips} = 1;
- $nofipscanistercheck = 1;
+ die "FIPS mode not supported\n";
}
elsif (/^[-+]/)
{
{
$withargs{fuzzer_include}=$1;
}
- elsif (/^--with-fipslibdir=(.*)$/)
- {
- $config{fipslibdir}="$1/";
- }
- elsif (/^--with-baseaddr=(.*)$/)
- {
- $config{baseaddr}="$1";
- }
elsif (/^--cross-compile-prefix=(.*)$/)
{
$config{cross_compile_prefix}=$1;
{
$libs.=$_." ";
}
+ elsif (/^-framework$/)
+ {
+ $libs.=$_." ".shift(@argvcopy)." ";
+ }
elsif (/^-rpath$/ or /^-R$/)
# -rpath is the OSF1 rpath flag
# -R is the old Solaris rpath flag
"***** any of asan, msan or ubsan\n";
}
-if ($config{fips})
- {
- delete $disabled{"shared"} if ($disabled{"shared"} =~ /^default/);
- }
-else
- {
- @{$config{dirs}} = grep !/^fips$/, @{$config{dirs}};
- }
-
my @tocheckfor = (keys %disabled);
while (@tocheckfor) {
my %new_tocheckfor = ();
exit 0;
}
+print "Configuring OpenSSL version $config{version} ($config{version_num})\n";
+print "for $target\n";
+
# Backward compatibility?
if ($target =~ m/^CygWin32(-.*)$/) {
$target = "Cygwin".$1;
}
+# Support for legacy targets having a name starting with 'debug-'
+my ($d, $t) = $target =~ m/^(debug-)?(.*)$/;
+if ($d) {
+ $config{build_type} = "debug";
+
+ # If we do not find debug-foo in the table, the target is set to foo.
+ if (!$table{$target}) {
+ $target = $t;
+ }
+}
+$config{target} = $target;
+my %target = resolve_config($target);
+
+&usage if (!%target || $target{template});
+
+my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}});
+$config{conf_files} = [ sort keys %conf_files ];
+%target = ( %{$table{DEFAULTS}}, %target );
+
+foreach my $feature (@{$target{disable}}) {
+ if (exists $deprecated_disablables{$feature}) {
+ warn "***** config $target disables deprecated feature $feature\n";
+ } elsif (!grep { $feature eq $_ } @disablables) {
+ die "***** config $target disables unknown feature $feature\n";
+ }
+ $disabled{$feature} = 'config';
+}
+foreach my $feature (@{$target{enable}}) {
+ if ("default" eq ($disabled{$_} // "")) {
+ if (exists $deprecated_disablables{$feature}) {
+ warn "***** config $target enables deprecated feature $feature\n";
+ } elsif (!grep { $feature eq $_ } @disablables) {
+ die "***** config $target enables unknown feature $feature\n";
+ }
+ delete $disabled{$_};
+ }
+}
+
foreach (sort (keys %disabled))
{
$config{options} .= " no-$_";
print "\n";
}
-print "Configuring for $target\n";
-# Support for legacy targets having a name starting with 'debug-'
-my ($d, $t) = $target =~ m/^(debug-)?(.*)$/;
-if ($d) {
- $config{build_type} = "debug";
-
- # If we do not find debug-foo in the table, the target is set to foo.
- if (!$table{$target}) {
- $target = $t;
- }
-}
-$config{target} = $target;
-my %target = resolve_config($target);
-
-&usage if (!%target || $target{template});
-
-my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}});
-$config{conf_files} = [ sort keys %conf_files ];
-%target = ( %{$table{DEFAULTS}}, %target );
-
$target{cxxflags}=$target{cflags} unless defined $target{cxxflags};
$target{exe_extension}="";
$target{exe_extension}=".exe" if ($config{target} eq "DJGPP"
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
+foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm",
+ $builder_platform."-checker.pm")) {
+ my $checker_path = catfile($srcdir, "Configurations", $checker);
+ if (-f $checker_path) {
+ my $fn = $ENV{CONFIGURE_CHECKER_WARN}
+ ? sub { warn $@; } : sub { die $@; };
+ if (! do $checker_path) {
+ if ($@) {
+ $fn->($@);
+ } elsif ($!) {
+ $fn->($!);
+ } else {
+ $fn->("The detected tools didn't match the platform\n");
+ }
+ }
+ last;
+ }
+}
+
push @{$config{defines}}, "NDEBUG" if $config{build_type} eq "release";
if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m)
$config{ex_libs}="$libs$config{ex_libs}" if ($libs ne "");
-if ($disabled{asm})
- {
- if ($config{fips})
- {
- @{$config{defines}} = grep !/^[BL]_ENDIAN$/, @{$config{defines}};
- @{$target{defines}} = grep !/^[BL]_ENDIAN$/, @{$target{defines}};
- }
- }
-
# If threads aren't disabled, check how possible they are
unless ($disabled{threads}) {
if ($auto_threads) {
if ($target{shared_target} eq "")
{
$no_shared_warn = 1
- if ((!$disabled{shared} || !$disabled{"dynamic-engine"})
- && !$config{fips});
+ if (!$disabled{shared} || !$disabled{"dynamic-engine"});
$disabled{shared} = "no-shared-target";
$disabled{pic} = $disabled{shared} = $disabled{"dynamic-engine"} =
"no-shared-target";
push @{$config{defines}}, "OPENSSL_BN_ASM_MONT5" if ($target{bn_asm_src} =~ /-mont5/);
push @{$config{defines}}, "OPENSSL_BN_ASM_GF2m" if ($target{bn_asm_src} =~ /-gf2m/);
- if ($config{fips}) {
- push @{$config{openssl_other_defines}}, "OPENSSL_FIPS";
- }
-
if ($target{sha1_asm_src}) {
push @{$config{defines}}, "SHA1_ASM" if ($target{sha1_asm_src} =~ /sx86/ || $target{sha1_asm_src} =~ /sha1/);
push @{$config{defines}}, "SHA256_ASM" if ($target{sha1_asm_src} =~ /sha256/);
}
# Additionally, we set up sharednames for libraries that don't
- # have any, as themselves.
- foreach (keys %{$unified_info{libraries}}) {
+ # have any, as themselves. Only for libraries that aren't
+ # explicitely static.
+ foreach (grep !/\.a$/, keys %{$unified_info{libraries}}) {
if (!defined $unified_info{sharednames}->{$_}) {
$unified_info{sharednames}->{$_} = $_
}
}
+
+ # Check that we haven't defined any library as both shared and
+ # explicitely static. That is forbidden.
+ my @doubles = ();
+ foreach (grep /\.a$/, keys %{$unified_info{libraries}}) {
+ (my $l = $_) =~ s/\.a$//;
+ push @doubles, $l if defined $unified_info{sharednames}->{$l};
+ }
+ die "these libraries are both explicitely static and shared:\n ",
+ join(" ", @doubles), "\n"
+ if @doubles;
}
foreach (keys %ordinals) {
# On non-platforms, we just use file_name_is_absolute().
return file_name_is_absolute($file) unless $^O eq "VMS";
- # If the file spec includes a device or a directpry spec,
+ # If the file spec includes a device or a directory spec,
# file_name_is_absolute() is perfectly safe.
return file_name_is_absolute($file) if $file =~ m|[:\[]|;