#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2020 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2021 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $banner = <<"EOF";
+
+**********************************************************************
+*** ***
+*** OpenSSL has been successfully configured ***
+*** ***
+*** If you encounter a problem while building, please open an ***
+*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
+*** and include the output from the following command: ***
+*** ***
+*** perl configdata.pm --dump ***
+*** ***
+*** (If you are new to OpenSSL, you might want to consult the ***
+*** 'Troubleshooting' section in the INSTALL.md file first) ***
+*** ***
+**********************************************************************
+EOF
+
# Options:
#
# --config add the given configuration file, which will be read after
# given with --prefix.
# This becomes the value of OPENSSLDIR in Makefile and in C.
# (Default: PREFIX/ssl)
+# --banner=".." Output specified text instead of default completion banner
#
# --cross-compile-prefix Add specified prefix to binutils components.
#
# 386 generate 80386 code in assembly modules
# no-sse2 disables IA-32 SSE2 code in assembly modules, the above
# mentioned '386' option implies this one
-# no-<cipher> build without specified algorithm (rsa, idea, rc5, ...)
+# no-<cipher> build without specified algorithm (dsa, idea, rc5, ...)
# -<xxx> +<xxx> All options which are unknown to the 'Configure' script are
# /<xxx> passed through to the compiler. Unix-style options beginning
# with a '-' or '+' are recognized, as well as Windows-style
# The numbering used changes from 3.0 and on because we updated
# (solidified) our version numbering scheme at that point.
- # From 3.0 and on, we internalise the given version number in dedcimal
+ # From 3.0 and on, we internalise the given version number in decimal
# as MAJOR * 10000 + MINOR * 100 + 0
"3.0.0" => 30000,
"3.0" => 30000,
"0.9.8" => 908,
};
+# For OpenSSL::config::get_platform
+my %guess_opts = ();
+
+my $dryrun = 0;
+
our %table = ();
our %config = ();
our %withargs = ();
# Unified build supports separate build dir
my $srcdir = catdir(absolutedir(dirname($0))); # catdir ensures local syntax
my $blddir = catdir(absolutedir(".")); # catdir ensures local syntax
+
+# File::Spec::Unix doesn't detect case insensitivity, so we make sure to
+# check if the source and build directory are really the same, and make
+# them so. This avoids all kinds of confusion later on.
+# We must check @File::Spec::ISA rather than using File::Spec->isa() to
+# know if File::Spec ended up loading File::Spec::Unix.
+$srcdir = $blddir
+ if (grep(/::Unix$/, @File::Spec::ISA)
+ && samedir($srcdir, $blddir));
+
my $dofile = abs2rel(catfile($srcdir, "util/dofile.pl"));
my $local_config_envname = 'OPENSSL_LOCAL_CONFIG_DIR';
-$config{sourcedir} = abs2rel($srcdir);
-$config{builddir} = abs2rel($blddir);
+$config{sourcedir} = abs2rel($srcdir, $blddir);
+$config{builddir} = abs2rel($blddir, $blddir);
+# echo -n 'holy hand grenade of antioch' | openssl sha256
+$config{FIPSKEY} =
+ 'f4556650ac31d35461610bac4ed81b1a181b2d8a43ea2854cbae22ca74560813';
# Collect reconfiguration information if needed
my @argvcopy=@ARGV;
# 'unshift' adds at the front of the list (i.e. in reverse input order).
foreach ( reverse sort( 'aes', 'aria', 'bf', 'camellia', 'cast', 'des', 'dh',
'dsa', 'ec', 'hmac', 'idea', 'md2', 'md5', 'mdc2',
- 'rc2', 'rc4', 'rc5', 'ripemd', 'rsa', 'seed', 'sha',
+ 'rc2', 'rc4', 'rc5', 'ripemd', 'seed', 'sha',
'sm2', 'sm3', 'sm4') ) {
unshift @argvcopy, "no-$_" if ! -d catdir($srcdir, 'crypto', $_);
}
my %version = ();
collect_information(
- collect_from_file(catfile($srcdir,'VERSION')),
+ collect_from_file(catfile($srcdir,'VERSION.dat')),
qr/\s*(\w+)\s*=\s*(.*?)\s*$/ =>
sub {
# Only define it if there is a value at all
}
},
"OTHERWISE" =>
- sub { die "Something wrong with this line:\n$_\nin $srcdir/VERSION" },
+ sub { die "Something wrong with this line:\n$_\nin $srcdir/VERSION.dat" },
);
$config{major} = $version{MAJOR} // 'unknown';
$config{version} = "$config{major}.$config{minor}.$config{patch}";
$config{full_version} = "$config{version}$config{prerelease}$config{build_metadata}";
-die "erroneous version information in VERSION: ",
+die "erroneous version information in VERSION.dat: ",
"$config{version}, $config{shlib_version}\n"
unless (defined $version{MAJOR}
&& defined $version{MINOR}
# For developers: keep it sorted alphabetically
my @disablables = (
- "acvp_tests",
+ "acvp-tests",
"afalgeng",
"aria",
"asan",
"bf",
"blake2",
"buildtest-c++",
+ "bulk",
+ "cached-fetch",
"camellia",
"capieng",
"cast",
"dynamic-engine",
"ec",
"ec2m",
+ "ec_nistp_64_gcc_128",
"ecdh",
"ecdsa",
- "ec_nistp_64_gcc_128",
"egd",
"engine",
"err",
"external-tests",
"filenames",
"fips",
- "fuzz-libfuzzer",
+ "fips-securitychecks",
"fuzz-afl",
+ "fuzz-libfuzzer",
"gost",
"idea",
"ktls",
"msan",
"multiblock",
"nextprotoneg",
- "pinshared",
"ocb",
"ocsp",
"padlockeng",
"pic",
+ "pinshared",
"poly1305",
"posix-io",
"psk",
"ui-console",
"unit-test",
"uplink",
- "whirlpool",
"weak-ssl-ciphers",
+ "whirlpool",
"zlib",
"zlib-dynamic",
);
# All of the following are disabled by default:
our %disabled = ( # "what" => "comment"
+ "fips" => "default",
+ "acvp-tests" => "default",
"asan" => "default",
"buildtest-c++" => "default",
"crypto-mdebug" => "default",
"ec_nistp_64_gcc_128" => "default",
"egd" => "default",
"external-tests" => "default",
- "fuzz-libfuzzer" => "default",
"fuzz-afl" => "default",
+ "fuzz-libfuzzer" => "default",
+ "ktls" => "default",
"md2" => "default",
"msan" => "default",
"rc5" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"zlib-dynamic" => "default",
- "ktls" => "default",
);
# Note: => pair form used for aesthetics, not to truly make a hash table
my @disable_cascades = (
# "what" => [ "cascade", ... ]
+ "bulk" => [ "shared", "dso",
+ "aria", "async", "autoload-config",
+ "blake2", "bf", "camellia", "cast", "chacha",
+ "cmac", "cms", "cmp", "comp", "ct",
+ "des", "dgram", "dh", "dsa",
+ "ec", "engine",
+ "filenames",
+ "idea", "ktls",
+ "md4", "multiblock", "nextprotoneg",
+ "ocsp", "ocb", "poly1305", "psk",
+ "rc2", "rc4", "rmd160",
+ "seed", "siphash", "siv",
+ "sm3", "sm4", "srp",
+ "srtp", "ssl3-method",
+ "ts", "ui-console", "whirlpool",
+ "fips-securitychecks" ],
sub { $config{processor} eq "386" }
=> [ "sse2" ],
"ssl" => [ "ssl3" ],
"ssl3-method" => [ "ssl3" ],
"zlib" => [ "zlib-dynamic" ],
"des" => [ "mdc2" ],
- "ec" => [ "ecdsa", "ecdh", "sm2", "gost" ],
- sub { $disabled{"ec"} && $disabled{"dh"} }
- => [ "tls1_3" ],
+ "ec" => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost" ],
"dgram" => [ "dtls", "sctp" ],
"sock" => [ "dgram" ],
"dtls" => [ @dtls ],
# or modules.
"pic" => [ "shared", "module" ],
- "module" => [ "fips" ],
+ "module" => [ "fips", "dso" ],
- "engine" => [ grep /eng$/, @disablables ],
+ "engine" => [ "dynamic-engine", grep(/eng$/, @disablables) ],
"hw" => [ "padlockeng" ],
# no-autoalginit is only useful when building non-shared
- "autoalginit" => [ "shared", "apps" ],
+ "autoalginit" => [ "shared", "apps", "fips" ],
"stdio" => [ "apps", "capieng", "egd" ],
"apps" => [ "tests" ],
sub { !$disabled{"msan"} } => [ "asm" ],
- sub { $disabled{cmac}; } => [ "siv" ],
- "legacy" => [ "md2" ],
+ "cmac" => [ "siv" ],
+ "legacy" => [ "md2" ],
"cmp" => [ "crmf" ],
- # Padlock engine uses low-level AES APIs which are deprecated
- sub { $disabled{"deprecated-3.0"} }
- => [ "padlockeng" ]
+ "fips" => [ "fips-securitychecks" ],
+
+ "deprecated-3.0" => [ "engine", "srp" ]
);
# Avoid protocol support holes. Also disable all versions below N, if version
# No longer an automatic choice
$auto_threads = 0 if ($1 eq "threads");
}
+ elsif (/^-d$/) # From older 'config'
+ {
+ $config{build_type} = "debug";
+ }
+ elsif (/^-v$/) # From older 'config'
+ {
+ $guess_opts{verbose} = 1;
+ }
+ elsif (/^-w$/) # From older 'config'
+ {
+ $guess_opts{nowait} = 1;
+ }
+ elsif (/^-t$/) # From older 'config'
+ {
+ $dryrun = 1;
+ }
elsif (/^--strict-warnings$/)
{
# Pretend that our strict flags is a C flag, and replace it
push @seed_sources, $x;
}
}
+ elsif (/^--fips-key=(.*)$/)
+ {
+ $user{FIPSKEY}=lc($1);
+ die "Non-hex character in FIPS key\n"
+ if $user{FIPSKEY} =~ /[^a-f0-9]/;
+ die "FIPS key must have even number of characters\n"
+ if length $1 & 1;
+ die "FIPS key too long (64 bytes max)\n"
+ if length $1 > 64;
+ }
+ elsif (/^--banner=(.*)$/)
+ {
+ $banner = $1 . "\n";
+ }
elsif (/^--cross-compile-prefix=(.*)$/)
{
$user{CROSS_COMPILE}=$1;
# If no target was given, try guessing.
unless ($target) {
- my %system_config = OpenSSL::config::get_platform(%config, %user);
+ my %system_config = OpenSSL::config::get_platform(%guess_opts, %user);
# The $system_config{disable} is used to populate %disabled with
# entries that aren't already there.
&usage unless $target;
+exit 0 if $dryrun; # From older 'config'
+
$config{target} = $target;
my %target = resolve_config($target);
}
my $no_shared_warn=0;
-if ($target{shared_target} eq "")
+if (($target{shared_target} // '') eq "")
{
$no_shared_warn = 1
if (!$disabled{shared} || !$disabled{"dynamic-engine"});
# Check for makedepend capabilities.
if (!$disabled{makedepend}) {
- if ($config{target} =~ /^(VC|vms)-/) {
- # For VC- and vms- targets, there's nothing more to do here. The
- # functionality is hard coded in the corresponding build files for
- # cl (Windows) and CC/DECC (VMS).
+ # If the attribute makedep_scheme is defined, then we assume that the
+ # config target and its associated build file are programmed to deal
+ # with it.
+ # If makedep_scheme is undefined, we go looking for GCC compatible
+ # dependency making, and if that's not available, we try to fall back
+ # on 'makedepend'.
+ if ($target{makedep_scheme}) {
+ $config{makedep_scheme} = $target{makedep_scheme};
+ # If the makedepcmd attribute is defined, copy it. If not, the
+ # build files will have to fend for themselves.
+ $config{makedepcmd} = $target{makedepcmd} if $target{makedepcmd};
} elsif (($predefined_C{__GNUC__} // -1) >= 3
&& !($predefined_C{__APPLE_CC__} && !$predefined_C{__clang__})) {
# We know that GNU C version 3 and up as well as all clang
# versions support dependency generation, but Xcode did not
# handle $cc -M before clang support (but claims __GNUC__ = 3)
- $config{makedepprog} = "\$(CROSS_COMPILE)$config{CC}";
+ $config{makedep_scheme} = 'gcc';
} else {
- # In all other cases, we look for 'makedepend', and disable the
- # capability if not found.
- $config{makedepprog} = which('makedepend');
- disable('unavailable', 'makedepend') unless $config{makedepprog};
+ # In all other cases, we look for 'makedepend', and set the
+ # makedep_scheme value if we found it.
+ $config{makedepcmd} = which('makedepend');
+ $config{makedep_scheme} = 'makedepend' if $config{makedepcmd};
}
+
+ # If no depend scheme is set, we disable makedepend
+ disable('unavailable', 'makedepend') unless $config{makedep_scheme};
}
if (!$disabled{asm} && !$predefined_C{__MACH__} && $^O ne 'VMS') {
$config{build_infos} = [ ];
+ # We want to detect configdata.pm in the source tree, so we
+ # don't use it if the build tree is different.
+ my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir);
+
+ # Any source file that we recognise is placed in this hash table, with
+ # the list of its intended destinations as value. When everything has
+ # been collected, there's a routine that checks that these source files
+ # exist, or if they are generated, that the generator exists.
+ my %check_exist = ();
+ my %check_generate = ();
+
my %ordinals = ();
while (@build_dirs) {
my @curd = @{shift @build_dirs};
my $ac = 1;
my $ak = $a;
my $av = 1;
- if ($a =~ m|^(!)?(.*?)\s* = \s*(.*?)$|) {
+ if ($a =~ m|^(!)?(.*?)\s* = \s*(.*?)$|x) {
$ac = ! $1;
- $ak = $1;
- $av = $2;
+ $ak = $2;
+ $av = $3;
}
foreach my $g (@goals) {
if ($ac) {
}
};
- # We want to detect configdata.pm in the source tree, so we
- # don't use it if the build tree is different.
- my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir);
-
-
if ($buildinfo_debug) {
print STDERR "DEBUG: Reading ",catfile($sourced, $f),"\n";
}
}
# We recognise C++, C and asm files
if ($s =~ /\.(cc|cpp|c|s|S)$/) {
+ push @{$check_exist{$s}}, $ddest;
my $o = $_;
$o =~ s/\.[csS]$/.o/; # C and assembler
$o =~ s/\.(cc|cpp)$/_cc.o/; # C++
$unified_info{sources}->{$o}->{$s} = -1;
} elsif ($s =~ /\.rc$/) {
# We also recognise resource files
+ push @{$check_exist{$s}}, $ddest;
my $o = $_;
$o =~ s/\.rc$/.res/; # Resource configuration
- my $o = cleanfile($buildd, $o, $blddir);
+ $o = cleanfile($buildd, $o, $blddir);
$unified_info{sources}->{$ddest}->{$o} = -1;
$unified_info{sources}->{$o}->{$s} = -1;
} else {
+ push @{$check_exist{$s}}, $ddest;
$unified_info{sources}->{$ddest}->{$s} = 1;
}
}
if ($s =~ /\.(cc|cpp|c|s|S)$/) {
# We recognise C++, C and asm files
+ push @{$check_exist{$s}}, $ddest;
my $o = $_;
$o =~ s/\.[csS]$/.o/; # C and assembler
$o =~ s/\.(cc|cpp)$/_cc.o/; # C++
$unified_info{sources}->{$o}->{$s} = -1;
} elsif ($s =~ /\.rc$/) {
# We also recognise resource files
+ push @{$check_exist{$s}}, $ddest;
my $o = $_;
$o =~ s/\.rc$/.res/; # Resource configuration
- my $o = cleanfile($buildd, $o, $blddir);
+ $o = cleanfile($buildd, $o, $blddir);
$unified_info{shared_sources}->{$ddest}->{$o} = -1;
$unified_info{sources}->{$o}->{$s} = -1;
} elsif ($s =~ /\.ld$/) {
# We also recognise linker scripts (or corresponding)
# We know they are generated files
+ push @{$check_exist{$s}}, $ddest;
my $ld = cleanfile($buildd, $_, $blddir);
$unified_info{shared_sources}->{$ddest}->{$ld} = 1;
} else {
$generator[0] = cleanfile($sourced, $gen, $blddir);
# If the generator is itself generated, it's in the build tree
- if ($generate{$gen}) {
+ if ($generate{$gen} || ! -f $generator[0]) {
$generator[0] = cleanfile($buildd, $gen, $blddir);
}
+ $check_generate{$ddest}->{$generator[0]}++;
$unified_info{generate}->{$ddest} = [ @generator ];
}
foreach (keys %depends) {
my $dest = $_;
- my $ddest = $dest eq "" ? "" : cleanfile($sourced, $_, $blddir);
+ my $ddest = $dest;
+
+ if ($dest =~ /^\|(.*)\|$/) {
+ # Collect the raw target
+ $unified_info{targets}->{$1} = 1;
+ $ddest = $1;
+ } elsif ($dest eq '') {
+ $ddest = '';
+ } else {
+ $ddest = cleanfile($sourced, $_, $blddir);
- # If the destination doesn't exist in source, it can only be
- # a generated file in the build tree.
- if ($ddest ne "" && ($ddest eq $src_configdata || ! -f $ddest)) {
- $ddest = cleanfile($buildd, $_, $blddir);
+ # If the destination doesn't exist in source, it can only be
+ # a generated file in the build tree.
+ if ($ddest eq $src_configdata || ! -f $ddest) {
+ $ddest = cleanfile($buildd, $_, $blddir);
+ }
}
foreach (@{$depends{$dest}}) {
my $d = cleanfile($sourced, $_, $blddir);
+ my $d2 = cleanfile($buildd, $_, $blddir);
# If we know it's generated, or assume it is because we can't
# find it in the source tree, we set file we depend on to be
# in the build tree rather than the source tree.
if ($d eq $src_configdata
- || (grep { $d eq $_ }
- map { cleanfile($srcdir, $_, $blddir) }
- grep { /\.h$/ } keys %{$unified_info{generate}})
+ || (grep { $d2 eq $_ }
+ keys %{$unified_info{generate}})
|| ! -f $d) {
- $d = cleanfile($buildd, $_, $blddir);
+ $d = $d2;
}
$unified_info{depends}->{$ddest}->{$d} = 1;
DEPEND and SHARED_SOURCE.
EOF
+ # Check that each generated file is only generated once
+ my $ambiguous_generation = 0;
+ foreach (sort keys %check_generate) {
+ my @generators = sort keys %{$check_generate{$_}};
+ my $generators_txt = join(', ', @generators);
+ if (scalar @generators > 1) {
+ warn "$_ is GENERATEd by more than one generator ($generators_txt)\n";
+ $ambiguous_generation++;
+ }
+ if ($check_generate{$_}->{$generators[0]} > 1) {
+ warn "INFO: $_ has more than one GENERATE declaration (same generator)\n"
+ }
+ }
+ die "There are ambiguous source file generations\n"
+ if $ambiguous_generation > 0;
+
+ # All given source files should exist, or if generated, their
+ # generator should exist. This loop ensures this is true.
+ my $missing = 0;
+ foreach my $orig (sort keys %check_exist) {
+ foreach my $dest (@{$check_exist{$orig}}) {
+ if ($orig ne $src_configdata) {
+ if ($orig =~ /\.a$/) {
+ # Static library names may be used as sources, so we
+ # need to detect those and give them special treatment.
+ unless (grep { $_ eq $orig }
+ keys %{$unified_info{libraries}}) {
+ warn "$orig is given as source for $dest, but no such library is built\n";
+ $missing++;
+ }
+ } else {
+ # A source may be generated, and its generator may be
+ # generated as well. We therefore loop to dig out the
+ # first generator.
+ my $gen = $orig;
+
+ while (my @next = keys %{$check_generate{$gen}}) {
+ $gen = $next[0];
+ }
+
+ if (! -f $gen) {
+ if ($gen ne $orig) {
+ $missing++;
+ warn "$orig is given as source for $dest, but its generator (leading to $gen) is missing\n";
+ } else {
+ $missing++;
+ warn "$orig is given as source for $dest, but is missing\n";
+ }
+ }
+ }
+ }
+ }
+ }
+ die "There are files missing\n" if $missing > 0;
# Go through the sources of all libraries and check that the same basename
# doesn't appear more than once. Some static library archivers depend on
### Make unified_info a bit more efficient
# One level structures
- foreach (("programs", "libraries", "modules", "scripts")) {
+ foreach (("programs", "libraries", "modules", "scripts", "targets")) {
$unified_info{$_} = [ sort keys %{$unified_info{$_}} ];
}
# Two level structures
you have tried with a current version of OpenSSL).
EOF
-print <<"EOF";
-
-**********************************************************************
-*** ***
-*** OpenSSL has been successfully configured ***
-*** ***
-*** If you encounter a problem while building, please open an ***
-*** issue on GitHub <https://github.com/openssl/openssl/issues> ***
-*** and include the output from the following command: ***
-*** ***
-*** perl configdata.pm --dump ***
-*** ***
-*** (If you are new to OpenSSL, you might want to consult the ***
-*** 'Troubleshooting' section in the INSTALL.md file first) ***
-*** ***
-**********************************************************************
-EOF
+print $banner;
exit(0);
my @message = ( <<"_____", @_ );
Failure! $build_file wasn't produced.
-Please read INSTALL.md and associated NOTES files. You may also have to
+Please read INSTALL.md and associated NOTES-* files. You may also have to
look over your available compiler tool chain or change your configuration.
_____
}
print STDERR $i . " ";
}
- print STDERR "\n\nNOTE: If in doubt, on Unix-ish systems use './config'.\n";
exit(1);
}
"loutflag",
"ex_libs",
"bn_ops",
+ "enable",
+ "disable",
"poly1035_asm_src",
"thread_scheme",
"perlasm_scheme",
return realpath($dir);
}
+# Check if all paths are one and the same, using stat. They must both exist
+# We need this for the cases when File::Spec doesn't detect case insensitivity
+# (File::Spec::Unix assumes case sensitivity)
+sub samedir {
+ die "samedir expects two arguments\n" unless scalar @_ == 2;
+
+ my @stat0 = stat($_[0]); # First argument
+ my @stat1 = stat($_[1]); # Second argument
+
+ die "Couldn't stat $_[0]" unless @stat0;
+ die "Couldn't stat $_[1]" unless @stat1;
+
+ # Compare device number
+ return 0 unless ($stat0[0] == $stat1[0]);
+ # Compare "inode". The perl manual recommends comparing as
+ # string rather than as number.
+ return 0 unless ($stat0[1] eq $stat1[1]);
+
+ return 1; # All the same
+}
+
sub quotify {
my %processors = (
perl => sub { my $x = shift;