X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=Configure;h=33d23921a88132ef8a4a7eba7c5f1b7918c3562b;hp=4fbce036ceae36151cb053cc9be7f9785614183c;hb=de403939a65e3aa581a97aa9a6c60b9d75c3ae8c;hpb=3c8be9c35068a283a70054ded86de7495e2e0877 diff --git a/Configure b/Configure index 4fbce036ce..33d23921a8 100755 --- a/Configure +++ b/Configure @@ -9,7 +9,7 @@ ## Configure -- OpenSSL source tree configuration script -require 5.10.0; +use 5.10.0; use strict; use File::Basename; use File::Spec::Functions qw/:DEFAULT abs2rel rel2abs/; @@ -59,13 +59,29 @@ my $usage="Usage: Configure [no- ...] [enable- ...] [-Dxxx] [-lx # zlib-dynamic Like "zlib", but the zlib library is expected to be a shared # library and will be loaded in run-time by the OpenSSL library. # sctp include SCTP support -# 386 generate 80386 code # enable-weak-ssl-ciphers -# Enable weak ciphers that are disabled by default. This currently -# only includes RC4 based ciphers. -# no-sse2 disables IA-32 SSE2 code, above option implies no-sse2 +# Enable weak ciphers that are disabled by default. +# 386 generate 80386 code in assembly modules +# no-sse2 disables IA-32 SSE2 code in assembly modules, the above +# mentioned '386' option implies this one # no- build without specified algorithm (rsa, idea, rc5, ...) # - + compiler options are passed through +# -static while -static is also a pass-through compiler option (and +# as such is limited to environments where it's actually +# meaningful), it triggers a number configuration options, +# namely no-dso, no-pic, no-shared and no-threads. It is +# argued that the only reason to produce statically linked +# binaries (and in context it means executables linked with +# -static flag, and not just executables linked with static +# libcrypto.a) is to eliminate dependency on specific run-time, +# a.k.a. libc version. The mentioned config options are meant +# to achieve just that. Unfortunately on Linux it's impossible +# to eliminate the dependency completely for openssl executable +# because of getaddrinfo and gethostbyname calls, which can +# invoke dynamically loadable library facility anyway to meet +# the lookup requests. For this reason on Linux statically +# linked openssl executable has rather debugging value than +# production quality. # # DEBUG_SAFESTACK use type-safe stacks to enforce type-safety on stack items # provided to stack calls. Generates unique stack functions for @@ -99,11 +115,15 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED" # but 'long long' type. . " -DPEDANTIC -pedantic -Wno-long-long" . " -Wall" + . " -Wextra" + . " -Wno-unused-parameter" + . " -Wno-missing-field-initializers" . " -Wsign-compare" . " -Wmissing-prototypes" . " -Wshadow" . " -Wformat" . " -Wtype-limits" + . " -Wundef" . " -Werror" ; @@ -118,9 +138,6 @@ my $gcc_devteam_warn = "-DDEBUG_UNUSED" # -Wextended-offsetof -- no, needed in CMS ASN1 code my $clang_devteam_warn = "" . " -Qunused-arguments" - . " -Wextra" - . " -Wno-unused-parameter" - . " -Wno-missing-field-initializers" . " -Wno-language-extension-token" . " -Wno-extended-offsetof" . " -Wconditional-uninitialized" @@ -269,7 +286,7 @@ if (defined $ENV{$local_config_envname}) { } -print "Configuring OpenSSL version $config{version} (0x$config{version_num})\n"; +print "Configuring OpenSSL version $config{version} ($config{version_num})\n"; $config{prefix}=""; $config{openssldir}=""; @@ -284,7 +301,7 @@ my $default_ranlib; $config{fips}=0; # Top level directories to build -$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "tools", "fuzz" ]; +$config{dirs} = [ "crypto", "ssl", "engines", "apps", "test", "util", "tools", "fuzz" ]; # crypto/ subdirectories to build $config{sdirs} = [ "objects", @@ -342,7 +359,6 @@ my @disablables = ( "filenames", "fuzz-libfuzzer", "fuzz-afl", - "fuzz-test", "gost", "heartbeats", "hw(-.+)?", @@ -440,6 +456,8 @@ my @disable_cascades = ( "dgram" => [ "dtls", "sctp" ], "sock" => [ "dgram" ], "dtls" => [ @dtls ], + sub { 0 == scalar grep { !$disabled{$_} } @dtls } + => [ "dtls" ], # SSL 3.0, (D)TLS 1.0 and TLS 1.1 require MD5 and SHA "md5" => [ "ssl", "tls1", "tls1_1", "dtls1" ], @@ -460,6 +478,8 @@ my @disable_cascades = ( "dtls1", "dtls1_2" ], "tls" => [ @tls ], + sub { 0 == scalar grep { !$disabled{$_} } @tls } + => [ "tls" ], # SRP and HEARTBEATS require TLSEXT "tlsext" => [ "srp", "heartbeats" ], @@ -525,8 +545,9 @@ $config{build_type} = "release"; my %unsupported_options = (); my %deprecated_options = (); -foreach (@argvcopy) +while (@argvcopy) { + $_ = shift @argvcopy; # VMS is a case insensitive environment, and depending on settings # out of our control, we may receive options uppercased. Let's # downcase at least the part before any equal sign. @@ -713,9 +734,18 @@ foreach (@argvcopy) { $libs.=$_." "; } + elsif (/^-rpath$/ or /^-R$/) + # -rpath is the OSF1 rpath flag + # -R is the old Solaris rpath flag + { + my $rpath = shift(@argvcopy) || ""; + $rpath .= " " if $rpath ne ""; + $libs.=$_." ".$rpath; + } elsif (/^-static$/) { $libs.=$_." "; + $disabled{"dso"} = "forced"; $disabled{"pic"} = "forced"; $disabled{"shared"} = "forced"; $disabled{"threads"} = "forced"; @@ -764,6 +794,13 @@ foreach (@argvcopy) } } +if ($libs =~ /(^|\s)-Wl,-rpath,/ + && !$disabled{shared} + && !($disabled{asan} && $disabled{msan} && $disabled{ubsan})) { + die "***** Cannot simultaneously use -rpath, shared libraries, and\n", + "***** any of asan, msan or ubsan\n"; +} + if ($config{fips}) { delete $disabled{"shared"} if ($disabled{"shared"} =~ /^default/); @@ -847,33 +884,35 @@ foreach (sort (keys %disabled)) @{$config{dirs}} = grep !/^engines$/, @{$config{dirs}}; @{$config{sdirs}} = grep !/^engine$/, @{$config{sdirs}}; push @{$config{openssl_other_defines}}, "OPENSSL_NO_ENGINE"; + print " OPENSSL_NO_ENGINE (skip engines)"; } else { - my ($ALGO, $algo); - ($ALGO = $algo = $_) =~ tr/[\-a-z]/[_A-Z]/; + my ($WHAT, $what); + + ($WHAT = $what = $_) =~ tr/[\-a-z]/[_A-Z]/; + + # Fix up C macro end names + $WHAT = "RMD160" if $what eq "ripemd"; + + # fix-up crypto/directory name(s) + $what = "ripemd" if $what eq "rmd160"; + $what = "whrlpool" if $what eq "whirlpool"; - if (/^asm$/ || /^err$/ || /^hw$/ || /^hw-/ || /^async$/ - || /^autoalginit/ || /^autoerrinit/) + if ($what ne "async" && $what ne "err" + && grep { $_ eq $what } @{$config{sdirs}}) { - push @{$config{openssl_other_defines}}, "OPENSSL_NO_$ALGO"; - print " OPENSSL_NO_$ALGO"; + push @{$config{openssl_algorithm_defines}}, "OPENSSL_NO_$WHAT"; + @{$config{sdirs}} = grep { $_ ne $what} @{$config{sdirs}}; - if (/^err$/) { push @user_defines, "OPENSSL_NO_ERR"; } + print " OPENSSL_NO_$WHAT (skip dir)"; } else { - ($ALGO,$algo) = ("RMD160","rmd160") if ($algo eq "ripemd"); - - push @{$config{openssl_algorithm_defines}}, "OPENSSL_NO_$ALGO"; - print " OPENSSL_NO_$ALGO"; - - # fix-up crypto/directory name(s) - $algo="whrlpool" if $algo eq "whirlpool"; - $algo="ripemd" if $algo eq "rmd160"; - @{$config{sdirs}} = grep { $_ ne $algo} @{$config{sdirs}}; + push @{$config{openssl_other_defines}}, "OPENSSL_NO_$WHAT"; + print " OPENSSL_NO_$WHAT"; - print " (skip dir)"; + if (/^err$/) { push @user_defines, "OPENSSL_NO_ERR"; } } } @@ -897,6 +936,8 @@ my %target = resolve_config($target); &usage if (!%target || $target{template}); +my %conf_files = map { $_ => 1 } (@{$target{_conf_fname_int}}); +$config{conf_files} = [ sort keys %conf_files ]; %target = ( %{$table{DEFAULTS}}, %target ); $target{exe_extension}=""; @@ -951,6 +992,25 @@ $target{build_scheme} = [ $target{build_scheme} ] my ($builder, $builder_platform, @builder_opts) = @{$target{build_scheme}}; +foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm", + $builder_platform."-checker.pm")) { + my $checker_path = catfile($srcdir, "Configurations", $checker); + if (-f $checker_path) { + my $fn = $ENV{CONFIGURE_CHECKER_WARN} + ? sub { warn $@; } : sub { die $@; }; + if (! do $checker_path) { + if ($@) { + $fn->($@); + } elsif ($!) { + $fn->($!); + } else { + $fn->("The detected tools didn't match the platform\n"); + } + } + last; + } +} + push @{$config{defines}}, "NDEBUG" if $config{build_type} eq "release"; if ($target =~ /^mingw/ && `$target{cc} --target-help 2>&1` =~ m/-mno-cygwin/m) @@ -1155,6 +1215,9 @@ unless ($disabled{asm}) { if ($target{ec_asm_src} =~ /ecp_nistz256/) { push @{$config{defines}}, "ECP_NISTZ256_ASM"; } + if ($target{padlock_asm_src} ne $table{DEFAULTS}->{padlock_asm_src}) { + push @{$config{defines}}, "PADLOCK_ASM"; + } if ($target{poly1305_asm_src} ne "") { push @{$config{defines}}, "POLY1305_ASM"; } @@ -1174,7 +1237,7 @@ if ($^O ne "VMS" && !$disabled{makedepend}) { # We know that GNU C version 3 and up as well as all clang # versions support dependency generation $config{makedepprog} = $ccpcc - if (/clang/ || (/gcc/ && $compiler_major > 3)); + if (/clang/ || (/gcc/ && $compiler_major >= 3)); $ecc = "clang" if /clang/; $ecc = "gcc" if /gcc/; last if ($config{makedepprog} || !$lines--); @@ -1290,44 +1353,6 @@ my %unified_info = (); my $buildinfo_debug = defined($ENV{CONFIGURE_DEBUG_BUILDINFO}); if ($builder eq "unified") { - # Store the name of the template file we will build the build file from - # in %config. This may be useful for the build file itself. - my @build_file_template_names = - ( $builder_platform."-".$target{build_file}.".tmpl", - $target{build_file}.".tmpl" ); - my @build_file_templates = (); - - # First, look in the user provided directory, if given - if (defined $ENV{$local_config_envname}) { - @build_file_templates = - map { - if ($^O eq 'VMS') { - # VMS environment variables are logical names, - # which can be used as is - $local_config_envname . ':' . $_; - } else { - catfile($ENV{$local_config_envname}, $_); - } - } - @build_file_template_names; - } - # Then, look in our standard directory - push @build_file_templates, - ( map { catfile($srcdir, "Configurations", $_) } - @build_file_template_names ); - - my $build_file_template; - for $_ (@build_file_templates) { - $build_file_template = $_; - last if -f $build_file_template; - - $build_file_template = undef; - } - if (!defined $build_file_template) { - die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n"; - } - $config{build_file_template} = $build_file_template; - use lib catdir(dirname(__FILE__),"util"); use with_fallback qw(Text::Template); @@ -1364,6 +1389,47 @@ if ($builder eq "unified") { return $res; } + # Store the name of the template file we will build the build file from + # in %config. This may be useful for the build file itself. + my @build_file_template_names = + ( $builder_platform."-".$target{build_file}.".tmpl", + $target{build_file}.".tmpl" ); + my @build_file_templates = (); + + # First, look in the user provided directory, if given + if (defined $ENV{$local_config_envname}) { + @build_file_templates = + map { + if ($^O eq 'VMS') { + # VMS environment variables are logical names, + # which can be used as is + $local_config_envname . ':' . $_; + } else { + catfile($ENV{$local_config_envname}, $_); + } + } + @build_file_template_names; + } + # Then, look in our standard directory + push @build_file_templates, + ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) } + @build_file_template_names ); + + my $build_file_template; + for $_ (@build_file_templates) { + $build_file_template = $_; + last if -f $build_file_template; + + $build_file_template = undef; + } + if (!defined $build_file_template) { + die "*** Couldn't find any of:\n", join("\n", @build_file_templates), "\n"; + } + $config{build_file_templates} + = [ $build_file_template, + cleanfile($srcdir, catfile("Configurations", "common.tmpl"), + $blddir) ]; + my @build_infos = ( [ ".", "build.info" ] ); foreach (@{$config{dirs}}) { push @build_infos, [ $_, "build.info" ] @@ -2039,8 +2105,7 @@ print "RC4 uses $config{rc4_int}\n" if $config{rc4_int} ne $def_int; my %builders = ( unified => sub { run_dofile(catfile($blddir, $target{build_file}), - $config{build_file_template}, - catfile($srcdir, "Configurations", "common.tmpl")); + @{$config{build_file_templates}}); }, ); @@ -2218,7 +2283,8 @@ sub read_config { close(CONFFILE); my %targets = (); { - local %table = %::table; # Protect %table from tampering + # Protect certain tables from tampering + local %table = %::table; eval $content; warn $@ if $@; @@ -2233,7 +2299,9 @@ sub read_config { warn "Misconfigured target configuration for $_ (should be a hash table), ignoring...\n"; } delete $targets{$_}; - } + } else { + $targets{$_}->{_conf_fname_int} = add([ $fname ]); + } } %table = (%table, %targets); @@ -2539,7 +2607,7 @@ sub isabsolute { # On non-platforms, we just use file_name_is_absolute(). return file_name_is_absolute($file) unless $^O eq "VMS"; - # If the file spec includes a device or a directpry spec, + # If the file spec includes a device or a directory spec, # file_name_is_absolute() is perfectly safe. return file_name_is_absolute($file) if $file =~ m|[:\[]|;