#! /usr/bin/env perl
# -*- mode: perl; -*-
-# Copyright 2016-2022 The OpenSSL Project Authors. All Rights Reserved.
+# Copyright 2016-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
my $orig_death_handler = $SIG{__DIE__};
$SIG{__DIE__} = \&death_handler;
-my $usage="Usage: Configure [no-<cipher> ...] [enable-<cipher> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
+my $usage="Usage: Configure [no-<feature> ...] [enable-<feature> ...] [-Dxxx] [-lxxx] [-Lxxx] [-fxxx] [-Kxxx] [no-hw-xxx|no-hw] [[no-]threads] [[no-]thread-pool] [[no-]default-thread-pool] [[no-]shared] [[no-]zlib|zlib-dynamic] [no-asm] [no-egd] [sctp] [386] [--prefix=DIR] [--openssldir=OPENSSLDIR] [--with-xxx[=vvv]] [--config=FILE] os/compiler[:flags]\n";
my $banner = <<"EOF";
# [no-]threads [don't] try to create a library that is suitable for
# multithreaded applications (default is "threads" if we
# know how to do it)
+# [no-]thread-pool
+# [don't] allow thread pool functionality
+# [no-]default-thread-pool
+# [don't] allow default thread pool functionality
# [no-]shared [don't] try to create shared libraries when supported.
# [no-]pic [don't] try to build position independent code when supported.
# If disabled, it also disables shared and dynamic-engine.
# no-egd do not compile support for the entropy-gathering daemon APIs
# [no-]zlib [don't] compile support for zlib compression.
# zlib-dynamic Like "zlib", but the zlib library is expected to be a shared
-# library and will be loaded in run-time by the OpenSSL library.
+# library and will be loaded at run-time by the OpenSSL library.
# sctp include SCTP support
-# enable-quic include QUIC support (currently just for developers as the
-# implementation is by no means complete and usable)
+# no-quic disable QUIC support
# no-uplink Don't build support for UPLINK interface.
# enable-weak-ssl-ciphers
# Enable weak ciphers that are disabled by default.
-Wsign-compare
-Wshadow
-Wformat
- -Wtype-limits
+ -Wno-type-limits
+ -Wno-tautological-constant-out-of-range-compare
-Wundef
-Werror
-Wmissing-prototypes
-Wno-parentheses-equality
-Wno-language-extension-token
-Wno-extended-offsetof
+ -Wno-missing-braces
-Wconditional-uninitialized
-Wincompatible-pointer-types-discards-qualifiers
-Wmissing-variable-declarations
}
}
+# Fail if no configuration is apparent
+if (!%table) {
+ print "Failed to find any os/compiler configurations. Please make sure the Configurations directory is included.\n";
+ &usage;
+}
+
# Save away perl command information
$config{perl_cmd} = $^X;
$config{perl_version} = $Config{version};
my @disablables = (
"acvp-tests",
"afalgeng",
+ "apps",
+ "argon2",
"aria",
"asan",
"asm",
"async",
+ "atexit",
"autoalginit",
"autoerrinit",
"autoload-config",
"bf",
"blake2",
+ "brotli",
+ "brotli-dynamic",
"buildtest-c++",
"bulk",
"cached-fetch",
"comp",
"crypto-mdebug",
"ct",
+ "default-thread-pool",
"deprecated",
"des",
"devcryptoeng",
"dgram",
"dh",
+ "docs",
"dsa",
"dso",
"dtls",
"ec_nistp_64_gcc_128",
"ecdh",
"ecdsa",
+ "ecx",
"egd",
"engine",
"err",
"fuzz-afl",
"fuzz-libfuzzer",
"gost",
+ "http",
"idea",
"ktls",
"legacy",
"posix-io",
"psk",
"quic",
+ "unstable-qlog",
"rc2",
"rc4",
"rc5",
"siphash",
"siv",
"sm2",
+ "sm2-precomp",
"sm3",
"sm4",
"sock",
"stdio",
"tests",
"tfo",
+ "thread-pool",
"threads",
"tls",
"trace",
"whirlpool",
"zlib",
"zlib-dynamic",
+ "zstd",
+ "zstd-dynamic",
);
foreach my $proto ((@tls, @dtls))
{
our %disabled = ( # "what" => "comment"
"fips" => "default",
"asan" => "default",
+ "brotli" => "default",
+ "brotli-dynamic" => "default",
"buildtest-c++" => "default",
"crypto-mdebug" => "default",
"crypto-mdebug-backtrace" => "default",
"ktls" => "default",
"md2" => "default",
"msan" => "default",
- "quic" => "default",
+ "unstable-qlog" => "default",
"rc5" => "default",
"sctp" => "default",
"ssl3" => "default",
"weak-ssl-ciphers" => "default",
"zlib" => "default",
"zlib-dynamic" => "default",
+ "zstd" => "default",
+ "zstd-dynamic" => "default",
);
# Note: => pair form used for aesthetics, not to truly make a hash table
my @disable_cascades = (
# "what" => [ "cascade", ... ]
"bulk" => [ "shared", "dso",
- "aria", "async", "autoload-config",
+ "aria", "async", "atexit", "autoload-config",
"blake2", "bf", "camellia", "cast", "chacha",
"cmac", "cms", "cmp", "comp", "ct",
"des", "dgram", "dh", "dsa",
"ssl" => [ "ssl3" ],
"ssl3-method" => [ "ssl3" ],
"zlib" => [ "zlib-dynamic" ],
+ "brotli" => [ "brotli-dynamic" ],
+ "zstd" => [ "zstd-dynamic" ],
"des" => [ "mdc2" ],
- "ec" => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost" ],
+ "ec" => [ "ec2m", "ecdsa", "ecdh", "sm2", "gost", "ecx" ],
"dgram" => [ "dtls", "quic", "sctp" ],
"sock" => [ "dgram", "tfo" ],
"dtls" => [ @dtls ],
"tls" => [ @tls ],
sub { 0 == scalar grep { !$disabled{$_} } @tls }
=> [ "tls" ],
+ "tls1_3" => [ "quic" ],
+ "quic" => [ "unstable-qlog" ],
"crypto-mdebug" => [ "crypto-mdebug-backtrace" ],
- # If no modules, then no dynamic engines either
- "module" => [ "dynamic-engine" ],
+ "module" => [ "dynamic-engine", "fips" ],
# Without shared libraries, dynamic engines aren't possible.
# This is due to them having to link with libcrypto and register features
# or modules.
"pic" => [ "shared", "module" ],
- "module" => [ "fips", "dso" ],
-
"engine" => [ "dynamic-engine", grep(/eng$/, @disablables) ],
"dynamic-engine" => [ "loadereng" ],
"hw" => [ "padlockeng" ],
"stdio" => [ "apps", "capieng", "egd" ],
"apps" => [ "tests" ],
"tests" => [ "external-tests" ],
- "comp" => [ "zlib" ],
+ "comp" => [ "zlib", "brotli", "zstd" ],
"sm3" => [ "sm2" ],
sub { !$disabled{"unit-test"} } => [ "heartbeats" ],
"fips" => [ "fips-securitychecks", "acvp-tests" ],
- "deprecated-3.0" => [ "engine", "srp" ]
+ "threads" => [ "thread-pool" ],
+ "thread-pool" => [ "default-thread-pool" ],
+
+ "blake2" => [ "argon2" ],
+
+ "deprecated-3.0" => [ "engine", "srp" ],
+
+ "http" => [ "ocsp" ]
);
# Avoid protocol support holes. Also disable all versions below N, if version
# input, as opposed to the VAR=string option that override the corresponding
# config target attributes
my %useradd = (
+ ASFLAGS => [],
CPPDEFINES => [],
CPPINCLUDES => [],
CPPFLAGS => [],
{
delete $disabled{"zlib"};
}
+ elsif ($1 eq "brotli-dynamic")
+ {
+ delete $disabled{"brotli"};
+ }
+ elsif ($1 eq "zstd-dynamic")
+ {
+ delete $disabled{"zstd"};
+ }
my $algo = $1;
delete $disabled{$algo};
if (/^--prefix=(.*)$/)
{
$config{prefix}=$1;
- die "Directory given with --prefix MUST be absolute\n"
- unless file_name_is_absolute($config{prefix});
}
elsif (/^--api=(.*)$/)
{
{
$withargs{zlib_include}=$1;
}
+ elsif (/^--with-brotli-lib=(.*)$/)
+ {
+ $withargs{brotli_lib}=$1;
+ }
+ elsif (/^--with-brotli-include=(.*)$/)
+ {
+ $withargs{brotli_include}=$1;
+ }
+ elsif (/^--with-zstd-lib=(.*)$/)
+ {
+ $withargs{zstd_lib}=$1;
+ }
+ elsif (/^--with-zstd-include=(.*)$/)
+ {
+ $withargs{zstd_include}=$1;
+ }
elsif (/^--with-fuzzer-lib=(.*)$/)
{
$withargs{fuzzer_lib}=$1;
# At this point, we can forget everything about %user and %useradd,
# because it's now all been merged into the corresponding $config entry
+if ($config{prefix} && !$config{CROSS_COMPILE}) {
+ die "Directory given with --prefix MUST be absolute\n"
+ unless file_name_is_absolute($config{prefix});
+}
+
if (grep { $_ =~ /(?:^|\s)-static(?:\s|$)/ } @{$config{LDFLAGS}}) {
disable('static', 'pic', 'threads');
}
my ($builder, $builder_platform, @builder_opts) =
@{$target{build_scheme}};
-foreach my $checker (($builder_platform."-".$target{build_file}."-checker.pm",
+foreach my $checker (($builder_platform."-".$config{build_file}."-checker.pm",
$builder_platform."-checker.pm")) {
my $checker_path = catfile($srcdir, "Configurations", $checker);
if (-f $checker_path) {
}
if ($target =~ /linux.*-mips/ && !$disabled{asm}
- && !grep { $_ !~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
+ && !grep { $_ =~ /-m(ips|arch=)/ } (@{$config{CFLAGS}})) {
# minimally required architecture flags for assembly modules
my $value;
$value = '-mips2' if ($target =~ /mips32/);
push @{$config{openssl_feature_defines}}, "OPENSSL_THREADS";
}
+if ($disabled{"unstable-qlog"}) {
+ $disabled{"qlog"} = 1;
+}
+
my $no_shared_warn=0;
if (($target{shared_target} // '') eq "")
{
if (!grep { $what eq $_ } ( 'buildtest-c++', 'fips', 'threads', 'shared',
'module', 'pic', 'dynamic-engine', 'makedepend',
- 'zlib-dynamic', 'zlib', 'sse2', 'legacy' )) {
+ 'sse2', 'legacy' )) {
(my $WHAT = uc $what) =~ s|-|_|g;
my $skipdir = $what;
my $base = shift;
my $dir = shift;
my $relativeto = shift || ".";
+ my $no_mkpath = shift // 0;
$dir = catdir($base,$dir) unless isabsolute($dir);
# Make sure the directories we're building in exists
- mkpath($dir);
+ mkpath($dir) unless $no_mkpath;
my $res = abs2rel(absolutedir($dir), rel2abs($relativeto));
#print STDERR "DEBUG[cleandir]: $dir , $base => $res\n";
my $base = shift;
my $file = shift;
my $relativeto = shift || ".";
+ my $no_mkpath = shift // 0;
$file = catfile($base,$file) unless isabsolute($file);
my $f = basename($file);
# Make sure the directories we're building in exists
- mkpath($d);
+ mkpath($d) unless $no_mkpath;
my $res = abs2rel(catfile(absolutedir($d), $f), rel2abs($relativeto));
#print STDERR "DEBUG[cleanfile]: $d , $f => $res\n";
# Store the name of the template file we will build the build file from
# in %config. This may be useful for the build file itself.
my @build_file_template_names =
- ( $builder_platform."-".$target{build_file}.".tmpl",
- $target{build_file}.".tmpl" );
+ ( $builder_platform."-".$config{build_file}.".tmpl",
+ $config{build_file}.".tmpl" );
my @build_file_templates = ();
# First, look in the user provided directory, if given
}
# Then, look in our standard directory
push @build_file_templates,
- ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir) }
+ ( map { cleanfile($srcdir, catfile("Configurations", $_), $blddir, 1) }
@build_file_template_names );
my $build_file_template;
}
$config{build_file_templates}
= [ cleanfile($srcdir, catfile("Configurations", "common0.tmpl"),
- $blddir),
+ $blddir, 1),
$build_file_template ];
my @build_dirs = ( [ ] ); # current directory
# We want to detect configdata.pm in the source tree, so we
# don't use it if the build tree is different.
- my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir);
+ my $src_configdata = cleanfile($srcdir, "configdata.pm", $blddir, 1);
# Any source file that we recognise is placed in this hash table, with
# the list of its intended destinations as value. When everything has
my $dest = $_;
my $ddest = cleanfile($buildd, $_, $blddir);
foreach (@{$sources{$dest}}) {
- my $s = cleanfile($sourced, $_, $blddir);
+ my $s = cleanfile($sourced, $_, $blddir, 1);
# If it's generated or we simply don't find it in the source
# tree, we assume it's in the build tree.
my $dest = $_;
my $ddest = cleanfile($buildd, $_, $blddir);
foreach (@{$shared_sources{$dest}}) {
- my $s = cleanfile($sourced, $_, $blddir);
+ my $s = cleanfile($sourced, $_, $blddir, 1);
# If it's generated or we simply don't find it in the source
# tree, we assume it's in the build tree.
if scalar @{$generate{$_}} > 1;
my @generator = split /\s+/, $generate{$dest}->[0];
my $gen = $generator[0];
- $generator[0] = cleanfile($sourced, $gen, $blddir);
+ $generator[0] = cleanfile($sourced, $gen, $blddir, 1);
# If the generator is itself generated, it's in the build tree
if ($generate{$gen} || ! -f $generator[0]) {
} elsif ($dest eq '') {
$ddest = '';
} else {
- $ddest = cleanfile($sourced, $_, $blddir);
+ $ddest = cleanfile($sourced, $dest, $blddir, 1);
# If the destination doesn't exist in source, it can only be
# a generated file in the build tree.
if ($ddest eq $src_configdata || ! -f $ddest) {
- $ddest = cleanfile($buildd, $_, $blddir);
+ $ddest = cleanfile($buildd, $dest, $blddir);
}
}
- foreach (@{$depends{$dest}}) {
- my $d = cleanfile($sourced, $_, $blddir);
- my $d2 = cleanfile($buildd, $_, $blddir);
+ foreach my $f (@{$depends{$dest}}) {
+ # If the dependency destination is generated, dependencies
+ # may have an extra syntax to separate the intended inclusion
+ # directory from the module to be loaded: a | instead of a
+ # / as directory separator.
+ # Do note that this has to be handled in the build file
+ # template as well.
+ # $i = inclusion path in source directory
+ # $i2 = inclusion path in build directory
+ # $m = module path (within the inclusion path)
+ # $i = full module path in source directory
+ # $i2 = full module path in build directory
+ my $i; my $i2; my $m; my $d; my $d2;
+ if ($unified_info{generate}->{$ddest}
+ && $f =~ m/^(.*?)\|(.*)$/) {
+ $i = $1;
+ $m = $2;
+ # We must be very careful to modify $i last
+ $d = cleanfile($sourced, "$i/$m", $blddir, 1);
+ $d2 = cleanfile($buildd, "$i/$m", $blddir);
+ $i2 = cleandir($buildd, $i, $blddir);
+ $i = cleandir($sourced, $i, $blddir, 1);
+ } else {
+ $d = cleanfile($sourced, $f, $blddir, 1);
+ $d2 = cleanfile($buildd, $f, $blddir);
+ }
# If we know it's generated, or assume it is because we can't
# find it in the source tree, we set file we depend on to be
keys %{$unified_info{generate}})
|| ! -f $d) {
$d = $d2;
+ $i = $i2;
+ }
+ if ($i) {
+ # Put together the computed inclusion dir with the
+ # original module name. Do note that we conserve the
+ # Unixly path syntax for the module path.
+ $d = "$i|$m";
}
$unified_info{depends}->{$ddest}->{$d} = 1;
# Fix up associated attributes
$unified_info{attributes}->{depends}->{$ddest}->{$d} =
- $attributes{depends}->{$dest}->{$_}
- if defined $attributes{depends}->{$dest}->{$_};
+ $attributes{depends}->{$dest}->{$f}
+ if defined $attributes{depends}->{$dest}->{$f};
}
}
foreach (keys %includes) {
my $dest = $_;
- my $ddest = cleanfile($sourced, $_, $blddir);
+ my $ddest = cleanfile($sourced, $_, $blddir, 1);
# If the destination doesn't exist in source, it can only be
# a generated file in the build tree.
$ddest = cleanfile($buildd, $_, $blddir);
}
foreach (@{$includes{$dest}}) {
- my $is = cleandir($sourced, $_, $blddir);
+ my $is = cleandir($sourced, $_, $blddir, 1);
my $ib = cleandir($buildd, $_, $blddir);
push @{$unified_info{includes}->{$ddest}->{source}}, $is
unless grep { $_ eq $is } @{$unified_info{includes}->{$ddest}->{source}};
my $ddest;
if ($dest ne "") {
- $ddest = cleanfile($sourced, $dest, $blddir);
+ $ddest = cleanfile($sourced, $dest, $blddir, 1);
# If the destination doesn't exist in source, it can only
# be a generated file in the build tree.
next if $dest eq "";
foreach my $d (keys %{$unified_info{depends}->{$dest}}) {
next unless $d =~ /\.(h|pm)$/;
- my $i = dirname($d);
+ # Take into account when a dependency uses the inclusion|module
+ # syntax
+ my $i = $d =~ m/\|/ ? $` : dirname($d);
my $spot =
$d eq "configdata.pm" || defined($unified_info{generate}->{$d})
? 'build' : 'source';
my $configdata_outname = 'configdata.pm';
open CONFIGDATA, ">$configdata_outname.new"
or die "Trying to create $configdata_outname.new: $!";
-my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir);
+my $configdata_tmplname = cleanfile($srcdir, "configdata.pm.in", $blddir, 1);
my $configdata_tmpl =
OpenSSL::Template->new(TYPE => 'FILE', SOURCE => $configdata_tmplname);
$configdata_tmpl->fill_in(
you have tried with a current version of OpenSSL).
EOF
+print <<"EOF" if (!$disabled{qlog});
+
+============================== WARNING ===============================
+
+WARNING: You have enabled qlog. This functionality is unstable and
+ implements a draft version of the qlog specification. The qlog
+ output from OpenSSL *will* change in incompatible ways in future,
+ and is not subject to any format stability or compatibility
+ guarantees at this time. See the manpage openssl-qlog(7) for
+ details.
+
+============================== WARNING ===============================
+
+EOF
+
print $banner;
exit(0);
#
sub death_handler {
die @_ if $^S; # To prevent the added message in eval blocks
- my $build_file = $target{build_file} // "build file";
+ my $build_file = $config{build_file} // "build file";
my @message = ( <<"_____", @_ );
Failure! $build_file wasn't produced.