| cmake_minimum_required(VERSION 3.16) |
| |
| # Defer enabling C and CXX languages. |
| project(BoringSSL NONE) |
| |
| # Don't install BoringSSL to system directories by default; it has no stable |
| # ABI. Instead, default to an "install" directory under the source. |
| if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) |
| set(CMAKE_INSTALL_PREFIX ${CMAKE_SOURCE_DIR}/install CACHE PATH "" FORCE) |
| endif() |
| |
| if(WIN32) |
| # On Windows, prefer cl over gcc if both are available. By default most of |
| # the CMake generators prefer gcc, even on Windows. |
| set(CMAKE_GENERATOR_CC cl) |
| endif() |
| |
| include(cmake/go.cmake) |
| include(cmake/paths.cmake) |
| include(gen/sources.cmake) |
| |
| enable_language(C) |
| enable_language(CXX) |
| |
| include(GNUInstallDirs) |
| |
| set(INSTALL_ENABLED 1) |
| |
| if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND NOT CMAKE_CROSSCOMPILING) |
| find_package(PkgConfig QUIET) |
| if (PkgConfig_FOUND) |
| pkg_check_modules(LIBUNWIND libunwind-generic>=1.3.0) |
| if(LIBUNWIND_FOUND) |
| add_definitions(-DBORINGSSL_HAVE_LIBUNWIND) |
| else() |
| message("libunwind not found. Disabling unwind tests.") |
| endif() |
| else() |
| message("pkgconfig not found. Disabling unwind tests.") |
| endif() |
| endif() |
| |
| string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER) |
| if(NOT FIPS) |
| if(CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithassert" OR |
| NOT CMAKE_BUILD_TYPE_LOWER MATCHES "rel") |
| add_definitions(-DBORINGSSL_DISPATCH_TEST) |
| # CMake automatically connects include_directories to the NASM |
| # command-line, but not add_definitions. |
| set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DBORINGSSL_DISPATCH_TEST") |
| endif() |
| endif() |
| |
| # Add a RelWithAsserts build configuration. It is the same as Release, except it |
| # does not define NDEBUG, so asserts run. |
| foreach(VAR CMAKE_C_FLAGS CMAKE_CXX_FLAGS CMAKE_ASM_FLAGS) |
| string(REGEX REPLACE "(^| )[/-]DNDEBUG( |$)" " " "${VAR}_RELWITHASSERTS" |
| "${${VAR}_RELEASE}") |
| endforeach() |
| |
| if(BORINGSSL_PREFIX AND BORINGSSL_PREFIX_SYMBOLS) |
| require_go() |
| add_definitions(-DBORINGSSL_PREFIX=${BORINGSSL_PREFIX}) |
| # CMake automatically connects include_directories to the NASM command-line, |
| # but not add_definitions. |
| set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DBORINGSSL_PREFIX=${BORINGSSL_PREFIX}") |
| |
| # Use "symbol_prefix_include" to store generated header files |
| include_directories(${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include) |
| add_custom_command( |
| OUTPUT symbol_prefix_include/boringssl_prefix_symbols.h |
| symbol_prefix_include/boringssl_prefix_symbols_asm.h |
| symbol_prefix_include/boringssl_prefix_symbols_nasm.inc |
| COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include |
| COMMAND ${GO_EXECUTABLE} run ${CMAKE_CURRENT_SOURCE_DIR}/util/make_prefix_headers.go -out ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include ${BORINGSSL_PREFIX_SYMBOLS} |
| DEPENDS util/make_prefix_headers.go |
| ${BORINGSSL_PREFIX_SYMBOLS}) |
| |
| # add_dependencies needs a target, not a file, so we add an intermediate |
| # target. |
| add_custom_target( |
| boringssl_prefix_symbols |
| DEPENDS symbol_prefix_include/boringssl_prefix_symbols.h |
| symbol_prefix_include/boringssl_prefix_symbols_asm.h |
| symbol_prefix_include/boringssl_prefix_symbols_nasm.inc) |
| elseif(BORINGSSL_PREFIX OR BORINGSSL_PREFIX_SYMBOLS) |
| message(FATAL_ERROR "Must specify both or neither of BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS") |
| else() |
| add_custom_target(boringssl_prefix_symbols) |
| endif() |
| |
| if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") |
| set(CLANG 1) |
| endif() |
| |
| if(CMAKE_SYSTEM_NAME STREQUAL "Emscripten") |
| set(EMSCRIPTEN 1) |
| endif() |
| |
| set(CMAKE_CXX_STANDARD 14) |
| set(CMAKE_CXX_STANDARD_REQUIRED ON) |
| set(CMAKE_C_STANDARD 11) |
| set(CMAKE_C_STANDARD_REQUIRED ON) |
| |
| if(CMAKE_COMPILER_IS_GNUCXX OR CLANG) |
| # Note clang-cl is odd and sets both CLANG and MSVC. We base our configuration |
| # primarily on our normal Clang one. |
| set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare -Wwrite-strings -Wvla -Wshadow -Wtype-limits -Wmissing-field-initializers") |
| if(MSVC) |
| # clang-cl sets different default warnings than clang. It also treats -Wall |
| # as -Weverything, to match MSVC. Instead -W3 is the alias for -Wall. |
| # See http://llvm.org/viewvc/llvm-project?view=revision&revision=319116 |
| set(C_CXX_FLAGS "${C_CXX_FLAGS} -W3 -Wno-unused-parameter -fmsc-version=1900") |
| else() |
| if(EMSCRIPTEN) |
| # emscripten's emcc/clang does not accept the "-ggdb" flag. |
| set(C_CXX_FLAGS "${C_CXX_FLAGS} -g") |
| else() |
| set(C_CXX_FLAGS "${C_CXX_FLAGS} -ggdb") |
| endif() |
| |
| set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wall -fvisibility=hidden -fno-common") |
| endif() |
| |
| if(CLANG) |
| set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wnewline-eof -fcolor-diagnostics") |
| else() |
| # GCC (at least 4.8.4) has a bug where it'll find unreachable free() calls |
| # and declare that the code is trying to free a stack pointer. |
| set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wno-free-nonheap-object") |
| endif() |
| |
| # -Wstring-concatenation was added in Clang 12.0.0, which corresponds to |
| # AppleClang 13.0.0 per the table in |
| # https://en.wikipedia.org/wiki/Xcode#Toolchain_versions |
| if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND |
| CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "12.0.0") OR |
| (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND |
| CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0.0")) |
| set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wstring-concatenation") |
| endif() |
| |
| # Clang 12's -Wframe-larger-than reportedly does not work in clang-cl. See |
| # https://crbug.com/boringssl/709. Clang 13 includes the following fix, which |
| # may be related. Speculatively gate on Clang 13. That corresponds to |
| # AppleClang 13.1.6. |
| # https://github.com/llvm/llvm-project/commit/6aaf4fa2885600b0e31042071ad06f78218ab0f2 |
| if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND |
| CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0.0") OR |
| (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND |
| CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.1.6")) |
| set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wframe-larger-than=25344") |
| endif() |
| |
| # -Wctad-maybe-unsupported was added in Clang 10, which is AppleClang 12.0.0. |
| if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND |
| CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "10.0.0") OR |
| (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND |
| CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "12.0.0")) |
| set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wctad-maybe-unsupported") |
| endif() |
| |
| if(CLANG OR CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "7.0.0") |
| set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wimplicit-fallthrough") |
| endif() |
| |
| if(CMAKE_COMPILER_IS_GNUCXX) |
| set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wformat-signedness") |
| endif() |
| |
| set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${C_CXX_FLAGS} -Wmissing-prototypes -Wold-style-definition -Wstrict-prototypes") |
| set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_CXX_FLAGS} -Wmissing-declarations -Wnon-virtual-dtor") |
| |
| # In GCC, -Wmissing-declarations is the C++ spelling of -Wmissing-prototypes |
| # and using the wrong one is an error. In Clang, -Wmissing-prototypes is the |
| # spelling for both and -Wmissing-declarations is some other warning. |
| # |
| # https://gcc.gnu.org/onlinedocs/gcc-7.1.0/gcc/Warning-Options.html#Warning-Options |
| # https://clang.llvm.org/docs/DiagnosticsReference.html#wmissing-prototypes |
| # https://clang.llvm.org/docs/DiagnosticsReference.html#wmissing-declarations |
| if(CLANG) |
| set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wmissing-prototypes") |
| endif() |
| elseif(MSVC) |
| set(MSVC_DISABLED_WARNINGS_LIST |
| "C4100" # 'exarg' : unreferenced formal parameter |
| "C4127" # conditional expression is constant |
| "C4244" # 'function' : conversion from 'int' to 'uint8_t', |
| # possible loss of data |
| "C4267" # conversion from 'size_t' to 'int', possible loss of data |
| "C4706" # assignment within conditional expression |
| ) |
| string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR |
| ${MSVC_DISABLED_WARNINGS_LIST}) |
| set(CMAKE_C_FLAGS "-utf-8 -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}") |
| # Without /Zc:__cplusplus, MSVC does not define the right value for |
| # __cplusplus. See https://devblogs.microsoft.com/cppblog/msvc-now-correctly-reports-__cplusplus/ |
| # If this becomes too problematic for downstream code, we can look at |
| # _MSVC_LANG. |
| set(CMAKE_CXX_FLAGS "-utf-8 -W4 -WX ${MSVC_DISABLED_WARNINGS_STR} -Zc:__cplusplus") |
| endif() |
| |
| if(WIN32) |
| add_definitions(-D_HAS_EXCEPTIONS=0) |
| add_definitions(-DWIN32_LEAN_AND_MEAN) |
| add_definitions(-DNOMINMAX) |
| # Allow use of fopen. |
| add_definitions(-D_CRT_SECURE_NO_WARNINGS) |
| endif() |
| |
| # pthread_rwlock_t on Linux requires a feature flag. We limit this to Linux |
| # because, on Apple platforms, it instead disables APIs we use. See compat(5) |
| # and sys/cdefs.h. Reportedly, FreeBSD also breaks when this is set. See |
| # https://crbug.com/boringssl/471. |
| if(CMAKE_SYSTEM_NAME STREQUAL "Linux") |
| set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=700") |
| endif() |
| |
| if(FUZZ) |
| if(NOT CLANG) |
| message(FATAL_ERROR "You need to build with Clang for fuzzing to work") |
| endif() |
| |
| if(CMAKE_C_COMPILER_VERSION VERSION_LESS "6.0.0") |
| message(FATAL_ERROR "You need Clang ≥ 6.0.0") |
| endif() |
| |
| add_definitions(-DBORINGSSL_UNSAFE_DETERMINISTIC_MODE) |
| set(RUNNER_ARGS "-deterministic") |
| |
| if(NOT NO_FUZZER_MODE) |
| add_definitions(-DBORINGSSL_UNSAFE_FUZZER_MODE) |
| set(RUNNER_ARGS ${RUNNER_ARGS} "-fuzzer" "-shim-config" "fuzzer_mode.json") |
| endif() |
| |
| set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address,fuzzer-no-link -fsanitize-coverage=edge,indirect-calls") |
| set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address,fuzzer-no-link -fsanitize-coverage=edge,indirect-calls") |
| endif() |
| |
| add_definitions(-DBORINGSSL_IMPLEMENTATION) |
| |
| if(BUILD_SHARED_LIBS) |
| add_definitions(-DBORINGSSL_SHARED_LIBRARY) |
| # Enable position-independent code globally. This is needed because |
| # some library targets are OBJECT libraries. |
| set(CMAKE_POSITION_INDEPENDENT_CODE TRUE) |
| endif() |
| |
| if(MSAN) |
| if(NOT CLANG) |
| message(FATAL_ERROR "Cannot enable MSAN unless using Clang") |
| endif() |
| |
| if(ASAN) |
| message(FATAL_ERROR "ASAN and MSAN are mutually exclusive") |
| endif() |
| |
| set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") |
| set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") |
| set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") |
| endif() |
| |
| if(ASAN) |
| if(NOT CLANG) |
| message(FATAL_ERROR "Cannot enable ASAN unless using Clang") |
| endif() |
| |
| set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer") |
| set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer") |
| endif() |
| |
| if(CFI) |
| if(NOT CLANG) |
| message(FATAL_ERROR "Cannot enable CFI unless using Clang") |
| endif() |
| |
| set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -flto=thin") |
| set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -flto=thin") |
| # We use Chromium's copy of clang, which requires -fuse-ld=lld if building |
| # with -flto. That, in turn, can't handle -ggdb. |
| set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fuse-ld=lld") |
| string(REPLACE "-ggdb" "-g" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") |
| string(REPLACE "-ggdb" "-g" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") |
| # -flto causes object files to contain LLVM bitcode. Mixing those with |
| # assembly output in the same static library breaks the linker. |
| set(OPENSSL_NO_ASM "1") |
| endif() |
| |
| if(TSAN) |
| if(NOT CLANG) |
| message(FATAL_ERROR "Cannot enable TSAN unless using Clang") |
| endif() |
| |
| set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=thread") |
| set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=thread") |
| set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=thread") |
| endif() |
| |
| if(UBSAN) |
| if(NOT CLANG) |
| message(FATAL_ERROR "Cannot enable UBSAN unless using Clang") |
| endif() |
| |
| set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined") |
| set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=undefined") |
| set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=undefined") |
| |
| if(NOT UBSAN_RECOVER) |
| set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-sanitize-recover=undefined") |
| set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-sanitize-recover=undefined") |
| set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fno-sanitize-recover=undefined") |
| endif() |
| endif() |
| |
| if(GCOV) |
| set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage") |
| set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-arcs -ftest-coverage") |
| endif() |
| |
| if(FIPS) |
| require_go() |
| add_definitions(-DBORINGSSL_FIPS) |
| if(FIPS_BREAK_TEST) |
| add_definitions("-DBORINGSSL_FIPS_BREAK_${FIPS_BREAK_TEST}=1") |
| endif() |
| # The FIPS integrity check does not work for ASan and MSan builds. |
| if(NOT ASAN AND NOT MSAN) |
| if(BUILD_SHARED_LIBS) |
| set(FIPS_SHARED "1") |
| else() |
| set(FIPS_DELOCATE "1") |
| endif() |
| endif() |
| if(FIPS_SHARED) |
| # The Android CMake files set -ffunction-sections and -fdata-sections, |
| # which is incompatible with FIPS_SHARED. |
| set(CMAKE_C_FLAGS |
| "${CMAKE_C_FLAGS} -fno-function-sections -fno-data-sections") |
| set(CMAKE_CXX_FLAGS |
| "${CMAKE_CXX_FLAGS} -fno-function-sections -fno-data-sections") |
| endif() |
| endif() |
| |
| if(OPENSSL_SMALL) |
| add_definitions(-DOPENSSL_SMALL) |
| endif() |
| |
| if(CONSTANT_TIME_VALIDATION) |
| add_definitions(-DBORINGSSL_CONSTANT_TIME_VALIDATION) |
| endif() |
| |
| if(MALLOC_FAILURE_TESTING) |
| add_definitions(-DBORINGSSL_MALLOC_FAILURE_TESTING) |
| endif() |
| |
| if(OPENSSL_NO_ASM) |
| add_definitions(-DOPENSSL_NO_ASM) |
| endif() |
| |
| if(FIPS_DELOCATE OR NOT OPENSSL_NO_ASM) |
| # On x86 and x86_64 Windows, we use the NASM output. |
| if(WIN32 AND CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64|x86_64|amd64|x86|i[3-6]86") |
| enable_language(ASM_NASM) |
| set(OPENSSL_NASM TRUE) |
| set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -gcv8") |
| else() |
| enable_language(ASM) |
| if (NOT OPENSSL_NO_ASM) |
| set(OPENSSL_ASM TRUE) |
| endif() |
| # Work around https://gitlab.kitware.com/cmake/cmake/-/issues/20771 in older |
| # CMake versions. |
| if(APPLE AND CMAKE_VERSION VERSION_LESS 3.19) |
| if(CMAKE_OSX_SYSROOT) |
| set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -isysroot \"${CMAKE_OSX_SYSROOT}\"") |
| endif() |
| foreach(arch ${CMAKE_OSX_ARCHITECTURES}) |
| set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -arch ${arch}") |
| endforeach() |
| endif() |
| if(NOT WIN32) |
| set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack") |
| endif() |
| # Clang's integerated assembler does not support debug symbols. |
| if(NOT CMAKE_ASM_COMPILER_ID MATCHES "Clang") |
| set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,-g") |
| endif() |
| endif() |
| endif() |
| |
| if(OPENSSL_NO_SSE2_FOR_TESTING) |
| add_definitions(-DOPENSSL_NO_SSE2_FOR_TESTING) |
| endif() |
| |
| if(USE_CUSTOM_LIBCXX) |
| if(NOT CLANG) |
| message(FATAL_ERROR "USE_CUSTOM_LIBCXX only supported with Clang") |
| endif() |
| |
| # CMake does not allow installing a library without installing dependencies. |
| # If we installed libcrypto, we'd have to install our custom libc++, which |
| # does not make sense. As this is a test-only configuration, disable |
| # installing. |
| set(INSTALL_ENABLED 0) |
| |
| # CMAKE_CXX_FLAGS ends up in the linker flags as well, so use |
| # add_compile_options. There does not appear to be a way to set |
| # language-specific compile-only flags. |
| add_compile_options("-nostdinc++") |
| set(CMAKE_CXX_LINK_FLAGS "${CMAKE_CXX_LINK_FLAGS} -nostdlib++") |
| include_directories( |
| SYSTEM |
| util/bot/libcxx-config |
| util/bot/libcxx/include |
| util/bot/libcxxabi/include |
| ) |
| |
| # This is patterned after buildtools/third_party/libc++/BUILD.gn and |
| # buildtools/third_party/libc++abi/BUILD.gn in Chromium. |
| |
| file(GLOB LIBCXX_SOURCES "util/bot/libcxx/src/*.cpp") |
| file(GLOB LIBCXXABI_SOURCES "util/bot/libcxxabi/src/*.cpp") |
| |
| # This file is meant for exception-less builds. |
| list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/cxa_noexception.cpp") |
| # libc++ also defines new and delete. |
| list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/stdlib_new_delete.cpp") |
| if(TSAN) |
| # ThreadSanitizer tries to intercept these symbols. Skip them to avoid |
| # symbol conflicts. |
| list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/cxa_guard.cpp") |
| endif() |
| |
| add_library(libcxxabi ${LIBCXXABI_SOURCES}) |
| target_compile_definitions( |
| libcxxabi PRIVATE |
| -D_LIBCPP_ENABLE_CXX17_REMOVED_UNEXPECTED_FUNCTIONS |
| ) |
| |
| add_library(libcxx ${LIBCXX_SOURCES}) |
| if(ASAN OR MSAN OR TSAN) |
| # Sanitizers try to intercept new and delete. |
| target_compile_definitions( |
| libcxx PRIVATE |
| -D_LIBCPP_DISABLE_NEW_DELETE_DEFINITIONS |
| ) |
| endif() |
| target_compile_definitions( |
| libcxx PRIVATE |
| -D_LIBCPP_BUILDING_LIBRARY |
| -DLIBCXX_BUILDING_LIBCXXABI |
| ) |
| set_target_properties( |
| libcxx libcxxabi PROPERTIES |
| COMPILE_FLAGS "-Wno-missing-prototypes -Wno-implicit-fallthrough" |
| # libc++ and libc++abi must be built in C++23 mode. |
| CXX_STANDARD 23 |
| CXX_STANDARD_REQUIRED TRUE |
| ) |
| # libc++abi depends on libc++ internal headers. |
| set_property(TARGET libcxx libcxxabi APPEND PROPERTY INCLUDE_DIRECTORIES "${CMAKE_CURRENT_SOURCE_DIR}/util/bot/libcxx/src") |
| target_link_libraries(libcxx libcxxabi) |
| endif() |
| |
| # Add minimal googletest targets. The provided one has many side-effects, and |
| # googletest has a very straightforward build. |
| add_library( |
| boringssl_gtest |
| third_party/googletest/googlemock/src/gmock-all.cc |
| third_party/googletest/googletest/src/gtest-all.cc |
| ) |
| if(USE_CUSTOM_LIBCXX) |
| target_link_libraries(boringssl_gtest libcxx) |
| endif() |
| target_include_directories( |
| boringssl_gtest |
| PUBLIC |
| third_party/googletest/googlemock/include |
| third_party/googletest/googletest/include |
| PRIVATE |
| third_party/googletest/googlemock |
| third_party/googletest/googletest |
| ) |
| |
| # Declare a dummy target to build all unit tests. Test targets should inject |
| # themselves as dependencies next to the target definition. |
| add_custom_target(all_tests) |
| |
| add_subdirectory(ssl/test) |
| add_subdirectory(util/fipstools) |
| add_subdirectory(util/fipstools/acvp/modulewrapper) |
| |
| if(OPENSSL_ASM) |
| set(CRYPTO_SOURCES_ASM_USED ${CRYPTO_SOURCES_ASM}) |
| set(BCM_SOURCES_ASM_USED ${BCM_SOURCES_ASM}) |
| set(TEST_SUPPORT_SOURCES_ASM_USED ${TEST_SUPPORT_SOURCES_ASM}) |
| elseif(OPENSSL_NASM) |
| set(CRYPTO_SOURCES_ASM_USED ${CRYPTO_SOURCES_NASM}) |
| set(BCM_SOURCES_ASM_USED ${BCM_SOURCES_NASM}) |
| set(TEST_SUPPORT_SOURCES_ASM_USED ${TEST_SUPPORT_SOURCES_NASM}) |
| endif() |
| |
| if(FIPS_DELOCATE AND FIPS_SHARED) |
| message(FATAL_ERROR "Can't set both delocate and shared mode for FIPS build") |
| endif() |
| |
| if(FIPS_DELOCATE) |
| add_library(bcm_c_generated_asm STATIC ${BCM_SOURCES}) |
| if(NOT MSVC) |
| # The C++ code in libcrypto shouldn't depend on libstdc++. This requires |
| # -fno-exceptions otherwise use of std::unique_ptr emits a call to |
| # std::terminate. |
| target_compile_options(bcm_c_generated_asm PRIVATE $<$<COMPILE_LANGUAGE:CXX>:-fno-exceptions -fno-rtti>) |
| endif() |
| add_dependencies(bcm_c_generated_asm boringssl_prefix_symbols) |
| target_include_directories(bcm_c_generated_asm PRIVATE ${PROJECT_SOURCE_DIR}/include) |
| set_target_properties(bcm_c_generated_asm PROPERTIES COMPILE_OPTIONS "-S") |
| set_target_properties(bcm_c_generated_asm PROPERTIES POSITION_INDEPENDENT_CODE ON) |
| if(CLANG) |
| # Clang warns when passing both -c (from CMake) and -S. |
| set_property(TARGET bcm_c_generated_asm APPEND PROPERTY COMPILE_OPTIONS "-Wno-unused-command-line-argument") |
| endif() |
| |
| set(TARGET_FLAG "") |
| if(CMAKE_ASM_COMPILER_TARGET) |
| set(TARGET_FLAG "--target=${CMAKE_ASM_COMPILER_TARGET}") |
| endif() |
| |
| go_executable(delocate boringssl.googlesource.com/boringssl/util/fipstools/delocate) |
| add_custom_command( |
| OUTPUT bcm-delocated.S |
| COMMAND ${CMAKE_CURRENT_BINARY_DIR}/delocate |
| -a $<TARGET_FILE:bcm_c_generated_asm> |
| -o ${CMAKE_CURRENT_BINARY_DIR}/bcm-delocated.S |
| -cc ${CMAKE_ASM_COMPILER} |
| -cc-flags "${TARGET_FLAG} ${CMAKE_ASM_FLAGS}" |
| ${BCM_SOURCES_ASM_USED} |
| ${CRYPTO_HEADERS} |
| DEPENDS bcm_c_generated_asm |
| delocate |
| ${BCM_SOURCES_ASM_USED} |
| ${CRYPTO_HEADERS} |
| WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} |
| ) |
| |
| add_library(bcm_hashunset STATIC bcm-delocated.S) |
| set_target_properties(bcm_hashunset PROPERTIES POSITION_INDEPENDENT_CODE ON) |
| set_target_properties(bcm_hashunset PROPERTIES LINKER_LANGUAGE C) |
| |
| go_executable(inject_hash |
| boringssl.googlesource.com/boringssl/util/fipstools/inject_hash) |
| add_custom_command( |
| OUTPUT bcm.o |
| COMMAND ./inject_hash -o bcm.o -in-archive $<TARGET_FILE:bcm_hashunset> |
| DEPENDS bcm_hashunset inject_hash |
| WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} |
| ) |
| set(CRYPTO_FIPS_OBJECTS bcm.o) |
| elseif(FIPS_SHARED) |
| if(NOT BUILD_SHARED_LIBS) |
| message(FATAL_ERROR "FIPS_SHARED set but not BUILD_SHARED_LIBS") |
| endif() |
| |
| add_library(bcm_library STATIC ${BCM_SOURCES} ${BCM_SOURCES_ASM_USED}) |
| if(NOT MSVC) |
| # The C++ code in libcrypto shouldn't depend on libstdc++. This requires |
| # -fno-exceptions otherwise use of std::unique_ptr emits a call to |
| # std::terminate. |
| target_compile_options(bcm_library PRIVATE $<$<COMPILE_LANGUAGE:CXX>:-fno-exceptions -fno-rtti>) |
| endif() |
| add_dependencies(bcm_library boringssl_prefix_symbols) |
| target_include_directories(bcm_library PRIVATE ${PROJECT_SOURCE_DIR}/include) |
| |
| add_custom_command( |
| OUTPUT bcm.o |
| COMMAND ${CMAKE_LINKER} -r -T ${CMAKE_CURRENT_SOURCE_DIR}/crypto/fipsmodule/fips_shared.lds -o bcm.o --whole-archive $<TARGET_FILE:bcm_library> |
| DEPENDS bcm_library crypto/fipsmodule/fips_shared.lds |
| WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} |
| ) |
| set(CRYPTO_FIPS_OBJECTS bcm.o) |
| else() |
| add_library(fipsmodule OBJECT ${BCM_SOURCES} ${BCM_SOURCES_ASM_USED}) |
| if(NOT MSVC) |
| # The C++ code in libcrypto shouldn't depend on libstdc++. This requires |
| # -fno-exceptions otherwise use of std::unique_ptr emits a call to |
| # std::terminate. |
| target_compile_options(fipsmodule PRIVATE $<$<COMPILE_LANGUAGE:CXX>:-fno-exceptions -fno-rtti>) |
| endif() |
| add_dependencies(fipsmodule boringssl_prefix_symbols) |
| target_include_directories(fipsmodule PRIVATE ${PROJECT_SOURCE_DIR}/include) |
| set(CRYPTO_FIPS_OBJECTS $<TARGET_OBJECTS:fipsmodule>) |
| endif() |
| |
| add_library(crypto ${CRYPTO_SOURCES} ${CRYPTO_FIPS_OBJECTS} ${CRYPTO_SOURCES_ASM_USED}) |
| if(NOT MSVC) |
| # The C++ code in libcrypto shouldn't depend on libstdc++. This requires |
| # -fno-exceptions otherwise use of std::unique_ptr emits a call to |
| # std::terminate. |
| target_compile_options(crypto PRIVATE $<$<COMPILE_LANGUAGE:CXX>:-fno-exceptions -fno-rtti>) |
| endif() |
| target_include_directories(crypto PUBLIC |
| $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include> |
| $<INSTALL_INTERFACE:include> |
| ) |
| set_property(TARGET crypto PROPERTY EXPORT_NAME Crypto) |
| |
| if(FIPS_SHARED) |
| # Rewrite libcrypto.so to inject the correct module hash value. This assumes |
| # UNIX-style library naming, but we only support FIPS mode on Linux anyway. |
| add_custom_command( |
| TARGET crypto POST_BUILD |
| COMMAND ${GO_EXECUTABLE} run |
| ${CMAKE_CURRENT_SOURCE_DIR}/util/fipstools/inject_hash/inject_hash.go |
| -o libcrypto.so -in-object libcrypto.so |
| # The DEPENDS argument to a POST_BUILD rule appears to be ignored. Thus |
| # go_executable isn't used (as it doesn't get built), but we list this |
| # dependency anyway in case it starts working in some CMake version. |
| DEPENDS util/fipstools/inject_hash/inject_hash.go |
| WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} |
| ) |
| endif() |
| |
| add_dependencies(crypto boringssl_prefix_symbols) |
| if(WIN32) |
| target_link_libraries(crypto ws2_32) |
| endif() |
| |
| # CMAKE_SYSTEM_NAME is "Generic" for embedded OSes: |
| # https://cmake.org/cmake/help/book/mastering-cmake/chapter/Cross%20Compiling%20With%20CMake.html#toolchain-files |
| # |
| # For now we assume embedded OSes do not have threads. Additionally, the Threads |
| # package does not work with Android, but Android does not require any extra |
| # parameters to link pthreads. |
| if(NOT CMAKE_SYSTEM_NAME MATCHES "^(Generic|Android)$") |
| find_package(Threads REQUIRED) |
| target_link_libraries(crypto Threads::Threads) |
| endif() |
| |
| # Every target depends on crypto, so we add libcxx as a dependency here to |
| # simplify injecting it everywhere. |
| if(USE_CUSTOM_LIBCXX) |
| target_link_libraries(crypto libcxx) |
| endif() |
| |
| add_library(ssl ${SSL_SOURCES}) |
| # Although libssl also provides headers that require an include directory, the |
| # flag is already specified by libcrypto, so we omit target_include_directories |
| # here. |
| set_property(TARGET ssl PROPERTY EXPORT_NAME SSL) |
| target_link_libraries(ssl crypto) |
| |
| add_library(decrepit ${DECREPIT_SOURCES}) |
| target_link_libraries(decrepit crypto ssl) |
| |
| add_library(test_support_lib STATIC |
| ${TEST_SUPPORT_SOURCES} ${TEST_SUPPORT_SOURCES_ASM_USED}) |
| if(LIBUNWIND_FOUND) |
| target_compile_options(test_support_lib PRIVATE ${LIBUNWIND_CFLAGS_OTHER}) |
| target_include_directories(test_support_lib PRIVATE ${LIBUNWIND_INCLUDE_DIRS}) |
| target_link_libraries(test_support_lib ${LIBUNWIND_LDFLAGS}) |
| endif() |
| if(WIN32) |
| target_link_libraries(test_support_lib dbghelp) |
| endif() |
| target_link_libraries(test_support_lib boringssl_gtest crypto) |
| |
| # urandom_test is a separate binary because it needs to be able to observe the |
| # PRNG initialisation, which means that it can't have other tests running before |
| # it does. |
| add_executable(urandom_test ${URANDOM_TEST_SOURCES}) |
| target_link_libraries(urandom_test test_support_lib boringssl_gtest crypto) |
| add_dependencies(all_tests urandom_test) |
| |
| add_executable(crypto_test ${CRYPTO_TEST_SOURCES}) |
| target_link_libraries(crypto_test test_support_lib boringssl_gtest crypto) |
| add_dependencies(all_tests crypto_test) |
| |
| add_executable(ssl_test ${SSL_TEST_SOURCES}) |
| target_link_libraries(ssl_test test_support_lib boringssl_gtest ssl crypto) |
| add_dependencies(all_tests ssl_test) |
| add_executable(decrepit_test ${DECREPIT_TEST_SOURCES}) |
| target_link_libraries(decrepit_test test_support_lib boringssl_gtest |
| decrepit crypto) |
| add_dependencies(all_tests decrepit_test) |
| |
| if(APPLE) |
| set(PKI_CXX_FLAGS "-fno-aligned-new") |
| endif() |
| |
| add_library(pki ${PKI_SOURCES}) |
| target_link_libraries(pki crypto) |
| |
| add_executable(pki_test ${PKI_TEST_SOURCES}) |
| target_link_libraries(pki_test test_support_lib boringssl_gtest pki crypto) |
| add_dependencies(all_tests pki_test) |
| |
| # The PKI library requires C++17. |
| set_target_properties( |
| pki pki_test |
| PROPERTIES |
| CXX_STANDARD 17 |
| CXX_STANDARD_REQUIRED YES |
| COMPILE_FLAGS "${PKI_CXX_FLAGS}") |
| |
| add_executable(bssl ${BSSL_SOURCES}) |
| target_link_libraries(bssl ssl crypto) |
| |
| # Historically, targets were built in subdirectories. For compatibility with |
| # existing tools, we, for now, copy the targets into the subdirectories. This |
| # will be removed sometime in 2024. |
| copy_post_build(crypto crypto crypto_test urandom_test) |
| copy_post_build(ssl ssl ssl_test) |
| copy_post_build(decrepit decrepit decrepit_test) |
| copy_post_build(tool bssl) |
| |
| if(FUZZ) |
| if(LIBFUZZER_FROM_DEPS) |
| file(GLOB LIBFUZZER_SOURCES "util/bot/libFuzzer/*.cpp") |
| add_library(Fuzzer STATIC ${LIBFUZZER_SOURCES}) |
| # libFuzzer does not pass our aggressive warnings. It also must be built |
| # without -fsanitize-coverage options or clang crashes. |
| set_target_properties(Fuzzer PROPERTIES COMPILE_FLAGS "-Wno-shadow -Wno-format-nonliteral -Wno-missing-prototypes -fsanitize-coverage=0") |
| endif() |
| |
| add_subdirectory(fuzz) |
| endif() |
| |
| if(RUST_BINDINGS) |
| find_program(BINDGEN_EXECUTABLE bindgen) |
| if(NOT BINDGEN_EXECUTABLE) |
| message(FATAL_ERROR "Could not find bindgen but was asked to generate Rust bindings.") |
| else() |
| add_subdirectory(rust) |
| endif() |
| endif() |
| |
| if(CMAKE_SYSTEM_NAME STREQUAL "Linux") |
| set(HANDSHAKER_ARGS "-handshaker-path" $<TARGET_FILE:handshaker>) |
| endif() |
| |
| if(FIPS) |
| add_custom_target( |
| acvp_tests |
| COMMAND ${GO_EXECUTABLE} build -o ${CMAKE_CURRENT_BINARY_DIR}/acvptool |
| boringssl.googlesource.com/boringssl/util/fipstools/acvp/acvptool |
| COMMAND ${GO_EXECUTABLE} build -o ${CMAKE_CURRENT_BINARY_DIR}/testmodulewrapper |
| boringssl.googlesource.com/boringssl/util/fipstools/acvp/acvptool/testmodulewrapper |
| COMMAND cd util/fipstools/acvp/acvptool/test && |
| ${GO_EXECUTABLE} run check_expected.go |
| -tool ${CMAKE_CURRENT_BINARY_DIR}/acvptool |
| -module-wrappers modulewrapper:$<TARGET_FILE:modulewrapper>,testmodulewrapper:${CMAKE_CURRENT_BINARY_DIR}/testmodulewrapper |
| -tests tests.json |
| WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} |
| DEPENDS modulewrapper |
| USES_TERMINAL) |
| |
| add_custom_target( |
| fips_specific_tests_if_any |
| DEPENDS acvp_tests |
| ) |
| else() |
| add_custom_target(fips_specific_tests_if_any) |
| endif() |
| |
| file(STRINGS util/go_tests.txt GO_TESTS) |
| set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS |
| util/go_tests.txt) |
| |
| if(GO_EXECUTABLE) |
| add_custom_target( |
| run_tests |
| COMMAND ${CMAKE_COMMAND} -E echo "Running Go tests" |
| COMMAND ${GO_EXECUTABLE} test ${GO_TESTS} |
| COMMAND ${CMAKE_COMMAND} -E echo |
| COMMAND ${CMAKE_COMMAND} -E echo "Running unit tests" |
| COMMAND ${GO_EXECUTABLE} run util/all_tests.go -build-dir |
| ${CMAKE_CURRENT_BINARY_DIR} |
| COMMAND ${CMAKE_COMMAND} -E echo |
| COMMAND ${CMAKE_COMMAND} -E echo "Running SSL tests" |
| COMMAND cd ssl/test/runner && |
| ${GO_EXECUTABLE} test -shim-path $<TARGET_FILE:bssl_shim> |
| ${HANDSHAKER_ARGS} ${RUNNER_ARGS} |
| WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} |
| DEPENDS all_tests bssl_shim handshaker fips_specific_tests_if_any |
| USES_TERMINAL) |
| else() |
| add_custom_target( |
| run_tests |
| COMMAND ${CMAKE_COMMAND} -E echo "Running tests requires Go" |
| COMMAND ${CMAKE_COMMAND} -E false) |
| endif() |
| |
| if(INSTALL_ENABLED) |
| install(TARGETS crypto ssl EXPORT OpenSSLTargets) |
| install(TARGETS bssl) |
| install(DIRECTORY include/ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) |
| install(EXPORT OpenSSLTargets |
| FILE OpenSSLTargets.cmake |
| NAMESPACE OpenSSL:: |
| DESTINATION lib/cmake/OpenSSL) |
| install(FILES cmake/OpenSSLConfig.cmake DESTINATION lib/cmake/OpenSSL) |
| endif() |