HardenedBSD/crypto/openssl/configdata.pm.in
Pierre Pronchery b077aed33b Merge OpenSSL 3.0.9
Migrate to OpenSSL 3.0 in advance of FreeBSD 14.0.  OpenSSL 1.1.1 (the
version we were previously using) will be EOL as of 2023-09-11.

Most of the base system has already been updated for a seamless switch
to OpenSSL 3.0.  For many components we've added
`-DOPENSSL_API_COMPAT=0x10100000L` to CFLAGS to specify the API version,
which avoids deprecation warnings from OpenSSL 3.0.  Changes have also
been made to avoid OpenSSL APIs that were already deprecated in OpenSSL
1.1.1.  The process of updating to contemporary APIs can continue after
this merge.

Additional changes are still required for libarchive and Kerberos-
related libraries or tools; workarounds will immediately follow this
commit.  Fixes are in progress in the upstream projects and will be
incorporated when those are next updated.

There are some performance regressions in benchmarks (certain tests in
`openssl speed`) and in some OpenSSL consumers in ports (e.g.  haproxy).
Investigation will continue for these.

Netflix's testing showed no functional regression and a rather small,
albeit statistically significant, increase in CPU consumption with
OpenSSL 3.0.

Thanks to ngie@ and des@ for updating base system components, to
antoine@ and bofh@ for ports exp-runs and port fixes/workarounds, and to
Netflix and everyone who tested prior to commit or contributed to this
update in other ways.

PR:		271615
PR:		271656 [exp-run]
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
2023-06-23 18:53:36 -04:00

488 lines
16 KiB
Perl

#! {- $config{HASHBANGPERL} -}
# -*- mode: perl -*-
{-
# We must make sourcedir() return an absolute path, because configdata.pm
# may be loaded as a module from any script in any directory, making
# relative paths untrustable. Because the result is used with 'use lib',
# we must ensure that it returns a Unix style path. Mixing File::Spec
# and File::Spec::Unix does just that.
use File::Spec::Unix;
use File::Spec;
use Cwd qw(abs_path);
sub _fixup_path {
my $path = shift;
# Make the path absolute at all times
$path = abs_path($path);
if ($^O eq 'VMS') {
# Convert any path of the VMS form VOLUME:[DIR1.DIR2]FILE to the
# Unix form /VOLUME/DIR1/DIR2/FILE, which is what VMS perl supports
# for 'use lib'.
# Start with spliting the native path
(my $vol, my $dirs, my $file) = File::Spec->splitpath($path);
my @dirs = File::Spec->splitdir($dirs);
# Reassemble it as a Unix path
$vol =~ s|:$||;
$dirs = File::Spec::Unix->catdir('', $vol, @dirs);
$path = File::Spec::Unix->catpath('', $dirs, $file);
}
return $path;
}
sub sourcedir {
return _fixup_path(File::Spec->catdir($config{sourcedir}, @_))
}
sub sourcefile {
return _fixup_path(File::Spec->catfile($config{sourcedir}, @_))
}
use lib sourcedir('util', 'perl');
use OpenSSL::Util;
-}
package configdata;
use strict;
use warnings;
use Exporter;
our @ISA = qw(Exporter);
our @EXPORT = qw(
%config %target %disabled %withargs %unified_info
@disablables @disablables_int
);
our %config = ({- dump_data(\%config, indent => 0); -});
our %target = ({- dump_data(\%target, indent => 0); -});
our @disablables = ({- dump_data(\@disablables, indent => 0) -});
our @disablables_int = ({- dump_data(\@disablables_int, indent => 0) -});
our %disabled = ({- dump_data(\%disabled, indent => 0); -});
our %withargs = ({- dump_data(\%withargs, indent => 0); -});
our %unified_info = ({- dump_data(\%unified_info, indent => 0); -});
# Unexported, only used by OpenSSL::Test::Utils::available_protocols()
our %available_protocols = (
tls => [{- dump_data(\@tls, indent => 0) -}],
dtls => [{- dump_data(\@dtls, indent => 0) -}],
);
# The following data is only used when this files is use as a script
my @makevars = ({- dump_data(\@makevars, indent => 0); -});
my %disabled_info = ({- dump_data(\%disabled_info, indent => 0); -});
my @user_crossable = qw( {- join (' ', @user_crossable) -} );
# If run directly, we can give some answers, and even reconfigure
unless (caller) {
use Getopt::Long;
use File::Spec::Functions;
use File::Basename;
use File::Compare qw(compare_text);
use File::Copy;
use Pod::Usage;
use lib '{- sourcedir('util', 'perl') -}';
use OpenSSL::fallback '{- sourcefile('external', 'perl', 'MODULES.txt') -}';
my $here = dirname($0);
if (scalar @ARGV == 0) {
# With no arguments, re-create the build file
# We do that in two steps, where the first step emits perl
# snipets.
my $buildfile = $config{build_file};
my $buildfile_template = "$buildfile.in";
my @autowarntext = (
'WARNING: do not edit!',
"Generated by configdata.pm from "
.join(", ", @{$config{build_file_templates}}),
"via $buildfile_template"
);
my %gendata = (
config => \%config,
target => \%target,
disabled => \%disabled,
withargs => \%withargs,
unified_info => \%unified_info,
autowarntext => \@autowarntext,
);
use lib '.';
use lib '{- sourcedir('Configurations') -}';
use gentemplate;
open my $buildfile_template_fh, ">$buildfile_template"
or die "Trying to create $buildfile_template: $!";
foreach (@{$config{build_file_templates}}) {
copy($_, $buildfile_template_fh)
or die "Trying to copy $_ into $buildfile_template: $!";
}
gentemplate(output => $buildfile_template_fh, %gendata);
close $buildfile_template_fh;
print 'Created ',$buildfile_template,"\n";
use OpenSSL::Template;
my $prepend = <<'_____';
use File::Spec::Functions;
use lib '{- sourcedir('util', 'perl') -}';
use lib '{- sourcedir('Configurations') -}';
use lib '{- $config{builddir} -}';
use platform;
_____
my $tmpl;
open BUILDFILE, ">$buildfile.new"
or die "Trying to create $buildfile.new: $!";
$tmpl = OpenSSL::Template->new(TYPE => 'FILE',
SOURCE => $buildfile_template);
$tmpl->fill_in(FILENAME => $_,
OUTPUT => \*BUILDFILE,
HASH => \%gendata,
PREPEND => $prepend,
# To ensure that global variables and functions
# defined in one template stick around for the
# next, making them combinable
PACKAGE => 'OpenSSL::safe')
or die $Text::Template::ERROR;
close BUILDFILE;
rename("$buildfile.new", $buildfile)
or die "Trying to rename $buildfile.new to $buildfile: $!";
print 'Created ',$buildfile,"\n";
my $configuration_h =
catfile('include', 'openssl', 'configuration.h');
my $configuration_h_in =
catfile($config{sourcedir}, 'include', 'openssl', 'configuration.h.in');
open CONFIGURATION_H, ">${configuration_h}.new"
or die "Trying to create ${configuration_h}.new: $!";
$tmpl = OpenSSL::Template->new(TYPE => 'FILE',
SOURCE => $configuration_h_in);
$tmpl->fill_in(FILENAME => $_,
OUTPUT => \*CONFIGURATION_H,
HASH => \%gendata,
PREPEND => $prepend,
# To ensure that global variables and functions
# defined in one template stick around for the
# next, making them combinable
PACKAGE => 'OpenSSL::safe')
or die $Text::Template::ERROR;
close CONFIGURATION_H;
# When using stat() on Windows, we can get it to perform better by
# avoid some data. This doesn't affect the mtime field, so we're not
# losing anything...
${^WIN32_SLOPPY_STAT} = 1;
my $update_configuration_h = 0;
if (-f $configuration_h) {
my $configuration_h_mtime = (stat($configuration_h))[9];
my $configuration_h_in_mtime = (stat($configuration_h_in))[9];
# If configuration.h.in was updated after the last configuration.h,
# or if configuration.h.new differs configuration.h, we update
# configuration.h
if ($configuration_h_mtime < $configuration_h_in_mtime
|| compare_text("${configuration_h}.new", $configuration_h) != 0) {
$update_configuration_h = 1;
} else {
# If nothing has changed, let's just drop the new one and
# pretend like nothing happened
unlink "${configuration_h}.new"
}
} else {
$update_configuration_h = 1;
}
if ($update_configuration_h) {
rename("${configuration_h}.new", $configuration_h)
or die "Trying to rename ${configuration_h}.new to $configuration_h: $!";
print 'Created ',$configuration_h,"\n";
}
exit(0);
}
my $dump = undef;
my $cmdline = undef;
my $options = undef;
my $target = undef;
my $envvars = undef;
my $makevars = undef;
my $buildparams = undef;
my $reconf = undef;
my $verbose = undef;
my $query = undef;
my $help = undef;
my $man = undef;
GetOptions('dump|d' => \$dump,
'command-line|c' => \$cmdline,
'options|o' => \$options,
'target|t' => \$target,
'environment|e' => \$envvars,
'make-variables|m' => \$makevars,
'build-parameters|b' => \$buildparams,
'reconfigure|reconf|r' => \$reconf,
'verbose|v' => \$verbose,
'query|q=s' => \$query,
'help' => \$help,
'man' => \$man)
or die "Errors in command line arguments\n";
# We allow extra arguments with --query. That allows constructs like
# this:
# ./configdata.pm --query 'get_sources(@ARGV)' file1 file2 file3
if (!$query && scalar @ARGV > 0) {
print STDERR <<"_____";
Unrecognised arguments.
For more information, do '$0 --help'
_____
exit(2);
}
if ($help) {
pod2usage(-exitval => 0,
-verbose => 1);
}
if ($man) {
pod2usage(-exitval => 0,
-verbose => 2);
}
if ($dump || $cmdline) {
print "\nCommand line (with current working directory = $here):\n\n";
print ' ',join(' ',
$config{PERL},
catfile($config{sourcedir}, 'Configure'),
@{$config{perlargv}}), "\n";
print "\nPerl information:\n\n";
print ' ',$config{perl_cmd},"\n";
print ' ',$config{perl_version},' for ',$config{perl_archname},"\n";
}
if ($dump || $options) {
my $longest = 0;
my $longest2 = 0;
foreach my $what (@disablables) {
$longest = length($what) if $longest < length($what);
$longest2 = length($disabled{$what})
if $disabled{$what} && $longest2 < length($disabled{$what});
}
print "\nEnabled features:\n\n";
foreach my $what (@disablables) {
print " $what\n" unless $disabled{$what};
}
print "\nDisabled features:\n\n";
foreach my $what (@disablables) {
if ($disabled{$what}) {
print " $what", ' ' x ($longest - length($what) + 1),
"[$disabled{$what}]", ' ' x ($longest2 - length($disabled{$what}) + 1);
print $disabled_info{$what}->{macro}
if $disabled_info{$what}->{macro};
print ' (skip ',
join(', ', @{$disabled_info{$what}->{skipped}}),
')'
if $disabled_info{$what}->{skipped};
print "\n";
}
}
}
if ($dump || $target) {
print "\nConfig target attributes:\n\n";
foreach (sort keys %target) {
next if $_ =~ m|^_| || $_ eq 'template';
my $quotify = sub {
map {
if (defined $_) {
(my $x = $_) =~ s|([\\\$\@"])|\\$1|g; "\"$x\""
} else {
"undef";
}
} @_;
};
print ' ', $_, ' => ';
if (ref($target{$_}) eq "ARRAY") {
print '[ ', join(', ', $quotify->(@{$target{$_}})), " ],\n";
} else {
print $quotify->($target{$_}), ",\n"
}
}
}
if ($dump || $envvars) {
print "\nRecorded environment:\n\n";
foreach (sort keys %{$config{perlenv}}) {
print ' ',$_,' = ',($config{perlenv}->{$_} || ''),"\n";
}
}
if ($dump || $makevars) {
print "\nMakevars:\n\n";
foreach my $var (@makevars) {
my $prefix = '';
$prefix = $config{CROSS_COMPILE}
if grep { $var eq $_ } @user_crossable;
$prefix //= '';
print ' ',$var,' ' x (16 - length $var),'= ',
(ref $config{$var} eq 'ARRAY'
? join(' ', @{$config{$var}})
: $prefix.$config{$var}),
"\n"
if defined $config{$var};
}
my @buildfile = ($config{builddir}, $config{build_file});
unshift @buildfile, $here
unless file_name_is_absolute($config{builddir});
my $buildfile = canonpath(catdir(@buildfile));
print <<"_____";
NOTE: These variables only represent the configuration view. The build file
template may have processed these variables further, please have a look at the
build file for more exact data:
$buildfile
_____
}
if ($dump || $buildparams) {
my @buildfile = ($config{builddir}, $config{build_file});
unshift @buildfile, $here
unless file_name_is_absolute($config{builddir});
print "\nbuild file:\n\n";
print " ", canonpath(catfile(@buildfile)),"\n";
print "\nbuild file templates:\n\n";
foreach (@{$config{build_file_templates}}) {
my @tmpl = ($_);
unshift @tmpl, $here
unless file_name_is_absolute($config{sourcedir});
print ' ',canonpath(catfile(@tmpl)),"\n";
}
}
if ($reconf) {
if ($verbose) {
print 'Reconfiguring with: ', join(' ',@{$config{perlargv}}), "\n";
foreach (sort keys %{$config{perlenv}}) {
print ' ',$_,' = ',($config{perlenv}->{$_} || ""),"\n";
}
}
chdir $here;
exec $^X,catfile($config{sourcedir}, 'Configure'),'reconf';
}
if ($query) {
use OpenSSL::Config::Query;
my $confquery = OpenSSL::Config::Query->new(info => \%unified_info,
config => \%config);
my $result = eval "\$confquery->$query";
# We may need a result class with a printing function at some point.
# Until then, we assume that we get a scalar, or a list or a hash table
# with scalar values and simply print them in some orderly fashion.
if (ref $result eq 'ARRAY') {
print "$_\n" foreach @$result;
} elsif (ref $result eq 'HASH') {
print "$_ : \\\n ", join(" \\\n ", @{$result->{$_}}), "\n"
foreach sort keys %$result;
} elsif (ref $result eq 'SCALAR') {
print "$$result\n";
}
}
}
1;
__END__
=head1 NAME
configdata.pm - configuration data for OpenSSL builds
=head1 SYNOPSIS
Interactive:
perl configdata.pm [options]
As data bank module:
use configdata;
=head1 DESCRIPTION
This module can be used in two modes, interactively and as a module containing
all the data recorded by OpenSSL's Configure script.
When used interactively, simply run it as any perl script.
If run with no arguments, it will rebuild the build file (Makefile or
corresponding).
With at least one option, it will instead get the information you ask for, or
re-run the configuration process.
See L</OPTIONS> below for more information.
When loaded as a module, you get a few databanks with useful information to
perform build related tasks. The databanks are:
%config Configured things.
%target The OpenSSL config target with all inheritances
resolved.
%disabled The features that are disabled.
@disablables The list of features that can be disabled.
%withargs All data given through --with-THING options.
%unified_info All information that was computed from the build.info
files.
=head1 OPTIONS
=over 4
=item B<--help>
Print a brief help message and exit.
=item B<--man>
Print the manual page and exit.
=item B<--dump> | B<-d>
Print all relevant configuration data. This is equivalent to B<--command-line>
B<--options> B<--target> B<--environment> B<--make-variables>
B<--build-parameters>.
=item B<--command-line> | B<-c>
Print the current configuration command line.
=item B<--options> | B<-o>
Print the features, both enabled and disabled, and display defined macro and
skipped directories where applicable.
=item B<--target> | B<-t>
Print the config attributes for this config target.
=item B<--environment> | B<-e>
Print the environment variables and their values at the time of configuration.
=item B<--make-variables> | B<-m>
Print the main make variables generated in the current configuration
=item B<--build-parameters> | B<-b>
Print the build parameters, i.e. build file and build file templates.
=item B<--reconfigure> | B<--reconf> | B<-r>
Re-run the configuration process.
=item B<--verbose> | B<-v>
Verbose output.
=back
=cut
EOF