1# Copyright 2014 The BoringSSL Authors 2# 3# Permission to use, copy, modify, and/or distribute this software for any 4# purpose with or without fee is hereby granted, provided that the above 5# copyright notice and this permission notice appear in all copies. 6# 7# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 8# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 9# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 10# SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 11# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION 12# OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN 13# CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 15cmake_minimum_required(VERSION 3.16) 16 17# Defer enabling C and CXX languages. 18project(BoringSSL NONE) 19 20# Don't install BoringSSL to system directories by default; it has no stable 21# ABI. Instead, default to an "install" directory under the source. 22if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) 23 set(CMAKE_INSTALL_PREFIX ${CMAKE_SOURCE_DIR}/install CACHE PATH "" FORCE) 24endif() 25 26if(WIN32) 27 # On Windows, prefer cl over gcc if both are available. By default most of 28 # the CMake generators prefer gcc, even on Windows. 29 set(CMAKE_GENERATOR_CC cl) 30endif() 31 32include(cmake/go.cmake) 33include(cmake/paths.cmake) 34include(gen/sources.cmake) 35 36enable_language(C) 37enable_language(CXX) 38 39include(GNUInstallDirs) 40 41set(INSTALL_ENABLED 1) 42 43if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND NOT CMAKE_CROSSCOMPILING) 44 find_package(PkgConfig QUIET) 45 if (PkgConfig_FOUND) 46 pkg_check_modules(LIBUNWIND libunwind-generic>=1.3.0) 47 if(LIBUNWIND_FOUND) 48 add_definitions(-DBORINGSSL_HAVE_LIBUNWIND) 49 else() 50 message("libunwind not found. Disabling unwind tests.") 51 endif() 52 else() 53 message("pkgconfig not found. Disabling unwind tests.") 54 endif() 55endif() 56 57string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER) 58if(NOT FIPS) 59 if(CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithassert" OR 60 NOT CMAKE_BUILD_TYPE_LOWER MATCHES "rel") 61 add_definitions(-DBORINGSSL_DISPATCH_TEST) 62 # CMake automatically connects include_directories to the NASM 63 # command-line, but not add_definitions. 64 set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DBORINGSSL_DISPATCH_TEST") 65 endif() 66endif() 67 68# Add a RelWithAsserts build configuration. It is the same as Release, except it 69# does not define NDEBUG, so asserts run. 70foreach(VAR CMAKE_C_FLAGS CMAKE_CXX_FLAGS CMAKE_ASM_FLAGS) 71 string(REGEX REPLACE "(^| )[/-]DNDEBUG( |$)" " " "${VAR}_RELWITHASSERTS" 72 "${${VAR}_RELEASE}") 73endforeach() 74 75if(BORINGSSL_PREFIX AND BORINGSSL_PREFIX_SYMBOLS) 76 require_go() 77 add_definitions(-DBORINGSSL_PREFIX=${BORINGSSL_PREFIX}) 78 # CMake automatically connects include_directories to the NASM command-line, 79 # but not add_definitions. 80 set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DBORINGSSL_PREFIX=${BORINGSSL_PREFIX}") 81 82 # Use "symbol_prefix_include" to store generated header files 83 include_directories(${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include) 84 add_custom_command( 85 OUTPUT symbol_prefix_include/boringssl_prefix_symbols.h 86 symbol_prefix_include/boringssl_prefix_symbols_asm.h 87 symbol_prefix_include/boringssl_prefix_symbols_nasm.inc 88 COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include 89 COMMAND ${GO_EXECUTABLE} run ${CMAKE_CURRENT_SOURCE_DIR}/util/make_prefix_headers.go -out ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include ${BORINGSSL_PREFIX_SYMBOLS} 90 DEPENDS util/make_prefix_headers.go 91 ${BORINGSSL_PREFIX_SYMBOLS}) 92 93 # add_dependencies needs a target, not a file, so we add an intermediate 94 # target. 95 add_custom_target( 96 boringssl_prefix_symbols 97 DEPENDS symbol_prefix_include/boringssl_prefix_symbols.h 98 symbol_prefix_include/boringssl_prefix_symbols_asm.h 99 symbol_prefix_include/boringssl_prefix_symbols_nasm.inc) 100elseif(BORINGSSL_PREFIX OR BORINGSSL_PREFIX_SYMBOLS) 101 message(FATAL_ERROR "Must specify both or neither of BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS") 102else() 103 add_custom_target(boringssl_prefix_symbols) 104endif() 105 106if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") 107 set(CLANG 1) 108endif() 109 110if(CMAKE_SYSTEM_NAME STREQUAL "Emscripten") 111 set(EMSCRIPTEN 1) 112endif() 113 114set(CMAKE_CXX_STANDARD 17) 115set(CMAKE_CXX_STANDARD_REQUIRED ON) 116set(CMAKE_C_STANDARD 11) 117set(CMAKE_C_STANDARD_REQUIRED ON) 118 119if(CMAKE_COMPILER_IS_GNUCXX OR CLANG) 120 # Note clang-cl is odd and sets both CLANG and MSVC. We base our configuration 121 # primarily on our normal Clang one. 122 set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare -Wwrite-strings -Wvla -Wshadow -Wtype-limits -Wmissing-field-initializers") 123 if(MSVC) 124 # clang-cl sets different default warnings than clang. It also treats -Wall 125 # as -Weverything, to match MSVC. Instead -W3 is the alias for -Wall. 126 # See http://llvm.org/viewvc/llvm-project?view=revision&revision=319116 127 set(C_CXX_FLAGS "${C_CXX_FLAGS} -W3 -Wno-unused-parameter -fmsc-version=1900") 128 else() 129 if(EMSCRIPTEN) 130 # emscripten's emcc/clang does not accept the "-ggdb" flag. 131 set(C_CXX_FLAGS "${C_CXX_FLAGS} -g") 132 else() 133 set(C_CXX_FLAGS "${C_CXX_FLAGS} -ggdb") 134 endif() 135 136 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wall -fvisibility=hidden -fno-common") 137 endif() 138 139 if(CLANG) 140 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wnewline-eof -Wextra-semi -fcolor-diagnostics") 141 else() 142 # GCC (at least 4.8.4) has a bug where it'll find unreachable free() calls 143 # and declare that the code is trying to free a stack pointer. 144 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wno-free-nonheap-object") 145 endif() 146 147 # -Wstring-concatenation was added in Clang 12.0.0, which corresponds to 148 # AppleClang 13.0.0 per the table in 149 # https://en.wikipedia.org/wiki/Xcode#Toolchain_versions 150 if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND 151 CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "12.0.0") OR 152 (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND 153 CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0.0")) 154 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wstring-concatenation") 155 endif() 156 157 # Clang 12's -Wframe-larger-than reportedly does not work in clang-cl. See 158 # https://crbug.com/boringssl/709. Clang 13 includes the following fix, which 159 # may be related. Speculatively gate on Clang 13. That corresponds to 160 # AppleClang 13.1.6. 161 # https://github.com/llvm/llvm-project/commit/6aaf4fa2885600b0e31042071ad06f78218ab0f2 162 if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND 163 CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0.0") OR 164 (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND 165 CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.1.6")) 166 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wframe-larger-than=25344") 167 endif() 168 169 # -Wctad-maybe-unsupported was added in Clang 10, which is AppleClang 12.0.0. 170 if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND 171 CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "10.0.0") OR 172 (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND 173 CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "12.0.0")) 174 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wctad-maybe-unsupported") 175 endif() 176 177 if(CLANG OR CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "7.0.0") 178 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wimplicit-fallthrough") 179 endif() 180 181 if(CMAKE_COMPILER_IS_GNUCXX) 182 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wformat-signedness") 183 endif() 184 185 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${C_CXX_FLAGS} -Wmissing-prototypes -Wold-style-definition -Wstrict-prototypes") 186 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_CXX_FLAGS} -Wmissing-declarations -Wnon-virtual-dtor") 187 188 # In GCC, -Wmissing-declarations is the C++ spelling of -Wmissing-prototypes 189 # and using the wrong one is an error. In Clang, -Wmissing-prototypes is the 190 # spelling for both and -Wmissing-declarations is some other warning. 191 # 192 # https://gcc.gnu.org/onlinedocs/gcc-7.1.0/gcc/Warning-Options.html#Warning-Options 193 # https://clang.llvm.org/docs/DiagnosticsReference.html#wmissing-prototypes 194 # https://clang.llvm.org/docs/DiagnosticsReference.html#wmissing-declarations 195 if(CLANG) 196 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wmissing-prototypes") 197 endif() 198elseif(MSVC) 199 set(MSVC_DISABLED_WARNINGS_LIST 200 "C4100" # 'exarg' : unreferenced formal parameter 201 "C4127" # conditional expression is constant 202 "C4244" # 'function' : conversion from 'int' to 'uint8_t', 203 # possible loss of data 204 "C4267" # conversion from 'size_t' to 'int', possible loss of data 205 "C4702" # unreachable code; MSVC's warning is too aggressive. See 206 # https://crbug.com/385161043 207 "C4706" # assignment within conditional expression 208 ) 209 string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR 210 ${MSVC_DISABLED_WARNINGS_LIST}) 211 set(CMAKE_C_FLAGS "-utf-8 -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}") 212 # Without /Zc:__cplusplus, MSVC does not define the right value for 213 # __cplusplus. See https://devblogs.microsoft.com/cppblog/msvc-now-correctly-reports-__cplusplus/ 214 # If this becomes too problematic for downstream code, we can look at 215 # _MSVC_LANG. 216 set(CMAKE_CXX_FLAGS "-utf-8 -W4 -WX ${MSVC_DISABLED_WARNINGS_STR} -Zc:__cplusplus") 217endif() 218 219if(WIN32) 220 add_definitions(-D_HAS_EXCEPTIONS=0) 221 add_definitions(-DWIN32_LEAN_AND_MEAN) 222 add_definitions(-DNOMINMAX) 223 # Allow use of fopen. 224 add_definitions(-D_CRT_SECURE_NO_WARNINGS) 225endif() 226 227# pthread_rwlock_t on Linux requires a feature flag. We limit this to Linux 228# because, on Apple platforms, it instead disables APIs we use. See compat(5) 229# and sys/cdefs.h. Reportedly, FreeBSD also breaks when this is set. See 230# https://crbug.com/boringssl/471. 231if(CMAKE_SYSTEM_NAME STREQUAL "Linux") 232 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=700") 233endif() 234 235if(FUZZ) 236 if(NOT CLANG) 237 message(FATAL_ERROR "You need to build with Clang for fuzzing to work") 238 endif() 239 240 if(CMAKE_C_COMPILER_VERSION VERSION_LESS "6.0.0") 241 message(FATAL_ERROR "You need Clang ≥ 6.0.0") 242 endif() 243 244 add_definitions(-DBORINGSSL_UNSAFE_DETERMINISTIC_MODE) 245 set(RUNNER_ARGS "-deterministic") 246 247 if(NOT NO_FUZZER_MODE) 248 add_definitions(-DBORINGSSL_UNSAFE_FUZZER_MODE) 249 set(RUNNER_ARGS ${RUNNER_ARGS} "-fuzzer" "-shim-config" "fuzzer_mode.json") 250 endif() 251 252 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address,fuzzer-no-link -fsanitize-coverage=edge,indirect-calls") 253 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address,fuzzer-no-link -fsanitize-coverage=edge,indirect-calls") 254endif() 255 256add_definitions(-DBORINGSSL_IMPLEMENTATION) 257 258if(BUILD_SHARED_LIBS) 259 add_definitions(-DBORINGSSL_SHARED_LIBRARY) 260 # Enable position-independent code globally. This is needed because 261 # some library targets are OBJECT libraries. 262 set(CMAKE_POSITION_INDEPENDENT_CODE TRUE) 263endif() 264 265if(MSAN) 266 if(NOT CLANG) 267 message(FATAL_ERROR "Cannot enable MSAN unless using Clang") 268 endif() 269 270 if(ASAN) 271 message(FATAL_ERROR "ASAN and MSAN are mutually exclusive") 272 endif() 273 274 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") 275 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") 276 set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") 277endif() 278 279if(ASAN) 280 if(NOT CLANG) 281 message(FATAL_ERROR "Cannot enable ASAN unless using Clang") 282 endif() 283 284 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer") 285 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer") 286endif() 287 288if(CFI) 289 if(NOT CLANG) 290 message(FATAL_ERROR "Cannot enable CFI unless using Clang") 291 endif() 292 293 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -flto=thin") 294 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -flto=thin") 295 # We use Chromium's copy of clang, which requires -fuse-ld=lld if building 296 # with -flto. That, in turn, can't handle -ggdb. 297 set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fuse-ld=lld") 298 string(REPLACE "-ggdb" "-g" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") 299 string(REPLACE "-ggdb" "-g" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") 300 # -flto causes object files to contain LLVM bitcode. Mixing those with 301 # assembly output in the same static library breaks the linker. 302 set(OPENSSL_NO_ASM "1") 303endif() 304 305if(TSAN) 306 if(NOT CLANG) 307 message(FATAL_ERROR "Cannot enable TSAN unless using Clang") 308 endif() 309 310 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=thread") 311 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=thread") 312 set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=thread") 313endif() 314 315if(UBSAN) 316 if(NOT CLANG) 317 message(FATAL_ERROR "Cannot enable UBSAN unless using Clang") 318 endif() 319 320 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined") 321 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=undefined") 322 set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=undefined") 323 324 if(NOT UBSAN_RECOVER) 325 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-sanitize-recover=undefined") 326 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-sanitize-recover=undefined") 327 set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fno-sanitize-recover=undefined") 328 endif() 329endif() 330 331if(GCOV) 332 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage") 333 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-arcs -ftest-coverage") 334endif() 335 336if(FIPS) 337 require_go() 338 add_definitions(-DBORINGSSL_FIPS) 339 if(FIPS_BREAK_TEST) 340 add_definitions("-DBORINGSSL_FIPS_BREAK_${FIPS_BREAK_TEST}=1") 341 endif() 342 # The FIPS integrity check does not work for ASan and MSan builds. 343 if(NOT ASAN AND NOT MSAN) 344 if(BUILD_SHARED_LIBS) 345 set(FIPS_SHARED "1") 346 else() 347 set(FIPS_DELOCATE "1") 348 endif() 349 endif() 350 if(FIPS_SHARED) 351 # The Android CMake files set -ffunction-sections and -fdata-sections, 352 # which is incompatible with FIPS_SHARED. 353 set(CMAKE_C_FLAGS 354 "${CMAKE_C_FLAGS} -fno-function-sections -fno-data-sections") 355 set(CMAKE_CXX_FLAGS 356 "${CMAKE_CXX_FLAGS} -fno-function-sections -fno-data-sections") 357 endif() 358endif() 359 360if(OPENSSL_SMALL) 361 add_definitions(-DOPENSSL_SMALL) 362endif() 363 364if(CONSTANT_TIME_VALIDATION) 365 add_definitions(-DBORINGSSL_CONSTANT_TIME_VALIDATION) 366endif() 367 368if(MALLOC_FAILURE_TESTING) 369 add_definitions(-DBORINGSSL_MALLOC_FAILURE_TESTING) 370endif() 371 372if(OPENSSL_NO_ASM) 373 add_definitions(-DOPENSSL_NO_ASM) 374endif() 375 376if(FIPS_DELOCATE OR NOT OPENSSL_NO_ASM) 377 # On x86 and x86_64 Windows, we use the NASM output. 378 if(WIN32 AND CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64|x86_64|amd64|x86|i[3-6]86") 379 enable_language(ASM_NASM) 380 set(OPENSSL_NASM TRUE) 381 set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -gcv8") 382 else() 383 enable_language(ASM) 384 if (NOT OPENSSL_NO_ASM) 385 set(OPENSSL_ASM TRUE) 386 endif() 387 # Work around https://gitlab.kitware.com/cmake/cmake/-/issues/20771 in older 388 # CMake versions. 389 if(APPLE AND CMAKE_VERSION VERSION_LESS 3.19) 390 if(CMAKE_OSX_SYSROOT) 391 set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -isysroot \"${CMAKE_OSX_SYSROOT}\"") 392 endif() 393 foreach(arch ${CMAKE_OSX_ARCHITECTURES}) 394 set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -arch ${arch}") 395 endforeach() 396 endif() 397 if(NOT WIN32) 398 set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack") 399 endif() 400 # Clang's integerated assembler does not support debug symbols. 401 if(NOT CMAKE_ASM_COMPILER_ID MATCHES "Clang") 402 set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,-g") 403 endif() 404 endif() 405endif() 406 407if(OPENSSL_NO_SSE2_FOR_TESTING) 408 add_definitions(-DOPENSSL_NO_SSE2_FOR_TESTING) 409endif() 410 411if(USE_CUSTOM_LIBCXX) 412 if(NOT CLANG) 413 message(FATAL_ERROR "USE_CUSTOM_LIBCXX only supported with Clang") 414 endif() 415 416 # CMake does not allow installing a library without installing dependencies. 417 # If we installed libcrypto, we'd have to install our custom libc++, which 418 # does not make sense. As this is a test-only configuration, disable 419 # installing. 420 set(INSTALL_ENABLED 0) 421 422 # CMAKE_CXX_FLAGS ends up in the linker flags as well, so use 423 # add_compile_options. There does not appear to be a way to set 424 # language-specific compile-only flags. 425 add_compile_options("-nostdinc++") 426 set(CMAKE_CXX_LINK_FLAGS "${CMAKE_CXX_LINK_FLAGS} -nostdlib++") 427 include_directories( 428 SYSTEM 429 util/bot/libcxx-config 430 util/bot/libcxx/include 431 util/bot/libcxxabi/include 432 ) 433 434 # This is patterned after buildtools/third_party/libc++/BUILD.gn and 435 # buildtools/third_party/libc++abi/BUILD.gn in Chromium. 436 437 file(GLOB LIBCXX_SOURCES "util/bot/libcxx/src/*.cpp") 438 file(GLOB LIBCXXABI_SOURCES "util/bot/libcxxabi/src/*.cpp") 439 440 # This file is meant for exception-less builds. 441 list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/cxa_noexception.cpp") 442 # libc++ also defines new and delete. 443 list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/stdlib_new_delete.cpp") 444 if(TSAN) 445 # ThreadSanitizer tries to intercept these symbols. Skip them to avoid 446 # symbol conflicts. 447 list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/cxa_guard.cpp") 448 endif() 449 450 add_library(libcxxabi ${LIBCXXABI_SOURCES}) 451 target_compile_definitions( 452 libcxxabi PRIVATE 453 -D_LIBCPP_ENABLE_CXX17_REMOVED_UNEXPECTED_FUNCTIONS 454 ) 455 456 add_library(libcxx ${LIBCXX_SOURCES}) 457 if(ASAN OR MSAN OR TSAN) 458 # Sanitizers try to intercept new and delete. 459 target_compile_definitions( 460 libcxx PRIVATE 461 -D_LIBCPP_DISABLE_NEW_DELETE_DEFINITIONS 462 ) 463 endif() 464 target_compile_definitions( 465 libcxx PRIVATE 466 -D_LIBCPP_BUILDING_LIBRARY 467 -DLIBCXX_BUILDING_LIBCXXABI 468 -DLIBC_NAMESPACE=bssl_llvm_libc 469 ) 470 # LLVM libc++ depends on some shared headers from LLVM libc. 471 target_include_directories(libcxx PRIVATE util/bot/llvm-libc) 472 set_target_properties( 473 libcxx libcxxabi PROPERTIES 474 COMPILE_FLAGS "-Wno-missing-prototypes -Wno-implicit-fallthrough" 475 # libc++ and libc++abi must be built in C++23 mode. 476 CXX_STANDARD 23 477 CXX_STANDARD_REQUIRED TRUE 478 ) 479 # libc++abi depends on libc++ internal headers. 480 set_property(TARGET libcxx libcxxabi APPEND PROPERTY INCLUDE_DIRECTORIES "${CMAKE_CURRENT_SOURCE_DIR}/util/bot/libcxx/src") 481 target_link_libraries(libcxx libcxxabi) 482endif() 483 484# Add minimal googletest targets. The provided one has many side-effects, and 485# googletest has a very straightforward build. 486add_library( 487 boringssl_gtest 488 third_party/googletest/googlemock/src/gmock-all.cc 489 third_party/googletest/googletest/src/gtest-all.cc 490) 491if(USE_CUSTOM_LIBCXX) 492 target_link_libraries(boringssl_gtest libcxx) 493endif() 494target_include_directories( 495 boringssl_gtest 496 PUBLIC 497 third_party/googletest/googlemock/include 498 third_party/googletest/googletest/include 499 PRIVATE 500 third_party/googletest/googlemock 501 third_party/googletest/googletest 502) 503 504# Declare a dummy target to build all unit tests. Test targets should inject 505# themselves as dependencies next to the target definition. 506add_custom_target(all_tests) 507 508add_subdirectory(ssl/test) 509add_subdirectory(util/fipstools) 510add_subdirectory(util/fipstools/acvp/modulewrapper) 511 512if(OPENSSL_ASM) 513 set(CRYPTO_SOURCES_ASM_USED ${CRYPTO_SOURCES_ASM}) 514 set(BCM_SOURCES_ASM_USED ${BCM_SOURCES_ASM}) 515 set(TEST_SUPPORT_SOURCES_ASM_USED ${TEST_SUPPORT_SOURCES_ASM}) 516elseif(OPENSSL_NASM) 517 set(CRYPTO_SOURCES_ASM_USED ${CRYPTO_SOURCES_NASM}) 518 set(BCM_SOURCES_ASM_USED ${BCM_SOURCES_NASM}) 519 set(TEST_SUPPORT_SOURCES_ASM_USED ${TEST_SUPPORT_SOURCES_NASM}) 520endif() 521 522if(FIPS_DELOCATE AND FIPS_SHARED) 523 message(FATAL_ERROR "Can't set both delocate and shared mode for FIPS build") 524endif() 525 526# OSS-Fuzz relies on BORINGSSL_ALLOW_CXX_RUNTIME because -fno-rtti and 527# -fsanitize=vptr are incompatible. 528set(NO_CXX_RUNTIME_FLAGS) 529if(NOT MSVC AND NOT BORINGSSL_ALLOW_CXX_RUNTIME) 530 # Without -fno-exceptions, use of std::unique_ptr emits a call to 531 # std::terminate. 532 set(NO_CXX_RUNTIME_FLAGS -fno-exceptions -fno-rtti) 533endif() 534 535if(FIPS_DELOCATE) 536 add_library(bcm_c_generated_asm STATIC ${BCM_SOURCES}) 537 # The C++ code in libcrypto shouldn't depend on libstdc++. 538 target_compile_options(bcm_c_generated_asm PRIVATE $<$<COMPILE_LANGUAGE:CXX>:${NO_CXX_RUNTIME_FLAGS}> "-S") 539 add_dependencies(bcm_c_generated_asm boringssl_prefix_symbols) 540 target_include_directories(bcm_c_generated_asm PRIVATE ${PROJECT_SOURCE_DIR}/include) 541 set_target_properties(bcm_c_generated_asm PROPERTIES POSITION_INDEPENDENT_CODE ON) 542 if(CLANG) 543 # Clang warns when passing both -c (from CMake) and -S. 544 target_compile_options(bcm_c_generated_asm PRIVATE "-Wno-unused-command-line-argument") 545 endif() 546 547 set(TARGET_FLAG "") 548 if(CMAKE_ASM_COMPILER_TARGET) 549 set(TARGET_FLAG "--target=${CMAKE_ASM_COMPILER_TARGET}") 550 endif() 551 552 go_executable(delocate boringssl.googlesource.com/boringssl/util/fipstools/delocate) 553 add_custom_command( 554 OUTPUT bcm-delocated.S 555 COMMAND ${CMAKE_CURRENT_BINARY_DIR}/delocate 556 -a $<TARGET_FILE:bcm_c_generated_asm> 557 -o ${CMAKE_CURRENT_BINARY_DIR}/bcm-delocated.S 558 -cc ${CMAKE_ASM_COMPILER} 559 -cc-flags "${TARGET_FLAG} ${CMAKE_ASM_FLAGS}" 560 ${BCM_SOURCES_ASM_USED} 561 ${CRYPTO_HEADERS} 562 DEPENDS bcm_c_generated_asm 563 delocate 564 ${BCM_SOURCES_ASM_USED} 565 ${CRYPTO_HEADERS} 566 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} 567 ) 568 569 add_library(bcm_hashunset STATIC bcm-delocated.S) 570 set_target_properties(bcm_hashunset PROPERTIES POSITION_INDEPENDENT_CODE ON) 571 set_target_properties(bcm_hashunset PROPERTIES LINKER_LANGUAGE C) 572 573 go_executable(inject_hash 574 boringssl.googlesource.com/boringssl/util/fipstools/inject_hash) 575 add_custom_command( 576 OUTPUT bcm.o 577 COMMAND ./inject_hash -o bcm.o -in-archive $<TARGET_FILE:bcm_hashunset> 578 DEPENDS bcm_hashunset inject_hash 579 WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} 580 ) 581 set(CRYPTO_FIPS_OBJECTS bcm.o) 582elseif(FIPS_SHARED) 583 if(NOT BUILD_SHARED_LIBS) 584 message(FATAL_ERROR "FIPS_SHARED set but not BUILD_SHARED_LIBS") 585 endif() 586 587 add_library(bcm_library STATIC ${BCM_SOURCES} ${BCM_SOURCES_ASM_USED}) 588 # The C++ code in libcrypto shouldn't depend on libstdc++. 589 target_compile_options(bcm_library PRIVATE $<$<COMPILE_LANGUAGE:CXX>:${NO_CXX_RUNTIME_FLAGS}>) 590 add_dependencies(bcm_library boringssl_prefix_symbols) 591 target_include_directories(bcm_library PRIVATE ${PROJECT_SOURCE_DIR}/include) 592 593 add_custom_command( 594 OUTPUT bcm.o 595 COMMAND ${CMAKE_LINKER} -r -T ${CMAKE_CURRENT_SOURCE_DIR}/crypto/fipsmodule/fips_shared.lds -o bcm.o --whole-archive $<TARGET_FILE:bcm_library> 596 DEPENDS bcm_library crypto/fipsmodule/fips_shared.lds 597 WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} 598 ) 599 set(CRYPTO_FIPS_OBJECTS bcm.o) 600else() 601 add_library(fipsmodule OBJECT ${BCM_SOURCES} ${BCM_SOURCES_ASM_USED}) 602 # The C++ code in libcrypto shouldn't depend on libstdc++. 603 target_compile_options(fipsmodule PRIVATE $<$<COMPILE_LANGUAGE:CXX>:${NO_CXX_RUNTIME_FLAGS}>) 604 add_dependencies(fipsmodule boringssl_prefix_symbols) 605 target_include_directories(fipsmodule PRIVATE ${PROJECT_SOURCE_DIR}/include) 606 set(CRYPTO_FIPS_OBJECTS $<TARGET_OBJECTS:fipsmodule>) 607endif() 608 609add_library(crypto ${CRYPTO_SOURCES} ${CRYPTO_FIPS_OBJECTS} ${CRYPTO_SOURCES_ASM_USED}) 610 # The C++ code in libcrypto shouldn't depend on libstdc++. 611target_compile_options(crypto PRIVATE $<$<COMPILE_LANGUAGE:CXX>:${NO_CXX_RUNTIME_FLAGS}>) 612target_include_directories(crypto PUBLIC 613 $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include> 614 $<INSTALL_INTERFACE:include> 615) 616set_property(TARGET crypto PROPERTY EXPORT_NAME Crypto) 617 618if(FIPS_SHARED) 619 # Rewrite libcrypto.so to inject the correct module hash value. This assumes 620 # UNIX-style library naming, but we only support FIPS mode on Linux anyway. 621 add_custom_command( 622 TARGET crypto POST_BUILD 623 COMMAND ${GO_EXECUTABLE} run 624 ${CMAKE_CURRENT_SOURCE_DIR}/util/fipstools/inject_hash/inject_hash.go 625 -o libcrypto.so -in-object libcrypto.so 626 # The DEPENDS argument to a POST_BUILD rule appears to be ignored. Thus 627 # go_executable isn't used (as it doesn't get built), but we list this 628 # dependency anyway in case it starts working in some CMake version. 629 DEPENDS util/fipstools/inject_hash/inject_hash.go 630 WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} 631 ) 632endif() 633 634add_dependencies(crypto boringssl_prefix_symbols) 635if(WIN32) 636 target_link_libraries(crypto ws2_32) 637endif() 638 639# CMAKE_SYSTEM_NAME is "Generic" for embedded OSes: 640# https://cmake.org/cmake/help/book/mastering-cmake/chapter/Cross%20Compiling%20With%20CMake.html#toolchain-files 641# 642# For now we assume embedded OSes do not have threads. Additionally, the Threads 643# package does not work with Android, but Android does not require any extra 644# parameters to link pthreads. 645if(NOT CMAKE_SYSTEM_NAME MATCHES "^(Generic|Android)$") 646 find_package(Threads REQUIRED) 647 target_link_libraries(crypto Threads::Threads) 648endif() 649 650# Every target depends on crypto, so we add libcxx as a dependency here to 651# simplify injecting it everywhere. 652if(USE_CUSTOM_LIBCXX) 653 target_link_libraries(crypto libcxx) 654endif() 655 656add_library(ssl ${SSL_SOURCES}) 657# Although libssl also provides headers that require an include directory, the 658# flag is already specified by libcrypto, so we omit target_include_directories 659# here. 660set_property(TARGET ssl PROPERTY EXPORT_NAME SSL) 661target_link_libraries(ssl crypto) 662 663add_library(decrepit ${DECREPIT_SOURCES}) 664target_link_libraries(decrepit crypto ssl) 665 666add_library(test_support_lib STATIC 667 ${TEST_SUPPORT_SOURCES} ${TEST_SUPPORT_SOURCES_ASM_USED}) 668if(LIBUNWIND_FOUND) 669 target_compile_options(test_support_lib PRIVATE ${LIBUNWIND_CFLAGS_OTHER}) 670 target_include_directories(test_support_lib PRIVATE ${LIBUNWIND_INCLUDE_DIRS}) 671 target_link_libraries(test_support_lib ${LIBUNWIND_LDFLAGS}) 672endif() 673if(WIN32) 674 target_link_libraries(test_support_lib dbghelp) 675endif() 676target_link_libraries(test_support_lib boringssl_gtest crypto) 677 678# urandom_test is a separate binary because it needs to be able to observe the 679# PRNG initialisation, which means that it can't have other tests running before 680# it does. 681add_executable(urandom_test ${URANDOM_TEST_SOURCES}) 682target_link_libraries(urandom_test test_support_lib boringssl_gtest crypto) 683add_dependencies(all_tests urandom_test) 684 685add_executable(crypto_test ${CRYPTO_TEST_SOURCES}) 686target_link_libraries(crypto_test test_support_lib boringssl_gtest crypto) 687add_dependencies(all_tests crypto_test) 688 689add_executable(ssl_test ${SSL_TEST_SOURCES}) 690target_link_libraries(ssl_test test_support_lib boringssl_gtest ssl crypto) 691add_dependencies(all_tests ssl_test) 692add_executable(decrepit_test ${DECREPIT_TEST_SOURCES}) 693target_link_libraries(decrepit_test test_support_lib boringssl_gtest 694 decrepit crypto) 695add_dependencies(all_tests decrepit_test) 696 697if(APPLE) 698 set(PKI_CXX_FLAGS "-fno-aligned-new") 699endif() 700 701add_library(pki ${PKI_SOURCES}) 702target_link_libraries(pki crypto) 703 704add_executable(pki_test ${PKI_TEST_SOURCES}) 705target_link_libraries(pki_test test_support_lib boringssl_gtest pki crypto) 706add_dependencies(all_tests pki_test) 707 708set_target_properties( 709 pki pki_test 710 PROPERTIES 711 COMPILE_FLAGS "${PKI_CXX_FLAGS}") 712 713add_executable(bssl ${BSSL_SOURCES}) 714target_link_libraries(bssl ssl crypto) 715 716# Historically, targets were built in subdirectories. For compatibility with 717# existing tools, we, for now, copy the targets into the subdirectories. This 718# will be removed sometime in 2024. 719copy_post_build(crypto crypto crypto_test urandom_test) 720copy_post_build(ssl ssl ssl_test) 721copy_post_build(decrepit decrepit decrepit_test) 722copy_post_build(tool bssl) 723 724if(FUZZ) 725 if(LIBFUZZER_FROM_DEPS) 726 file(GLOB LIBFUZZER_SOURCES "util/bot/libFuzzer/*.cpp") 727 add_library(Fuzzer STATIC ${LIBFUZZER_SOURCES}) 728 # libFuzzer does not pass our aggressive warnings. It also must be built 729 # without -fsanitize-coverage options or clang crashes. 730 set_target_properties( 731 Fuzzer PROPERTIES 732 COMPILE_FLAGS "-Wno-shadow -Wno-format-nonliteral -Wno-missing-prototypes -fsanitize-coverage=0" 733 ) 734 endif() 735 736 add_subdirectory(fuzz) 737endif() 738 739if(RUST_BINDINGS) 740 find_program(BINDGEN_EXECUTABLE bindgen) 741 if(NOT BINDGEN_EXECUTABLE) 742 message(FATAL_ERROR "Could not find bindgen but was asked to generate Rust bindings.") 743 else() 744 add_subdirectory(rust) 745 endif() 746endif() 747 748if(CMAKE_SYSTEM_NAME STREQUAL "Linux") 749 set(HANDSHAKER_ARGS "-handshaker-path" $<TARGET_FILE:handshaker>) 750endif() 751 752if(FIPS) 753 add_custom_target( 754 acvp_tests 755 COMMAND ${GO_EXECUTABLE} build -o ${CMAKE_CURRENT_BINARY_DIR}/acvptool 756 boringssl.googlesource.com/boringssl/util/fipstools/acvp/acvptool 757 COMMAND ${GO_EXECUTABLE} build -o ${CMAKE_CURRENT_BINARY_DIR}/testmodulewrapper 758 boringssl.googlesource.com/boringssl/util/fipstools/acvp/acvptool/testmodulewrapper 759 COMMAND cd util/fipstools/acvp/acvptool/test && 760 ${GO_EXECUTABLE} run check_expected.go 761 -tool ${CMAKE_CURRENT_BINARY_DIR}/acvptool 762 -module-wrappers modulewrapper:$<TARGET_FILE:modulewrapper>,testmodulewrapper:${CMAKE_CURRENT_BINARY_DIR}/testmodulewrapper 763 -tests tests.json 764 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} 765 DEPENDS modulewrapper 766 USES_TERMINAL) 767 768 add_custom_target( 769 fips_specific_tests_if_any 770 DEPENDS acvp_tests 771 ) 772else() 773 add_custom_target(fips_specific_tests_if_any) 774endif() 775 776file(STRINGS util/go_tests.txt GO_TESTS) 777set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS 778 util/go_tests.txt) 779 780if(GO_EXECUTABLE) 781 add_custom_target( 782 run_tests 783 COMMAND ${CMAKE_COMMAND} -E echo "Running Go tests" 784 COMMAND ${GO_EXECUTABLE} test ${GO_TESTS} 785 COMMAND ${CMAKE_COMMAND} -E echo 786 COMMAND ${CMAKE_COMMAND} -E echo "Running unit tests" 787 COMMAND ${GO_EXECUTABLE} run util/all_tests.go -build-dir 788 ${CMAKE_CURRENT_BINARY_DIR} 789 COMMAND ${CMAKE_COMMAND} -E echo 790 COMMAND ${CMAKE_COMMAND} -E echo "Running SSL tests" 791 COMMAND cd ssl/test/runner && 792 ${GO_EXECUTABLE} test -shim-path $<TARGET_FILE:bssl_shim> 793 ${HANDSHAKER_ARGS} ${RUNNER_ARGS} 794 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} 795 DEPENDS all_tests bssl_shim handshaker fips_specific_tests_if_any 796 USES_TERMINAL) 797else() 798 add_custom_target( 799 run_tests 800 COMMAND ${CMAKE_COMMAND} -E echo "Running tests requires Go" 801 COMMAND ${CMAKE_COMMAND} -E false) 802endif() 803 804if(INSTALL_ENABLED) 805 install(TARGETS crypto ssl EXPORT OpenSSLTargets) 806 install(TARGETS bssl) 807 install(DIRECTORY include/ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) 808 install(EXPORT OpenSSLTargets 809 FILE OpenSSLTargets.cmake 810 NAMESPACE OpenSSL:: 811 DESTINATION lib/cmake/OpenSSL) 812 install(FILES cmake/OpenSSLConfig.cmake DESTINATION lib/cmake/OpenSSL) 813endif() 814