1cmake_minimum_required(VERSION 3.16) 2 3# Defer enabling C and CXX languages. 4project(BoringSSL NONE) 5 6# Don't install BoringSSL to system directories by default; it has no stable 7# ABI. Instead, default to an "install" directory under the source. 8if(CMAKE_INSTALL_PREFIX_INITIALIZED_TO_DEFAULT) 9 set(CMAKE_INSTALL_PREFIX ${CMAKE_SOURCE_DIR}/install CACHE PATH "" FORCE) 10endif() 11 12if(WIN32) 13 # On Windows, prefer cl over gcc if both are available. By default most of 14 # the CMake generators prefer gcc, even on Windows. 15 set(CMAKE_GENERATOR_CC cl) 16endif() 17 18include(cmake/go.cmake) 19include(cmake/paths.cmake) 20include(gen/sources.cmake) 21 22enable_language(C) 23enable_language(CXX) 24 25include(GNUInstallDirs) 26 27set(INSTALL_ENABLED 1) 28 29if(CMAKE_SYSTEM_NAME STREQUAL "Linux" AND NOT CMAKE_CROSSCOMPILING) 30 find_package(PkgConfig QUIET) 31 if (PkgConfig_FOUND) 32 pkg_check_modules(LIBUNWIND libunwind-generic>=1.3.0) 33 if(LIBUNWIND_FOUND) 34 add_definitions(-DBORINGSSL_HAVE_LIBUNWIND) 35 else() 36 message("libunwind not found. Disabling unwind tests.") 37 endif() 38 else() 39 message("pkgconfig not found. Disabling unwind tests.") 40 endif() 41endif() 42 43string(TOLOWER "${CMAKE_BUILD_TYPE}" CMAKE_BUILD_TYPE_LOWER) 44if(NOT FIPS) 45 if(CMAKE_BUILD_TYPE_LOWER STREQUAL "relwithassert" OR 46 NOT CMAKE_BUILD_TYPE_LOWER MATCHES "rel") 47 add_definitions(-DBORINGSSL_DISPATCH_TEST) 48 # CMake automatically connects include_directories to the NASM 49 # command-line, but not add_definitions. 50 set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DBORINGSSL_DISPATCH_TEST") 51 endif() 52endif() 53 54# Add a RelWithAsserts build configuration. It is the same as Release, except it 55# does not define NDEBUG, so asserts run. 56foreach(VAR CMAKE_C_FLAGS CMAKE_CXX_FLAGS CMAKE_ASM_FLAGS) 57 string(REGEX REPLACE "(^| )[/-]DNDEBUG( |$)" " " "${VAR}_RELWITHASSERTS" 58 "${${VAR}_RELEASE}") 59endforeach() 60 61if(BORINGSSL_PREFIX AND BORINGSSL_PREFIX_SYMBOLS) 62 require_go() 63 add_definitions(-DBORINGSSL_PREFIX=${BORINGSSL_PREFIX}) 64 # CMake automatically connects include_directories to the NASM command-line, 65 # but not add_definitions. 66 set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -DBORINGSSL_PREFIX=${BORINGSSL_PREFIX}") 67 68 # Use "symbol_prefix_include" to store generated header files 69 include_directories(${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include) 70 add_custom_command( 71 OUTPUT symbol_prefix_include/boringssl_prefix_symbols.h 72 symbol_prefix_include/boringssl_prefix_symbols_asm.h 73 symbol_prefix_include/boringssl_prefix_symbols_nasm.inc 74 COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include 75 COMMAND ${GO_EXECUTABLE} run ${CMAKE_CURRENT_SOURCE_DIR}/util/make_prefix_headers.go -out ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include ${BORINGSSL_PREFIX_SYMBOLS} 76 DEPENDS util/make_prefix_headers.go 77 ${BORINGSSL_PREFIX_SYMBOLS}) 78 79 # add_dependencies needs a target, not a file, so we add an intermediate 80 # target. 81 add_custom_target( 82 boringssl_prefix_symbols 83 DEPENDS symbol_prefix_include/boringssl_prefix_symbols.h 84 symbol_prefix_include/boringssl_prefix_symbols_asm.h 85 symbol_prefix_include/boringssl_prefix_symbols_nasm.inc) 86elseif(BORINGSSL_PREFIX OR BORINGSSL_PREFIX_SYMBOLS) 87 message(FATAL_ERROR "Must specify both or neither of BORINGSSL_PREFIX and BORINGSSL_PREFIX_SYMBOLS") 88else() 89 add_custom_target(boringssl_prefix_symbols) 90endif() 91 92if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") 93 set(CLANG 1) 94endif() 95 96if(CMAKE_SYSTEM_NAME STREQUAL "Emscripten") 97 set(EMSCRIPTEN 1) 98endif() 99 100set(CMAKE_CXX_STANDARD 14) 101set(CMAKE_CXX_STANDARD_REQUIRED ON) 102set(CMAKE_C_STANDARD 11) 103set(CMAKE_C_STANDARD_REQUIRED ON) 104 105if(CMAKE_COMPILER_IS_GNUCXX OR CLANG) 106 # Note clang-cl is odd and sets both CLANG and MSVC. We base our configuration 107 # primarily on our normal Clang one. 108 set(C_CXX_FLAGS "-Werror -Wformat=2 -Wsign-compare -Wwrite-strings -Wvla -Wshadow -Wtype-limits -Wmissing-field-initializers") 109 if(MSVC) 110 # clang-cl sets different default warnings than clang. It also treats -Wall 111 # as -Weverything, to match MSVC. Instead -W3 is the alias for -Wall. 112 # See http://llvm.org/viewvc/llvm-project?view=revision&revision=319116 113 set(C_CXX_FLAGS "${C_CXX_FLAGS} -W3 -Wno-unused-parameter -fmsc-version=1900") 114 else() 115 if(EMSCRIPTEN) 116 # emscripten's emcc/clang does not accept the "-ggdb" flag. 117 set(C_CXX_FLAGS "${C_CXX_FLAGS} -g") 118 else() 119 set(C_CXX_FLAGS "${C_CXX_FLAGS} -ggdb") 120 endif() 121 122 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wall -fvisibility=hidden -fno-common") 123 endif() 124 125 if(CLANG) 126 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wnewline-eof -Wextra-semi -fcolor-diagnostics") 127 else() 128 # GCC (at least 4.8.4) has a bug where it'll find unreachable free() calls 129 # and declare that the code is trying to free a stack pointer. 130 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wno-free-nonheap-object") 131 endif() 132 133 # -Wstring-concatenation was added in Clang 12.0.0, which corresponds to 134 # AppleClang 13.0.0 per the table in 135 # https://en.wikipedia.org/wiki/Xcode#Toolchain_versions 136 if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND 137 CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "12.0.0") OR 138 (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND 139 CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0.0")) 140 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wstring-concatenation") 141 endif() 142 143 # Clang 12's -Wframe-larger-than reportedly does not work in clang-cl. See 144 # https://crbug.com/boringssl/709. Clang 13 includes the following fix, which 145 # may be related. Speculatively gate on Clang 13. That corresponds to 146 # AppleClang 13.1.6. 147 # https://github.com/llvm/llvm-project/commit/6aaf4fa2885600b0e31042071ad06f78218ab0f2 148 if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND 149 CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.0.0") OR 150 (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND 151 CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "13.1.6")) 152 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wframe-larger-than=25344") 153 endif() 154 155 # -Wctad-maybe-unsupported was added in Clang 10, which is AppleClang 12.0.0. 156 if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND 157 CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "10.0.0") OR 158 (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND 159 CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "12.0.0")) 160 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wctad-maybe-unsupported") 161 endif() 162 163 if(CLANG OR CMAKE_C_COMPILER_VERSION VERSION_GREATER_EQUAL "7.0.0") 164 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wimplicit-fallthrough") 165 endif() 166 167 if(CMAKE_COMPILER_IS_GNUCXX) 168 set(C_CXX_FLAGS "${C_CXX_FLAGS} -Wformat-signedness") 169 endif() 170 171 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} ${C_CXX_FLAGS} -Wmissing-prototypes -Wold-style-definition -Wstrict-prototypes") 172 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} ${C_CXX_FLAGS} -Wmissing-declarations -Wnon-virtual-dtor") 173 174 # In GCC, -Wmissing-declarations is the C++ spelling of -Wmissing-prototypes 175 # and using the wrong one is an error. In Clang, -Wmissing-prototypes is the 176 # spelling for both and -Wmissing-declarations is some other warning. 177 # 178 # https://gcc.gnu.org/onlinedocs/gcc-7.1.0/gcc/Warning-Options.html#Warning-Options 179 # https://clang.llvm.org/docs/DiagnosticsReference.html#wmissing-prototypes 180 # https://clang.llvm.org/docs/DiagnosticsReference.html#wmissing-declarations 181 if(CLANG) 182 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wmissing-prototypes") 183 endif() 184elseif(MSVC) 185 set(MSVC_DISABLED_WARNINGS_LIST 186 "C4100" # 'exarg' : unreferenced formal parameter 187 "C4127" # conditional expression is constant 188 "C4244" # 'function' : conversion from 'int' to 'uint8_t', 189 # possible loss of data 190 "C4267" # conversion from 'size_t' to 'int', possible loss of data 191 "C4706" # assignment within conditional expression 192 ) 193 string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR 194 ${MSVC_DISABLED_WARNINGS_LIST}) 195 set(CMAKE_C_FLAGS "-utf-8 -W4 -WX ${MSVC_DISABLED_WARNINGS_STR}") 196 # Without /Zc:__cplusplus, MSVC does not define the right value for 197 # __cplusplus. See https://devblogs.microsoft.com/cppblog/msvc-now-correctly-reports-__cplusplus/ 198 # If this becomes too problematic for downstream code, we can look at 199 # _MSVC_LANG. 200 set(CMAKE_CXX_FLAGS "-utf-8 -W4 -WX ${MSVC_DISABLED_WARNINGS_STR} -Zc:__cplusplus") 201endif() 202 203if(WIN32) 204 add_definitions(-D_HAS_EXCEPTIONS=0) 205 add_definitions(-DWIN32_LEAN_AND_MEAN) 206 add_definitions(-DNOMINMAX) 207 # Allow use of fopen. 208 add_definitions(-D_CRT_SECURE_NO_WARNINGS) 209endif() 210 211# pthread_rwlock_t on Linux requires a feature flag. We limit this to Linux 212# because, on Apple platforms, it instead disables APIs we use. See compat(5) 213# and sys/cdefs.h. Reportedly, FreeBSD also breaks when this is set. See 214# https://crbug.com/boringssl/471. 215if(CMAKE_SYSTEM_NAME STREQUAL "Linux") 216 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=700") 217endif() 218 219if(FUZZ) 220 if(NOT CLANG) 221 message(FATAL_ERROR "You need to build with Clang for fuzzing to work") 222 endif() 223 224 if(CMAKE_C_COMPILER_VERSION VERSION_LESS "6.0.0") 225 message(FATAL_ERROR "You need Clang ≥ 6.0.0") 226 endif() 227 228 add_definitions(-DBORINGSSL_UNSAFE_DETERMINISTIC_MODE) 229 set(RUNNER_ARGS "-deterministic") 230 231 if(NOT NO_FUZZER_MODE) 232 add_definitions(-DBORINGSSL_UNSAFE_FUZZER_MODE) 233 set(RUNNER_ARGS ${RUNNER_ARGS} "-fuzzer" "-shim-config" "fuzzer_mode.json") 234 endif() 235 236 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address,fuzzer-no-link -fsanitize-coverage=edge,indirect-calls") 237 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address,fuzzer-no-link -fsanitize-coverage=edge,indirect-calls") 238endif() 239 240add_definitions(-DBORINGSSL_IMPLEMENTATION) 241 242if(BUILD_SHARED_LIBS) 243 add_definitions(-DBORINGSSL_SHARED_LIBRARY) 244 # Enable position-independent code globally. This is needed because 245 # some library targets are OBJECT libraries. 246 set(CMAKE_POSITION_INDEPENDENT_CODE TRUE) 247endif() 248 249if(MSAN) 250 if(NOT CLANG) 251 message(FATAL_ERROR "Cannot enable MSAN unless using Clang") 252 endif() 253 254 if(ASAN) 255 message(FATAL_ERROR "ASAN and MSAN are mutually exclusive") 256 endif() 257 258 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") 259 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") 260 set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -fsanitize=memory -fsanitize-memory-track-origins -fno-omit-frame-pointer") 261endif() 262 263if(ASAN) 264 if(NOT CLANG) 265 message(FATAL_ERROR "Cannot enable ASAN unless using Clang") 266 endif() 267 268 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer") 269 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=address -fsanitize-address-use-after-scope -fno-omit-frame-pointer") 270endif() 271 272if(CFI) 273 if(NOT CLANG) 274 message(FATAL_ERROR "Cannot enable CFI unless using Clang") 275 endif() 276 277 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -flto=thin") 278 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=cfi -fno-sanitize-trap=cfi -flto=thin") 279 # We use Chromium's copy of clang, which requires -fuse-ld=lld if building 280 # with -flto. That, in turn, can't handle -ggdb. 281 set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fuse-ld=lld") 282 string(REPLACE "-ggdb" "-g" CMAKE_C_FLAGS "${CMAKE_C_FLAGS}") 283 string(REPLACE "-ggdb" "-g" CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS}") 284 # -flto causes object files to contain LLVM bitcode. Mixing those with 285 # assembly output in the same static library breaks the linker. 286 set(OPENSSL_NO_ASM "1") 287endif() 288 289if(TSAN) 290 if(NOT CLANG) 291 message(FATAL_ERROR "Cannot enable TSAN unless using Clang") 292 endif() 293 294 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=thread") 295 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=thread") 296 set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=thread") 297endif() 298 299if(UBSAN) 300 if(NOT CLANG) 301 message(FATAL_ERROR "Cannot enable UBSAN unless using Clang") 302 endif() 303 304 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fsanitize=undefined") 305 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fsanitize=undefined") 306 set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fsanitize=undefined") 307 308 if(NOT UBSAN_RECOVER) 309 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fno-sanitize-recover=undefined") 310 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fno-sanitize-recover=undefined") 311 set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} -fno-sanitize-recover=undefined") 312 endif() 313endif() 314 315if(GCOV) 316 set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fprofile-arcs -ftest-coverage") 317 set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -fprofile-arcs -ftest-coverage") 318endif() 319 320if(FIPS) 321 require_go() 322 add_definitions(-DBORINGSSL_FIPS) 323 if(FIPS_BREAK_TEST) 324 add_definitions("-DBORINGSSL_FIPS_BREAK_${FIPS_BREAK_TEST}=1") 325 endif() 326 # The FIPS integrity check does not work for ASan and MSan builds. 327 if(NOT ASAN AND NOT MSAN) 328 if(BUILD_SHARED_LIBS) 329 set(FIPS_SHARED "1") 330 else() 331 set(FIPS_DELOCATE "1") 332 endif() 333 endif() 334 if(FIPS_SHARED) 335 # The Android CMake files set -ffunction-sections and -fdata-sections, 336 # which is incompatible with FIPS_SHARED. 337 set(CMAKE_C_FLAGS 338 "${CMAKE_C_FLAGS} -fno-function-sections -fno-data-sections") 339 set(CMAKE_CXX_FLAGS 340 "${CMAKE_CXX_FLAGS} -fno-function-sections -fno-data-sections") 341 endif() 342endif() 343 344if(OPENSSL_SMALL) 345 add_definitions(-DOPENSSL_SMALL) 346endif() 347 348if(CONSTANT_TIME_VALIDATION) 349 add_definitions(-DBORINGSSL_CONSTANT_TIME_VALIDATION) 350endif() 351 352if(MALLOC_FAILURE_TESTING) 353 add_definitions(-DBORINGSSL_MALLOC_FAILURE_TESTING) 354endif() 355 356if(OPENSSL_NO_ASM) 357 add_definitions(-DOPENSSL_NO_ASM) 358endif() 359 360if(FIPS_DELOCATE OR NOT OPENSSL_NO_ASM) 361 # On x86 and x86_64 Windows, we use the NASM output. 362 if(WIN32 AND CMAKE_SYSTEM_PROCESSOR MATCHES "AMD64|x86_64|amd64|x86|i[3-6]86") 363 enable_language(ASM_NASM) 364 set(OPENSSL_NASM TRUE) 365 set(CMAKE_ASM_NASM_FLAGS "${CMAKE_ASM_NASM_FLAGS} -gcv8") 366 else() 367 enable_language(ASM) 368 if (NOT OPENSSL_NO_ASM) 369 set(OPENSSL_ASM TRUE) 370 endif() 371 # Work around https://gitlab.kitware.com/cmake/cmake/-/issues/20771 in older 372 # CMake versions. 373 if(APPLE AND CMAKE_VERSION VERSION_LESS 3.19) 374 if(CMAKE_OSX_SYSROOT) 375 set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -isysroot \"${CMAKE_OSX_SYSROOT}\"") 376 endif() 377 foreach(arch ${CMAKE_OSX_ARCHITECTURES}) 378 set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -arch ${arch}") 379 endforeach() 380 endif() 381 if(NOT WIN32) 382 set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,--noexecstack") 383 endif() 384 # Clang's integerated assembler does not support debug symbols. 385 if(NOT CMAKE_ASM_COMPILER_ID MATCHES "Clang") 386 set(CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS} -Wa,-g") 387 endif() 388 endif() 389endif() 390 391if(OPENSSL_NO_SSE2_FOR_TESTING) 392 add_definitions(-DOPENSSL_NO_SSE2_FOR_TESTING) 393endif() 394 395if(USE_CUSTOM_LIBCXX) 396 if(NOT CLANG) 397 message(FATAL_ERROR "USE_CUSTOM_LIBCXX only supported with Clang") 398 endif() 399 400 # CMake does not allow installing a library without installing dependencies. 401 # If we installed libcrypto, we'd have to install our custom libc++, which 402 # does not make sense. As this is a test-only configuration, disable 403 # installing. 404 set(INSTALL_ENABLED 0) 405 406 # CMAKE_CXX_FLAGS ends up in the linker flags as well, so use 407 # add_compile_options. There does not appear to be a way to set 408 # language-specific compile-only flags. 409 add_compile_options("-nostdinc++") 410 set(CMAKE_CXX_LINK_FLAGS "${CMAKE_CXX_LINK_FLAGS} -nostdlib++") 411 include_directories( 412 SYSTEM 413 util/bot/libcxx-config 414 util/bot/libcxx/include 415 util/bot/libcxxabi/include 416 ) 417 418 # This is patterned after buildtools/third_party/libc++/BUILD.gn and 419 # buildtools/third_party/libc++abi/BUILD.gn in Chromium. 420 421 file(GLOB LIBCXX_SOURCES "util/bot/libcxx/src/*.cpp") 422 file(GLOB LIBCXXABI_SOURCES "util/bot/libcxxabi/src/*.cpp") 423 424 # This file is meant for exception-less builds. 425 list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/cxa_noexception.cpp") 426 # libc++ also defines new and delete. 427 list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/stdlib_new_delete.cpp") 428 if(TSAN) 429 # ThreadSanitizer tries to intercept these symbols. Skip them to avoid 430 # symbol conflicts. 431 list(REMOVE_ITEM LIBCXXABI_SOURCES "trunk/src/cxa_guard.cpp") 432 endif() 433 434 add_library(libcxxabi ${LIBCXXABI_SOURCES}) 435 target_compile_definitions( 436 libcxxabi PRIVATE 437 -D_LIBCPP_ENABLE_CXX17_REMOVED_UNEXPECTED_FUNCTIONS 438 ) 439 440 add_library(libcxx ${LIBCXX_SOURCES}) 441 if(ASAN OR MSAN OR TSAN) 442 # Sanitizers try to intercept new and delete. 443 target_compile_definitions( 444 libcxx PRIVATE 445 -D_LIBCPP_DISABLE_NEW_DELETE_DEFINITIONS 446 ) 447 endif() 448 target_compile_definitions( 449 libcxx PRIVATE 450 -D_LIBCPP_BUILDING_LIBRARY 451 -DLIBCXX_BUILDING_LIBCXXABI 452 -DLIBC_NAMESPACE=bssl_llvm_libc 453 ) 454 # LLVM libc++ depends on some shared headers from LLVM libc. 455 target_include_directories(libcxx PRIVATE util/bot/llvm-libc) 456 set_target_properties( 457 libcxx libcxxabi PROPERTIES 458 COMPILE_FLAGS "-Wno-missing-prototypes -Wno-implicit-fallthrough" 459 # libc++ and libc++abi must be built in C++23 mode. 460 CXX_STANDARD 23 461 CXX_STANDARD_REQUIRED TRUE 462 ) 463 # libc++abi depends on libc++ internal headers. 464 set_property(TARGET libcxx libcxxabi APPEND PROPERTY INCLUDE_DIRECTORIES "${CMAKE_CURRENT_SOURCE_DIR}/util/bot/libcxx/src") 465 target_link_libraries(libcxx libcxxabi) 466endif() 467 468# Add minimal googletest targets. The provided one has many side-effects, and 469# googletest has a very straightforward build. 470add_library( 471 boringssl_gtest 472 third_party/googletest/googlemock/src/gmock-all.cc 473 third_party/googletest/googletest/src/gtest-all.cc 474) 475if(USE_CUSTOM_LIBCXX) 476 target_link_libraries(boringssl_gtest libcxx) 477endif() 478target_include_directories( 479 boringssl_gtest 480 PUBLIC 481 third_party/googletest/googlemock/include 482 third_party/googletest/googletest/include 483 PRIVATE 484 third_party/googletest/googlemock 485 third_party/googletest/googletest 486) 487 488# Declare a dummy target to build all unit tests. Test targets should inject 489# themselves as dependencies next to the target definition. 490add_custom_target(all_tests) 491 492add_subdirectory(ssl/test) 493add_subdirectory(util/fipstools) 494add_subdirectory(util/fipstools/acvp/modulewrapper) 495 496if(OPENSSL_ASM) 497 set(CRYPTO_SOURCES_ASM_USED ${CRYPTO_SOURCES_ASM}) 498 set(BCM_SOURCES_ASM_USED ${BCM_SOURCES_ASM}) 499 set(TEST_SUPPORT_SOURCES_ASM_USED ${TEST_SUPPORT_SOURCES_ASM}) 500elseif(OPENSSL_NASM) 501 set(CRYPTO_SOURCES_ASM_USED ${CRYPTO_SOURCES_NASM}) 502 set(BCM_SOURCES_ASM_USED ${BCM_SOURCES_NASM}) 503 set(TEST_SUPPORT_SOURCES_ASM_USED ${TEST_SUPPORT_SOURCES_NASM}) 504endif() 505 506if(FIPS_DELOCATE AND FIPS_SHARED) 507 message(FATAL_ERROR "Can't set both delocate and shared mode for FIPS build") 508endif() 509 510# OSS-Fuzz relies on BORINGSSL_ALLOW_CXX_RUNTIME because -fno-rtti and 511# -fsanitize=vptr are incompatible. 512set(NO_CXX_RUNTIME_FLAGS) 513if(NOT MSVC AND NOT BORINGSSL_ALLOW_CXX_RUNTIME) 514 # Without -fno-exceptions, use of std::unique_ptr emits a call to 515 # std::terminate. 516 set(NO_CXX_RUNTIME_FLAGS -fno-exceptions -fno-rtti) 517endif() 518 519if(FIPS_DELOCATE) 520 add_library(bcm_c_generated_asm STATIC ${BCM_SOURCES}) 521 # The C++ code in libcrypto shouldn't depend on libstdc++. 522 target_compile_options(bcm_c_generated_asm PRIVATE $<$<COMPILE_LANGUAGE:CXX>:${NO_CXX_RUNTIME_FLAGS}> "-S") 523 add_dependencies(bcm_c_generated_asm boringssl_prefix_symbols) 524 target_include_directories(bcm_c_generated_asm PRIVATE ${PROJECT_SOURCE_DIR}/include) 525 set_target_properties(bcm_c_generated_asm PROPERTIES POSITION_INDEPENDENT_CODE ON) 526 if(CLANG) 527 # Clang warns when passing both -c (from CMake) and -S. 528 target_compile_options(bcm_c_generated_asm PRIVATE "-Wno-unused-command-line-argument") 529 endif() 530 531 set(TARGET_FLAG "") 532 if(CMAKE_ASM_COMPILER_TARGET) 533 set(TARGET_FLAG "--target=${CMAKE_ASM_COMPILER_TARGET}") 534 endif() 535 536 go_executable(delocate boringssl.googlesource.com/boringssl/util/fipstools/delocate) 537 add_custom_command( 538 OUTPUT bcm-delocated.S 539 COMMAND ${CMAKE_CURRENT_BINARY_DIR}/delocate 540 -a $<TARGET_FILE:bcm_c_generated_asm> 541 -o ${CMAKE_CURRENT_BINARY_DIR}/bcm-delocated.S 542 -cc ${CMAKE_ASM_COMPILER} 543 -cc-flags "${TARGET_FLAG} ${CMAKE_ASM_FLAGS}" 544 ${BCM_SOURCES_ASM_USED} 545 ${CRYPTO_HEADERS} 546 DEPENDS bcm_c_generated_asm 547 delocate 548 ${BCM_SOURCES_ASM_USED} 549 ${CRYPTO_HEADERS} 550 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} 551 ) 552 553 add_library(bcm_hashunset STATIC bcm-delocated.S) 554 set_target_properties(bcm_hashunset PROPERTIES POSITION_INDEPENDENT_CODE ON) 555 set_target_properties(bcm_hashunset PROPERTIES LINKER_LANGUAGE C) 556 557 go_executable(inject_hash 558 boringssl.googlesource.com/boringssl/util/fipstools/inject_hash) 559 add_custom_command( 560 OUTPUT bcm.o 561 COMMAND ./inject_hash -o bcm.o -in-archive $<TARGET_FILE:bcm_hashunset> 562 DEPENDS bcm_hashunset inject_hash 563 WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} 564 ) 565 set(CRYPTO_FIPS_OBJECTS bcm.o) 566elseif(FIPS_SHARED) 567 if(NOT BUILD_SHARED_LIBS) 568 message(FATAL_ERROR "FIPS_SHARED set but not BUILD_SHARED_LIBS") 569 endif() 570 571 add_library(bcm_library STATIC ${BCM_SOURCES} ${BCM_SOURCES_ASM_USED}) 572 # The C++ code in libcrypto shouldn't depend on libstdc++. 573 target_compile_options(bcm_library PRIVATE $<$<COMPILE_LANGUAGE:CXX>:${NO_CXX_RUNTIME_FLAGS}>) 574 add_dependencies(bcm_library boringssl_prefix_symbols) 575 target_include_directories(bcm_library PRIVATE ${PROJECT_SOURCE_DIR}/include) 576 577 add_custom_command( 578 OUTPUT bcm.o 579 COMMAND ${CMAKE_LINKER} -r -T ${CMAKE_CURRENT_SOURCE_DIR}/crypto/fipsmodule/fips_shared.lds -o bcm.o --whole-archive $<TARGET_FILE:bcm_library> 580 DEPENDS bcm_library crypto/fipsmodule/fips_shared.lds 581 WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} 582 ) 583 set(CRYPTO_FIPS_OBJECTS bcm.o) 584else() 585 add_library(fipsmodule OBJECT ${BCM_SOURCES} ${BCM_SOURCES_ASM_USED}) 586 # The C++ code in libcrypto shouldn't depend on libstdc++. 587 target_compile_options(fipsmodule PRIVATE $<$<COMPILE_LANGUAGE:CXX>:${NO_CXX_RUNTIME_FLAGS}>) 588 add_dependencies(fipsmodule boringssl_prefix_symbols) 589 target_include_directories(fipsmodule PRIVATE ${PROJECT_SOURCE_DIR}/include) 590 set(CRYPTO_FIPS_OBJECTS $<TARGET_OBJECTS:fipsmodule>) 591endif() 592 593add_library(crypto ${CRYPTO_SOURCES} ${CRYPTO_FIPS_OBJECTS} ${CRYPTO_SOURCES_ASM_USED}) 594 # The C++ code in libcrypto shouldn't depend on libstdc++. 595target_compile_options(crypto PRIVATE $<$<COMPILE_LANGUAGE:CXX>:${NO_CXX_RUNTIME_FLAGS}>) 596target_include_directories(crypto PUBLIC 597 $<BUILD_INTERFACE:${PROJECT_SOURCE_DIR}/include> 598 $<INSTALL_INTERFACE:include> 599) 600set_property(TARGET crypto PROPERTY EXPORT_NAME Crypto) 601 602if(FIPS_SHARED) 603 # Rewrite libcrypto.so to inject the correct module hash value. This assumes 604 # UNIX-style library naming, but we only support FIPS mode on Linux anyway. 605 add_custom_command( 606 TARGET crypto POST_BUILD 607 COMMAND ${GO_EXECUTABLE} run 608 ${CMAKE_CURRENT_SOURCE_DIR}/util/fipstools/inject_hash/inject_hash.go 609 -o libcrypto.so -in-object libcrypto.so 610 # The DEPENDS argument to a POST_BUILD rule appears to be ignored. Thus 611 # go_executable isn't used (as it doesn't get built), but we list this 612 # dependency anyway in case it starts working in some CMake version. 613 DEPENDS util/fipstools/inject_hash/inject_hash.go 614 WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR} 615 ) 616endif() 617 618add_dependencies(crypto boringssl_prefix_symbols) 619if(WIN32) 620 target_link_libraries(crypto ws2_32) 621endif() 622 623# CMAKE_SYSTEM_NAME is "Generic" for embedded OSes: 624# https://cmake.org/cmake/help/book/mastering-cmake/chapter/Cross%20Compiling%20With%20CMake.html#toolchain-files 625# 626# For now we assume embedded OSes do not have threads. Additionally, the Threads 627# package does not work with Android, but Android does not require any extra 628# parameters to link pthreads. 629if(NOT CMAKE_SYSTEM_NAME MATCHES "^(Generic|Android)$") 630 find_package(Threads REQUIRED) 631 target_link_libraries(crypto Threads::Threads) 632endif() 633 634# Every target depends on crypto, so we add libcxx as a dependency here to 635# simplify injecting it everywhere. 636if(USE_CUSTOM_LIBCXX) 637 target_link_libraries(crypto libcxx) 638endif() 639 640add_library(ssl ${SSL_SOURCES}) 641# Although libssl also provides headers that require an include directory, the 642# flag is already specified by libcrypto, so we omit target_include_directories 643# here. 644set_property(TARGET ssl PROPERTY EXPORT_NAME SSL) 645target_link_libraries(ssl crypto) 646 647add_library(decrepit ${DECREPIT_SOURCES}) 648target_link_libraries(decrepit crypto ssl) 649 650add_library(test_support_lib STATIC 651 ${TEST_SUPPORT_SOURCES} ${TEST_SUPPORT_SOURCES_ASM_USED}) 652if(LIBUNWIND_FOUND) 653 target_compile_options(test_support_lib PRIVATE ${LIBUNWIND_CFLAGS_OTHER}) 654 target_include_directories(test_support_lib PRIVATE ${LIBUNWIND_INCLUDE_DIRS}) 655 target_link_libraries(test_support_lib ${LIBUNWIND_LDFLAGS}) 656endif() 657if(WIN32) 658 target_link_libraries(test_support_lib dbghelp) 659endif() 660target_link_libraries(test_support_lib boringssl_gtest crypto) 661 662# urandom_test is a separate binary because it needs to be able to observe the 663# PRNG initialisation, which means that it can't have other tests running before 664# it does. 665add_executable(urandom_test ${URANDOM_TEST_SOURCES}) 666target_link_libraries(urandom_test test_support_lib boringssl_gtest crypto) 667add_dependencies(all_tests urandom_test) 668 669add_executable(crypto_test ${CRYPTO_TEST_SOURCES}) 670target_link_libraries(crypto_test test_support_lib boringssl_gtest crypto) 671add_dependencies(all_tests crypto_test) 672 673add_executable(ssl_test ${SSL_TEST_SOURCES}) 674target_link_libraries(ssl_test test_support_lib boringssl_gtest ssl crypto) 675add_dependencies(all_tests ssl_test) 676add_executable(decrepit_test ${DECREPIT_TEST_SOURCES}) 677target_link_libraries(decrepit_test test_support_lib boringssl_gtest 678 decrepit crypto) 679add_dependencies(all_tests decrepit_test) 680 681if(APPLE) 682 set(PKI_CXX_FLAGS "-fno-aligned-new") 683endif() 684 685add_library(pki ${PKI_SOURCES}) 686target_link_libraries(pki crypto) 687 688add_executable(pki_test ${PKI_TEST_SOURCES}) 689target_link_libraries(pki_test test_support_lib boringssl_gtest pki crypto) 690add_dependencies(all_tests pki_test) 691 692# The PKI library requires C++17, but we haven't required this everywhere yet. 693# TODO(crbug.com/42290600): Remove the C++17 bits. 694set_target_properties( 695 pki pki_test 696 PROPERTIES 697 CXX_STANDARD 17 698 CXX_STANDARD_REQUIRED YES 699 COMPILE_FLAGS "${PKI_CXX_FLAGS}") 700 701add_executable(bssl ${BSSL_SOURCES}) 702target_link_libraries(bssl ssl crypto) 703 704# Historically, targets were built in subdirectories. For compatibility with 705# existing tools, we, for now, copy the targets into the subdirectories. This 706# will be removed sometime in 2024. 707copy_post_build(crypto crypto crypto_test urandom_test) 708copy_post_build(ssl ssl ssl_test) 709copy_post_build(decrepit decrepit decrepit_test) 710copy_post_build(tool bssl) 711 712if(FUZZ) 713 if(LIBFUZZER_FROM_DEPS) 714 file(GLOB LIBFUZZER_SOURCES "util/bot/libFuzzer/*.cpp") 715 add_library(Fuzzer STATIC ${LIBFUZZER_SOURCES}) 716 # libFuzzer does not pass our aggressive warnings. It also must be built 717 # without -fsanitize-coverage options or clang crashes. 718 set_target_properties( 719 Fuzzer PROPERTIES 720 COMPILE_FLAGS "-Wno-shadow -Wno-format-nonliteral -Wno-missing-prototypes -fsanitize-coverage=0" 721 # libFuzzer requires C++17, but we haven't required this everywhere yet. 722 # TODO(crbug.com/42290600): Remove this. 723 CXX_STANDARD 17 724 CXX_STANDARD_REQUIRED TRUE 725 ) 726 endif() 727 728 add_subdirectory(fuzz) 729endif() 730 731if(RUST_BINDINGS) 732 find_program(BINDGEN_EXECUTABLE bindgen) 733 if(NOT BINDGEN_EXECUTABLE) 734 message(FATAL_ERROR "Could not find bindgen but was asked to generate Rust bindings.") 735 else() 736 add_subdirectory(rust) 737 endif() 738endif() 739 740if(CMAKE_SYSTEM_NAME STREQUAL "Linux") 741 set(HANDSHAKER_ARGS "-handshaker-path" $<TARGET_FILE:handshaker>) 742endif() 743 744if(FIPS) 745 add_custom_target( 746 acvp_tests 747 COMMAND ${GO_EXECUTABLE} build -o ${CMAKE_CURRENT_BINARY_DIR}/acvptool 748 boringssl.googlesource.com/boringssl/util/fipstools/acvp/acvptool 749 COMMAND ${GO_EXECUTABLE} build -o ${CMAKE_CURRENT_BINARY_DIR}/testmodulewrapper 750 boringssl.googlesource.com/boringssl/util/fipstools/acvp/acvptool/testmodulewrapper 751 COMMAND cd util/fipstools/acvp/acvptool/test && 752 ${GO_EXECUTABLE} run check_expected.go 753 -tool ${CMAKE_CURRENT_BINARY_DIR}/acvptool 754 -module-wrappers modulewrapper:$<TARGET_FILE:modulewrapper>,testmodulewrapper:${CMAKE_CURRENT_BINARY_DIR}/testmodulewrapper 755 -tests tests.json 756 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} 757 DEPENDS modulewrapper 758 USES_TERMINAL) 759 760 add_custom_target( 761 fips_specific_tests_if_any 762 DEPENDS acvp_tests 763 ) 764else() 765 add_custom_target(fips_specific_tests_if_any) 766endif() 767 768file(STRINGS util/go_tests.txt GO_TESTS) 769set_property(DIRECTORY APPEND PROPERTY CMAKE_CONFIGURE_DEPENDS 770 util/go_tests.txt) 771 772if(GO_EXECUTABLE) 773 add_custom_target( 774 run_tests 775 COMMAND ${CMAKE_COMMAND} -E echo "Running Go tests" 776 COMMAND ${GO_EXECUTABLE} test ${GO_TESTS} 777 COMMAND ${CMAKE_COMMAND} -E echo 778 COMMAND ${CMAKE_COMMAND} -E echo "Running unit tests" 779 COMMAND ${GO_EXECUTABLE} run util/all_tests.go -build-dir 780 ${CMAKE_CURRENT_BINARY_DIR} 781 COMMAND ${CMAKE_COMMAND} -E echo 782 COMMAND ${CMAKE_COMMAND} -E echo "Running SSL tests" 783 COMMAND cd ssl/test/runner && 784 ${GO_EXECUTABLE} test -shim-path $<TARGET_FILE:bssl_shim> 785 ${HANDSHAKER_ARGS} ${RUNNER_ARGS} 786 WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} 787 DEPENDS all_tests bssl_shim handshaker fips_specific_tests_if_any 788 USES_TERMINAL) 789else() 790 add_custom_target( 791 run_tests 792 COMMAND ${CMAKE_COMMAND} -E echo "Running tests requires Go" 793 COMMAND ${CMAKE_COMMAND} -E false) 794endif() 795 796if(INSTALL_ENABLED) 797 install(TARGETS crypto ssl EXPORT OpenSSLTargets) 798 install(TARGETS bssl) 799 install(DIRECTORY include/ DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}) 800 install(EXPORT OpenSSLTargets 801 FILE OpenSSLTargets.cmake 802 NAMESPACE OpenSSL:: 803 DESTINATION lib/cmake/OpenSSL) 804 install(FILES cmake/OpenSSLConfig.cmake DESTINATION lib/cmake/OpenSSL) 805endif() 806