Skip to main content

openssl_src/
lib.rs

1extern crate cc;
2
3use std::env;
4use std::ffi::{OsStr, OsString};
5use std::fs;
6use std::path::{Path, PathBuf};
7use std::process::Command;
8
9pub fn source_dir() -> PathBuf {
10    Path::new(env!("CARGO_MANIFEST_DIR")).join("openssl")
11}
12
13pub fn version() -> &'static str {
14    env!("CARGO_PKG_VERSION")
15}
16
17pub struct Build {
18    out_dir: Option<PathBuf>,
19    target: Option<String>,
20    host: Option<String>,
21    // Only affects non-windows builds for now.
22    openssl_dir: Option<PathBuf>,
23}
24
25pub struct Artifacts {
26    include_dir: PathBuf,
27    lib_dir: PathBuf,
28    bin_dir: PathBuf,
29    libs: Vec<String>,
30    target: String,
31}
32
33impl Build {
34    pub fn new() -> Build {
35        Build {
36            out_dir: env::var_os("OUT_DIR").map(|s| PathBuf::from(s).join("openssl-build")),
37            target: env::var("TARGET").ok(),
38            host: env::var("HOST").ok(),
39            openssl_dir: Some(PathBuf::from("/usr/local/ssl")),
40        }
41    }
42
43    pub fn out_dir<P: AsRef<Path>>(&mut self, path: P) -> &mut Build {
44        self.out_dir = Some(path.as_ref().to_path_buf());
45        self
46    }
47
48    pub fn target(&mut self, target: &str) -> &mut Build {
49        self.target = Some(target.to_string());
50        self
51    }
52
53    pub fn host(&mut self, host: &str) -> &mut Build {
54        self.host = Some(host.to_string());
55        self
56    }
57
58    pub fn openssl_dir<P: AsRef<Path>>(&mut self, path: P) -> &mut Build {
59        self.openssl_dir = Some(path.as_ref().to_path_buf());
60        self
61    }
62
63    fn cmd_make(&self) -> Result<Command, &'static str> {
64        let host = &self.host.as_ref().ok_or("HOST dir not set")?[..];
65        Ok(
66            if host.contains("dragonfly")
67                || host.contains("freebsd")
68                || host.contains("openbsd")
69                || host.contains("solaris")
70                || host.contains("illumos")
71            {
72                Command::new("gmake")
73            } else {
74                Command::new("make")
75            },
76        )
77    }
78
79    #[cfg(windows)]
80    fn check_env_var(&self, var_name: &str) -> Option<bool> {
81        env::var_os(var_name).and_then(|s| {
82            if s == "1" {
83                // a message to stdout, let user know asm is force enabled
84                println!(
85                    "cargo:warning={}: nasm.exe is force enabled by the \
86                    'OPENSSL_RUST_USE_NASM' env var.",
87                    env!("CARGO_PKG_NAME")
88                );
89                Some(true)
90            } else if s == "0" {
91                // a message to stdout, let user know asm is force disabled
92                println!(
93                    "cargo:warning={}: nasm.exe is force disabled by the \
94                    'OPENSSL_RUST_USE_NASM' env var.",
95                    env!("CARGO_PKG_NAME")
96                );
97                Some(false)
98            } else {
99                println!(
100                    "cargo:warning=The environment variable {} is set to an unacceptable value: {:?}",
101                    var_name, s
102                );
103                None
104            }
105        })
106    }
107
108    #[cfg(windows)]
109    fn is_nasm_ready(&self) -> bool {
110        self.check_env_var("OPENSSL_RUST_USE_NASM")
111            .unwrap_or_else(|| {
112                // On Windows, use cmd `where` command to check if nasm is installed
113                Command::new("cmd")
114                    .args(&["/C", "where nasm"])
115                    .output()
116                    .map(|w| w.status.success())
117                    .unwrap_or(false)
118            })
119    }
120
121    #[cfg(not(windows))]
122    fn is_nasm_ready(&self) -> bool {
123        // We assume that nobody would run nasm.exe on a non-windows system.
124        false
125    }
126
127    /// Exits the process on failure. Use `try_build` to handle the error.
128    pub fn build(&mut self) -> Artifacts {
129        match self.try_build() {
130            Ok(a) => a,
131            Err(e) => {
132                println!("cargo:warning=openssl-src: failed to build OpenSSL from source");
133                eprintln!("\n\n\n{e}\n\n\n");
134                std::process::exit(1);
135            }
136        }
137    }
138
139    pub fn try_build(&mut self) -> Result<Artifacts, String> {
140        let target = &self.target.as_ref().ok_or("TARGET dir not set")?[..];
141        let host = &self.host.as_ref().ok_or("HOST dir not set")?[..];
142        let out_dir = self.out_dir.as_ref().ok_or("OUT_DIR not set")?;
143        let build_dir = out_dir.join("build");
144        let install_dir = out_dir.join("install");
145
146        if build_dir.exists() {
147            fs::remove_dir_all(&build_dir).map_err(|e| format!("build_dir: {e}"))?;
148        }
149        if install_dir.exists() {
150            fs::remove_dir_all(&install_dir).map_err(|e| format!("install_dir: {e}"))?;
151        }
152
153        let inner_dir = build_dir.join("src");
154        fs::create_dir_all(&inner_dir).map_err(|e| format!("{}: {e}", inner_dir.display()))?;
155        cp_r(&source_dir(), &inner_dir)?;
156
157        let perl_program =
158            env::var("OPENSSL_SRC_PERL").unwrap_or(env::var("PERL").unwrap_or("perl".to_string()));
159        let mut configure = Command::new(perl_program);
160        configure.arg("./Configure");
161
162        // Change the install directory to happen inside of the build directory.
163        if host.contains("pc-windows-gnu") {
164            configure.arg(&format!("--prefix={}", sanitize_sh(&install_dir)));
165        } else if host.contains("pc-windows-msvc") || host.contains("win7-windows-msvc") {
166            // On Windows, the prefix argument does not support \ path seperators
167            // when cross compiling.
168            // Always use / as a path seperator instead of \, since that works for both
169            // native and cross builds.
170            configure.arg(&format!(
171                "--prefix={}",
172                install_dir
173                    .to_str()
174                    .ok_or("bad install_dir")?
175                    .replace("\\", "/")
176            ));
177        } else {
178            configure.arg(&format!("--prefix={}", install_dir.display()));
179        }
180
181        // Specify that openssl directory where things are loaded at runtime is
182        // not inside our build directory. Instead this should be located in the
183        // default locations of the OpenSSL build scripts, or as specified by whatever
184        // configured this builder.
185        if target.contains("windows") {
186            configure.arg("--openssldir=SYS$MANAGER:[OPENSSL]");
187        } else {
188            let openssl_dir = self
189                .openssl_dir
190                .as_ref()
191                .ok_or("path to the openssl directory must be set")?;
192            let mut dir_arg: OsString = "--openssldir=".into();
193            dir_arg.push(openssl_dir);
194            configure.arg(dir_arg);
195        }
196
197        configure
198            // No shared objects, we just want static libraries
199            .arg("no-shared")
200            .arg("no-module")
201            // No need to build tests, we won't run them anyway
202            .arg("no-tests")
203            // Nothing related to zlib please
204            .arg("no-comp")
205            .arg("no-zlib")
206            .arg("no-zlib-dynamic")
207            // Avoid multilib-postfix for build targets that specify it
208            .arg("--libdir=lib");
209
210        if cfg!(feature = "no-dso") {
211            // engine requires DSO support
212            if cfg!(feature = "force-engine") {
213                println!("Feature 'force-engine' requires DSO, ignoring 'no-dso' feature.");
214            } else {
215                configure.arg("no-dso");
216            }
217        }
218
219        if cfg!(not(feature = "legacy")) {
220            configure.arg("no-legacy");
221        }
222
223        if cfg!(feature = "ssl3") {
224            configure.arg("enable-ssl3").arg("enable-ssl3-method");
225        } else {
226            // Should be off by default on OpenSSL 1.1.0, but let's be extra sure
227            configure.arg("no-ssl3");
228        }
229
230        if cfg!(feature = "weak-crypto") {
231            configure
232                .arg("enable-md2")
233                .arg("enable-rc5")
234                .arg("enable-weak-ssl-ciphers");
235        } else {
236            configure
237                .arg("no-md2")
238                .arg("no-rc5")
239                .arg("no-weak-ssl-ciphers");
240        }
241
242        if cfg!(not(feature = "camellia")) {
243            configure.arg("no-camellia");
244        }
245
246        if cfg!(not(feature = "idea")) {
247            configure.arg("no-idea");
248        }
249
250        if cfg!(not(feature = "seed")) {
251            configure.arg("no-seed");
252        }
253
254        if cfg!(feature = "ktls") {
255            configure.arg("enable-ktls");
256        }
257
258        if target.contains("musl") {
259            // Engine module fails to compile on musl (it needs linux/version.h
260            // right now) but we don't actually need this most of the time.
261            // Disable engine module unless force-engine feature specified
262            if !cfg!(feature = "force-engine") {
263                configure.arg("no-engine");
264            }
265        } else if target.contains("windows") {
266            // We can build the engine feature, but the build doesn't seem
267            // to correctly pick up crypt32.lib functions such as
268            // `__imp_CertOpenStore` when building the capieng engine.
269            // Let's disable just capieng.
270            configure.arg("no-capieng");
271        }
272
273        if target.contains("musl") {
274            // MUSL doesn't implement some of the libc functions that the async
275            // stuff depends on, and we don't bind to any of that in any case.
276            configure.arg("no-async");
277        }
278
279        // On Android it looks like not passing no-stdio may cause a build
280        // failure (#13), but most other platforms need it for things like
281        // loading system certificates so only disable it on Android.
282        if target.contains("android") {
283            configure.arg("no-stdio");
284        }
285
286        if target.contains("msvc") {
287            // On MSVC we need nasm.exe to compile the assembly files.
288            // ASM compiling will be enabled if nasm.exe is installed, unless
289            // the environment variable `OPENSSL_RUST_USE_NASM` is set.
290            if self.is_nasm_ready() {
291                // a message to stdout, let user know asm is enabled
292                println!(
293                    "{}: Enable the assembly language routines in building OpenSSL.",
294                    env!("CARGO_PKG_NAME")
295                );
296            } else {
297                configure.arg("no-asm");
298            }
299        }
300
301        let os = match target {
302            "aarch64-apple-darwin" => "darwin64-arm64-cc",
303            // Note that this, and all other android targets, aren't using the
304            // `android64-aarch64` (or equivalent) builtin target. That
305            // apparently has a crazy amount of build logic in OpenSSL 1.1.1
306            // that bypasses basically everything `cc` does, so let's just cop
307            // out and say it's linux and hope it works.
308            "aarch64-linux-android" => "linux-aarch64",
309            "aarch64-unknown-freebsd" => "BSD-generic64",
310            "aarch64-unknown-openbsd" => "BSD-generic64",
311            "aarch64-unknown-linux-gnu" => "linux-aarch64",
312            "aarch64-unknown-linux-musl" => "linux-aarch64",
313            "aarch64-alpine-linux-musl" => "linux-aarch64",
314            "aarch64-chimera-linux-musl" => "linux-aarch64",
315            "aarch64-unknown-netbsd" => "BSD-generic64",
316            "aarch64_be-unknown-netbsd" => "BSD-generic64",
317            "aarch64-pc-windows-msvc" => "VC-WIN64-ARM",
318            "aarch64-uwp-windows-msvc" => "VC-WIN64-ARM-UWP",
319            "arm-linux-androideabi" => "linux-armv4",
320            "armv7-linux-androideabi" => "linux-armv4",
321            "arm-unknown-linux-gnueabi" => "linux-armv4",
322            "arm-unknown-linux-gnueabihf" => "linux-armv4",
323            "arm-unknown-linux-musleabi" => "linux-armv4",
324            "arm-unknown-linux-musleabihf" => "linux-armv4",
325            "arm-chimera-linux-musleabihf" => "linux-armv4",
326            "armv5te-unknown-linux-gnueabi" => "linux-armv4",
327            "armv5te-unknown-linux-musleabi" => "linux-armv4",
328            "armv6-unknown-freebsd" => "BSD-generic32",
329            "armv6-alpine-linux-musleabihf" => "linux-armv6",
330            "armv7-unknown-freebsd" => "BSD-armv4",
331            "armv7-unknown-linux-gnueabi" => "linux-armv4",
332            "armv7-unknown-linux-musleabi" => "linux-armv4",
333            "armv7-unknown-linux-gnueabihf" => "linux-armv4",
334            "armv7-unknown-linux-musleabihf" => "linux-armv4",
335            "armv7-alpine-linux-musleabihf" => "linux-armv4",
336            "armv7-chimera-linux-musleabihf" => "linux-armv4",
337            "armv7-unknown-netbsd-eabihf" => "BSD-generic32",
338            "asmjs-unknown-emscripten" => "gcc",
339            "i586-unknown-linux-gnu" => "linux-elf",
340            "i586-unknown-linux-musl" => "linux-elf",
341            "i586-alpine-linux-musl" => "linux-elf",
342            "i586-unknown-netbsd" => "BSD-x86-elf",
343            "i686-apple-darwin" => "darwin-i386-cc",
344            "i686-linux-android" => "linux-elf",
345            "i686-pc-windows-gnu" => "mingw",
346            "i686-pc-windows-msvc" => "VC-WIN32",
347            "i686-win7-windows-msvc" => "VC-WIN32",
348            "i686-unknown-freebsd" => "BSD-x86-elf",
349            "i686-unknown-haiku" => "haiku-x86",
350            "i686-unknown-linux-gnu" => "linux-elf",
351            "i686-unknown-linux-musl" => "linux-elf",
352            "i686-unknown-netbsd" => "BSD-x86-elf",
353            "i686-uwp-windows-msvc" => "VC-WIN32-UWP",
354            "loongarch64-unknown-linux-gnu" => "linux-generic64",
355            "loongarch64-unknown-linux-musl" => "linux-generic64",
356            "mips-unknown-linux-gnu" => "linux-mips32",
357            "mips-unknown-linux-musl" => "linux-mips32",
358            "mips64-unknown-linux-gnuabi64" => "linux64-mips64",
359            "mips64-unknown-linux-muslabi64" => "linux64-mips64",
360            "mips64-openwrt-linux-musl" => "linux64-mips64",
361            "mips64el-unknown-linux-gnuabi64" => "linux64-mips64",
362            "mips64el-unknown-linux-muslabi64" => "linux64-mips64",
363            "mipsel-unknown-linux-gnu" => "linux-mips32",
364            "mipsel-unknown-linux-musl" => "linux-mips32",
365            "powerpc-unknown-freebsd" => "BSD-ppc",
366            "powerpc-unknown-linux-gnu" => "linux-ppc",
367            "powerpc-unknown-linux-gnuspe" => "linux-ppc",
368            "powerpc-chimera-linux-musl" => "linux-ppc",
369            "powerpc-unknown-netbsd" => "BSD-generic32",
370            "powerpc64-unknown-freebsd" => "BSD-ppc64",
371            "powerpc64-unknown-linux-gnu" => "linux-ppc64",
372            "powerpc64-unknown-linux-musl" => "linux-ppc64",
373            "powerpc64-chimera-linux-musl" => "linux-ppc64",
374            "powerpc64le-unknown-freebsd" => "BSD-ppc64le",
375            "powerpc64le-unknown-linux-gnu" => "linux-ppc64le",
376            "powerpc64le-unknown-linux-musl" => "linux-ppc64le",
377            "powerpc64le-alpine-linux-musl" => "linux-ppc64le",
378            "powerpc64le-chimera-linux-musl" => "linux-ppc64le",
379            "riscv64gc-unknown-freebsd" => "BSD-riscv64",
380            "riscv64gc-unknown-linux-gnu" => "linux64-riscv64",
381            "riscv64gc-unknown-linux-musl" => "linux64-riscv64",
382            "riscv64-alpine-linux-musl" => "linux64-riscv64",
383            "riscv64-chimera-linux-musl" => "linux64-riscv64",
384            "riscv64gc-unknown-netbsd" => "BSD-generic64",
385            "s390x-unknown-linux-gnu" => "linux64-s390x",
386            "sparc64-unknown-netbsd" => "BSD-generic64",
387            "sparc64-unknown-linux-gnu" => "linux64-sparcv9",
388            "s390x-unknown-linux-musl" => "linux64-s390x",
389            "s390x-alpine-linux-musl" => "linux64-s390x",
390            "sparcv9-sun-solaris" => "solaris64-sparcv9-gcc",
391            "thumbv7a-uwp-windows-msvc" => "VC-WIN32-ARM-UWP",
392            "x86_64-apple-darwin" => "darwin64-x86_64-cc",
393            "x86_64-linux-android" => "linux-x86_64",
394            "x86_64-linux" => "linux-x86_64",
395            "x86_64-pc-windows-gnu" => "mingw64",
396            "x86_64-pc-windows-gnullvm" => "mingw64",
397            "x86_64-pc-windows-msvc" => "VC-WIN64A",
398            "x86_64-win7-windows-msvc" => "VC-WIN64A",
399            "x86_64-unknown-freebsd" => "BSD-x86_64",
400            "x86_64-unknown-dragonfly" => "BSD-x86_64",
401            "x86_64-unknown-haiku" => "haiku-x86_64",
402            "x86_64-unknown-illumos" => "solaris64-x86_64-gcc",
403            "x86_64-unknown-linux-gnu" => "linux-x86_64",
404            "x86_64-unknown-linux-musl" => "linux-x86_64",
405            "x86_64-alpine-linux-musl" => "linux-x86_64",
406            "x86_64-chimera-linux-musl" => "linux-x86_64",
407            "x86_64-unknown-openbsd" => "BSD-x86_64",
408            "x86_64-unknown-netbsd" => "BSD-x86_64",
409            "x86_64-uwp-windows-msvc" => "VC-WIN64A-UWP",
410            "x86_64-pc-solaris" => "solaris64-x86_64-gcc",
411            "wasm32-unknown-emscripten" => "gcc",
412            "wasm32-unknown-unknown" => "gcc",
413            "wasm32-wasi" => "gcc",
414            "aarch64-apple-ios" => "ios64-cross",
415            "aarch64-apple-visionos" => "ios64-cross",
416            "x86_64-apple-ios" => "iossimulator-x86_64-xcrun",
417            "aarch64-apple-ios-sim" => "iossimulator-arm64-xcrun",
418            "aarch64-apple-visionos-sim" => "iossimulator-arm64-xcrun",
419            "aarch64-apple-ios-macabi" => "darwin64-arm64-cc",
420            "x86_64-apple-ios-macabi" => "darwin64-x86_64-cc",
421            "aarch64-unknown-linux-ohos" => "linux-aarch64",
422            "armv7-unknown-linux-ohos" => "linux-generic32",
423            "x86_64-unknown-linux-ohos" => "linux-x86_64",
424            _ => {
425                return Err(format!(
426                    "don't know how to configure OpenSSL for {}",
427                    target
428                ))
429            }
430        };
431
432        let mut ios_isysroot: std::option::Option<String> = None;
433
434        configure.arg(os);
435
436        // If we're not on MSVC we configure cross compilers and cross tools and
437        // whatnot. Note that this doesn't happen on MSVC b/c things are pretty
438        // different there and this isn't needed most of the time anyway.
439        if !target.contains("msvc") {
440            let mut cc = cc::Build::new();
441            cc.target(target).host(host).warnings(false).opt_level(2);
442            let compiler = cc.get_compiler();
443            let mut cc_env = compiler.cc_env();
444            if cc_env.is_empty() {
445                cc_env = compiler.path().to_path_buf().into_os_string();
446            }
447            configure.env("CC", cc_env);
448            let path = compiler.path().to_str().ok_or("compiler path")?;
449
450            // Both `cc::Build` and `./Configure` take into account
451            // `CROSS_COMPILE` environment variable. So to avoid double
452            // prefix, we unset `CROSS_COMPILE` for `./Configure`.
453            configure.env_remove("CROSS_COMPILE");
454
455            let ar = cc.get_archiver();
456            configure.env("AR", ar.get_program());
457            if ar.get_args().count() != 0 {
458                // On some platforms (like emscripten on windows), the ar to use may not be a
459                // single binary, but instead a multi-argument command like `cmd /c emar.bar`.
460                // We can't convey that through `AR` alone, and so also need to set ARFLAGS.
461                configure.env(
462                    "ARFLAGS",
463                    ar.get_args().collect::<Vec<_>>().join(OsStr::new(" ")),
464                );
465            }
466            let ranlib = cc.get_ranlib();
467            // OpenSSL does not support RANLIBFLAGS. Jam the flags in RANLIB.
468            let mut args = vec![ranlib.get_program()];
469            args.extend(ranlib.get_args());
470            configure.env("RANLIB", args.join(OsStr::new(" ")));
471
472            // Make sure we pass extra flags like `-ffunction-sections` and
473            // other things like ARM codegen flags.
474            let mut skip_next = false;
475            let mut is_isysroot = false;
476            for arg in compiler.args() {
477                // For whatever reason `-static` on MUSL seems to cause
478                // issues...
479                if target.contains("musl") && arg == "-static" {
480                    continue;
481                }
482
483                // cc includes an `-arch` flag for Apple platforms, but we've
484                // already selected an arch implicitly via the target above, and
485                // OpenSSL contains about the conflict if both are specified.
486                if target.contains("apple") {
487                    if arg == "-arch" {
488                        skip_next = true;
489                        continue;
490                    }
491                }
492
493                // cargo-lipo specifies this but OpenSSL complains
494                if target.contains("apple-ios") || target.contains("apple-visionos") {
495                    if arg == "-isysroot" {
496                        is_isysroot = true;
497                        continue;
498                    }
499
500                    if is_isysroot {
501                        is_isysroot = false;
502                        ios_isysroot = Some(arg.to_str().ok_or("isysroot arg")?.to_string());
503                        continue;
504                    }
505                }
506
507                if skip_next {
508                    skip_next = false;
509                    continue;
510                }
511
512                configure.arg(arg);
513            }
514
515            if target == "aarch64-apple-visionos" {
516                if let Some(ref isysr) = ios_isysroot {
517                    configure.env(
518                        "CC",
519                        &format!(
520                            "xcrun -sdk xros cc -isysroot {}",
521                            sanitize_sh(&Path::new(isysr))
522                        ),
523                    );
524                }
525            } else if target == "aarch64-apple-visionos-sim" {
526                if let Some(ref isysr) = ios_isysroot {
527                    configure.env(
528                        "CC",
529                        &format!(
530                            "xcrun -sdk xrsimulator cc -isysroot {}",
531                            sanitize_sh(&Path::new(isysr))
532                        ),
533                    );
534                }
535            } else if os.contains("iossimulator") {
536                if let Some(ref isysr) = ios_isysroot {
537                    configure.env(
538                        "CC",
539                        &format!(
540                            "xcrun -sdk iphonesimulator cc -isysroot {}",
541                            sanitize_sh(&Path::new(isysr))
542                        ),
543                    );
544                }
545            }
546
547            if target == "x86_64-pc-windows-gnu" {
548                // For whatever reason OpenSSL 1.1.1 fails to build on
549                // `x86_64-pc-windows-gnu` in our docker container due to an
550                // error about "too many sections". Having no idea what this
551                // error is about some quick googling yields
552                // https://github.com/cginternals/glbinding/issues/135 which
553                // mysteriously mentions `-Wa,-mbig-obj`, passing a new argument
554                // to the assembler. Now I have no idea what `-mbig-obj` does
555                // for Windows nor why it would matter, but it does seem to fix
556                // compilation issues.
557                //
558                // Note that another entirely unrelated issue -
559                // https://github.com/assimp/assimp/issues/177 - was fixed by
560                // splitting a large file, so presumably OpenSSL has a large
561                // file soemwhere in it? Who knows!
562                configure.arg("-Wa,-mbig-obj");
563            }
564
565            if target.contains("pc-windows-gnu") && path.ends_with("-gcc") {
566                // As of OpenSSL 1.1.1 the build system is now trying to execute
567                // `windres` which doesn't exist when we're cross compiling from
568                // Linux, so we may need to instruct it manually to know what
569                // executable to run.
570                let windres = format!("{}-windres", &path[..path.len() - 4]);
571                configure.env("WINDRES", &windres);
572
573                // Cross-compiling to MinGW apparently has different enough
574                // headers that QUIC no longer compiles. Defer fixing this to
575                // some future day...
576                if !cfg!(windows) {
577                    configure.arg("no-quic");
578                }
579            }
580
581            if target.contains("emscripten") {
582                // As of OpenSSL 1.1.1 the source apparently wants to include
583                // `stdatomic.h`, but this doesn't exist on Emscripten. After
584                // reading OpenSSL's source where the error is, we define this
585                // magical (and probably
586                // compiler-internal-should-not-be-user-defined) macro to say
587                // "no atomics are available" and avoid including such a header.
588                configure.arg("-D__STDC_NO_ATOMICS__");
589            }
590
591            if target.contains("wasi") {
592                configure.args([
593                    // Termios isn't available whatsoever on WASM/WASI so we disable that
594                    "no-ui-console",
595                    // WASI doesn't support UNIX sockets so we preemptively disable it
596                    "no-sock",
597                    // WASI doesn't have a concept of syslog, so we disable it
598                    "-DNO_SYSLOG",
599                    // WASI doesn't support (p)threads. Disabling preemptively.
600                    "no-threads",
601                    // WASI/WASM aren't really friends with ASM, so we disable it as well.
602                    "no-asm",
603                    // Disables the AFALG engine (AFALG-ENGine)
604                    // Since AFALG depends on `AF_ALG` support on the linux kernel side
605                    // it makes sense that we can't use it.
606                    "no-afalgeng",
607                    "-DOPENSSL_NO_AFALGENG=1",
608                    // wasm lacks signal support; to enable minimal signal emulation, compile with
609                    // -D_WASI_EMULATED_SIGNAL and link with -lwasi-emulated-signal
610                    // The link argument is output in the `Artifacts::print_cargo_metadata` method
611                    "-D_WASI_EMULATED_SIGNAL",
612                    // WASI lacks process-associated clocks; to enable emulation of the `times` function using the wall
613                    // clock, which isn't sensitive to whether the program is running or suspended, compile with
614                    // -D_WASI_EMULATED_PROCESS_CLOCKS and link with -lwasi-emulated-process-clocks
615                    // The link argument is output in the `Artifacts::print_cargo_metadata` method
616                    "-D_WASI_EMULATED_PROCESS_CLOCKS",
617                    // WASI lacks a true mmap; to enable minimal mmap emulation, compile
618                    // with -D_WASI_EMULATED_MMAN and link with -lwasi-emulated-mman
619                    // The link argument is output in the `Artifacts::print_cargo_metadata` method
620                    "-D_WASI_EMULATED_MMAN",
621                    // WASI lacks process identifiers; to enable emulation of the `getpid` function using a
622                    // placeholder value, which doesn't reflect the host PID of the program, compile with
623                    // -D_WASI_EMULATED_GETPID and link with -lwasi-emulated-getpid
624                    // The link argument is output in the `Artifacts::print_cargo_metadata` method
625                    "-D_WASI_EMULATED_GETPID",
626                    // WASI doesn't have chmod right now, so don't try to use it.
627                    "-DNO_CHMOD",
628                ]);
629            }
630
631            if target.contains("musl") {
632                // Hack around openssl/openssl#7207 for now
633                configure.arg("-DOPENSSL_NO_SECURE_MEMORY");
634            }
635        }
636
637        // And finally, run the perl configure script!
638        configure.current_dir(&inner_dir);
639        self.run_command(configure, "configuring OpenSSL build")?;
640
641        // On MSVC we use `nmake.exe` with a slightly different invocation, so
642        // have that take a different path than the standard `make` below.
643        if target.contains("msvc") {
644            let mut build =
645                cc::windows_registry::find(target, "nmake.exe").ok_or("failed to find nmake")?;
646            build.arg("build_libs").current_dir(&inner_dir);
647            self.run_command(build, "building OpenSSL")?;
648
649            let mut install =
650                cc::windows_registry::find(target, "nmake.exe").ok_or("failed to find nmake")?;
651            install.arg("install_dev").current_dir(&inner_dir);
652            self.run_command(install, "installing OpenSSL")?;
653        } else {
654            let mut depend = self.cmd_make()?;
655            depend.arg("depend").current_dir(&inner_dir);
656            self.run_command(depend, "building OpenSSL dependencies")?;
657
658            let mut build = self.cmd_make()?;
659            build.arg("build_libs").current_dir(&inner_dir);
660            if !cfg!(windows) {
661                if let Some(s) = env::var_os("CARGO_MAKEFLAGS") {
662                    build.env("MAKEFLAGS", s);
663                }
664            }
665
666            if let Some(ref isysr) = ios_isysroot {
667                let components: Vec<&str> = isysr.split("/SDKs/").collect();
668                build.env("CROSS_TOP", components[0]);
669                build.env("CROSS_SDK", components[1]);
670            }
671
672            self.run_command(build, "building OpenSSL")?;
673
674            let mut install = self.cmd_make()?;
675            install.arg("install_dev").current_dir(&inner_dir);
676            self.run_command(install, "installing OpenSSL")?;
677        }
678
679        let libs = if target.contains("msvc") {
680            vec!["libssl".to_string(), "libcrypto".to_string()]
681        } else {
682            vec!["ssl".to_string(), "crypto".to_string()]
683        };
684
685        fs::remove_dir_all(&inner_dir).map_err(|e| format!("{}: {e}", inner_dir.display()))?;
686
687        Ok(Artifacts {
688            lib_dir: install_dir.join("lib"),
689            bin_dir: install_dir.join("bin"),
690            include_dir: install_dir.join("include"),
691            libs: libs,
692            target: target.to_string(),
693        })
694    }
695
696    #[track_caller]
697    fn run_command(&self, mut command: Command, desc: &str) -> Result<(), String> {
698        println!("running {:?}", command);
699        let status = command.status();
700
701        let verbose_error = match status {
702            Ok(status) if status.success() => return Ok(()),
703            Ok(status) => format!(
704                "'{exe}' reported failure with {status}",
705                exe = command.get_program().to_string_lossy()
706            ),
707            Err(failed) => match failed.kind() {
708                std::io::ErrorKind::NotFound => format!(
709                    "Command '{exe}' not found. Is {exe} installed?",
710                    exe = command.get_program().to_string_lossy()
711                ),
712                _ => format!(
713                    "Could not run '{exe}', because {failed}",
714                    exe = command.get_program().to_string_lossy()
715                ),
716            },
717        };
718        println!("cargo:warning={desc}: {verbose_error}");
719        Err(format!(
720            "Error {desc}:
721    {verbose_error}
722    Command failed: {command:?}"
723        ))
724    }
725}
726
727fn cp_r(src: &Path, dst: &Path) -> Result<(), String> {
728    for f in fs::read_dir(src).map_err(|e| format!("{}: {e}", src.display()))? {
729        let f = match f {
730            Ok(f) => f,
731            _ => continue,
732        };
733        let path = f.path();
734        let name = path
735            .file_name()
736            .ok_or_else(|| format!("bad dir {}", src.display()))?;
737
738        // Skip git metadata as it's been known to cause issues (#26) and
739        // otherwise shouldn't be required
740        if name.to_str() == Some(".git") {
741            continue;
742        }
743
744        let dst = dst.join(name);
745        let ty = f.file_type().map_err(|e| e.to_string())?;
746        if ty.is_dir() {
747            fs::create_dir_all(&dst).map_err(|e| e.to_string())?;
748            cp_r(&path, &dst)?;
749        } else if ty.is_symlink() && path.iter().any(|p| p == "cloudflare-quiche") {
750            // not needed to build
751            continue;
752        } else {
753            let _ = fs::remove_file(&dst);
754            if let Err(e) = fs::copy(&path, &dst) {
755                return Err(format!(
756                    "failed to copy '{}' to '{}': {e}",
757                    path.display(),
758                    dst.display()
759                ));
760            }
761        }
762    }
763    Ok(())
764}
765
766fn sanitize_sh(path: &Path) -> String {
767    if !cfg!(windows) {
768        return path.to_string_lossy().into_owned();
769    }
770    let path = path.to_string_lossy().replace("\\", "/");
771    return change_drive(&path).unwrap_or(path);
772
773    fn change_drive(s: &str) -> Option<String> {
774        let mut ch = s.chars();
775        let drive = ch.next().unwrap_or('C');
776        if ch.next() != Some(':') {
777            return None;
778        }
779        if ch.next() != Some('/') {
780            return None;
781        }
782        Some(format!("/{}/{}", drive, &s[drive.len_utf8() + 2..]))
783    }
784}
785
786impl Artifacts {
787    pub fn include_dir(&self) -> &Path {
788        &self.include_dir
789    }
790
791    pub fn lib_dir(&self) -> &Path {
792        &self.lib_dir
793    }
794
795    pub fn libs(&self) -> &[String] {
796        &self.libs
797    }
798
799    pub fn print_cargo_metadata(&self) {
800        println!("cargo:rustc-link-search=native={}", self.lib_dir.display());
801        for lib in self.libs.iter() {
802            println!("cargo:rustc-link-lib=static={}", lib);
803        }
804        println!("cargo:include={}", self.include_dir.display());
805        println!("cargo:lib={}", self.lib_dir.display());
806        if self.target.contains("windows") {
807            println!("cargo:rustc-link-lib=user32");
808            println!("cargo:rustc-link-lib=crypt32");
809            println!("cargo:rustc-link-lib=advapi32");
810        } else if self.target == "wasm32-wasi" {
811            println!("cargo:rustc-link-lib=wasi-emulated-signal");
812            println!("cargo:rustc-link-lib=wasi-emulated-process-clocks");
813            println!("cargo:rustc-link-lib=wasi-emulated-mman");
814            println!("cargo:rustc-link-lib=wasi-emulated-getpid");
815        }
816    }
817}