| #!/bin/bash |
| # |
| # Copyright (C) 2009 The Android Open Source Project |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| # |
| |
| # |
| # This script imports new versions of OpenSSL (http://openssl.org/source) into the |
| # Android source tree. To run, (1) fetch the appropriate tarball from the OpenSSL repository, |
| # (2) check the gpg/pgp signature, and then (3) run: |
| # ./import_openssl.sh import openssl-*.tar.gz |
| # |
| # IMPORTANT: See README.android for additional details. |
| |
| # turn on exit on error as well as a warning when it happens |
| set -e |
| trap "echo WARNING: Exiting on non-zero subprocess exit code" ERR; |
| |
| function die() { |
| declare -r message=$1 |
| |
| echo $message |
| exit 1 |
| } |
| |
| function usage() { |
| declare -r message=$1 |
| |
| if [ ! "$message" = "" ]; then |
| echo $message |
| fi |
| echo "Usage:" |
| echo " ./import_openssl.sh import </path/to/openssl-*.tar.gz>" |
| echo " ./import_openssl.sh regenerate <patch/*.patch>" |
| echo " ./import_openssl.sh generate <patch/*.patch> </path/to/openssl-*.tar.gz>" |
| exit 1 |
| } |
| |
| function main() { |
| if [ ! -d patches ]; then |
| die "OpenSSL patch directory patches/ not found" |
| fi |
| |
| if [ ! -f openssl.version ]; then |
| die "openssl.version not found" |
| fi |
| |
| source openssl.version |
| if [ "$OPENSSL_VERSION" == "" ]; then |
| die "Invalid openssl.version; see README.android for more information" |
| fi |
| |
| OPENSSL_DIR=openssl-$OPENSSL_VERSION |
| OPENSSL_DIR_ORIG=$OPENSSL_DIR.orig |
| |
| if [ ! -f openssl.config ]; then |
| die "openssl.config not found" |
| fi |
| |
| source openssl.config |
| if [ "$CONFIGURE_ARGS" == "" -o "$UNNEEDED_SOURCES" == "" -o "$NEEDED_SOURCES" == "" ]; then |
| die "Invalid openssl.config; see README.android for more information" |
| fi |
| |
| declare -r command=$1 |
| shift || usage "No command specified. Try import, regenerate, or generate." |
| if [ "$command" = "import" ]; then |
| declare -r tar=$1 |
| shift || usage "No tar file specified." |
| import $tar |
| elif [ "$command" = "regenerate" ]; then |
| declare -r patch=$1 |
| shift || usage "No patch file specified." |
| [ -d $OPENSSL_DIR ] || usage "$OPENSSL_DIR not found, did you mean to use generate?" |
| [ -d $OPENSSL_DIR_ORIG_ORIG ] || usage "$OPENSSL_DIR_ORIG not found, did you mean to use generate?" |
| regenerate $patch |
| elif [ "$command" = "generate" ]; then |
| declare -r patch=$1 |
| shift || usage "No patch file specified." |
| declare -r tar=$1 |
| shift || usage "No tar file specified." |
| generate $patch $tar |
| else |
| usage "Unknown command specified $command. Try import, regenerate, or generate." |
| fi |
| } |
| |
| # Compute the name of an assembly source file generated by one of the |
| # gen_asm_xxxx() functions below. The logic is the following: |
| # - if "$2" is not empty, output it directly |
| # - otherwise, change the file extension of $1 from .pl to .S and output |
| # it. |
| # Usage: default_asm_file "$1" "$2" |
| # or default_asm_file "$@" |
| # |
| # $1: generator path (perl script) |
| # $2: optional output file name. |
| function default_asm_file () { |
| if [ "$2" ]; then |
| echo "$2" |
| else |
| echo "${1%%.pl}.S" |
| fi |
| } |
| |
| # Generate an ARM assembly file. |
| # $1: generator (perl script) |
| # $2: [optional] output file name |
| function gen_asm_arm () { |
| local OUT |
| OUT=$(default_asm_file "$@") |
| perl "$1" > "$OUT" |
| } |
| |
| function gen_asm_mips () { |
| local OUT |
| OUT=$(default_asm_file "$@") |
| # The perl scripts expect to run the target compiler as $CC to determine |
| # the endianess of the target. Setting CC to true is a hack that forces the scripts |
| # to generate little endian output |
| CC=true perl "$1" o32 > "$OUT" |
| } |
| |
| function gen_asm_x86 () { |
| local OUT |
| OUT=$(default_asm_file "$@") |
| perl "$1" elf -fPIC > "$OUT" |
| } |
| |
| function gen_asm_x86_64 () { |
| local OUT |
| OUT=$(default_asm_file "$@") |
| perl "$1" elf "$OUT" > "$OUT" |
| } |
| |
| function import() { |
| declare -r OPENSSL_SOURCE=$1 |
| |
| untar $OPENSSL_SOURCE readonly |
| applypatches $OPENSSL_DIR |
| |
| cd $OPENSSL_DIR |
| |
| # Configure source (and print Makefile defines for review, see README.android) |
| ./Configure $CONFIGURE_ARGS |
| rm -f apps/CA.pl.bak crypto/opensslconf.h.bak |
| echo |
| echo BEGIN Makefile defines to compare with android-config.mk |
| echo |
| grep -e -D Makefile | grep -v CONFIGURE_ARGS= | grep -v OPTIONS= | grep -v -e -DOPENSSL_NO_DEPRECATED |
| echo |
| echo END Makefile defines to compare with android-config.mk |
| echo |
| |
| # TODO(): Fixup android-config.mk |
| |
| cp -f LICENSE ../NOTICE |
| touch ../MODULE_LICENSE_BSD_LIKE |
| |
| # Avoid checking in symlinks |
| for i in `find include/openssl -type l`; do |
| target=`readlink $i` |
| rm -f $i |
| if [ -f include/openssl/$target ]; then |
| cp include/openssl/$target $i |
| fi |
| done |
| |
| # Generate arm asm |
| gen_asm_arm crypto/aes/asm/aes-armv4.pl |
| gen_asm_arm crypto/bn/asm/armv4-gf2m.pl |
| gen_asm_arm crypto/bn/asm/armv4-mont.pl |
| gen_asm_arm crypto/modes/asm/ghash-armv4.pl |
| gen_asm_arm crypto/sha/asm/sha1-armv4-large.pl |
| gen_asm_arm crypto/sha/asm/sha256-armv4.pl |
| gen_asm_arm crypto/sha/asm/sha512-armv4.pl |
| |
| # Generate mips asm |
| gen_asm_mips crypto/aes/asm/aes-mips.pl |
| gen_asm_mips crypto/bn/asm/mips.pl crypto/bn/asm/bn-mips.S |
| gen_asm_mips crypto/bn/asm/mips-mont.pl |
| gen_asm_mips crypto/sha/asm/sha1-mips.pl |
| gen_asm_mips crypto/sha/asm/sha512-mips.pl crypto/sha/asm/sha256-mips.S |
| |
| # Generate x86 asm |
| gen_asm_x86 crypto/x86cpuid.pl |
| gen_asm_x86 crypto/aes/asm/aes-586.pl |
| gen_asm_x86 crypto/aes/asm/vpaes-x86.pl |
| gen_asm_x86 crypto/aes/asm/aesni-x86.pl |
| gen_asm_x86 crypto/bn/asm/bn-586.pl |
| gen_asm_x86 crypto/bn/asm/co-586.pl |
| gen_asm_x86 crypto/bn/asm/x86-mont.pl |
| gen_asm_x86 crypto/bn/asm/x86-gf2m.pl |
| gen_asm_x86 crypto/modes/asm/ghash-x86.pl |
| gen_asm_x86 crypto/sha/asm/sha1-586.pl |
| gen_asm_x86 crypto/sha/asm/sha256-586.pl |
| gen_asm_x86 crypto/sha/asm/sha512-586.pl |
| gen_asm_x86 crypto/md5/asm/md5-586.pl |
| gen_asm_x86 crypto/des/asm/des-586.pl |
| gen_asm_x86 crypto/des/asm/crypt586.pl |
| gen_asm_x86 crypto/bf/asm/bf-586.pl |
| |
| # Generate x86_64 asm |
| gen_asm_x86_64 crypto/x86_64cpuid.pl |
| gen_asm_x86_64 crypto/sha/asm/sha1-x86_64.pl |
| gen_asm_x86_64 crypto/sha/asm/sha512-x86_64.pl crypto/sha/asm/sha256-x86_64.S |
| gen_asm_x86_64 crypto/sha/asm/sha512-x86_64.pl |
| gen_asm_x86_64 crypto/modes/asm/ghash-x86_64.pl |
| gen_asm_x86_64 crypto/aes/asm/aesni-x86_64.pl |
| gen_asm_x86_64 crypto/aes/asm/vpaes-x86_64.pl |
| gen_asm_x86_64 crypto/aes/asm/bsaes-x86_64.pl |
| gen_asm_x86_64 crypto/aes/asm/aes-x86_64.pl |
| gen_asm_x86_64 crypto/aes/asm/aesni-sha1-x86_64.pl |
| gen_asm_x86_64 crypto/md5/asm/md5-x86_64.pl |
| gen_asm_x86_64 crypto/bn/asm/modexp512-x86_64.pl |
| gen_asm_x86_64 crypto/bn/asm/x86_64-mont.pl |
| gen_asm_x86_64 crypto/bn/asm/x86_64-gf2m.pl |
| gen_asm_x86_64 crypto/bn/asm/x86_64-mont5.pl |
| gen_asm_x86_64 crypto/rc4/asm/rc4-x86_64.pl |
| gen_asm_x86_64 crypto/rc4/asm/rc4-md5-x86_64.pl |
| |
| # Setup android.testssl directory |
| mkdir android.testssl |
| cat test/testssl | \ |
| sed 's#../util/shlib_wrap.sh ./ssltest#adb shell /system/bin/ssltest#' | \ |
| sed 's#../util/shlib_wrap.sh ../apps/openssl#adb shell /system/bin/openssl#' | \ |
| sed 's#adb shell /system/bin/openssl no-dh#[ `adb shell /system/bin/openssl no-dh` = no-dh ]#' | \ |
| sed 's#adb shell /system/bin/openssl no-rsa#[ `adb shell /system/bin/openssl no-rsa` = no-dh ]#' | \ |
| sed 's#../apps/server2.pem#/sdcard/android.testssl/server2.pem#' | \ |
| cat > \ |
| android.testssl/testssl |
| chmod +x android.testssl/testssl |
| cat test/Uss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/Uss.cnf |
| cat test/CAss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/CAss.cnf |
| cp apps/server2.pem android.testssl/ |
| cp ../patches/testssl.sh android.testssl/ |
| |
| cd .. |
| |
| # Prune unnecessary sources |
| prune |
| |
| NEEDED_SOURCES="$NEEDED_SOURCES android.testssl" |
| for i in $NEEDED_SOURCES; do |
| echo "Updating $i" |
| rm -r $i |
| mv $OPENSSL_DIR/$i . |
| done |
| |
| cleantar |
| } |
| |
| function regenerate() { |
| declare -r patch=$1 |
| |
| generatepatch $patch |
| } |
| |
| function generate() { |
| declare -r patch=$1 |
| declare -r OPENSSL_SOURCE=$2 |
| |
| untar $OPENSSL_SOURCE |
| applypatches $OPENSSL_DIR_ORIG $patch |
| prune |
| |
| for i in $NEEDED_SOURCES; do |
| echo "Restoring $i" |
| rm -r $OPENSSL_DIR/$i |
| cp -rf $i $OPENSSL_DIR/$i |
| done |
| |
| generatepatch $patch |
| cleantar |
| } |
| |
| function untar() { |
| declare -r OPENSSL_SOURCE=$1 |
| declare -r readonly=$2 |
| |
| # Remove old source |
| cleantar |
| |
| # Process new source |
| tar -zxf $OPENSSL_SOURCE |
| mv $OPENSSL_DIR $OPENSSL_DIR_ORIG |
| if [ ! -z $readonly ]; then |
| find $OPENSSL_DIR_ORIG -type f -print0 | xargs -0 chmod a-w |
| fi |
| tar -zxf $OPENSSL_SOURCE |
| } |
| |
| function prune() { |
| echo "Removing $UNNEEDED_SOURCES" |
| (cd $OPENSSL_DIR_ORIG && rm -rf $UNNEEDED_SOURCES) |
| (cd $OPENSSL_DIR && rm -r $UNNEEDED_SOURCES) |
| } |
| |
| function cleantar() { |
| rm -rf $OPENSSL_DIR_ORIG |
| rm -rf $OPENSSL_DIR |
| } |
| |
| function applypatches () { |
| declare -r dir=$1 |
| declare -r skip_patch=$2 |
| |
| cd $dir |
| |
| # Apply appropriate patches |
| for i in $OPENSSL_PATCHES; do |
| if [ ! "$skip_patch" = "patches/$i" ]; then |
| echo "Applying patch $i" |
| patch -p1 < ../patches/$i || die "Could not apply patches/$i. Fix source and run: $0 regenerate patches/$i" |
| else |
| echo "Skiping patch $i" |
| fi |
| |
| done |
| |
| # Cleanup patch output |
| find . \( -type f -o -type l \) -name "*.orig" -print0 | xargs -0 rm -f |
| |
| cd .. |
| } |
| |
| function generatepatch() { |
| declare -r patch=$1 |
| |
| # Cleanup stray files before generating patch |
| find $BOUNCYCASTLE_DIR -type f -name "*.orig" -print0 | xargs -0 rm -f |
| find $BOUNCYCASTLE_DIR -type f -name "*~" -print0 | xargs -0 rm -f |
| |
| declare -r variable_name=OPENSSL_PATCHES_`basename $patch .patch | sed s/-/_/`_SOURCES |
| # http://tldp.org/LDP/abs/html/ivr.html |
| eval declare -r sources=\$$variable_name |
| rm -f $patch |
| touch $patch |
| for i in $sources; do |
| LC_ALL=C TZ=UTC0 diff -aup $OPENSSL_DIR_ORIG/$i $OPENSSL_DIR/$i >> $patch && die "ERROR: No diff for patch $path in file $i" |
| done |
| echo "Generated patch $patch" |
| echo "NOTE To make sure there are not unwanted changes from conflicting patches, be sure to review the generated patch." |
| } |
| |
| main $@ |