import_openssl.sh improvements based on external/bouncycastle work
Tested with
./import_openssl.sh import .../openssl-1.0.0.tar.gz
and confirmed no source changes
Also added debug flags in android-config.mk for later use
Change-Id: Idbfefe7bc16790060eb58c116b0961c195b3a087
Conflicts:
openssl.config
diff --git a/README.android b/README.android
index 6232aa1..051943c 100644
--- a/README.android
+++ b/README.android
@@ -2,9 +2,8 @@
---
The code in this directory is based on $OPENSSL_VERSION in the file
-openssl.config, and some backported OpenSSL code in crypto/0.9.9-dev.
-See patches/README for more information on how the code differs from
-$OPENSSL_VERSION.
+openssl.version. See patches/README for more information on how the
+code differs from $OPENSSL_VERSION.
Porting New Versions of OpenSSL.
--
@@ -58,7 +57,7 @@
8) Do a full build before checking in:
- m clobber && m -j16
+ m -j16
Optionally, check whether build flags (located in android-config.mk
need to be updated. Doing this step will help ensure that the
diff --git a/android-config.mk b/android-config.mk
index 33147e4..a702e5d 100644
--- a/android-config.mk
+++ b/android-config.mk
@@ -16,3 +16,6 @@
# Although we initially considered enabling ZLIB b/2361399
# this was disabled because some some sites fail to handshake if its enabled b/2710492 b/2710497
# LOCAL_CFLAGS += -DZLIB
+
+# Debug
+# LOCAL_CFLAGS += -DCIPHER_DEBUG
diff --git a/import_openssl.sh b/import_openssl.sh
index 1294bea..36b2306 100755
--- a/import_openssl.sh
+++ b/import_openssl.sh
@@ -19,7 +19,7 @@
# This script imports new versions of OpenSSL (http://openssl.org/source) into the
# Android source tree. To run, (1) fetch the appropriate tarball from the OpenSSL repository,
# (2) check the gpg/pgp signature, and then (3) run:
-# ./import_openssl.sh openssl-*.tar.gz
+# ./import_openssl.sh import openssl-*.tar.gz
#
# IMPORTANT: See README.android for additional details.
@@ -39,7 +39,7 @@
if [ ! "$message" = "" ]; then
echo $message
- fi
+ fi
echo "Usage:"
echo " ./import_openssl.sh import </path/to/openssl-*.tar.gz>"
echo " ./import_openssl.sh regenerate <patch/*.patch>"
@@ -48,27 +48,33 @@
}
function main() {
- if [ ! -f openssl.config ]; then
- die "openssl.config not found"
- fi
-
- if [ ! -f openssl.version ]; then
- die "openssl.version not found"
- fi
-
if [ ! -d patches ]; then
die "OpenSSL patch directory patches/ not found"
fi
- source openssl.config
- source openssl.version
+ if [ ! -f openssl.version ]; then
+ die "openssl.version not found"
+ fi
- if [ "$CONFIGURE_ARGS" == "" ]; then
+ source openssl.version
+ if [ "$OPENSSL_VERSION" == "" ]; then
+ die "Invalid openssl.version; see README.android for more information"
+ fi
+
+ OPENSSL_DIR=openssl-$OPENSSL_VERSION
+ OPENSSL_DIR_ORIG=$OPENSSL_DIR.orig
+
+ if [ ! -f openssl.config ]; then
+ die "openssl.config not found"
+ fi
+
+ source openssl.config
+ if [ "$CONFIGURE_ARGS" == "" -o "$UNNEEDED_SOURCES" == "" -o "$NEEDED_SOURCES" == "" ]; then
die "Invalid openssl.config; see README.android for more information"
fi
declare -r command=$1
- shift || usage "No command specified. Try import or regenerate."
+ shift || usage "No command specified. Try import, regenerate, or generate."
if [ "$command" = "import" ]; then
declare -r tar=$1
shift || usage "No tar file specified."
@@ -76,6 +82,8 @@
elif [ "$command" = "regenerate" ]; then
declare -r patch=$1
shift || usage "No patch file specified."
+ [ -d $OPENSSL_DIR ] || usage "$OPENSSL_DIR not found, did you mean to use generate?"
+ [ -d $OPENSSL_DIR_ORIG_ORIG ] || usage "$OPENSSL_DIR_ORIG not found, did you mean to use generate?"
regenerate $patch
elif [ "$command" = "generate" ]; then
declare -r patch=$1
@@ -83,8 +91,8 @@
declare -r tar=$1
shift || usage "No tar file specified."
generate $patch $tar
- else
- usage "Unknown command specified $command. Try import or regenerate."
+ else
+ usage "Unknown command specified $command. Try import, regenerate, or generate."
fi
}
@@ -94,19 +102,17 @@
untar $OPENSSL_SOURCE
applypatches
- cd openssl-$OPENSSL_VERSION
- # Cleanup patch output
- find . -type f -name "*.orig" -print0 | xargs -0 rm -f
+ cd $OPENSSL_DIR
# Configure source (and print Makefile defines for review, see README.android)
./Configure $CONFIGURE_ARGS
- echo
+ echo
echo BEGIN Makefile defines to compare with android-config.mk
- echo
+ echo
grep -e -D Makefile | grep -v CONFIGURE_ARGS= | grep -v OPTIONS= | grep -v -e -DOPENSSL_NO_DEPRECATED
- echo
+ echo
echo END Makefile defines to compare with android-config.mk
- echo
+ echo
# TODO(): Fixup android-config.mk
@@ -150,16 +156,16 @@
cp apps/server2.pem android.testssl/
cp ../patches/testssl.sh android.testssl/
- # Prune unnecessary sources
- rm -rf $UNNEEDED_SOURCES
-
cd ..
+ # Prune unnecessary sources
+ prune
+
NEEDED_SOURCES="$NEEDED_SOURCES android.testssl"
for i in $NEEDED_SOURCES; do
echo "Updating $i"
- rm -rf $i
- mv openssl-$OPENSSL_VERSION/$i .
+ rm -r $i
+ mv $OPENSSL_DIR/$i .
done
cleantar
@@ -167,21 +173,22 @@
function regenerate() {
declare -r patch=$1
-
+
generatepatch $patch
}
function generate() {
declare -r patch=$1
declare -r OPENSSL_SOURCE=$2
-
+
untar $OPENSSL_SOURCE
+ prune
applypatches
for i in $NEEDED_SOURCES; do
echo "Restoring $i"
- rm -rf openssl-$OPENSSL_VERSION/$i
- cp -rf ./$i openssl-$OPENSSL_VERSION/$i
+ rm -r $OPENSSL_DIR/$i
+ cp -rf $i $OPENSSL_DIR/$i
done
generatepatch $patch
@@ -190,35 +197,30 @@
function untar() {
declare -r OPENSSL_SOURCE=$1
- declare -r NEW_OPENSSL_VERSION=`expr match "$OPENSSL_SOURCE" '.*-\(.*\).tar.gz' || true`
- if [ "$NEW_OPENSSL_VERSION" == "" ]; then
- die "Invalid openssl source filename: $OPENSSL_SOURCE"
- fi
# Remove old source
- if [ "$OPENSSL_VERSION" == "" ]; then
- die "OPENSSL_VERSION not declared in openssl.version"
- else
- rm -rf openssl-$OPENSSL_VERSION.orig/
- rm -rf openssl-$OPENSSL_VERSION/
- fi
+ cleantar
# Process new source
- OPENSSL_VERSION=$NEW_OPENSSL_VERSION
- rm -rf openssl-$OPENSSL_VERSION/ # remove stale files
tar -zxf $OPENSSL_SOURCE
- mv openssl-$OPENSSL_VERSION openssl-$OPENSSL_VERSION.orig
- find openssl-$OPENSSL_VERSION.orig -type f -print0 | xargs -0 chmod a-w
+ mv $OPENSSL_DIR $OPENSSL_DIR_ORIG
+ find $OPENSSL_DIR_ORIG -type f -print0 | xargs -0 chmod a-w
tar -zxf $OPENSSL_SOURCE
}
+function prune() {
+ echo "Removing $UNNEEDED_SOURCES"
+ (cd $OPENSSL_DIR_ORIG && rm -rf $UNNEEDED_SOURCES)
+ (cd $OPENSSL_DIR && rm -r $UNNEEDED_SOURCES)
+}
+
function cleantar() {
- rm -rf openssl-$OPENSSL_VERSION.orig/
- rm -rf openssl-$OPENSSL_VERSION/
+ rm -rf $OPENSSL_DIR_ORIG
+ rm -rf $OPENSSL_DIR
}
function applypatches () {
- cd openssl-$OPENSSL_VERSION
+ cd $OPENSSL_DIR
# Apply appropriate patches
for i in $OPENSSL_PATCHES; do
@@ -226,19 +228,26 @@
patch -p1 < ../patches/$i || die "Could not apply patches/$i. Fix source and run: $0 regenerate patches/$i"
done
+ # Cleanup patch output
+ find . -type f -name "*.orig" -print0 | xargs -0 rm -f
+
cd ..
}
function generatepatch() {
declare -r patch=$1
+ # Cleanup stray files before generating patch
+ find $BOUNCYCASTLE_DIR -type f -name "*.orig" -print0 | xargs -0 rm -f
+ find $BOUNCYCASTLE_DIR -type f -name "*~" -print0 | xargs -0 rm -f
+
declare -r variable_name=OPENSSL_PATCHES_`basename $patch .patch | sed s/-/_/`_SOURCES
# http://tldp.org/LDP/abs/html/ivr.html
eval declare -r sources=\$$variable_name
rm -f $patch
- touch $patch
+ touch $patch
for i in $sources; do
- diff -uap openssl-$OPENSSL_VERSION.orig/$i openssl-$OPENSSL_VERSION/$i >> $patch && die "ERROR: No diff for patch $path in file $i"
+ LC_ALL=C TZ=UTC0 diff -aup $OPENSSL_DIR_ORIG/$i $OPENSSL_DIR/$i >> $patch && die "ERROR: No diff for patch $path in file $i"
done
echo "Generated patch $patch"
echo "NOTE To make sure there are not unwanted changes from conflicting patches, be sure to review the generated patch."
diff --git a/openssl.config b/openssl.config
index 9952326..0f8c5d9 100644
--- a/openssl.config
+++ b/openssl.config
@@ -1,201 +1,202 @@
CONFIGURE_ARGS="\
- linux-generic32 \
- no-idea no-bf no-cast no-seed no-md2 no-whrlpool \
- -DL_ENDIAN"
+linux-generic32 \
+no-idea no-bf no-cast no-seed no-md2 no-whrlpool \
+-DL_ENDIAN \
+"
# unneeded directories
UNNEEDED_SOURCES="\
- MacOS \
- Netware \
- VMS \
- apps/demoCA \
- apps/set \
- bugs \
- certs \
- crypto/bf \
- crypto/camellia \
- crypto/cast \
- crypto/cms \
- crypto/idea \
- crypto/md2 \
- crypto/rc5 \
- crypto/seed \
- crypto/whrlpool \
- demos \
- doc \
- engines \
- ms \
- os2 \
- perl \
- shlib \
- test \
- times \
- tools \
- util"
+MacOS \
+Netware \
+VMS \
+apps/demoCA \
+apps/set \
+bugs \
+certs \
+crypto/bf \
+crypto/camellia \
+crypto/cast \
+crypto/cms \
+crypto/idea \
+crypto/md2 \
+crypto/rc5 \
+crypto/seed \
+crypto/whrlpool \
+demos \
+doc \
+engines \
+ms \
+os2 \
+perl \
+shlib \
+test \
+times \
+tools \
+util \
+"
# unneeded files
UNNEEDED_SOURCES+="\
- CHANGES \
- CHANGES.SSLeay \
- ChangeLog.0_9_7-stable_not-in-head \
- ChangeLog.0_9_7-stable_not-in-head_FIPS \
- Configure \
- FAQ \
- INSTALL \
- INSTALL.DJGPP \
- INSTALL.MacOS \
- INSTALL.NW \
- INSTALL.OS2 \
- INSTALL.VMS \
- INSTALL.W32 \
- INSTALL.W64 \
- INSTALL.WCE \
- LICENSE \
- Makefile \
- Makefile.bak \
- Makefile.org \
- Makefile.shared \
- NEWS \
- PROBLEMS \
- README \
- README.ASN1 \
- README.ENGINE \
- apps/CA.pl.bak \
- apps/Makefile \
- apps/pkey.c \
- apps/pkeyparam.c \
- apps/pkeyutl.c \
- apps/ts.c \
- apps/tsget \
- config \
- crypto/Makefile \
- crypto/aes/Makefile \
- crypto/asn1/Makefile \
- crypto/bio/Makefile \
- crypto/bn/Makefile \
- crypto/buffer/Makefile \
- crypto/camellia/Makefile \
- crypto/comp/Makefile \
- crypto/conf/Makefile \
- crypto/des/Makefile \
- crypto/dh/Makefile \
- crypto/dh/dh_prn.c \
- crypto/dsa/Makefile \
- crypto/dso/Makefile \
- crypto/dso/dso_beos.c \
- crypto/ec/Makefile \
- crypto/ecdh/Makefile \
- crypto/ecdsa/Makefile \
- crypto/engine/Makefile \
- crypto/engine/tb_asnmth.c \
- crypto/engine/tb_pkmeth.c \
- crypto/err/Makefile \
- crypto/evp/Makefile \
- crypto/hmac/Makefile \
- crypto/jpake/Makefile \
- crypto/krb5/Makefile \
- crypto/lhash/Makefile \
- crypto/md4/Makefile \
- crypto/md5/Makefile \
- crypto/mdc2/Makefile \
- crypto/modes/Makefile \
- crypto/modes/cts128.c \
- crypto/modes/modes.h \
- crypto/objects/Makefile \
- crypto/ocsp/Makefile \
- crypto/opensslconf.h.bak \
- crypto/pem/Makefile \
- crypto/pkcs12/Makefile \
- crypto/pkcs7/Makefile \
- crypto/pkcs7/bio_pk7.c \
- crypto/pqueue/Makefile \
- crypto/rand/Makefile \
- crypto/rc2/Makefile \
- crypto/rc4/Makefile \
- crypto/ripemd/Makefile \
- crypto/rsa/Makefile \
- crypto/sha/Makefile \
- crypto/stack/Makefile \
- crypto/store/Makefile \
- crypto/ts/Makefile \
- crypto/ts/ts.h \
- crypto/ts/ts_asn1.c \
- crypto/ts/ts_conf.c \
- crypto/ts/ts_lib.c \
- crypto/ts/ts_req_print.c \
- crypto/ts/ts_req_utils.c \
- crypto/ts/ts_rsp_print.c \
- crypto/ts/ts_rsp_sign.c \
- crypto/ts/ts_rsp_utils.c \
- crypto/ts/ts_rsp_verify.c \
- crypto/ts/ts_verify_ctx.c \
- crypto/txt_db/Makefile \
- crypto/ui/Makefile \
- crypto/x509/Makefile \
- crypto/x509v3/Makefile \
- include/openssl/blowfish.h \
- include/openssl/camellia.h \
- include/openssl/cast.h \
- include/openssl/cms.h \
- include/openssl/idea.h \
- include/openssl/md2.h \
- include/openssl/mdc2.h \
- include/openssl/seed.h \
- include/openssl/whrlpool.h \
- install.com \
- makevms.com \
- openssl.doxy \
- openssl.spec"
+CHANGES \
+CHANGES.SSLeay \
+Configure \
+FAQ \
+INSTALL \
+INSTALL.DJGPP \
+INSTALL.MacOS \
+INSTALL.NW \
+INSTALL.OS2 \
+INSTALL.VMS \
+INSTALL.W32 \
+INSTALL.W64 \
+INSTALL.WCE \
+LICENSE \
+Makefile \
+Makefile.org \
+Makefile.shared \
+NEWS \
+PROBLEMS \
+README \
+README.ASN1 \
+README.ENGINE \
+apps/CA.pl.bak \
+apps/Makefile \
+apps/pkey.c \
+apps/pkeyparam.c \
+apps/pkeyutl.c \
+apps/ts.c \
+apps/tsget \
+config \
+crypto/Makefile \
+crypto/aes/Makefile \
+crypto/asn1/Makefile \
+crypto/bio/Makefile \
+crypto/bn/Makefile \
+crypto/buffer/Makefile \
+crypto/comp/Makefile \
+crypto/conf/Makefile \
+crypto/des/Makefile \
+crypto/dh/Makefile \
+crypto/dh/dh_prn.c \
+crypto/dsa/Makefile \
+crypto/dso/Makefile \
+crypto/dso/dso_beos.c \
+crypto/ec/Makefile \
+crypto/ecdh/Makefile \
+crypto/ecdsa/Makefile \
+crypto/engine/Makefile \
+crypto/engine/tb_asnmth.c \
+crypto/engine/tb_pkmeth.c \
+crypto/err/Makefile \
+crypto/evp/Makefile \
+crypto/hmac/Makefile \
+crypto/jpake/Makefile \
+crypto/krb5/Makefile \
+crypto/lhash/Makefile \
+crypto/md4/Makefile \
+crypto/md5/Makefile \
+crypto/mdc2/Makefile \
+crypto/modes/Makefile \
+crypto/modes/cts128.c \
+crypto/modes/modes.h \
+crypto/objects/Makefile \
+crypto/ocsp/Makefile \
+crypto/opensslconf.h.bak
+crypto/pem/Makefile \
+crypto/pkcs12/Makefile \
+crypto/pkcs7/Makefile \
+crypto/pkcs7/bio_pk7.c \
+crypto/pqueue/Makefile \
+crypto/rand/Makefile \
+crypto/rc2/Makefile \
+crypto/rc4/Makefile \
+crypto/ripemd/Makefile \
+crypto/rsa/Makefile \
+crypto/sha/Makefile \
+crypto/stack/Makefile \
+crypto/store/Makefile \
+crypto/ts/Makefile \
+crypto/ts/ts.h \
+crypto/ts/ts_asn1.c \
+crypto/ts/ts_conf.c \
+crypto/ts/ts_lib.c \
+crypto/ts/ts_req_print.c \
+crypto/ts/ts_req_utils.c \
+crypto/ts/ts_rsp_print.c \
+crypto/ts/ts_rsp_sign.c \
+crypto/ts/ts_rsp_utils.c \
+crypto/ts/ts_rsp_verify.c \
+crypto/ts/ts_verify_ctx.c \
+crypto/txt_db/Makefile \
+crypto/ui/Makefile \
+crypto/x509/Makefile \
+crypto/x509v3/Makefile \
+include/openssl/blowfish.h \
+include/openssl/camellia.h \
+include/openssl/cast.h \
+include/openssl/cms.h \
+include/openssl/idea.h \
+include/openssl/mdc2.h \
+include/openssl/seed.h \
+include/openssl/whrlpool.h \
+install.com \
+makevms.com \
+openssl.doxy \
+openssl.spec \
+"
NEEDED_SOURCES="\
- apps \
- crypto \
- e_os.h \
- e_os2.h \
- ssl \
- include \
+apps \
+crypto \
+e_os.h \
+e_os2.h \
+ssl \
+include \
"
OPENSSL_PATCHES="\
- progs.patch \
- small_records.patch \
- handshake_cutthrough.patch \
- jsse.patch \
+progs.patch \
+small_records.patch \
+handshake_cutthrough.patch \
+jsse.patch \
"
OPENSSL_PATCHES_progs_SOURCES="\
- apps/openssl.c \
- apps/progs.h \
- apps/speed.c \
- crypto/ui/ui_openssl.c"
+apps/openssl.c \
+apps/progs.h \
+apps/speed.c \
+crypto/ui/ui_openssl.c\
+"
OPENSSL_PATCHES_handshake_cutthrough_SOURCES="\
- apps/s_client.c \
- ssl/s3_clnt.c \
- ssl/s3_lib.c \
- ssl/ssl.h \
- ssl/ssl3.h \
- ssl/ssl_lib.c \
- ssl/ssltest.c \
- test/testssl"
+apps/s_client.c \
+ssl/s3_clnt.c \
+ssl/s3_lib.c \
+ssl/ssl.h \
+ssl/ssl3.h \
+ssl/ssl_lib.c \
+ssl/ssltest.c \
+test/testssl \
+"
OPENSSL_PATCHES_small_records_SOURCES="\
- ssl/d1_pkt.c \
- ssl/s23_srvr.c \
- ssl/s3_both.c \
- ssl/s3_pkt.c \
- ssl/ssl.h \
- ssl/ssl3.h \
- ssl/ssltest.c \
- test/testssl"
+ssl/d1_pkt.c \
+ssl/s23_srvr.c \
+ssl/s3_both.c \
+ssl/s3_pkt.c \
+ssl/ssl.h \
+ssl/ssl3.h \
+ssl/ssltest.c \
+test/testssl \
+"
OPENSSL_PATCHES_jsse_SOURCES="\
- ssl/ssl.h \
- ssl/d1_clnt.c \
- ssl/s23_clnt.c \
- ssl/s3_clnt.c \
- ssl/s3_srvr.c \
- ssl/ssl_err.c \
- ssl/ssl_lib.c \
- ssl/ssl_sess.c \
+ssl/ssl.h \
+ssl/d1_clnt.c \
+ssl/s23_clnt.c \
+ssl/s3_clnt.c \
+ssl/s3_srvr.c \
+ssl/ssl_err.c \
+ssl/ssl_lib.c \
+ssl/ssl_sess.c \
"
