Home | History | Annotate | Download | only in openssl
      1 #!/bin/bash
      2 #
      3 # Copyright (C) 2009 The Android Open Source Project
      4 #
      5 # Licensed under the Apache License, Version 2.0 (the "License");
      6 # you may not use this file except in compliance with the License.
      7 # You may obtain a copy of the License at
      8 #
      9 #      http://www.apache.org/licenses/LICENSE-2.0
     10 #
     11 # Unless required by applicable law or agreed to in writing, software
     12 # distributed under the License is distributed on an "AS IS" BASIS,
     13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     14 # See the License for the specific language governing permissions and
     15 # limitations under the License.
     16 #
     17 
     18 #
     19 # This script imports new versions of OpenSSL (http://openssl.org/source) into the
     20 # Android source tree.  To run, (1) fetch the appropriate tarball from the OpenSSL repository,
     21 # (2) check the gpg/pgp signature, and then (3) run:
     22 #   ./import_openssl.sh import openssl-*.tar.gz
     23 #
     24 # IMPORTANT: See README.android for additional details.
     25 
     26 # turn on exit on error as well as a warning when it happens
     27 set -e
     28 trap  "echo WARNING: Exiting on non-zero subprocess exit code" ERR;
     29 
     30 function die() {
     31   declare -r message=$1
     32 
     33   echo $message
     34   exit 1
     35 }
     36 
     37 function usage() {
     38   declare -r message=$1
     39 
     40   if [ ! "$message" = "" ]; then
     41     echo $message
     42   fi
     43   echo "Usage:"
     44   echo "  ./import_openssl.sh import </path/to/openssl-*.tar.gz>"
     45   echo "  ./import_openssl.sh regenerate <patch/*.patch>"
     46   echo "  ./import_openssl.sh generate <patch/*.patch> </path/to/openssl-*.tar.gz>"
     47   exit 1
     48 }
     49 
     50 function main() {
     51   if [ ! -d patches ]; then
     52     die "OpenSSL patch directory patches/ not found"
     53   fi
     54 
     55   if [ ! -f openssl.version ]; then
     56     die "openssl.version not found"
     57   fi
     58 
     59   source openssl.version
     60   if [ "$OPENSSL_VERSION" == "" ]; then
     61     die "Invalid openssl.version; see README.android for more information"
     62   fi
     63 
     64   OPENSSL_DIR=openssl-$OPENSSL_VERSION
     65   OPENSSL_DIR_ORIG=$OPENSSL_DIR.orig
     66 
     67   if [ ! -f openssl.config ]; then
     68     die "openssl.config not found"
     69   fi
     70 
     71   source openssl.config
     72   if [ "$CONFIGURE_ARGS" == "" -o "$UNNEEDED_SOURCES" == "" -o "$NEEDED_SOURCES" == "" ]; then
     73     die "Invalid openssl.config; see README.android for more information"
     74   fi
     75 
     76   declare -r command=$1
     77   shift || usage "No command specified. Try import, regenerate, or generate."
     78   if [ "$command" = "import" ]; then
     79     declare -r tar=$1
     80     shift || usage "No tar file specified."
     81     import $tar
     82   elif [ "$command" = "regenerate" ]; then
     83     declare -r patch=$1
     84     shift || usage "No patch file specified."
     85     [ -d $OPENSSL_DIR ] || usage "$OPENSSL_DIR not found, did you mean to use generate?"
     86     [ -d $OPENSSL_DIR_ORIG_ORIG ] || usage "$OPENSSL_DIR_ORIG not found, did you mean to use generate?"
     87     regenerate $patch
     88   elif [ "$command" = "generate" ]; then
     89     declare -r patch=$1
     90     shift || usage "No patch file specified."
     91     declare -r tar=$1
     92     shift || usage "No tar file specified."
     93     generate $patch $tar
     94   else
     95     usage "Unknown command specified $command. Try import, regenerate, or generate."
     96   fi
     97 }
     98 
     99 function import() {
    100   declare -r OPENSSL_SOURCE=$1
    101 
    102   untar $OPENSSL_SOURCE readonly
    103   applypatches $OPENSSL_DIR
    104 
    105   cd $OPENSSL_DIR
    106 
    107   # Configure source (and print Makefile defines for review, see README.android)
    108   ./Configure $CONFIGURE_ARGS
    109   rm -f apps/CA.pl.bak crypto/opensslconf.h.bak
    110   echo
    111   echo BEGIN Makefile defines to compare with android-config.mk
    112   echo
    113   grep -e -D Makefile | grep -v CONFIGURE_ARGS= | grep -v OPTIONS= | grep -v -e -DOPENSSL_NO_DEPRECATED
    114   echo
    115   echo END Makefile defines to compare with android-config.mk
    116   echo
    117 
    118   # TODO(): Fixup android-config.mk
    119 
    120   cp -f LICENSE ../NOTICE
    121   touch ../MODULE_LICENSE_BSD_LIKE
    122 
    123   # Avoid checking in symlinks
    124   for i in `find include/openssl -type l`; do
    125     target=`readlink $i`
    126     rm -f $i
    127     if [ -f include/openssl/$target ]; then
    128       cp include/openssl/$target $i
    129     fi
    130   done
    131 
    132   # Generate arm asm
    133   perl crypto/aes/asm/aes-armv4.pl         > crypto/aes/asm/aes-armv4.s
    134   perl crypto/bn/asm/armv4-gf2m.pl         > crypto/bn/asm/armv4-gf2m.s
    135   perl crypto/bn/asm/armv4-mont.pl         > crypto/bn/asm/armv4-mont.s
    136   perl crypto/modes/asm/ghash-armv4.pl     > crypto/modes/asm/ghash-armv4.s
    137   perl crypto/sha/asm/sha1-armv4-large.pl  > crypto/sha/asm/sha1-armv4-large.s
    138   perl crypto/sha/asm/sha256-armv4.pl      > crypto/sha/asm/sha256-armv4.s
    139   perl crypto/sha/asm/sha512-armv4.pl      > crypto/sha/asm/sha512-armv4.s
    140 
    141   # Generate mips asm
    142   perl crypto/aes/asm/aes-mips.pl          > crypto/aes/asm/aes-mips.s
    143   perl crypto/bn/asm/mips.pl               > crypto/bn/asm/bn-mips.s
    144   perl crypto/bn/asm/mips-mont.pl          > crypto/bn/asm/mips-mont.s
    145   perl crypto/sha/asm/sha1-mips.pl         > crypto/sha/asm/sha1-mips.s
    146   perl crypto/sha/asm/sha512-mips.pl       > crypto/sha/asm/sha256-mips.s
    147 
    148   # Setup android.testssl directory
    149   mkdir android.testssl
    150   cat test/testssl | \
    151     sed 's#../util/shlib_wrap.sh ./ssltest#adb shell /system/bin/ssltest#' | \
    152     sed 's#../util/shlib_wrap.sh ../apps/openssl#adb shell /system/bin/openssl#' | \
    153     sed 's#adb shell /system/bin/openssl no-dh#[ `adb shell /system/bin/openssl no-dh` = no-dh ]#' | \
    154     sed 's#adb shell /system/bin/openssl no-rsa#[ `adb shell /system/bin/openssl no-rsa` = no-dh ]#' | \
    155     sed 's#../apps/server2.pem#/sdcard/android.testssl/server2.pem#' | \
    156     cat > \
    157     android.testssl/testssl
    158   chmod +x android.testssl/testssl
    159   cat test/Uss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/Uss.cnf
    160   cat test/CAss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/CAss.cnf
    161   cp apps/server2.pem android.testssl/
    162   cp ../patches/testssl.sh android.testssl/
    163 
    164   cd ..
    165 
    166   # Prune unnecessary sources
    167   prune
    168 
    169   NEEDED_SOURCES="$NEEDED_SOURCES android.testssl"
    170   for i in $NEEDED_SOURCES; do
    171     echo "Updating $i"
    172     rm -r $i
    173     mv $OPENSSL_DIR/$i .
    174   done
    175 
    176   cleantar
    177 }
    178 
    179 function regenerate() {
    180   declare -r patch=$1
    181 
    182   generatepatch $patch
    183 }
    184 
    185 function generate() {
    186   declare -r patch=$1
    187   declare -r OPENSSL_SOURCE=$2
    188 
    189   untar $OPENSSL_SOURCE
    190   applypatches $OPENSSL_DIR_ORIG $patch
    191   prune
    192 
    193   for i in $NEEDED_SOURCES; do
    194     echo "Restoring $i"
    195     rm -r $OPENSSL_DIR/$i
    196     cp -rf $i $OPENSSL_DIR/$i
    197   done
    198 
    199   generatepatch $patch
    200   cleantar
    201 }
    202 
    203 function untar() {
    204   declare -r OPENSSL_SOURCE=$1
    205   declare -r readonly=$2
    206 
    207   # Remove old source
    208   cleantar
    209 
    210   # Process new source
    211   tar -zxf $OPENSSL_SOURCE
    212   mv $OPENSSL_DIR $OPENSSL_DIR_ORIG
    213   if [ ! -z $readonly ]; then
    214     find $OPENSSL_DIR_ORIG -type f -print0 | xargs -0 chmod a-w
    215   fi
    216   tar -zxf $OPENSSL_SOURCE
    217 }
    218 
    219 function prune() {
    220   echo "Removing $UNNEEDED_SOURCES"
    221   (cd $OPENSSL_DIR_ORIG && rm -rf $UNNEEDED_SOURCES)
    222   (cd $OPENSSL_DIR      && rm -r  $UNNEEDED_SOURCES)
    223 }
    224 
    225 function cleantar() {
    226   rm -rf $OPENSSL_DIR_ORIG
    227   rm -rf $OPENSSL_DIR
    228 }
    229 
    230 function applypatches () {
    231   declare -r dir=$1
    232   declare -r skip_patch=$2
    233 
    234   cd $dir
    235 
    236   # Apply appropriate patches
    237   for i in $OPENSSL_PATCHES; do
    238     if [ ! "$skip_patch" = "patches/$i" ]; then
    239       echo "Applying patch $i"
    240       patch -p1 < ../patches/$i || die "Could not apply patches/$i. Fix source and run: $0 regenerate patches/$i"
    241     else
    242       echo "Skiping patch $i"
    243     fi
    244 
    245   done
    246 
    247   # Cleanup patch output
    248   find . \( -type f -o -type l \) -name "*.orig" -print0 | xargs -0 rm -f
    249 
    250   cd ..
    251 }
    252 
    253 function generatepatch() {
    254   declare -r patch=$1
    255 
    256   # Cleanup stray files before generating patch
    257   find $BOUNCYCASTLE_DIR -type f -name "*.orig" -print0 | xargs -0 rm -f
    258   find $BOUNCYCASTLE_DIR -type f -name "*~" -print0 | xargs -0 rm -f
    259 
    260   declare -r variable_name=OPENSSL_PATCHES_`basename $patch .patch | sed s/-/_/`_SOURCES
    261   # http://tldp.org/LDP/abs/html/ivr.html
    262   eval declare -r sources=\$$variable_name
    263   rm -f $patch
    264   touch $patch
    265   for i in $sources; do
    266     LC_ALL=C TZ=UTC0 diff -aup $OPENSSL_DIR_ORIG/$i $OPENSSL_DIR/$i >> $patch && die "ERROR: No diff for patch $path in file $i"
    267   done
    268   echo "Generated patch $patch"
    269   echo "NOTE To make sure there are not unwanted changes from conflicting patches, be sure to review the generated patch."
    270 }
    271 
    272 main $@
    273