summaryrefslogtreecommitdiff
path: root/openssl/import_openssl.sh
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/import_openssl.sh')
-rwxr-xr-xopenssl/import_openssl.sh268
1 files changed, 268 insertions, 0 deletions
diff --git a/openssl/import_openssl.sh b/openssl/import_openssl.sh
new file mode 100755
index 00000000..6f601989
--- /dev/null
+++ b/openssl/import_openssl.sh
@@ -0,0 +1,268 @@
+#!/bin/bash
+#
+# Copyright (C) 2009 The Android Open Source Project
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+#
+# This script imports new versions of OpenSSL (http://openssl.org/source) into the
+# Android source tree. To run, (1) fetch the appropriate tarball from the OpenSSL repository,
+# (2) check the gpg/pgp signature, and then (3) run:
+# ./import_openssl.sh import openssl-*.tar.gz
+#
+# IMPORTANT: See README.android for additional details.
+
+# turn on exit on error as well as a warning when it happens
+set -e
+trap "echo WARNING: Exiting on non-zero subprocess exit code" ERR;
+
+function die() {
+ declare -r message=$1
+
+ echo $message
+ exit 1
+}
+
+function usage() {
+ declare -r message=$1
+
+ if [ ! "$message" = "" ]; then
+ echo $message
+ fi
+ echo "Usage:"
+ echo " ./import_openssl.sh import </path/to/openssl-*.tar.gz>"
+ echo " ./import_openssl.sh regenerate <patch/*.patch>"
+ echo " ./import_openssl.sh generate <patch/*.patch> </path/to/openssl-*.tar.gz>"
+ exit 1
+}
+
+function main() {
+ if [ ! -d patches ]; then
+ die "OpenSSL patch directory patches/ not found"
+ fi
+
+ if [ ! -f openssl.version ]; then
+ die "openssl.version not found"
+ fi
+
+ source openssl.version
+ if [ "$OPENSSL_VERSION" == "" ]; then
+ die "Invalid openssl.version; see README.android for more information"
+ fi
+
+ OPENSSL_DIR=openssl-$OPENSSL_VERSION
+ OPENSSL_DIR_ORIG=$OPENSSL_DIR.orig
+
+ if [ ! -f openssl.config ]; then
+ die "openssl.config not found"
+ fi
+
+ source openssl.config
+ if [ "$CONFIGURE_ARGS" == "" -o "$UNNEEDED_SOURCES" == "" -o "$NEEDED_SOURCES" == "" ]; then
+ die "Invalid openssl.config; see README.android for more information"
+ fi
+
+ declare -r command=$1
+ shift || usage "No command specified. Try import, regenerate, or generate."
+ if [ "$command" = "import" ]; then
+ declare -r tar=$1
+ shift || usage "No tar file specified."
+ import $tar
+ elif [ "$command" = "regenerate" ]; then
+ declare -r patch=$1
+ shift || usage "No patch file specified."
+ [ -d $OPENSSL_DIR ] || usage "$OPENSSL_DIR not found, did you mean to use generate?"
+ [ -d $OPENSSL_DIR_ORIG_ORIG ] || usage "$OPENSSL_DIR_ORIG not found, did you mean to use generate?"
+ regenerate $patch
+ elif [ "$command" = "generate" ]; then
+ declare -r patch=$1
+ shift || usage "No patch file specified."
+ declare -r tar=$1
+ shift || usage "No tar file specified."
+ generate $patch $tar
+ else
+ usage "Unknown command specified $command. Try import, regenerate, or generate."
+ fi
+}
+
+function import() {
+ declare -r OPENSSL_SOURCE=$1
+
+ untar $OPENSSL_SOURCE readonly
+ applypatches $OPENSSL_DIR
+
+ cd $OPENSSL_DIR
+
+ # Configure source (and print Makefile defines for review, see README.android)
+ ./Configure $CONFIGURE_ARGS
+ rm -f apps/CA.pl.bak crypto/opensslconf.h.bak
+ echo
+ echo BEGIN Makefile defines to compare with android-config.mk
+ echo
+ grep -e -D Makefile | grep -v CONFIGURE_ARGS= | grep -v OPTIONS= | grep -v -e -DOPENSSL_NO_DEPRECATED
+ echo
+ echo END Makefile defines to compare with android-config.mk
+ echo
+
+ # TODO(): Fixup android-config.mk
+
+ cp -f LICENSE ../NOTICE
+ touch ../MODULE_LICENSE_BSD_LIKE
+
+ # Avoid checking in symlinks
+ for i in `find include/openssl -type l`; do
+ target=`readlink $i`
+ rm -f $i
+ if [ -f include/openssl/$target ]; then
+ cp include/openssl/$target $i
+ fi
+ done
+
+ # Copy Makefiles
+ cp ../patches/apps_Android.mk apps/Android.mk
+ cp ../patches/crypto_Android.mk crypto/Android.mk
+ cp ../patches/ssl_Android.mk ssl/Android.mk
+
+ # Generate asm
+ perl crypto/aes/asm/aes-armv4.pl > crypto/aes/asm/aes-armv4.s
+ perl crypto/bn/asm/armv4-mont.pl > crypto/bn/asm/armv4-mont.s
+ perl crypto/sha/asm/sha1-armv4-large.pl > crypto/sha/asm/sha1-armv4-large.s
+ perl crypto/sha/asm/sha256-armv4.pl > crypto/sha/asm/sha256-armv4.s
+ perl crypto/sha/asm/sha512-armv4.pl > crypto/sha/asm/sha512-armv4.s
+
+ # Setup android.testssl directory
+ mkdir android.testssl
+ cat test/testssl | \
+ sed 's#../util/shlib_wrap.sh ./ssltest#adb shell /system/bin/ssltest#' | \
+ sed 's#../util/shlib_wrap.sh ../apps/openssl#adb shell /system/bin/openssl#' | \
+ sed 's#adb shell /system/bin/openssl no-dh#[ `adb shell /system/bin/openssl no-dh` = no-dh ]#' | \
+ sed 's#adb shell /system/bin/openssl no-rsa#[ `adb shell /system/bin/openssl no-rsa` = no-dh ]#' | \
+ sed 's#../apps/server2.pem#/sdcard/android.testssl/server2.pem#' | \
+ cat > \
+ android.testssl/testssl
+ chmod +x android.testssl/testssl
+ cat test/Uss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/Uss.cnf
+ cat test/CAss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/CAss.cnf
+ cp apps/server2.pem android.testssl/
+ cp ../patches/testssl.sh android.testssl/
+
+ cd ..
+
+ # Prune unnecessary sources
+ prune
+
+ NEEDED_SOURCES="$NEEDED_SOURCES android.testssl"
+ for i in $NEEDED_SOURCES; do
+ echo "Updating $i"
+ rm -r $i
+ mv $OPENSSL_DIR/$i .
+ done
+
+ cleantar
+}
+
+function regenerate() {
+ declare -r patch=$1
+
+ generatepatch $patch
+}
+
+function generate() {
+ declare -r patch=$1
+ declare -r OPENSSL_SOURCE=$2
+
+ untar $OPENSSL_SOURCE
+ applypatches $OPENSSL_DIR_ORIG $patch
+ prune
+
+ for i in $NEEDED_SOURCES; do
+ echo "Restoring $i"
+ rm -r $OPENSSL_DIR/$i
+ cp -rf $i $OPENSSL_DIR/$i
+ done
+
+ generatepatch $patch
+ cleantar
+}
+
+function untar() {
+ declare -r OPENSSL_SOURCE=$1
+ declare -r readonly=$2
+
+ # Remove old source
+ cleantar
+
+ # Process new source
+ tar -zxf $OPENSSL_SOURCE
+ mv $OPENSSL_DIR $OPENSSL_DIR_ORIG
+ if [ ! -z $readonly ]; then
+ find $OPENSSL_DIR_ORIG -type f -print0 | xargs -0 chmod a-w
+ fi
+ tar -zxf $OPENSSL_SOURCE
+}
+
+function prune() {
+ echo "Removing $UNNEEDED_SOURCES"
+ (cd $OPENSSL_DIR_ORIG && rm -rf $UNNEEDED_SOURCES)
+ (cd $OPENSSL_DIR && rm -r $UNNEEDED_SOURCES)
+}
+
+function cleantar() {
+ rm -rf $OPENSSL_DIR_ORIG
+ rm -rf $OPENSSL_DIR
+}
+
+function applypatches () {
+ declare -r dir=$1
+ declare -r skip_patch=$2
+
+ cd $dir
+
+ # Apply appropriate patches
+ for i in $OPENSSL_PATCHES; do
+ if [ ! "$skip_patch" = "patches/$i" ]; then
+ echo "Applying patch $i"
+ patch -p1 < ../patches/$i || die "Could not apply patches/$i. Fix source and run: $0 regenerate patches/$i"
+ else
+ echo "Skiping patch $i"
+ fi
+
+ done
+
+ # Cleanup patch output
+ find . -type f -name "*.orig" -print0 | xargs -0 rm -f
+
+ cd ..
+}
+
+function generatepatch() {
+ declare -r patch=$1
+
+ # Cleanup stray files before generating patch
+ find $BOUNCYCASTLE_DIR -type f -name "*.orig" -print0 | xargs -0 rm -f
+ find $BOUNCYCASTLE_DIR -type f -name "*~" -print0 | xargs -0 rm -f
+
+ declare -r variable_name=OPENSSL_PATCHES_`basename $patch .patch | sed s/-/_/`_SOURCES
+ # http://tldp.org/LDP/abs/html/ivr.html
+ eval declare -r sources=\$$variable_name
+ rm -f $patch
+ touch $patch
+ for i in $sources; do
+ LC_ALL=C TZ=UTC0 diff -aup $OPENSSL_DIR_ORIG/$i $OPENSSL_DIR/$i >> $patch && die "ERROR: No diff for patch $path in file $i"
+ done
+ echo "Generated patch $patch"
+ echo "NOTE To make sure there are not unwanted changes from conflicting patches, be sure to review the generated patch."
+}
+
+main $@