1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
|
#!/bin/bash
#
# Copyright (C) 2009 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
#
# This script imports new versions of OpenSSL (http://openssl.org/source) into the
# Android source tree. To run, (1) fetch the appropriate tarball from the OpenSSL repository,
# (2) check the gpg/pgp signature, and then (3) run:
# ./import_openssl.sh import openssl-*.tar.gz
#
# IMPORTANT: See README.android for additional details.
# turn on exit on error as well as a warning when it happens
set -e
trap "echo WARNING: Exiting on non-zero subprocess exit code" ERR;
function die() {
declare -r message=$1
echo $message
exit 1
}
function usage() {
declare -r message=$1
if [ ! "$message" = "" ]; then
echo $message
fi
echo "Usage:"
echo " ./import_openssl.sh import </path/to/openssl-*.tar.gz>"
echo " ./import_openssl.sh regenerate <patch/*.patch>"
echo " ./import_openssl.sh generate <patch/*.patch> </path/to/openssl-*.tar.gz>"
exit 1
}
function main() {
if [ ! -d patches ]; then
die "OpenSSL patch directory patches/ not found"
fi
if [ ! -f openssl.version ]; then
die "openssl.version not found"
fi
source openssl.version
if [ "$OPENSSL_VERSION" == "" ]; then
die "Invalid openssl.version; see README.android for more information"
fi
OPENSSL_DIR=openssl-$OPENSSL_VERSION
OPENSSL_DIR_ORIG=$OPENSSL_DIR.orig
if [ ! -f openssl.config ]; then
die "openssl.config not found"
fi
source openssl.config
if [ "$CONFIGURE_ARGS" == "" -o "$UNNEEDED_SOURCES" == "" -o "$NEEDED_SOURCES" == "" ]; then
die "Invalid openssl.config; see README.android for more information"
fi
declare -r command=$1
shift || usage "No command specified. Try import, regenerate, or generate."
if [ "$command" = "import" ]; then
declare -r tar=$1
shift || usage "No tar file specified."
import $tar
elif [ "$command" = "regenerate" ]; then
declare -r patch=$1
shift || usage "No patch file specified."
[ -d $OPENSSL_DIR ] || usage "$OPENSSL_DIR not found, did you mean to use generate?"
[ -d $OPENSSL_DIR_ORIG_ORIG ] || usage "$OPENSSL_DIR_ORIG not found, did you mean to use generate?"
regenerate $patch
elif [ "$command" = "generate" ]; then
declare -r patch=$1
shift || usage "No patch file specified."
declare -r tar=$1
shift || usage "No tar file specified."
generate $patch $tar
else
usage "Unknown command specified $command. Try import, regenerate, or generate."
fi
}
function import() {
declare -r OPENSSL_SOURCE=$1
untar $OPENSSL_SOURCE readonly
applypatches $OPENSSL_DIR
cd $OPENSSL_DIR
# Configure source (and print Makefile defines for review, see README.android)
./Configure $CONFIGURE_ARGS
rm -f apps/CA.pl.bak crypto/opensslconf.h.bak
echo
echo BEGIN Makefile defines to compare with android-config.mk
echo
grep -e -D Makefile | grep -v CONFIGURE_ARGS= | grep -v OPTIONS= | grep -v -e -DOPENSSL_NO_DEPRECATED
echo
echo END Makefile defines to compare with android-config.mk
echo
# TODO(): Fixup android-config.mk
cp -f LICENSE ../NOTICE
touch ../MODULE_LICENSE_BSD_LIKE
# Avoid checking in symlinks
for i in `find include/openssl -type l`; do
target=`readlink $i`
rm -f $i
if [ -f include/openssl/$target ]; then
cp include/openssl/$target $i
fi
done
# Copy Makefiles
cp ../patches/apps_Android.mk apps/Android.mk
cp ../patches/crypto_Android.mk crypto/Android.mk
cp ../patches/ssl_Android.mk ssl/Android.mk
# Generate asm
perl crypto/aes/asm/aes-armv4.pl > crypto/aes/asm/aes-armv4.s
perl crypto/bn/asm/armv4-mont.pl > crypto/bn/asm/armv4-mont.s
perl crypto/sha/asm/sha1-armv4-large.pl > crypto/sha/asm/sha1-armv4-large.s
perl crypto/sha/asm/sha256-armv4.pl > crypto/sha/asm/sha256-armv4.s
perl crypto/sha/asm/sha512-armv4.pl > crypto/sha/asm/sha512-armv4.s
# Setup android.testssl directory
mkdir android.testssl
cat test/testssl | \
sed 's#../util/shlib_wrap.sh ./ssltest#adb shell /system/bin/ssltest#' | \
sed 's#../util/shlib_wrap.sh ../apps/openssl#adb shell /system/bin/openssl#' | \
sed 's#adb shell /system/bin/openssl no-dh#[ `adb shell /system/bin/openssl no-dh` = no-dh ]#' | \
sed 's#adb shell /system/bin/openssl no-rsa#[ `adb shell /system/bin/openssl no-rsa` = no-dh ]#' | \
sed 's#../apps/server2.pem#/sdcard/android.testssl/server2.pem#' | \
cat > \
android.testssl/testssl
chmod +x android.testssl/testssl
cat test/Uss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/Uss.cnf
cat test/CAss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/CAss.cnf
cp apps/server2.pem android.testssl/
cp ../patches/testssl.sh android.testssl/
cd ..
# Prune unnecessary sources
prune
NEEDED_SOURCES="$NEEDED_SOURCES android.testssl"
for i in $NEEDED_SOURCES; do
echo "Updating $i"
rm -r $i
mv $OPENSSL_DIR/$i .
done
cleantar
}
function regenerate() {
declare -r patch=$1
generatepatch $patch
}
function generate() {
declare -r patch=$1
declare -r OPENSSL_SOURCE=$2
untar $OPENSSL_SOURCE
applypatches $OPENSSL_DIR_ORIG $patch
prune
for i in $NEEDED_SOURCES; do
echo "Restoring $i"
rm -r $OPENSSL_DIR/$i
cp -rf $i $OPENSSL_DIR/$i
done
generatepatch $patch
cleantar
}
function untar() {
declare -r OPENSSL_SOURCE=$1
declare -r readonly=$2
# Remove old source
cleantar
# Process new source
tar -zxf $OPENSSL_SOURCE
mv $OPENSSL_DIR $OPENSSL_DIR_ORIG
if [ ! -z $readonly ]; then
find $OPENSSL_DIR_ORIG -type f -print0 | xargs -0 chmod a-w
fi
tar -zxf $OPENSSL_SOURCE
}
function prune() {
echo "Removing $UNNEEDED_SOURCES"
(cd $OPENSSL_DIR_ORIG && rm -rf $UNNEEDED_SOURCES)
(cd $OPENSSL_DIR && rm -r $UNNEEDED_SOURCES)
}
function cleantar() {
rm -rf $OPENSSL_DIR_ORIG
rm -rf $OPENSSL_DIR
}
function applypatches () {
declare -r dir=$1
declare -r skip_patch=$2
cd $dir
# Apply appropriate patches
for i in $OPENSSL_PATCHES; do
if [ ! "$skip_patch" = "patches/$i" ]; then
echo "Applying patch $i"
patch -p1 < ../patches/$i || die "Could not apply patches/$i. Fix source and run: $0 regenerate patches/$i"
else
echo "Skiping patch $i"
fi
done
# Cleanup patch output
find . -type f -name "*.orig" -print0 | xargs -0 rm -f
cd ..
}
function generatepatch() {
declare -r patch=$1
# Cleanup stray files before generating patch
find $BOUNCYCASTLE_DIR -type f -name "*.orig" -print0 | xargs -0 rm -f
find $BOUNCYCASTLE_DIR -type f -name "*~" -print0 | xargs -0 rm -f
declare -r variable_name=OPENSSL_PATCHES_`basename $patch .patch | sed s/-/_/`_SOURCES
# http://tldp.org/LDP/abs/html/ivr.html
eval declare -r sources=\$$variable_name
rm -f $patch
touch $patch
for i in $sources; do
LC_ALL=C TZ=UTC0 diff -aup $OPENSSL_DIR_ORIG/$i $OPENSSL_DIR/$i >> $patch && die "ERROR: No diff for patch $path in file $i"
done
echo "Generated patch $patch"
echo "NOTE To make sure there are not unwanted changes from conflicting patches, be sure to review the generated patch."
}
main $@
|
