diff options
Diffstat (limited to 'openssl/import_openssl.sh')
-rwxr-xr-x | openssl/import_openssl.sh | 268 |
1 files changed, 268 insertions, 0 deletions
diff --git a/openssl/import_openssl.sh b/openssl/import_openssl.sh new file mode 100755 index 00000000..6f601989 --- /dev/null +++ b/openssl/import_openssl.sh @@ -0,0 +1,268 @@ +#!/bin/bash +# +# Copyright (C) 2009 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. +# + +# +# This script imports new versions of OpenSSL (http://openssl.org/source) into the +# Android source tree. To run, (1) fetch the appropriate tarball from the OpenSSL repository, +# (2) check the gpg/pgp signature, and then (3) run: +# ./import_openssl.sh import openssl-*.tar.gz +# +# IMPORTANT: See README.android for additional details. + +# turn on exit on error as well as a warning when it happens +set -e +trap "echo WARNING: Exiting on non-zero subprocess exit code" ERR; + +function die() { + declare -r message=$1 + + echo $message + exit 1 +} + +function usage() { + declare -r message=$1 + + if [ ! "$message" = "" ]; then + echo $message + fi + echo "Usage:" + echo " ./import_openssl.sh import </path/to/openssl-*.tar.gz>" + echo " ./import_openssl.sh regenerate <patch/*.patch>" + echo " ./import_openssl.sh generate <patch/*.patch> </path/to/openssl-*.tar.gz>" + exit 1 +} + +function main() { + if [ ! -d patches ]; then + die "OpenSSL patch directory patches/ not found" + fi + + if [ ! -f openssl.version ]; then + die "openssl.version not found" + fi + + source openssl.version + if [ "$OPENSSL_VERSION" == "" ]; then + die "Invalid openssl.version; see README.android for more information" + fi + + OPENSSL_DIR=openssl-$OPENSSL_VERSION + OPENSSL_DIR_ORIG=$OPENSSL_DIR.orig + + if [ ! -f openssl.config ]; then + die "openssl.config not found" + fi + + source openssl.config + if [ "$CONFIGURE_ARGS" == "" -o "$UNNEEDED_SOURCES" == "" -o "$NEEDED_SOURCES" == "" ]; then + die "Invalid openssl.config; see README.android for more information" + fi + + declare -r command=$1 + shift || usage "No command specified. Try import, regenerate, or generate." + if [ "$command" = "import" ]; then + declare -r tar=$1 + shift || usage "No tar file specified." + import $tar + elif [ "$command" = "regenerate" ]; then + declare -r patch=$1 + shift || usage "No patch file specified." + [ -d $OPENSSL_DIR ] || usage "$OPENSSL_DIR not found, did you mean to use generate?" + [ -d $OPENSSL_DIR_ORIG_ORIG ] || usage "$OPENSSL_DIR_ORIG not found, did you mean to use generate?" + regenerate $patch + elif [ "$command" = "generate" ]; then + declare -r patch=$1 + shift || usage "No patch file specified." + declare -r tar=$1 + shift || usage "No tar file specified." + generate $patch $tar + else + usage "Unknown command specified $command. Try import, regenerate, or generate." + fi +} + +function import() { + declare -r OPENSSL_SOURCE=$1 + + untar $OPENSSL_SOURCE readonly + applypatches $OPENSSL_DIR + + cd $OPENSSL_DIR + + # Configure source (and print Makefile defines for review, see README.android) + ./Configure $CONFIGURE_ARGS + rm -f apps/CA.pl.bak crypto/opensslconf.h.bak + echo + echo BEGIN Makefile defines to compare with android-config.mk + echo + grep -e -D Makefile | grep -v CONFIGURE_ARGS= | grep -v OPTIONS= | grep -v -e -DOPENSSL_NO_DEPRECATED + echo + echo END Makefile defines to compare with android-config.mk + echo + + # TODO(): Fixup android-config.mk + + cp -f LICENSE ../NOTICE + touch ../MODULE_LICENSE_BSD_LIKE + + # Avoid checking in symlinks + for i in `find include/openssl -type l`; do + target=`readlink $i` + rm -f $i + if [ -f include/openssl/$target ]; then + cp include/openssl/$target $i + fi + done + + # Copy Makefiles + cp ../patches/apps_Android.mk apps/Android.mk + cp ../patches/crypto_Android.mk crypto/Android.mk + cp ../patches/ssl_Android.mk ssl/Android.mk + + # Generate asm + perl crypto/aes/asm/aes-armv4.pl > crypto/aes/asm/aes-armv4.s + perl crypto/bn/asm/armv4-mont.pl > crypto/bn/asm/armv4-mont.s + perl crypto/sha/asm/sha1-armv4-large.pl > crypto/sha/asm/sha1-armv4-large.s + perl crypto/sha/asm/sha256-armv4.pl > crypto/sha/asm/sha256-armv4.s + perl crypto/sha/asm/sha512-armv4.pl > crypto/sha/asm/sha512-armv4.s + + # Setup android.testssl directory + mkdir android.testssl + cat test/testssl | \ + sed 's#../util/shlib_wrap.sh ./ssltest#adb shell /system/bin/ssltest#' | \ + sed 's#../util/shlib_wrap.sh ../apps/openssl#adb shell /system/bin/openssl#' | \ + sed 's#adb shell /system/bin/openssl no-dh#[ `adb shell /system/bin/openssl no-dh` = no-dh ]#' | \ + sed 's#adb shell /system/bin/openssl no-rsa#[ `adb shell /system/bin/openssl no-rsa` = no-dh ]#' | \ + sed 's#../apps/server2.pem#/sdcard/android.testssl/server2.pem#' | \ + cat > \ + android.testssl/testssl + chmod +x android.testssl/testssl + cat test/Uss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/Uss.cnf + cat test/CAss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/CAss.cnf + cp apps/server2.pem android.testssl/ + cp ../patches/testssl.sh android.testssl/ + + cd .. + + # Prune unnecessary sources + prune + + NEEDED_SOURCES="$NEEDED_SOURCES android.testssl" + for i in $NEEDED_SOURCES; do + echo "Updating $i" + rm -r $i + mv $OPENSSL_DIR/$i . + done + + cleantar +} + +function regenerate() { + declare -r patch=$1 + + generatepatch $patch +} + +function generate() { + declare -r patch=$1 + declare -r OPENSSL_SOURCE=$2 + + untar $OPENSSL_SOURCE + applypatches $OPENSSL_DIR_ORIG $patch + prune + + for i in $NEEDED_SOURCES; do + echo "Restoring $i" + rm -r $OPENSSL_DIR/$i + cp -rf $i $OPENSSL_DIR/$i + done + + generatepatch $patch + cleantar +} + +function untar() { + declare -r OPENSSL_SOURCE=$1 + declare -r readonly=$2 + + # Remove old source + cleantar + + # Process new source + tar -zxf $OPENSSL_SOURCE + mv $OPENSSL_DIR $OPENSSL_DIR_ORIG + if [ ! -z $readonly ]; then + find $OPENSSL_DIR_ORIG -type f -print0 | xargs -0 chmod a-w + fi + tar -zxf $OPENSSL_SOURCE +} + +function prune() { + echo "Removing $UNNEEDED_SOURCES" + (cd $OPENSSL_DIR_ORIG && rm -rf $UNNEEDED_SOURCES) + (cd $OPENSSL_DIR && rm -r $UNNEEDED_SOURCES) +} + +function cleantar() { + rm -rf $OPENSSL_DIR_ORIG + rm -rf $OPENSSL_DIR +} + +function applypatches () { + declare -r dir=$1 + declare -r skip_patch=$2 + + cd $dir + + # Apply appropriate patches + for i in $OPENSSL_PATCHES; do + if [ ! "$skip_patch" = "patches/$i" ]; then + echo "Applying patch $i" + patch -p1 < ../patches/$i || die "Could not apply patches/$i. Fix source and run: $0 regenerate patches/$i" + else + echo "Skiping patch $i" + fi + + done + + # Cleanup patch output + find . -type f -name "*.orig" -print0 | xargs -0 rm -f + + cd .. +} + +function generatepatch() { + declare -r patch=$1 + + # Cleanup stray files before generating patch + find $BOUNCYCASTLE_DIR -type f -name "*.orig" -print0 | xargs -0 rm -f + find $BOUNCYCASTLE_DIR -type f -name "*~" -print0 | xargs -0 rm -f + + declare -r variable_name=OPENSSL_PATCHES_`basename $patch .patch | sed s/-/_/`_SOURCES + # http://tldp.org/LDP/abs/html/ivr.html + eval declare -r sources=\$$variable_name + rm -f $patch + touch $patch + for i in $sources; do + LC_ALL=C TZ=UTC0 diff -aup $OPENSSL_DIR_ORIG/$i $OPENSSL_DIR/$i >> $patch && die "ERROR: No diff for patch $path in file $i" + done + echo "Generated patch $patch" + echo "NOTE To make sure there are not unwanted changes from conflicting patches, be sure to review the generated patch." +} + +main $@ |