• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/bash
2#
3# Copyright (C) 2009 The Android Open Source Project
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9#      http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16#
17
18#
19# This script imports new versions of OpenSSL (http://openssl.org/source) into the
20# Android source tree.  To run, (1) fetch the appropriate tarball from the OpenSSL repository,
21# (2) check the gpg/pgp signature, and then (3) run:
22#   ./import_openssl.sh import openssl-*.tar.gz
23#
24# IMPORTANT: See README.android for additional details.
25
26# turn on exit on error as well as a warning when it happens
27set -e
28trap  "echo WARNING: Exiting on non-zero subprocess exit code" ERR;
29
30function die() {
31  declare -r message=$1
32
33  echo $message
34  exit 1
35}
36
37function usage() {
38  declare -r message=$1
39
40  if [ ! "$message" = "" ]; then
41    echo $message
42  fi
43  echo "Usage:"
44  echo "  ./import_openssl.sh import </path/to/openssl-*.tar.gz>"
45  echo "  ./import_openssl.sh regenerate <patch/*.patch>"
46  echo "  ./import_openssl.sh generate <patch/*.patch> </path/to/openssl-*.tar.gz>"
47  exit 1
48}
49
50function main() {
51  if [ ! -d patches ]; then
52    die "OpenSSL patch directory patches/ not found"
53  fi
54
55  if [ ! -f openssl.version ]; then
56    die "openssl.version not found"
57  fi
58
59  source openssl.version
60  if [ "$OPENSSL_VERSION" == "" ]; then
61    die "Invalid openssl.version; see README.android for more information"
62  fi
63
64  OPENSSL_DIR=openssl-$OPENSSL_VERSION
65  OPENSSL_DIR_ORIG=$OPENSSL_DIR.orig
66
67  if [ ! -f openssl.config ]; then
68    die "openssl.config not found"
69  fi
70
71  source openssl.config
72  if [ "$CONFIGURE_ARGS" == "" -o "$UNNEEDED_SOURCES" == "" -o "$NEEDED_SOURCES" == "" ]; then
73    die "Invalid openssl.config; see README.android for more information"
74  fi
75
76  declare -r command=$1
77  shift || usage "No command specified. Try import, regenerate, or generate."
78  if [ "$command" = "import" ]; then
79    declare -r tar=$1
80    shift || usage "No tar file specified."
81    import $tar
82  elif [ "$command" = "regenerate" ]; then
83    declare -r patch=$1
84    shift || usage "No patch file specified."
85    [ -d $OPENSSL_DIR ] || usage "$OPENSSL_DIR not found, did you mean to use generate?"
86    [ -d $OPENSSL_DIR_ORIG_ORIG ] || usage "$OPENSSL_DIR_ORIG not found, did you mean to use generate?"
87    regenerate $patch
88  elif [ "$command" = "generate" ]; then
89    declare -r patch=$1
90    shift || usage "No patch file specified."
91    declare -r tar=$1
92    shift || usage "No tar file specified."
93    generate $patch $tar
94  else
95    usage "Unknown command specified $command. Try import, regenerate, or generate."
96  fi
97}
98
99function import() {
100  declare -r OPENSSL_SOURCE=$1
101
102  untar $OPENSSL_SOURCE readonly
103  applypatches $OPENSSL_DIR
104
105  cd $OPENSSL_DIR
106
107  # Configure source (and print Makefile defines for review, see README.android)
108  ./Configure $CONFIGURE_ARGS
109  rm -f apps/CA.pl.bak crypto/opensslconf.h.bak
110  echo
111  echo BEGIN Makefile defines to compare with android-config.mk
112  echo
113  grep -e -D Makefile | grep -v CONFIGURE_ARGS= | grep -v OPTIONS= | grep -v -e -DOPENSSL_NO_DEPRECATED
114  echo
115  echo END Makefile defines to compare with android-config.mk
116  echo
117
118  # TODO(): Fixup android-config.mk
119
120  cp -f LICENSE ../NOTICE
121  touch ../MODULE_LICENSE_BSD_LIKE
122
123  # Avoid checking in symlinks
124  for i in `find include/openssl -type l`; do
125    target=`readlink $i`
126    rm -f $i
127    if [ -f include/openssl/$target ]; then
128      cp include/openssl/$target $i
129    fi
130  done
131
132  # Generate arm asm
133  perl crypto/aes/asm/aes-armv4.pl         > crypto/aes/asm/aes-armv4.s
134  perl crypto/bn/asm/armv4-gf2m.pl         > crypto/bn/asm/armv4-gf2m.s
135  perl crypto/bn/asm/armv4-mont.pl         > crypto/bn/asm/armv4-mont.s
136  perl crypto/modes/asm/ghash-armv4.pl     > crypto/modes/asm/ghash-armv4.s
137  perl crypto/sha/asm/sha1-armv4-large.pl  > crypto/sha/asm/sha1-armv4-large.s
138  perl crypto/sha/asm/sha256-armv4.pl      > crypto/sha/asm/sha256-armv4.s
139  perl crypto/sha/asm/sha512-armv4.pl      > crypto/sha/asm/sha512-armv4.s
140
141  # Generate mips asm
142  perl crypto/aes/asm/aes-mips.pl          > crypto/aes/asm/aes-mips.s
143  perl crypto/bn/asm/mips.pl               > crypto/bn/asm/bn-mips.s
144  perl crypto/bn/asm/mips-mont.pl          > crypto/bn/asm/mips-mont.s
145  perl crypto/sha/asm/sha1-mips.pl         > crypto/sha/asm/sha1-mips.s
146  perl crypto/sha/asm/sha512-mips.pl       > crypto/sha/asm/sha256-mips.s
147
148  # Setup android.testssl directory
149  mkdir android.testssl
150  cat test/testssl | \
151    sed 's#../util/shlib_wrap.sh ./ssltest#adb shell /system/bin/ssltest#' | \
152    sed 's#../util/shlib_wrap.sh ../apps/openssl#adb shell /system/bin/openssl#' | \
153    sed 's#adb shell /system/bin/openssl no-dh#[ `adb shell /system/bin/openssl no-dh` = no-dh ]#' | \
154    sed 's#adb shell /system/bin/openssl no-rsa#[ `adb shell /system/bin/openssl no-rsa` = no-dh ]#' | \
155    sed 's#../apps/server2.pem#/sdcard/android.testssl/server2.pem#' | \
156    cat > \
157    android.testssl/testssl
158  chmod +x android.testssl/testssl
159  cat test/Uss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/Uss.cnf
160  cat test/CAss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/CAss.cnf
161  cp apps/server2.pem android.testssl/
162  cp ../patches/testssl.sh android.testssl/
163
164  cd ..
165
166  # Prune unnecessary sources
167  prune
168
169  NEEDED_SOURCES="$NEEDED_SOURCES android.testssl"
170  for i in $NEEDED_SOURCES; do
171    echo "Updating $i"
172    rm -r $i
173    mv $OPENSSL_DIR/$i .
174  done
175
176  cleantar
177}
178
179function regenerate() {
180  declare -r patch=$1
181
182  generatepatch $patch
183}
184
185function generate() {
186  declare -r patch=$1
187  declare -r OPENSSL_SOURCE=$2
188
189  untar $OPENSSL_SOURCE
190  applypatches $OPENSSL_DIR_ORIG $patch
191  prune
192
193  for i in $NEEDED_SOURCES; do
194    echo "Restoring $i"
195    rm -r $OPENSSL_DIR/$i
196    cp -rf $i $OPENSSL_DIR/$i
197  done
198
199  generatepatch $patch
200  cleantar
201}
202
203function untar() {
204  declare -r OPENSSL_SOURCE=$1
205  declare -r readonly=$2
206
207  # Remove old source
208  cleantar
209
210  # Process new source
211  tar -zxf $OPENSSL_SOURCE
212  mv $OPENSSL_DIR $OPENSSL_DIR_ORIG
213  if [ ! -z $readonly ]; then
214    find $OPENSSL_DIR_ORIG -type f -print0 | xargs -0 chmod a-w
215  fi
216  tar -zxf $OPENSSL_SOURCE
217}
218
219function prune() {
220  echo "Removing $UNNEEDED_SOURCES"
221  (cd $OPENSSL_DIR_ORIG && rm -rf $UNNEEDED_SOURCES)
222  (cd $OPENSSL_DIR      && rm -r  $UNNEEDED_SOURCES)
223}
224
225function cleantar() {
226  rm -rf $OPENSSL_DIR_ORIG
227  rm -rf $OPENSSL_DIR
228}
229
230function applypatches () {
231  declare -r dir=$1
232  declare -r skip_patch=$2
233
234  cd $dir
235
236  # Apply appropriate patches
237  for i in $OPENSSL_PATCHES; do
238    if [ ! "$skip_patch" = "patches/$i" ]; then
239      echo "Applying patch $i"
240      patch -p1 < ../patches/$i || die "Could not apply patches/$i. Fix source and run: $0 regenerate patches/$i"
241    else
242      echo "Skiping patch $i"
243    fi
244
245  done
246
247  # Cleanup patch output
248  find . \( -type f -o -type l \) -name "*.orig" -print0 | xargs -0 rm -f
249
250  cd ..
251}
252
253function generatepatch() {
254  declare -r patch=$1
255
256  # Cleanup stray files before generating patch
257  find $BOUNCYCASTLE_DIR -type f -name "*.orig" -print0 | xargs -0 rm -f
258  find $BOUNCYCASTLE_DIR -type f -name "*~" -print0 | xargs -0 rm -f
259
260  declare -r variable_name=OPENSSL_PATCHES_`basename $patch .patch | sed s/-/_/`_SOURCES
261  # http://tldp.org/LDP/abs/html/ivr.html
262  eval declare -r sources=\$$variable_name
263  rm -f $patch
264  touch $patch
265  for i in $sources; do
266    LC_ALL=C TZ=UTC0 diff -aup $OPENSSL_DIR_ORIG/$i $OPENSSL_DIR/$i >> $patch && die "ERROR: No diff for patch $path in file $i"
267  done
268  echo "Generated patch $patch"
269  echo "NOTE To make sure there are not unwanted changes from conflicting patches, be sure to review the generated patch."
270}
271
272main $@
273