Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 1 | #!/bin/bash |
| 2 | # |
| 3 | # Copyright (C) 2009 The Android Open Source Project |
| 4 | # |
| 5 | # Licensed under the Apache License, Version 2.0 (the "License"); |
| 6 | # you may not use this file except in compliance with the License. |
| 7 | # You may obtain a copy of the License at |
| 8 | # |
| 9 | # http://www.apache.org/licenses/LICENSE-2.0 |
| 10 | # |
| 11 | # Unless required by applicable law or agreed to in writing, software |
| 12 | # distributed under the License is distributed on an "AS IS" BASIS, |
| 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 14 | # See the License for the specific language governing permissions and |
| 15 | # limitations under the License. |
| 16 | # |
| 17 | |
| 18 | # |
| 19 | # This script imports new versions of OpenSSL (http://openssl.org/source) into the |
| 20 | # Android source tree. To run, (1) fetch the appropriate tarball from the OpenSSL repository, |
| 21 | # (2) check the gpg/pgp signature, and then (3) run: |
| 22 | # ./import_openssl.sh import openssl-*.tar.gz |
| 23 | # |
| 24 | # IMPORTANT: See README.android for additional details. |
| 25 | |
| 26 | # turn on exit on error as well as a warning when it happens |
| 27 | set -e |
| 28 | trap "echo WARNING: Exiting on non-zero subprocess exit code" ERR; |
| 29 | |
| 30 | function die() { |
| 31 | declare -r message=$1 |
| 32 | |
| 33 | echo $message |
| 34 | exit 1 |
| 35 | } |
| 36 | |
| 37 | function usage() { |
| 38 | declare -r message=$1 |
| 39 | |
| 40 | if [ ! "$message" = "" ]; then |
| 41 | echo $message |
| 42 | fi |
| 43 | echo "Usage:" |
| 44 | echo " ./import_openssl.sh import </path/to/openssl-*.tar.gz>" |
| 45 | echo " ./import_openssl.sh regenerate <patch/*.patch>" |
| 46 | echo " ./import_openssl.sh generate <patch/*.patch> </path/to/openssl-*.tar.gz>" |
| 47 | exit 1 |
| 48 | } |
| 49 | |
| 50 | function main() { |
| 51 | if [ ! -d patches ]; then |
| 52 | die "OpenSSL patch directory patches/ not found" |
| 53 | fi |
| 54 | |
| 55 | if [ ! -f openssl.version ]; then |
| 56 | die "openssl.version not found" |
| 57 | fi |
| 58 | |
| 59 | source openssl.version |
| 60 | if [ "$OPENSSL_VERSION" == "" ]; then |
| 61 | die "Invalid openssl.version; see README.android for more information" |
| 62 | fi |
| 63 | |
| 64 | OPENSSL_DIR=openssl-$OPENSSL_VERSION |
| 65 | OPENSSL_DIR_ORIG=$OPENSSL_DIR.orig |
| 66 | |
| 67 | if [ ! -f openssl.config ]; then |
| 68 | die "openssl.config not found" |
| 69 | fi |
| 70 | |
| 71 | source openssl.config |
| 72 | if [ "$CONFIGURE_ARGS" == "" -o "$UNNEEDED_SOURCES" == "" -o "$NEEDED_SOURCES" == "" ]; then |
| 73 | die "Invalid openssl.config; see README.android for more information" |
| 74 | fi |
| 75 | |
| 76 | declare -r command=$1 |
| 77 | shift || usage "No command specified. Try import, regenerate, or generate." |
| 78 | if [ "$command" = "import" ]; then |
| 79 | declare -r tar=$1 |
| 80 | shift || usage "No tar file specified." |
| 81 | import $tar |
| 82 | elif [ "$command" = "regenerate" ]; then |
| 83 | declare -r patch=$1 |
| 84 | shift || usage "No patch file specified." |
| 85 | [ -d $OPENSSL_DIR ] || usage "$OPENSSL_DIR not found, did you mean to use generate?" |
| 86 | [ -d $OPENSSL_DIR_ORIG_ORIG ] || usage "$OPENSSL_DIR_ORIG not found, did you mean to use generate?" |
| 87 | regenerate $patch |
| 88 | elif [ "$command" = "generate" ]; then |
| 89 | declare -r patch=$1 |
| 90 | shift || usage "No patch file specified." |
| 91 | declare -r tar=$1 |
| 92 | shift || usage "No tar file specified." |
| 93 | generate $patch $tar |
| 94 | else |
| 95 | usage "Unknown command specified $command. Try import, regenerate, or generate." |
| 96 | fi |
| 97 | } |
| 98 | |
| 99 | function import() { |
| 100 | declare -r OPENSSL_SOURCE=$1 |
| 101 | |
| 102 | untar $OPENSSL_SOURCE readonly |
| 103 | applypatches $OPENSSL_DIR |
| 104 | |
| 105 | cd $OPENSSL_DIR |
| 106 | |
| 107 | # Configure source (and print Makefile defines for review, see README.android) |
| 108 | ./Configure $CONFIGURE_ARGS |
| 109 | rm -f apps/CA.pl.bak crypto/opensslconf.h.bak |
| 110 | echo |
| 111 | echo BEGIN Makefile defines to compare with android-config.mk |
| 112 | echo |
| 113 | grep -e -D Makefile | grep -v CONFIGURE_ARGS= | grep -v OPTIONS= | grep -v -e -DOPENSSL_NO_DEPRECATED |
| 114 | echo |
| 115 | echo END Makefile defines to compare with android-config.mk |
| 116 | echo |
| 117 | |
| 118 | # TODO(): Fixup android-config.mk |
| 119 | |
| 120 | cp -f LICENSE ../NOTICE |
| 121 | touch ../MODULE_LICENSE_BSD_LIKE |
| 122 | |
| 123 | # Avoid checking in symlinks |
| 124 | for i in `find include/openssl -type l`; do |
| 125 | target=`readlink $i` |
| 126 | rm -f $i |
| 127 | if [ -f include/openssl/$target ]; then |
| 128 | cp include/openssl/$target $i |
| 129 | fi |
| 130 | done |
| 131 | |
Alexandre Savard | 7541067 | 2012-08-08 09:50:01 -0400 | [diff] [blame] | 132 | # Copy Makefiles |
| 133 | cp ../patches/apps_Android.mk apps/Android.mk |
| 134 | cp ../patches/crypto_Android.mk crypto/Android.mk |
| 135 | cp ../patches/ssl_Android.mk ssl/Android.mk |
| 136 | |
| 137 | # Generate asm |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 138 | perl crypto/aes/asm/aes-armv4.pl > crypto/aes/asm/aes-armv4.s |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 139 | perl crypto/bn/asm/armv4-mont.pl > crypto/bn/asm/armv4-mont.s |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 140 | perl crypto/sha/asm/sha1-armv4-large.pl > crypto/sha/asm/sha1-armv4-large.s |
| 141 | perl crypto/sha/asm/sha256-armv4.pl > crypto/sha/asm/sha256-armv4.s |
| 142 | perl crypto/sha/asm/sha512-armv4.pl > crypto/sha/asm/sha512-armv4.s |
| 143 | |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 144 | # Setup android.testssl directory |
| 145 | mkdir android.testssl |
| 146 | cat test/testssl | \ |
| 147 | sed 's#../util/shlib_wrap.sh ./ssltest#adb shell /system/bin/ssltest#' | \ |
| 148 | sed 's#../util/shlib_wrap.sh ../apps/openssl#adb shell /system/bin/openssl#' | \ |
| 149 | sed 's#adb shell /system/bin/openssl no-dh#[ `adb shell /system/bin/openssl no-dh` = no-dh ]#' | \ |
| 150 | sed 's#adb shell /system/bin/openssl no-rsa#[ `adb shell /system/bin/openssl no-rsa` = no-dh ]#' | \ |
| 151 | sed 's#../apps/server2.pem#/sdcard/android.testssl/server2.pem#' | \ |
| 152 | cat > \ |
| 153 | android.testssl/testssl |
| 154 | chmod +x android.testssl/testssl |
| 155 | cat test/Uss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/Uss.cnf |
| 156 | cat test/CAss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/CAss.cnf |
| 157 | cp apps/server2.pem android.testssl/ |
| 158 | cp ../patches/testssl.sh android.testssl/ |
| 159 | |
| 160 | cd .. |
| 161 | |
| 162 | # Prune unnecessary sources |
| 163 | prune |
| 164 | |
| 165 | NEEDED_SOURCES="$NEEDED_SOURCES android.testssl" |
| 166 | for i in $NEEDED_SOURCES; do |
| 167 | echo "Updating $i" |
| 168 | rm -r $i |
| 169 | mv $OPENSSL_DIR/$i . |
| 170 | done |
| 171 | |
| 172 | cleantar |
| 173 | } |
| 174 | |
| 175 | function regenerate() { |
| 176 | declare -r patch=$1 |
| 177 | |
| 178 | generatepatch $patch |
| 179 | } |
| 180 | |
| 181 | function generate() { |
| 182 | declare -r patch=$1 |
| 183 | declare -r OPENSSL_SOURCE=$2 |
| 184 | |
| 185 | untar $OPENSSL_SOURCE |
| 186 | applypatches $OPENSSL_DIR_ORIG $patch |
| 187 | prune |
| 188 | |
| 189 | for i in $NEEDED_SOURCES; do |
| 190 | echo "Restoring $i" |
| 191 | rm -r $OPENSSL_DIR/$i |
| 192 | cp -rf $i $OPENSSL_DIR/$i |
| 193 | done |
| 194 | |
| 195 | generatepatch $patch |
| 196 | cleantar |
| 197 | } |
| 198 | |
| 199 | function untar() { |
| 200 | declare -r OPENSSL_SOURCE=$1 |
| 201 | declare -r readonly=$2 |
| 202 | |
| 203 | # Remove old source |
| 204 | cleantar |
| 205 | |
| 206 | # Process new source |
| 207 | tar -zxf $OPENSSL_SOURCE |
| 208 | mv $OPENSSL_DIR $OPENSSL_DIR_ORIG |
| 209 | if [ ! -z $readonly ]; then |
| 210 | find $OPENSSL_DIR_ORIG -type f -print0 | xargs -0 chmod a-w |
| 211 | fi |
| 212 | tar -zxf $OPENSSL_SOURCE |
| 213 | } |
| 214 | |
| 215 | function prune() { |
| 216 | echo "Removing $UNNEEDED_SOURCES" |
| 217 | (cd $OPENSSL_DIR_ORIG && rm -rf $UNNEEDED_SOURCES) |
| 218 | (cd $OPENSSL_DIR && rm -r $UNNEEDED_SOURCES) |
| 219 | } |
| 220 | |
| 221 | function cleantar() { |
| 222 | rm -rf $OPENSSL_DIR_ORIG |
| 223 | rm -rf $OPENSSL_DIR |
| 224 | } |
| 225 | |
| 226 | function applypatches () { |
| 227 | declare -r dir=$1 |
| 228 | declare -r skip_patch=$2 |
| 229 | |
| 230 | cd $dir |
| 231 | |
| 232 | # Apply appropriate patches |
| 233 | for i in $OPENSSL_PATCHES; do |
| 234 | if [ ! "$skip_patch" = "patches/$i" ]; then |
| 235 | echo "Applying patch $i" |
| 236 | patch -p1 < ../patches/$i || die "Could not apply patches/$i. Fix source and run: $0 regenerate patches/$i" |
| 237 | else |
| 238 | echo "Skiping patch $i" |
| 239 | fi |
| 240 | |
| 241 | done |
| 242 | |
| 243 | # Cleanup patch output |
Alexandre Savard | 7541067 | 2012-08-08 09:50:01 -0400 | [diff] [blame] | 244 | find . -type f -name "*.orig" -print0 | xargs -0 rm -f |
Alexandre Savard | 1b09e31 | 2012-08-07 20:33:29 -0400 | [diff] [blame] | 245 | |
| 246 | cd .. |
| 247 | } |
| 248 | |
| 249 | function generatepatch() { |
| 250 | declare -r patch=$1 |
| 251 | |
| 252 | # Cleanup stray files before generating patch |
| 253 | find $BOUNCYCASTLE_DIR -type f -name "*.orig" -print0 | xargs -0 rm -f |
| 254 | find $BOUNCYCASTLE_DIR -type f -name "*~" -print0 | xargs -0 rm -f |
| 255 | |
| 256 | declare -r variable_name=OPENSSL_PATCHES_`basename $patch .patch | sed s/-/_/`_SOURCES |
| 257 | # http://tldp.org/LDP/abs/html/ivr.html |
| 258 | eval declare -r sources=\$$variable_name |
| 259 | rm -f $patch |
| 260 | touch $patch |
| 261 | for i in $sources; do |
| 262 | LC_ALL=C TZ=UTC0 diff -aup $OPENSSL_DIR_ORIG/$i $OPENSSL_DIR/$i >> $patch && die "ERROR: No diff for patch $path in file $i" |
| 263 | done |
| 264 | echo "Generated patch $patch" |
| 265 | echo "NOTE To make sure there are not unwanted changes from conflicting patches, be sure to review the generated patch." |
| 266 | } |
| 267 | |
| 268 | main $@ |