3 # Copyright (C) 2009 The Android Open Source Project
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
19 # This script imports new versions of OpenSSL (http://openssl.org/source) into the
20 # Android source tree. To run, (1) fetch the appropriate tarball from the OpenSSL repository,
21 # (2) check the gpg/pgp signature, and then (3) run:
22 # ./import_openssl.sh import openssl-*.tar.gz
24 # IMPORTANT: See README.android for additional details.
26 # turn on exit on error as well as a warning when it happens
28 trap "echo WARNING: Exiting on non-zero subprocess exit code" ERR;
30 # Ensure consistent sorting order / tool output.
44 if [ ! "$message" = "" ]; then
48 echo " ./import_openssl.sh import </path/to/openssl-*.tar.gz>"
49 echo " ./import_openssl.sh regenerate <patch/*.patch>"
50 echo " ./import_openssl.sh generate <patch/*.patch> </path/to/openssl-*.tar.gz>"
55 if [ ! -d patches ]; then
56 die "OpenSSL patch directory patches/ not found"
59 if [ ! -f openssl.version ]; then
60 die "openssl.version not found"
63 source openssl.version
64 if [ "$OPENSSL_VERSION" == "" ]; then
65 die "Invalid openssl.version; see README.android for more information"
68 OPENSSL_DIR=openssl-$OPENSSL_VERSION
69 OPENSSL_DIR_ORIG=$OPENSSL_DIR.orig
71 if [ ! -f openssl.config ]; then
72 die "openssl.config not found"
76 if [ "$CONFIGURE_ARGS" == "" -o "$UNNEEDED_SOURCES" == "" -o "$NEEDED_SOURCES" == "" ]; then
77 die "Invalid openssl.config; see README.android for more information"
81 shift || usage "No command specified. Try import, regenerate, or generate."
82 if [ "$command" = "import" ]; then
84 shift || usage "No tar file specified."
86 elif [ "$command" = "regenerate" ]; then
88 shift || usage "No patch file specified."
89 [ -d $OPENSSL_DIR ] || usage "$OPENSSL_DIR not found, did you mean to use generate?"
90 [ -d $OPENSSL_DIR_ORIG_ORIG ] || usage "$OPENSSL_DIR_ORIG not found, did you mean to use generate?"
92 elif [ "$command" = "generate" ]; then
94 shift || usage "No patch file specified."
96 shift || usage "No tar file specified."
99 usage "Unknown command specified $command. Try import, regenerate, or generate."
103 # Compute the name of an assembly source file generated by one of the
104 # gen_asm_xxxx() functions below. The logic is the following:
105 # - if "$2" is not empty, output it directly
106 # - otherwise, change the file extension of $1 from .pl to .S and output
108 # Usage: default_asm_file "$1" "$2"
109 # or default_asm_file "$@"
111 # $1: generator path (perl script)
112 # $2: optional output file name.
113 function default_asm_file () {
121 function default_asm_mac_ia32_file () {
125 echo "${1%%.pl}-mac.S"
128 # Generate an ARM assembly file.
129 # $1: generator (perl script)
130 # $2: [optional] output file name
131 function gen_asm_arm () {
133 OUT=$(default_asm_file "$@")
137 function gen_asm_mips () {
139 OUT=$(default_asm_file "$@")
140 # The perl scripts expect to run the target compiler as $CC to determine
141 # the endianess of the target. Setting CC to true is a hack that forces the scripts
142 # to generate little endian output
143 CC=true perl "$1" o32 > "$OUT"
146 function gen_asm_x86 () {
148 OUT=$(default_asm_file "$@")
149 perl "$1" elf -fPIC > "$OUT"
152 function gen_asm_x86_64 () {
154 OUT=$(default_asm_file "$@")
155 perl "$1" elf "$OUT" > "$OUT"
158 function gen_asm_mac_ia32 () {
160 OUT=$(default_asm_mac_ia32_file "$@")
161 perl "$1" macosx "$OUT" > "$OUT"
164 # Filter all items in a list that match a given pattern.
165 # $1: space-separated list
167 # Out: items in $1 that match $2
168 function filter_by_egrep() {
169 declare -r pattern=$1
171 echo "$@" | tr ' ' '\n' | grep -e "$pattern" | tr '\n' ' '
174 # Sort and remove duplicates in a space-separated list
175 # $1: space-separated list
176 # Out: new space-separated list
177 function uniq_sort () {
178 echo "$@" | tr ' ' '\n' | sort -u | tr '\n' ' '
181 function print_autogenerated_header() {
182 echo "# Auto-generated - DO NOT EDIT!"
183 echo "# To regenerate, edit openssl.config, then run:"
184 echo "# ./import_openssl.sh import /path/to/openssl-$OPENSSL_VERSION.tar.gz"
188 function generate_build_config_mk() {
189 ./Configure $CONFIGURE_ARGS
190 rm -f apps/CA.pl.bak crypto/opensslconf.h.bak
192 declare -r tmpfile=$(mktemp)
193 (grep -e -D Makefile | grep -v CONFIGURE_ARGS= | grep -v OPTIONS= | grep -v -e -DOPENSSL_NO_DEPRECATED) > $tmpfile
195 declare -r cflags=$(filter_by_egrep "^-D" $(grep -e "^CFLAG=" $tmpfile))
196 declare -r depflags=$(filter_by_egrep "^-D" $(grep -e "^DEPFLAG=" $tmpfile))
199 echo "Generating $(basename $1)"
201 print_autogenerated_header
203 echo "openssl_cflags := \\"
204 for cflag in $cflags $depflags; do
211 # Return the value of a computed variable name.
215 # echo $(var_value FOO_$BAR) -> prints the value of ${FOO_bar}
217 # Out: variable value
219 # Note: don't use 'echo' here, because it's sensitive to values
220 # that begin with an underscore (e.g. "-n")
221 eval printf \"%s\\n\" \$$1
224 # Same as var_value, but returns sorted output without duplicates.
226 # Out: variable value (if space-separated list, sorted with no duplicates)
228 uniq_sort $(var_value $1)
231 # Print the definition of a given variable in a GNU Make build file.
232 # $1: Variable name (e.g. common_src_files)
233 # $2+: Variable value (e.g. list of sources)
234 print_vardef_in_mk() {
235 declare -r varname=$1
240 echo "$varname := \\"
248 # Same as print_vardef_in_mk, but print a CFLAGS definition from
249 # a list of compiler defines.
250 # $1: Variable name (e.g. common_c_flags)
251 # $2: List of defines (e.g. OPENSSL_NO_CAMELLIA ...)
252 print_defines_in_mk() {
253 declare -r varname=$1
258 echo "$varname := \\"
266 # Generate a configuration file like Crypto-config.mk
267 # This uses variable definitions from openssl.config to build a config
268 # file that can compute the list of target- and host-specific sources /
269 # compiler flags for a given component.
271 # $1: Target file name. (e.g. Crypto-config.mk)
272 # $2: Variable prefix. (e.g. CRYPTO)
273 function generate_config_mk() {
274 declare -r output="$1"
275 declare -r prefix="$2"
276 declare -r all_archs="arm x86 x86_64 mips"
278 echo "Generating $(basename $output)"
280 print_autogenerated_header
282 "# Before including this file, the local Android.mk must define the following
287 # local_additional_dependencies
289 # This script will define the following variables:
300 # Ensure these are empty.
301 unknown_arch_c_flags :=
302 unknown_arch_src_files :=
303 unknown_arch_exclude_files :=
306 common_defines=$(var_sorted_value OPENSSL_${prefix}_DEFINES)
307 print_defines_in_mk common_c_flags $common_defines
309 common_sources=$(var_sorted_value OPENSSL_${prefix}_SOURCES)
310 print_vardef_in_mk common_src_files $common_sources
312 common_includes=$(var_sorted_value OPENSSL_${prefix}_INCLUDES)
313 print_vardef_in_mk common_c_includes $common_includes
315 for arch in $all_archs; do
316 arch_defines=$(var_sorted_value OPENSSL_${prefix}_DEFINES_${arch})
317 print_defines_in_mk ${arch}_c_flags $arch_defines
319 arch_sources=$(var_sorted_value OPENSSL_${prefix}_SOURCES_${arch})
320 print_vardef_in_mk ${arch}_src_files $arch_sources
322 arch_exclude_sources=$(var_sorted_value OPENSSL_${prefix}_SOURCES_EXCLUDES_${arch})
323 print_vardef_in_mk ${arch}_exclude_files $arch_exclude_sources
328 target_arch := \$(TARGET_ARCH)
329 ifeq (\$(target_arch)-\$(TARGET_HAS_BIGENDIAN),mips-true)
330 target_arch := unknown_arch
333 target_c_flags := \$(common_c_flags) \$(\$(target_arch)_c_flags) \$(local_c_flags)
334 target_c_includes := \$(addprefix external/openssl/,\$(common_c_includes)) \$(local_c_includes)
335 target_src_files := \$(common_src_files) \$(\$(target_arch)_src_files)
336 target_src_files := \$(filter-out \$(\$(target_arch)_exclude_files), \$(target_src_files))
338 ifeq (\$(HOST_OS)-\$(HOST_ARCH),linux-x86)
341 host_arch := unknown_arch
344 host_c_flags := \$(common_c_flags) \$(\$(host_arch)_c_flags) \$(local_c_flags)
345 host_c_includes := \$(addprefix external/openssl/,\$(common_c_includes)) \$(local_c_includes)
346 host_src_files := \$(common_src_files) \$(\$(host_arch)_src_files)
347 host_src_files := \$(filter-out \$(\$(host_arch)_exclude_files), \$(host_src_files))
349 local_additional_dependencies += \$(LOCAL_PATH)/$(basename $output)
356 declare -r OPENSSL_SOURCE=$1
358 untar $OPENSSL_SOURCE readonly
359 applypatches $OPENSSL_DIR
363 generate_build_config_mk ../build-config.mk
365 cp -f LICENSE ../NOTICE
366 touch ../MODULE_LICENSE_BSD_LIKE
368 # Avoid checking in symlinks
369 for i in `find include/openssl -type l`; do
372 if [ -f include/openssl/$target ]; then
373 cp include/openssl/$target $i
378 gen_asm_arm crypto/aes/asm/aes-armv4.pl
379 gen_asm_arm crypto/bn/asm/armv4-gf2m.pl
380 gen_asm_arm crypto/bn/asm/armv4-mont.pl
381 gen_asm_arm crypto/modes/asm/ghash-armv4.pl
382 gen_asm_arm crypto/sha/asm/sha1-armv4-large.pl
383 gen_asm_arm crypto/sha/asm/sha256-armv4.pl
384 gen_asm_arm crypto/sha/asm/sha512-armv4.pl
387 gen_asm_mips crypto/aes/asm/aes-mips.pl
388 gen_asm_mips crypto/bn/asm/mips.pl crypto/bn/asm/bn-mips.S
389 gen_asm_mips crypto/bn/asm/mips-mont.pl
390 gen_asm_mips crypto/sha/asm/sha1-mips.pl
391 gen_asm_mips crypto/sha/asm/sha512-mips.pl crypto/sha/asm/sha256-mips.S
394 gen_asm_x86 crypto/x86cpuid.pl
395 gen_asm_x86 crypto/aes/asm/aes-586.pl
396 gen_asm_x86 crypto/aes/asm/vpaes-x86.pl
397 gen_asm_x86 crypto/aes/asm/aesni-x86.pl
398 gen_asm_x86 crypto/bn/asm/bn-586.pl
399 gen_asm_x86 crypto/bn/asm/co-586.pl
400 gen_asm_x86 crypto/bn/asm/x86-mont.pl
401 gen_asm_x86 crypto/bn/asm/x86-gf2m.pl
402 gen_asm_x86 crypto/modes/asm/ghash-x86.pl
403 gen_asm_x86 crypto/sha/asm/sha1-586.pl
404 gen_asm_x86 crypto/sha/asm/sha256-586.pl
405 gen_asm_x86 crypto/sha/asm/sha512-586.pl
406 gen_asm_x86 crypto/md5/asm/md5-586.pl
407 gen_asm_x86 crypto/des/asm/des-586.pl
408 gen_asm_x86 crypto/des/asm/crypt586.pl
409 gen_asm_x86 crypto/bf/asm/bf-586.pl
411 # Generate x86_64 asm
412 gen_asm_x86_64 crypto/x86_64cpuid.pl
413 gen_asm_x86_64 crypto/sha/asm/sha1-x86_64.pl
414 gen_asm_x86_64 crypto/sha/asm/sha512-x86_64.pl crypto/sha/asm/sha256-x86_64.S
415 gen_asm_x86_64 crypto/sha/asm/sha512-x86_64.pl
416 gen_asm_x86_64 crypto/modes/asm/ghash-x86_64.pl
417 gen_asm_x86_64 crypto/aes/asm/aesni-x86_64.pl
418 gen_asm_x86_64 crypto/aes/asm/vpaes-x86_64.pl
419 gen_asm_x86_64 crypto/aes/asm/bsaes-x86_64.pl
420 gen_asm_x86_64 crypto/aes/asm/aes-x86_64.pl
421 gen_asm_x86_64 crypto/aes/asm/aesni-sha1-x86_64.pl
422 gen_asm_x86_64 crypto/md5/asm/md5-x86_64.pl
423 gen_asm_x86_64 crypto/bn/asm/modexp512-x86_64.pl
424 gen_asm_x86_64 crypto/bn/asm/x86_64-mont.pl
425 gen_asm_x86_64 crypto/bn/asm/x86_64-gf2m.pl
426 gen_asm_x86_64 crypto/bn/asm/x86_64-mont5.pl
427 gen_asm_x86_64 crypto/rc4/asm/rc4-x86_64.pl
428 gen_asm_x86_64 crypto/rc4/asm/rc4-md5-x86_64.pl
430 # Generate mac_ia32 asm
431 gen_asm_mac_ia32 crypto/x86cpuid.pl
432 gen_asm_mac_ia32 crypto/aes/asm/aes-586.pl
433 gen_asm_mac_ia32 crypto/aes/asm/vpaes-x86.pl
434 gen_asm_mac_ia32 crypto/aes/asm/aesni-x86.pl
435 gen_asm_mac_ia32 crypto/bn/asm/bn-586.pl
436 gen_asm_mac_ia32 crypto/bn/asm/co-586.pl
437 gen_asm_mac_ia32 crypto/bn/asm/x86-mont.pl
438 gen_asm_mac_ia32 crypto/bn/asm/x86-gf2m.pl
439 gen_asm_mac_ia32 crypto/modes/asm/ghash-x86.pl
440 gen_asm_mac_ia32 crypto/sha/asm/sha1-586.pl
441 gen_asm_mac_ia32 crypto/sha/asm/sha256-586.pl
442 gen_asm_mac_ia32 crypto/sha/asm/sha512-586.pl
443 gen_asm_mac_ia32 crypto/md5/asm/md5-586.pl
444 gen_asm_mac_ia32 crypto/des/asm/des-586.pl
445 gen_asm_mac_ia32 crypto/des/asm/crypt586.pl
446 gen_asm_mac_ia32 crypto/bf/asm/bf-586.pl
448 # Setup android.testssl directory
449 mkdir android.testssl
451 sed 's#../util/shlib_wrap.sh ./ssltest#adb shell /system/bin/ssltest#' | \
452 sed 's#../util/shlib_wrap.sh ../apps/openssl#adb shell /system/bin/openssl#' | \
453 sed 's#adb shell /system/bin/openssl no-dh#[ `adb shell /system/bin/openssl no-dh` = no-dh ]#' | \
454 sed 's#adb shell /system/bin/openssl no-rsa#[ `adb shell /system/bin/openssl no-rsa` = no-dh ]#' | \
455 sed 's#../apps/server2.pem#/sdcard/android.testssl/server2.pem#' | \
457 android.testssl/testssl
458 chmod +x android.testssl/testssl
459 cat test/Uss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/Uss.cnf
460 cat test/CAss.cnf | sed 's#./.rnd#/sdcard/android.testssl/.rnd#' >> android.testssl/CAss.cnf
461 cp apps/server2.pem android.testssl/
462 cp ../patches/testssl.sh android.testssl/
466 generate_config_mk Crypto-config.mk CRYPTO
467 generate_config_mk Ssl-config.mk SSL
468 generate_config_mk Apps-config.mk APPS
470 # Prune unnecessary sources
473 NEEDED_SOURCES="$NEEDED_SOURCES android.testssl"
474 for i in $NEEDED_SOURCES; do
483 function regenerate() {
489 function generate() {
491 declare -r OPENSSL_SOURCE=$2
493 untar $OPENSSL_SOURCE
494 applypatches $OPENSSL_DIR_ORIG $patch
497 for i in $NEEDED_SOURCES; do
499 rm -r $OPENSSL_DIR/$i
500 cp -rf $i $OPENSSL_DIR/$i
507 # Find all files in a sub-directory that are encoded in ISO-8859
509 # Out: list of files in $1 that are encoded as ISO-8859.
510 function find_iso8859_files() {
511 find $1 -type f -print0 | xargs -0 file | fgrep "ISO-8859" | cut -d: -f1
514 # Convert all ISO-8859 files in a given subdirectory to UTF-8
516 function convert_iso8859_to_utf8() {
517 declare -r iso_files=$(find_iso8859_files "$1")
518 for iso_file in $iso_files; do
519 iconv --from-code iso-8859-1 --to-code utf-8 $iso_file > $iso_file.tmp
521 mv $iso_file.tmp $iso_file
526 declare -r OPENSSL_SOURCE=$1
527 declare -r readonly=$2
533 tar -zxf $OPENSSL_SOURCE
534 convert_iso8859_to_utf8 $OPENSSL_DIR
535 cp -rfP $OPENSSL_DIR $OPENSSL_DIR_ORIG
536 if [ ! -z $readonly ]; then
537 find $OPENSSL_DIR_ORIG -type f -print0 | xargs -0 chmod a-w
542 echo "Removing $UNNEEDED_SOURCES"
543 (cd $OPENSSL_DIR_ORIG && rm -rf $UNNEEDED_SOURCES)
544 (cd $OPENSSL_DIR && rm -r $UNNEEDED_SOURCES)
547 function cleantar() {
548 rm -rf $OPENSSL_DIR_ORIG
552 function applypatches () {
554 declare -r skip_patch=$2
558 # Apply appropriate patches
559 for i in $OPENSSL_PATCHES; do
560 if [ ! "$skip_patch" = "patches/$i" ]; then
561 echo "Applying patch $i"
562 patch -p1 --merge < ../patches/$i || die "Could not apply patches/$i. Fix source and run: $0 regenerate patches/$i"
564 echo "Skiping patch $i"
569 # Cleanup patch output
570 find . \( -type f -o -type l \) -name "*.orig" -print0 | xargs -0 rm -f
575 function generatepatch() {
578 # Cleanup stray files before generating patch
579 find $BOUNCYCASTLE_DIR -type f -name "*.orig" -print0 | xargs -0 rm -f
580 find $BOUNCYCASTLE_DIR -type f -name "*~" -print0 | xargs -0 rm -f
582 declare -r variable_name=OPENSSL_PATCHES_`basename $patch .patch | sed s/-/_/`_SOURCES
583 # http://tldp.org/LDP/abs/html/ivr.html
584 eval declare -r sources=\$$variable_name
587 for i in $sources; do
588 LC_ALL=C TZ=UTC0 diff -aup $OPENSSL_DIR_ORIG/$i $OPENSSL_DIR/$i >> $patch && die "ERROR: No diff for patch $path in file $i"
590 echo "Generated patch $patch"
591 echo "NOTE To make sure there are not unwanted changes from conflicting patches, be sure to review the generated patch."