diff --git a/BUILD.boringssl b/BUILD.boringssl new file mode 100644 index 00000000000..6cad7cd2309 --- /dev/null +++ b/BUILD.boringssl @@ -0,0 +1,82 @@ +load("@rules_cc//cc:defs.bzl", "cc_library") + +licenses(["notice"]) # Apache 2 + +cc_library( + name = "headers", + hdrs = [ + "include/openssl/aead.h", + "include/openssl/aes.h", + "include/openssl/arm_arch.h", + "include/openssl/asn1.h", + "include/openssl/asn1_mac.h", + "include/openssl/asn1t.h", + "include/openssl/base64.h", + "include/openssl/base.h", + "include/openssl/bio.h", + "include/openssl/blake2.h", + "include/openssl/blowfish.h", + "include/openssl/bn.h", + "include/openssl/buffer.h", + "include/openssl/buf.h", + "include/openssl/bytestring.h", + "include/openssl/cast.h", + "include/openssl/chacha.h", + "include/openssl/cipher.h", + "include/openssl/cmac.h", + "include/openssl/conf.h", + "include/openssl/cpu.h", + "include/openssl/crypto.h", + "include/openssl/curve25519.h", + "include/openssl/des.h", + "include/openssl/dh.h", + "include/openssl/digest.h", + "include/openssl/dsa.h", + "include/openssl/dtls1.h", + "include/openssl/ecdh.h", + "include/openssl/ecdsa.h", + "include/openssl/ec.h", + "include/openssl/ec_key.h", + "include/openssl/engine.h", + "include/openssl/e_os2.h", + "include/openssl/err.h", + "include/openssl/evp_errors.h", + "include/openssl/evp.h", + "include/openssl/ex_data.h", + "include/openssl/hkdf.h", + "include/openssl/hmac.h", + "include/openssl/hpke.h", + "include/openssl/hrss.h", + "include/openssl/is_boringssl.h", + "include/openssl/kdf.h", + "include/openssl/lhash.h", + "include/openssl/md4.h", + "include/openssl/md5.h", + "include/openssl/mem.h", + "include/openssl/nid.h", + "include/openssl/objects.h", + "include/openssl/obj.h", + "include/openssl/obj_mac.h", + "include/openssl/opensslconf.h", + "include/openssl/opensslv.h", + "include/openssl/ossl_typ.h", + "include/openssl/pem.h", + "include/openssl/pkcs12.h", + "include/openssl/pkcs7.h", + "include/openssl/pkcs8.h", + "include/openssl/poly1305.h", + "include/openssl/pool.h", + "include/openssl/rand.h", + "include/openssl/rc4.h", + "include/openssl/ripemd.h", + "include/openssl/rsa.h", + "include/openssl/safestack.h", + "include/openssl/service_indicator.h", + "include/openssl/sha.h", + "include/openssl/siphash.h", + "include/openssl/span.h", + "include/openssl/srtp.h", + ], + includes = ["include"], + visibility = ["//visibility:public"], +) diff --git a/BUILD.llvm b/BUILD.llvm new file mode 100644 index 00000000000..33d4b901a60 --- /dev/null +++ b/BUILD.llvm @@ -0,0 +1,22 @@ +load("@rules_cc//cc:defs.bzl", "cc_library") + +licenses(["notice"]) # Apache 2 + +cc_library( + name = "clang_lib", + hdrs = glob([ + "include/**/*", + ]), + srcs = [ + "lib/libclang-cpp.so", + "lib/libclang-cpp.so.18.1", + "lib/libclang.so.18.1", + "lib/libclangAST.a", + "lib/libclangFrontend.a", + "lib/libclangTooling.a", + "lib/libclangBasic.a", + "lib/libclangLex.a", + ], + includes = ["include"], + visibility = ["//visibility:public"], +) diff --git a/BUILD.openssl b/BUILD.openssl new file mode 100644 index 00000000000..514696f147f --- /dev/null +++ b/BUILD.openssl @@ -0,0 +1,13 @@ +load("@rules_cc//cc:defs.bzl", "cc_library") + +licenses(["notice"]) # Apache 2 + +cc_library( + name = "openssl-lib", + srcs = [ + "lib64/libcrypto.so", + "lib64/libssl.so", + ], + linkstatic = False, + visibility = ["//visibility:public"], +) diff --git a/WORKSPACE b/WORKSPACE index 5ba82ccdeec..d0740a0180f 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -36,3 +36,15 @@ envoy_dependency_imports() load("//bazel:dependency_imports_extra.bzl", "envoy_dependency_imports_extra") envoy_dependency_imports_extra() + +new_local_repository( + name = "openssl", + path = "/opt/openssl3.0/", + build_file = "BUILD.openssl", +) +new_local_repository( + name = "clang", + path = "/opt/llvm/", + build_file = "//:BUILD.llvm" +) + diff --git a/bssl-compat/BUILD b/bssl-compat/BUILD index b022908f184..efaa1b0c397 100644 --- a/bssl-compat/BUILD +++ b/bssl-compat/BUILD @@ -1,23 +1,5 @@ -load("@rules_foreign_cc//foreign_cc:defs.bzl", "cmake") - -filegroup( - name = "srcs", - srcs = glob(["**"]), -) - licenses(["notice"]) # Apache 2 -cmake( - name = "bssl-compat", - lib_source = ":srcs", - out_shared_libs = [], - out_static_libs = ["libbssl-compat.a"], - visibility = ["//visibility:public"], - generate_crosstool_file = False, - out_binaries = ["utests-bssl-compat"], - build_args = [ "-j" ] -) - filegroup( name = "bssl-compat-utests-bssl-compat", srcs = [":bssl-compat"], @@ -30,6 +12,766 @@ sh_test( srcs = [":bssl-compat-utests-bssl-compat"], ) + +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_library", + "envoy_package", +) + +envoy_package() + +genrule( + name = "ossl_gen", + srcs = [ + "@clang//:clang_lib" + ], + tools = [ + "//bssl-compat/prefixer:prefixer", + ], + outs = [ + "source/ossl.c", + "include/ossl.h", + "include/ossl/openssl/types.h", + "include/ossl/openssl/aes.h", + "include/ossl/openssl/asn1.h", + "include/ossl/openssl/asn1_mac.h", + "include/ossl/openssl/asn1err.h", + "include/ossl/openssl/asn1t.h", + "include/ossl/openssl/async.h", + "include/ossl/openssl/asyncerr.h", + "include/ossl/openssl/bio.h", + "include/ossl/openssl/bioerr.h", + "include/ossl/openssl/blowfish.h", + "include/ossl/openssl/bn.h", + "include/ossl/openssl/bnerr.h", + "include/ossl/openssl/buffer.h", + "include/ossl/openssl/buffererr.h", + "include/ossl/openssl/camellia.h", + "include/ossl/openssl/cast.h", + "include/ossl/openssl/cmac.h", + "include/ossl/openssl/cmp.h", + "include/ossl/openssl/cmperr.h", + "include/ossl/openssl/cmp_util.h", + "include/ossl/openssl/cms.h", + "include/ossl/openssl/cmserr.h", + "include/ossl/openssl/comp.h", + "include/ossl/openssl/comperr.h", + "include/ossl/openssl/conf.h", + "include/ossl/openssl/conf_api.h", + "include/ossl/openssl/conferr.h", + "include/ossl/openssl/configuration.h", + "include/ossl/openssl/conftypes.h", + "include/ossl/openssl/core.h", + "include/ossl/openssl/core_dispatch.h", + "include/ossl/openssl/crmf.h", + "include/ossl/openssl/crmferr.h", + "include/ossl/openssl/crypto.h", + "include/ossl/openssl/cryptoerr.h", + "include/ossl/openssl/cryptoerr_legacy.h", + "include/ossl/openssl/ct.h", + "include/ossl/openssl/cterr.h", + "include/ossl/openssl/decoder.h", + "include/ossl/openssl/decodererr.h", + "include/ossl/openssl/des.h", + "include/ossl/openssl/dh.h", + "include/ossl/openssl/dherr.h", + "include/ossl/openssl/dsa.h", + "include/ossl/openssl/dsaerr.h", + "include/ossl/openssl/dtls1.h", + "include/ossl/openssl/e_os2.h", + "include/ossl/openssl/ebcdic.h", + "include/ossl/openssl/ec.h", + "include/ossl/openssl/ecdh.h", + "include/ossl/openssl/ecdsa.h", + "include/ossl/openssl/ecerr.h", + "include/ossl/openssl/encoder.h", + "include/ossl/openssl/encodererr.h", + "include/ossl/openssl/engine.h", + "include/ossl/openssl/engineerr.h", + "include/ossl/openssl/err.h", + "include/ossl/openssl/evp.h", + "include/ossl/openssl/evperr.h", + "include/ossl/openssl/ess.h", + "include/ossl/openssl/esserr.h", + "include/ossl/openssl/hmac.h", + "include/ossl/openssl/http.h", + "include/ossl/openssl/idea.h", + "include/ossl/openssl/kdf.h", + "include/ossl/openssl/kdferr.h", + "include/ossl/openssl/lhash.h", + "include/ossl/openssl/macros.h", + "include/ossl/openssl/md2.h", + "include/ossl/openssl/md4.h", + "include/ossl/openssl/md5.h", + "include/ossl/openssl/mdc2.h", + "include/ossl/openssl/modes.h", + "include/ossl/openssl/obj_mac.h", + "include/ossl/openssl/objects.h", + "include/ossl/openssl/objectserr.h", + "include/ossl/openssl/ocsp.h", + "include/ossl/openssl/ocsperr.h", + "include/ossl/openssl/opensslconf.h", + "include/ossl/openssl/opensslv.h", + "include/ossl/openssl/ossl_typ.h", + "include/ossl/openssl/param_build.h", + "include/ossl/openssl/params.h", + "include/ossl/openssl/pem.h", + "include/ossl/openssl/pem2.h", + "include/ossl/openssl/pemerr.h", + "include/ossl/openssl/pkcs12.h", + "include/ossl/openssl/pkcs12err.h", + "include/ossl/openssl/pkcs7.h", + "include/ossl/openssl/pkcs7err.h", + "include/ossl/openssl/provider.h", + "include/ossl/openssl/prov_ssl.h", + "include/ossl/openssl/rand.h", + "include/ossl/openssl/randerr.h", + "include/ossl/openssl/rc2.h", + "include/ossl/openssl/rc4.h", + "include/ossl/openssl/rc5.h", + "include/ossl/openssl/ripemd.h", + "include/ossl/openssl/rsa.h", + "include/ossl/openssl/rsaerr.h", + "include/ossl/openssl/safestack.h", + "include/ossl/openssl/seed.h", + "include/ossl/openssl/self_test.h", + "include/ossl/openssl/sha.h", + "include/ossl/openssl/srp.h", + "include/ossl/openssl/srtp.h", + "include/ossl/openssl/ssl.h", + "include/ossl/openssl/ssl2.h", + "include/ossl/openssl/ssl3.h", + "include/ossl/openssl/sslerr.h", + "include/ossl/openssl/sslerr_legacy.h", + "include/ossl/openssl/stack.h", + "include/ossl/openssl/store.h", + "include/ossl/openssl/storeerr.h", + "include/ossl/openssl/symhacks.h", + "include/ossl/openssl/tls1.h", + "include/ossl/openssl/ts.h", + "include/ossl/openssl/tserr.h", + "include/ossl/openssl/trace.h", + "include/ossl/openssl/txt_db.h", + "include/ossl/openssl/ui.h", + "include/ossl/openssl/uierr.h", + "include/ossl/openssl/whrlpool.h", + "include/ossl/openssl/x509.h", + "include/ossl/openssl/x509_vfy.h", + "include/ossl/openssl/x509err.h", + "include/ossl/openssl/x509v3.h", + "include/ossl/openssl/x509v3err.h", + ], + cmd = """ \ + LD_LIBRARY_PATH=/opt/llvm/lib/ \ + $(location //bssl-compat/prefixer:prefixer) \ + --src-path /opt/openssl3.0/include/ \ + --src-incl "openssl/*.h" \ + --src-skip openssl/asn1_mac.h \ + --src-skip "openssl/opensslconf-*.h" \ + --relative-incl \ + --verbose \ + --output $(RULEDIR) \ + --prefix ossl \ + """, +) + + +genrule( + name = "bssl_gen_crypto_headers", + tools = [ + "//bssl-compat:tools/uncomment.sh", + "//bssl-compat:tools/generate.h.sh", + ], + srcs = glob([ + "third_party/boringssl/src/crypto/**/*.h", + "patch/**", + ]), + outs = [ + "source/crypto/asn1/internal.h", + "source/crypto/bio/internal.h", + "source/crypto/bytestring/internal.h", + "source/crypto/chacha/internal.h", + "source/crypto/cipher_extra/internal.h", + ##"source/crypto/conf/conf_def.h", + "source/crypto/conf/internal.h", + "source/crypto/cpu_arm_linux.h", + "source/crypto/curve25519/curve25519_tables.h", + "source/crypto/curve25519/internal.h", + "source/crypto/des/internal.h", + "source/crypto/dsa/internal.h", + "source/crypto/ec_extra/internal.h", + "source/crypto/err/internal.h", + "source/crypto/evp/internal.h", + "source/crypto/fipsmodule/aes/internal.h", + "source/crypto/fipsmodule/bn/internal.h", + "source/crypto/fipsmodule/bn/rsaz_exp.h", + "source/crypto/fipsmodule/cipher/internal.h", + "source/crypto/fipsmodule/delocate.h", + "source/crypto/fipsmodule/dh/internal.h", + "source/crypto/fipsmodule/digest/internal.h", + "source/crypto/fipsmodule/digest/md32_common.h", + "source/crypto/fipsmodule/ec/internal.h", + "source/crypto/fipsmodule/ec/p256-nistz-table.h", + "source/crypto/fipsmodule/ec/p256-nistz.h", + "source/crypto/fipsmodule/ec/p256_table.h", + "source/crypto/fipsmodule/ecdsa/internal.h", + #"source/crypto/fipsmodule/md5/internal.h", + "source/crypto/fipsmodule/modes/internal.h", + #"source/crypto/fipsmodule/rand/fork_detect.h", + #"source/crypto/fipsmodule/rand/getrandom_fillin.h", + "source/crypto/fipsmodule/rand/internal.h", + "source/crypto/fipsmodule/rsa/internal.h", + "source/crypto/fipsmodule/service_indicator/internal.h", + "source/crypto/fipsmodule/sha/internal.h", + "source/crypto/fipsmodule/tls/internal.h", + "source/crypto/hrss/internal.h", + "source/crypto/internal.h", + "source/crypto/lhash/internal.h", + "source/crypto/obj/obj_dat.h", + "source/crypto/pkcs7/internal.h", + "source/crypto/pkcs8/internal.h", + "source/crypto/poly1305/internal.h", + "source/crypto/pool/internal.h", + "source/crypto/test/abi_test.h", + "source/crypto/test/file_test.h", + "source/crypto/test/gtest_main.h", + "source/crypto/test/test_util.h", + "source/crypto/test/wycheproof_util.h", + "source/crypto/trust_token/internal.h", + "source/crypto/x509/internal.h", + #"source/crypto/x509v3/ext_dat.h", + #"source/crypto/x509v3/internal.h", + ], + cmd = """ + #!/bin/bash + for header in $(SRCS); do + if [[ "$$header" != *"/patch/"* ]]; then + dest_file=`echo "$$header" | sed 's|.*/src/|source/|'` + $(location //bssl-compat:tools/generate.h.sh) $(location //bssl-compat:tools/uncomment.sh) $$header $$dest_file $(RULEDIR) `dirname $(location //bssl-compat:patch/bazel.file)` + fi + done + """, # TODO: the condition in cmd does not work + visibility = ["//visibility:public"], +) + +genrule( + name = "bssl_gen_headers", + tools = [ + "//bssl-compat:tools/uncomment.sh", + "//bssl-compat:tools/generate.h.sh", + ], + srcs = glob([ + "third_party/boringssl/src/include/openssl/*.h", + "patch/**", + ]), + outs = [ + "include/openssl/aead.h", + "include/openssl/aes.h", + "include/openssl/arm_arch.h", + "include/openssl/asn1.h", + "include/openssl/asn1_mac.h", + "include/openssl/asn1t.h", + "include/openssl/base64.h", + "include/openssl/base.h", + "include/openssl/bcm_public.h", + "include/openssl/bio.h", + "include/openssl/blake2.h", + "include/openssl/blowfish.h", + "include/openssl/bn.h", + "include/openssl/buffer.h", + "include/openssl/buf.h", + "include/openssl/bytestring.h", + "include/openssl/cast.h", + "include/openssl/chacha.h", + "include/openssl/cipher.h", + "include/openssl/cmac.h", + "include/openssl/conf.h", + "include/openssl/cpu.h", + "include/openssl/crypto.h", + "include/openssl/curve25519.h", + "include/openssl/des.h", + "include/openssl/dh.h", + "include/openssl/digest.h", + "include/openssl/dsa.h", + "include/openssl/dtls1.h", + "include/openssl/ecdh.h", + "include/openssl/ecdsa.h", + "include/openssl/ec.h", + "include/openssl/ec_key.h", + "include/openssl/engine.h", + "include/openssl/e_os2.h", + "include/openssl/err.h", + "include/openssl/evp_errors.h", + "include/openssl/evp.h", + "include/openssl/ex_data.h", + "include/openssl/hkdf.h", + "include/openssl/hmac.h", + "include/openssl/hpke.h", + "include/openssl/hrss.h", + "include/openssl/is_boringssl.h", + "include/openssl/kdf.h", + "include/openssl/lhash.h", + "include/openssl/md4.h", + "include/openssl/md5.h", + "include/openssl/mem.h", + "include/openssl/nid.h", + "include/openssl/objects.h", + "include/openssl/obj.h", + "include/openssl/obj_mac.h", + "include/openssl/opensslconf.h", + "include/openssl/opensslv.h", + "include/openssl/ossl_typ.h", + "include/openssl/pem.h", + "include/openssl/pkcs12.h", + "include/openssl/pkcs7.h", + "include/openssl/pkcs8.h", + "include/openssl/poly1305.h", + "include/openssl/pool.h", + "include/openssl/rand.h", + "include/openssl/rc4.h", + "include/openssl/ripemd.h", + "include/openssl/rsa.h", + "include/openssl/safestack.h", + "include/openssl/service_indicator.h", + "include/openssl/sha.h", + "include/openssl/siphash.h", + "include/openssl/span.h", + "include/openssl/srtp.h", + "include/openssl/ssl3.h", + "include/openssl/ssl.h", + "include/openssl/stack.h", + "include/openssl/target.h", + "include/openssl/thread.h", + "include/openssl/tls1.h", + "include/openssl/trust_token.h", + "include/openssl/type_check.h", + "include/openssl/x509.h", + "include/openssl/x509v3.h", + "include/openssl/x509v3_errors.h", + "include/openssl/x509_vfy.h", + ], + cmd = """ + #!/bin/bash + for header in $(SRCS); do + if [[ "$$header" != *"/patch/"* ]]; then + $(location //bssl-compat:tools/generate.h.sh) $(location //bssl-compat:tools/uncomment.sh) $$header "$${header#*/src/}" $(RULEDIR) `dirname $(location //bssl-compat:patch/bazel.file)` + fi + done + """, + visibility = ["//visibility:public"], +) + +genrule( + name = "bssl_gen_crypto_sources", + tools = [ + "//bssl-compat:bssl_gen_crypto_headers", + "//bssl-compat:tools/generate.h.sh", + "//bssl-compat:tools/uncomment.sh", + ], + srcs = glob([ + "third_party/boringssl/src/crypto/mem.c", + "third_party/boringssl/src/crypto/bytestring/cbs.c", + "third_party/boringssl/src/crypto/bytestring/cbb.c", + "third_party/boringssl/src/ssl/ssl_x509.cc", + "patch/**", + ]), + outs = [ + "source/crypto/mem.c", + "source/crypto/bytestring/cbs.c", + "source/crypto/bytestring/cbb.c", + "source/ssl/ssl_x509.cc", + ], + cmd = """ + #!/bin/bash + set -x + for c_file in $(SRCS); do + if [[ "$$c_file" != *"/patch/"* ]]; then + dest_file=`echo "$$c_file" | sed 's|.*/src/|source/|'` + $(location //bssl-compat:tools/generate.h.sh) $(location //bssl-compat:tools/uncomment.sh) $$c_file $$dest_file $(RULEDIR) `dirname $(location //bssl-compat:patch/bazel.file)` + fi + done + """, + visibility = ["//visibility:public"], +) +genrule( + name = "bssl_gen_sources", + tools = [ + "//bssl-compat:bssl_gen_headers", + "//bssl-compat:tools/generate.c.sh", + ], + srcs = glob([ + "third_party/boringssl/src/include/**", + "patch/**", + ]), + outs = [ + "source/ASN1_IA5STRING_free.c", + "source/ASN1_IA5STRING_new.c", + "source/ASN1_INTEGER_free.c", + "source/ASN1_INTEGER_new.c", + "source/ASN1_INTEGER_to_BN.c", + "source/ASN1_OBJECT_free.c", + "source/ASN1_STRING_data.c", + "source/ASN1_STRING_free.c", + "source/ASN1_STRING_get0_data.c", + "source/ASN1_STRING_length.c", + "source/ASN1_STRING_set.c", + "source/ASN1_STRING_to_UTF8.c", + "source/ASN1_TIME_adj.c", + "source/ASN1_TIME_diff.c", + "source/ASN1_TIME_new.c", + "source/ASN1_TIME_set.c", + "source/BIO_clear_flags.c", + "source/BIO_clear_retry_flags.c", + "source/BIO_ctrl.c", + "source/BIO_ctrl_get_read_request.c", + "source/BIO_ctrl_get_write_guarantee.c", + "source/BIO_get_data.c", + "source/BIO_get_init.c", + "source/BIO_get_mem_ptr.c", + "source/BIO_get_shutdown.c", + "source/BIO_new_connect.c", + "source/BIO_new_mem_buf.c", + "source/BIO_puts.c", + "source/BIO_read.c", + "source/BIO_reset.c", + "source/BIO_get_mem_data.c", + "source/BIO_set_data.c", + "source/BIO_set_init.c", + "source/BIO_set_mem_eof_return.c", + "source/BIO_set_retry_read.c", + "source/BIO_set_retry_write.c", + "source/BIO_set_shutdown.c", + "source/BIO_should_read.c", + "source/BIO_should_retry.c", + "source/BIO_should_write.c", + "source/BIO_shutdown_wr.c", + "source/BIO_up_ref.c", + "source/BIO_free_all.c", + "source/BIO_write.c", + "source/BN_add_word.c", + "source/BN_dup.c", + "source/BN_free.c", + "source/BN_hex2bn.c", + "source/BN_new.c", + "source/BN_num_bits.c", + "source/BN_set_word.c", + "source/BN_ucmp.c", + "source/CRYPTO_memcmp.c", + "source/d2i_PKCS12_bio.c", + "source/d2i_SSL_SESSION.c", + "source/d2i_X509.c", + "source/DTLS_method.c", + "source/EC_GROUP_get_curve_name.c", + "source/EC_GROUP_get_degree.c", + "source/EC_GROUP_get0_order.c", + "source/EC_KEY_new_by_curve_name.c", + "source/EC_KEY_free.c", + "source/EC_KEY_get0_group.c", + "source/ECDSA_size.c", + "source/ECDSA_SIG_free.c", + "source/ECDSA_SIG_get0.c", + "source/ECDSA_SIG_new.c", + "source/ECDSA_SIG_set0.c", + "source/ERR_clear_error.c", + "source/ERR_print_errors.c", + "source/ERR_print_errors_fp.c", + "source/ERR_put_error.c", + "source/EVP_aes_256_cbc.c", + "source/EVP_aes_128_gcm.c", + "source/EVP_aes_256_gcm.c", + "source/EVP_CIPHER_CTX_free.c", + "source/EVP_CIPHER_CTX_new.c", + "source/EVP_CIPHER_CTX_ctrl.c", + "source/EVP_CIPHER_block_size.c", + "source/EVP_CIPHER_iv_length.c", + "source/EVP_CIPHER_key_length.c", + "source/EVP_DecryptFinal_ex.c", + "source/EVP_DecryptInit_ex.c", + "source/EVP_DecryptUpdate.c", + "source/EVP_DigestFinal.c", + "source/EVP_DigestFinal_ex.c", + "source/EVP_DigestInit.c", + "source/EVP_DigestInit_ex.c", + "source/EVP_DigestSignInit.c", + "source/EVP_DigestSignUpdate.c", + "source/EVP_DigestUpdate.c", + "source/EVP_DigestVerify.c", + "source/EVP_DigestVerifyUpdate.c", + "source/EVP_DigestVerifyInit.c", + "source/EVP_EncryptFinal_ex.c", + "source/EVP_EncryptInit_ex.c", + "source/EVP_EncryptUpdate.c", + "source/EVP_MD_CTX_copy_ex.c", + "source/EVP_MD_CTX_create.c", + "source/EVP_MD_CTX_free.c", + "source/EVP_MD_CTX_new.c", + "source/EVP_MD_CTX_destroy.c", + "source/EVP_MD_size.c", + "source/EVP_MD_type.c", + "source/EVP_md4.c", + "source/EVP_md5.c", + "source/EVP_md5_sha1.c", + "source/EVP_PKEY_assign_EC_KEY.c", + "source/EVP_PKEY_assign_RSA.c", + "source/EVP_PKEY_cmp.c", + "source/EVP_PKEY_CTX_set_rsa_mgf1_md.c", + "source/EVP_PKEY_CTX_set_rsa_padding.c", + "source/EVP_PKEY_free.c", + "source/EVP_PKEY_up_ref.c", + "source/EVP_PKEY_get_raw_public_key.c", + "source/EVP_PKEY_new.c", + "source/EVP_PKEY_set1_RSA.c", + "source/EVP_sha1.c", + "source/EVP_sha224.c", + "source/EVP_sha256.c", + "source/EVP_sha384.c", + "source/EVP_sha512.c", + "source/GENERAL_NAME_set0_value.c", + "source/HMAC.c", + "source/HMAC_CTX_free.c", + "source/HMAC_CTX_new.c", + "source/HMAC_Final.c", + "source/HMAC_Update.c", + "source/i2d_SSL_SESSION.c", + "source/MD5.c", + "source/OBJ_txt2obj.c", + "source/OPENSSL_free.c", + "source/OPENSSL_malloc.c", + "source/OPENSSL_memdup.c", + "source/OPENSSL_realloc.c", + "source/OPENSSL_init_ssl.c", + "source/PEM_bytes_read_bio.c", + "source/PKCS12_free.c", + "source/RSA_bits.c", + "source/RSA_check_key.c", + "source/RSA_free.c", + "source/RSA_get0_crt_params.c", + "source/RSA_get0_factors.c", + "source/RSA_get0_key.c", + "source/RSA_new.c", + "source/RSA_set0_crt_params.c", + "source/RSA_set0_factors.c", + "source/RSA_set0_key.c", + "source/RSA_sign.c", + "source/RSA_size.c", + "source/RSA_verify.c", + "source/SHA1.c", + "source/SHA224.c", + "source/SHA256.c", + "source/SHA384.c", + "source/SHA512.c", + "source/SSL_accept.c", + "source/SSL_alert_desc_string_long.c", + "source/SSL_CIPHER_get_auth_nid.c", + "source/SSL_CIPHER_get_cipher_nid.c", + "source/SSL_CIPHER_get_digest_nid.c", + "source/SSL_CIPHER_get_id.c", + "source/SSL_CIPHER_get_name.c", + "source/SSL_CIPHER_standard_name.c", + "source/SSL_connect.c", + "source/SSL_CTX_add_extra_chain_cert.c", + "source/SSL_CTX_check_private_key.c", + "source/SSL_CTX_set_tmp_ecdh.c", + "source/SSL_CTX_free.c", + "source/SSL_CTX_get_cert_store.c", + "source/SSL_CTX_set_cert_store.c", + "source/SSL_CTX_get_ex_data.c", + "source/SSL_CTX_get_options.c", + "source/SSL_CTX_get_verify_mode.c", + "source/SSL_CTX_get0_certificate.c", + "source/SSL_CTX_get0_param.c", + "source/SSL_CTX_load_verify_locations.c", + "source/SSL_CTX_new.c", + "source/SSL_CTX_set_alpn_protos.c", + "source/SSL_CTX_set_cipher_list.c", + "source/SSL_CTX_set_compliance_policy", + "source/SSL_CTX_set_ex_data.c", + "source/SSL_CTX_set_max_proto_version.c", + "source/SSL_CTX_set_min_proto_version.c", + "source/SSL_CTX_set_options.c", + "source/SSL_CTX_set_session_cache_mode.c", + "source/SSL_CTX_set_session_id_context.c", + "source/SSL_CTX_set_timeout.c", + "source/SSL_CTX_set_tlsext_servername_arg.c", + "source/SSL_CTX_set1_curves_list.c", + "source/SSL_CTX_set1_sigalgs_list.c", + "source/SSL_CTX_use_certificate_chain_file.c", + "source/SSL_CTX_use_certificate_file.c", + "source/SSL_CTX_use_PrivateKey_file.c", + "source/SSL_do_handshake.c", + "source/SSL_free.c", + "source/SSL_get_certificate.c", + "source/SSL_get_current_cipher.c", + "source/SSL_get_error.c", + "source/SSL_get_ex_data.c", + "source/SSL_get_ex_data_X509_STORE_CTX_idx.c", + "source/SSL_get_peer_certificate.c", + "source/SSL_get_session.c", + "source/SSL_get_SSL_CTX.c", + "source/SSL_get_version.c", + "source/SSL_get_wbio.c", + "source/SSL_get_rbio.c", + "source/SSL_get0_alpn_selected.c", + "source/SSL_get0_next_proto_negotiated.c", + "source/SSL_get1_session.c", + "source/SSL_is_server.c", + "source/SSL_is_init_finished.c", + "source/SSL_new.c", + "source/SSL_read.c", + "source/SSL_select_next_proto.c", + "source/SSL_SESSION_free.c", + "source/SSL_SESSION_get_id.c", + "source/SSL_SESSION_is_resumable.c", + "source/SSL_session_reused.c", + "source/SSL_SESSION_set_protocol_version.c", + "source/SSL_SESSION_up_ref.c", + "source/SSL_set_accept_state.c", + "source/SSL_set_alpn_protos.c", + "source/SSL_set_bio.c", + "source/SSL_set_cipher_list.c", + "source/SSL_set_connect_state.c", + "source/SSL_set_ex_data.c", + "source/SSL_set_fd.c", + "source/SSL_set_quiet_shutdown.c", + "source/SSL_set_session.c", + "source/SSL_set_session_id_context.c", + "source/SSL_set_SSL_CTX.c", + "source/SSL_set_tlsext_host_name.c", + "source/SSL_set0_rbio.c", + "source/SSL_set0_wbio.c", + "source/SSL_set1_curves_list.c", + "source/SSL_state_string_long.c", + "source/SSL_state_string.c", + "source/SSL_shutdown.c", + "source/SSL_version.c", + "source/SSL_write.c", + "source/TLS_client_method.c", + "source/TLS_method.c", + "source/TLS_server_method.c", + "source/X509_add1_ext_i2d.c", + "source/X509_alias_get0.c", + "source/X509_cmp.c", + "source/X509_CRL_cmp.c", + "source/X509_CRL_dup.c", + "source/X509_CRL_get_issuer.c", + "source/X509_CRL_free.c", + "source/X509_CRL_up_ref.c", + "source/X509_digest.c", + "source/X509_free.c", + "source/X509_get_ext.c", + "source/X509_get_ext_by_OBJ.c", + "source/X509_get_ext_d2i.c", + "source/X509_get_extension_flags.c", + "source/X509_get_issuer_name.c", + "source/X509_get_key_usage.c", + "source/X509_get_pathlen.c", + "source/X509_get_pubkey.c", + "source/X509_get_serialNumber.c", + "source/X509_get_subject_name.c", + "source/X509_get_X509_PUBKEY.c", + "source/X509_get0_notAfter.c", + "source/X509_get0_notBefore.c", + "source/X509_getm_notAfter.c", + "source/X509_getm_notBefore.c", + "source/X509_INFO_free.c", + "source/X509_NAME_add_entry_by_txt.c", + "source/X509_NAME_cmp.c", + "source/X509_NAME_digest.c", + "source/X509_NAME_dup.c", + "source/X509_NAME_entry_count.c", + "source/X509_NAME_ENTRY_get_data.c", + "source/X509_NAME_ENTRY_set.c", + "source/X509_NAME_free.c", + "source/X509_NAME_get_entry.c", + "source/X509_NAME_get_index_by_NID.c", + "source/X509_NAME_new.c", + "source/X509_NAME_oneline.c", + "source/X509_NAME_print_ex.c", + "source/X509_new.c", + "source/X509_PUBKEY_get.c", + "source/X509_set_pubkey.c", + "source/X509_set_version.c", + "source/X509_STORE_add_cert.c", + "source/X509_STORE_add_crl.c", + "source/X509_STORE_CTX_free.c", + "source/X509_STORE_CTX_get_current_cert.c", + "source/X509_STORE_CTX_get_error.c", + "source/X509_STORE_CTX_get_error_depth.c", + "source/X509_STORE_CTX_get_ex_data.c", + "source/X509_STORE_CTX_get0_cert.c", + "source/X509_STORE_CTX_get0_param.c", + "source/X509_STORE_CTX_new.c", + "source/X509_STORE_CTX_set_default.c", + "source/X509_STORE_CTX_set_error.c", + "source/X509_STORE_CTX_set_flags.c", + "source/X509_STORE_free.c", + "source/X509_STORE_get0_param.c", + "source/X509_STORE_load_locations.c", + "source/X509_STORE_new.c", + "source/X509_STORE_up_ref.c", + "source/X509_STORE_set_flags.c", + "source/X509_STORE_set_verify_cb.c", + "source/X509_up_ref.c", + "source/X509_verify.c", + "source/X509_VERIFY_PARAM_clear_flags.c", + "source/X509_VERIFY_PARAM_get_flags.c", + "source/X509_VERIFY_PARAM_set_flags.c", + "source/X509_VERIFY_PARAM_set1.c", + + ], + cmd = """ + for c_file in $(OUTS); do + file=$${c_file##*/} + $(location tools/generate.c.sh) $${file%.c} $$c_file + done + """, + visibility = ["//visibility:public"], +) + + +cc_library( + name = "bssl-compat", + linkstatic = True, + srcs = [ + ":bssl_gen_sources", + ":bssl_gen_crypto_sources", + ":ossl_gen", + ] + glob([ + "source/*.c", + "source/*.cc", + ]), + hdrs = [ + ":ossl_gen", + ":bssl_gen_headers", + ":bssl_gen_crypto_headers", + ] + glob([ + "include/ext/openssl/*.h", + "source/*.h", + ]), + includes = [ + "include/", + "./", # because of crypto headerfiles + "source/", + ], + linkopts = [ + "-L$(GENDIR)/bssl-compat", + "-lssl", + "-lcrypto", + ], + deps = [ + "//bssl-compat:ossl_gen", + "//bssl-compat:bssl_gen_crypto_sources", + "//bssl-compat:bssl_gen_crypto_headers", + "//bssl-compat:bssl_gen_sources", + "//bssl-compat/third_party/openssl:openssl", + + ], + visibility = [ + "//visibility:public", + ] +) + alias( name = "crypto", actual = ":bssl-compat", @@ -41,3 +783,54 @@ alias( actual = ":bssl-compat", visibility = ["//visibility:public"], ) + + +####### Tests +## This library is created specifically to handle the custom compiler flag +## for err_extra.c. This is the standard Bazel pattern for applying +## options to a single file. +#cc_library( +# name = "err_extra_lib", +# srcs = ["source/extra/err_extra.c"], +# # Corresponds to: set_source_files_properties(... COMPILE_FLAGS ...) +# copts = ["-Wno-deprecated-declarations"], +#) +# +## This is the main test rule, which defines the unit test executable. +#cc_test( +# name = "utests-bssl-compat", +# # Corresponds to: add_executable(...) and target_add_bssl_source(...) +# srcs = [ +# "source/test/test_asn1.cc", +# "source/test/test_bn.cc", +# "source/test/test_cipher.cc", +# "source/test/test_crypto.cc", +# "source/test/test_ec_key.cc", +# "source/test/test_err.cc", +# "source/test/test_evp.cc", +# "source/test/test_hmac.cc", +# "source/test/test_misc.cc", +# "source/test/test_rsa.cc", +# "source/test/test_ssl.cc", +# "source/test/test_stack.cc", +# "source/test/test_x509.cc", +# "source/test/test_x509v3.cc", +# "source/test/test_pem.cc", +# "source/test/test_sha256.cc", +# # Test data copied from BoringSSL +# "source/crypto/test/crypto_test_data.c", +# # You can list your main test sources here +# # or use glob() if there are many. +# ], +# # Corresponds to: target_link_libraries(...) +# deps = [ +# ":bssl-compat", # Assumes a "bssl-compat" cc_library target exists +# ":err_extra_lib", # Depend on our special library +# "@com_google_googletest//:gtest_main", # Standard GTest dependency +# ], +# # Corresponds to: target_link_options(...) and set_target_properties(... BUILD_RPATH ...) +# linkopts = [ +# # The -Wl, prefix passes the -rpath option directly to the linker. +# "-Wl,-rpath,/usr/local/openssl-3.0.8/", +# ], +#) diff --git a/bssl-compat/patch/bazel.file b/bssl-compat/patch/bazel.file new file mode 100644 index 00000000000..e69de29bb2d diff --git a/bssl-compat/prefixer/BUILD b/bssl-compat/prefixer/BUILD new file mode 100644 index 00000000000..d9cb8a94a9b --- /dev/null +++ b/bssl-compat/prefixer/BUILD @@ -0,0 +1,19 @@ +cc_binary( + name = "prefixer", + srcs = ["prefixer.cpp"], + copts = [ + "-DLLVM_LIBRARY_DIR=\\\"/opt/llvm/lib/\\\"", + "-DLLVM_VERSION_STRING=\"18.1.0\"", + "-fno-rtti", + ], + linkopts = [ + "-lclang-cpp", + ], + includes = [ + "@clang//include", # Reference the include directory from /opt/llvm + ], + deps = [ + "@clang//:clang_lib", + ], + visibility = ["//visibility:public"], +) diff --git a/bssl-compat/prefixer/prefixer.cpp b/bssl-compat/prefixer/prefixer.cpp index 24a17dadfe9..0303881e352 100644 --- a/bssl-compat/prefixer/prefixer.cpp +++ b/bssl-compat/prefixer/prefixer.cpp @@ -25,6 +25,7 @@ namespace opt { static std::set srcskip; static std::filesystem::path output = std::filesystem::current_path(); static std::string prefix = "ossl"; + static bool relative_incl = false; static bool verbose = false; static std::vector extraIdentifiers = { @@ -442,6 +443,9 @@ void MyFrontendAction::EndSourceFileAction() { for(const auto &f : m_functions) { std::string header = f.getHeader(srcmgr); if(funcmap.find(header) == funcmap.end()) { + if (opt::relative_incl) { + header = header.substr(header.find(opt::prefix), header.length()); + } hstr << "#include \"" << header <<"\"" << std::endl; } funcmap[header].push_back(f); @@ -561,7 +565,12 @@ void MyFrontendAction::EndSourceFileAction() { std::regex regex("[a-zA-Z_][a-zA-Z0-9_]*", std::regex::basic | std::regex::optimize); opt::vstr() << "Processing " << files.size() << " files...\n"; for (auto [header, incl] : files) { - auto path = opt::incdir() / opt::prefix / header; + std::filesystem::path path; + if (header == opt::hfile() || header == opt::cfile()) { + path = header; + } else { + path = opt::incdir() / opt::prefix / header; + } std::string buffer; opt::vstr() << " - " << path << "\n"; @@ -637,6 +646,7 @@ static bool usage(int exitcode) { << " --prefix The prefix to be applied to functions, types & macros" << std::endl << " --output Output directory for generated files" << std::endl << " --verbose Print more info about what's being done" << std::endl + << " --relative-incl Include headers in .h with relative paths, starting with /." << std::endl << std::endl << "All files will be generated under the output directory as follows:" << std::endl << std::endl @@ -683,6 +693,9 @@ int main(int argc, const char **argv) { else if ((arg == "--output") && ((++i < argc) || usage(-1))) { opt::output = argv[i]; } + else if (arg == "--relative-incl") { + opt::relative_incl = true; + } else if (arg == "--verbose") { opt::verbose = true; } diff --git a/bssl-compat/third_party/openssl/BUILD b/bssl-compat/third_party/openssl/BUILD new file mode 100644 index 00000000000..aa3ffa50c26 --- /dev/null +++ b/bssl-compat/third_party/openssl/BUILD @@ -0,0 +1,21 @@ +# This BUILD file describes the system-installed OpenSSL library. +# It contains no sources, only the necessary settings for other targets to use it. +cc_library( + name = "openssl", + # This makes the headers in /usr/include available to any target + # that depends on this one. + includes = [ + "/usr/include", + ], + # These are the flags passed to the linker. + linkopts = [ + # Tells the linker to search for libraries in this specific directory. + "-L/usr/lib/x86_64-linux-gnu", + # Tells the linker to link against libssl.so (-lssl) + "-lssl", + # and libcrypto.so (-lcrypto). + "-lcrypto", + ], + # Make this target visible to your entire project. + visibility = ["//visibility:public"], +) diff --git a/bssl-compat/tools/generate.c.sh b/bssl-compat/tools/generate.c.sh index 5ae6fd77906..d0d1d05c659 100755 --- a/bssl-compat/tools/generate.c.sh +++ b/bssl-compat/tools/generate.c.sh @@ -20,9 +20,16 @@ FUNC_NAME="${1?"FUNC_NAME not specified"}" CC_FILE="${2?"CC_FILE not specified"}" -function error { - cmake -E cmake_echo_color --red "$1" - exit 1 +function error() { + printf '\033[0;31m%s\033[0m\n' "$1" >&2 + exit 1 +} + +function get_header_name() { + local hdr_file + hdr_file=$(grep -r "OPENSSL_EXPORT.*[^A-Za-z0-9_]$FUNC_NAME[ \t]*(" "$INCLUDE_DIR"/openssl/* | cut -d: -f1 || :) + [ -z "$hdr_file" ] && hdr_file=$(grep -rB 1 "$FUNC_NAME" "$INCLUDE_DIR"/openssl/ | grep -A 1 OPENSSL_EXPORT | tail -n 1 | cut -d: -f1) + echo "$hdr_file" } INCLUDE_DIR="$TOP_DIR/third_party/boringssl/src/include" @@ -31,7 +38,7 @@ INCLUDE_DIR="$TOP_DIR/third_party/boringssl/src/include" ################################################################################ # Find out which header file the function is declared in ################################################################################ -HDR_FILE=$(grep -r "OPENSSL_EXPORT.*[^A-Za-z0-9_]$FUNC_NAME[ \t]*(" $INCLUDE_DIR/openssl/* | cut -d: -f1) +HDR_FILE=$(get_header_name) if [ ! -f "$HDR_FILE" ]; then error "Failed to determine header file for $FUNC_NAME" fi diff --git a/bssl-compat/tools/generate.h.sh b/bssl-compat/tools/generate.h.sh index 8cb5a4c943b..bd69b289475 100755 --- a/bssl-compat/tools/generate.h.sh +++ b/bssl-compat/tools/generate.h.sh @@ -1,40 +1,44 @@ #!/bin/bash set -e # Quit on error -#set -x # Echo commands +# set -x # Echo commands + +BLUE='\033[0;34m' +YELLOW='\033[0;33m' +RED='\033[0;31m' +NC='\033[0m' # No Color function status { - cmake -E cmake_echo_color --blue "$1" + echo -e "${BLUE}$1${NC}" } function warn { - cmake -E cmake_echo_color --yellow "$1" + echo -e "${YELLOW}$1${NC}" } function error { - cmake -E cmake_echo_color --red "$1" - exit 1 + echo -e "${RED}$1${NC}" + exit 1 } - # # Get command line args # -CMAKE_CURRENT_SOURCE_DIR="${1?"CMAKE_CURRENT_SOURCE_DIR not specified"}" -CMAKE_CURRENT_BINARY_DIR="${2?"CMAKE_CURRENT_BINARY_DIR not specified"}" -SRC_FILE="${3?"SRC_FILE not specified"}" # e.g. crypto/err/internal.h -DST_FILE="${4?"DST_FILE not specified"}" # e.g. source/crypto/err/internal.h +UNCOMMENT_SCRIPT="${1?"UNCOMMENT_SCRIPT not specified"}" +SRC_FILE="${2?"SRC_FILE not specified"}" # e.g. crypto/err/internal.h +DST_FILE="${3?"DST_FILE not specified"}" # e.g. source/crypto/err/internal.h +DST_DIR="${4?"DST_DIR not specified"}" +PATCH_DIR="${5?"PATCH_DIR not specified"}" -SRC_DIR="$CMAKE_CURRENT_SOURCE_DIR/third_party/boringssl/src" -PATCH_DIR="$CMAKE_CURRENT_SOURCE_DIR/patch" # # Check/Ensure the inputs and outputs exist # -[[ -d "$SRC_DIR" ]] || error "SRC_DIR $SRC_DIR does not exist" -[[ -f "$SRC_DIR/$SRC_FILE" ]] || error "SRC_FILE $SRC_FILE does not exist in $SRC_DIR" -[[ -d "$PATCH_DIR" ]] || error "PATCH_DIR $PATCH_DIR does not exist" -mkdir -p "$(dirname "$CMAKE_CURRENT_BINARY_DIR/$DST_FILE")" +[ -d "${PATCH_DIR}" ] || error "PATCH_DIR $PATCH_DIR does not exist" +[ -f "${UNCOMMENT_SCRIPT}" ] || error "UNCOMMENT_SCRIPT $UNCOMMENT_SCRIPT does not exist" +[ -f "${SRC_FILE}" ] || error "SRC_FILE $SRC_FILE does not exist" +mkdir -p "$(dirname "$DST_DIR/$DST_FILE")" +mkdir -p "$(dirname "$DST_FILE")" # @@ -42,12 +46,12 @@ mkdir -p "$(dirname "$CMAKE_CURRENT_BINARY_DIR/$DST_FILE")" # ================================= # PATCH_SCRIPT="$PATCH_DIR/$DST_FILE.sh" -GEN_APPLIED_SCRIPT="$CMAKE_CURRENT_BINARY_DIR/$DST_FILE.1.applied.script" -cp "$SRC_DIR/$SRC_FILE" "$GEN_APPLIED_SCRIPT" +GEN_APPLIED_SCRIPT="$DST_FILE.1.applied.script" +cp "$SRC_FILE" "$GEN_APPLIED_SCRIPT" if [ -f "$PATCH_SCRIPT" ]; then PATH="$(dirname "$0"):$PATH" "$PATCH_SCRIPT" "$GEN_APPLIED_SCRIPT" else # Comment out the whole file contents - "$(dirname "$0")/uncomment.sh" "$GEN_APPLIED_SCRIPT" --comment + $UNCOMMENT_SCRIPT "$GEN_APPLIED_SCRIPT" --comment fi @@ -56,7 +60,7 @@ fi # ================================ # PATCH_FILE="$PATCH_DIR/$DST_FILE.patch" -GEN_APPLIED_PATCH="$CMAKE_CURRENT_BINARY_DIR/$DST_FILE.2.applied.patch" +GEN_APPLIED_PATCH="$DST_FILE.2.applied.patch" if [ -f "$PATCH_FILE" ]; then patch -s -f "$GEN_APPLIED_SCRIPT" "$PATCH_FILE" -o "$GEN_APPLIED_PATCH" else @@ -68,4 +72,4 @@ fi # Copy result to the destination # ============================== # -cp "$GEN_APPLIED_PATCH" "$CMAKE_CURRENT_BINARY_DIR/$DST_FILE" +cp "$GEN_APPLIED_PATCH" "$DST_DIR/$DST_FILE"