From 1be75d57569b3e3e9a533b14aeac93f8549009c2 Mon Sep 17 00:00:00 2001 From: Zuzana Miklankova Date: Wed, 6 Aug 2025 15:00:27 +0200 Subject: [PATCH 1/5] move from 1.28 Signed-off-by: Zuzana Miklankova --- BUILD.boringssl | 82 ++++ BUILD.llvm | 23 + BUILD.openssl | 13 + WORKSPACE | 12 + bssl-compat/BUILD | 839 +++++++++++++++++++++++++++++++- bssl-compat/patch/bazel.file | 0 bssl-compat/prefixer/BUILD | 19 + bssl-compat/tools/generate.h.sh | 46 +- 8 files changed, 996 insertions(+), 38 deletions(-) create mode 100644 BUILD.boringssl create mode 100644 BUILD.llvm create mode 100644 BUILD.openssl create mode 100644 bssl-compat/patch/bazel.file create mode 100644 bssl-compat/prefixer/BUILD diff --git a/BUILD.boringssl b/BUILD.boringssl new file mode 100644 index 00000000000..6cad7cd2309 --- /dev/null +++ b/BUILD.boringssl @@ -0,0 +1,82 @@ +load("@rules_cc//cc:defs.bzl", "cc_library") + +licenses(["notice"]) # Apache 2 + +cc_library( + name = "headers", + hdrs = [ + "include/openssl/aead.h", + "include/openssl/aes.h", + "include/openssl/arm_arch.h", + "include/openssl/asn1.h", + "include/openssl/asn1_mac.h", + "include/openssl/asn1t.h", + "include/openssl/base64.h", + "include/openssl/base.h", + "include/openssl/bio.h", + "include/openssl/blake2.h", + "include/openssl/blowfish.h", + "include/openssl/bn.h", + "include/openssl/buffer.h", + "include/openssl/buf.h", + "include/openssl/bytestring.h", + "include/openssl/cast.h", + "include/openssl/chacha.h", + "include/openssl/cipher.h", + "include/openssl/cmac.h", + "include/openssl/conf.h", + "include/openssl/cpu.h", + "include/openssl/crypto.h", + "include/openssl/curve25519.h", + "include/openssl/des.h", + "include/openssl/dh.h", + "include/openssl/digest.h", + "include/openssl/dsa.h", + "include/openssl/dtls1.h", + "include/openssl/ecdh.h", + "include/openssl/ecdsa.h", + "include/openssl/ec.h", + "include/openssl/ec_key.h", + "include/openssl/engine.h", + "include/openssl/e_os2.h", + "include/openssl/err.h", + "include/openssl/evp_errors.h", + "include/openssl/evp.h", + "include/openssl/ex_data.h", + "include/openssl/hkdf.h", + "include/openssl/hmac.h", + "include/openssl/hpke.h", + "include/openssl/hrss.h", + "include/openssl/is_boringssl.h", + "include/openssl/kdf.h", + "include/openssl/lhash.h", + "include/openssl/md4.h", + "include/openssl/md5.h", + "include/openssl/mem.h", + "include/openssl/nid.h", + "include/openssl/objects.h", + "include/openssl/obj.h", + "include/openssl/obj_mac.h", + "include/openssl/opensslconf.h", + "include/openssl/opensslv.h", + "include/openssl/ossl_typ.h", + "include/openssl/pem.h", + "include/openssl/pkcs12.h", + "include/openssl/pkcs7.h", + "include/openssl/pkcs8.h", + "include/openssl/poly1305.h", + "include/openssl/pool.h", + "include/openssl/rand.h", + "include/openssl/rc4.h", + "include/openssl/ripemd.h", + "include/openssl/rsa.h", + "include/openssl/safestack.h", + "include/openssl/service_indicator.h", + "include/openssl/sha.h", + "include/openssl/siphash.h", + "include/openssl/span.h", + "include/openssl/srtp.h", + ], + includes = ["include"], + visibility = ["//visibility:public"], +) diff --git a/BUILD.llvm b/BUILD.llvm new file mode 100644 index 00000000000..85718f60632 --- /dev/null +++ b/BUILD.llvm @@ -0,0 +1,23 @@ +load("@rules_cc//cc:defs.bzl", "cc_library") + +licenses(["notice"]) # Apache 2 + +cc_library( + name = "clang_lib", + hdrs = glob([ + "include/**/*", + ]), + srcs = [ + "lib/libclang-cpp.so", + "lib/libclang-cpp.so.14", + "lib/libclang.so.13", + "lib/libclangAST.a", + "lib/libclangFrontend.a", + "lib/libclangTooling.a", + "lib/libclangBasic.a", + "lib/libclangLex.a", + ], + includes = ["include"], + linkopts = ["-Llib", "-lclang"], + visibility = ["//visibility:public"], +) diff --git a/BUILD.openssl b/BUILD.openssl new file mode 100644 index 00000000000..514696f147f --- /dev/null +++ b/BUILD.openssl @@ -0,0 +1,13 @@ +load("@rules_cc//cc:defs.bzl", "cc_library") + +licenses(["notice"]) # Apache 2 + +cc_library( + name = "openssl-lib", + srcs = [ + "lib64/libcrypto.so", + "lib64/libssl.so", + ], + linkstatic = False, + visibility = ["//visibility:public"], +) diff --git a/WORKSPACE b/WORKSPACE index 5ba82ccdeec..0c6c61f5776 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -36,3 +36,15 @@ envoy_dependency_imports() load("//bazel:dependency_imports_extra.bzl", "envoy_dependency_imports_extra") envoy_dependency_imports_extra() + +#new_local_repository( +# name = "openssl", +# path = "/usr/local/openssl-3.0.8", +# build_file = "BUILD.openssl", +#) +new_local_repository( + name = "clang", + path = "/opt/llvm/", + build_file = "BUILD.llvm" +) + diff --git a/bssl-compat/BUILD b/bssl-compat/BUILD index b022908f184..e175d7f96df 100644 --- a/bssl-compat/BUILD +++ b/bssl-compat/BUILD @@ -1,22 +1,15 @@ -load("@rules_foreign_cc//foreign_cc:defs.bzl", "cmake") - -filegroup( - name = "srcs", - srcs = glob(["**"]), -) - licenses(["notice"]) # Apache 2 -cmake( - name = "bssl-compat", - lib_source = ":srcs", - out_shared_libs = [], - out_static_libs = ["libbssl-compat.a"], - visibility = ["//visibility:public"], - generate_crosstool_file = False, - out_binaries = ["utests-bssl-compat"], - build_args = [ "-j" ] -) +#cmake( +# name = "bssl-compat", +# lib_source = ":srcs", +# out_shared_libs = [], +# out_static_libs = ["libbssl-compat.a"], +# visibility = ["//visibility:public"], +# generate_crosstool_file = False, +# out_binaries = ["utests-bssl-compat"], +# build_args = [ "-j" ] +#) filegroup( name = "bssl-compat-utests-bssl-compat", @@ -30,6 +23,767 @@ sh_test( srcs = [":bssl-compat-utests-bssl-compat"], ) + +load( + "//bazel:envoy_build_system.bzl", + "envoy_cc_library", + "envoy_package", +) + +envoy_package() + +genrule( + name = "ossl_gen", + srcs = [ + "@clang//:clang_lib" + ], + tools = [ + "//bssl-compat/prefixer:prefixer", + ], + outs = [ + "source/ossl.c", + "include/ossl.h", + "include/ossl/openssl/types.h", + "include/ossl/openssl/aes.h", + "include/ossl/openssl/asn1.h", + "include/ossl/openssl/asn1_mac.h", + "include/ossl/openssl/asn1err.h", + "include/ossl/openssl/asn1t.h", + "include/ossl/openssl/async.h", + "include/ossl/openssl/asyncerr.h", + "include/ossl/openssl/bio.h", + "include/ossl/openssl/bioerr.h", + "include/ossl/openssl/blowfish.h", + "include/ossl/openssl/bn.h", + "include/ossl/openssl/bnerr.h", + "include/ossl/openssl/buffer.h", + "include/ossl/openssl/buffererr.h", + "include/ossl/openssl/camellia.h", + "include/ossl/openssl/cast.h", + "include/ossl/openssl/cmac.h", + "include/ossl/openssl/cmp.h", + "include/ossl/openssl/cmperr.h", + "include/ossl/openssl/cmp_util.h", + "include/ossl/openssl/cms.h", + "include/ossl/openssl/cmserr.h", + "include/ossl/openssl/comp.h", + "include/ossl/openssl/comperr.h", + "include/ossl/openssl/conf.h", + "include/ossl/openssl/conf_api.h", + "include/ossl/openssl/conferr.h", + "include/ossl/openssl/configuration.h", + "include/ossl/openssl/conftypes.h", + "include/ossl/openssl/core.h", + "include/ossl/openssl/core_dispatch.h", + "include/ossl/openssl/crmf.h", + "include/ossl/openssl/crmferr.h", + "include/ossl/openssl/crypto.h", + "include/ossl/openssl/cryptoerr.h", + "include/ossl/openssl/cryptoerr_legacy.h", + "include/ossl/openssl/ct.h", + "include/ossl/openssl/cterr.h", + "include/ossl/openssl/decoder.h", + "include/ossl/openssl/decodererr.h", + "include/ossl/openssl/des.h", + "include/ossl/openssl/dh.h", + "include/ossl/openssl/dherr.h", + "include/ossl/openssl/dsa.h", + "include/ossl/openssl/dsaerr.h", + "include/ossl/openssl/dtls1.h", + "include/ossl/openssl/e_os2.h", + "include/ossl/openssl/ebcdic.h", + "include/ossl/openssl/ec.h", + "include/ossl/openssl/ecdh.h", + "include/ossl/openssl/ecdsa.h", + "include/ossl/openssl/ecerr.h", + "include/ossl/openssl/encoder.h", + "include/ossl/openssl/encodererr.h", + "include/ossl/openssl/engine.h", + "include/ossl/openssl/engineerr.h", + "include/ossl/openssl/err.h", + "include/ossl/openssl/evp.h", + "include/ossl/openssl/evperr.h", + "include/ossl/openssl/ess.h", + "include/ossl/openssl/esserr.h", + "include/ossl/openssl/hmac.h", + "include/ossl/openssl/http.h", + "include/ossl/openssl/idea.h", + "include/ossl/openssl/kdf.h", + "include/ossl/openssl/kdferr.h", + "include/ossl/openssl/lhash.h", + "include/ossl/openssl/macros.h", + "include/ossl/openssl/md2.h", + "include/ossl/openssl/md4.h", + "include/ossl/openssl/md5.h", + "include/ossl/openssl/mdc2.h", + "include/ossl/openssl/modes.h", + "include/ossl/openssl/obj_mac.h", + "include/ossl/openssl/objects.h", + "include/ossl/openssl/objectserr.h", + "include/ossl/openssl/ocsp.h", + "include/ossl/openssl/ocsperr.h", + "include/ossl/openssl/opensslconf.h", + "include/ossl/openssl/opensslv.h", + "include/ossl/openssl/ossl_typ.h", + "include/ossl/openssl/param_build.h", + "include/ossl/openssl/params.h", + "include/ossl/openssl/pem.h", + "include/ossl/openssl/pem2.h", + "include/ossl/openssl/pemerr.h", + "include/ossl/openssl/pkcs12.h", + "include/ossl/openssl/pkcs12err.h", + "include/ossl/openssl/pkcs7.h", + "include/ossl/openssl/pkcs7err.h", + "include/ossl/openssl/provider.h", + "include/ossl/openssl/prov_ssl.h", + "include/ossl/openssl/rand.h", + "include/ossl/openssl/randerr.h", + "include/ossl/openssl/rc2.h", + "include/ossl/openssl/rc4.h", + "include/ossl/openssl/rc5.h", + "include/ossl/openssl/ripemd.h", + "include/ossl/openssl/rsa.h", + "include/ossl/openssl/rsaerr.h", + "include/ossl/openssl/safestack.h", + "include/ossl/openssl/seed.h", + "include/ossl/openssl/self_test.h", + "include/ossl/openssl/sha.h", + "include/ossl/openssl/srp.h", + "include/ossl/openssl/srtp.h", + "include/ossl/openssl/ssl.h", + "include/ossl/openssl/ssl2.h", + "include/ossl/openssl/ssl3.h", + "include/ossl/openssl/sslerr.h", + "include/ossl/openssl/sslerr_legacy.h", + "include/ossl/openssl/stack.h", + "include/ossl/openssl/store.h", + "include/ossl/openssl/storeerr.h", + "include/ossl/openssl/symhacks.h", + "include/ossl/openssl/tls1.h", + "include/ossl/openssl/ts.h", + "include/ossl/openssl/tserr.h", + "include/ossl/openssl/trace.h", + "include/ossl/openssl/txt_db.h", + "include/ossl/openssl/ui.h", + "include/ossl/openssl/uierr.h", + "include/ossl/openssl/whrlpool.h", + "include/ossl/openssl/x509.h", + "include/ossl/openssl/x509_vfy.h", + "include/ossl/openssl/x509err.h", + "include/ossl/openssl/x509v3.h", + "include/ossl/openssl/x509v3err.h", + ], + cmd = """ \ + LD_LIBRARY_PATH=/opt/llvm/lib/ \ + $(location //bssl-compat/prefixer:prefixer) \ + --src-path /usr/local/openssl-3.0.8/include/ \ + --src-incl "openssl/*.h" \ + --src-skip openssl/asn1_mac.h \ + --src-skip "openssl/opensslconf-*.h" \ + --relative-incl \ + --verbose \ + --output $(RULEDIR) \ + --prefix ossl \ + """, +) + + +genrule( + name = "bssl_gen_crypto_headers", + tools = [ + "//bssl-compat:tools/uncomment.sh", + "//bssl-compat:tools/generate.h.sh", + ], + srcs = glob([ + "third_party/boringssl/src/crypto/**/*.h", + "patch/**", + ]), + outs = [ + "source/crypto/asn1/internal.h", + "source/crypto/bio/internal.h", + "source/crypto/bytestring/internal.h", + "source/crypto/chacha/internal.h", + "source/crypto/cipher_extra/internal.h", + "source/crypto/conf/conf_def.h", + "source/crypto/conf/internal.h", + "source/crypto/cpu_arm_linux.h", + "source/crypto/curve25519/curve25519_tables.h", + "source/crypto/curve25519/internal.h", + "source/crypto/des/internal.h", + "source/crypto/dsa/internal.h", + "source/crypto/ec_extra/internal.h", + "source/crypto/err/internal.h", + "source/crypto/evp/internal.h", + "source/crypto/fipsmodule/aes/internal.h", + "source/crypto/fipsmodule/bn/internal.h", + "source/crypto/fipsmodule/bn/rsaz_exp.h", + "source/crypto/fipsmodule/cipher/internal.h", + "source/crypto/fipsmodule/delocate.h", + "source/crypto/fipsmodule/dh/internal.h", + "source/crypto/fipsmodule/digest/internal.h", + "source/crypto/fipsmodule/digest/md32_common.h", + "source/crypto/fipsmodule/ec/internal.h", + "source/crypto/fipsmodule/ec/p256-nistz-table.h", + "source/crypto/fipsmodule/ec/p256-nistz.h", + "source/crypto/fipsmodule/ec/p256_table.h", + "source/crypto/fipsmodule/ecdsa/internal.h", + "source/crypto/fipsmodule/md5/internal.h", + "source/crypto/fipsmodule/modes/internal.h", + "source/crypto/fipsmodule/rand/fork_detect.h", + "source/crypto/fipsmodule/rand/getrandom_fillin.h", + "source/crypto/fipsmodule/rand/internal.h", + "source/crypto/fipsmodule/rsa/internal.h", + "source/crypto/fipsmodule/service_indicator/internal.h", + "source/crypto/fipsmodule/sha/internal.h", + "source/crypto/fipsmodule/tls/internal.h", + "source/crypto/hrss/internal.h", + "source/crypto/internal.h", + "source/crypto/lhash/internal.h", + "source/crypto/obj/obj_dat.h", + "source/crypto/pkcs7/internal.h", + "source/crypto/pkcs8/internal.h", + "source/crypto/poly1305/internal.h", + "source/crypto/pool/internal.h", + "source/crypto/test/abi_test.h", + "source/crypto/test/file_test.h", + "source/crypto/test/gtest_main.h", + "source/crypto/test/test_util.h", + "source/crypto/test/wycheproof_util.h", + "source/crypto/trust_token/internal.h", + "source/crypto/x509/internal.h", + "source/crypto/x509v3/ext_dat.h", + "source/crypto/x509v3/internal.h", + ], + cmd = """ + #!/bin/bash + for header in $(SRCS); do + if [[ "$$header" != *"/patch/"* ]]; then + dest_file=`echo "$$header" | sed 's|.*/src/|source/|'` + $(location //bssl-compat:tools/generate.h.sh) $(location //bssl-compat:tools/uncomment.sh) $$header $$dest_file $(RULEDIR) `dirname $(location //bssl-compat:patch/bazel.file)` + fi + done + """, # TODO: the condition in cmd does not work + visibility = ["//visibility:public"], +) + +genrule( + name = "bssl_gen_headers", + tools = [ + "//bssl-compat:tools/uncomment.sh", + "//bssl-compat:tools/generate.h.sh", + ], + srcs = glob([ + "third_party/boringssl/src/include/openssl/*.h", + "patch/**", + ]), + outs = [ + "include/openssl/aead.h", + "include/openssl/aes.h", + "include/openssl/arm_arch.h", + "include/openssl/asn1.h", + "include/openssl/asn1_mac.h", + "include/openssl/asn1t.h", + "include/openssl/base64.h", + "include/openssl/base.h", + "include/openssl/bio.h", + "include/openssl/blake2.h", + "include/openssl/blowfish.h", + "include/openssl/bn.h", + "include/openssl/buffer.h", + "include/openssl/buf.h", + "include/openssl/bytestring.h", + "include/openssl/cast.h", + "include/openssl/chacha.h", + "include/openssl/cipher.h", + "include/openssl/cmac.h", + "include/openssl/conf.h", + "include/openssl/cpu.h", + "include/openssl/crypto.h", + "include/openssl/curve25519.h", + "include/openssl/des.h", + "include/openssl/dh.h", + "include/openssl/digest.h", + "include/openssl/dsa.h", + "include/openssl/dtls1.h", + "include/openssl/ecdh.h", + "include/openssl/ecdsa.h", + "include/openssl/ec.h", + "include/openssl/ec_key.h", + "include/openssl/engine.h", + "include/openssl/e_os2.h", + "include/openssl/err.h", + "include/openssl/evp_errors.h", + "include/openssl/evp.h", + "include/openssl/ex_data.h", + "include/openssl/hkdf.h", + "include/openssl/hmac.h", + "include/openssl/hpke.h", + "include/openssl/hrss.h", + "include/openssl/is_boringssl.h", + "include/openssl/kdf.h", + "include/openssl/lhash.h", + "include/openssl/md4.h", + "include/openssl/md5.h", + "include/openssl/mem.h", + "include/openssl/nid.h", + "include/openssl/objects.h", + "include/openssl/obj.h", + "include/openssl/obj_mac.h", + "include/openssl/opensslconf.h", + "include/openssl/opensslv.h", + "include/openssl/ossl_typ.h", + "include/openssl/pem.h", + "include/openssl/pkcs12.h", + "include/openssl/pkcs7.h", + "include/openssl/pkcs8.h", + "include/openssl/poly1305.h", + "include/openssl/pool.h", + "include/openssl/rand.h", + "include/openssl/rc4.h", + "include/openssl/ripemd.h", + "include/openssl/rsa.h", + "include/openssl/safestack.h", + "include/openssl/service_indicator.h", + "include/openssl/sha.h", + "include/openssl/siphash.h", + "include/openssl/span.h", + "include/openssl/srtp.h", + "include/openssl/ssl3.h", + "include/openssl/ssl.h", + "include/openssl/stack.h", + "include/openssl/thread.h", + "include/openssl/tls1.h", + "include/openssl/trust_token.h", + "include/openssl/type_check.h", + "include/openssl/x509.h", + "include/openssl/x509v3.h", + "include/openssl/x509_vfy.h", + ], + cmd = """ + #!/bin/bash + for header in $(SRCS); do + if [[ "$$header" != *"/patch/"* ]]; then + $(location //bssl-compat:tools/generate.h.sh) $(location //bssl-compat:tools/uncomment.sh) $$header "$${header#*/src/}" $(RULEDIR) `dirname $(location //bssl-compat:patch/bazel.file)` + fi + done + """, + visibility = ["//visibility:public"], +) + +genrule( + name = "bssl_gen_crypto_sources", + tools = [ + "//bssl-compat:bssl_gen_crypto_headers", + "//bssl-compat:tools/generate.h.sh", + "//bssl-compat:tools/uncomment.sh", + ], + srcs = glob([ + "third_party/boringssl/src/crypto/mem.c", + "third_party/boringssl/src/crypto/bytestring/cbs.c", + "third_party/boringssl/src/crypto/bytestring/cbb.c", + "third_party/boringssl/src/ssl/ssl_x509.cc", + "patch/**", + ]), + outs = [ + "source/crypto/mem.c", + "source/crypto/bytestring/cbs.c", + "source/crypto/bytestring/cbb.c", + "source/ssl/ssl_x509.cc", + ], + cmd = """ + #!/bin/bash + set -x + for c_file in $(SRCS); do + if [[ "$$c_file" != *"/patch/"* ]]; then + dest_file=`echo "$$c_file" | sed 's|.*/src/|source/|'` + $(location //bssl-compat:tools/generate.h.sh) $(location //bssl-compat:tools/uncomment.sh) $$c_file $$dest_file $(RULEDIR) `dirname $(location //bssl-compat:patch/bazel.file)` + fi + done + """, + visibility = ["//visibility:public"], +) +genrule( + name = "bssl_gen_sources", + tools = [ + "//bssl-compat:bssl_gen_headers", + "//bssl-compat:tools/generate.c.sh", + ], + srcs = glob([ + "third_party/boringssl/src/include/**", + "patch/**", + ]), + outs = [ + "source/ASN1_IA5STRING_free.c", + "source/ASN1_IA5STRING_new.c", + "source/ASN1_INTEGER_free.c", + "source/ASN1_INTEGER_new.c", + "source/ASN1_INTEGER_to_BN.c", + "source/ASN1_OBJECT_free.c", + "source/ASN1_STRING_data.c", + "source/ASN1_STRING_free.c", + "source/ASN1_STRING_get0_data.c", + "source/ASN1_STRING_length.c", + "source/ASN1_STRING_set.c", + "source/ASN1_STRING_to_UTF8.c", + "source/ASN1_TIME_adj.c", + "source/ASN1_TIME_diff.c", + "source/ASN1_TIME_new.c", + "source/ASN1_TIME_set.c", + "source/BIO_clear_flags.c", + "source/BIO_clear_retry_flags.c", + "source/BIO_ctrl.c", + "source/BIO_ctrl_get_read_request.c", + "source/BIO_ctrl_get_write_guarantee.c", + "source/BIO_get_data.c", + "source/BIO_get_init.c", + "source/BIO_get_mem_ptr.c", + "source/BIO_get_shutdown.c", + "source/BIO_new_connect.c", + "source/BIO_new_mem_buf.c", + "source/BIO_puts.c", + "source/BIO_read.c", + "source/BIO_reset.c", + "source/BIO_get_mem_data.c", + "source/BIO_set_data.c", + "source/BIO_set_init.c", + "source/BIO_set_mem_eof_return.c", + "source/BIO_set_retry_read.c", + "source/BIO_set_retry_write.c", + "source/BIO_set_shutdown.c", + "source/BIO_should_read.c", + "source/BIO_should_retry.c", + "source/BIO_should_write.c", + "source/BIO_shutdown_wr.c", + "source/BIO_up_ref.c", + "source/BIO_free_all.c", + "source/BIO_write.c", + "source/BN_add_word.c", + "source/BN_dup.c", + "source/BN_free.c", + "source/BN_hex2bn.c", + "source/BN_new.c", + "source/BN_num_bits.c", + "source/BN_set_word.c", + "source/BN_ucmp.c", + "source/CRYPTO_memcmp.c", + "source/d2i_PKCS12_bio.c", + "source/d2i_SSL_SESSION.c", + "source/d2i_X509.c", + "source/DTLS_method.c", + "source/EC_GROUP_get_curve_name.c", + "source/EC_GROUP_get_degree.c", + "source/EC_GROUP_get0_order.c", + "source/EC_KEY_new_by_curve_name.c", + "source/EC_KEY_free.c", + "source/EC_KEY_get0_group.c", + "source/ECDSA_size.c", + "source/ECDSA_SIG_free.c", + "source/ECDSA_SIG_get0.c", + "source/ECDSA_SIG_new.c", + "source/ECDSA_SIG_set0.c", + "source/ERR_clear_error.c", + "source/ERR_print_errors.c", + "source/ERR_print_errors_fp.c", + "source/ERR_put_error.c", + "source/EVP_aes_256_cbc.c", + "source/EVP_aes_128_gcm.c", + "source/EVP_aes_256_gcm.c", + "source/EVP_CIPHER_CTX_free.c", + "source/EVP_CIPHER_CTX_new.c", + "source/EVP_CIPHER_CTX_ctrl.c", + "source/EVP_CIPHER_block_size.c", + "source/EVP_CIPHER_iv_length.c", + "source/EVP_CIPHER_key_length.c", + "source/EVP_DecryptFinal_ex.c", + "source/EVP_DecryptInit_ex.c", + "source/EVP_DecryptUpdate.c", + "source/EVP_DigestFinal.c", + "source/EVP_DigestFinal_ex.c", + "source/EVP_DigestInit.c", + "source/EVP_DigestInit_ex.c", + "source/EVP_DigestSignInit.c", + "source/EVP_DigestSignUpdate.c", + "source/EVP_DigestUpdate.c", + "source/EVP_DigestVerify.c", + "source/EVP_DigestVerifyUpdate.c", + "source/EVP_DigestVerifyInit.c", + "source/EVP_EncryptFinal_ex.c", + "source/EVP_EncryptInit_ex.c", + "source/EVP_EncryptUpdate.c", + "source/EVP_MD_CTX_copy_ex.c", + "source/EVP_MD_CTX_create.c", + "source/EVP_MD_CTX_free.c", + "source/EVP_MD_CTX_new.c", + "source/EVP_MD_CTX_destroy.c", + "source/EVP_MD_size.c", + "source/EVP_MD_type.c", + "source/EVP_md4.c", + "source/EVP_md5.c", + "source/EVP_md5_sha1.c", + "source/EVP_PKEY_assign_EC_KEY.c", + "source/EVP_PKEY_assign_RSA.c", + "source/EVP_PKEY_cmp.c", + "source/EVP_PKEY_CTX_set_rsa_mgf1_md.c", + "source/EVP_PKEY_CTX_set_rsa_padding.c", + "source/EVP_PKEY_free.c", + "source/EVP_PKEY_up_ref.c", + "source/EVP_PKEY_get_raw_public_key.c", + "source/EVP_PKEY_new.c", + "source/EVP_PKEY_set1_RSA.c", + "source/EVP_sha1.c", + "source/EVP_sha224.c", + "source/EVP_sha256.c", + "source/EVP_sha384.c", + "source/EVP_sha512.c", + "source/GENERAL_NAME_set0_value.c", + "source/HMAC.c", + "source/HMAC_CTX_free.c", + "source/HMAC_CTX_new.c", + "source/HMAC_Final.c", + "source/HMAC_Update.c", + "source/i2d_SSL_SESSION.c", + "source/MD5.c", + "source/OBJ_txt2obj.c", + "source/OPENSSL_free.c", + "source/OPENSSL_malloc.c", + "source/OPENSSL_memdup.c", + "source/OPENSSL_realloc.c", + "source/OPENSSL_init_ssl.c", + "source/PEM_bytes_read_bio.c", + "source/PKCS12_free.c", + "source/RSA_bits.c", + "source/RSA_check_key.c", + "source/RSA_free.c", + "source/RSA_get0_crt_params.c", + "source/RSA_get0_factors.c", + "source/RSA_get0_key.c", + "source/RSA_new.c", + "source/RSA_set0_crt_params.c", + "source/RSA_set0_factors.c", + "source/RSA_set0_key.c", + "source/RSA_sign.c", + "source/RSA_size.c", + "source/RSA_verify.c", + "source/SHA1.c", + "source/SHA224.c", + "source/SHA256.c", + "source/SHA384.c", + "source/SHA512.c", + "source/SSL_accept.c", + "source/SSL_alert_desc_string_long.c", + "source/SSL_CIPHER_get_auth_nid.c", + "source/SSL_CIPHER_get_cipher_nid.c", + "source/SSL_CIPHER_get_digest_nid.c", + "source/SSL_CIPHER_get_id.c", + "source/SSL_CIPHER_get_name.c", + "source/SSL_CIPHER_standard_name.c", + "source/SSL_connect.c", + "source/SSL_CTX_add_extra_chain_cert.c", + "source/SSL_CTX_check_private_key.c", + "source/SSL_CTX_set_tmp_ecdh.c", + "source/SSL_get0_next_proto_negotiated.c", + "source/SSL_CTX_free.c", + "source/SSL_CTX_get_cert_store.c", + "source/SSL_CTX_set_cert_store.c", + "source/SSL_CTX_get_ex_data.c", + "source/SSL_CTX_get_options.c", + "source/SSL_CTX_get_verify_mode.c", + "source/SSL_CTX_get0_certificate.c", + "source/SSL_CTX_get0_param.c", + "source/SSL_CTX_load_verify_locations.c", + "source/SSL_CTX_new.c", + "source/SSL_CTX_set_alpn_protos.c", + "source/SSL_CTX_set_cipher_list.c", + "source/SSL_CTX_set_ex_data.c", + "source/SSL_CTX_set_max_proto_version.c", + "source/SSL_CTX_set_min_proto_version.c", + "source/SSL_CTX_set_options.c", + "source/SSL_CTX_set_session_cache_mode.c", + "source/SSL_CTX_set_session_id_context.c", + "source/SSL_CTX_set_timeout.c", + "source/SSL_CTX_set_tlsext_servername_arg.c", + "source/SSL_CTX_set1_curves_list.c", + "source/SSL_CTX_set1_sigalgs_list.c", + "source/SSL_CTX_use_certificate_chain_file.c", + "source/SSL_CTX_use_certificate_file.c", + "source/SSL_CTX_use_PrivateKey_file.c", + "source/SSL_do_handshake.c", + "source/SSL_free.c", + "source/SSL_get_certificate.c", + "source/SSL_get_current_cipher.c", + "source/SSL_get_error.c", + "source/SSL_get_ex_data.c", + "source/SSL_get_ex_data_X509_STORE_CTX_idx.c", + "source/SSL_get_peer_certificate.c", + "source/SSL_get_session.c", + "source/SSL_get_SSL_CTX.c", + "source/SSL_get_version.c", + "source/SSL_get_wbio.c", + "source/SSL_get_rbio.c", + "source/SSL_get0_alpn_selected.c", + "source/SSL_get1_session.c", + "source/SSL_is_server.c", + "source/SSL_is_init_finished.c", + "source/SSL_new.c", + "source/SSL_read.c", + "source/SSL_select_next_proto.c", + "source/SSL_SESSION_free.c", + "source/SSL_SESSION_get_id.c", + "source/SSL_SESSION_is_resumable.c", + "source/SSL_session_reused.c", + "source/SSL_SESSION_set_protocol_version.c", + "source/SSL_SESSION_up_ref.c", + "source/SSL_set_accept_state.c", + "source/SSL_set_alpn_protos.c", + "source/SSL_set_bio.c", + "source/SSL_set_cipher_list.c", + "source/SSL_set_connect_state.c", + "source/SSL_set_ex_data.c", + "source/SSL_set_fd.c", + "source/SSL_set_quiet_shutdown.c", + "source/SSL_set_session.c", + "source/SSL_set_session_id_context.c", + "source/SSL_set_SSL_CTX.c", + "source/SSL_set_tlsext_host_name.c", + "source/SSL_set0_rbio.c", + "source/SSL_set0_wbio.c", + "source/SSL_set1_curves_list.c", + "source/SSL_state_string_long.c", + "source/SSL_state_string.c", + "source/SSL_shutdown.c", + "source/SSL_version.c", + "source/SSL_write.c", + "source/TLS_client_method.c", + "source/TLS_method.c", + "source/TLS_server_method.c", + "source/X509_add1_ext_i2d.c", + "source/X509_alias_get0.c", + "source/X509_cmp.c", + "source/X509_CRL_cmp.c", + "source/X509_CRL_dup.c", + "source/X509_CRL_get_issuer.c", + "source/X509_CRL_free.c", + "source/X509_CRL_up_ref.c", + "source/X509_digest.c", + "source/X509_free.c", + "source/X509_get_ext.c", + "source/X509_get_ext_by_OBJ.c", + "source/X509_get_ext_d2i.c", + "source/X509_get_extension_flags.c", + "source/X509_get_issuer_name.c", + "source/X509_get_key_usage.c", + "source/X509_get_pathlen.c", + "source/X509_get_pubkey.c", + "source/X509_get_serialNumber.c", + "source/X509_get_subject_name.c", + "source/X509_get_X509_PUBKEY.c", + "source/X509_get0_notAfter.c", + "source/X509_get0_notBefore.c", + "source/X509_getm_notAfter.c", + "source/X509_getm_notBefore.c", + "source/X509_INFO_free.c", + "source/X509_NAME_add_entry_by_txt.c", + "source/X509_NAME_cmp.c", + "source/X509_NAME_digest.c", + "source/X509_NAME_dup.c", + "source/X509_NAME_entry_count.c", + "source/X509_NAME_ENTRY_get_data.c", + "source/X509_NAME_ENTRY_set.c", + "source/X509_NAME_free.c", + "source/X509_NAME_get_entry.c", + "source/X509_NAME_get_index_by_NID.c", + "source/X509_NAME_new.c", + "source/X509_NAME_oneline.c", + "source/X509_NAME_print_ex.c", + "source/X509_new.c", + "source/X509_PUBKEY_get.c", + "source/X509_set_pubkey.c", + "source/X509_set_version.c", + "source/X509_STORE_add_cert.c", + "source/X509_STORE_add_crl.c", + "source/X509_STORE_CTX_free.c", + "source/X509_STORE_CTX_get_current_cert.c", + "source/X509_STORE_CTX_get_error.c", + "source/X509_STORE_CTX_get_error_depth.c", + "source/X509_STORE_CTX_get_ex_data.c", + "source/X509_STORE_CTX_get0_cert.c", + "source/X509_STORE_CTX_get0_param.c", + "source/X509_STORE_CTX_new.c", + "source/X509_STORE_CTX_set_default.c", + "source/X509_STORE_CTX_set_error.c", + "source/X509_STORE_CTX_set_flags.c", + "source/X509_STORE_free.c", + "source/X509_STORE_get0_param.c", + "source/X509_STORE_load_locations.c", + "source/X509_STORE_new.c", + "source/X509_STORE_up_ref.c", + "source/X509_STORE_set_flags.c", + "source/X509_STORE_set_get_crl.c", + "source/X509_STORE_set_check_crl.c", + "source/X509_STORE_set_verify_cb.c", + "source/X509_up_ref.c", + "source/X509_verify.c", + "source/X509_verify_cert.c", + "source/X509_VERIFY_PARAM_clear_flags.c", + "source/X509_VERIFY_PARAM_get_flags.c", + "source/X509_VERIFY_PARAM_set_flags.c", + "source/X509_VERIFY_PARAM_set1.c", + + ], + cmd = """ + for c_file in $(OUTS); do + file=$${c_file##*/} + $(location tools/generate.c.sh) $${file%.c} $$c_file + done + """, + visibility = ["//visibility:public"], +) + + +cc_library( + name = "bssl-compat", + linkstatic = True, + srcs = [ + ":bssl_gen_sources", + ":bssl_gen_crypto_sources", + ":ossl_gen", + ] + glob([ + "source/*.c", + "source/*.cc", + ]), + hdrs = [ + ":ossl_gen", + ":bssl_gen_headers", + ":bssl_gen_crypto_headers", + ] + glob([ + "include/ext/openssl/*.h", + "source/*.h", + ]), + includes = [ + "include/", + "./", # because of crypto headerfiles + "source/", + ], + linkopts = [ + "-L$(GENDIR)/bssl-compat", + "-lssl", + "-lcrypto", + ], + deps = [ + "//bssl-compat:ossl_gen", + "//bssl-compat:bssl_gen_crypto_sources", + "//bssl-compat:bssl_gen_crypto_headers", + "//bssl-compat:bssl_gen_sources", + "@openssl//:openssl-lib", + #"//bssl-compat:boringssl_ssl", + #"//bssl-compat:boringssl_crypto", + + ], + visibility = [ + "//visibility:public", + ] +) + alias( name = "crypto", actual = ":bssl-compat", @@ -41,3 +795,54 @@ alias( actual = ":bssl-compat", visibility = ["//visibility:public"], ) + + +####### Tests +## This library is created specifically to handle the custom compiler flag +## for err_extra.c. This is the standard Bazel pattern for applying +## options to a single file. +#cc_library( +# name = "err_extra_lib", +# srcs = ["source/extra/err_extra.c"], +# # Corresponds to: set_source_files_properties(... COMPILE_FLAGS ...) +# copts = ["-Wno-deprecated-declarations"], +#) +# +## This is the main test rule, which defines the unit test executable. +#cc_test( +# name = "utests-bssl-compat", +# # Corresponds to: add_executable(...) and target_add_bssl_source(...) +# srcs = [ +# "source/test/test_asn1.cc", +# "source/test/test_bn.cc", +# "source/test/test_cipher.cc", +# "source/test/test_crypto.cc", +# "source/test/test_ec_key.cc", +# "source/test/test_err.cc", +# "source/test/test_evp.cc", +# "source/test/test_hmac.cc", +# "source/test/test_misc.cc", +# "source/test/test_rsa.cc", +# "source/test/test_ssl.cc", +# "source/test/test_stack.cc", +# "source/test/test_x509.cc", +# "source/test/test_x509v3.cc", +# "source/test/test_pem.cc", +# "source/test/test_sha256.cc", +# # Test data copied from BoringSSL +# "source/crypto/test/crypto_test_data.c", +# # You can list your main test sources here +# # or use glob() if there are many. +# ], +# # Corresponds to: target_link_libraries(...) +# deps = [ +# ":bssl-compat", # Assumes a "bssl-compat" cc_library target exists +# ":err_extra_lib", # Depend on our special library +# "@com_google_googletest//:gtest_main", # Standard GTest dependency +# ], +# # Corresponds to: target_link_options(...) and set_target_properties(... BUILD_RPATH ...) +# linkopts = [ +# # The -Wl, prefix passes the -rpath option directly to the linker. +# "-Wl,-rpath,/usr/local/openssl-3.0.8/", +# ], +#) diff --git a/bssl-compat/patch/bazel.file b/bssl-compat/patch/bazel.file new file mode 100644 index 00000000000..e69de29bb2d diff --git a/bssl-compat/prefixer/BUILD b/bssl-compat/prefixer/BUILD new file mode 100644 index 00000000000..908bc413df9 --- /dev/null +++ b/bssl-compat/prefixer/BUILD @@ -0,0 +1,19 @@ +cc_binary( + name = "prefixer", + srcs = ["prefixer.cpp"], + copts = [ + "-DLLVM_LIBRARY_DIR=\\\"/opt/llvm/lib/\\\"", + "-DLLVM_VERSION_STRING=\"14.0.0\"", + "-fno-rtti", + ], + linkopts = [ + "-lclang-cpp", + ], + includes = [ + "@clang//include", # Reference the include directory from /opt/llvm + ], + deps = [ + "@clang//:clang_lib", + ], + visibility = ["//visibility:public"], +) diff --git a/bssl-compat/tools/generate.h.sh b/bssl-compat/tools/generate.h.sh index 8cb5a4c943b..bd69b289475 100755 --- a/bssl-compat/tools/generate.h.sh +++ b/bssl-compat/tools/generate.h.sh @@ -1,40 +1,44 @@ #!/bin/bash set -e # Quit on error -#set -x # Echo commands +# set -x # Echo commands + +BLUE='\033[0;34m' +YELLOW='\033[0;33m' +RED='\033[0;31m' +NC='\033[0m' # No Color function status { - cmake -E cmake_echo_color --blue "$1" + echo -e "${BLUE}$1${NC}" } function warn { - cmake -E cmake_echo_color --yellow "$1" + echo -e "${YELLOW}$1${NC}" } function error { - cmake -E cmake_echo_color --red "$1" - exit 1 + echo -e "${RED}$1${NC}" + exit 1 } - # # Get command line args # -CMAKE_CURRENT_SOURCE_DIR="${1?"CMAKE_CURRENT_SOURCE_DIR not specified"}" -CMAKE_CURRENT_BINARY_DIR="${2?"CMAKE_CURRENT_BINARY_DIR not specified"}" -SRC_FILE="${3?"SRC_FILE not specified"}" # e.g. crypto/err/internal.h -DST_FILE="${4?"DST_FILE not specified"}" # e.g. source/crypto/err/internal.h +UNCOMMENT_SCRIPT="${1?"UNCOMMENT_SCRIPT not specified"}" +SRC_FILE="${2?"SRC_FILE not specified"}" # e.g. crypto/err/internal.h +DST_FILE="${3?"DST_FILE not specified"}" # e.g. source/crypto/err/internal.h +DST_DIR="${4?"DST_DIR not specified"}" +PATCH_DIR="${5?"PATCH_DIR not specified"}" -SRC_DIR="$CMAKE_CURRENT_SOURCE_DIR/third_party/boringssl/src" -PATCH_DIR="$CMAKE_CURRENT_SOURCE_DIR/patch" # # Check/Ensure the inputs and outputs exist # -[[ -d "$SRC_DIR" ]] || error "SRC_DIR $SRC_DIR does not exist" -[[ -f "$SRC_DIR/$SRC_FILE" ]] || error "SRC_FILE $SRC_FILE does not exist in $SRC_DIR" -[[ -d "$PATCH_DIR" ]] || error "PATCH_DIR $PATCH_DIR does not exist" -mkdir -p "$(dirname "$CMAKE_CURRENT_BINARY_DIR/$DST_FILE")" +[ -d "${PATCH_DIR}" ] || error "PATCH_DIR $PATCH_DIR does not exist" +[ -f "${UNCOMMENT_SCRIPT}" ] || error "UNCOMMENT_SCRIPT $UNCOMMENT_SCRIPT does not exist" +[ -f "${SRC_FILE}" ] || error "SRC_FILE $SRC_FILE does not exist" +mkdir -p "$(dirname "$DST_DIR/$DST_FILE")" +mkdir -p "$(dirname "$DST_FILE")" # @@ -42,12 +46,12 @@ mkdir -p "$(dirname "$CMAKE_CURRENT_BINARY_DIR/$DST_FILE")" # ================================= # PATCH_SCRIPT="$PATCH_DIR/$DST_FILE.sh" -GEN_APPLIED_SCRIPT="$CMAKE_CURRENT_BINARY_DIR/$DST_FILE.1.applied.script" -cp "$SRC_DIR/$SRC_FILE" "$GEN_APPLIED_SCRIPT" +GEN_APPLIED_SCRIPT="$DST_FILE.1.applied.script" +cp "$SRC_FILE" "$GEN_APPLIED_SCRIPT" if [ -f "$PATCH_SCRIPT" ]; then PATH="$(dirname "$0"):$PATH" "$PATCH_SCRIPT" "$GEN_APPLIED_SCRIPT" else # Comment out the whole file contents - "$(dirname "$0")/uncomment.sh" "$GEN_APPLIED_SCRIPT" --comment + $UNCOMMENT_SCRIPT "$GEN_APPLIED_SCRIPT" --comment fi @@ -56,7 +60,7 @@ fi # ================================ # PATCH_FILE="$PATCH_DIR/$DST_FILE.patch" -GEN_APPLIED_PATCH="$CMAKE_CURRENT_BINARY_DIR/$DST_FILE.2.applied.patch" +GEN_APPLIED_PATCH="$DST_FILE.2.applied.patch" if [ -f "$PATCH_FILE" ]; then patch -s -f "$GEN_APPLIED_SCRIPT" "$PATCH_FILE" -o "$GEN_APPLIED_PATCH" else @@ -68,4 +72,4 @@ fi # Copy result to the destination # ============================== # -cp "$GEN_APPLIED_PATCH" "$CMAKE_CURRENT_BINARY_DIR/$DST_FILE" +cp "$GEN_APPLIED_PATCH" "$DST_DIR/$DST_FILE" From bc9222a8424d95865ab9c860a176c93d7a360558 Mon Sep 17 00:00:00 2001 From: Zuzana Miklankova Date: Wed, 6 Aug 2025 16:31:39 +0200 Subject: [PATCH 2/5] porting the bssl-compat on bazel work to 1.34 Signed-off-by: Zuzana Miklankova --- BUILD.llvm | 5 ++-- WORKSPACE | 12 ++++----- bssl-compat/BUILD | 38 +++++++++------------------ bssl-compat/prefixer/BUILD | 2 +- bssl-compat/third_party/openssl/BUILD | 21 +++++++++++++++ bssl-compat/tools/generate.c.sh | 6 ++--- 6 files changed, 46 insertions(+), 38 deletions(-) create mode 100644 bssl-compat/third_party/openssl/BUILD diff --git a/BUILD.llvm b/BUILD.llvm index 85718f60632..33d4b901a60 100644 --- a/BUILD.llvm +++ b/BUILD.llvm @@ -9,8 +9,8 @@ cc_library( ]), srcs = [ "lib/libclang-cpp.so", - "lib/libclang-cpp.so.14", - "lib/libclang.so.13", + "lib/libclang-cpp.so.18.1", + "lib/libclang.so.18.1", "lib/libclangAST.a", "lib/libclangFrontend.a", "lib/libclangTooling.a", @@ -18,6 +18,5 @@ cc_library( "lib/libclangLex.a", ], includes = ["include"], - linkopts = ["-Llib", "-lclang"], visibility = ["//visibility:public"], ) diff --git a/WORKSPACE b/WORKSPACE index 0c6c61f5776..d0740a0180f 100644 --- a/WORKSPACE +++ b/WORKSPACE @@ -37,14 +37,14 @@ load("//bazel:dependency_imports_extra.bzl", "envoy_dependency_imports_extra") envoy_dependency_imports_extra() -#new_local_repository( -# name = "openssl", -# path = "/usr/local/openssl-3.0.8", -# build_file = "BUILD.openssl", -#) +new_local_repository( + name = "openssl", + path = "/opt/openssl3.0/", + build_file = "BUILD.openssl", +) new_local_repository( name = "clang", path = "/opt/llvm/", - build_file = "BUILD.llvm" + build_file = "//:BUILD.llvm" ) diff --git a/bssl-compat/BUILD b/bssl-compat/BUILD index e175d7f96df..efaa1b0c397 100644 --- a/bssl-compat/BUILD +++ b/bssl-compat/BUILD @@ -1,16 +1,5 @@ licenses(["notice"]) # Apache 2 -#cmake( -# name = "bssl-compat", -# lib_source = ":srcs", -# out_shared_libs = [], -# out_static_libs = ["libbssl-compat.a"], -# visibility = ["//visibility:public"], -# generate_crosstool_file = False, -# out_binaries = ["utests-bssl-compat"], -# build_args = [ "-j" ] -#) - filegroup( name = "bssl-compat-utests-bssl-compat", srcs = [":bssl-compat"], @@ -176,7 +165,7 @@ genrule( cmd = """ \ LD_LIBRARY_PATH=/opt/llvm/lib/ \ $(location //bssl-compat/prefixer:prefixer) \ - --src-path /usr/local/openssl-3.0.8/include/ \ + --src-path /opt/openssl3.0/include/ \ --src-incl "openssl/*.h" \ --src-skip openssl/asn1_mac.h \ --src-skip "openssl/opensslconf-*.h" \ @@ -204,7 +193,7 @@ genrule( "source/crypto/bytestring/internal.h", "source/crypto/chacha/internal.h", "source/crypto/cipher_extra/internal.h", - "source/crypto/conf/conf_def.h", + ##"source/crypto/conf/conf_def.h", "source/crypto/conf/internal.h", "source/crypto/cpu_arm_linux.h", "source/crypto/curve25519/curve25519_tables.h", @@ -227,10 +216,10 @@ genrule( "source/crypto/fipsmodule/ec/p256-nistz.h", "source/crypto/fipsmodule/ec/p256_table.h", "source/crypto/fipsmodule/ecdsa/internal.h", - "source/crypto/fipsmodule/md5/internal.h", + #"source/crypto/fipsmodule/md5/internal.h", "source/crypto/fipsmodule/modes/internal.h", - "source/crypto/fipsmodule/rand/fork_detect.h", - "source/crypto/fipsmodule/rand/getrandom_fillin.h", + #"source/crypto/fipsmodule/rand/fork_detect.h", + #"source/crypto/fipsmodule/rand/getrandom_fillin.h", "source/crypto/fipsmodule/rand/internal.h", "source/crypto/fipsmodule/rsa/internal.h", "source/crypto/fipsmodule/service_indicator/internal.h", @@ -251,8 +240,8 @@ genrule( "source/crypto/test/wycheproof_util.h", "source/crypto/trust_token/internal.h", "source/crypto/x509/internal.h", - "source/crypto/x509v3/ext_dat.h", - "source/crypto/x509v3/internal.h", + #"source/crypto/x509v3/ext_dat.h", + #"source/crypto/x509v3/internal.h", ], cmd = """ #!/bin/bash @@ -285,6 +274,7 @@ genrule( "include/openssl/asn1t.h", "include/openssl/base64.h", "include/openssl/base.h", + "include/openssl/bcm_public.h", "include/openssl/bio.h", "include/openssl/blake2.h", "include/openssl/blowfish.h", @@ -351,12 +341,14 @@ genrule( "include/openssl/ssl3.h", "include/openssl/ssl.h", "include/openssl/stack.h", + "include/openssl/target.h", "include/openssl/thread.h", "include/openssl/tls1.h", "include/openssl/trust_token.h", "include/openssl/type_check.h", "include/openssl/x509.h", "include/openssl/x509v3.h", + "include/openssl/x509v3_errors.h", "include/openssl/x509_vfy.h", ], cmd = """ @@ -581,7 +573,6 @@ genrule( "source/SSL_CTX_add_extra_chain_cert.c", "source/SSL_CTX_check_private_key.c", "source/SSL_CTX_set_tmp_ecdh.c", - "source/SSL_get0_next_proto_negotiated.c", "source/SSL_CTX_free.c", "source/SSL_CTX_get_cert_store.c", "source/SSL_CTX_set_cert_store.c", @@ -594,6 +585,7 @@ genrule( "source/SSL_CTX_new.c", "source/SSL_CTX_set_alpn_protos.c", "source/SSL_CTX_set_cipher_list.c", + "source/SSL_CTX_set_compliance_policy", "source/SSL_CTX_set_ex_data.c", "source/SSL_CTX_set_max_proto_version.c", "source/SSL_CTX_set_min_proto_version.c", @@ -621,6 +613,7 @@ genrule( "source/SSL_get_wbio.c", "source/SSL_get_rbio.c", "source/SSL_get0_alpn_selected.c", + "source/SSL_get0_next_proto_negotiated.c", "source/SSL_get1_session.c", "source/SSL_is_server.c", "source/SSL_is_init_finished.c", @@ -718,12 +711,9 @@ genrule( "source/X509_STORE_new.c", "source/X509_STORE_up_ref.c", "source/X509_STORE_set_flags.c", - "source/X509_STORE_set_get_crl.c", - "source/X509_STORE_set_check_crl.c", "source/X509_STORE_set_verify_cb.c", "source/X509_up_ref.c", "source/X509_verify.c", - "source/X509_verify_cert.c", "source/X509_VERIFY_PARAM_clear_flags.c", "source/X509_VERIFY_PARAM_get_flags.c", "source/X509_VERIFY_PARAM_set_flags.c", @@ -774,9 +764,7 @@ cc_library( "//bssl-compat:bssl_gen_crypto_sources", "//bssl-compat:bssl_gen_crypto_headers", "//bssl-compat:bssl_gen_sources", - "@openssl//:openssl-lib", - #"//bssl-compat:boringssl_ssl", - #"//bssl-compat:boringssl_crypto", + "//bssl-compat/third_party/openssl:openssl", ], visibility = [ diff --git a/bssl-compat/prefixer/BUILD b/bssl-compat/prefixer/BUILD index 908bc413df9..d9cb8a94a9b 100644 --- a/bssl-compat/prefixer/BUILD +++ b/bssl-compat/prefixer/BUILD @@ -3,7 +3,7 @@ cc_binary( srcs = ["prefixer.cpp"], copts = [ "-DLLVM_LIBRARY_DIR=\\\"/opt/llvm/lib/\\\"", - "-DLLVM_VERSION_STRING=\"14.0.0\"", + "-DLLVM_VERSION_STRING=\"18.1.0\"", "-fno-rtti", ], linkopts = [ diff --git a/bssl-compat/third_party/openssl/BUILD b/bssl-compat/third_party/openssl/BUILD new file mode 100644 index 00000000000..aa3ffa50c26 --- /dev/null +++ b/bssl-compat/third_party/openssl/BUILD @@ -0,0 +1,21 @@ +# This BUILD file describes the system-installed OpenSSL library. +# It contains no sources, only the necessary settings for other targets to use it. +cc_library( + name = "openssl", + # This makes the headers in /usr/include available to any target + # that depends on this one. + includes = [ + "/usr/include", + ], + # These are the flags passed to the linker. + linkopts = [ + # Tells the linker to search for libraries in this specific directory. + "-L/usr/lib/x86_64-linux-gnu", + # Tells the linker to link against libssl.so (-lssl) + "-lssl", + # and libcrypto.so (-lcrypto). + "-lcrypto", + ], + # Make this target visible to your entire project. + visibility = ["//visibility:public"], +) diff --git a/bssl-compat/tools/generate.c.sh b/bssl-compat/tools/generate.c.sh index 5ae6fd77906..cc7084bdfad 100755 --- a/bssl-compat/tools/generate.c.sh +++ b/bssl-compat/tools/generate.c.sh @@ -20,9 +20,9 @@ FUNC_NAME="${1?"FUNC_NAME not specified"}" CC_FILE="${2?"CC_FILE not specified"}" -function error { - cmake -E cmake_echo_color --red "$1" - exit 1 +function error() { + printf '\033[0;31m%s\033[0m\n' "$1" >&2 + exit 1 } INCLUDE_DIR="$TOP_DIR/third_party/boringssl/src/include" From c4089112ea76db0a817b4d894440cb7d86c8ec11 Mon Sep 17 00:00:00 2001 From: Zuzana Miklankova Date: Tue, 22 Oct 2024 15:29:55 +0200 Subject: [PATCH 3/5] add relative-incl option to prefixer this fixes another problem that occured when running prefixer from bazel Signed-off-by: Zuzana Miklankova --- bssl-compat/prefixer/prefixer.cpp | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/bssl-compat/prefixer/prefixer.cpp b/bssl-compat/prefixer/prefixer.cpp index 24a17dadfe9..707f94284d8 100644 --- a/bssl-compat/prefixer/prefixer.cpp +++ b/bssl-compat/prefixer/prefixer.cpp @@ -25,6 +25,7 @@ namespace opt { static std::set srcskip; static std::filesystem::path output = std::filesystem::current_path(); static std::string prefix = "ossl"; + static bool relative_incl = false; static bool verbose = false; static std::vector extraIdentifiers = { @@ -442,6 +443,9 @@ void MyFrontendAction::EndSourceFileAction() { for(const auto &f : m_functions) { std::string header = f.getHeader(srcmgr); if(funcmap.find(header) == funcmap.end()) { + if (opt::relative_incl) { + header = header.substr(header.find(opt::prefix), header.length()); + } hstr << "#include \"" << header <<"\"" << std::endl; } funcmap[header].push_back(f); @@ -637,6 +641,7 @@ static bool usage(int exitcode) { << " --prefix The prefix to be applied to functions, types & macros" << std::endl << " --output Output directory for generated files" << std::endl << " --verbose Print more info about what's being done" << std::endl + << " --relative-incl Include headers in .h with relative paths, starting with /." << std::endl << std::endl << "All files will be generated under the output directory as follows:" << std::endl << std::endl @@ -683,6 +688,9 @@ int main(int argc, const char **argv) { else if ((arg == "--output") && ((++i < argc) || usage(-1))) { opt::output = argv[i]; } + else if (arg == "--relative-incl") { + opt::relative_incl = true; + } else if (arg == "--verbose") { opt::verbose = true; } From 520ed209643c4901ee59d70154766cdab4ef141b Mon Sep 17 00:00:00 2001 From: Zuzana Miklankova Date: Thu, 10 Oct 2024 15:57:17 +0200 Subject: [PATCH 4/5] fix prefixer to work also with relative paths for outdir --- bssl-compat/prefixer/prefixer.cpp | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/bssl-compat/prefixer/prefixer.cpp b/bssl-compat/prefixer/prefixer.cpp index 707f94284d8..0303881e352 100644 --- a/bssl-compat/prefixer/prefixer.cpp +++ b/bssl-compat/prefixer/prefixer.cpp @@ -565,7 +565,12 @@ void MyFrontendAction::EndSourceFileAction() { std::regex regex("[a-zA-Z_][a-zA-Z0-9_]*", std::regex::basic | std::regex::optimize); opt::vstr() << "Processing " << files.size() << " files...\n"; for (auto [header, incl] : files) { - auto path = opt::incdir() / opt::prefix / header; + std::filesystem::path path; + if (header == opt::hfile() || header == opt::cfile()) { + path = header; + } else { + path = opt::incdir() / opt::prefix / header; + } std::string buffer; opt::vstr() << " - " << path << "\n"; From 5e717abdd5931567c562c8a862b19826577997e3 Mon Sep 17 00:00:00 2001 From: Zuzana Miklankova Date: Mon, 1 Sep 2025 15:17:10 +0200 Subject: [PATCH 5/5] make generate.c look for function declarations spanning two lines Signed-off-by: Zuzana Miklankova --- bssl-compat/tools/generate.c.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/bssl-compat/tools/generate.c.sh b/bssl-compat/tools/generate.c.sh index cc7084bdfad..d0d1d05c659 100755 --- a/bssl-compat/tools/generate.c.sh +++ b/bssl-compat/tools/generate.c.sh @@ -25,13 +25,20 @@ function error() { exit 1 } +function get_header_name() { + local hdr_file + hdr_file=$(grep -r "OPENSSL_EXPORT.*[^A-Za-z0-9_]$FUNC_NAME[ \t]*(" "$INCLUDE_DIR"/openssl/* | cut -d: -f1 || :) + [ -z "$hdr_file" ] && hdr_file=$(grep -rB 1 "$FUNC_NAME" "$INCLUDE_DIR"/openssl/ | grep -A 1 OPENSSL_EXPORT | tail -n 1 | cut -d: -f1) + echo "$hdr_file" +} + INCLUDE_DIR="$TOP_DIR/third_party/boringssl/src/include" [[ -d "$INCLUDE_DIR" ]] || error "INCLUDE_DIR $INCLUDE_DIR does not exist" ################################################################################ # Find out which header file the function is declared in ################################################################################ -HDR_FILE=$(grep -r "OPENSSL_EXPORT.*[^A-Za-z0-9_]$FUNC_NAME[ \t]*(" $INCLUDE_DIR/openssl/* | cut -d: -f1) +HDR_FILE=$(get_header_name) if [ ! -f "$HDR_FILE" ]; then error "Failed to determine header file for $FUNC_NAME" fi