未验证 提交 3c8bdf06 编写于 作者: O openharmony_ci 提交者: Gitee

!120 add ohos_executable openssl, Out of Tree Builds, add openssl.cnf,...

!120 add ohos_executable openssl, Out of Tree Builds, add  openssl.cnf, UnsafeLegacyRenegotiation, load legacy provider
Merge pull request !120 from code4lala/master
......@@ -273,6 +273,10 @@ action("openssl_build_all_generated") {
outputs += libcommon_build_all_generated_selected_platform_sources
outputs += libdefault_build_all_generated_selected_platform_sources
outputs += libcrypto_build_all_generated_selected_platform_sources
outputs += [ "${openssl_selected_platform_full_path}/apps/progs.c" ]
if (openssl_selected_platform == "mingw64") {
outputs += [ "${openssl_selected_platform_full_path}/apps/openssl.rc" ]
}
}
openssl_internal_cflags = [
......@@ -335,6 +339,13 @@ crypto_config_common_public_include_dirs = [
"${openssl_selected_platform_full_path}/include",
]
# located at /system/etc/
ohos_prebuilt_etc("openssl.cnf") {
source = "open_harmony_openssl_config/openssl.cnf"
subsystem_name = "thirdparty"
part_name = "openssl"
}
crypto_config_common_cflags = [
"-Wa,--noexecstack",
"-DNDEBUG",
......@@ -343,7 +354,10 @@ crypto_config_common_cflags = [
"-DOPENSSL_PIC",
"-DENGINESDIR=\"\"",
"-DMODULESDIR=\"\"",
"-DOPENSSLDIR=\"\"",
# to locate openssl.cnf
"-DOPENSSLDIR=\"/system/etc\"",
"-DSTATIC_LEGACY",
]
......@@ -1519,7 +1533,10 @@ if (is_mingw || is_mac) {
}
ohos_shared_library("libcrypto_shared") {
deps = [ ":crypto_source" ]
deps = [
":crypto_source",
":openssl.cnf",
]
output_name = "libcrypto_openssl"
subsystem_name = "thirdparty"
part_name = "openssl"
......@@ -1632,6 +1649,7 @@ ohos_static_library("libssl_static") {
ohos_shared_library("libssl_shared") {
deps = [
":libcrypto_shared",
":openssl.cnf",
":ssl_source",
]
......@@ -1652,3 +1670,104 @@ ohos_shared_library("libssl_shared") {
"updater",
]
}
ohos_static_library("libapps") {
sources = [
"apps/lib/app_libctx.c",
"apps/lib/app_params.c",
"apps/lib/app_provider.c",
"apps/lib/app_rand.c",
"apps/lib/app_x509.c",
"apps/lib/apps.c",
"apps/lib/apps_ui.c",
"apps/lib/columns.c",
"apps/lib/engine.c",
"apps/lib/engine_loader.c",
"apps/lib/fmt.c",
"apps/lib/http_server.c",
"apps/lib/names.c",
"apps/lib/opt.c",
"apps/lib/s_cb.c",
"apps/lib/s_socket.c",
"apps/lib/tlssrp_depr.c",
]
if (openssl_selected_platform == "mingw64") {
sources += [ "apps/lib/win32_init.c" ]
}
subsystem_name = "thirdparty"
part_name = "openssl"
configs = [ ":crypto_config_private" ]
}
ohos_executable("openssl") {
sources = [
"${openssl_selected_platform_full_path}/apps/progs.c",
"apps/asn1parse.c",
"apps/ca.c",
"apps/ciphers.c",
"apps/cmp.c",
"apps/cms.c",
"apps/crl.c",
"apps/crl2pkcs7.c",
"apps/dgst.c",
"apps/dhparam.c",
"apps/dsa.c",
"apps/dsaparam.c",
"apps/ec.c",
"apps/ecparam.c",
"apps/enc.c",
"apps/engine.c",
"apps/errstr.c",
"apps/fipsinstall.c",
"apps/gendsa.c",
"apps/genpkey.c",
"apps/genrsa.c",
"apps/info.c",
"apps/kdf.c",
"apps/lib/cmp_mock_srv.c",
"apps/list.c",
"apps/mac.c",
"apps/nseq.c",
"apps/ocsp.c",
"apps/openssl.c",
"apps/passwd.c",
"apps/pkcs12.c",
"apps/pkcs7.c",
"apps/pkcs8.c",
"apps/pkey.c",
"apps/pkeyparam.c",
"apps/pkeyutl.c",
"apps/prime.c",
"apps/rand.c",
"apps/rehash.c",
"apps/req.c",
"apps/rsa.c",
"apps/rsautl.c",
"apps/s_client.c",
"apps/s_server.c",
"apps/s_time.c",
"apps/sess_id.c",
"apps/smime.c",
"apps/speed.c",
"apps/spkac.c",
"apps/srp.c",
"apps/storeutl.c",
"apps/ts.c",
"apps/verify.c",
"apps/version.c",
"apps/x509.c",
]
if (openssl_selected_platform == "mingw64") {
sources += [ "${openssl_selected_platform_full_path}/apps/openssl.rc" ]
}
deps = [
":libapps",
":libcrypto_shared",
":libssl_shared",
":openssl.cnf",
":openssl_build_all_generated",
]
subsystem_name = "thirdparty"
part_name = "openssl"
configs = [ ":crypto_config_private" ]
}
......@@ -17,7 +17,9 @@
"subsystem": "thirdparty",
"syscap": [],
"features": [],
"adapted_system_type": [],
"adapted_system_type": [
"standard"
],
"rom": "",
"ram": "",
"deps": {
......@@ -25,9 +27,11 @@
"third_party": []
},
"build": {
"sub_component": [],
"sub_component": [
"//third_party/openssl:openssl"
],
"inner_kits": [],
"test": []
}
}
}
\ No newline at end of file
}
......@@ -17,38 +17,32 @@ pwd # out/target_name
openssl_source_path="$1"
build_all_generated_path="$2"
openssl_selected_platform="$3"
# https://github.com/openssl/openssl/blob/master/INSTALL.md#out-of-tree-builds
# OpenSSL can be configured to build in a build directory separate from the source code directory.
# It's done by placing yourself in some other directory and invoking the configuration commands from there.
rm -rf ${build_all_generated_path}/${openssl_selected_platform}
mkdir -p ${build_all_generated_path}
pushd ${build_all_generated_path}
rm -rf ./openssl
cp -r ${openssl_source_path} openssl
pushd openssl
# https://github.com/openssl/openssl/issues/20112#issuecomment-1400388204
# no-shared will disable building shared libcrypto and libssl libraries.
# But the legacy provider would still be built as a shared module.
# So you would need the legacy shared module present on the installed
# system and the paths would have to be correct.
# You can use no-module to make the legacy provider built-in.
mkdir -p ${build_all_generated_path}/${openssl_selected_platform}
pushd ${build_all_generated_path}/${openssl_selected_platform}
# https://github.com/openssl/openssl/issues/20112#issuecomment-1400388204
# no-shared will disable building shared libcrypto and libssl libraries.
# But the legacy provider would still be built as a shared module.
# So you would need the legacy shared module present on the installed
# system and the paths would have to be correct.
# You can use no-module to make the legacy provider built-in.
# https://github.com/openssl/openssl/issues/17679#issue-1130060263
# Is there a way to build a static version of openssl3, including the "legacy" OSSL_PROVIDER?
# https://github.com/openssl/openssl/issues/17679#issuecomment-1034949099
# Configure with no-shared no-module. The legacy provider is then part of libcrypto.a.
# You still need to "load" it via OSSL_PROVIDER_load() - but no .so file is required in that case.
# https://github.com/openssl/openssl/issues/17679#issue-1130060263
# Is there a way to build a static version of openssl3, including the "legacy" OSSL_PROVIDER?
# https://github.com/openssl/openssl/issues/17679#issuecomment-1034949099
# Configure with no-shared no-module. The legacy provider is then part of libcrypto.a.
# You still need to "load" it via OSSL_PROVIDER_load() - but no .so file is required in that case.
# https://github.com/openssl/openssl/issues/19368#issuecomment-1274558844
# no-shared affects the building of libcrypto*.dll and libssl*.dll,
# not dynamically loadable modules (which are governed by the configuration option no-module / enable-module,
# which is enabled by default).
configure_cmd="./Configure ${openssl_selected_platform} no-shared no-module"
echo $configure_cmd
$configure_cmd
make build_all_generated -j256 >/dev/null 2>&1
popd
# https://stackoverflow.com/questions/11325123/how-to-compare-two-directories-using-diff-while-ignoring-non-existing-files
LC_ALL=C diff -q -r --exclude=".git" ${openssl_source_path} openssl | sed 's#^Only in ##;s#: #/#' | tar -czf ${openssl_selected_platform}.tgz -T -
rm -rf ./openssl
tar -xf ${openssl_selected_platform}.tgz
mv openssl ${openssl_selected_platform}
rm -f ${openssl_selected_platform}.tgz
# https://github.com/openssl/openssl/issues/19368#issuecomment-1274558844
# no-shared affects the building of libcrypto*.dll and libssl*.dll,
# not dynamically loadable modules (which are governed by the configuration option no-module / enable-module,
# which is enabled by default).
configure_cmd="${openssl_source_path}/Configure ${openssl_selected_platform} no-shared no-module"
echo $configure_cmd
$configure_cmd
make build_all_generated -j256 >/dev/null 2>&1
popd
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
ssl_conf = ssl_conf_sect
[provider_sect]
# https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers
default = default_sect
legacy = legacy_sect
[default_sect]
activate = 1
[legacy_sect]
activate = 1
[ssl_conf_sect]
system_default = ssl_conf_system_default_sect
[ssl_conf_system_default_sect]
# https://github.com/openssl/openssl/issues/21200
# https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#Options
Options = UnsafeLegacyRenegotiation
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册