未验证 提交 3c8bdf06 编写于 作者: O openharmony_ci 提交者: Gitee

!120 add ohos_executable openssl, Out of Tree Builds, add openssl.cnf,...

!120 add ohos_executable openssl, Out of Tree Builds, add  openssl.cnf, UnsafeLegacyRenegotiation, load legacy provider
Merge pull request !120 from code4lala/master
...@@ -273,6 +273,10 @@ action("openssl_build_all_generated") { ...@@ -273,6 +273,10 @@ action("openssl_build_all_generated") {
outputs += libcommon_build_all_generated_selected_platform_sources outputs += libcommon_build_all_generated_selected_platform_sources
outputs += libdefault_build_all_generated_selected_platform_sources outputs += libdefault_build_all_generated_selected_platform_sources
outputs += libcrypto_build_all_generated_selected_platform_sources outputs += libcrypto_build_all_generated_selected_platform_sources
outputs += [ "${openssl_selected_platform_full_path}/apps/progs.c" ]
if (openssl_selected_platform == "mingw64") {
outputs += [ "${openssl_selected_platform_full_path}/apps/openssl.rc" ]
}
} }
openssl_internal_cflags = [ openssl_internal_cflags = [
...@@ -335,6 +339,13 @@ crypto_config_common_public_include_dirs = [ ...@@ -335,6 +339,13 @@ crypto_config_common_public_include_dirs = [
"${openssl_selected_platform_full_path}/include", "${openssl_selected_platform_full_path}/include",
] ]
# located at /system/etc/
ohos_prebuilt_etc("openssl.cnf") {
source = "open_harmony_openssl_config/openssl.cnf"
subsystem_name = "thirdparty"
part_name = "openssl"
}
crypto_config_common_cflags = [ crypto_config_common_cflags = [
"-Wa,--noexecstack", "-Wa,--noexecstack",
"-DNDEBUG", "-DNDEBUG",
...@@ -343,7 +354,10 @@ crypto_config_common_cflags = [ ...@@ -343,7 +354,10 @@ crypto_config_common_cflags = [
"-DOPENSSL_PIC", "-DOPENSSL_PIC",
"-DENGINESDIR=\"\"", "-DENGINESDIR=\"\"",
"-DMODULESDIR=\"\"", "-DMODULESDIR=\"\"",
"-DOPENSSLDIR=\"\"",
# to locate openssl.cnf
"-DOPENSSLDIR=\"/system/etc\"",
"-DSTATIC_LEGACY", "-DSTATIC_LEGACY",
] ]
...@@ -1519,7 +1533,10 @@ if (is_mingw || is_mac) { ...@@ -1519,7 +1533,10 @@ if (is_mingw || is_mac) {
} }
ohos_shared_library("libcrypto_shared") { ohos_shared_library("libcrypto_shared") {
deps = [ ":crypto_source" ] deps = [
":crypto_source",
":openssl.cnf",
]
output_name = "libcrypto_openssl" output_name = "libcrypto_openssl"
subsystem_name = "thirdparty" subsystem_name = "thirdparty"
part_name = "openssl" part_name = "openssl"
...@@ -1632,6 +1649,7 @@ ohos_static_library("libssl_static") { ...@@ -1632,6 +1649,7 @@ ohos_static_library("libssl_static") {
ohos_shared_library("libssl_shared") { ohos_shared_library("libssl_shared") {
deps = [ deps = [
":libcrypto_shared", ":libcrypto_shared",
":openssl.cnf",
":ssl_source", ":ssl_source",
] ]
...@@ -1652,3 +1670,104 @@ ohos_shared_library("libssl_shared") { ...@@ -1652,3 +1670,104 @@ ohos_shared_library("libssl_shared") {
"updater", "updater",
] ]
} }
ohos_static_library("libapps") {
sources = [
"apps/lib/app_libctx.c",
"apps/lib/app_params.c",
"apps/lib/app_provider.c",
"apps/lib/app_rand.c",
"apps/lib/app_x509.c",
"apps/lib/apps.c",
"apps/lib/apps_ui.c",
"apps/lib/columns.c",
"apps/lib/engine.c",
"apps/lib/engine_loader.c",
"apps/lib/fmt.c",
"apps/lib/http_server.c",
"apps/lib/names.c",
"apps/lib/opt.c",
"apps/lib/s_cb.c",
"apps/lib/s_socket.c",
"apps/lib/tlssrp_depr.c",
]
if (openssl_selected_platform == "mingw64") {
sources += [ "apps/lib/win32_init.c" ]
}
subsystem_name = "thirdparty"
part_name = "openssl"
configs = [ ":crypto_config_private" ]
}
ohos_executable("openssl") {
sources = [
"${openssl_selected_platform_full_path}/apps/progs.c",
"apps/asn1parse.c",
"apps/ca.c",
"apps/ciphers.c",
"apps/cmp.c",
"apps/cms.c",
"apps/crl.c",
"apps/crl2pkcs7.c",
"apps/dgst.c",
"apps/dhparam.c",
"apps/dsa.c",
"apps/dsaparam.c",
"apps/ec.c",
"apps/ecparam.c",
"apps/enc.c",
"apps/engine.c",
"apps/errstr.c",
"apps/fipsinstall.c",
"apps/gendsa.c",
"apps/genpkey.c",
"apps/genrsa.c",
"apps/info.c",
"apps/kdf.c",
"apps/lib/cmp_mock_srv.c",
"apps/list.c",
"apps/mac.c",
"apps/nseq.c",
"apps/ocsp.c",
"apps/openssl.c",
"apps/passwd.c",
"apps/pkcs12.c",
"apps/pkcs7.c",
"apps/pkcs8.c",
"apps/pkey.c",
"apps/pkeyparam.c",
"apps/pkeyutl.c",
"apps/prime.c",
"apps/rand.c",
"apps/rehash.c",
"apps/req.c",
"apps/rsa.c",
"apps/rsautl.c",
"apps/s_client.c",
"apps/s_server.c",
"apps/s_time.c",
"apps/sess_id.c",
"apps/smime.c",
"apps/speed.c",
"apps/spkac.c",
"apps/srp.c",
"apps/storeutl.c",
"apps/ts.c",
"apps/verify.c",
"apps/version.c",
"apps/x509.c",
]
if (openssl_selected_platform == "mingw64") {
sources += [ "${openssl_selected_platform_full_path}/apps/openssl.rc" ]
}
deps = [
":libapps",
":libcrypto_shared",
":libssl_shared",
":openssl.cnf",
":openssl_build_all_generated",
]
subsystem_name = "thirdparty"
part_name = "openssl"
configs = [ ":crypto_config_private" ]
}
...@@ -17,7 +17,9 @@ ...@@ -17,7 +17,9 @@
"subsystem": "thirdparty", "subsystem": "thirdparty",
"syscap": [], "syscap": [],
"features": [], "features": [],
"adapted_system_type": [], "adapted_system_type": [
"standard"
],
"rom": "", "rom": "",
"ram": "", "ram": "",
"deps": { "deps": {
...@@ -25,7 +27,9 @@ ...@@ -25,7 +27,9 @@
"third_party": [] "third_party": []
}, },
"build": { "build": {
"sub_component": [], "sub_component": [
"//third_party/openssl:openssl"
],
"inner_kits": [], "inner_kits": [],
"test": [] "test": []
} }
......
...@@ -17,12 +17,13 @@ pwd # out/target_name ...@@ -17,12 +17,13 @@ pwd # out/target_name
openssl_source_path="$1" openssl_source_path="$1"
build_all_generated_path="$2" build_all_generated_path="$2"
openssl_selected_platform="$3" openssl_selected_platform="$3"
# https://github.com/openssl/openssl/blob/master/INSTALL.md#out-of-tree-builds
# OpenSSL can be configured to build in a build directory separate from the source code directory.
# It's done by placing yourself in some other directory and invoking the configuration commands from there.
rm -rf ${build_all_generated_path}/${openssl_selected_platform} rm -rf ${build_all_generated_path}/${openssl_selected_platform}
mkdir -p ${build_all_generated_path} mkdir -p ${build_all_generated_path}/${openssl_selected_platform}
pushd ${build_all_generated_path} pushd ${build_all_generated_path}/${openssl_selected_platform}
rm -rf ./openssl
cp -r ${openssl_source_path} openssl
pushd openssl
# https://github.com/openssl/openssl/issues/20112#issuecomment-1400388204 # https://github.com/openssl/openssl/issues/20112#issuecomment-1400388204
# no-shared will disable building shared libcrypto and libssl libraries. # no-shared will disable building shared libcrypto and libssl libraries.
# But the legacy provider would still be built as a shared module. # But the legacy provider would still be built as a shared module.
...@@ -40,15 +41,8 @@ pushd ${build_all_generated_path} ...@@ -40,15 +41,8 @@ pushd ${build_all_generated_path}
# no-shared affects the building of libcrypto*.dll and libssl*.dll, # no-shared affects the building of libcrypto*.dll and libssl*.dll,
# not dynamically loadable modules (which are governed by the configuration option no-module / enable-module, # not dynamically loadable modules (which are governed by the configuration option no-module / enable-module,
# which is enabled by default). # which is enabled by default).
configure_cmd="./Configure ${openssl_selected_platform} no-shared no-module" configure_cmd="${openssl_source_path}/Configure ${openssl_selected_platform} no-shared no-module"
echo $configure_cmd echo $configure_cmd
$configure_cmd $configure_cmd
make build_all_generated -j256 >/dev/null 2>&1 make build_all_generated -j256 >/dev/null 2>&1
popd
# https://stackoverflow.com/questions/11325123/how-to-compare-two-directories-using-diff-while-ignoring-non-existing-files
LC_ALL=C diff -q -r --exclude=".git" ${openssl_source_path} openssl | sed 's#^Only in ##;s#: #/#' | tar -czf ${openssl_selected_platform}.tgz -T -
rm -rf ./openssl
tar -xf ${openssl_selected_platform}.tgz
mv openssl ${openssl_selected_platform}
rm -f ${openssl_selected_platform}.tgz
popd popd
openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
ssl_conf = ssl_conf_sect
[provider_sect]
# https://wiki.openssl.org/index.php/OpenSSL_3.0#Providers
default = default_sect
legacy = legacy_sect
[default_sect]
activate = 1
[legacy_sect]
activate = 1
[ssl_conf_sect]
system_default = ssl_conf_system_default_sect
[ssl_conf_system_default_sect]
# https://github.com/openssl/openssl/issues/21200
# https://www.openssl.org/docs/manmaster/man3/SSL_CONF_cmd.html#Options
Options = UnsafeLegacyRenegotiation
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册