From 7311fb6479cb7c2526982c8405f11f958b0ec24f Mon Sep 17 00:00:00 2001
From: code4lala <fengziteng2@huawei.com>
Date: Mon, 29 May 2023 17:37:50 +0800
Subject: [PATCH] add liblegacy into libcrypto

Signed-off-by: code4lala <fengziteng2@huawei.com>
---
 BUILD.gn                            | 39 +++++++++++++++++++++++++++++
 make_openssl_build_all_generated.sh | 21 +++++++++++++++-
 2 files changed, 59 insertions(+), 1 deletion(-)

diff --git a/BUILD.gn b/BUILD.gn
index 3fc6ebbd9f..d50b7ab412 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -121,6 +121,7 @@ libcrypto_build_all_generated_darwin64_x86_64_cc_sources = [
   "${openssl_selected_platform_full_path}/crypto/sha/sha512-x86_64.s",
   "${openssl_selected_platform_full_path}/crypto/whrlpool/wp-x86_64.s",
   "${openssl_selected_platform_full_path}/crypto/x86_64cpuid.s",
+  "${openssl_selected_platform_full_path}/engines/e_padlock-x86_64.s",
 ]
 libcrypto_build_all_generated_darwin64_arm64_cc_sources = [
   "${openssl_selected_platform_full_path}/crypto/aes/aesv8-armx.S",
@@ -169,6 +170,7 @@ libcrypto_build_all_generated_linux_x86_64_sources = [
   "${openssl_selected_platform_full_path}/crypto/sha/sha512-x86_64.s",
   "${openssl_selected_platform_full_path}/crypto/whrlpool/wp-x86_64.s",
   "${openssl_selected_platform_full_path}/crypto/x86_64cpuid.s",
+  "${openssl_selected_platform_full_path}/engines/e_padlock-x86_64.s",
 ]
 libcrypto_build_all_generated_mingw64_sources = [
   "${openssl_selected_platform_full_path}/crypto/aes/aes-x86_64.s",
@@ -202,6 +204,7 @@ libcrypto_build_all_generated_mingw64_sources = [
   "${openssl_selected_platform_full_path}/crypto/sha/sha512-x86_64.s",
   "${openssl_selected_platform_full_path}/crypto/whrlpool/wp-x86_64.s",
   "${openssl_selected_platform_full_path}/crypto/x86_64cpuid.s",
+  "${openssl_selected_platform_full_path}/engines/e_padlock-x86_64.s",
 ]
 
 libcrypto_build_all_generated_selected_platform_sources = []
@@ -341,6 +344,7 @@ crypto_config_common_cflags = [
   "-DENGINESDIR=\"\"",
   "-DMODULESDIR=\"\"",
   "-DOPENSSLDIR=\"\"",
+  "-DSTATIC_LEGACY",
 ]
 
 crypto_config_linux_armv4_cflags = [
@@ -392,6 +396,7 @@ crypto_config_darwin64_x86_64_cc_cflags = [
   "-DOPENSSL_BN_ASM_GF2m",
   "-DOPENSSL_BN_ASM_MONT",
   "-DOPENSSL_BN_ASM_MONT5",
+  "-DPADLOCK_ASM",
   "-DPOLY1305_ASM",
   "-DSHA1_ASM",
   "-DSHA256_ASM",
@@ -434,6 +439,7 @@ crypto_config_linux_x86_64_cflags = [
   "-DOPENSSL_BN_ASM_GF2m",
   "-DOPENSSL_BN_ASM_MONT",
   "-DOPENSSL_BN_ASM_MONT5",
+  "-DPADLOCK_ASM",
   "-DPOLY1305_ASM",
   "-DSHA1_ASM",
   "-DSHA256_ASM",
@@ -462,6 +468,7 @@ crypto_config_mingw64_cflags = [
   "-DOPENSSL_BN_ASM_GF2m",
   "-DOPENSSL_BN_ASM_MONT",
   "-DOPENSSL_BN_ASM_MONT5",
+  "-DPADLOCK_ASM",
   "-DPOLY1305_ASM",
   "-DSHA1_ASM",
   "-DSHA256_ASM",
@@ -645,6 +652,31 @@ libdefault_common_sources = [
   "ssl/s3_cbc.c",
 ]
 
+liblegacy_sources = [
+  "providers/implementations/ciphers/cipher_blowfish.c",
+  "providers/implementations/ciphers/cipher_blowfish_hw.c",
+  "providers/implementations/ciphers/cipher_cast5.c",
+  "providers/implementations/ciphers/cipher_cast5_hw.c",
+  "providers/implementations/ciphers/cipher_des.c",
+  "providers/implementations/ciphers/cipher_des_hw.c",
+  "providers/implementations/ciphers/cipher_desx.c",
+  "providers/implementations/ciphers/cipher_desx_hw.c",
+  "providers/implementations/ciphers/cipher_idea.c",
+  "providers/implementations/ciphers/cipher_idea_hw.c",
+  "providers/implementations/ciphers/cipher_rc2.c",
+  "providers/implementations/ciphers/cipher_rc2_hw.c",
+  "providers/implementations/ciphers/cipher_rc4.c",
+  "providers/implementations/ciphers/cipher_rc4_hmac_md5.c",
+  "providers/implementations/ciphers/cipher_rc4_hmac_md5_hw.c",
+  "providers/implementations/ciphers/cipher_rc4_hw.c",
+  "providers/implementations/ciphers/cipher_seed.c",
+  "providers/implementations/ciphers/cipher_seed_hw.c",
+  "providers/implementations/digests/md4_prov.c",
+  "providers/implementations/digests/mdc2_prov.c",
+  "providers/implementations/digests/wp_prov.c",
+  "providers/implementations/kdfs/pbkdf1.c",
+]
+
 ohos_source_set("crypto_source") {
   subsystem_name = "thirdparty"
   part_name = "openssl"
@@ -1373,8 +1405,11 @@ ohos_source_set("crypto_source") {
     "crypto/x509/x_req.c",
     "crypto/x509/x_x509.c",
     "crypto/x509/x_x509a.c",
+    "engines/e_capi.c",
+    "engines/e_padlock.c",
     "providers/baseprov.c",
     "providers/defltprov.c",
+    "providers/legacyprov.c",
     "providers/nullprov.c",
     "providers/prov_running.c",
   ]
@@ -1383,6 +1418,7 @@ ohos_source_set("crypto_source") {
   sources += libdefault_common_sources
   sources += libdefault_build_all_generated_selected_platform_sources
   sources += libcrypto_build_all_generated_selected_platform_sources
+  sources += liblegacy_sources
 
   if (openssl_selected_platform == "linux-armv4") {
     sources += [
@@ -1394,6 +1430,7 @@ ohos_source_set("crypto_source") {
       "crypto/rc4/rc4_enc.c",
       "crypto/rc4/rc4_skey.c",
       "crypto/whrlpool/wp_block.c",
+      "engines/e_afalg.c",
     ]
   } else if (openssl_selected_platform == "linux-aarch64") {
     sources += [
@@ -1406,6 +1443,7 @@ ohos_source_set("crypto_source") {
       "crypto/rc4/rc4_enc.c",
       "crypto/rc4/rc4_skey.c",
       "crypto/whrlpool/wp_block.c",
+      "engines/e_afalg.c",
     ]
   } else if (openssl_selected_platform == "darwin64-x86_64-cc") {
     sources += [
@@ -1430,6 +1468,7 @@ ohos_source_set("crypto_source") {
       "crypto/bn/asm/x86_64-gcc.c",
       "crypto/bn/rsaz_exp.c",
       "crypto/bn/rsaz_exp_x2.c",
+      "engines/e_afalg.c",
     ]
   } else if (openssl_selected_platform == "mingw64") {
     sources += [
diff --git a/make_openssl_build_all_generated.sh b/make_openssl_build_all_generated.sh
index 75cd02be37..21310a170c 100755
--- a/make_openssl_build_all_generated.sh
+++ b/make_openssl_build_all_generated.sh
@@ -23,7 +23,26 @@ pushd ${build_all_generated_path}
     rm -rf ./openssl
     cp -r ${openssl_source_path} openssl
     pushd openssl
-        ./Configure ${openssl_selected_platform}
+        # https://github.com/openssl/openssl/issues/20112#issuecomment-1400388204
+        # no-shared will disable building shared libcrypto and libssl libraries.
+        # But the legacy provider would still be built as a shared module.
+        # So you would need the legacy shared module present on the installed
+        # system and the paths would have to be correct.
+        # You can use no-module to make the legacy provider built-in.
+
+        # https://github.com/openssl/openssl/issues/17679#issue-1130060263
+        # Is there a way to build a static version of openssl3, including the "legacy" OSSL_PROVIDER?
+        # https://github.com/openssl/openssl/issues/17679#issuecomment-1034949099
+        # Configure with no-shared no-module. The legacy provider is then part of libcrypto.a.
+        # You still need to "load" it via OSSL_PROVIDER_load() - but no .so file is required in that case.
+
+        # https://github.com/openssl/openssl/issues/19368#issuecomment-1274558844
+        # no-shared affects the building of libcrypto*.dll and libssl*.dll,
+        # not dynamically loadable modules (which are governed by the configuration option no-module / enable-module,
+        # which is enabled by default).
+        configure_cmd="./Configure ${openssl_selected_platform} no-shared no-module"
+        echo $configure_cmd
+        $configure_cmd
         make build_all_generated -j256 >/dev/null 2>&1
     popd
     # https://stackoverflow.com/questions/11325123/how-to-compare-two-directories-using-diff-while-ignoring-non-existing-files
-- 
GitLab