This repository has been archived by the owner on Jan 8, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathopenssl.sh
executable file
·317 lines (274 loc) · 11 KB
/
openssl.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
set -x
SOURCE_DIR=$1
TARGET=$2
PROXY_SHA=$3
if [ "$TARGET" == "RESET" ]; then
exit
fi
BUILD_OPTIONS="
build --cxxopt -D_GLIBCXX_USE_CXX11_ABI=1
build --cxxopt -DENVOY_IGNORE_GLIBCXX_USE_CXX11_ABI_ERROR=1
build --cxxopt -Wnon-virtual-dtor
build --cxxopt -Wformat
build --cxxopt -Wformat-security
build --cxxopt -Wno-error=deprecated-declarations
build --cxxopt -Wno-error=unused-variable
build --cxxopt -w
build --cxxopt -ldl
"
echo "${BUILD_OPTIONS}" >> ${SOURCE_DIR}/.bazelrc
if [ "$TARGET" == "BORINGSSL" ]; then
exit
fi
rm -rf ${SOURCE_DIR}/source/extensions/transport_sockets/tls
rm -rf ${SOURCE_DIR}/source/extensions/filters/listener/tls_inspector
rm -rf ${SOURCE_DIR}/test/extensions/transport_sockets/tls
rm -rf ${SOURCE_DIR}/test/extensions/filters/listener/tls_inspector
/usr/bin/cp -rf source/extensions/transport_sockets/tls ${SOURCE_DIR}/source/extensions/transport_sockets/
/usr/bin/cp -rf source/extensions/filters/listener/tls_inspector ${SOURCE_DIR}/source/extensions/filters/listener/
/usr/bin/cp -rf test/extensions/transport_sockets/tls ${SOURCE_DIR}/test/extensions/transport_sockets/
/usr/bin/cp -rf test/extensions/filters/listener/tls_inspector ${SOURCE_DIR}/test/extensions/filters/listener/
/usr/bin/cp -rf test/common/network/* ${SOURCE_DIR}/test/common/network/
/usr/bin/cp -rf test/integration/* ${SOURCE_DIR}/test/integration/
/usr/bin/cp openssl.BUILD ${SOURCE_DIR}
function replace_text() {
echo "Delete start pattern: ${DELETE_START_PATTERN} stop pattern: ${DELETE_STOP_PATTERN} offset: ${START_OFFSET} file: ${FILE}"
START=$(grep -nr "${DELETE_START_PATTERN}" ${SOURCE_DIR}/${FILE} | cut -d':' -f1)
if [[ START == *$'\n'* ]]; then
echo "Replace text ${DELETE_START_PATTERN} matched multiple results. Please update openssl.sh."
exit -1
fi
echo "start: ${START}"
START=$((${START} + ${START_OFFSET}))
if [[ ! -z "${DELETE_STOP_PATTERN}" ]]; then
STOP=$(tail --lines=+${START} ${SOURCE_DIR}/${FILE} | grep -nr "${DELETE_STOP_PATTERN}" - | cut -d':' -f1 | head -1)
CUT=$((${START} + ${STOP} - 1))
else
CUT=$((${START}))
fi
CUT_TEXT=$(sed -n "${START},${CUT} p" ${SOURCE_DIR}/${FILE})
sed -i "${START},${CUT} d" ${SOURCE_DIR}/${FILE}
echo "Cut text: ${CUT_TEXT}"
if [[ ! -z "${ADD_TEXT}" ]]; then
ex -s -c "${START}i|${ADD_TEXT}" -c x ${SOURCE_DIR}/${FILE}
fi
}
FILE="bazel/repository_locations.bzl"
DELETE_START_PATTERN="boringssl = dict("
DELETE_STOP_PATTERN="),"
START_OFFSET="0"
ADD_TEXT=" #EXTERNAL OPENSSL
bssl_wrapper = dict(
sha256 = \"81a59d013096015a93269325ee4148d826ffd7a9f019f622850a2b86974b9748\",
strip_prefix = \"bssl_wrapper-2eaed8832e12a0fada8f08a5e23522e035b80784\",
urls = [\"https://github.com/maistra/bssl_wrapper/archive/2eaed8832e12a0fada8f08a5e23522e035b80784.tar.gz\"],
),
#EXTERNAL OPENSSL
openssl_cbs = dict(
sha256 = \"f466ca7bc4b876cfa9edb4870275207e580588f85f8fae268c40277846a6d8de\",
strip_prefix = \"openssl-cbs-dab3282af49f134766abcda5f95cbb19057a53d1\",
urls = [\"https://github.com/maistra/openssl-cbs/archive/dab3282af49f134766abcda5f95cbb19057a53d1.tar.gz\"],
),"
replace_text
FILE="bazel/repository_locations.bzl"
DELETE_START_PATTERN="boringssl_fips = dict("
DELETE_STOP_PATTERN="),"
START_OFFSET="0"
ADD_TEXT=""
replace_text
if [ "$UPDATE_JWT" == "true" ]; then
FILE="bazel/repository_locations.bzl"
DELETE_START_PATTERN="com_github_google_jwt_verify = dict("
DELETE_STOP_PATTERN="),"
START_OFFSET="0"
ADD_TEXT=" # EXTERNAL OPENSSL
com_github_google_jwt_verify = dict(
sha256 = \"bc5a7954a985b23bf5ed31527764572562f3b92476a5f0e296a3c07d0e93f903\",
strip_prefix = \"jwt_verify_lib-389bfdceef7e79b05315c83b5e7cab37728e2e5b\",
urls = [\"https://github.com/maistra/jwt_verify_lib/archive/389bfdceef7e79b05315c83b5e7cab37728e2e5b.tar.gz\"],
),"
replace_text
fi
FILE="bazel/repositories.bzl"
DELETE_START_PATTERN="def _boringssl():"
DELETE_STOP_PATTERN=" )"
START_OFFSET="0"
ADD_TEXT="#EXTERNAL OPENSSL
def _openssl():
native.bind(
name = \"ssl\",
actual = \"@openssl//:openssl-lib\",
)
#EXTERNAL OPENSSL
def _bssl_wrapper():
_repository_impl(\"bssl_wrapper\")
native.bind(
name = \"bssl_wrapper_lib\",
actual = \"@bssl_wrapper//:bssl_wrapper_lib\",
)
#EXTERNAL OPENSSL
def _openssl_cbs():
_repository_impl(\"openssl_cbs\")
native.bind(
name = \"openssl_cbs_lib\",
actual = \"@openssl_cbs//:openssl_cbs_lib\",
)"
replace_text
FILE="bazel/repositories.bzl"
DELETE_START_PATTERN="_boringssl()"
DELETE_STOP_PATTERN=""
START_OFFSET="0"
ADD_TEXT="
# EXTERNAL OPENSSL
_openssl()
_bssl_wrapper()
_openssl_cbs()
"
replace_text
# There are two instances of _boringssl_fips. A call and a definition. Replace_text only operates on a
# single match, which likely makes sense since you can optionally add text. As such, create two entries.
# The first for the definition and the second for the call. Doing this in the wrong order would cause
# multiple results.
FILE="bazel/repositories.bzl"
DELETE_START_PATTERN="def _boringssl_fips():"
DELETE_STOP_PATTERN=" )"
START_OFFSET="0"
ADD_TEXT=""
replace_text
FILE="bazel/repositories.bzl"
DELETE_START_PATTERN="_boringssl_fips()"
DELETE_STOP_PATTERN=")"
START_OFFSET="0"
ADD_TEXT=""
replace_text
FILE="bazel/repositories.bzl"
DELETE_START_PATTERN="@envoy//bazel:boringssl"
DELETE_STOP_PATTERN=")"
START_OFFSET="-2"
ADD_TEXT=""
replace_text
OPENSSL_REPO="
new_local_repository(
name = \"openssl\",
path = \"/usr/lib64/\",
build_file = \"openssl.BUILD\"
)"
echo "${OPENSSL_REPO}" >> ${SOURCE_DIR}/WORKSPACE
sed -i 's|go_register_toolchains(go_version = GO_VERSION)|go_register_toolchains(go_version = "host")|g' ${SOURCE_DIR}/WORKSPACE
FILE="source/extensions/quic_listeners/quiche/platform/BUILD"
DELETE_START_PATTERN="\"ssl\""
DELETE_STOP_PATTERN=""
START_OFFSET="0"
ADD_TEXT=" \"ssl\",
\"openssl_cbs_lib\","
replace_text
FILE="bazel/envoy_build_system.bzl"
DELETE_START_PATTERN="def envoy_select_boringssl"
DELETE_STOP_PATTERN="})"
START_OFFSET="0"
ADD_TEXT=""
replace_text
FILE="source/common/common/BUILD"
DELETE_START_PATTERN="\"envoy_select_boringssl\","
DELETE_STOP_PATTERN=""
START_OFFSET="0"
ADD_TEXT=""
replace_text
FILE="source/common/common/BUILD"
DELETE_START_PATTERN="copts = envoy_select_boringssl("
DELETE_STOP_PATTERN="),"
START_OFFSET="0"
ADD_TEXT=""
replace_text
FILE="source/common/network/connection_impl.cc"
DELETE_START_PATTERN="close(ConnectionCloseType::NoFlush)"
DELETE_STOP_PATTERN=""
START_OFFSET="0"
ADD_TEXT=" if (ioHandle().fd() == -1 && delayed_close_timer_ == nullptr) {
close(ConnectionCloseType::NoFlush);
}"
replace_text
FILE="source/common/network/connection_impl.cc"
DELETE_START_PATTERN="ConnectionImpl file event was unexpectedly reset"
DELETE_STOP_PATTERN="file_event_->activate(Event::FileReadyType::Write)"
START_OFFSET="0"
ADD_TEXT=" ASSERT(file_event_ != nullptr, \"ConnectionImpl file event was unexpectedly reset\");
if (file_event_ != nullptr) {
file_event_->activate(Event::FileReadyType::Write);
}"
replace_text
sed -i "s|#ifdef ENVOY_SSL_VERSION|#ifdef GO_PATRIOTS|g" ${SOURCE_DIR}/source/common/common/version.cc
sed -i "s|ENVOY_SSL_VERSION|\"OpenSSL_1_1_1-${PROXY_SHA}\"|g" ${SOURCE_DIR}/source/common/common/version.cc
sed -i "s|#ifdef GO_PATRIOTS|#ifdef ENVOY_SSL_VERSION|g" ${SOURCE_DIR}/source/common/common/version.cc
sed -i 's|#include "openssl/base.h"|#include "opensslcbs/cbs.h"|g' ${SOURCE_DIR}/source/extensions/quic_listeners/quiche/platform/quic_cert_utils_impl.h
sed -i 's|#include "openssl/bytestring.h"||g' ${SOURCE_DIR}/source/extensions/quic_listeners/quiche/platform/quic_cert_utils_impl.cc
sed -i 's|QuicPlatformTest, QuicStackTraceTest|QuicPlatformTest, DISABLED_QuicStackTraceTest|g' ${SOURCE_DIR}/test/extensions/quic_listeners/quiche/platform/quic_platform_test.cc
sed -i 's|#include "openssl/bytestring.h"||g' ${SOURCE_DIR}/source/common/crypto/utility.cc
sed -i 's|EVP_DigestVerifyInit(ctx.get()|EVP_DigestVerifyInit(ctx|g' ${SOURCE_DIR}/source/common/crypto/utility.cc
sed -i 's|EVP_DigestVerify(ctx.get()|EVP_DigestVerify(ctx|g' ${SOURCE_DIR}/source/common/crypto/utility.cc
FILE="source/common/crypto/utility.cc"
DELETE_START_PATTERN="EVP_parse_public_key"
DELETE_STOP_PATTERN="EVP_parse_public_key"
START_OFFSET="-1"
ADD_TEXT=" const uint8_t* data = reinterpret_cast<const uint8_t*>(key.data());
EVP_PKEY* pkey = d2i_PUBKEY(nullptr, &data, key.size());
return PublicKeyPtr(pkey);"
replace_text
FILE="source/common/crypto/utility.cc"
DELETE_START_PATTERN="ScopedEVP_MD_CTX"
DELETE_STOP_PATTERN=""
START_OFFSET="0"
ADD_TEXT=" EVP_MD_CTX *ctx;
ctx = EVP_MD_CTX_new();"
replace_text
FILE="source/common/crypto/utility.h"
DELETE_START_PATTERN="openssl/evp.h"
DELETE_STOP_PATTERN=""
START_OFFSET="0"
ADD_TEXT="#include \"openssl/evp.h\"
#include \"opensslcbs/cbs.h\"
#include \"bssl_wrapper/bssl_wrapper.h\""
replace_text
FILE="source/common/crypto/BUILD"
DELETE_START_PATTERN="name = \"utility_lib\","
DELETE_STOP_PATTERN=""
START_OFFSET="0"
ADD_TEXT=" name = \"utility_lib\",
external_deps = [
\"ssl\",
\"openssl_cbs_lib\",
\"bssl_wrapper_lib\"
],"
],
replace_text
sed -i 's|#include "openssl/bytestring.h"|#include "opensslcbs/cbs.h"|g' ${SOURCE_DIR}/source/extensions/filters/http/lua/lua_filter.cc
sed -i 's|#include "openssl/base64.h"||g' ${SOURCE_DIR}/source/extensions/filters/http/lua/lua_filter.cc
FILE="source/extensions/filters/http/lua/BUILD"
DELETE_START_PATTERN="lua_filter.h"
DELETE_STOP_PATTERN="deps = ["
START_OFFSET="0"
ADD_TEXT=" hdrs = [\"lua_filter.h\"],
external_deps = [
\"openssl_cbs_lib\",
],"
replace_text
sed -i 's|#include "openssl/base64.h"||g' ${SOURCE_DIR}/test/extensions/filters/http/lua/lua_filter_test.cc
sed -i 's|#include "openssl/bytestring.h"||g' ${SOURCE_DIR}/test/extensions/filters/http/lua/lua_filter_test.cc
FILE="test/integration/BUILD"
DELETE_START_PATTERN="name = \"hotrestart_test\","
DELETE_STOP_PATTERN="name = \"header_integration_test\","
START_OFFSET="-1"
ADD_TEXT="envoy_cc_test(
name = \"header_integration_test\","
replace_text
FILE="test/integration/BUILD"
DELETE_START_PATTERN="name = \"ratelimit_integration_test\","
DELETE_STOP_PATTERN="name = \"server_stats_interface\","
START_OFFSET="-1"
ADD_TEXT="envoy_cc_test_library(
name = \"server_stats_interface\","
replace_text
sed -i 's|EXPECT_EQ(buffer_size, data.length());|if (buffer_size != data.length()) throw EnvoyException("EXPECT_EQ failed");|g' ${SOURCE_DIR}/test/common/network/connection_impl_test.cc
sed -i 's|EXPECT_EQ(buffer_size, filter_seen);|if (buffer_size != filter_seen) throw EnvoyException("EXPECT_EQ failed");|g' ${SOURCE_DIR}/test/common/network/connection_impl_test.cc
sed -i 's|EXPECT_EQ(option, input_option);|if (option != input_option) throw EnvoyException("EXPECT_EQ failed");|g' ${SOURCE_DIR}/test/common/network/socket_option_factory_test.cc
sed -i 's|EXPECT_EQ(type, input_type);|if (type != input_type) throw EnvoyException("EXPECT_EQ failed");|g' ${SOURCE_DIR}/test/common/network/socket_option_factory_test.cc