Skip to content

Commit 135f7d1

Browse files
cconloncconlon
authored
Merge pull request #126 from SparkiDev/nginx
Testing: nginx 1.19.10 with OpenSSL 1.0.2h and 1.1.1b
2 parents 87fb793 + 0ed0e15 commit 135f7d1

File tree

4 files changed

+620
-0
lines changed

4 files changed

+620
-0
lines changed

scripts/build-openssl-wolfengine.sh

Lines changed: 357 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,357 @@
1+
# This script is 'source'ed into testing scripts.
2+
#
3+
# This is the common rountines used to build wolfEngine
4+
5+
TEST_PATCH_DIR_102="$WOLFENGINE_ROOT/openssl_patches/1.0.2h/tests/"
6+
TEST_PATCH_DIR_111="$WOLFENGINE_ROOT/openssl_patches/1.1.1b/tests/"
7+
8+
setup_openssl_install() {
9+
if [ -z "${OPENSSL_INSTALL}" ]; then
10+
OPENSSL_INSTALL=/usr
11+
fi
12+
13+
if [ -n "${OLD_LD_LIBRARY_PATH}" ]; then
14+
LD_LIBRARY_PATH=${OLD_LD_LIBRARY_PATH}
15+
else
16+
OLD_LD_LIBRARY_PATH=${LD_LIBRARY_PATH}
17+
fi
18+
19+
# If the OPENSSL_INSTALL directory has a "lib" subdirectory, use that.
20+
# Otherwise, we're working with an OpenSSL source directory, and the
21+
# libraries will be in the root, not a subdirectory.
22+
if [ -d "${OPENSSL_INSTALL}/lib" ]; then
23+
export LD_LIBRARY_PATH=$OPENSSL_INSTALL/lib:$LD_LIBRARY_PATH
24+
else
25+
export LD_LIBRARY_PATH=$OPENSSL_INSTALL:$LD_LIBRARY_PATH
26+
OPENSSL_LDFLAGS="LDFLAGS=-L$OPENSSL_INSTALL"
27+
28+
if [ -d "${OPENSSL_INSTALL}/include" ]; then
29+
OPENSSL_CPPFLAGS="CPPFLAGS=-I$OPENSSL_INSTALL/include"
30+
else
31+
printf "OpenSSL source directory has no include subdirectory.\n"
32+
do_failure
33+
fi
34+
fi
35+
36+
OPENSSL_VERSION=$(grep -oP "(?<=define OPENSSL_VERSION_NUMBER)\s+0x[0-9a-fA-F]+" $OPENSSL_INSTALL/include/openssl/opensslv.h)
37+
(( "$OPENSSL_VERSION" < "0x10100000" ))
38+
if [ $? == 1 ]; then
39+
WOLFENGINE_ID=libwolfengine
40+
RUN_TLS13_TESTS=1
41+
RUN_OLD_TLS_TESTS=0
42+
else
43+
WOLFENGINE_ID=wolfengine
44+
RUN_TLS13_TESTS=0
45+
RUN_OLD_TLS_TESTS=1
46+
fi
47+
OPENSSL_VERS_STR="OpenSSL${OPENSSL_VERSION}"
48+
}
49+
50+
51+
apply_patches() {
52+
for PATCH in $PATCHES
53+
do
54+
# Try to patch. If doesn't work, check whether it has already been
55+
# applied.
56+
git apply $PATCH &>$LOGFILE || git apply $PATCH -R --check &>> $LOGFILE
57+
if [ $? != 0 ]; then
58+
printf "$PATCH failed to apply\n"
59+
do_cleanup
60+
exit 1
61+
fi
62+
done
63+
}
64+
65+
patch_openssl_fips() {
66+
if [ "$WOLFSSL_FIPS" == 1 ]; then
67+
cd $OPENSSL_SOURCE
68+
printf "Patching unit tests to support wolfCrypt FIPS.\n"
69+
if [ -d "$TEST_PATCH_DIR/fips" ]; then
70+
PATCHES=`find $TEST_PATCH_DIR/fips -name "*.patch"`
71+
apply_patches
72+
fi
73+
printf "\tRebuilding patched tests..."
74+
make -j$MAKE_JOBS 2>&1 | tee -a $LOGFILE
75+
if [ "${PIPESTATUS[0]}" != 0 ]; then
76+
printf "failed\n"
77+
do_cleanup
78+
exit 1
79+
fi
80+
printf "ok.\n"
81+
else
82+
printf "Skipping unit test FIPS patches.\n"
83+
fi
84+
}
85+
86+
patch_openssl() {
87+
printf "\tPatching unit tests to use wolfEngine.\n"
88+
PATCHES=`find $TEST_PATCH_DIR -maxdepth 1 -name "*.patch"`
89+
apply_patches
90+
}
91+
92+
93+
get_openssl_102h() {
94+
printf "Setting up OpenSSL 1.0.2h.\n"
95+
if [ -n "${OPENSSL_1_0_2_SOURCE}" ]; then
96+
printf "\tUsing OpenSSL 1.0.2h source code at $OPENSSL_1_0_2_SOURCE\n"
97+
return
98+
fi
99+
100+
if [ -d "openssl-1_0_2h" ]; then
101+
return
102+
fi
103+
104+
printf "\tCloning OpenSSL and checking out version 1.0.2h..."
105+
git clone --depth=1 -b OpenSSL_1_0_2h https://github.com/openssl/openssl.git openssl-1_0_2h >> $LOGFILE 2>&1
106+
if [ "$?" != 0 ]; then
107+
printf "failed\n"
108+
do_cleanup
109+
exit 1
110+
fi
111+
printf "ok.\n"
112+
}
113+
114+
patch_openssl_102h() {
115+
cd openssl-1_0_2h
116+
patch_openssl
117+
cd ..
118+
}
119+
120+
configure_openssl_102h() {
121+
if [ -n "${OPENSSL_NO_CONFIG}" ]; then
122+
return
123+
fi
124+
125+
cd openssl-1_0_2h
126+
127+
printf "\tConfiguring..."
128+
# Configure for debug.
129+
./config shared no-asm --prefix=$OPENSSL_INSTALL_DIR \
130+
$OPENSSL_EXTRA_CFLAGS >> $LOGFILE 2>&1
131+
if [ "$?" != 0 ]; then
132+
printf "failed\n"
133+
do_cleanup
134+
exit 1
135+
fi
136+
printf "ok.\n"
137+
make clean >> $LOGFILE 2>&1
138+
139+
cd ..
140+
}
141+
142+
build_openssl_102h() {
143+
if [ -n "${OPENSSL_NO_BUILD}" ]; then
144+
return
145+
fi
146+
147+
cd openssl-1_0_2h
148+
149+
printf "\tBuilding..."
150+
make -j$MAKE_JOBS >> $LOGFILE 2>&1
151+
if [ "$?" != 0 ]; then
152+
printf "failed\n"
153+
do_cleanup
154+
exit 1
155+
fi
156+
printf "ok.\n"
157+
158+
OPENSSL_1_0_2_SOURCE=`pwd`
159+
cd ..
160+
}
161+
162+
install_openssl_102h() {
163+
if [ -n "${OPENSSL_NO_BUILD}" ]; then
164+
return
165+
fi
166+
167+
cd openssl-1_0_2h
168+
169+
printf "\tInstalling..."
170+
rm -rf ${OPENSSL_INSTALL_DIR}
171+
mkdir $OPENSSL_INSTALL_DIR
172+
mkdir $OPENSSL_INSTALL_DIR/include
173+
mkdir $OPENSSL_INSTALL_DIR/lib
174+
cp -rL include/* ${OPENSSL_INSTALL_DIR}/include/
175+
cp -r lib* $OPENSSL_INSTALL_DIR/lib/
176+
if [ "$?" != 0 ]; then
177+
printf "failed\n"
178+
do_cleanup
179+
exit 1
180+
fi
181+
printf "ok.\n"
182+
183+
cd ..
184+
}
185+
186+
get_openssl_111b() {
187+
printf "Setting up OpenSSL 1.1.1b.\n"
188+
if [ -n "${OPENSSL_1_1_1_SOURCE}" ]; then
189+
printf "\tUsing OpenSSL 1.1.1b source code at $OPENSSL_1_1_1_SOURCE\n"
190+
return
191+
fi
192+
193+
if [ -d "openssl-1_1_1b" ]; then
194+
return
195+
fi
196+
197+
printf "\tCloning OpenSSL and checking out version 1.1.1b..."
198+
git clone --depth=1 -b OpenSSL_1_1_1b https://github.com/openssl/openssl.git openssl-1_1_1b >> $LOGFILE 2>&1
199+
if [ "$?" != 0 ]; then
200+
printf "failed\n"
201+
do_cleanup
202+
exit 1
203+
fi
204+
printf "ok.\n"
205+
}
206+
207+
patch_openssl_111b() {
208+
cd openssl-1_1_1b
209+
patch_openssl
210+
cd ..
211+
}
212+
213+
configure_openssl_111b() {
214+
if [ -n "${OPENSSL_NO_CONFIG}" -o -n "${OPENSSL_NO_BUILD}" ]; then
215+
return
216+
fi
217+
218+
cd openssl-1_1_1b
219+
220+
if [ -z "${OPENSSL_INSTALL_DIR}" ]; then
221+
OPENSSL_INSTALL_DIR=/usr/local
222+
elif [ ! -d ${OPENSSL_INSTALL_DIR} ]; then
223+
mkdir -p ${OPENSSL_INSTALL_DIR}
224+
fi
225+
226+
printf "\tConfiguring..."
227+
# Configure for debug.
228+
./config shared no-asm --prefix=$OPENSSL_INSTALL_DIR \
229+
$OPENSSL_EXTRA_CFLAGS >> $LOGFILE 2>&1
230+
if [ "$?" != 0 ]; then
231+
printf "failed\n"
232+
do_cleanup
233+
exit 1
234+
fi
235+
printf "ok.\n"
236+
make clean >> $LOGFILE 2>&1
237+
238+
cd ..
239+
}
240+
241+
build_openssl_111b() {
242+
if [ -n "${OPENSSL_NO_BUILD}" ]; then
243+
return
244+
fi
245+
246+
cd openssl-1_1_1b
247+
248+
printf "\tBuilding..."
249+
make -j$MAKE_JOBS >> $LOGFILE 2>&1
250+
if [ "$?" != 0 ]; then
251+
printf "failed\n"
252+
do_cleanup
253+
exit 1
254+
fi
255+
printf "ok.\n"
256+
257+
OPENSSL_1_1_1_SOURCE=`pwd`
258+
cd ..
259+
}
260+
261+
install_openssl_111b() {
262+
if [ -n "${OPENSSL_NO_BUILD}" ]; then
263+
return
264+
fi
265+
266+
cd openssl-1_1_1b
267+
268+
printf "\tInstalling..."
269+
rm -rf ${OPENSSL_INSTALL_DIR}
270+
make -j$NAME_JOBS install >> $LOGFILE 2>&1
271+
if [ "$?" != 0 ]; then
272+
printf "failed\n"
273+
do_cleanup
274+
exit 1
275+
fi
276+
printf "ok.\n"
277+
278+
cd ..
279+
}
280+
281+
# Write out a OpenSSL configuration file that uses wolfEngine
282+
write_conf_file() {
283+
if [ -z "${WE_DEBUG}" ]; then
284+
WE_DEBUG=1
285+
fi
286+
287+
printf "\tWriting OpenSSL configuration file for wolfEngine\n"
288+
cat > ${WE_OPENSSL_CONF} << EOF
289+
openssl_conf = openssl_init
290+
291+
[openssl_init]
292+
engines = engine_section
293+
294+
[engine_section]
295+
wolfengine = wolfengine_section
296+
297+
[wolfengine_section]
298+
dynamic_path = ${WOLFENGINE_ROOT}/.libs/libwolfengine.so
299+
default_algorithms = ALL
300+
init = 1
301+
enable_debug = ${WE_DEBUG}
302+
EOF
303+
export OPENSSL_CONF=$WE_OPENSSL_CONF
304+
}
305+
306+
build_wolfengine() {
307+
if [ -n "${WOLFENGINE_NO_BUILD}" ]; then
308+
return
309+
fi
310+
311+
echo "Building wolfEngine" >> $LOGFILE
312+
313+
printf "Setting up wolfEngine to use $OPENSSL_VERS_STR.\n"
314+
# Ensure wolfEngine has a configure file to create a Makefile with.
315+
if [ ! -f "./configure" ]; then
316+
printf "\tRunning autogen.sh..."
317+
./autogen.sh >> $LOGFILE 2>&1
318+
if [ $? != 0 ]; then
319+
printf "failed.\n"
320+
do_failure
321+
fi
322+
printf "ok.\n"
323+
fi
324+
325+
printf "\tConfiguring..."
326+
if [ -n "${OPENSSL_INSTALL}" ]; then
327+
./configure $OPENSSL_CPPFLAGS $OPENSSL_LDFLAGS \
328+
--with-openssl=$OPENSSL_INSTALL \
329+
--enable-debug >> $LOGFILE 2>&1
330+
else
331+
# Tests have been patched to use debug logging - must enable debug.
332+
# User can set WOLFENGINE_EXTRA_LDFLAGS to provide extra LDFLAGS and
333+
# WOLFENGINE_EXTRA_CPPFLAGS to provide extra CPPFLAGS.
334+
./configure LDFLAGS="-L$OPENSSL_SOURCE $WOLFENGINE_EXTRA_LDFLAGS" \
335+
CPPFLAGS="$WOLFENGINE_EXTRA_CPPFLAGS" \
336+
--with-openssl=$OPENSSL_SOURCE \
337+
$WOLFENGINE_EXTRA_OPTS \
338+
--enable-debug >> $LOGFILE 2>&1
339+
fi
340+
if [ "$?" != 0 ]; then
341+
printf "failed\n"
342+
do_cleanup
343+
exit 1
344+
fi
345+
printf "ok.\n"
346+
347+
printf "\tBuilding..."
348+
make -j$MAKE_JOBS >> $LOGFILE 2>&1
349+
if [ "$?" != 0 ]; then
350+
printf "failed\n"
351+
do_cleanup
352+
exit 1
353+
fi
354+
printf "ok.\n"
355+
}
356+
357+

0 commit comments

Comments
 (0)