From 1fc30e882e279bdb6096bb0d872eb61a25ea9350 Mon Sep 17 00:00:00 2001 From: Jochen Sprickerhof Date: Tue, 27 Dec 2022 21:11:29 +0000 Subject: [PATCH] Import android-platform-external-boringssl_13.0.0+r11-3.debian.tar.xz [dgit import tarball android-platform-external-boringssl 13.0.0+r11-3 android-platform-external-boringssl_13.0.0+r11-3.debian.tar.xz] --- .gitlab-ci.yml | 14 + README.Debian | 21 + android-boringssl.docs | 3 + android-boringssl.install | 1 + android-boringssl.lintian-overrides | 12 + android-libboringssl-dev.install | 5 + android-libboringssl.docs | 3 + android-libboringssl.install | 4 + android-libboringssl.lintian-overrides | 12 + changelog | 252 ++++++++ clean | 1 + compiler_test.mk | 27 + control | 61 ++ copyright | 569 ++++++++++++++++++ crypto_test.mk | 43 ++ gbp.conf | 3 + libcrypto.mk | 59 ++ libssl.mk | 26 + libtest_support.mk | 21 + patches/0003-Disable-failing-test.patch | 20 + ...01-Add-new-Arch-ia64-riscv64-sh4-x32.patch | 27 + patches/02-sources-mk.patch | 14 + patches/series | 3 + rules | 69 +++ source/format | 1 + source/lintian-overrides | 6 + sources.mk | 459 ++++++++++++++ ssl_test.mk | 43 ++ tests/control | 3 + tool_test.mk | 23 + upstream/metadata | 6 + upstream/signing-key.asc | 30 + watch | 9 + 33 files changed, 1850 insertions(+) create mode 100644 .gitlab-ci.yml create mode 100644 README.Debian create mode 100644 android-boringssl.docs create mode 100644 android-boringssl.install create mode 100644 android-boringssl.lintian-overrides create mode 100755 android-libboringssl-dev.install create mode 100644 android-libboringssl.docs create mode 100755 android-libboringssl.install create mode 100644 android-libboringssl.lintian-overrides create mode 100644 changelog create mode 100644 clean create mode 100644 compiler_test.mk create mode 100644 control create mode 100644 copyright create mode 100644 crypto_test.mk create mode 100644 gbp.conf create mode 100644 libcrypto.mk create mode 100644 libssl.mk create mode 100644 libtest_support.mk create mode 100644 patches/0003-Disable-failing-test.patch create mode 100644 patches/01-Add-new-Arch-ia64-riscv64-sh4-x32.patch create mode 100644 patches/02-sources-mk.patch create mode 100644 patches/series create mode 100755 rules create mode 100644 source/format create mode 100644 source/lintian-overrides create mode 100644 sources.mk create mode 100644 ssl_test.mk create mode 100644 tests/control create mode 100644 tool_test.mk create mode 100644 upstream/metadata create mode 100644 upstream/signing-key.asc create mode 100644 watch diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..514c702 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,14 @@ +pages: + image: registry.salsa.debian.org/salsa-ci-team/ci-image-git-buildpackage + stage: deploy + artifacts: + paths: + - public + expire_in: 1 day + except: + - tags + - pristine-tar + - upstream + script: + - gitlab-ci-git-buildpackage-all + - gitlab-ci-aptly diff --git a/README.Debian b/README.Debian new file mode 100644 index 0000000..fd5a11c --- /dev/null +++ b/README.Debian @@ -0,0 +1,21 @@ +This library is a version of Google's internal OpenSSL fork called +BoringSSL. This is not the official BoringSSL release, it is the +version of BoringSSL that is maintained as part of the Android SDK and +OS. These packages should never be used for anything but the parts of +the Android SDK that require them. + +We package these chunks separately because we believe it makes it +easier to maintain. Security updates can happen only in the +particular package rather than having to build the whole Android SDK +together as one giant source tree. + +Upstream is already good at providing security fixes for all of the +various bits, and they maintain quite a few stable releases in +parallel. Security maintenance for the Android SDK packages will +mostly be a matter of just including any new patch versions +(i.e. 8.1.0_r14 vs 8.1.0_r15). + +For more info: +https://lists.debian.org/debian-security/2016/05/msg00038.html + + -- Hans-Christoph Steiner , Wed, 28 Feb 2018 11:51:35 +0100 diff --git a/android-boringssl.docs b/android-boringssl.docs new file mode 100644 index 0000000..a67d2fc --- /dev/null +++ b/android-boringssl.docs @@ -0,0 +1,3 @@ +NOTICE +src/INCORPORATING.md +src/README.md diff --git a/android-boringssl.install b/android-boringssl.install new file mode 100644 index 0000000..07836ed --- /dev/null +++ b/android-boringssl.install @@ -0,0 +1 @@ +debian/out/bssl-tool usr/bin diff --git a/android-boringssl.lintian-overrides b/android-boringssl.lintian-overrides new file mode 100644 index 0000000..7f810ab --- /dev/null +++ b/android-boringssl.lintian-overrides @@ -0,0 +1,12 @@ +# Executables from the Android SDK normally each staticly link in all +# of the libs. That means each executable includes a full copy of all +# the libs, which is not how Debian works. These libs need to be +# dynamically linlked in so that just the library can be updated when +# there is a security fix, instead of requiring all of the executables +# be recompiled. That said, these libraries do not have a stable +# interface and were never intended to be used by any other project, +# only with the internal, Android SDK executables. Therefore, the +# Android SDK executables use private libraries located in +# /usr/lib/${DEB_HOST_MULTIARCH}/android + +custom-library-search-path diff --git a/android-libboringssl-dev.install b/android-libboringssl-dev.install new file mode 100755 index 0000000..0777c48 --- /dev/null +++ b/android-libboringssl-dev.install @@ -0,0 +1,5 @@ +#!/usr/bin/dh-exec + +src/include/openssl usr/include/android +debian/out/libcrypto.so usr/lib/${DEB_HOST_MULTIARCH}/android +debian/out/libssl.so usr/lib/${DEB_HOST_MULTIARCH}/android diff --git a/android-libboringssl.docs b/android-libboringssl.docs new file mode 100644 index 0000000..b41e947 --- /dev/null +++ b/android-libboringssl.docs @@ -0,0 +1,3 @@ +NOTICE +src/INCORPORATING.md +src/README.md \ No newline at end of file diff --git a/android-libboringssl.install b/android-libboringssl.install new file mode 100755 index 0000000..ff8628b --- /dev/null +++ b/android-libboringssl.install @@ -0,0 +1,4 @@ +#!/usr/bin/dh-exec + +debian/out/libcrypto.so.* usr/lib/${DEB_HOST_MULTIARCH}/android +debian/out/libssl.so.* usr/lib/${DEB_HOST_MULTIARCH}/android diff --git a/android-libboringssl.lintian-overrides b/android-libboringssl.lintian-overrides new file mode 100644 index 0000000..7f810ab --- /dev/null +++ b/android-libboringssl.lintian-overrides @@ -0,0 +1,12 @@ +# Executables from the Android SDK normally each staticly link in all +# of the libs. That means each executable includes a full copy of all +# the libs, which is not how Debian works. These libs need to be +# dynamically linlked in so that just the library can be updated when +# there is a security fix, instead of requiring all of the executables +# be recompiled. That said, these libraries do not have a stable +# interface and were never intended to be used by any other project, +# only with the internal, Android SDK executables. Therefore, the +# Android SDK executables use private libraries located in +# /usr/lib/${DEB_HOST_MULTIARCH}/android + +custom-library-search-path diff --git a/changelog b/changelog new file mode 100644 index 0000000..9fa5799 --- /dev/null +++ b/changelog @@ -0,0 +1,252 @@ +android-platform-external-boringssl (13.0.0+r11-3) unstable; urgency=medium + + * Team upload. + * Add patch to skip failing test (Closes: #1026716) + * Move package description to source package + + -- Jochen Sprickerhof Tue, 27 Dec 2022 22:11:29 +0100 + +android-platform-external-boringssl (13.0.0+r11-2) unstable; urgency=medium + + * debian/rules: Export gdwarf-4 so we align with ubuntu patches. + + -- Roger Shimizu Tue, 15 Nov 2022 22:28:07 -0800 + +android-platform-external-boringssl (13.0.0+r11-1) unstable; urgency=medium + + * New upstream release 13.0.0+r11 + * debian/patches: Remove backport patch. + * debian/copyright: Update file list. + * debian/sources.mk: Update by script. + * debian/control: Add myself as uploader. + + -- Roger Shimizu Sat, 29 Oct 2022 01:58:01 -0700 + +android-platform-external-boringssl (13~preview2-7) unstable; urgency=medium + + * Team upload. + * [again] Use lld as linker on available platforms. + + -- Roger Shimizu Tue, 28 Jun 2022 02:04:55 +0900 + +android-platform-external-boringssl (13~preview2-6) unstable; urgency=medium + + * Team upload. + * Use lld as linker on available platforms. + * debian/patches/0[12]: Add patch description. + * d/source/lintian-overrides: Adapt new rule to source filename. + * Add debian/upstream/metadata. + + -- Roger Shimizu Mon, 27 Jun 2022 19:38:58 +0900 + +android-platform-external-boringssl (13~preview2-5) unstable; urgency=medium + + * Team upload. + * debian/*.mk: Fix ftbfs for mips*el. + + -- Roger Shimizu Sun, 19 Jun 2022 02:14:20 +0900 + +android-platform-external-boringssl (13~preview2-4) unstable; urgency=medium + + * Team upload. + * Add patch from upstream tag platform-tools-33.0.1. + * Move -pie from debian/rules to debian/*.mk executable build. + * [ubuntu] debian/rules: ignore dh_dwz error. + * Use lld as linker when available. + + -- Roger Shimizu Sun, 19 Jun 2022 00:21:10 +0900 + +android-platform-external-boringssl (13~preview2-3) unstable; urgency=medium + + * Team upload. + * d/rules: Move common CPPFLAGS from d/*.mk to d/rules + * d/control: Move android-libboringssl-dev from Architecture: all to + each arch being supported. + + -- Roger Shimizu Mon, 13 Jun 2022 00:52:06 +0900 + +android-platform-external-boringssl (13~preview2-2) unstable; urgency=medium + + * Team upload. + * debian/*.mk: Fix ftbfs for armel. + + -- Roger Shimizu Tue, 07 Jun 2022 18:35:21 +0900 + +android-platform-external-boringssl (13~preview2-1) unstable; urgency=medium + + * Team upload. + * debian/*.mk: Using the "gnu11" variant means we don't need _XOPEN_SOURCE. + Additionally, using C11 makes the faster refcount implementation + available. This setting is from upstream. + + -- Roger Shimizu Mon, 06 Jun 2022 21:09:55 +0900 + +android-platform-external-boringssl (13~preview2-1~exp1) unstable; urgency=medium + + * Team upload. + * New upstream version 13~preview2 + * debian/patches: Refresh patches. + * debian/sources.mk: Update by script. + + -- Roger Shimizu Wed, 01 Jun 2022 04:00:31 +0900 + +android-platform-external-boringssl (12.1.0+r5-2) unstable; urgency=medium + + * Team upload. + * debian/tests/control: Limit architecture. + + -- Roger Shimizu Tue, 31 May 2022 01:41:52 +0900 + +android-platform-external-boringssl (12.1.0+r5-1) unstable; urgency=medium + + * Team upload. + * Upload to unstable. + * debian/rules: Build and test only for -arch build. + + -- Roger Shimizu Mon, 30 May 2022 19:06:02 +0900 + +android-platform-external-boringssl (12.1.0+r5-1~exp10) experimental; urgency=medium + + * Team upload. + * debian/crypto_test.mk: Fallback to gcc for mips64el. + Thanks to Adrian Bunk for fixing this test for mips64el. + + -- Roger Shimizu Sun, 29 May 2022 16:50:06 +0900 + +android-platform-external-boringssl (12.1.0+r5-1~exp9) experimental; urgency=medium + + * Team upload. + * debian/control: Update Depends version. + * debian/tests/control: Add autopkgtest test. + + -- Roger Shimizu Sat, 28 May 2022 18:38:29 +0900 + +android-platform-external-boringssl (12.1.0+r5-1~exp8) experimental; urgency=medium + + * Team upload. + * debian/rules: + - Disable building bssl-tools for Hurd. + - Add -pie to LDFLAGS to enhance the hardening. + * debian/control: + - Add android-boringssl package to include the tool. + * debian/copyright & debian/source/lintian-overrides: + - Adapt with new upstream. + + -- Roger Shimizu Thu, 26 May 2022 01:00:02 +0900 + +android-platform-external-boringssl (12.1.0+r5-1~exp7) experimental; urgency=medium + + * Team upload. + * debian/tool_test.mk and debian/rules: + - Add bssl-tool to build. + * debian/rules: + - Still run failing test for mips64el, just ignore the result. + + -- Roger Shimizu Mon, 23 May 2022 21:01:59 +0900 + +android-platform-external-boringssl (12.1.0+r5-1~exp6) experimental; urgency=medium + + * Team upload. + * Disable crypto_test for mips64el temporarily. + * Split test_support as an independant library. + * d/rules: + - Make dependency driven makefile rules. + + -- Roger Shimizu Mon, 16 May 2022 23:23:41 +0900 + +android-platform-external-boringssl (12.1.0+r5-1~exp5) experimental; urgency=medium + + * Team upload. + * Update eureka.mk and source it in debian/*.mk + * d/{crypto,ssl}_test.mk: + - Link with atomic for armel. + * d/patches: + - Update 01 patch to fix x32. + + -- Roger Shimizu Mon, 16 May 2022 02:25:59 +0900 + +android-platform-external-boringssl (12.1.0+r5-1~exp4) experimental; urgency=medium + + * Team upload. + * debian/patches: + - Update patch to fix sh4 and x32. + * Add debian/{crypto,ssl}_test.mk to test built libraries. + * d/lib{crypto,ssl}.mk: + - Import source list from eureka.mk. + + -- Roger Shimizu Sun, 15 May 2022 19:24:19 +0900 + +android-platform-external-boringssl (12.1.0+r5-1~exp3) experimental; urgency=medium + + * Team upload. + * debian/control: Add all little endian Arch, to check the buildd + result. + + -- Roger Shimizu Sun, 15 May 2022 03:27:01 +0900 + +android-platform-external-boringssl (12.1.0+r5-1~exp2) experimental; urgency=medium + + * Team upload. + * Try to build on new Arch (little endian): ia64, riscv64, sh4, x32 + + -- Roger Shimizu Sun, 15 May 2022 01:59:06 +0900 + +android-platform-external-boringssl (12.1.0+r5-1~exp1) experimental; urgency=medium + + * New upstream version 12.1.0+r5 + * debian/control: + - Fix multiarch issues. + - Add ppc64el support. + * debian/rules: + - Use clang as default compiler. + + -- Roger Shimizu Sat, 14 May 2022 02:09:14 +0900 + +android-platform-external-boringssl (10.0.0+r36-2~exp1) experimental; urgency=medium + + * Team upload. + + [ Hans-Christoph Steiner ] + * gitlab-ci: exclude tags, pristine-tar, upstream + + [ Roger Shimizu ] + * debian/control: + - Add mips*el to build. + + -- Roger Shimizu Mon, 11 Jan 2021 03:31:07 +0900 + +android-platform-external-boringssl (10.0.0+r36-1) unstable; urgency=medium + + * Team upload + * New upstream version + * Upstream (10.0.0+r36) (Closes: #933865) + + -- Dhyey Patel Mon, 23 Nov 2020 12:14:17 +0100 + +android-platform-external-boringssl (8.1.0+r23-3) unstable; urgency=medium + + [ Kai-Chung Yan (殷啟聰) ] + * d/copyright: Refer to the Apache-2.0 in the commons-licenses + + [ Roger Shimizu ] + * d/watch: Update rule to get new upstream version + + [ Hans-Christoph Steiner ] + * fix adb crashes on startup on armhf (Closes: #933865) + + -- Hans-Christoph Steiner Thu, 08 Oct 2020 19:35:08 +0200 + +android-platform-external-boringssl (8.1.0+r23-2) unstable; urgency=medium + + * Update d/copyright: + * Cover all copyright holders (Closes: #905820) + * Point the Source to AOSP + * Standards-Version => 4.2.1 + + -- Kai-Chung Yan Fri, 21 Sep 2018 16:43:18 +0800 + +android-platform-external-boringssl (8.1.0+r23-1) unstable; urgency=medium + + * Initial release (Closes: #823933) + + -- Kai-Chung Yan Mon, 28 May 2018 19:53:05 +0200 diff --git a/clean b/clean new file mode 100644 index 0000000..92a7cdc --- /dev/null +++ b/clean @@ -0,0 +1 @@ +debian/out/ \ No newline at end of file diff --git a/compiler_test.mk b/compiler_test.mk new file mode 100644 index 0000000..889c2a0 --- /dev/null +++ b/compiler_test.mk @@ -0,0 +1,27 @@ +NAME = compiler_test + +SOURCES = \ + src/crypto/compiler_test.cc \ + src/crypto/test/test_util.cc \ + +OBJECTS = $(SOURCES:.cc=.o) + +CXXFLAGS += -std=gnu++2a +CPPFLAGS += \ + -Isrc/include \ + +LDFLAGS += \ + -lgtest \ + -lpthread \ + -pie + +ifneq ($(filter mipsel mips64el,$(DEB_HOST_ARCH)),) + LDFLAGS += -Wl,-z,notext +endif + +build: $(OBJECTS) /usr/lib/$(DEB_HOST_MULTIARCH)/libgtest_main.a + mkdir -p debian/out + $(CXX) $^ -o debian/out/$(NAME) $(LDFLAGS) + +$(OBJECTS): %.o: %.cc + $(CXX) -c -o $@ $< $(CXXFLAGS) $(CPPFLAGS) diff --git a/control b/control new file mode 100644 index 0000000..8213f15 --- /dev/null +++ b/control @@ -0,0 +1,61 @@ +Source: android-platform-external-boringssl +Section: libs +Priority: optional +Maintainer: Android Tools Maintainers +Uploaders: Roger Shimizu +Build-Depends: + clang [amd64 i386 armel armhf arm64 mipsel mips64el ppc64el riscv64], + debhelper-compat (= 12), + dh-exec, + libgtest-dev, + lld [amd64 i386 armel armhf arm64 mipsel mips64el ppc64el], +Standards-Version: 4.5.0 +Rules-Requires-Root: no +Vcs-Git: https://salsa.debian.org/android-tools-team/android-platform-external-boringssl.git +Vcs-Browser: https://salsa.debian.org/android-tools-team/android-platform-external-boringssl +Homepage: https://android.googlesource.com/platform/external/boringssl +Description: Google's internal fork of OpenSSL for the Android SDK + The Android SDK builds against a static version of BoringSSL, + Google's internal fork of OpenSSL. This package should never be used + for anything but Android SDK packages that already depend on it. + . + BoringSSL arose because Google used OpenSSL for many years in various + ways and, over time, built up a large number of patches that were + maintained while tracking upstream OpenSSL. As Google’s product + portfolio became more complex, more copies of OpenSSL sprung up and + the effort involved in maintaining all these patches in multiple + places was growing steadily. + . + This is the Android AOSP fork of BoringSSL which is designed to be + used by Android and its SDK. BoringSSL is only ever statically linked + into apps, and pinned to a commit version. Upstream has no official + releases of BoringSSL on its own, so it must be included separately + for each project that uses it. + +Package: android-libboringssl +Architecture: armel armhf arm64 amd64 i386 ppc64el mipsel mips64el hurd-i386 ia64 kfreebsd-amd64 kfreebsd-i386 riscv64 sh4 x32 +Multi-Arch: same +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: ${source:Synopsis} + ${source:Extended-Description} + +Package: android-libboringssl-dev +Section: libdevel +Architecture: armel armhf arm64 amd64 i386 ppc64el mipsel mips64el hurd-i386 ia64 kfreebsd-amd64 kfreebsd-i386 riscv64 sh4 x32 +Multi-Arch: foreign +Depends: ${misc:Depends}, + android-libboringssl (= ${binary:Version}), +Description: ${source:Synopsis} - devel + ${source:Extended-Description} + . + This package contains the development files. + +Package: android-boringssl +Section: utils +Architecture: armel armhf arm64 amd64 i386 ppc64el mipsel mips64el ia64 kfreebsd-amd64 kfreebsd-i386 riscv64 sh4 x32 +Multi-Arch: foreign +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: ${source:Synopsis} - tool + ${source:Extended-Description} + . + This package contains the boringssl command line tool. diff --git a/copyright b/copyright new file mode 100644 index 0000000..b7cd946 --- /dev/null +++ b/copyright @@ -0,0 +1,569 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0 +Source: https://android.googlesource.com/platform/external/boringssl +Upstream-Name: BoringSSL +Comment: + Updated by referencing result of: + $ decopy -v --group-by copyright --output debian/copyright.decopy + +Files: * +Copyright: 1998-2011, The OpenSSL Project +License: OpenSSL and SSLeay + +Files: src/crypto/asn1/* + src/crypto/base64/base64.c + src/crypto/bio/bio.c + src/crypto/bio/bio_mem.c + src/crypto/bio/connect.c + src/crypto/bio/fd.c + src/crypto/bio/file.c + src/crypto/bio/hexdump.c + src/crypto/bio/internal.h + src/crypto/bio/printf.c + src/crypto/bio/socket.c + src/crypto/bn_extra/convert.c + src/crypto/buf/buf.c + src/crypto/cipher_extra/cipher_extra.c + src/crypto/cipher_extra/derive_key.c + src/crypto/cipher_extra/e_des.c + src/crypto/cipher_extra/e_null.c + src/crypto/cipher_extra/e_rc2.c + src/crypto/cipher_extra/e_rc4.c + src/crypto/cipher_extra/internal.h + src/crypto/conf/conf.c + src/crypto/conf/conf_def.h + src/crypto/constant_time_test.cc + src/crypto/cpu_intel.c + src/crypto/des/* + src/crypto/dh_extra/* + src/crypto/digest_extra/digest_extra.c + src/crypto/dsa/dsa.c + src/crypto/dsa/dsa_test.cc + src/crypto/err/err.c + src/crypto/evp/evp.c + src/crypto/evp/evp_asn1.c + src/crypto/evp/evp_ctx.c + src/crypto/evp/internal.h + src/crypto/evp/sign.c + src/crypto/ex_data.c + src/crypto/fipsmodule/bn/add.c + src/crypto/fipsmodule/bn/asm/* + src/crypto/fipsmodule/bn/bn.c + src/crypto/fipsmodule/bn/bn_test.cc + src/crypto/fipsmodule/bn/bn_tests.txt + src/crypto/fipsmodule/bn/bytes.c + src/crypto/fipsmodule/bn/cmp.c + src/crypto/fipsmodule/bn/div.c + src/crypto/fipsmodule/bn/generic.c + src/crypto/fipsmodule/bn/miller_rabin_tests.txt + src/crypto/fipsmodule/bn/mul.c + src/crypto/fipsmodule/bn/shift.c + src/crypto/fipsmodule/cipher/cipher.c + src/crypto/fipsmodule/cipher/internal.h + src/crypto/fipsmodule/des/* + src/crypto/fipsmodule/dh/* + src/crypto/fipsmodule/digest/digest.c + src/crypto/fipsmodule/digest/digests.c + src/crypto/fipsmodule/digest/internal.h + src/crypto/fipsmodule/hmac/hmac.c + src/crypto/fipsmodule/md4/md4.c + src/crypto/fipsmodule/md5/md5.c + src/crypto/fipsmodule/rsa/internal.h + src/crypto/fipsmodule/rsa/rsa_impl.c + src/crypto/fipsmodule/rsa/rsa.c + src/crypto/fipsmodule/sha/sha1-altivec.c + src/crypto/fipsmodule/sha/sha1.c + src/crypto/fipsmodule/sha/sha256.c + src/crypto/fipsmodule/sha/sha512.c + src/crypto/hmac_extra/* + src/crypto/internal.h + src/crypto/lhash/internal.h + src/crypto/lhash/lhash.c + src/crypto/mem.c + src/crypto/obj/* + src/crypto/pem/* + src/crypto/rc4/rc4.c + src/crypto/rsa_extra/* + src/crypto/stack/stack.c + src/crypto/thread.c + src/crypto/x509/* + src/decrepit/bio/base64_bio.c + src/decrepit/blowfish/blowfish.c + src/decrepit/cast/cast.c + src/decrepit/cast/cast_tables.c + src/decrepit/cast/internal.h + src/decrepit/des/cfb64ede.c + src/decrepit/macros.h + src/decrepit/rc4/rc4_decrepit.c + src/decrepit/ripemd/ripemd.c + src/decrepit/rsa/rsa_decrepit.c + src/decrepit/ssl/ssl_decrepit.c + src/include/openssl/asn1.h + src/include/openssl/base64.h + src/include/openssl/bio.h + src/include/openssl/blowfish.h + src/include/openssl/bn.h + src/include/openssl/buf.h + src/include/openssl/cast.h + src/include/openssl/cipher.h + src/include/openssl/conf.h + src/include/openssl/cpu.h + src/include/openssl/des.h + src/include/openssl/dh.h + src/include/openssl/digest.h + src/include/openssl/dsa.h + src/include/openssl/err.h + src/include/openssl/evp.h + src/include/openssl/evp_errors.h + src/include/openssl/ex_data.h + src/include/openssl/hmac.h + src/include/openssl/lhash.h + src/include/openssl/md4.h + src/include/openssl/md5.h + src/include/openssl/mem.h + src/include/openssl/nid.h + src/include/openssl/obj.h + src/include/openssl/pem.h + src/include/openssl/rc4.h + src/include/openssl/ripemd.h + src/include/openssl/rsa.h + src/include/openssl/sha.h + src/include/openssl/ssl.h + src/include/openssl/ssl3.h + src/include/openssl/stack.h + src/include/openssl/thread.h + src/include/openssl/tls1.h + src/include/openssl/type_check.h + src/include/openssl/x509.h + src/include/openssl/x509_vfy.h + src/ssl/bio_ssl.cc + src/ssl/ssl_asn1.cc + src/ssl/ssl_c_test.c + src/ssl/ssl_privkey.cc + src/ssl/ssl_stat.cc + src/ssl/tls_method.cc +Copyright: 1995-1998, Eric Young + 2014-2021, Google Inc + 2005, Nokia + 2002, Sun Microsystems, Inc + 1995-2017, The OpenSSL Project +License: SSLeay + +Files: crypto_test_data.cc + err_data.c + rules.mk + src/.clang-format + src/.github/* + src/.gitignore + src/BUILDING.md + src/CMakeLists.txt + src/codereview.settings + src/CONTRIBUTING.md + src/crypto/asn1/asn1_test.cc + src/crypto/base64/base64_test.cc + src/crypto/bio/bio_test.cc + src/crypto/bio/socket_helper.c + src/crypto/bn_extra/bn_asn1.c + src/crypto/bytestring/* + src/crypto/chacha/* + src/crypto/cipher_extra/aead_test.cc + src/crypto/cipher_extra/e_aesctrhmac.c + src/crypto/cipher_extra/e_aesgcmsiv.c + src/crypto/cipher_extra/e_chacha20poly1305.c + src/crypto/cipher_extra/e_tls.c + src/crypto/cipher_extra/test/nist_cavp/make_cavp.go + src/crypto/cmac/cmac_test.cc + src/crypto/compiler_test.cc + src/crypto/conf/internal.h + src/crypto/cpu_aarch64_linux.c + src/crypto/cpu_arm_linux.c + src/crypto/cpu_arm.c + src/crypto/cpu_ppc64le.c + src/crypto/crypto.c + src/crypto/curve25519/* + src/crypto/digest_extra/digest_test.cc + src/crypto/engine/* + src/crypto/err/err_data_generate.go + src/crypto/err/err_test.cc + src/crypto/evp/evp_extra_test.cc + src/crypto/evp/p_ed25519_asn1.c + src/crypto/evp/p_ed25519.c + src/crypto/evp/pbkdf_test.cc + src/crypto/evp/scrypt_test.cc + src/crypto/fipsmodule/aes/aes_test.cc + src/crypto/fipsmodule/aes/internal.h + src/crypto/fipsmodule/bcm.c + src/crypto/fipsmodule/bn/check_bn_tests.go + src/crypto/fipsmodule/cipher/aead.c + src/crypto/fipsmodule/delocate.h + src/crypto/fipsmodule/ec/ec_test.cc + src/crypto/fipsmodule/ec/p224-64.c + src/crypto/fipsmodule/ec/p256-x86_64_test.cc + src/crypto/fipsmodule/modes/polyval.c + src/crypto/fipsmodule/rand/* + src/crypto/fipsmodule/self_check/fips.c + src/crypto/hkdf/* + src/crypto/lhash/lhash_test.cc + src/crypto/obj/obj_test.cc + src/crypto/obj/objects.go + src/crypto/pkcs7/* + src/crypto/pkcs8/pkcs12_test.cc + src/crypto/pkcs8/pkcs8_test.cc + src/crypto/poly1305/* + src/crypto/pool/* + src/crypto/rand_extra/* + src/crypto/refcount_*.c + src/crypto/test/* + src/crypto/thread_*.c + src/crypto/x509/internal.h + src/crypto/x509/x509_test.cc + src/decrepit/evp/* + src/decrepit/obj/* + src/decrepit/x509/* + src/FUZZING.md + src/include/openssl/aead.h + src/include/openssl/asn1_mac.h + src/include/openssl/buffer.h + src/include/openssl/bytestring.h + src/include/openssl/chacha.h + src/include/openssl/cmac.h + src/include/openssl/crypto.h + src/include/openssl/curve25519.h + src/include/openssl/dtls1.h + src/include/openssl/engine.h + src/include/openssl/hkdf.h + src/include/openssl/is_boringssl.h + src/include/openssl/obj_mac.h + src/include/openssl/objects.h + src/include/openssl/opensslconf.h + src/include/openssl/opensslv.h + src/include/openssl/ossl_typ.h + src/include/openssl/pkcs12.h + src/include/openssl/pkcs7.h + src/include/openssl/poly1305.h + src/include/openssl/pool.h + src/include/openssl/rand.h + src/include/openssl/safestack.h + src/include/openssl/srtp.h + src/INCORPORATING.md + src/PORTING.md + src/README.md + src/ssl/CMakeLists.txt + src/ssl/ssl_aead_ctx.cc + src/ssl/ssl_buffer.cc + src/ssl/ssl_test.cc + src/ssl/ssl_versions.cc + src/ssl/test/* + src/ssl/tls13_both.cc + src/ssl/tls13_client.cc + src/ssl/tls13_enc.cc + src/ssl/tls13_server.cc + src/STYLE.md + src/tool/* + src/util/* +Copyright: 2014-2017, Google Inc. +License: ISC + +Files: src/crypto/cipher_extra/asm/aes128gcmsiv-x86_64.pl +Copyright: 2017, Shay Gueron + 2017, Google Inc +License: ISC + +Files: src/third_party/wycheproof_testvectors/* +Copyright: 2016-2019, Google Inc. +License: Apache-2.0 + +Files: src/third_party/fiat/* +Copyright: 2015-2016 the fiat-crypto authors +License: Expat + +Files: src/ssl/test/runner/*.go +Copyright: 2012-2016, The Go Authors +License: BSD-3-clause + +Files: src/util/bot/go/* + src/util/bot/vs_toolchain.py +Copyright: 2014, The Chromium Authors +License: BSD-3-clause + +Files: src/crypto/fipsmodule/bn/asm/rsaz-avx2.pl + src/crypto/fipsmodule/bn/rsaz_exp.c + src/crypto/fipsmodule/bn/rsaz_exp.h + src/crypto/fipsmodule/ec/asm/p256-x86_64-asm.pl + src/crypto/fipsmodule/ec/p256-x86_64-table.h + src/crypto/fipsmodule/ec/p256-x86_64.* +Copyright: 2013-2016 The OpenSSL Project Authors + 2012, Intel Corporation +License: OpenSSL + +Files: src/crypto/asn1/charmap.pl + src/crypto/asn1/internal.h + src/crypto/asn1/time_support.c + src/crypto/bio/pair.c + src/crypto/cipher_extra/cipher_test.cc + src/crypto/cipher_extra/e_aesccm.c + src/crypto/cipher_extra/tls_cbc.c + src/crypto/cmac/cmac.c + src/crypto/dh_extra/dh_asn1.c + src/crypto/dh_extra/params.c + src/crypto/dsa/dsa_asn1.c + src/crypto/ec_extra/ec_asn1.c + src/crypto/ecdh_extra/ecdh_extra.c + src/crypto/ecdsa_extra/* + src/crypto/evp/digestsign.c + src/crypto/evp/evp_test.cc + src/crypto/evp/p_dsa_asn1.c + src/crypto/evp/p_ec.c + src/crypto/evp/p_ec_asn1.c + src/crypto/evp/p_rsa.c + src/crypto/evp/p_rsa_asn1.c + src/crypto/evp/pbkdf.c + src/crypto/evp/print.c + src/crypto/fipsmodule/aes/aes.c + src/crypto/fipsmodule/aes/key_wrap.c + src/crypto/fipsmodule/aes/mode_wrappers.c + src/crypto/fipsmodule/bn/asm/x86_64-gcc.c + src/crypto/fipsmodule/bn/ctx.c + src/crypto/fipsmodule/bn/jacobi.c + src/crypto/fipsmodule/bn/sqrt.c + src/crypto/fipsmodule/cipher/e_aes.c + src/crypto/fipsmodule/digest/md32_common.h + src/crypto/fipsmodule/ec/ec.c + src/crypto/fipsmodule/ec/ec_key.c + src/crypto/fipsmodule/ec/ec_montgomery.c + src/crypto/fipsmodule/ec/internal.h + src/crypto/fipsmodule/ec/oct.c + src/crypto/fipsmodule/ec/simple.c + src/crypto/fipsmodule/ec/wnaf.c + src/crypto/fipsmodule/ecdh/* + src/crypto/fipsmodule/ecdsa/ecdsa.c + src/crypto/fipsmodule/ecdsa/ecdsa_test.cc + src/crypto/fipsmodule/modes/cbc.c + src/crypto/fipsmodule/modes/cfb.c + src/crypto/fipsmodule/modes/ctr.c + src/crypto/fipsmodule/modes/gcm.c + src/crypto/fipsmodule/modes/gcm_test.cc + src/crypto/fipsmodule/modes/internal.h + src/crypto/fipsmodule/modes/ofb.c + src/crypto/fipsmodule/rsa/padding.c + src/crypto/fipsmodule/sha/asm/* + src/crypto/fipsmodule/tls/kdf.c + src/crypto/pem/pem_x509.c + src/crypto/pem/pem_xaux.c + src/crypto/pkcs8/internal.h + src/crypto/pkcs8/p5_pbev2.c + src/crypto/pkcs8/pkcs8.c + src/crypto/pkcs8/pkcs8_x509.c + src/crypto/rsa_extra/rsa_asn1.c + src/crypto/x509/rsa_pss.c + src/crypto/x509/x509_trs.c + src/crypto/x509/x509_vpm.c + src/crypto/x509/x509cset.c + src/crypto/x509/x509spki.c + src/crypto/x509/x_algor.c + src/crypto/x509/x_x509a.c + src/crypto/x509v3/* + src/decrepit/dh/* + src/decrepit/dsa/* + src/decrepit/xts/xts.c + src/include/openssl/aes.h + src/include/openssl/arm_arch.h + src/include/openssl/asn1t.h + src/include/openssl/base.h + src/include/openssl/ec.h + src/include/openssl/ec_key.h + src/include/openssl/ecdh.h + src/include/openssl/ecdsa.h + src/include/openssl/pkcs8.h + src/include/openssl/x509v3.h + src/ssl/d1_lib.cc + src/ssl/dtls_method.cc +Copyright: 2002, Sun Microsystems + 1998-2016, The OpenSSL Project +License: OpenSSL + +Files: src/crypto/cipher_extra/asm/chacha20_poly1305_x86_64.pl +Copyright: 2015, CloudFlare Ltd +License: ISC + +Files: src/crypto/fipsmodule/bn/montgomery_inv.c +Copyright: 2016, Brian Smith +License: ISC + +Files: src/crypto/x509v3/v3_pci.c + src/crypto/x509v3/v3_pcia.c +Copyright: 2004, Kungliga Tekniska Högskolan +License: BSD-3-clause + +Files: debian/* +Copyright: 2016, Kai-Chung Yan + 2022, Roger Shimizu +License: Expat + +Files: android-sources.cmake + debian/sources.mk + eureka.mk + selftest/Android.bp + selftest/boringssl_self_test.cpp + sources.bp + sources.mk +Copyright: 2017-2019, The Android Open Source Project +License: Apache-2.0 + +Files: src/crypto/fipsmodule/md5/asm/md5-x86_64.pl +Copyright: n/a +License: public-domain + Author: Marc Bevand + Licence: I hereby disclaim the copyright on this code and place it + in the public domain. + +License: OpenSSL + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + 3. All advertising materials mentioning features or use of this + software must display the following acknowledgment: + "This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit. (http://www.openssl.org/)" + 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + endorse or promote products derived from this software without + prior written permission. For written permission, please contact + openssl-core@openssl.org. + 5. Products derived from this software may not be called "OpenSSL" + nor may "OpenSSL" appear in their names without prior written + permission of the OpenSSL Project. + 6. Redistributions of any form whatsoever must retain the following + acknowledgment: + "This product includes software developed by the OpenSSL Project + for use in the OpenSSL Toolkit (http://www.openssl.org/)" + . + THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + OF THE POSSIBILITY OF SUCH DAMAGE. + +License: ISC + Permission to use, copy, modify, and/or distribute this software for any + purpose with or without fee is hereby granted, provided that the above + copyright notice and this permission notice appear in all copies. + . + THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + +License: Expat + Permission is hereby granted, free of charge, to any person obtaining a copy + of this software and associated documentation files (the "Software"), to deal + in the Software without restriction, including without limitation the rights + to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + copies of the Software, and to permit persons to whom the Software is + furnished to do so, subject to the following conditions: + . + The above copyright notice and this permission notice shall be included in all + copies or substantial portions of the Software. + . + THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE + SOFTWARE. + +License: SSLeay + This library is free for commercial and non-commercial use as long as + the following conditions are adhered to. The following conditions + apply to all code found in this distribution, be it the RC4, RSA, + lhash, DES, etc., code; not just the SSL code. The SSL documentation + included with this distribution is covered by the same copyright terms + except that the holder is Tim Hudson (tjh@cryptsoft.com). + . + Copyright remains Eric Young's, and as such any Copyright notices in + the code are not to be removed. + If this package is used in a product, Eric Young should be given attribution + as the author of the parts of the library used. + This can be in the form of a textual message at program startup or + in documentation (online or textual) provided with the package. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. All advertising materials mentioning features or use of this software + must display the following acknowledgement: + "This product includes cryptographic software written by + Eric Young (eay@cryptsoft.com)" + The word 'cryptographic' can be left out if the routines from the library + being used are not cryptographic related :-). + 4. If you include any Windows specific code (or a derivative thereof) from + the apps directory (application code) you must include an acknowledgement: + "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + . + THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + . + The licence and distribution terms for any publically available version or + derivative of this code cannot be changed. i.e. this code cannot simply be + copied and put under another distribution licence + [including the GNU General Public Licence.] + +License: Apache-2.0 + On Debian systems, the full text of the Apache License, Version 2.0 + can be found in the file `/usr/share/common-licenses/Apache-2.0'. + +License: BSD-3-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + . + * Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above + copyright notice, this list of conditions and the following disclaimer + in the documentation and/or other materials provided with the + distribution. + * Neither the name of Google Inc. nor the names of its + contributors may be used to endorse or promote products derived from + this software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/crypto_test.mk b/crypto_test.mk new file mode 100644 index 0000000..a89f9eb --- /dev/null +++ b/crypto_test.mk @@ -0,0 +1,43 @@ +include debian/sources.mk + +NAME = crypto_test + +SOURCES = $(crypto_test_sources) +OBJECTS = $(SOURCES:.cc=.o) + +# src/crypto/pkcs8/pkcs12_test.cc:37:19: error: ISO C++20 does not permit initialization of char array with UTF-8 string literal +CXXFLAGS += -std=gnu++2a +CPPFLAGS += \ + -Isrc/include \ + +LDFLAGS += \ + -Ldebian/out \ + -Wl,-rpath=/usr/lib/$(DEB_HOST_MULTIARCH)/android \ + -lcrypto \ + -lgtest \ + -lpthread \ + -lssl \ + -ltest_support \ + -pie + +ifneq ($(filter mipsel mips64el,$(DEB_HOST_ARCH)),) + LDFLAGS += -Wl,-z,notext +endif + +# -latomic should be the last library specified +# https://github.com/android/ndk/issues/589 +ifeq ($(DEB_HOST_ARCH), armel) + LDFLAGS += -latomic +endif + +# clang built crypto_test binary crashes on mips64el +# so fallback to gcc as workaround +ifeq ($(DEB_HOST_ARCH), mips64el) + CXX = g++ +endif + +build: $(OBJECTS) + $(CXX) $^ -o debian/out/$(NAME) $(LDFLAGS) + +$(OBJECTS): %.o: %.cc + $(CXX) -c -o $@ $< $(CXXFLAGS) $(CPPFLAGS) diff --git a/gbp.conf b/gbp.conf new file mode 100644 index 0000000..5474c60 --- /dev/null +++ b/gbp.conf @@ -0,0 +1,3 @@ +[DEFAULT] +pristine-tar = True +sign-tags = True diff --git a/libcrypto.mk b/libcrypto.mk new file mode 100644 index 0000000..35523d3 --- /dev/null +++ b/libcrypto.mk @@ -0,0 +1,59 @@ +include debian/sources.mk + +NAME = libcrypto +SOURCES = $(crypto_sources) + +amd64_SOURCES = $(linux_x86_64_sources) +arm64_SOURCES = $(linux_aarch64_sources) +armel_SOURCES = $(linux_arm_sources) +armhf_SOURCES = $(linux_arm_sources) +i386_SOURCES = $(linux_x86_sources) +ppc64el_SOURCES = $(linux_ppc64le_sources) +hurd-i386_SOURCES = $(linux_x86_sources) +kfreebsd-i386_SOURCES = $(linux_x86_sources) +kfreebsd-amd64_SOURCES = $(linux_x86_64_sources) +x32_SOURCES = $(linux_x86_64_sources) + +SOURCES += $($(DEB_HOST_ARCH)_SOURCES) + +SOURCES_C = $(filter %.c,$(SOURCES)) +OBJECTS_C = $(SOURCES_C:.c=.o) +SOURCES_ASSEMBLY = $(filter %.S,$(SOURCES)) +OBJECTS_ASSEMBLY = $(SOURCES_ASSEMBLY:.S=.o) + +CFLAGS += -std=gnu11 \ + -fvisibility=hidden \ + -Wa,--noexecstack # Fixes `shlib-with-executable-stack`, see `src/util/BUILD.toplevel` + +CPPFLAGS += \ + -Isrc/crypto \ + -Isrc/include \ + +LDFLAGS += \ + -Wl,-soname,$(NAME).so.0 \ + -lpthread \ + -shared \ + +ifneq ($(filter mipsel mips64el,$(DEB_HOST_ARCH)),) + LDFLAGS += -Wl,-z,notext +endif + +# -latomic should be the last library specified +# https://github.com/android/ndk/issues/589 +# Use gcc instead of clang for assembly on armel +CC_ASSEMBLY = $(CC) +ifeq ($(DEB_HOST_ARCH), armel) + LDFLAGS += -latomic + CC_ASSEMBLY = gcc +endif + +build: $(OBJECTS_C) $(OBJECTS_ASSEMBLY) + mkdir -p debian/out + $(CC) $^ -o debian/out/$(NAME).so.0 $(LDFLAGS) + ln -sf $(NAME).so.0 debian/out/$(NAME).so + +$(OBJECTS_C): %.o: %.c + $(CC) -c -o $@ $< $(CFLAGS) $(CPPFLAGS) + +$(OBJECTS_ASSEMBLY): %.o: %.S + $(CC_ASSEMBLY) -c -o $@ $< $(CFLAGS) $(CPPFLAGS) diff --git a/libssl.mk b/libssl.mk new file mode 100644 index 0000000..dd00b87 --- /dev/null +++ b/libssl.mk @@ -0,0 +1,26 @@ +include debian/sources.mk + +NAME = libssl +SOURCES = $(ssl_sources) + +OBJECTS = $(SOURCES:.cc=.o) + +CXXFLAGS += -std=gnu++2a \ + -fvisibility=hidden \ + +CPPFLAGS += \ + -Isrc/include \ + +LDFLAGS += \ + -Ldebian/out \ + -Wl,-rpath=/usr/lib/$(DEB_HOST_MULTIARCH)/android \ + -Wl,-soname,$(NAME).so.0 \ + -lcrypto \ + -shared \ + +build: $(OBJECTS) + $(CXX) $^ -o debian/out/$(NAME).so.0 $(LDFLAGS) + ln -sf $(NAME).so.0 debian/out/$(NAME).so + +$(OBJECTS): %.o: %.cc + $(CXX) -c -o $@ $< $(CXXFLAGS) $(CPPFLAGS) diff --git a/libtest_support.mk b/libtest_support.mk new file mode 100644 index 0000000..99137a5 --- /dev/null +++ b/libtest_support.mk @@ -0,0 +1,21 @@ +include debian/sources.mk + +NAME = libtest_support +SOURCES = $(test_support_sources) + +OBJECTS = $(SOURCES:.cc=.o) + +CXXFLAGS += -std=gnu++2a +CPPFLAGS += \ + -Isrc/include \ + +LDFLAGS += \ + -Wl,-soname,$(NAME).so.0 \ + -shared \ + +build: $(OBJECTS) + $(CXX) $^ -o debian/out/$(NAME).so.0 $(LDFLAGS) + ln -sf $(NAME).so.0 debian/out/$(NAME).so + +$(OBJECTS): %.o: %.cc + $(CXX) -c -o $@ $< $(CXXFLAGS) $(CPPFLAGS) diff --git a/patches/0003-Disable-failing-test.patch b/patches/0003-Disable-failing-test.patch new file mode 100644 index 0000000..ec8be7b --- /dev/null +++ b/patches/0003-Disable-failing-test.patch @@ -0,0 +1,20 @@ +From: Jochen Sprickerhof +Date: Tue, 27 Dec 2022 21:55:33 +0100 +Subject: Disable failing test + +--- + src/ssl/ssl_test.cc | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/ssl/ssl_test.cc b/src/ssl/ssl_test.cc +index e2db5a4..2dd9fe8 100644 +--- a/src/ssl/ssl_test.cc ++++ b/src/ssl/ssl_test.cc +@@ -8012,6 +8012,7 @@ TEST(SSLTest, PermuteExtensions) { + } + + TEST(SSLTest, HostMatching) { ++ GTEST_SKIP() << "Test is failing in Debian, see #1026716"; + static const char kCertPEM[] = R"( + -----BEGIN CERTIFICATE----- + MIIB9jCCAZ2gAwIBAgIQeudG9R61BOxUvWkeVhU5DTAKBggqhkjOPQQDAjApMRAw diff --git a/patches/01-Add-new-Arch-ia64-riscv64-sh4-x32.patch b/patches/01-Add-new-Arch-ia64-riscv64-sh4-x32.patch new file mode 100644 index 0000000..f19c423 --- /dev/null +++ b/patches/01-Add-new-Arch-ia64-riscv64-sh4-x32.patch @@ -0,0 +1,27 @@ +Description: Support to build on little endian systems: ia64, riscv64, sh4, and x32 +Forwarded: https://boringssl-review.googlesource.com/c/boringssl/+/52965 +--- a/src/include/openssl/base.h ++++ b/src/include/openssl/base.h +@@ -84,7 +84,7 @@ extern "C" { + #endif + + +-#if defined(__x86_64) || defined(_M_AMD64) || defined(_M_X64) ++#if (defined(__x86_64) && defined(__LP64__)) || defined(_M_AMD64) || defined(_M_X64) + #define OPENSSL_64_BIT + #define OPENSSL_X86_64 + #elif defined(__x86) || defined(__i386) || defined(__i386__) || defined(_M_IX86) +@@ -109,6 +109,13 @@ extern "C" { + #define OPENSSL_64_BIT + #elif defined(__riscv) && __SIZEOF_POINTER__ == 4 + #define OPENSSL_32_BIT ++#elif defined(__ia64__) ++#define OPENSSL_64_BIT ++#elif defined(__x86_64__) && defined(__ILP32__) // x32 ++#define OPENSSL_32_BIT ++#define OPENSSL_X86_64 ++#elif defined(__sh__) ++#define OPENSSL_32_BIT + #elif defined(__pnacl__) + #define OPENSSL_32_BIT + #define OPENSSL_PNACL diff --git a/patches/02-sources-mk.patch b/patches/02-sources-mk.patch new file mode 100644 index 0000000..6c06161 --- /dev/null +++ b/patches/02-sources-mk.patch @@ -0,0 +1,14 @@ +Description: Update debian/sources.mk +Forwarded: not-needed +--- a/src/util/generate_build_files.py ++++ b/src/util/generate_build_files.py +@@ -315,6 +315,9 @@ class Eureka(object): + self.PrintVariableSection(makefile, 'crypto_sources', files['crypto']) + self.PrintVariableSection(makefile, 'ssl_sources', files['ssl']) + self.PrintVariableSection(makefile, 'tool_sources', files['tool']) ++ self.PrintVariableSection(makefile, 'test_support_sources', files['test_support']) ++ self.PrintVariableSection(makefile, 'crypto_test_sources', files['crypto_test']) ++ self.PrintVariableSection(makefile, 'ssl_test_sources', files['ssl_test']) + + for ((osname, arch), asm_files) in asm_outputs: + if osname != 'linux': diff --git a/patches/series b/patches/series new file mode 100644 index 0000000..54d6270 --- /dev/null +++ b/patches/series @@ -0,0 +1,3 @@ +01-Add-new-Arch-ia64-riscv64-sh4-x32.patch +02-sources-mk.patch +0003-Disable-failing-test.patch diff --git a/rules b/rules new file mode 100755 index 0000000..739bd6d --- /dev/null +++ b/rules @@ -0,0 +1,69 @@ +#!/usr/bin/make -f + +include /usr/share/dpkg/architecture.mk +include /usr/share/dpkg/pkg-info.mk + +## Security Hardening +export DEB_BUILD_MAINT_OPTIONS = hardening=+all optimize=-lto +export DEB_CFLAGS_MAINT_APPEND = -fPIC +export DEB_CXXFLAGS_MAINT_APPEND = -fPIC +export DEB_LDFLAGS_MAINT_APPEND = -fPIC +export DEB_CPPFLAGS_MAINT_APPEND = -DNDEBUG -UDEBUG \ + -DBORINGSSL_ANDROID_SYSTEM \ + -DBORINGSSL_IMPLEMENTATION \ + -DBORINGSSL_SHARED_LIBRARY \ + -DOPENSSL_SMALL \ + -fmessage-length=0 \ + -fno-exceptions \ + -fno-strict-aliasing \ + -no-canonical-prefixes \ + +ifneq (, $(shell which clang)) + export CC = clang + export CXX = clang++ + export DEB_CFLAGS_MAINT_APPEND += -gdwarf-4 + export DEB_CXXFLAGS_MAINT_APPEND += -gdwarf-4 +endif +ifneq (, $(shell which lld)) + export DEB_LDFLAGS_MAINT_APPEND += -fuse-ld=lld -Wl,--build-id=sha1 +endif + +%: + dh $@ + +# Since this depends on golang-go, not gccgo, so let's update manually +# Depends: golang-go +update-sources-mk: + dpkg-source --before-build . + python3 src/util/generate_build_files.py eureka + cp eureka.mk debian/sources.mk + +lib%.so: debian/lib%.mk + dh_auto_build --buildsystem=makefile -- --file=$< + +compiler_test: debian/compiler_test.mk + dh_auto_build --buildsystem=makefile -- --file=$< + LD_LIBRARY_PATH=debian/out debian/out/$@ + +%_test: debian/%_test.mk libtest_support.so libcrypto.so libssl.so + dh_auto_build --buildsystem=makefile -- --file=$< + +ifneq ($(DEB_HOST_ARCH), hurd-i386) +override_dh_auto_build-arch: compiler_test tool_test +else +# TODO: tool_test build fails on hurd-i386 currently +override_dh_auto_build-arch: compiler_test +endif + dh_auto_build + +ifeq (,$(findstring nocheck, $(DEB_BUILD_OPTIONS))) +override_dh_auto_test-arch: crypto_test ssl_test +ifneq ($(DEB_HOST_ARCH), hurd-i386) + LD_LIBRARY_PATH=debian/out debian/out/bssl-tool genrsa +endif + LD_LIBRARY_PATH=debian/out debian/out/crypto_test + LD_LIBRARY_PATH=debian/out debian/out/ssl_test +endif + +override_dh_dwz: + dh_dwz || true diff --git a/source/format b/source/format new file mode 100644 index 0000000..46ebe02 --- /dev/null +++ b/source/format @@ -0,0 +1 @@ +3.0 (quilt) \ No newline at end of file diff --git a/source/lintian-overrides b/source/lintian-overrides new file mode 100644 index 0000000..e7ba356 --- /dev/null +++ b/source/lintian-overrides @@ -0,0 +1,6 @@ +# These are only test files for the ar implementation in Go. +source: source-is-missing [src/util/ar/testdata/linux/bar.cc.o] +source: source-is-missing [src/util/ar/testdata/linux/foo.c.o] +source: source-contains-prebuilt-binary [src/util/ar/testdata/linux/bar.cc.o] +source: source-contains-prebuilt-binary [src/util/ar/testdata/linux/foo.c.o] +source: very-long-line-length-in-source-file diff --git a/sources.mk b/sources.mk new file mode 100644 index 0000000..97c7b0c --- /dev/null +++ b/sources.mk @@ -0,0 +1,459 @@ +# Copyright (C) 2017 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# This file is created by generate_build_files.py. Do not edit manually. + +crypto_sources := \ + err_data.c\ + src/crypto/asn1/a_bitstr.c\ + src/crypto/asn1/a_bool.c\ + src/crypto/asn1/a_d2i_fp.c\ + src/crypto/asn1/a_dup.c\ + src/crypto/asn1/a_gentm.c\ + src/crypto/asn1/a_i2d_fp.c\ + src/crypto/asn1/a_int.c\ + src/crypto/asn1/a_mbstr.c\ + src/crypto/asn1/a_object.c\ + src/crypto/asn1/a_octet.c\ + src/crypto/asn1/a_print.c\ + src/crypto/asn1/a_strex.c\ + src/crypto/asn1/a_strnid.c\ + src/crypto/asn1/a_time.c\ + src/crypto/asn1/a_type.c\ + src/crypto/asn1/a_utctm.c\ + src/crypto/asn1/a_utf8.c\ + src/crypto/asn1/asn1_lib.c\ + src/crypto/asn1/asn1_par.c\ + src/crypto/asn1/asn_pack.c\ + src/crypto/asn1/f_int.c\ + src/crypto/asn1/f_string.c\ + src/crypto/asn1/tasn_dec.c\ + src/crypto/asn1/tasn_enc.c\ + src/crypto/asn1/tasn_fre.c\ + src/crypto/asn1/tasn_new.c\ + src/crypto/asn1/tasn_typ.c\ + src/crypto/asn1/tasn_utl.c\ + src/crypto/asn1/time_support.c\ + src/crypto/base64/base64.c\ + src/crypto/bio/bio.c\ + src/crypto/bio/bio_mem.c\ + src/crypto/bio/connect.c\ + src/crypto/bio/fd.c\ + src/crypto/bio/file.c\ + src/crypto/bio/hexdump.c\ + src/crypto/bio/pair.c\ + src/crypto/bio/printf.c\ + src/crypto/bio/socket.c\ + src/crypto/bio/socket_helper.c\ + src/crypto/blake2/blake2.c\ + src/crypto/bn_extra/bn_asn1.c\ + src/crypto/bn_extra/convert.c\ + src/crypto/buf/buf.c\ + src/crypto/bytestring/asn1_compat.c\ + src/crypto/bytestring/ber.c\ + src/crypto/bytestring/cbb.c\ + src/crypto/bytestring/cbs.c\ + src/crypto/bytestring/unicode.c\ + src/crypto/chacha/chacha.c\ + src/crypto/cipher_extra/cipher_extra.c\ + src/crypto/cipher_extra/derive_key.c\ + src/crypto/cipher_extra/e_aesctrhmac.c\ + src/crypto/cipher_extra/e_aesgcmsiv.c\ + src/crypto/cipher_extra/e_chacha20poly1305.c\ + src/crypto/cipher_extra/e_des.c\ + src/crypto/cipher_extra/e_null.c\ + src/crypto/cipher_extra/e_rc2.c\ + src/crypto/cipher_extra/e_rc4.c\ + src/crypto/cipher_extra/e_tls.c\ + src/crypto/cipher_extra/tls_cbc.c\ + src/crypto/conf/conf.c\ + src/crypto/cpu_aarch64_apple.c\ + src/crypto/cpu_aarch64_fuchsia.c\ + src/crypto/cpu_aarch64_linux.c\ + src/crypto/cpu_aarch64_win.c\ + src/crypto/cpu_arm.c\ + src/crypto/cpu_arm_linux.c\ + src/crypto/cpu_intel.c\ + src/crypto/cpu_ppc64le.c\ + src/crypto/crypto.c\ + src/crypto/curve25519/curve25519.c\ + src/crypto/curve25519/spake25519.c\ + src/crypto/des/des.c\ + src/crypto/dh_extra/dh_asn1.c\ + src/crypto/dh_extra/params.c\ + src/crypto/digest_extra/digest_extra.c\ + src/crypto/dsa/dsa.c\ + src/crypto/dsa/dsa_asn1.c\ + src/crypto/ec_extra/ec_asn1.c\ + src/crypto/ec_extra/ec_derive.c\ + src/crypto/ec_extra/hash_to_curve.c\ + src/crypto/ecdh_extra/ecdh_extra.c\ + src/crypto/ecdsa_extra/ecdsa_asn1.c\ + src/crypto/engine/engine.c\ + src/crypto/err/err.c\ + src/crypto/evp/evp.c\ + src/crypto/evp/evp_asn1.c\ + src/crypto/evp/evp_ctx.c\ + src/crypto/evp/p_dsa_asn1.c\ + src/crypto/evp/p_ec.c\ + src/crypto/evp/p_ec_asn1.c\ + src/crypto/evp/p_ed25519.c\ + src/crypto/evp/p_ed25519_asn1.c\ + src/crypto/evp/p_rsa.c\ + src/crypto/evp/p_rsa_asn1.c\ + src/crypto/evp/p_x25519.c\ + src/crypto/evp/p_x25519_asn1.c\ + src/crypto/evp/pbkdf.c\ + src/crypto/evp/print.c\ + src/crypto/evp/scrypt.c\ + src/crypto/evp/sign.c\ + src/crypto/ex_data.c\ + src/crypto/fipsmodule/bcm.c\ + src/crypto/fipsmodule/fips_shared_support.c\ + src/crypto/hkdf/hkdf.c\ + src/crypto/hpke/hpke.c\ + src/crypto/hrss/hrss.c\ + src/crypto/lhash/lhash.c\ + src/crypto/mem.c\ + src/crypto/obj/obj.c\ + src/crypto/obj/obj_xref.c\ + src/crypto/pem/pem_all.c\ + src/crypto/pem/pem_info.c\ + src/crypto/pem/pem_lib.c\ + src/crypto/pem/pem_oth.c\ + src/crypto/pem/pem_pk8.c\ + src/crypto/pem/pem_pkey.c\ + src/crypto/pem/pem_x509.c\ + src/crypto/pem/pem_xaux.c\ + src/crypto/pkcs7/pkcs7.c\ + src/crypto/pkcs7/pkcs7_x509.c\ + src/crypto/pkcs8/p5_pbev2.c\ + src/crypto/pkcs8/pkcs8.c\ + src/crypto/pkcs8/pkcs8_x509.c\ + src/crypto/poly1305/poly1305.c\ + src/crypto/poly1305/poly1305_arm.c\ + src/crypto/poly1305/poly1305_vec.c\ + src/crypto/pool/pool.c\ + src/crypto/rand_extra/deterministic.c\ + src/crypto/rand_extra/forkunsafe.c\ + src/crypto/rand_extra/fuchsia.c\ + src/crypto/rand_extra/passive.c\ + src/crypto/rand_extra/rand_extra.c\ + src/crypto/rand_extra/windows.c\ + src/crypto/rc4/rc4.c\ + src/crypto/refcount_c11.c\ + src/crypto/refcount_lock.c\ + src/crypto/rsa_extra/rsa_asn1.c\ + src/crypto/rsa_extra/rsa_print.c\ + src/crypto/siphash/siphash.c\ + src/crypto/stack/stack.c\ + src/crypto/thread.c\ + src/crypto/thread_none.c\ + src/crypto/thread_pthread.c\ + src/crypto/thread_win.c\ + src/crypto/trust_token/pmbtoken.c\ + src/crypto/trust_token/trust_token.c\ + src/crypto/trust_token/voprf.c\ + src/crypto/x509/a_digest.c\ + src/crypto/x509/a_sign.c\ + src/crypto/x509/a_verify.c\ + src/crypto/x509/algorithm.c\ + src/crypto/x509/asn1_gen.c\ + src/crypto/x509/by_dir.c\ + src/crypto/x509/by_file.c\ + src/crypto/x509/i2d_pr.c\ + src/crypto/x509/name_print.c\ + src/crypto/x509/rsa_pss.c\ + src/crypto/x509/t_crl.c\ + src/crypto/x509/t_req.c\ + src/crypto/x509/t_x509.c\ + src/crypto/x509/t_x509a.c\ + src/crypto/x509/x509.c\ + src/crypto/x509/x509_att.c\ + src/crypto/x509/x509_cmp.c\ + src/crypto/x509/x509_d2.c\ + src/crypto/x509/x509_def.c\ + src/crypto/x509/x509_ext.c\ + src/crypto/x509/x509_lu.c\ + src/crypto/x509/x509_obj.c\ + src/crypto/x509/x509_req.c\ + src/crypto/x509/x509_set.c\ + src/crypto/x509/x509_trs.c\ + src/crypto/x509/x509_txt.c\ + src/crypto/x509/x509_v3.c\ + src/crypto/x509/x509_vfy.c\ + src/crypto/x509/x509_vpm.c\ + src/crypto/x509/x509cset.c\ + src/crypto/x509/x509name.c\ + src/crypto/x509/x509rset.c\ + src/crypto/x509/x509spki.c\ + src/crypto/x509/x_algor.c\ + src/crypto/x509/x_all.c\ + src/crypto/x509/x_attrib.c\ + src/crypto/x509/x_crl.c\ + src/crypto/x509/x_exten.c\ + src/crypto/x509/x_info.c\ + src/crypto/x509/x_name.c\ + src/crypto/x509/x_pkey.c\ + src/crypto/x509/x_pubkey.c\ + src/crypto/x509/x_req.c\ + src/crypto/x509/x_sig.c\ + src/crypto/x509/x_spki.c\ + src/crypto/x509/x_val.c\ + src/crypto/x509/x_x509.c\ + src/crypto/x509/x_x509a.c\ + src/crypto/x509v3/pcy_cache.c\ + src/crypto/x509v3/pcy_data.c\ + src/crypto/x509v3/pcy_lib.c\ + src/crypto/x509v3/pcy_map.c\ + src/crypto/x509v3/pcy_node.c\ + src/crypto/x509v3/pcy_tree.c\ + src/crypto/x509v3/v3_akey.c\ + src/crypto/x509v3/v3_akeya.c\ + src/crypto/x509v3/v3_alt.c\ + src/crypto/x509v3/v3_bcons.c\ + src/crypto/x509v3/v3_bitst.c\ + src/crypto/x509v3/v3_conf.c\ + src/crypto/x509v3/v3_cpols.c\ + src/crypto/x509v3/v3_crld.c\ + src/crypto/x509v3/v3_enum.c\ + src/crypto/x509v3/v3_extku.c\ + src/crypto/x509v3/v3_genn.c\ + src/crypto/x509v3/v3_ia5.c\ + src/crypto/x509v3/v3_info.c\ + src/crypto/x509v3/v3_int.c\ + src/crypto/x509v3/v3_lib.c\ + src/crypto/x509v3/v3_ncons.c\ + src/crypto/x509v3/v3_ocsp.c\ + src/crypto/x509v3/v3_pci.c\ + src/crypto/x509v3/v3_pcia.c\ + src/crypto/x509v3/v3_pcons.c\ + src/crypto/x509v3/v3_pmaps.c\ + src/crypto/x509v3/v3_prn.c\ + src/crypto/x509v3/v3_purp.c\ + src/crypto/x509v3/v3_skey.c\ + src/crypto/x509v3/v3_utl.c\ + +ssl_sources := \ + src/ssl/bio_ssl.cc\ + src/ssl/d1_both.cc\ + src/ssl/d1_lib.cc\ + src/ssl/d1_pkt.cc\ + src/ssl/d1_srtp.cc\ + src/ssl/dtls_method.cc\ + src/ssl/dtls_record.cc\ + src/ssl/encrypted_client_hello.cc\ + src/ssl/extensions.cc\ + src/ssl/handoff.cc\ + src/ssl/handshake.cc\ + src/ssl/handshake_client.cc\ + src/ssl/handshake_server.cc\ + src/ssl/s3_both.cc\ + src/ssl/s3_lib.cc\ + src/ssl/s3_pkt.cc\ + src/ssl/ssl_aead_ctx.cc\ + src/ssl/ssl_asn1.cc\ + src/ssl/ssl_buffer.cc\ + src/ssl/ssl_cert.cc\ + src/ssl/ssl_cipher.cc\ + src/ssl/ssl_file.cc\ + src/ssl/ssl_key_share.cc\ + src/ssl/ssl_lib.cc\ + src/ssl/ssl_privkey.cc\ + src/ssl/ssl_session.cc\ + src/ssl/ssl_stat.cc\ + src/ssl/ssl_transcript.cc\ + src/ssl/ssl_versions.cc\ + src/ssl/ssl_x509.cc\ + src/ssl/t1_enc.cc\ + src/ssl/tls13_both.cc\ + src/ssl/tls13_client.cc\ + src/ssl/tls13_enc.cc\ + src/ssl/tls13_server.cc\ + src/ssl/tls_method.cc\ + src/ssl/tls_record.cc\ + +tool_sources := \ + src/tool/args.cc\ + src/tool/ciphers.cc\ + src/tool/client.cc\ + src/tool/const.cc\ + src/tool/digest.cc\ + src/tool/fd.cc\ + src/tool/file.cc\ + src/tool/generate_ech.cc\ + src/tool/generate_ed25519.cc\ + src/tool/genrsa.cc\ + src/tool/pkcs12.cc\ + src/tool/rand.cc\ + src/tool/server.cc\ + src/tool/sign.cc\ + src/tool/speed.cc\ + src/tool/tool.cc\ + src/tool/transport_common.cc\ + +test_support_sources := \ + src/crypto/test/file_test.cc\ + src/crypto/test/malloc.cc\ + src/crypto/test/test_util.cc\ + src/crypto/test/wycheproof_util.cc\ + +crypto_test_sources := \ + crypto_test_data.cc\ + src/crypto/abi_self_test.cc\ + src/crypto/asn1/asn1_test.cc\ + src/crypto/base64/base64_test.cc\ + src/crypto/bio/bio_test.cc\ + src/crypto/blake2/blake2_test.cc\ + src/crypto/buf/buf_test.cc\ + src/crypto/bytestring/bytestring_test.cc\ + src/crypto/chacha/chacha_test.cc\ + src/crypto/cipher_extra/aead_test.cc\ + src/crypto/cipher_extra/cipher_test.cc\ + src/crypto/compiler_test.cc\ + src/crypto/conf/conf_test.cc\ + src/crypto/constant_time_test.cc\ + src/crypto/cpu_arm_linux_test.cc\ + src/crypto/crypto_test.cc\ + src/crypto/curve25519/ed25519_test.cc\ + src/crypto/curve25519/spake25519_test.cc\ + src/crypto/curve25519/x25519_test.cc\ + src/crypto/dh_extra/dh_test.cc\ + src/crypto/digest_extra/digest_test.cc\ + src/crypto/dsa/dsa_test.cc\ + src/crypto/ecdh_extra/ecdh_test.cc\ + src/crypto/err/err_test.cc\ + src/crypto/evp/evp_extra_test.cc\ + src/crypto/evp/evp_test.cc\ + src/crypto/evp/pbkdf_test.cc\ + src/crypto/evp/scrypt_test.cc\ + src/crypto/fipsmodule/aes/aes_test.cc\ + src/crypto/fipsmodule/bn/bn_test.cc\ + src/crypto/fipsmodule/cmac/cmac_test.cc\ + src/crypto/fipsmodule/ec/ec_test.cc\ + src/crypto/fipsmodule/ec/p256-nistz_test.cc\ + src/crypto/fipsmodule/ecdsa/ecdsa_test.cc\ + src/crypto/fipsmodule/md5/md5_test.cc\ + src/crypto/fipsmodule/modes/gcm_test.cc\ + src/crypto/fipsmodule/rand/ctrdrbg_test.cc\ + src/crypto/fipsmodule/rand/fork_detect_test.cc\ + src/crypto/fipsmodule/service_indicator/service_indicator_test.cc\ + src/crypto/fipsmodule/sha/sha_test.cc\ + src/crypto/hkdf/hkdf_test.cc\ + src/crypto/hmac_extra/hmac_test.cc\ + src/crypto/hpke/hpke_test.cc\ + src/crypto/hrss/hrss_test.cc\ + src/crypto/impl_dispatch_test.cc\ + src/crypto/lhash/lhash_test.cc\ + src/crypto/obj/obj_test.cc\ + src/crypto/pem/pem_test.cc\ + src/crypto/pkcs7/pkcs7_test.cc\ + src/crypto/pkcs8/pkcs12_test.cc\ + src/crypto/pkcs8/pkcs8_test.cc\ + src/crypto/poly1305/poly1305_test.cc\ + src/crypto/pool/pool_test.cc\ + src/crypto/rand_extra/rand_test.cc\ + src/crypto/refcount_test.cc\ + src/crypto/rsa_extra/rsa_test.cc\ + src/crypto/self_test.cc\ + src/crypto/siphash/siphash_test.cc\ + src/crypto/stack/stack_test.cc\ + src/crypto/test/abi_test.cc\ + src/crypto/test/file_test_gtest.cc\ + src/crypto/test/gtest_main.cc\ + src/crypto/thread_test.cc\ + src/crypto/trust_token/trust_token_test.cc\ + src/crypto/x509/x509_test.cc\ + src/crypto/x509/x509_time_test.cc\ + src/crypto/x509v3/tab_test.cc\ + +ssl_test_sources := \ + src/crypto/test/abi_test.cc\ + src/crypto/test/gtest_main.cc\ + src/ssl/span_test.cc\ + src/ssl/ssl_c_test.c\ + src/ssl/ssl_test.cc\ + +linux_aarch64_sources := \ + linux-aarch64/crypto/chacha/chacha-armv8.S\ + linux-aarch64/crypto/cipher_extra/chacha20_poly1305_armv8.S\ + linux-aarch64/crypto/fipsmodule/aesv8-armx64.S\ + linux-aarch64/crypto/fipsmodule/armv8-mont.S\ + linux-aarch64/crypto/fipsmodule/ghash-neon-armv8.S\ + linux-aarch64/crypto/fipsmodule/ghashv8-armx64.S\ + linux-aarch64/crypto/fipsmodule/p256-armv8-asm.S\ + linux-aarch64/crypto/fipsmodule/p256_beeu-armv8-asm.S\ + linux-aarch64/crypto/fipsmodule/sha1-armv8.S\ + linux-aarch64/crypto/fipsmodule/sha256-armv8.S\ + linux-aarch64/crypto/fipsmodule/sha512-armv8.S\ + linux-aarch64/crypto/fipsmodule/vpaes-armv8.S\ + linux-aarch64/crypto/test/trampoline-armv8.S\ + +linux_arm_sources := \ + linux-arm/crypto/chacha/chacha-armv4.S\ + linux-arm/crypto/fipsmodule/aesv8-armx32.S\ + linux-arm/crypto/fipsmodule/armv4-mont.S\ + linux-arm/crypto/fipsmodule/bsaes-armv7.S\ + linux-arm/crypto/fipsmodule/ghash-armv4.S\ + linux-arm/crypto/fipsmodule/ghashv8-armx32.S\ + linux-arm/crypto/fipsmodule/sha1-armv4-large.S\ + linux-arm/crypto/fipsmodule/sha256-armv4.S\ + linux-arm/crypto/fipsmodule/sha512-armv4.S\ + linux-arm/crypto/fipsmodule/vpaes-armv7.S\ + linux-arm/crypto/test/trampoline-armv4.S\ + src/crypto/curve25519/asm/x25519-asm-arm.S\ + src/crypto/poly1305/poly1305_arm_asm.S\ + +linux_ppc64le_sources := \ + linux-ppc64le/crypto/fipsmodule/aesp8-ppc.S\ + linux-ppc64le/crypto/fipsmodule/ghashp8-ppc.S\ + linux-ppc64le/crypto/test/trampoline-ppc.S\ + +linux_x86_sources := \ + linux-x86/crypto/chacha/chacha-x86.S\ + linux-x86/crypto/fipsmodule/aesni-x86.S\ + linux-x86/crypto/fipsmodule/bn-586.S\ + linux-x86/crypto/fipsmodule/co-586.S\ + linux-x86/crypto/fipsmodule/ghash-ssse3-x86.S\ + linux-x86/crypto/fipsmodule/ghash-x86.S\ + linux-x86/crypto/fipsmodule/md5-586.S\ + linux-x86/crypto/fipsmodule/sha1-586.S\ + linux-x86/crypto/fipsmodule/sha256-586.S\ + linux-x86/crypto/fipsmodule/sha512-586.S\ + linux-x86/crypto/fipsmodule/vpaes-x86.S\ + linux-x86/crypto/fipsmodule/x86-mont.S\ + linux-x86/crypto/test/trampoline-x86.S\ + +linux_x86_64_sources := \ + linux-x86_64/crypto/chacha/chacha-x86_64.S\ + linux-x86_64/crypto/cipher_extra/aes128gcmsiv-x86_64.S\ + linux-x86_64/crypto/cipher_extra/chacha20_poly1305_x86_64.S\ + linux-x86_64/crypto/fipsmodule/aesni-gcm-x86_64.S\ + linux-x86_64/crypto/fipsmodule/aesni-x86_64.S\ + linux-x86_64/crypto/fipsmodule/ghash-ssse3-x86_64.S\ + linux-x86_64/crypto/fipsmodule/ghash-x86_64.S\ + linux-x86_64/crypto/fipsmodule/md5-x86_64.S\ + linux-x86_64/crypto/fipsmodule/p256-x86_64-asm.S\ + linux-x86_64/crypto/fipsmodule/p256_beeu-x86_64-asm.S\ + linux-x86_64/crypto/fipsmodule/rdrand-x86_64.S\ + linux-x86_64/crypto/fipsmodule/rsaz-avx2.S\ + linux-x86_64/crypto/fipsmodule/sha1-x86_64.S\ + linux-x86_64/crypto/fipsmodule/sha256-x86_64.S\ + linux-x86_64/crypto/fipsmodule/sha512-x86_64.S\ + linux-x86_64/crypto/fipsmodule/vpaes-x86_64.S\ + linux-x86_64/crypto/fipsmodule/x86_64-mont.S\ + linux-x86_64/crypto/fipsmodule/x86_64-mont5.S\ + linux-x86_64/crypto/test/trampoline-x86_64.S\ + src/crypto/hrss/asm/poly_rq_mul.S\ + diff --git a/ssl_test.mk b/ssl_test.mk new file mode 100644 index 0000000..8f92f51 --- /dev/null +++ b/ssl_test.mk @@ -0,0 +1,43 @@ +include debian/sources.mk + +NAME = ssl_test + +SOURCES = $(ssl_test_sources) +SOURCES_C = $(filter %.c,$(SOURCES)) +OBJECTS_C = $(SOURCES_C:.c=.o) +SOURCES_CC = $(filter %.cc,$(SOURCES)) +OBJECTS_CC = $(SOURCES_CC:.cc=.o) + +CFLAGS += -std=gnu11 +CXXFLAGS += -std=gnu++2a +CPPFLAGS += \ + -Isrc/include \ + +LDFLAGS += \ + -Ldebian/out \ + -Wl,-rpath=/usr/lib/$(DEB_HOST_MULTIARCH)/android \ + -lcrypto \ + -lgtest \ + -lpthread \ + -lssl \ + -ltest_support \ + -pie + +ifneq ($(filter mipsel mips64el,$(DEB_HOST_ARCH)),) + LDFLAGS += -Wl,-z,notext +endif + +# -latomic should be the last library specified +# https://github.com/android/ndk/issues/589 +ifeq ($(DEB_HOST_ARCH), armel) + LDFLAGS += -latomic +endif + +build: $(OBJECTS_C) $(OBJECTS_CC) + $(CXX) $^ -o debian/out/$(NAME) $(LDFLAGS) + +$(OBJECTS_C): %.o: %.c + $(CC) -c -o $@ $< $(CFLAGS) $(CPPFLAGS) + +$(OBJECTS_CC): %.o: %.cc + $(CXX) -c -o $@ $< $(CXXFLAGS) $(CPPFLAGS) diff --git a/tests/control b/tests/control new file mode 100644 index 0000000..185dbb3 --- /dev/null +++ b/tests/control @@ -0,0 +1,3 @@ +Test-Command: bssl-tool genrsa +Architecture: armel armhf arm64 amd64 i386 ppc64el mipsel mips64el ia64 kfreebsd-amd64 kfreebsd-i386 riscv64 sh4 x32 +Depends: android-boringssl diff --git a/tool_test.mk b/tool_test.mk new file mode 100644 index 0000000..a75fc40 --- /dev/null +++ b/tool_test.mk @@ -0,0 +1,23 @@ +include debian/sources.mk + +NAME = bssl-tool + +SOURCES = $(tool_sources) +OBJECTS = $(SOURCES:.cc=.o) + +CXXFLAGS += -std=gnu++2a +CPPFLAGS += \ + -Isrc/include \ + +LDFLAGS += \ + -Ldebian/out \ + -Wl,-rpath=/usr/lib/$(DEB_HOST_MULTIARCH)/android \ + -lcrypto \ + -lssl \ + -pie + +build: $(OBJECTS) + $(CXX) $^ -o debian/out/$(NAME) $(LDFLAGS) + +$(OBJECTS): %.o: %.cc + $(CXX) -c -o $@ $< $(CXXFLAGS) $(CPPFLAGS) diff --git a/upstream/metadata b/upstream/metadata new file mode 100644 index 0000000..67dc04b --- /dev/null +++ b/upstream/metadata @@ -0,0 +1,6 @@ +Archive: Android Open Source Project (AOSP) +Bug-Database: https://bugs.chromium.org/p/boringssl/issues/list +Bug-Submit: https://bugs.chromium.org/p/boringssl/issues/entry +Documentation: https://boringssl.googlesource.com/boringssl +Repository-Browse: https://android.googlesource.com/platform/external/boringssl +Security-Contact: https://source.android.com/security/overview/updates-resources#report-issues diff --git a/upstream/signing-key.asc b/upstream/signing-key.asc new file mode 100644 index 0000000..3f8679f --- /dev/null +++ b/upstream/signing-key.asc @@ -0,0 +1,30 @@ +The Android Open Source Project +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQGiBEnnWD4RBACt9/h4v9xnnGDou13y3dvOx6/t43LPPIxeJ8eX9WB+8LLuROSV +lFhpHawsVAcFlmi7f7jdSRF+OvtZL9ShPKdLfwBJMNkU66/TZmPewS4m782ndtw7 +8tR1cXb197Ob8kOfQB3A9yk2XZ4ei4ZC3i6wVdqHLRxABdncwu5hOF9KXwCgkxMD +u4PVgChaAJzTYJ1EG+UYBIUEAJmfearb0qRAN7dEoff0FeXsEaUA6U90sEoVks0Z +wNj96SA8BL+a1OoEUUfpMhiHyLuQSftxisJxTh+2QclzDviDyaTrkANjdYY7p2cq +/HMdOY7LJlHaqtXmZxXjjtw5Uc2QG8UY8aziU3IE9nTjSwCXeJnuyvoizl9/I1S5 +jU5SA/9WwIps4SC84ielIXiGWEqq6i6/sk4I9q1YemZF2XVVKnmI1F4iCMtNKsR4 +MGSa1gA8s4iQbsKNWPgp7M3a51JCVCu6l/8zTpA+uUGapw4tWCp4o0dpIvDPBEa9 +b/aF/ygcR8mh5hgUfpF9IpXdknOsbKCvM9lSSfRciETykZc4wrRCVGhlIEFuZHJv +aWQgT3BlbiBTb3VyY2UgUHJvamVjdCA8aW5pdGlhbC1jb250cmlidXRpb25AYW5k +cm9pZC5jb20+iGAEExECACAFAknnWD4CGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIX +gAAKCRDorT+BmrEOeNr+AJ42Xy6tEW7r3KzrJxnRX8mij9z8tgCdFfQYiHpYngkI +2t09Ed+9Bm4gmEO5Ag0ESedYRBAIAKVW1JcMBWvV/0Bo9WiByJ9WJ5swMN36/vAl +QN4mWRhfzDOk/Rosdb0csAO/l8Kz0gKQPOfObtyYjvI8JMC3rmi+LIvSUT9806Up +hisyEmmHv6U8gUb/xHLIanXGxwhYzjgeuAXVCsv+EvoPIHbY4L/KvP5x+oCJIDbk +C2b1TvVk9PryzmE4BPIQL/NtgR1oLWm/uWR9zRUFtBnE411aMAN3qnAHBBMZzKMX +LWBGWE0znfRrnczI5p49i2YZJAjyX1P2WzmScK49CV82dzLo71MnrF6fj+Udtb5+ +OgTg7Cow+8PRaTkJEW5Y2JIZpnRUq0CYxAmHYX79EMKHDSThf/8AAwUIAJPWsB/M +pK+KMs/s3r6nJrnYLTfdZhtmQXimpoDMJg1zxmL8UfNUKiQZ6esoAWtDgpqt7Y7s +KZ8laHRARonte394hidZzM5nb6hQvpPjt2OlPRsyqVxw4c/KsjADtAuKW9/d8phb +N8bTyOJo856qg4oOEzKG9eeF7oaZTYBy33BTL0408sEBxiMior6b8LrZrAhkqDjA +vUXRwm/fFKgpsOysxC6xi553CxBUCH2omNV6Ka1LNMwzSp9ILz8jEGqmUtkBszwo +G1S8fXgE0Lq3cdDM/GJ4QXP/p6LiwNF99faDMTV3+2SAOGvytOX6KjKVzKOSsfJQ +hN0DlsIw8hqJc0WISQQYEQIACQUCSedYRAIbDAAKCRDorT+BmrEOeCUOAJ9qmR0l +EXzeoxcdoafxqf6gZlJZlACgkWF7wi2YLW3Oa+jv2QSTlrx4KLM= +=Wi5D +-----END PGP PUBLIC KEY BLOCK----- diff --git a/watch b/watch new file mode 100644 index 0000000..15979ca --- /dev/null +++ b/watch @@ -0,0 +1,9 @@ +# uscan --download-version 12.1.0+r5 + +version=4 +opts="mode=git, \ + pgpmode=gittag, \ + uversionmangle=s%_r(\d+|\d+\.\d+|\w)%+r$1%, \ + compression=xz" \ +https://android.googlesource.com/platform/external/boringssl \ + refs/tags/android-([0-9\.]+_r\d+|\d+\.\d+|\w) -- 2.30.2