Compare commits
2 Commits
master
...
v5.0.0-alp
| Author | SHA1 | Date |
|---|---|---|
 minish
|
751088d7e0
|
|
|
minish
|
60ab50e89e
|
|
|
@ -86,6 +86,10 @@ pq-experimental = []
|
|||
# those for `pq-experimental` feature apply.
|
||||
underscore-wildcards = []
|
||||
|
||||
# Add a prefix to all symbols in libcrypto and libssl to prevent conflicts
|
||||
# with other OpenSSL or BoringSSL versions that might be linked in the same process.
|
||||
prefix-symbols = []
|
||||
|
||||
[build-dependencies]
|
||||
autocfg = { workspace = true }
|
||||
bindgen = { workspace = true }
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ pub(crate) struct Features {
|
|||
pub(crate) pq_experimental: bool,
|
||||
pub(crate) rpk: bool,
|
||||
pub(crate) underscore_wildcards: bool,
|
||||
pub(crate) prefix_symbols: bool,
|
||||
}
|
||||
|
||||
pub(crate) struct Env {
|
||||
|
|
@ -125,6 +126,7 @@ impl Features {
|
|||
let pq_experimental = env::var_os("CARGO_FEATURE_PQ_EXPERIMENTAL").is_some();
|
||||
let rpk = env::var_os("CARGO_FEATURE_RPK").is_some();
|
||||
let underscore_wildcards = env::var_os("CARGO_FEATURE_UNDERSCORE_WILDCARDS").is_some();
|
||||
let prefix_symbols = env::var_os("CARGO_FEATURE_PREFIX_SYMBOLS").is_some();
|
||||
|
||||
Self {
|
||||
fips,
|
||||
|
|
@ -133,6 +135,7 @@ impl Features {
|
|||
pq_experimental,
|
||||
rpk,
|
||||
underscore_wildcards,
|
||||
prefix_symbols,
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,5 +1,6 @@
|
|||
use fslock::LockFile;
|
||||
use std::env;
|
||||
use std::ffi::OsStr;
|
||||
use std::ffi::OsString;
|
||||
use std::fs;
|
||||
use std::io;
|
||||
|
|
@ -9,8 +10,10 @@ use std::process::{Command, Output};
|
|||
use std::sync::OnceLock;
|
||||
|
||||
use crate::config::Config;
|
||||
use crate::prefix::{prefix_symbols, PrefixCallback};
|
||||
|
||||
mod config;
|
||||
mod prefix;
|
||||
|
||||
fn should_use_cmake_cross_compilation(config: &Config) -> bool {
|
||||
if config.host == config.target {
|
||||
|
|
@ -127,11 +130,10 @@ fn get_boringssl_source_path(config: &Config) -> &PathBuf {
|
|||
if !submodule_path.join("CMakeLists.txt").exists() {
|
||||
println!("cargo:warning=fetching boringssl git submodule");
|
||||
|
||||
run_command(
|
||||
Command::new("git")
|
||||
.args(["submodule", "update", "--init", "--recursive"])
|
||||
.arg(&submodule_path),
|
||||
)
|
||||
run_command(&["git"], |c| {
|
||||
c.args(["submodule", "update", "--init", "--recursive"])
|
||||
.arg(&submodule_path)
|
||||
})
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
|
|
@ -494,7 +496,7 @@ fn ensure_patches_applied(config: &Config) -> io::Result<()> {
|
|||
|
||||
// NOTE: init git in the copied files, so we can apply patches
|
||||
if !has_git {
|
||||
run_command(Command::new("git").arg("init").current_dir(src_path))?;
|
||||
run_command(&["git"], |c| c.arg("init").current_dir(src_path))?;
|
||||
}
|
||||
|
||||
println!("cargo:warning=applying 44b3df6f03d85c901767250329c571db405122d5 patch to boringssl");
|
||||
|
|
@ -533,32 +535,46 @@ fn apply_patch(config: &Config, patch_name: &str) -> io::Result<()> {
|
|||
args.push("-p2");
|
||||
}
|
||||
|
||||
run_command(
|
||||
Command::new("git")
|
||||
.args(&args)
|
||||
.arg(cmd_path)
|
||||
.current_dir(src_path),
|
||||
)?;
|
||||
run_command(&["git"], |c| {
|
||||
c.args(&args).arg(&cmd_path).current_dir(src_path)
|
||||
})?;
|
||||
|
||||
Ok(())
|
||||
}
|
||||
|
||||
fn run_command(command: &mut Command) -> io::Result<Output> {
|
||||
let out = command.output()?;
|
||||
fn run_command(
|
||||
names: &[impl AsRef<OsStr>],
|
||||
f: impl Fn(&mut Command) -> &mut Command,
|
||||
) -> io::Result<Output> {
|
||||
for name in names {
|
||||
let mut command = Command::new(name);
|
||||
f(&mut command);
|
||||
|
||||
println!("{}", std::str::from_utf8(&out.stdout).unwrap());
|
||||
eprintln!("{}", std::str::from_utf8(&out.stderr).unwrap());
|
||||
|
||||
if !out.status.success() {
|
||||
let err = match out.status.code() {
|
||||
Some(code) => format!("{command:?} exited with status: {code}"),
|
||||
None => format!("{command:?} was terminated by signal"),
|
||||
let out = match command.output() {
|
||||
Ok(out) => out,
|
||||
Err(e) if e.kind() == io::ErrorKind::NotFound => continue,
|
||||
Err(e) => {
|
||||
eprintln!("{command:?} failed to execute: {e}");
|
||||
continue;
|
||||
}
|
||||
};
|
||||
|
||||
return Err(io::Error::other(err));
|
||||
println!("{}", std::str::from_utf8(&out.stdout).unwrap());
|
||||
eprintln!("{}", std::str::from_utf8(&out.stderr).unwrap());
|
||||
|
||||
if !out.status.success() {
|
||||
let err = match out.status.code() {
|
||||
Some(code) => format!("{command:?} exited with status: {code}"),
|
||||
None => format!("{command:?} was terminated by signal"),
|
||||
};
|
||||
|
||||
return Err(io::Error::other(err));
|
||||
}
|
||||
|
||||
return Ok(out);
|
||||
}
|
||||
|
||||
Ok(out)
|
||||
Err(io::ErrorKind::NotFound.into())
|
||||
}
|
||||
|
||||
fn built_boring_source_path(config: &Config) -> &PathBuf {
|
||||
|
|
@ -592,6 +608,10 @@ fn built_boring_source_path(config: &Config) -> &PathBuf {
|
|||
cfg.define("FIPS", "1");
|
||||
}
|
||||
|
||||
if config.features.prefix_symbols {
|
||||
cfg.define("CMAKE_POSITION_INDEPENDENT_CODE", "ON");
|
||||
}
|
||||
|
||||
cfg.build_target("ssl").build();
|
||||
cfg.build_target("crypto").build()
|
||||
})
|
||||
|
|
@ -614,13 +634,8 @@ fn link_in_precompiled_bcm_o(config: &Config) {
|
|||
fs::copy(bcm_o_src_path, &bcm_o_dst_path).unwrap();
|
||||
|
||||
// check that fips module is named as expected
|
||||
let out = run_command(
|
||||
Command::new("ar")
|
||||
.arg("t")
|
||||
.arg(&libcrypto_path)
|
||||
.arg("bcm.o"),
|
||||
)
|
||||
.unwrap();
|
||||
let ar = &["ar", "llvm-ar"];
|
||||
let out = run_command(ar, |c| c.arg("t").arg(&libcrypto_path).arg("bcm.o")).unwrap();
|
||||
|
||||
assert_eq!(
|
||||
String::from_utf8(out.stdout).unwrap().trim(),
|
||||
|
|
@ -633,11 +648,10 @@ fn link_in_precompiled_bcm_o(config: &Config) {
|
|||
// (this causes the need for extra linker flags to deal with duplicate symbols)
|
||||
// (as long as the newer module does not define new symbols, one may also remove it,
|
||||
// but once there are new symbols it would cause missing symbols at linking stage)
|
||||
run_command(
|
||||
Command::new("ar")
|
||||
.args(["rb", "bcm.o"])
|
||||
.args([&libcrypto_path, &bcm_o_dst_path]),
|
||||
)
|
||||
run_command(ar, |c| {
|
||||
c.args(["rb", "bcm.o"])
|
||||
.args([&libcrypto_path, &bcm_o_dst_path])
|
||||
})
|
||||
.unwrap();
|
||||
}
|
||||
|
||||
|
|
@ -663,6 +677,9 @@ fn main() {
|
|||
if !config.env.docs_rs {
|
||||
emit_link_directives(&config);
|
||||
}
|
||||
if config.features.prefix_symbols {
|
||||
prefix_symbols(&config);
|
||||
}
|
||||
generate_bindings(&config);
|
||||
}
|
||||
|
||||
|
|
@ -765,6 +782,10 @@ fn generate_bindings(config: &Config) {
|
|||
.clang_arg(sysroot.display().to_string());
|
||||
}
|
||||
|
||||
if config.features.prefix_symbols {
|
||||
builder = builder.parse_callbacks(Box::new(PrefixCallback));
|
||||
}
|
||||
|
||||
let headers = [
|
||||
"aes.h",
|
||||
"asn1_mac.h",
|
||||
|
|
|
|||
|
|
@ -0,0 +1,94 @@
|
|||
use crate::{config::Config, pick_best_android_ndk_toolchain, run_command};
|
||||
use std::{fs, io::Write, path::PathBuf};
|
||||
|
||||
// The prefix to add to all symbols
|
||||
// RBSSL = Rust BoringSSL, chosen arbitrarily to avoid collisions with other projects
|
||||
const PREFIX: &str = "RBSSL";
|
||||
|
||||
// Callback to add a `link_name` macro with the prefix to all generated bindings
|
||||
#[derive(Debug)]
|
||||
pub struct PrefixCallback;
|
||||
|
||||
impl bindgen::callbacks::ParseCallbacks for PrefixCallback {
|
||||
fn generated_link_name_override(
|
||||
&self,
|
||||
item_info: bindgen::callbacks::ItemInfo<'_>,
|
||||
) -> Option<String> {
|
||||
Some(format!("{PREFIX}_{}", item_info.name))
|
||||
}
|
||||
}
|
||||
|
||||
fn android_toolchain(config: &Config) -> PathBuf {
|
||||
let mut android_bin_path = config
|
||||
.env
|
||||
.android_ndk_home
|
||||
.clone()
|
||||
.expect("Please set ANDROID_NDK_HOME for Android build");
|
||||
android_bin_path.extend(["toolchains", "llvm", "prebuilt"]);
|
||||
android_bin_path.push(pick_best_android_ndk_toolchain(&android_bin_path).unwrap());
|
||||
android_bin_path.push("bin");
|
||||
android_bin_path
|
||||
}
|
||||
|
||||
pub fn prefix_symbols(config: &Config) {
|
||||
// List static libraries to prefix symbols in
|
||||
eprintln!("{:?}", config.out_dir);
|
||||
eprintln!("{:?}", config.out_dir);
|
||||
eprintln!("{:?}", config.out_dir);
|
||||
eprintln!("{:?}", config.out_dir);
|
||||
let static_libs: Vec<PathBuf> = [
|
||||
config.out_dir.join("build"),
|
||||
config.out_dir.join("build").join("ssl"),
|
||||
config.out_dir.join("build").join("crypto"),
|
||||
config.out_dir.join("build").join("Debug"),
|
||||
config.out_dir.join("build").join("Release"),
|
||||
]
|
||||
.iter()
|
||||
.flat_map(|dir| {
|
||||
["libssl.a", "libcrypto.a", "ssl.lib", "crypto.lib"]
|
||||
.into_iter()
|
||||
.map(move |file| PathBuf::from(dir).join(file))
|
||||
})
|
||||
.filter(|p| p.exists())
|
||||
.collect();
|
||||
|
||||
// Use `nm` to list symbols in these static libraries
|
||||
let nm: &[PathBuf] = match &*config.target_os {
|
||||
"android" => &[android_toolchain(config).join("llvm-nm")],
|
||||
_ => &[PathBuf::from("nm"), PathBuf::from("llvm-nm")],
|
||||
};
|
||||
let out = run_command(nm, |c| c.args(&static_libs)).unwrap();
|
||||
let mut redefine_syms: Vec<String> = String::from_utf8_lossy(&out.stdout)
|
||||
.lines()
|
||||
.filter(|l| {
|
||||
[" T ", " D ", " B ", " C ", " R ", " W "]
|
||||
.iter()
|
||||
.any(|s| l.contains(s))
|
||||
})
|
||||
.filter_map(|l| l.split_whitespace().nth(2).map(|s| s.to_string()))
|
||||
.filter(|l| !l.starts_with("_"))
|
||||
.map(|l| format!("{l} {PREFIX}_{l}"))
|
||||
.collect();
|
||||
redefine_syms.sort();
|
||||
redefine_syms.dedup();
|
||||
|
||||
let redefine_syms_path = config.out_dir.join("redefine_syms.txt");
|
||||
let mut f = fs::File::create(&redefine_syms_path).unwrap();
|
||||
for sym in &redefine_syms {
|
||||
writeln!(f, "{sym}").unwrap();
|
||||
}
|
||||
f.flush().unwrap();
|
||||
|
||||
// Use `objcopy` to prefix symbols in these static libraries
|
||||
let objcopy: &[PathBuf] = match &*config.target_os {
|
||||
"android" => &[android_toolchain(config).join("llvm-objcopy")],
|
||||
_ => &[PathBuf::from("objcopy"), PathBuf::from("llvm-objcopy")],
|
||||
};
|
||||
for static_lib in &static_libs {
|
||||
run_command(objcopy, |c| {
|
||||
c.arg(format!("--redefine-syms={}", redefine_syms_path.display()))
|
||||
.arg(static_lib)
|
||||
})
|
||||
.unwrap();
|
||||
}
|
||||
}
|
||||
|
|
@ -17,6 +17,8 @@ features = ["pq-experimental", "underscore-wildcards"]
|
|||
rustdoc-args = ["--cfg", "docsrs"]
|
||||
|
||||
[features]
|
||||
default = ["prefix-symbols"]
|
||||
|
||||
# Controlling the build
|
||||
|
||||
# NOTE: This feature is deprecated. It is needed for the submoduled
|
||||
|
|
@ -55,6 +57,10 @@ pq-experimental = ["boring-sys/pq-experimental"]
|
|||
# those for `pq-experimental` feature apply.
|
||||
underscore-wildcards = ["boring-sys/underscore-wildcards"]
|
||||
|
||||
# Add a prefix to all symbols in libcrypto and libssl to prevent conflicts
|
||||
# with other OpenSSL or BoringSSL versions that might be linked in the same process.
|
||||
prefix-symbols = ["boring-sys/prefix-symbols"]
|
||||
|
||||
# Controlling key exchange preferences at compile time
|
||||
|
||||
# Choose key exchange preferences at compile time. This prevents the user from
|
||||
|
|
|
|||
Loading…
Reference in New Issue