diff --git a/modules/openssl/3.3.1.bcr.2/MODULE.bazel b/modules/openssl/3.3.1.bcr.2/MODULE.bazel new file mode 100644 index 00000000000..03ff277cf82 --- /dev/null +++ b/modules/openssl/3.3.1.bcr.2/MODULE.bazel @@ -0,0 +1,26 @@ +module( + name = "openssl", + version = "3.3.1.bcr.2", + # We use overlay, which requires at least 7.2.1 + bazel_compatibility = [">=7.2.1"], + # Note: This should rarely change. For now, we hold it as a constant. + # Realistically, we should only change it if the major version of openssl changes. + # When that happens, we probably want to change this to a single-digit number representing that version number. + compatibility_level = 3030100, +) + +bazel_dep(name = "platforms", version = "0.0.11") +bazel_dep(name = "rules_cc", version = "0.1.1") +bazel_dep(name = "rules_perl", version = "0.4.1") + +# Just for testing. +bazel_dep(name = "bazel_skylib", version = "1.7.1") +bazel_dep(name = "rules_python", version = "1.2.0") + +http_archive = use_repo_rule("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive") + +http_archive( + name = "openssl-generated-overlay", + integrity = "sha256-7hvJsTFFZq/RF8X5NWKDY33o4krXY/h85Z4n9+o7UbY=", + url = "https://github.com/raccoons-build/bazel-openssl-cc/releases/download/3.3.1.bcr.2/bazel-openssl-cc-3.3.1.bcr.2.tar.gz", +) diff --git a/modules/openssl/3.3.1.bcr.2/overlay/BUILD.bazel b/modules/openssl/3.3.1.bcr.2/overlay/BUILD.bazel new file mode 100644 index 00000000000..4bf308314d2 --- /dev/null +++ b/modules/openssl/3.3.1.bcr.2/overlay/BUILD.bazel @@ -0,0 +1,565 @@ +# This code is heavily based on the implementation in `dbx_build_tools`: +# Ref: https://github.com/dropbox/dbx_build_tools/blob/master/thirdparty/openssl/BUILD.openssl.tail + +load("@openssl-generated-overlay//:collate_into_directory.bzl", "collate_into_directory") +load("@openssl-generated-overlay//:common.bzl", "COMMON_GENERATED_FILES") +load( + "@openssl-generated-overlay//:constants-darwin64-arm64-cc.bzl", + _DARWIN_ARM64_GEN_FILES = "GEN_FILES", + _DARWIN_ARM64_LIBCRYPTO_DEFINES = "LIBCRYPTO_DEFINES", + _DARWIN_ARM64_LIBCRYPTO_SRCS = "LIBCRYPTO_SRCS", + _DARWIN_ARM64_LIBSSL_DEFINES = "LIBSSL_DEFINES", + _DARWIN_ARM64_LIBSSL_SRCS = "LIBSSL_SRCS", + _DARWIN_ARM64_OPENSSL_APP_DEFINES = "LIBSSL_DEFINES", + _DARWIN_ARM64_OPENSSL_APP_SRCS = "OPENSSL_APP_SRCS", + _DARWIN_ARM64_OPENSSL_DEFINES = "OPENSSL_DEFINES", + _NIX_ARM64_PERLASM_GEN = "PERLASM_GEN", +) +load( + "@openssl-generated-overlay//:constants-darwin64-x86_64-cc.bzl", + _DARWIN_X86_64_GEN_FILES = "GEN_FILES", + _DARWIN_X86_64_LIBCRYPTO_DEFINES = "LIBCRYPTO_DEFINES", + _DARWIN_X86_64_LIBCRYPTO_SRCS = "LIBCRYPTO_SRCS", + _DARWIN_X86_64_LIBSSL_DEFINES = "LIBSSL_DEFINES", + _DARWIN_X86_64_LIBSSL_SRCS = "LIBSSL_SRCS", + _DARWIN_X86_64_OPENSSL_APP_DEFINES = "LIBSSL_DEFINES", + _DARWIN_X86_64_OPENSSL_APP_SRCS = "OPENSSL_APP_SRCS", + _DARWIN_X86_64_OPENSSL_DEFINES = "OPENSSL_DEFINES", +) +load( + "@openssl-generated-overlay//:constants-linux-aarch64.bzl", + _LINUX_ARM64_GEN_FILES = "GEN_FILES", + _LINUX_ARM64_LIBCRYPTO_DEFINES = "LIBCRYPTO_DEFINES", + _LINUX_ARM64_LIBCRYPTO_SRCS = "LIBCRYPTO_SRCS", + _LINUX_ARM64_LIBSSL_DEFINES = "LIBSSL_DEFINES", + _LINUX_ARM64_LIBSSL_SRCS = "LIBSSL_SRCS", + _LINUX_ARM64_OPENSSL_APP_DEFINES = "LIBSSL_DEFINES", + _LINUX_ARM64_OPENSSL_APP_SRCS = "OPENSSL_APP_SRCS", + _LINUX_ARM64_OPENSSL_DEFINES = "OPENSSL_DEFINES", +) +load( + "@openssl-generated-overlay//:constants-linux-x86_64-clang.bzl", + _LINUX_X86_64_GEN_FILES = "GEN_FILES", + _LINUX_X86_64_LIBCRYPTO_DEFINES = "LIBCRYPTO_DEFINES", + _LINUX_X86_64_LIBCRYPTO_SRCS = "LIBCRYPTO_SRCS", + _LINUX_X86_64_LIBSSL_DEFINES = "LIBSSL_DEFINES", + _LINUX_X86_64_LIBSSL_SRCS = "LIBSSL_SRCS", + _LINUX_X86_64_OPENSSL_APP_DEFINES = "LIBSSL_DEFINES", + _LINUX_X86_64_OPENSSL_APP_SRCS = "OPENSSL_APP_SRCS", + _LINUX_X86_64_OPENSSL_DEFINES = "OPENSSL_DEFINES", + _NIX_X86_64_PERLASM_GEN = "PERLASM_GEN", +) +load( + "@openssl-generated-overlay//:constants-VC-WIN64-CLANGASM-ARM.bzl", + _WINDOWS_ARM64_GEN_FILES = "GEN_FILES", + _WINDOWS_ARM64_LIBCRYPTO_DEFINES = "LIBCRYPTO_DEFINES", + _WINDOWS_ARM64_LIBCRYPTO_SRCS = "LIBCRYPTO_SRCS", + _WINDOWS_ARM64_LIBSSL_DEFINES = "LIBSSL_DEFINES", + _WINDOWS_ARM64_LIBSSL_SRCS = "LIBSSL_SRCS", + _WINDOWS_ARM64_OPENSSL_APP_DEFINES = "LIBSSL_DEFINES", + _WINDOWS_ARM64_OPENSSL_APP_SRCS = "OPENSSL_APP_SRCS", + _WINDOWS_ARM64_OPENSSL_DEFINES = "OPENSSL_DEFINES", + _WINDOWS_ARM64_PERLASM_GEN = "PERLASM_GEN", +) +load( + "@openssl-generated-overlay//:constants-VC-WIN64A-masm.bzl", + _WINDOWS_X86_64_GEN_FILES = "GEN_FILES", + _WINDOWS_X86_64_LIBCRYPTO_DEFINES = "LIBCRYPTO_DEFINES", + _WINDOWS_X86_64_LIBCRYPTO_SRCS = "LIBCRYPTO_SRCS", + _WINDOWS_X86_64_LIBSSL_DEFINES = "LIBSSL_DEFINES", + _WINDOWS_X86_64_LIBSSL_SRCS = "LIBSSL_SRCS", + _WINDOWS_X86_64_OPENSSL_APP_DEFINES = "LIBSSL_DEFINES", + _WINDOWS_X86_64_OPENSSL_APP_SRCS = "OPENSSL_APP_SRCS", + _WINDOWS_X86_64_OPENSSL_DEFINES = "OPENSSL_DEFINES", + _WINDOWS_X86_64_PERLASM_GEN = "PERLASM_GEN", +) +load("@openssl-generated-overlay//:perl_genrule.bzl", "perl_genrule") +load("@rules_cc//cc:defs.bzl", "cc_binary", "cc_library") +load("//:utils.bzl", "fix_paths_for_windows", "get_repo_name", "parse_perlasm_gen", "remove_dupes") + +_REPO_NAME = get_repo_name() + +cc_library( + name = "crypto-textual-hdrs", + textual_hdrs = [ + "crypto/des/ncbc_enc.c", + ] + select({ + "@platforms//os:windows": [ + "crypto/LPdir_win32.c", + "crypto/LPdir_win.c", + "crypto/LPdir_wince.c", + ], + "//conditions:default": ["crypto/LPdir_unix.c"], + }), +) + +COMMON_OPENSSL_APP_SRCS = glob( + [ + "include/internal/*.h", + "apps/include/*.h", + "apps/*.h", + "include/openssl/*.h", + ], + exclude = COMMON_GENERATED_FILES, +) + [ + ":apps/progs.h", + ":include/openssl/asn1.h", + ":include/openssl/asn1t.h", + ":include/openssl/conf.h", + ":include/openssl/crypto.h", + ":include/openssl/ct.h", + ":include/openssl/err.h", + ":include/openssl/bio.h", + ":include/openssl/cmp.h", + ":include/openssl/cms.h", + ":include/openssl/crmf.h", + ":include/openssl/configuration.h", + ":include/openssl/core_names.h", + ":include/openssl/fipskey.h", + ":include/openssl/ess.h", + ":include/openssl/lhash.h", + ":include/openssl/opensslconf.h", + ":include/openssl/opensslv.h", + ":include/openssl/ocsp.h", + ":include/openssl/pkcs7.h", + ":include/openssl/pkcs12.h", + ":include/openssl/safestack.h", + ":include/openssl/srp.h", + ":include/openssl/ssl.h", + ":include/openssl/ui.h", + ":include/openssl/x509.h", + ":include/openssl/x509v3.h", + ":include/openssl/x509_vfy.h", +] + +# Some source files are missing from OpenSSL metadata so we never pick them up. +MISSING_OPENSSL_WINDOWS_SRCS = ["apps/lib/win32_init.c"] + +ALL_OPENSSL_APP_SRCS = COMMON_OPENSSL_APP_SRCS + select({ + "//configs:darwin_arm64": _DARWIN_ARM64_OPENSSL_APP_SRCS, + "//configs:darwin_x86_64": _DARWIN_X86_64_OPENSSL_APP_SRCS, + "//configs:linux_aarch64": _LINUX_ARM64_OPENSSL_APP_SRCS, + "//configs:linux_x86_64": _LINUX_X86_64_OPENSSL_APP_SRCS, + "//configs:windows_arm64": fix_paths_for_windows(_WINDOWS_ARM64_OPENSSL_APP_SRCS) + MISSING_OPENSSL_WINDOWS_SRCS, + "//configs:windows_x64": fix_paths_for_windows(_WINDOWS_X86_64_OPENSSL_APP_SRCS) + MISSING_OPENSSL_WINDOWS_SRCS, +}) + +OPENSSL_APP_NIX_COPTS = [ + "-iquote", + "$(BINDIR)/external/{}/apps".format(_REPO_NAME), + "-iquote", + "external/{}/apps".format(_REPO_NAME), + "-iquote", + "external/{}/apps/include".format(_REPO_NAME), +] + +OPENSSL_APP_WINDOWS_COPTS = [ + "/I$(BINDIR)/external/{}/apps".format(_REPO_NAME), + "/Iexternal/{}/apps".format(_REPO_NAME), + "/Iexternal/{}/apps/include".format(_REPO_NAME), +] + +OPENSSL_APP_NIX_LINKOPTS = [ +] + +OPENSSL_APP_WINDOWS_LINKOPTS = [ + "-defaultlib:ws2_32.lib", + "-defaultlib:advapi32.lib", + "-defaultlib:user32.lib", + "-defaultlib:crypt32.lib", +] + +COMMON_OPENSSL_WINDOWS_DEFINES = [ + "_WINSOCKAPI_", + "OPENSSL_SYS_WINCE", + "WIN32_LEAN_AND_MEAN", +] + +COMMON_OPENSSL_DEFINES = select({ + "//configs:windows_arm64": COMMON_OPENSSL_WINDOWS_DEFINES, + "//configs:windows_x64": COMMON_OPENSSL_WINDOWS_DEFINES, + "//conditions:default": [], +}) + +COMMON_OPENSSL_COPTS = [ + # If someone wants to link with -fPIC, the objects they're linking need to have been built with it. + # Add this flag so that people can choose to link that way if they want to. + "-fPIC", +] + [ + # This hardcoded path into the system mean we will find the system certs. Note Debian sets + # OPENSSLDIR=/usr/lib/ssl, but /usr/lib/ssl mostly consists of symlinks into /etc/ssl. We + # must set /etc/ssl here because some environments (e.g., YSS root filesystems) don't have + # /usr/lib/ssl at all. + "-DOPENSSLDIR=\\\"/etc/ssl\\\"", + # This is basically a no-op, since we've disabled dynamic loading of engines. + '-DENGINESDIR=\\"/usr/lib/engines-3.0\\"', + # also basically a no-op + "-DMODULESDIR=\\\"/dev/null\\\"", + "-DL_ENDIAN", + "-DOPENSSL_USE_NODELETE", +] + select({ + "//configs:linux_aarch64": ["-mno-outline-atomics"], + "//conditions:default": [], +}) + select({ + "//configs:windows_arm64": [ + "/Iexternal/{}/include".format(_REPO_NAME), + "/VERBOSE", + ], + "//configs:windows_x64": [ + "/Iexternal/{}/include".format(_REPO_NAME), + "/VERBOSE", + ], + "//conditions:default": [ + # As described in https://github.com/openssl/openssl/issues/4575, OpenSSL doesn't mark its + # assembly files as not requiring an executable stack. Pass --noexecstack to the assembler + # to do this. + "-Wa,--noexecstack", + "-Wno-unused-command-line-argument", + "-I", + "external/{}/include".format(_REPO_NAME), + ], +}) + +cc_binary( + name = "openssl", + srcs = ALL_OPENSSL_APP_SRCS, + copts = COMMON_OPENSSL_COPTS + select({ + "//configs:darwin_arm64": _DARWIN_ARM64_OPENSSL_APP_DEFINES, + "//configs:darwin_x86_64": _DARWIN_X86_64_OPENSSL_APP_DEFINES, + "//configs:linux_aarch64": _LINUX_ARM64_OPENSSL_APP_DEFINES, + "//configs:linux_x86_64": _LINUX_X86_64_OPENSSL_APP_DEFINES, + "//configs:windows_arm64": _WINDOWS_ARM64_OPENSSL_APP_DEFINES, + "//configs:windows_x64": _WINDOWS_X86_64_OPENSSL_APP_DEFINES, + }) + select({ + "//configs:windows_arm64": OPENSSL_APP_WINDOWS_COPTS, + "//configs:windows_x64": OPENSSL_APP_WINDOWS_COPTS, + "//conditions:default": OPENSSL_APP_NIX_COPTS, + }), + defines = COMMON_OPENSSL_DEFINES, + linkopts = select({ + "//configs:windows_arm64": OPENSSL_APP_WINDOWS_LINKOPTS, + "//configs:windows_x64": OPENSSL_APP_WINDOWS_LINKOPTS, + "//conditions:default": OPENSSL_APP_NIX_LINKOPTS, + }), + visibility = ["//visibility:public"], + deps = [":ssl"], +) + +NIX_ARM64_PERLASM_TOOLS_AND_OUTS, NIX_ARM64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT = parse_perlasm_gen(_NIX_ARM64_PERLASM_GEN) + +NIX_X86_64_PERLASM_TOOLS_AND_OUTS, NIX_X86_64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT = parse_perlasm_gen(_NIX_X86_64_PERLASM_GEN) + +WINDOWS_ARM64_PERLASM_TOOLS_AND_OUTS, WINDOWS_ARM64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT = parse_perlasm_gen(_WINDOWS_ARM64_PERLASM_GEN) + +WINDOWS_X86_64_PERLASM_TOOLS_AND_OUTS, WINDOWS_X86_64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT = parse_perlasm_gen(_WINDOWS_X86_64_PERLASM_GEN) + +PERLASM_TOOLS = glob( + ["crypto/perlasm/*.pl"], + exclude = COMMON_GENERATED_FILES, +) + +perl_genrule( + name = "perlasm_genfiles", + additional_srcs = PERLASM_TOOLS + ["crypto/ec/ecp_nistz256_table.c"], + assembly_flavor = select({ + "//configs:darwin_arm64": "ios64", + "//configs:darwin_x86_64": "macosx", + "//configs:linux_aarch64": "linux64", + "//configs:linux_x86_64": "elf", + "//configs:windows_arm64": "win64", + "//configs:windows_x64": "masm", + }), + is_unix = select({ + "@platforms//os:windows": False, + "//conditions:default": True, + }), + srcs_to_outs = select({ + "//configs:darwin_arm64": NIX_ARM64_PERLASM_TOOLS_AND_OUTS, + "//configs:darwin_x86_64": NIX_X86_64_PERLASM_TOOLS_AND_OUTS, + "//configs:linux_aarch64": NIX_ARM64_PERLASM_TOOLS_AND_OUTS, + "//configs:linux_x86_64": NIX_X86_64_PERLASM_TOOLS_AND_OUTS, + "//configs:windows_arm64": WINDOWS_ARM64_PERLASM_TOOLS_AND_OUTS, + "//configs:windows_x64": WINDOWS_X86_64_PERLASM_TOOLS_AND_OUTS, + }), + srcs_to_outs_dupes = select({ + "//configs:darwin_arm64": NIX_ARM64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT, + "//configs:darwin_x86_64": NIX_X86_64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT, + "//configs:linux_aarch64": NIX_ARM64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT, + "//configs:linux_x86_64": NIX_X86_64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT, + "//configs:windows_arm64": WINDOWS_ARM64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT, + "//configs:windows_x64": WINDOWS_X86_64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT, + }), +) + +COMMON_LIBCRYPTO_SRCS = glob( + [ + "crypto/**/*.h", + "crypto/*.h", + "include/crypto/**/*.h", + "include/internal/*.h", + "include/openssl/*.h", + "providers/**/*.h", + "providers/*.inc", + "providers/implementations/**/*.inc", + ], + exclude = COMMON_GENERATED_FILES, +) + +# We miss some sources and headers when doing the normal extraction +OTHER_LIBCRYPTO_WINDOWS_SRCS = [ + "ms/uplink.h", + "ms/applink.c", + "engines/e_capi_err.h", + "engines/e_capi_err.c", +] + +ALL_LIBCRYPTO_SRCS = COMMON_LIBCRYPTO_SRCS + select({ + "//configs:darwin_arm64": remove_dupes( + _DARWIN_ARM64_LIBCRYPTO_SRCS, + NIX_ARM64_PERLASM_TOOLS_AND_OUTS.values() + NIX_ARM64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT.values(), + ), + "//configs:darwin_x86_64": remove_dupes( + _DARWIN_X86_64_LIBCRYPTO_SRCS, + NIX_X86_64_PERLASM_TOOLS_AND_OUTS.values() + NIX_X86_64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT.values(), + ), + "//configs:linux_aarch64": remove_dupes( + _LINUX_ARM64_LIBCRYPTO_SRCS, + NIX_ARM64_PERLASM_TOOLS_AND_OUTS.values() + NIX_ARM64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT.values(), + ), + "//configs:linux_x86_64": remove_dupes( + _LINUX_X86_64_LIBCRYPTO_SRCS, + NIX_X86_64_PERLASM_TOOLS_AND_OUTS.values() + NIX_X86_64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT.values(), + ), + "//configs:windows_arm64": remove_dupes( + fix_paths_for_windows(_WINDOWS_ARM64_LIBCRYPTO_SRCS), + WINDOWS_ARM64_PERLASM_TOOLS_AND_OUTS.values() + WINDOWS_ARM64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT.values(), + ) + OTHER_LIBCRYPTO_WINDOWS_SRCS, + "//configs:windows_x64": remove_dupes( + fix_paths_for_windows(_WINDOWS_X86_64_LIBCRYPTO_SRCS), + WINDOWS_X86_64_PERLASM_TOOLS_AND_OUTS.values() + WINDOWS_X86_64_PERLASM_TOOLS_AND_OUTS_DUPES_DICT.values(), + ) + OTHER_LIBCRYPTO_WINDOWS_SRCS, +}) + +EXISTING_LIBCRYPTO_HDRS = glob( + [ + "include/openssl/*.h", + "include/openssl/**/*.h", + "include/crypto/*.h", + "include/crypto/**/*.h", + ], +) + +LIBCRYPTO_NIX_COPTS = [ + "-iquote", + "external/{}/providers/implementations/macs".format(_REPO_NAME), + "-iquote", + "external/{}/providers/implementations/include".format(_REPO_NAME), + "-iquote", + "external/{}/providers/common/include".format(_REPO_NAME), + "-iquote", + "$(BINDIR)/external/{}/providers/common/include".format(_REPO_NAME), + "-iquote", + "$(BINDIR)/external/{}/crypto".format(_REPO_NAME), + "-iquote", + "external/{}/crypto".format(_REPO_NAME), + "-I", + "external/{}/providers/implementations/include".format(_REPO_NAME), +] + +LIBCRYPTO_WINDOWS_COPTS = [ + "/Iexternal/{}/providers/implementations/macs".format(_REPO_NAME), + "/Iexternal/{}/providers/implementations/include".format(_REPO_NAME), + "/Iexternal/{}/providers/common/include".format(_REPO_NAME), + "/I$(BINDIR)/external/{}/providers/common/include".format(_REPO_NAME), + "/I$(BINDIR)/external/{}/crypto".format(_REPO_NAME), + "/Iexternal/{}/crypto".format(_REPO_NAME), + "/Iexternal/{}/providers/implementations/include".format(_REPO_NAME), +] + +ALL_LIBCRYPTO_HDRS = EXISTING_LIBCRYPTO_HDRS + [":generated-headers"] + +# Windows needs some additional include directories. +LIBCRYPTO_WINDOWS_INCLUDES = [ + "ms", + "engines", + "crypto/bn", + "crypto", +] + +cc_library( + name = "crypto", + # Some of the srcs are duplicated because we have to glob over the directories with missing files + # as only some of them are picked up. + srcs = ALL_LIBCRYPTO_SRCS + [":perlasm_genfiles"], + hdrs = ALL_LIBCRYPTO_HDRS, + additional_compiler_inputs = [ + ":generated-headers", + ] + glob( + # There are some .c files that are conditionally included textually, we want them to be + # available + ["providers/implementations/**/*.c"], + exclude = COMMON_GENERATED_FILES, + ), + # To make sure downstream targets add the right copts to be able to include the headers. + copts = COMMON_OPENSSL_COPTS + select({ + "//configs:darwin_arm64": _DARWIN_ARM64_OPENSSL_DEFINES, + "//configs:darwin_x86_64": _DARWIN_X86_64_OPENSSL_DEFINES, + "//configs:linux_aarch64": _LINUX_ARM64_OPENSSL_DEFINES, + "//configs:linux_x86_64": _LINUX_X86_64_OPENSSL_DEFINES, + "//configs:windows_arm64": _WINDOWS_ARM64_OPENSSL_DEFINES, + "//configs:windows_x64": _WINDOWS_X86_64_OPENSSL_DEFINES, + }) + select({ + "//configs:darwin_arm64": _DARWIN_ARM64_LIBCRYPTO_DEFINES, + "//configs:darwin_x86_64": _DARWIN_X86_64_LIBCRYPTO_DEFINES, + "//configs:linux_aarch64": _LINUX_ARM64_LIBCRYPTO_DEFINES, + "//configs:linux_x86_64": _LINUX_X86_64_LIBCRYPTO_DEFINES, + "//configs:windows_arm64": _WINDOWS_ARM64_LIBCRYPTO_DEFINES, + "//configs:windows_x64": _WINDOWS_X86_64_LIBCRYPTO_DEFINES, + }) + select({ + "//configs:windows_arm64": LIBCRYPTO_WINDOWS_COPTS, + "//configs:windows_x64": LIBCRYPTO_WINDOWS_COPTS, + "//conditions:default": LIBCRYPTO_NIX_COPTS, + }), + defines = COMMON_OPENSSL_DEFINES, + includes = [ + "include", + ] + select({ + "//configs:windows_arm64": LIBCRYPTO_WINDOWS_INCLUDES, + "//configs:windows_x64": LIBCRYPTO_WINDOWS_INCLUDES, + "//conditions:default": [], + }), + linkopts = [ + "-lc", + "-pthread", + ], + visibility = ["//visibility:public"], + deps = [ + ":crypto-textual-hdrs", + ], +) + +COMMON_LIBSSL_SRCS = glob( + ["ssl/**/*.h"], + exclude = COMMON_GENERATED_FILES, +) + +ALL_LIBSSL_SRCS = COMMON_LIBSSL_SRCS + select({ + "//configs:darwin_arm64": _DARWIN_ARM64_LIBSSL_SRCS, + "//configs:darwin_x86_64": _DARWIN_X86_64_LIBSSL_SRCS, + "//configs:linux_aarch64": _LINUX_ARM64_LIBSSL_SRCS, + "//configs:linux_x86_64": _LINUX_X86_64_LIBSSL_SRCS, + "//configs:windows_arm64": fix_paths_for_windows(_WINDOWS_ARM64_LIBSSL_SRCS), + "//configs:windows_x64": fix_paths_for_windows(_WINDOWS_X86_64_LIBSSL_SRCS), +}) + +EXISTING_LIBSSL_HDRS = glob( + ["include/openssl/*.h"], +) + +ALL_LIBSSL_HDRS = EXISTING_LIBSSL_HDRS + [":generated-headers"] + +cc_library( + name = "ssl", + srcs = ALL_LIBSSL_SRCS, + hdrs = ALL_LIBSSL_HDRS, + additional_compiler_inputs = [":generated-files"], + copts = COMMON_OPENSSL_COPTS + select({ + "//configs:darwin_arm64": _DARWIN_ARM64_OPENSSL_DEFINES, + "//configs:darwin_x86_64": _DARWIN_X86_64_OPENSSL_DEFINES, + "//configs:linux_aarch64": _LINUX_ARM64_OPENSSL_DEFINES, + "//configs:linux_x86_64": _LINUX_X86_64_OPENSSL_DEFINES, + "//configs:windows_arm64": _WINDOWS_ARM64_OPENSSL_DEFINES, + "//configs:windows_x64": _WINDOWS_X86_64_OPENSSL_DEFINES, + }) + select({ + "//configs:darwin_arm64": _DARWIN_ARM64_LIBSSL_DEFINES, + "//configs:darwin_x86_64": _DARWIN_X86_64_LIBSSL_DEFINES, + "//configs:linux_aarch64": _LINUX_ARM64_LIBSSL_DEFINES, + "//configs:linux_x86_64": _LINUX_X86_64_LIBSSL_DEFINES, + "//configs:windows_arm64": _WINDOWS_ARM64_LIBSSL_DEFINES, + "//configs:windows_x64": _WINDOWS_X86_64_LIBSSL_DEFINES, + }), + defines = COMMON_OPENSSL_DEFINES, + # To make sure downstream targets add the right copts to be able to include the headers. + includes = ["include"], + linkopts = ["-lc"], + visibility = ["//visibility:public"], + deps = [ + ":crypto", + ], +) + +filegroup( + name = "generated-files", + srcs = COMMON_GENERATED_FILES + [":generate-platform-specific-files"], +) + +filegroup( + name = "generated-headers", + srcs = [f for f in COMMON_GENERATED_FILES + _DARWIN_ARM64_GEN_FILES.keys() if f.endswith(".h")], +) + +[ + genrule( + name = "copy_generated_{}".format(src), + srcs = ["@openssl-generated-overlay//:{}".format(src)], + outs = [src], + cmd = "cp $< $@", + ) + for src in COMMON_GENERATED_FILES +] + +GEN_FILE_CMD = """ +cat << 'E_O_F' >$(location {filename}) +{contents} +E_O_F +""" + +genrule( + name = "generate-platform-specific-files", + outs = sorted(_DARWIN_ARM64_GEN_FILES.keys()), + cmd = select({ + "//configs:darwin_arm64": "\n".join([GEN_FILE_CMD.format( + contents = v, + filename = k, + ) for k, v in _DARWIN_ARM64_GEN_FILES.items()]), + "//configs:darwin_x86_64": "\n".join([GEN_FILE_CMD.format( + contents = v, + filename = k, + ) for k, v in _DARWIN_X86_64_GEN_FILES.items()]), + "//configs:linux_aarch64": "\n".join([GEN_FILE_CMD.format( + contents = v, + filename = k, + ) for k, v in _LINUX_ARM64_GEN_FILES.items()]), + "//configs:linux_x86_64": "\n".join([GEN_FILE_CMD.format( + contents = v, + filename = k, + ) for k, v in _LINUX_X86_64_GEN_FILES.items()]), + "//configs:windows_arm64": "\n".join([GEN_FILE_CMD.format( + contents = v, + filename = k, + ) for k, v in _WINDOWS_ARM64_GEN_FILES.items()]), + "//configs:windows_x64": "\n".join([GEN_FILE_CMD.format( + contents = v, + filename = k, + ) for k, v in _WINDOWS_X86_64_GEN_FILES.items()]), + }), +) + +collate_into_directory( + name = "gen_dir", + outs_prefix_map = { + ":crypto": "lib/", + ":openssl": "bin/", + ":ssl": "lib/", + }, + srcs_prefix_map = { + ":crypto": "external/{}".format(_REPO_NAME), + ":generated-headers": "external/{}".format(_REPO_NAME), + ":openssl": "external/{}".format(_REPO_NAME), + ":ssl": "external/{}".format(_REPO_NAME), + } | { + k: "external/{}".format(_REPO_NAME) + for k in glob(["include/openssl/*.h"]) + }, + visibility = ["//visibility:public"], +) diff --git a/modules/openssl/3.3.1.bcr.2/overlay/MODULE.bazel b/modules/openssl/3.3.1.bcr.2/overlay/MODULE.bazel new file mode 120000 index 00000000000..9b599e3ad9c --- /dev/null +++ b/modules/openssl/3.3.1.bcr.2/overlay/MODULE.bazel @@ -0,0 +1 @@ +../MODULE.bazel \ No newline at end of file diff --git a/modules/openssl/3.3.1.bcr.2/overlay/configs/BUILD.bazel b/modules/openssl/3.3.1.bcr.2/overlay/configs/BUILD.bazel new file mode 100644 index 00000000000..7707b348c32 --- /dev/null +++ b/modules/openssl/3.3.1.bcr.2/overlay/configs/BUILD.bazel @@ -0,0 +1,51 @@ +config_setting( + name = "darwin_arm64", + constraint_values = [ + "@@platforms//os:macos", + "@@platforms//cpu:arm64", + ], + visibility = ["//visibility:public"], +) + +config_setting( + name = "darwin_x86_64", + constraint_values = [ + "@@platforms//os:macos", + "@@platforms//cpu:x86_64", + ], + visibility = ["//visibility:public"], +) + +config_setting( + name = "linux_aarch64", + constraint_values = [ + "@@platforms//os:linux", + "@@platforms//cpu:aarch64", + ], + visibility = ["//visibility:public"], +) + +config_setting( + name = "linux_x86_64", + constraint_values = [ + "@@platforms//os:linux", + "@@platforms//cpu:x86_64", + ], + visibility = ["//visibility:public"], +) + +config_setting( + name = "windows_arm64", + constraint_values = [ + "@@platforms//os:windows", + "@@platforms//cpu:arm64", + ], +) + +config_setting( + name = "windows_x64", + constraint_values = [ + "@@platforms//os:windows", + "@@platforms//cpu:x86_64", + ], +) diff --git a/modules/openssl/3.3.1.bcr.2/overlay/test_bazel_build/BUILD.bazel b/modules/openssl/3.3.1.bcr.2/overlay/test_bazel_build/BUILD.bazel new file mode 100644 index 00000000000..ba2756697b5 --- /dev/null +++ b/modules/openssl/3.3.1.bcr.2/overlay/test_bazel_build/BUILD.bazel @@ -0,0 +1,35 @@ +load("@bazel_skylib//rules:build_test.bzl", "build_test") +load("@rules_cc//cc:cc_library.bzl", "cc_library") +load("@rules_python//python:defs.bzl", "py_test") + +py_test( + name = "sha256_test", + srcs = ["sha256_test.py"], + data = ["//:openssl"], + deps = ["@rules_python//python/runfiles"], +) + +build_test( + name = "build_test", + targets = [ + ":includes_bn", + ], +) + +cc_library( + name = "includes_bn", + srcs = [":includes_bh.cpp"], + deps = ["@openssl//:ssl"], +) + +genrule( + name = "generate_includes_bh", + outs = ["includes_bh.cpp"], + cmd = """cat >$@ <<'EOF' +#include +EOF +""", + cmd_ps = """ + New-Item -Path "$@" -ItemType File -Value "#include " +""", +) diff --git a/modules/openssl/3.3.1.bcr.2/overlay/test_bazel_build/sha256_test.py b/modules/openssl/3.3.1.bcr.2/overlay/test_bazel_build/sha256_test.py new file mode 100755 index 00000000000..12e6c9ea0de --- /dev/null +++ b/modules/openssl/3.3.1.bcr.2/overlay/test_bazel_build/sha256_test.py @@ -0,0 +1,28 @@ +import os +import subprocess +import sys + +from python.runfiles import Runfiles + +# Ensure exactly zero arguments are provided +if len(sys.argv) != 1: + print(f"Usage: {sys.argv[0]}", file=sys.stderr) + sys.exit(1) + +# Get the openssl binary path +extension = ".exe" if os.name == "nt" else "" +r = Runfiles.Create() +openssl = r.Rlocation("openssl/openssl" + extension) + +# Run the openssl command to compute the SHA-256 hash +command = [openssl, "dgst", "-sha256"] +result = subprocess.run(command, input="European Burmese", text=True, capture_output=True) + +# Extract the hash from the output +out = result.stdout.split()[-1] + +# Compare the computed hash with the expected one +expected_hash = "693d8db7b05e99c6b7a7c0616456039d89c555029026936248085193559a0b5d" +if out != expected_hash: + print(f"Wrong hash - got {out}", file=sys.stderr) + sys.exit(1) diff --git a/modules/openssl/3.3.1.bcr.2/overlay/utils.bzl b/modules/openssl/3.3.1.bcr.2/overlay/utils.bzl new file mode 100644 index 00000000000..361290f3fde --- /dev/null +++ b/modules/openssl/3.3.1.bcr.2/overlay/utils.bzl @@ -0,0 +1,121 @@ +"""utils for the BUILD files. +""" + +def get_repo_name(): + return Label("//:BUILD.bazel").workspace_name + +def remove_extra_chars(str): + return str.replace(")", "").replace(";", "").replace("\r", "") + +def parse_perlasm_gen(perlasm_gen): + """Take a perlasm gen string and parse it. + + Args: + perlasm_gen: The perlasm generation string + Returns: + Two dictionaries. The first has the keys and values that are not dupes or the first instances of dupes. + The second has the remaining keys and values that are dupes. Keys are tools and values are outs. + """ + perlasm_outs = [] + perlasm_tools = [] + + perlasm_gen_split_by_line = perlasm_gen.split("\n") + for line in perlasm_gen_split_by_line: + split_by_space = line.split(" ") + + # When you split by new line you get an empty string at points. + if not split_by_space: + continue + elif not split_by_space[0]: + continue + # On arm we get carriage returns + + elif split_by_space[0] == "\r\r": + continue + elif len(split_by_space) != 6: + fail("Line {} not six parts".format(line)) + tool = fix_path_for_windows_in_str(remove_extra_chars(split_by_space[2])) + out = fix_path_for_windows_in_str(remove_extra_chars(split_by_space[5])) + perlasm_tools.append(tool) + perlasm_outs.append(out) + + return dedupe_and_ret_dicts(perlasm_tools, perlasm_outs) + +def dedupe_and_ret_dicts(lst_one, lst_two): + """Dedupe a list and make two dictionaries with that and another list + + Args: + lst_one: First list. We dedupe this and use as keys. + lst_two: Second list. We don't dedupe this and use as values. + Returns: + Two dictionaries. The first has the keys and values that are not dupes or the first instances of dupes. + The second has the remaining keys and values that are dupes. + """ + if len(lst_one) != len(lst_two): + fail("Lists are not the same length: {} with len {} and {} with len {}".format(lst_one, len(lst_one), lst_two, len(lst_two))) + dict_one = {} + dict_two = {} + + for i in range(len(lst_one)): + one_i = lst_one[i] + two_i = lst_two[i] + if one_i in dict_one.keys(): + if one_i in dict_two.keys(): + pass + else: + dict_two[one_i] = two_i + else: + dict_one[one_i] = two_i + return dict_one, dict_two + +def dedupe(lst): + """Dedupe a list + + Args: + lst: A list of things + Returns: + The deuped list. + """ + final_lst = [] + for thing in lst: + if thing in final_lst: + continue + else: + final_lst.append(thing) + + return final_lst + +def fix_paths_for_windows(path_lst): + """Replace the \\ with / on Windows. + + We need them to be the opposite way when writing the generated bzl files on Windows. + But when we use the files we need to fix the paths. + Args: + path_lst: The list of paths to fix. + Return: + The fixed path list. + """ + return [fix_path_for_windows_in_str(path) for path in path_lst] + +def fix_path_for_windows_in_str(str): + """Replace the \\ with / on Windows. + + We need them to be the opposite way when writing the generated bzl files on Windows. + But when we use the files we need to fix the paths. + Args: + str: The string to fix. + Return: + The fixed string. + """ + return str.replace("\\", "/") + +def remove_dupes(lst_one, lst_two): + """Remove dupes from list one that exist in list two + + Args: + lst_one: The first list + lst_two: The second list + Returns: + list one without dupes + """ + return [item for item in lst_one if item not in lst_two] diff --git a/modules/openssl/3.3.1.bcr.2/presubmit.yml b/modules/openssl/3.3.1.bcr.2/presubmit.yml new file mode 100644 index 00000000000..3a522e3c827 --- /dev/null +++ b/modules/openssl/3.3.1.bcr.2/presubmit.yml @@ -0,0 +1,21 @@ +matrix: + platform: + - ubuntu2004 + - ubuntu2004_arm64 + - ubuntu2404 + - macos + - macos_arm64 + - windows + - windows_arm64 + bazel: + - 7.x + - 8.x +tasks: + verify_targets: + name: Build and test + platform: ${{ platform }} + bazel: ${{ bazel }} + build_targets: + - "@openssl//..." + test_targets: + - "@openssl//test_bazel_build/..." diff --git a/modules/openssl/3.3.1.bcr.2/source.json b/modules/openssl/3.3.1.bcr.2/source.json new file mode 100644 index 00000000000..f97926f89c6 --- /dev/null +++ b/modules/openssl/3.3.1.bcr.2/source.json @@ -0,0 +1,13 @@ +{ + "integrity": "sha256-d3zVlihMiDN1oqehG/XSeG/FQTJV76sgxQ1v/m0CC34=", + "overlay": { + "BUILD.bazel": "sha256-Aew6ntdcRWBUQnUTzbaL/XzFaxIdf9r/UT6+MdoJ3bk=", + "MODULE.bazel": "sha256-QvtYcPaurVlvbp78WfBR60Sw4GaT+vmsq6q6d9itJ4s=", + "configs/BUILD.bazel": "sha256-SEmJa6Woy/hw3N+Z1+H7DBAnvA69Yas86hXf1/kDl9s=", + "test_bazel_build/BUILD.bazel": "sha256-VIIP2GDFD9iWNXyRkWhvFCV0TF26/ZAHrnGANXDOR7c=", + "test_bazel_build/sha256_test.py": "sha256-6m8PE04AgUsbZ8NF/fbxlWhWxI4MWW3WWDHLie+AJJc=", + "utils.bzl": "sha256-y0UhVS7pnxAcNu8TS7R+hHyIyGjGRoTnYQdWquvp938=" + }, + "strip_prefix": "openssl-3.3.1", + "url": "https://github.com/openssl/openssl/releases/download/openssl-3.3.1/openssl-3.3.1.tar.gz" +} diff --git a/modules/openssl/metadata.json b/modules/openssl/metadata.json index 59133562c9b..fc8f56e2816 100644 --- a/modules/openssl/metadata.json +++ b/modules/openssl/metadata.json @@ -1,24 +1,25 @@ { - "homepage": "https://www.openssl.org/", - "maintainers": [ - { - "email": "github@raccoons.build", - "github": "raccoons-build", - "name": "Raccoons Build", - "github_user_id": 166938977 - }, - { - "email": "dawagner@gmail.com", - "github": "illicitonion", - "name": "Daniel Wagner-Hall", - "github_user_id": 1131704 - } - ], - "repository": [ - "github:openssl/openssl" - ], - "versions": [ - "3.3.1.bcr.0", - "3.3.1.bcr.1" - ] + "homepage": "https://www.openssl.org/", + "maintainers": [ + { + "email": "github@raccoons.build", + "github": "raccoons-build", + "github_user_id": 166938977, + "name": "Raccoons Build" + }, + { + "email": "dawagner@gmail.com", + "github": "illicitonion", + "github_user_id": 1131704, + "name": "Daniel Wagner-Hall" + } + ], + "repository": [ + "github:openssl/openssl" + ], + "versions": [ + "3.3.1.bcr.0", + "3.3.1.bcr.1", + "3.3.1.bcr.2" + ] }