From 96eaa90907d2ce9e32712a0e45021fb426b1e544 Mon Sep 17 00:00:00 2001
From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com>
Date: Wed, 2 Oct 2024 13:27:11 -0700
Subject: [PATCH 1/3] Remove special s2n-bignum symbol handling sauce from
 build

---
 CMakeLists.txt                                        |  9 ---------
 crypto/fipsmodule/CMakeLists.txt                      |  9 +++++++--
 tests/ci/common_posix_setup.sh                        | 11 +----------
 third_party/s2n-bignum/include/_internal_s2n_bignum.h |  6 +++++-
 4 files changed, 13 insertions(+), 22 deletions(-)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index a35fd05c2f..317ee80cb0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -215,15 +215,6 @@ if(BORINGSSL_PREFIX AND BORINGSSL_PREFIX_SYMBOLS AND GO_EXECUTABLE)
            symbol_prefix_include/openssl/boringssl_prefix_symbols_nasm.inc
     COMMAND ${CMAKE_COMMAND} -E make_directory ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl
     COMMAND ${GO_EXECUTABLE} run ${CMAKE_CURRENT_SOURCE_DIR}/util/make_prefix_headers.go -out ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl -prefix ${BORINGSSL_PREFIX} ${BORINGSSL_PREFIX_SYMBOLS_PATH}
-    COMMAND sed -i.bak '/ bignum_/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols.h
-    COMMAND sed -i.bak '/ bignum_/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_asm.h
-    COMMAND sed -i.bak '/ bignum_/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_nasm.inc
-    COMMAND sed -i.bak '/ curve25519_x25519/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols.h
-    COMMAND sed -i.bak '/ curve25519_x25519/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_asm.h
-    COMMAND sed -i.bak '/ curve25519_x25519/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_nasm.inc
-    COMMAND sed -i.bak '/ edwards25519_/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols.h
-    COMMAND sed -i.bak '/ edwards25519_/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_asm.h
-    COMMAND sed -i.bak '/ edwards25519_/d' ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_nasm.inc
     COMMAND ${CMAKE_COMMAND} -E remove
           ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols.h.bak
           ${CMAKE_CURRENT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols_asm.h.bak
diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt
index aaa370f935..734d008612 100644
--- a/crypto/fipsmodule/CMakeLists.txt
+++ b/crypto/fipsmodule/CMakeLists.txt
@@ -305,14 +305,19 @@ function(s2n_asm_cpreprocess dest src)
 
   string(REGEX REPLACE "[ ]+" ";" CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS}")
 
+  #if(BORINGSSL_PREFIX)
+    set(S2N_BIGNUM_PREFIX_INCLUDE "-I${PROJECT_BINARY_DIR}/symbol_prefix_include")
+    set(S2N_BIGNUM_PREFIX_FLAG "-DAWSLC_PRIVATE_BUILD")
+  #endif()
+
   add_custom_command(
           OUTPUT ${dest}
           COMMAND ${CMAKE_COMMAND} -E make_directory ${dir}
-          COMMAND ${CMAKE_ASM_COMPILER} ${TARGET} ${CMAKE_ASM_FLAGS} -E ${S2N_BIGNUM_DIR}/${src} -I${S2N_BIGNUM_INCLUDE_DIR} -DS2N_BN_HIDE_SYMBOLS| tr \"\;\" \"\\n\" > ${dest}
+          COMMAND ${CMAKE_ASM_COMPILER} ${TARGET} ${CMAKE_ASM_FLAGS} -E ${S2N_BIGNUM_DIR}/${src} -I${S2N_BIGNUM_INCLUDE_DIR} ${S2N_BIGNUM_PREFIX_INCLUDE} ${S2N_BIGNUM_PREFIX_FLAG} -DS2N_BN_HIDE_SYMBOLS | tr \"\;\" \"\\n\" > ${dest}
           DEPENDS
           ${S2N_BIGNUM_DIR}/${src}
           WORKING_DIRECTORY .
-)
+  )
 endfunction()
 
 if(S2N_BIGNUM_ASM_SOURCES)
diff --git a/tests/ci/common_posix_setup.sh b/tests/ci/common_posix_setup.sh
index f6e6223676..2f715a3113 100644
--- a/tests/ci/common_posix_setup.sh
+++ b/tests/ci/common_posix_setup.sh
@@ -94,16 +94,7 @@ function generate_symbols_file {
 function verify_symbols_prefixed {
   go run "$SRC_ROOT"/util/read_symbols.go -out "$BUILD_ROOT"/symbols_final_crypto.txt "$BUILD_ROOT"/crypto/libcrypto.a
   go run "$SRC_ROOT"/util/read_symbols.go -out "$BUILD_ROOT"/symbols_final_ssl.txt "$BUILD_ROOT"/ssl/libssl.a
-  # For grep's basic regular expression language the meta-characters (e.g. "?",
-  # "|", etc.) are interpreted as literal characters. To keep their
-  # meta-character semantics, they must be escaped with "\".
-  # Deciphering the pattern "^_\?\(bignum\|curve25519_x25519\)":
-  #  * "^": anchor at start of line.
-  #  * "_\?": might contain underscore.
-  #  * "\(bignum\|curve25519_x25519\)": match string of either "bignum" or "curve25519_x25519".
-  # Recall that the option "-v" reverse the pattern matching. So, we are really
-  # filtering out lines that contain either "bignum" or "curve25519_x25519".
-  cat "$BUILD_ROOT"/symbols_final_crypto.txt  "$BUILD_ROOT"/symbols_final_ssl.txt | grep -v -e '^_\?\(bignum\|curve25519_x25519\|edwards25519\)' >  "$SRC_ROOT"/symbols_final.txt
+  cat "$BUILD_ROOT"/symbols_final_crypto.txt  "$BUILD_ROOT"/symbols_final_ssl.txt >  "$SRC_ROOT"/symbols_final.txt
   # Now filter out every line that has the unique prefix $CUSTOM_PREFIX. If we
   # have any lines left, then some symbol(s) weren't prefixed, unexpectedly.
   if [ $(grep -c -v ${CUSTOM_PREFIX}  "$SRC_ROOT"/symbols_final.txt) -ne 0 ]; then
diff --git a/third_party/s2n-bignum/include/_internal_s2n_bignum.h b/third_party/s2n-bignum/include/_internal_s2n_bignum.h
index c7cedb633a..0105835a9c 100644
--- a/third_party/s2n-bignum/include/_internal_s2n_bignum.h
+++ b/third_party/s2n-bignum/include/_internal_s2n_bignum.h
@@ -14,4 +14,8 @@
 #   endif
 #else
 #   define S2N_BN_SYM_PRIVACY_DIRECTIVE(name)  /* NO-OP: S2N_BN_SYM_PRIVACY_DIRECTIVE */
-#endif
\ No newline at end of file
+#endif
+
+#ifdef AWSLC_PRIVATE_BUILD
+    #include <openssl/boringssl_prefix_symbols.h>
+#endif

From 8199465b4cd63f760318192a0cd197a093155554 Mon Sep 17 00:00:00 2001
From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com>
Date: Wed, 2 Oct 2024 13:28:41 -0700
Subject: [PATCH 2/3] Whoops

---
 crypto/fipsmodule/CMakeLists.txt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt
index 734d008612..bf112fc35d 100644
--- a/crypto/fipsmodule/CMakeLists.txt
+++ b/crypto/fipsmodule/CMakeLists.txt
@@ -305,10 +305,10 @@ function(s2n_asm_cpreprocess dest src)
 
   string(REGEX REPLACE "[ ]+" ";" CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS}")
 
-  #if(BORINGSSL_PREFIX)
+  if(BORINGSSL_PREFIX)
     set(S2N_BIGNUM_PREFIX_INCLUDE "-I${PROJECT_BINARY_DIR}/symbol_prefix_include")
     set(S2N_BIGNUM_PREFIX_FLAG "-DAWSLC_PRIVATE_BUILD")
-  #endif()
+  endif()
 
   add_custom_command(
           OUTPUT ${dest}

From 88526d99b801346557933b82e5136790a601ec29 Mon Sep 17 00:00:00 2001
From: Torben Hansen <50673096+torben-hansen@users.noreply.github.com>
Date: Wed, 2 Oct 2024 16:32:35 -0700
Subject: [PATCH 3/3] Try a less intrusive method

---
 crypto/fipsmodule/CMakeLists.txt                      | 5 ++---
 third_party/s2n-bignum/include/_internal_s2n_bignum.h | 6 +-----
 2 files changed, 3 insertions(+), 8 deletions(-)

diff --git a/crypto/fipsmodule/CMakeLists.txt b/crypto/fipsmodule/CMakeLists.txt
index bf112fc35d..3df03a9c6a 100644
--- a/crypto/fipsmodule/CMakeLists.txt
+++ b/crypto/fipsmodule/CMakeLists.txt
@@ -306,14 +306,13 @@ function(s2n_asm_cpreprocess dest src)
   string(REGEX REPLACE "[ ]+" ";" CMAKE_ASM_FLAGS "${CMAKE_ASM_FLAGS}")
 
   if(BORINGSSL_PREFIX)
-    set(S2N_BIGNUM_PREFIX_INCLUDE "-I${PROJECT_BINARY_DIR}/symbol_prefix_include")
-    set(S2N_BIGNUM_PREFIX_FLAG "-DAWSLC_PRIVATE_BUILD")
+    set(S2N_BIGNUM_PREFIX_INCLUDE "--include=${PROJECT_BINARY_DIR}/symbol_prefix_include/openssl/boringssl_prefix_symbols.h")
   endif()
 
   add_custom_command(
           OUTPUT ${dest}
           COMMAND ${CMAKE_COMMAND} -E make_directory ${dir}
-          COMMAND ${CMAKE_ASM_COMPILER} ${TARGET} ${CMAKE_ASM_FLAGS} -E ${S2N_BIGNUM_DIR}/${src} -I${S2N_BIGNUM_INCLUDE_DIR} ${S2N_BIGNUM_PREFIX_INCLUDE} ${S2N_BIGNUM_PREFIX_FLAG} -DS2N_BN_HIDE_SYMBOLS | tr \"\;\" \"\\n\" > ${dest}
+          COMMAND ${CMAKE_ASM_COMPILER} ${TARGET} ${CMAKE_ASM_FLAGS} -E ${S2N_BIGNUM_DIR}/${src} -I${S2N_BIGNUM_INCLUDE_DIR} ${S2N_BIGNUM_PREFIX_INCLUDE} ${S2N_BIGNUM_PREFIX_INCLUDE} -DS2N_BN_HIDE_SYMBOLS | tr \"\;\" \"\\n\" > ${dest}
           DEPENDS
           ${S2N_BIGNUM_DIR}/${src}
           WORKING_DIRECTORY .
diff --git a/third_party/s2n-bignum/include/_internal_s2n_bignum.h b/third_party/s2n-bignum/include/_internal_s2n_bignum.h
index 0105835a9c..c7cedb633a 100644
--- a/third_party/s2n-bignum/include/_internal_s2n_bignum.h
+++ b/third_party/s2n-bignum/include/_internal_s2n_bignum.h
@@ -14,8 +14,4 @@
 #   endif
 #else
 #   define S2N_BN_SYM_PRIVACY_DIRECTIVE(name)  /* NO-OP: S2N_BN_SYM_PRIVACY_DIRECTIVE */
-#endif
-
-#ifdef AWSLC_PRIVATE_BUILD
-    #include <openssl/boringssl_prefix_symbols.h>
-#endif
+#endif
\ No newline at end of file