Skip to content

Commit

Permalink
Add openssl, built with cc_libraries
Browse files Browse the repository at this point in the history
  • Loading branch information
@illicitonion
illicitonion committed Dec 3, 2024
1 parent efdec58 commit 27b1b45
Show file tree
Hide file tree
Showing 12 changed files with 92,897 additions and 0 deletions.
9 changes: 9 additions & 0 deletions modules/openssl/3.3.1.bcr.0/MODULE.bazel
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
module(
name = "openssl",
version = "3.3.1.bcr.0",
compatibility_level = 3030100,
)

bazel_dep(name = "platforms", version = "0.0.10")
bazel_dep(name = "rules_cc", version = "0.0.13")
bazel_dep(name = "rules_perl", version = "0.2.4")
358 changes: 358 additions & 0 deletions modules/openssl/3.3.1.bcr.0/overlay/BUILD.bazel
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,358 @@
# This code is heavily based on the implementation in `dbx_build_tools`:
# Ref: https://github.com/dropbox/dbx_build_tools/blob/master/thirdparty/openssl/BUILD.openssl.tail

load("@rules_cc//cc:defs.bzl", "cc_binary", "cc_library")
load(
"//:constants-darwin64-arm64-cc.bzl",
_DARWIN_ARM64_GEN_FILES = "GEN_FILES",
_DARWIN_ARM64_LIBCRYPTO_DEFINES = "LIBCRYPTO_DEFINES",
_DARWIN_ARM64_LIBCRYPTO_SRCS = "LIBCRYPTO_SRCS",
_DARWIN_ARM64_LIBSSL_DEFINES = "LIBSSL_DEFINES",
_DARWIN_ARM64_LIBSSL_SRCS = "LIBSSL_SRCS",
_DARWIN_ARM64_OPENSSL_APP_DEFINES = "LIBSSL_DEFINES",
_DARWIN_ARM64_OPENSSL_APP_SRCS = "OPENSSL_APP_SRCS",
_DARWIN_ARM64_OPENSSL_DEFINES = "OPENSSL_DEFINES",
_DARWIN_ARM64_PERLASM_GEN = "PERLASM_GEN",
_DARWIN_ARM64_PERLASM_OUTS = "PERLASM_OUTS",
_DARWIN_ARM64_PERLASM_TOOLS = "PERLASM_TOOLS",
)
load(
"//:constants-darwin64-x86_64-cc.bzl",
_DARWIN_X86_64_GEN_FILES = "GEN_FILES",
_DARWIN_X86_64_LIBCRYPTO_DEFINES = "LIBCRYPTO_DEFINES",
_DARWIN_X86_64_LIBCRYPTO_SRCS = "LIBCRYPTO_SRCS",
_DARWIN_X86_64_LIBSSL_DEFINES = "LIBSSL_DEFINES",
_DARWIN_X86_64_LIBSSL_SRCS = "LIBSSL_SRCS",
_DARWIN_X86_64_OPENSSL_APP_DEFINES = "LIBSSL_DEFINES",
_DARWIN_X86_64_OPENSSL_APP_SRCS = "OPENSSL_APP_SRCS",
_DARWIN_X86_64_OPENSSL_DEFINES = "OPENSSL_DEFINES",
_DARWIN_X86_64_PERLASM_GEN = "PERLASM_GEN",
_DARWIN_X86_64_PERLASM_TOOLS = "PERLASM_TOOLS",
)
load(
"//:constants-linux-aarch64.bzl",
_LINUX_ARM64_GEN_FILES = "GEN_FILES",
_LINUX_ARM64_LIBCRYPTO_DEFINES = "LIBCRYPTO_DEFINES",
_LINUX_ARM64_LIBCRYPTO_SRCS = "LIBCRYPTO_SRCS",
_LINUX_ARM64_LIBSSL_DEFINES = "LIBSSL_DEFINES",
_LINUX_ARM64_LIBSSL_SRCS = "LIBSSL_SRCS",
_LINUX_ARM64_OPENSSL_APP_DEFINES = "LIBSSL_DEFINES",
_LINUX_ARM64_OPENSSL_APP_SRCS = "OPENSSL_APP_SRCS",
_LINUX_ARM64_OPENSSL_DEFINES = "OPENSSL_DEFINES",
_LINUX_ARM64_PERLASM_GEN = "PERLASM_GEN",
_LINUX_ARM64_PERLASM_OUTS = "PERLASM_OUTS",
_LINUX_ARM64_PERLASM_TOOLS = "PERLASM_TOOLS",
)
load(
"//:constants-linux-x86_64-clang.bzl",
_LINUX_X86_64_GEN_FILES = "GEN_FILES",
_LINUX_X86_64_LIBCRYPTO_DEFINES = "LIBCRYPTO_DEFINES",
_LINUX_X86_64_LIBCRYPTO_SRCS = "LIBCRYPTO_SRCS",
_LINUX_X86_64_LIBSSL_DEFINES = "LIBSSL_DEFINES",
_LINUX_X86_64_LIBSSL_SRCS = "LIBSSL_SRCS",
_LINUX_X86_64_OPENSSL_APP_DEFINES = "LIBSSL_DEFINES",
_LINUX_X86_64_OPENSSL_APP_SRCS = "OPENSSL_APP_SRCS",
_LINUX_X86_64_OPENSSL_DEFINES = "OPENSSL_DEFINES",
_LINUX_X86_64_PERLASM_GEN = "PERLASM_GEN",
_LINUX_X86_64_PERLASM_OUTS = "PERLASM_OUTS",
_LINUX_X86_64_PERLASM_TOOLS = "PERLASM_TOOLS",
)
load("//:utils.bzl", "get_repo_name")

_REPO_NAME = get_repo_name()

cc_library(
name = "crypto-textual-hdrs",
textual_hdrs = [
"crypto/des/ncbc_enc.c",
"crypto/LPdir_unix.c",
],
)

COMMON_OPENSSL_APP_SRCS = glob([
"include/internal/*.h",
"apps/include/*.h",
"apps/*.h",
"include/openssl/*.h",
]) + [
":apps/progs.h",
":include/openssl/asn1t.h",
":include/openssl/conf.h",
":include/openssl/crypto.h",
":include/openssl/ct.h",
":include/openssl/err.h",
":include/openssl/bio.h",
":include/openssl/cmp.h",
":include/openssl/cms.h",
":include/openssl/crmf.h",
":include/openssl/configuration.h",
":include/openssl/fipskey.h",
":include/openssl/ess.h",
":include/openssl/lhash.h",
":include/openssl/opensslv.h",
":include/openssl/ocsp.h",
":include/openssl/pkcs7.h",
":include/openssl/pkcs12.h",
":include/openssl/safestack.h",
":include/openssl/srp.h",
":include/openssl/ssl.h",
":include/openssl/ui.h",
":include/openssl/x509.h",
":include/openssl/x509v3.h",
":include/openssl/x509_vfy.h",
]

cc_binary(
name = "openssl",
srcs = COMMON_OPENSSL_APP_SRCS + select({
"@bazel_tools//src/conditions:linux_aarch64": _LINUX_ARM64_OPENSSL_APP_SRCS,
"@bazel_tools//src/conditions:linux_x86_64": _LINUX_X86_64_OPENSSL_APP_SRCS,
"@bazel_tools//src/conditions:darwin_arm64": _DARWIN_ARM64_OPENSSL_APP_SRCS,
"@bazel_tools//src/conditions:darwin_x86_64": _DARWIN_X86_64_OPENSSL_APP_SRCS,
}),
copts = [
"-iquote",
"$(BINDIR)/external/{}/apps".format(_REPO_NAME),
"-iquote",
"external/{}/apps".format(_REPO_NAME),
"-iquote",
"external/{}/apps/include".format(_REPO_NAME),
] + select({
"@bazel_tools//src/conditions:linux_aarch64": _LINUX_ARM64_OPENSSL_APP_DEFINES,
"@bazel_tools//src/conditions:linux_x86_64": _LINUX_X86_64_OPENSSL_APP_DEFINES,
"@bazel_tools//src/conditions:darwin_arm64": _DARWIN_ARM64_OPENSSL_APP_DEFINES,
"@bazel_tools//src/conditions:darwin_x86_64": _DARWIN_X86_64_OPENSSL_APP_DEFINES,
}),
visibility = ["//visibility:public"],
deps = [":ssl"],
)

COMMON_OPENSSL_COPTS = [
# As described in https://github.com/openssl/openssl/issues/4575, OpenSSL doesn't mark its
# assembly files as not requiring an executable stack. Pass --noexecstack to the assembler
# to do this.
"-Wa,--noexecstack",
# If someone wants to link with -fPIC, the objects they're linking need to have been built with it.
# Add this flag so that people can choose to link that way if they want to.
"-fPIC",
"-Wno-unused-command-line-argument",
"-I",
"external/{}/include".format(_REPO_NAME),
] + [
# This hardcoded path into the system mean we will find the system certs. Note Debian sets
# OPENSSLDIR=/usr/lib/ssl, but /usr/lib/ssl mostly consists of symlinks into /etc/ssl. We
# must set /etc/ssl here because some environments (e.g., YSS root filesystems) don't have
# /usr/lib/ssl at all.
"-DOPENSSLDIR=\\\"/etc/ssl\\\"",
# This is basically a no-op, since we've disabled dynamic loading of engines.
'-DENGINESDIR=\\"/usr/lib/engines-3.0\\"',
# also basically a no-op
"-DMODULESDIR=\\\"/dev/null\\\"",
"-DL_ENDIAN",
"-DOPENSSL_USE_NODELETE",
] + select({
"@bazel_tools//src/conditions:linux_aarch64": ["-mno-outline-atomics"],
"//conditions:default": [],
})

COMMON_LIBCRYPTO_SRCS = glob([
"crypto/**/*.h",
"crypto/*.h",
"include/crypto/**/*.h",
"include/internal/*.h",
"include/openssl/*.h",
"providers/**/*.h",
"providers/*.inc",
"providers/implementations/**/*.inc",
])

OPENSSL_GENERATED_HEADERS = sorted([k for k in _DARWIN_X86_64_GEN_FILES.keys() if k.endswith(".h") and k.startswith("include/")])

cc_library(
name = "crypto",
srcs = COMMON_LIBCRYPTO_SRCS + select({
"@bazel_tools//src/conditions:linux_aarch64": _LINUX_ARM64_LIBCRYPTO_SRCS,
"@bazel_tools//src/conditions:linux_x86_64": _LINUX_X86_64_LIBCRYPTO_SRCS,
"@bazel_tools//src/conditions:darwin_arm64": _DARWIN_ARM64_LIBCRYPTO_SRCS,
"@bazel_tools//src/conditions:darwin_x86_64": _DARWIN_X86_64_LIBCRYPTO_SRCS,
}),
hdrs = glob(
[
"include/openssl/*.h",
"include/openssl/**/*.h",
"include/crypto/*.h",
"include/crypto/**/*.h",
],
exclude = OPENSSL_GENERATED_HEADERS,
) + OPENSSL_GENERATED_HEADERS,
additional_compiler_inputs = [":generate-headers"] + glob(
# There are some .c files that are conditionally included textually, we want them to be
# available
["providers/implementations/**/*.c"],
),
copts = COMMON_OPENSSL_COPTS + [
"-iquote",
"external/{}/providers/implementations/macs".format(_REPO_NAME),
"-iquote",
"external/{}/providers/implementations/include".format(_REPO_NAME),
"-I",
"external/{}/providers/implementations/include".format(_REPO_NAME),
"-iquote",
"external/{}/providers/common/include".format(_REPO_NAME),
"-iquote",
"$(BINDIR)/external/{}/providers/common/include".format(_REPO_NAME),
"-iquote",
"$(BINDIR)/external/{}/crypto".format(_REPO_NAME),
"-iquote",
"external/{}/crypto".format(_REPO_NAME),
] + select({
"@bazel_tools//src/conditions:linux_aarch64": _LINUX_ARM64_OPENSSL_DEFINES,
"@bazel_tools//src/conditions:linux_x86_64": _LINUX_X86_64_OPENSSL_DEFINES,
"@bazel_tools//src/conditions:darwin_arm64": _DARWIN_ARM64_OPENSSL_DEFINES,
"@bazel_tools//src/conditions:darwin_x86_64": _DARWIN_X86_64_OPENSSL_DEFINES,
}) + select({
"@bazel_tools//src/conditions:linux_aarch64": _LINUX_ARM64_LIBCRYPTO_DEFINES,
"@bazel_tools//src/conditions:linux_x86_64": _LINUX_X86_64_LIBCRYPTO_DEFINES,
"@bazel_tools//src/conditions:darwin_arm64": _DARWIN_ARM64_LIBCRYPTO_DEFINES,
"@bazel_tools//src/conditions:darwin_x86_64": _DARWIN_X86_64_LIBCRYPTO_DEFINES,
}),
# To make sure downstream targets add the right copts to be able to include the headers.
includes = ["include"],
linkopts = [
"-lc",
"-pthread",
],
visibility = ["//visibility:public"],
deps = [":crypto-textual-hdrs"],
)

COMMON_LIBSSL_SRCS = glob(["ssl/**/*.h"])

cc_library(
name = "ssl",
srcs = COMMON_LIBSSL_SRCS + select({
"@bazel_tools//src/conditions:linux_aarch64": _LINUX_ARM64_LIBSSL_SRCS,
"@bazel_tools//src/conditions:linux_x86_64": _LINUX_X86_64_LIBSSL_SRCS,
"@bazel_tools//src/conditions:darwin_arm64": _DARWIN_ARM64_LIBSSL_SRCS,
"@bazel_tools//src/conditions:darwin_x86_64": _DARWIN_X86_64_LIBSSL_SRCS,
}),
hdrs = glob(
["include/openssl/*.h"],
exclude = OPENSSL_GENERATED_HEADERS,
) + OPENSSL_GENERATED_HEADERS,
additional_compiler_inputs = [":generate-headers"],
copts = COMMON_OPENSSL_COPTS + select({
"@bazel_tools//src/conditions:linux_aarch64": _LINUX_ARM64_OPENSSL_DEFINES,
"@bazel_tools//src/conditions:linux_x86_64": _LINUX_X86_64_OPENSSL_DEFINES,
"@bazel_tools//src/conditions:darwin_arm64": _DARWIN_ARM64_OPENSSL_DEFINES,
"@bazel_tools//src/conditions:darwin_x86_64": _DARWIN_X86_64_OPENSSL_DEFINES,
}) + select({
"@bazel_tools//src/conditions:linux_aarch64": _LINUX_ARM64_LIBSSL_DEFINES,
"@bazel_tools//src/conditions:linux_x86_64": _LINUX_X86_64_LIBSSL_DEFINES,
"@bazel_tools//src/conditions:darwin_arm64": _DARWIN_ARM64_LIBSSL_DEFINES,
"@bazel_tools//src/conditions:darwin_x86_64": _DARWIN_X86_64_LIBSSL_DEFINES,
}),
# To make sure downstream targets add the right copts to be able to include the headers.
includes = ["include"],
linkopts = ["-lc"],
visibility = ["//visibility:public"],
deps = [
":crypto",
],
)

PERLASM_TOOLS = glob(["crypto/perlasm/*.pl"])

CC_ENV_CMD = """export CC=$(CC)\n"""

# Outs does not support select, so we trick a bit. Each architecture has its own
# list of files, and we use the architecture as the key.
[
genrule(
name = "asm_" + k,
srcs = ["crypto/ec/ecp_nistz256_table.c"],
outs = v,
cmd = select({
"@bazel_tools//src/conditions:linux_aarch64": CC_ENV_CMD + _LINUX_ARM64_PERLASM_GEN,
"@bazel_tools//src/conditions:linux_x86_64": CC_ENV_CMD + _LINUX_X86_64_PERLASM_GEN,
"@bazel_tools//src/conditions:darwin_arm64": CC_ENV_CMD + _DARWIN_ARM64_PERLASM_GEN,
"@bazel_tools//src/conditions:darwin_x86_64": CC_ENV_CMD + _DARWIN_X86_64_PERLASM_GEN,
}),
target_compatible_with = [{
"arm64": "@platforms//cpu:arm64",
"x86_64": "@platforms//cpu:x86_64",
}[k]],
toolchains = [
"@bazel_tools//tools/cpp:current_cc_toolchain",
"@rules_perl//:current_toolchain",
],
tools = PERLASM_TOOLS + select({
"@bazel_tools//src/conditions:linux_aarch64": depset(direct = _LINUX_ARM64_PERLASM_TOOLS).to_list(),
"@bazel_tools//src/conditions:linux_x86_64": depset(direct = _LINUX_X86_64_PERLASM_TOOLS).to_list(),
"@bazel_tools//src/conditions:darwin_arm64": depset(direct = _DARWIN_ARM64_PERLASM_TOOLS).to_list(),
"@bazel_tools//src/conditions:darwin_x86_64": depset(direct = _DARWIN_X86_64_PERLASM_TOOLS).to_list(),
}),
)
for k, v in {
"arm64": _DARWIN_ARM64_PERLASM_OUTS,
"x86_64": _LINUX_X86_64_PERLASM_OUTS,
}.items()
]

GENERATE_HEADERS_CMD = """
cat <<'E_O_F' >$(location crypto/buildinf.h)
static const char compiler_flags[] = {{'\\0'}};
#define PLATFORM "platform: {platform}"
#define DATE "__REDACTED__"
E_O_F
cat <<'E_O_F' >$(location include/crypto/bn_conf.h)
{bn_conf_h}
E_O_F
cat <<'E_O_F' >$(location include/crypto/dso_conf.h)
{dso_conf_h}
E_O_F
cat <<'E_O_F' >$(location include/openssl/opensslconf.h)
{opensslconf_h}
E_O_F
cat <<'E_O_F' >$(location include/openssl/opensslv.h)
{opensslv_h}
E_O_F
cat <<'E_O_F' >$(location include/openssl/configuration.h)
{configuration_h}
E_O_F
cat <<'E_O_F' >$(location apps/progs.h)
{apps_progs_h}
E_O_F
cat <<'E_O_F' >$(location providers/common/der/der_dsa_gen.c)
{der_dsa_gen_c}
"""

GEN_FILE_CMD = """
cat << 'E_O_F' >$(location {filename})
{contents}
E_O_F
"""

genrule(
name = "generate-headers",
outs = sorted(_DARWIN_ARM64_GEN_FILES.keys()),
cmd = select({
"@bazel_tools//src/conditions:linux_aarch64": "\n".join([GEN_FILE_CMD.format(
contents = v,
filename = k,
) for k, v in _LINUX_ARM64_GEN_FILES.items()]),
"@bazel_tools//src/conditions:linux_x86_64": "\n".join([GEN_FILE_CMD.format(
contents = v,
filename = k,
) for k, v in _LINUX_X86_64_GEN_FILES.items()]),
"@bazel_tools//src/conditions:darwin_arm64": "\n".join([GEN_FILE_CMD.format(
contents = v,
filename = k,
) for k, v in _DARWIN_ARM64_GEN_FILES.items()]),
"@bazel_tools//src/conditions:darwin_x86_64": "\n".join([GEN_FILE_CMD.format(
contents = v,
filename = k,
) for k, v in _DARWIN_X86_64_GEN_FILES.items()]),
}),
)
1 change: 1 addition & 0 deletions modules/openssl/3.3.1.bcr.0/overlay/MODULE.bazel
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
../MODULE.bazel
Loading

0 comments on commit 27b1b45

Please sign in to comment.