-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathcreate-secondary-patch.sh
executable file
·60 lines (51 loc) · 2.45 KB
/
create-secondary-patch.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
#!/bin/bash
set -ex
# Apply some manual substitutions with sed. These changes will likely introduce
# merge conflicts if this was a patch, so we do them here instead and generate a patch
# after.
GO_SOURCES=src/crypto/**/*.go
sed -i -e "s/boring\.Enabled/boring\.Enabled()/g" ${GO_SOURCES}
sed -i -e "s/\"crypto\/internal\/boring\"/boring \"crypto\/internal\/backend\"/g" ${GO_SOURCES}
sed -i -e "s/\"crypto\/internal\/boring\/bbig\"/\"crypto\/internal\/backend\/bbig\"/g" ${GO_SOURCES}
sed -i -e "s/const boringEnabled/var boringEnabled/g" ${GO_SOURCES}
sed -i -e "s/\!boringcrypto/no_openssl/g" ${GO_SOURCES}
sed -i -e "s/boringcrypto/!no_openssl/g" ${GO_SOURCES}
sed -i -e "s/boringcrypto/!no_openssl/g" src/crypto/internal/boring/fipstls/*.*
sed -i -e "s/boringcrypto/!no_openssl/g" src/cmd/api/*.*
# revert this back to fix the api test
sed -i -e "s/\!no_openssl/boringcrypto/g" src/crypto/boring/boring.go
# Remove the crypto/internal/boring code as we're replacing it with the openssl backend code.
rm -rf src/crypto/internal/boring/*.go
#rm -rf src/crypto/internal/boring/bbig
rm src/crypto/boring/notboring_test.go
rm src/crypto/boring/boring_test.go
echo """// Copyright 2017 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Package boring provides access to BoringCrypto implementation functions.
// Check the constant Enabled to find out whether BoringCrypto is available.
// If BoringCrypto is not available, the functions in this package all panic.
package boring
import \"github.com/golang-fips/openssl/v2\"
// A BigInt is the raw words from a BigInt.
// This definition allows us to avoid importing math/big.
// Conversion between BigInt and *big.Int is in crypto/internal/boring/bbig.
type BigInt = openssl.BigInt
""" >src/crypto/internal/boring/doc.go
# Add new openssl backend to module and vendor it.
export GOROOT=$(pwd)
cd src
SCRIPT_DIR=$(readlink -f $(dirname $0))
CONFIG_DIR=$(readlink -f $(dirname $0)/../config)
OPENSSL_FIPS_REF=$(../bin/go run ${SCRIPT_DIR}/versions.go ${CONFIG_DIR}/versions.json \
github.com/golang-fips/openssl)
../bin/go get github.com/golang-fips/openssl/v2@${OPENSSL_FIPS_REF}
replace="${1}"
if [ -n "${replace}" ]; then
go mod edit -replace github.com/golang-fips/openssl/v2="${replace}"
fi
../bin/go mod tidy
../bin/go mod vendor
# Generate the final patch.
git add .
git diff --cached --binary >../../patches/001-initial-openssl-for-fips.patch