Added quictls-openssl to install script

a6aa8bb6 · Bartolomeo Berend Müller · 40ff691c · a6aa8bb6 · a6aa8bb6
Commit a6aa8bb6 authored 5 months ago by Bartolomeo Berend Müller
--- a/pq-tls-benchmark-framework/emulation-exp/code/cquiche/install.sh
+++ b/pq-tls-benchmark-framework/emulation-exp/code/cquiche/install.sh
@@ -28,6 +28,7 @@ OPENSSL_INSTALL=${ROOT}/.local/openssl
 wget https://cmake.org/files/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}.${CMAKE_BUILD}-linux-x86_64.sh
 # git clone --no-checkout --single-branch --branch openssl-3.4 https://github.com/openssl/openssl.git
 # (cd openssl && git switch --detach tags/openssl-3.4.0)
+# care wrong version of quictls
 git clone --no-checkout --single-branch --branch openssl-3.3.0+quic https://github.com/quictls/openssl.git quictls/openssl
 (cd quictls/openssl && git switch --detach openssl-3.3.0+quic)
 git clone --recursive https://github.com/cloudflare/quiche

--- a/pq-tls-benchmark-framework/emulation-exp/code/install-prereqs-ubuntu.sh
+++ b/pq-tls-benchmark-framework/emulation-exp/code/install-prereqs-ubuntu.sh
 #!/bin/bash
 set -ex

+# Make sure you have a recent version of rust installed.
 # Make sure to have a recent version of openssl installed by default. For example by having an up to date os version.

 sudo apt update
@@ -23,16 +24,22 @@ cd tmp
 ROOT=$(pwd)
 INSTALL_DIR=${ROOT}/.local
 OPENSSL_INSTALL=${ROOT}/.local/openssl
+QUICTLS_OPENSSL_INSTALL=${ROOT}/.local/quictls-openssl

 # Fetch all the files we need
 wget https://cmake.org/files/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}.${CMAKE_BUILD}-linux-x86_64.sh
+# normal openssl
 git clone --no-checkout --single-branch --branch openssl-3.4 https://github.com/openssl/openssl.git
 (cd openssl && git switch --detach tags/openssl-3.4.0)
-# 0.11 was released, maybe switch to it when running experiment again
-git clone --no-checkout --single-branch --branch 0.10.1-release https://github.com/open-quantum-safe/liboqs.git
-(cd liboqs && git switch --detach tags/0.10.1)
-git clone --no-checkout --single-branch --branch main https://github.com/open-quantum-safe/oqs-provider.git
-(cd oqs-provider && git switch --detach tags/0.6.1)
+# openssl with boringssl quic interfaces
+git clone --no-checkout --single-branch --branch openssl-3.1.7+quic https://github.com/quictls/openssl.git quictls-openssl
+(cd quictls-openssl && git switch --detach openssl-3.1.7+quic)
+git clone --recursive https://github.com/cloudflare/quiche
+git clone --no-checkout --single-branch --branch 0.11.0-release https://github.com/open-quantum-safe/liboqs.git
+(cd liboqs && git switch --detach tags/0.11.0)
+# git clone --no-checkout --single-branch --branch main https://github.com/open-quantum-safe/oqs-provider.git
+git clone https://github.com/open-quantum-safe/oqs-provider.git
+(cd oqs-provider && git switch --detach tags/0.7.0)
 wget nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && tar -zxvf nginx-${NGINX_VERSION}.tar.gz

 # Install the latest CMake
@@ -58,6 +65,12 @@ patch ${ROOT}/openssl/ssl/quic/quic_channel.c < ${ROOT}/../patches/openssl/quic_
    # ln -s lib64 lib
 )

+(
+    cd quictls-openssl
+    LDFLAGS="-Wl,-rpath -Wl,${QUICTLS_OPENSSL_INSTALL}/lib64" ./Configure --prefix=${QUICTLS_OPENSSL_INSTALL} --openssldir=${QUICTLS_OPENSSL_INSTALL}/ssl
+    make && make install_sw install_ssldirs
+)
+
 # build liboqs
 (
    cd liboqs
@@ -72,17 +85,18 @@ patch ${ROOT}/openssl/ssl/quic/quic_channel.c < ${ROOT}/../patches/openssl/quic_
 (
    cd oqs-provider
    liboqs_DIR=${INSTALL_DIR}/liboqs ${INSTALL_DIR}/cmake/bin/cmake -DOPENSSL_ROOT_DIR=${OPENSSL_INSTALL} -S . -B build && ${INSTALL_DIR}/cmake/bin/cmake --build build
-    # next command does not work, but is not needed maybe cuz we just copy the library???
-    # maybe use --install-prefix for next command
-    # cmake --install build --prefix ${ROOT}/oqs-provider/install
    cp build/lib/oqsprovider.so ${OPENSSL_INSTALL}/lib64/ossl-modules/
+    cp build/lib/oqsprovider.so ${QUICTLS_OPENSSL_INSTALL}/lib64/ossl-modules/
    # can also be installed to system
-    # sudo cp /home/bebbo/own/master/benchmarking-pqc-in-quic/pq-tls-benchmark-framework/emulation-exp/code/tmp/oqs-provider/build/lib/oqsprovider.so /lib/x86_64-linux-gnu/ossl-modules
+    # sudo cp tmp/oqs-provider/build/lib/oqsprovider.so /lib/x86_64-linux-gnu/ossl-modules
 )

 sed -i "s/default = default_sect/default = default_sect\noqsprovider = oqsprovider_sect/g" ${OPENSSL_INSTALL}/ssl/openssl.cnf
 sed -i "s/\[default_sect\]/\[default_sect\]\nactivate = 1\n\[oqsprovider_sect\]\nactivate = 1\n/g" ${OPENSSL_INSTALL}/ssl/openssl.cnf

+sed -i "s/default = default_sect/default = default_sect\noqsprovider = oqsprovider_sect/g" ${QUICTLS_OPENSSL_INSTALL}/ssl/openssl.cnf
+sed -i "s/\[default_sect\]/\[default_sect\]\nactivate = 1\n\[oqsprovider_sect\]\nactivate = 1\n/g" ${QUICTLS_OPENSSL_INSTALL}/ssl/openssl.cnf
+
 ${OPENSSL_INSTALL}/bin/openssl version -d 

 if [[ $(${OPENSSL_INSTALL}/bin/openssl version -d) != *"${OPENSSL_INSTALL}/ssl"* ]]; then
@@ -95,8 +109,13 @@ if [[ $(${OPENSSL_INSTALL}/bin/openssl list -providers) != *"OpenSSL OQS Provide
 fi
 echo "Openssl seems to be installed correctly"

-# for nginx build
-# export OPENSSL_CONF=${OPENSSL_INSTALL}/ssl/openssl.cnf
+(
+    cd quiche
+    # give cargo the context of the custom openssl (the pkgconfig file), so that it can find the correct libs
+    PKG_CONFIG_PATH=${QUICTLS_OPENSSL_INSTALL}/lib64/pkgconfig cargo build --features=openssl
+
+    # how to find out if openssl is used or boringssl?
+)

 # apply patches to nginx source
 patch ${ROOT}/nginx-${NGINX_VERSION}/src/event/quic/ngx_event_quic_openssl_compat.c < ${ROOT}/../patches/nginx-${NGINX_VERSION}-patches/ngx_event_quic_openssl_compat.c.diff
@@ -119,17 +138,20 @@ patch ${ROOT}/nginx-${NGINX_VERSION}/src/event/quic/ngx_event_quic_openssl_compa
                    # --with-openssl=${ROOT}/openssl \
                    # --with-cc-opt="-I ${OPENSSL_INSTALL}/include/openssl" \
                    # --with-ld-opt="-L ${OPENSSL_INSTALL}/lib64"
-    # sed -i 's/libcrypto.a/libcrypto.a -loqs/g' objs/Makefile;
-    # NOTE why change this?
-    # sed -i 's/EVP_MD_CTX_create/EVP_MD_CTX_new/g; s/EVP_MD_CTX_destroy/EVP_MD_CTX_free/g' src/event/ngx_event_openssl.c
    make && make install
 )

 # NOTE check with nginx -V and ldd if the openssl is linked correctly
 # it should show the path to the custom openssl
-# This only shows the correct path (if RUNPATH is not used), if the LD_LIBRARY_PATH env var is set correctly
-${INSTALL_DIR}/nginx/sbin/nginx -V
-ldd ${INSTALL_DIR}/nginx/sbin/nginx
-readelf -d ${INSTALL_DIR}/nginx/sbin/nginx | grep 'R.*PATH'
+# If RUNPATH is not used, this only shows the correct path, if the LD_LIBRARY_PATH env var is set correctly
+# ${INSTALL_DIR}/nginx/sbin/nginx -V
+# ldd ${INSTALL_DIR}/nginx/sbin/nginx
+if grep -q "tmp/.local/openssl/lib64/libssl.so" <(ldd ${INSTALL_DIR}/nginx/sbin/nginx); then
+  echo "String 'tmp/.local/openssl/lib64/libssl.so' found in ldd output."
+fi
+# readelf -d ${INSTALL_DIR}/nginx/sbin/nginx | grep 'R.*PATH'
+if grep -q "tmp/.local/openssl/lib64" <(readelf -d ${INSTALL_DIR}/nginx/sbin/nginx | grep 'R.*PATH'); then
+  echo "String 'tmp/.local/openssl/lib64' found in readelf output."
+fi

-echo "You should see that nginx is linked against the custom openssl in tmp/.local/openssl"
+echo "Installation done"