Skip to content
Snippets Groups Projects
Commit a6aa8bb6 authored by Bartolomeo Berend Müller's avatar Bartolomeo Berend Müller
Browse files

Added quictls-openssl to install script

parent 40ff691c
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
pq-tls-benchmark-framework/emulation-exp/code/cquiche/install.sh
+ 1
0
View file @ a6aa8bb6
...@@ -28,6 +28,7 @@ OPENSSL_INSTALL=${ROOT}/.local/openssl ...@@ -28,6 +28,7 @@ OPENSSL_INSTALL=${ROOT}/.local/openssl
wget https://cmake.org/files/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}.${CMAKE_BUILD}-linux-x86_64.sh wget https://cmake.org/files/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}.${CMAKE_BUILD}-linux-x86_64.sh
# git clone --no-checkout --single-branch --branch openssl-3.4 https://github.com/openssl/openssl.git # git clone --no-checkout --single-branch --branch openssl-3.4 https://github.com/openssl/openssl.git
# (cd openssl && git switch --detach tags/openssl-3.4.0) # (cd openssl && git switch --detach tags/openssl-3.4.0)
# care wrong version of quictls
git clone --no-checkout --single-branch --branch openssl-3.3.0+quic https://github.com/quictls/openssl.git quictls/openssl git clone --no-checkout --single-branch --branch openssl-3.3.0+quic https://github.com/quictls/openssl.git quictls/openssl
(cd quictls/openssl && git switch --detach openssl-3.3.0+quic) (cd quictls/openssl && git switch --detach openssl-3.3.0+quic)
git clone --recursive https://github.com/cloudflare/quiche git clone --recursive https://github.com/cloudflare/quiche
......
pq-tls-benchmark-framework/emulation-exp/code/install-prereqs-ubuntu.sh
+ 41
19
View file @ a6aa8bb6
#!/bin/bash #!/bin/bash
set -ex set -ex
# Make sure you have a recent version of rust installed.
# Make sure to have a recent version of openssl installed by default. For example by having an up to date os version. # Make sure to have a recent version of openssl installed by default. For example by having an up to date os version.
sudo apt update sudo apt update
...@@ -23,16 +24,22 @@ cd tmp ...@@ -23,16 +24,22 @@ cd tmp
ROOT=$(pwd) ROOT=$(pwd)
INSTALL_DIR=${ROOT}/.local INSTALL_DIR=${ROOT}/.local
OPENSSL_INSTALL=${ROOT}/.local/openssl OPENSSL_INSTALL=${ROOT}/.local/openssl
QUICTLS_OPENSSL_INSTALL=${ROOT}/.local/quictls-openssl
# Fetch all the files we need # Fetch all the files we need
wget https://cmake.org/files/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}.${CMAKE_BUILD}-linux-x86_64.sh wget https://cmake.org/files/v${CMAKE_VERSION}/cmake-${CMAKE_VERSION}.${CMAKE_BUILD}-linux-x86_64.sh
# normal openssl
git clone --no-checkout --single-branch --branch openssl-3.4 https://github.com/openssl/openssl.git git clone --no-checkout --single-branch --branch openssl-3.4 https://github.com/openssl/openssl.git
(cd openssl && git switch --detach tags/openssl-3.4.0) (cd openssl && git switch --detach tags/openssl-3.4.0)
# 0.11 was released, maybe switch to it when running experiment again # openssl with boringssl quic interfaces
git clone --no-checkout --single-branch --branch 0.10.1-release https://github.com/open-quantum-safe/liboqs.git git clone --no-checkout --single-branch --branch openssl-3.1.7+quic https://github.com/quictls/openssl.git quictls-openssl
(cd liboqs && git switch --detach tags/0.10.1) (cd quictls-openssl && git switch --detach openssl-3.1.7+quic)
git clone --no-checkout --single-branch --branch main https://github.com/open-quantum-safe/oqs-provider.git git clone --recursive https://github.com/cloudflare/quiche
(cd oqs-provider && git switch --detach tags/0.6.1) git clone --no-checkout --single-branch --branch 0.11.0-release https://github.com/open-quantum-safe/liboqs.git
(cd liboqs && git switch --detach tags/0.11.0)
# git clone --no-checkout --single-branch --branch main https://github.com/open-quantum-safe/oqs-provider.git
git clone https://github.com/open-quantum-safe/oqs-provider.git
(cd oqs-provider && git switch --detach tags/0.7.0)
wget nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && tar -zxvf nginx-${NGINX_VERSION}.tar.gz wget nginx.org/download/nginx-${NGINX_VERSION}.tar.gz && tar -zxvf nginx-${NGINX_VERSION}.tar.gz
# Install the latest CMake # Install the latest CMake
...@@ -58,6 +65,12 @@ patch ${ROOT}/openssl/ssl/quic/quic_channel.c < ${ROOT}/../patches/openssl/quic_ ...@@ -58,6 +65,12 @@ patch ${ROOT}/openssl/ssl/quic/quic_channel.c < ${ROOT}/../patches/openssl/quic_
# ln -s lib64 lib # ln -s lib64 lib
) )
(
cd quictls-openssl
LDFLAGS="-Wl,-rpath -Wl,${QUICTLS_OPENSSL_INSTALL}/lib64" ./Configure --prefix=${QUICTLS_OPENSSL_INSTALL} --openssldir=${QUICTLS_OPENSSL_INSTALL}/ssl
make && make install_sw install_ssldirs
)
# build liboqs # build liboqs
( (
cd liboqs cd liboqs
...@@ -72,17 +85,18 @@ patch ${ROOT}/openssl/ssl/quic/quic_channel.c < ${ROOT}/../patches/openssl/quic_ ...@@ -72,17 +85,18 @@ patch ${ROOT}/openssl/ssl/quic/quic_channel.c < ${ROOT}/../patches/openssl/quic_
( (
cd oqs-provider cd oqs-provider
liboqs_DIR=${INSTALL_DIR}/liboqs ${INSTALL_DIR}/cmake/bin/cmake -DOPENSSL_ROOT_DIR=${OPENSSL_INSTALL} -S . -B build && ${INSTALL_DIR}/cmake/bin/cmake --build build liboqs_DIR=${INSTALL_DIR}/liboqs ${INSTALL_DIR}/cmake/bin/cmake -DOPENSSL_ROOT_DIR=${OPENSSL_INSTALL} -S . -B build && ${INSTALL_DIR}/cmake/bin/cmake --build build
# next command does not work, but is not needed maybe cuz we just copy the library???
# maybe use --install-prefix for next command
# cmake --install build --prefix ${ROOT}/oqs-provider/install
cp build/lib/oqsprovider.so ${OPENSSL_INSTALL}/lib64/ossl-modules/ cp build/lib/oqsprovider.so ${OPENSSL_INSTALL}/lib64/ossl-modules/
cp build/lib/oqsprovider.so ${QUICTLS_OPENSSL_INSTALL}/lib64/ossl-modules/
# can also be installed to system # can also be installed to system
# sudo cp /home/bebbo/own/master/benchmarking-pqc-in-quic/pq-tls-benchmark-framework/emulation-exp/code/tmp/oqs-provider/build/lib/oqsprovider.so /lib/x86_64-linux-gnu/ossl-modules # sudo cp tmp/oqs-provider/build/lib/oqsprovider.so /lib/x86_64-linux-gnu/ossl-modules
) )
sed -i "s/default = default_sect/default = default_sect\noqsprovider = oqsprovider_sect/g" ${OPENSSL_INSTALL}/ssl/openssl.cnf sed -i "s/default = default_sect/default = default_sect\noqsprovider = oqsprovider_sect/g" ${OPENSSL_INSTALL}/ssl/openssl.cnf
sed -i "s/\[default_sect\]/\[default_sect\]\nactivate = 1\n\[oqsprovider_sect\]\nactivate = 1\n/g" ${OPENSSL_INSTALL}/ssl/openssl.cnf sed -i "s/\[default_sect\]/\[default_sect\]\nactivate = 1\n\[oqsprovider_sect\]\nactivate = 1\n/g" ${OPENSSL_INSTALL}/ssl/openssl.cnf
sed -i "s/default = default_sect/default = default_sect\noqsprovider = oqsprovider_sect/g" ${QUICTLS_OPENSSL_INSTALL}/ssl/openssl.cnf
sed -i "s/\[default_sect\]/\[default_sect\]\nactivate = 1\n\[oqsprovider_sect\]\nactivate = 1\n/g" ${QUICTLS_OPENSSL_INSTALL}/ssl/openssl.cnf
${OPENSSL_INSTALL}/bin/openssl version -d ${OPENSSL_INSTALL}/bin/openssl version -d
if [[ $(${OPENSSL_INSTALL}/bin/openssl version -d) != *"${OPENSSL_INSTALL}/ssl"* ]]; then if [[ $(${OPENSSL_INSTALL}/bin/openssl version -d) != *"${OPENSSL_INSTALL}/ssl"* ]]; then
...@@ -95,8 +109,13 @@ if [[ $(${OPENSSL_INSTALL}/bin/openssl list -providers) != *"OpenSSL OQS Provide ...@@ -95,8 +109,13 @@ if [[ $(${OPENSSL_INSTALL}/bin/openssl list -providers) != *"OpenSSL OQS Provide
fi fi
echo "Openssl seems to be installed correctly" echo "Openssl seems to be installed correctly"
# for nginx build (
# export OPENSSL_CONF=${OPENSSL_INSTALL}/ssl/openssl.cnf cd quiche
# give cargo the context of the custom openssl (the pkgconfig file), so that it can find the correct libs
PKG_CONFIG_PATH=${QUICTLS_OPENSSL_INSTALL}/lib64/pkgconfig cargo build --features=openssl
# how to find out if openssl is used or boringssl?
)
# apply patches to nginx source # apply patches to nginx source
patch ${ROOT}/nginx-${NGINX_VERSION}/src/event/quic/ngx_event_quic_openssl_compat.c < ${ROOT}/../patches/nginx-${NGINX_VERSION}-patches/ngx_event_quic_openssl_compat.c.diff patch ${ROOT}/nginx-${NGINX_VERSION}/src/event/quic/ngx_event_quic_openssl_compat.c < ${ROOT}/../patches/nginx-${NGINX_VERSION}-patches/ngx_event_quic_openssl_compat.c.diff
...@@ -119,17 +138,20 @@ patch ${ROOT}/nginx-${NGINX_VERSION}/src/event/quic/ngx_event_quic_openssl_compa ...@@ -119,17 +138,20 @@ patch ${ROOT}/nginx-${NGINX_VERSION}/src/event/quic/ngx_event_quic_openssl_compa
# --with-openssl=${ROOT}/openssl \ # --with-openssl=${ROOT}/openssl \
# --with-cc-opt="-I ${OPENSSL_INSTALL}/include/openssl" \ # --with-cc-opt="-I ${OPENSSL_INSTALL}/include/openssl" \
# --with-ld-opt="-L ${OPENSSL_INSTALL}/lib64" # --with-ld-opt="-L ${OPENSSL_INSTALL}/lib64"
# sed -i 's/libcrypto.a/libcrypto.a -loqs/g' objs/Makefile;
# NOTE why change this?
# sed -i 's/EVP_MD_CTX_create/EVP_MD_CTX_new/g; s/EVP_MD_CTX_destroy/EVP_MD_CTX_free/g' src/event/ngx_event_openssl.c
make && make install make && make install
) )
# NOTE check with nginx -V and ldd if the openssl is linked correctly # NOTE check with nginx -V and ldd if the openssl is linked correctly
# it should show the path to the custom openssl # it should show the path to the custom openssl
# This only shows the correct path (if RUNPATH is not used), if the LD_LIBRARY_PATH env var is set correctly # If RUNPATH is not used, this only shows the correct path, if the LD_LIBRARY_PATH env var is set correctly
${INSTALL_DIR}/nginx/sbin/nginx -V # ${INSTALL_DIR}/nginx/sbin/nginx -V
ldd ${INSTALL_DIR}/nginx/sbin/nginx # ldd ${INSTALL_DIR}/nginx/sbin/nginx
readelf -d ${INSTALL_DIR}/nginx/sbin/nginx | grep 'R.*PATH' if grep -q "tmp/.local/openssl/lib64/libssl.so" <(ldd ${INSTALL_DIR}/nginx/sbin/nginx); then
echo "String 'tmp/.local/openssl/lib64/libssl.so' found in ldd output."
fi
# readelf -d ${INSTALL_DIR}/nginx/sbin/nginx | grep 'R.*PATH'
if grep -q "tmp/.local/openssl/lib64" <(readelf -d ${INSTALL_DIR}/nginx/sbin/nginx | grep 'R.*PATH'); then
echo "String 'tmp/.local/openssl/lib64' found in readelf output."
fi
echo "You should see that nginx is linked against the custom openssl in tmp/.local/openssl" echo "Installation done"
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment