Skip to content

Bootstrap 1.36 #407

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 5 commits into
base: release/v1.36
Choose a base branch
from
Open

Bootstrap 1.36 #407

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
59048b6
Add bssl-compat: BoringSSL compatibility layer for OpenSSL
jwendell Oct 22, 2025
e715bb7
Configure Bazel build system for OpenSSL and multi-architecture support
jwendell Oct 22, 2025
12cf37f
Adapt Envoy source code for OpenSSL compatibility
jwendell Oct 22, 2025
abfeb6b
Add CI/CD automation and update documentation for envoy-openssl
jwendell Oct 22, 2025
31f2c9b
Disable a failing test
jwendell Oct 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
The table of contents is too big for display.
Diff view
Diff view
  •  
  •  
  •  
The diff you're trying to view is too large. We only load the first 3000 changed files.
2 changes: 2 additions & 0 deletions .bazelrc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -593,3 +593,5 @@ try-import %workspace%/repo.bazelrc
try-import %workspace%/clang.bazelrc
try-import %workspace%/user.bazelrc
try-import %workspace%/local_tsan.bazelrc

import %workspace%/openssl/bazelrc
Empty file added .gitmodules
View file
Open in desktop
Empty file.
5 changes: 5 additions & 0 deletions WORKSPACE
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
workspace(name = "envoy")

local_repository(
name = "bssl-compat",
path = "bssl-compat",
)

load("//bazel:api_binding.bzl", "envoy_api_binding")

envoy_api_binding()
Expand Down
15 changes: 2 additions & 13 deletions bazel/BUILD
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -547,25 +547,14 @@ config_setting(
)

# Alias pointing to the selected version of BoringSSL:
# - BoringSSL FIPS from @boringssl_fips//:ssl,
# - non-FIPS BoringSSL from @boringssl//:ssl.
# - aws-lc from @aws_lc//:ssl
alias(
name = "boringssl",
actual = select({
"//bazel:boringssl_fips_ppc": "@aws_lc//:ssl",
"//bazel:boringssl_fips_not_ppc": "@boringssl_fips//:ssl",
"//conditions:default": "@boringssl//:ssl",
}),
actual = "@envoy//bssl-compat:ssl"
)

alias(
name = "boringcrypto",
actual = select({
"//bazel:boringssl_fips_ppc": "@aws_lc//:crypto",
"//bazel:boringssl_fips_not_ppc": "@boringssl_fips//:crypto",
"//conditions:default": "@boringssl//:crypto",
}),
actual = "@envoy//bssl-compat:crypto"
)

config_setting(
Expand Down
11 changes: 9 additions & 2 deletions bazel/envoy_build_system.bzl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -92,11 +92,14 @@ def envoy_contrib_package():
def _envoy_directory_genrule_impl(ctx):
tree = ctx.actions.declare_directory(ctx.attr.name + ".outputs")
ctx.actions.run_shell(
inputs = ctx.files.srcs,
inputs = ctx.files.srcs + ctx.files._openssl_libs,
tools = ctx.files.tools,
outputs = [tree],
command = "mkdir -p " + tree.path + " && " + ctx.expand_location(ctx.attr.cmd),
env = {"GENRULE_OUTPUT_DIR": tree.path},
env = {
"GENRULE_OUTPUT_DIR": tree.path,
"LD_LIBRARY_PATH": ":".join([f.dirname for f in ctx.files._openssl_libs]),
},
use_default_shell_env = True,
toolchain = None,
)
Expand All @@ -108,6 +111,10 @@ envoy_directory_genrule = rule(
"srcs": attr.label_list(),
"cmd": attr.string(),
"tools": attr.label_list(),
"_openssl_libs": attr.label(
default = Label("@openssl//:libs"),
allow_files = True,
),
},
)

Expand Down
4 changes: 3 additions & 1 deletion bazel/envoy_select.bzl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,11 @@ def envoy_cc_platform_dep(name):
"//conditions:default": [name + "_posix"],
})

# When building on bssl-compat, ignore whether we are building with BoringSSL
# in FIPS or non FIPS mode, and just pretend it's in the default non-FIPS mode.
def envoy_select_boringssl(if_fips, default = None, if_disabled = None):
return select({
"@envoy//bazel:boringssl_fips": if_fips,
"@envoy//bazel:boringssl_fips": default or [],
"@envoy//bazel:boringssl_disabled": if_disabled or [],
"//conditions:default": default or [],
})
Expand Down
42 changes: 42 additions & 0 deletions bazel/external/openssl.BUILD
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
load("@rules_foreign_cc//foreign_cc:configure.bzl", "configure_make")

licenses(["notice"]) # Apache 2

filegroup(
name = "all",
srcs = glob(["**"]),
visibility = ["//visibility:public"],
)

configure_make(
name = "openssl",
lib_source = ":all",
configure_in_place = True,
configure_command = "Configure",
configure_options = ["--libdir=lib"],
targets = ["build_sw", "install_sw"],
args = ["-j"],
out_lib_dir = "lib",
out_shared_libs = ["libssl.so.3", "libcrypto.so.3"],
visibility = ["//visibility:public"],
)

filegroup(
name = "libssl",
srcs = [":openssl"],
output_group = "libssl.so.3",
visibility = ["//visibility:private"],
)

filegroup(
name = "libcrypto",
srcs = [":openssl"],
output_group = "libcrypto.so.3",
visibility = ["//visibility:private"],
)

filegroup(
name = "libs",
srcs = [":libssl", ":libcrypto"],
visibility = ["//visibility:public"],
)
Loading