Skip to content

Commit

Permalink
HBSD: security/certificate-transparency: Fix build with LibreSSL
Browse files Browse the repository at this point in the history
Fixes #11

See also google/certificate-transparency#1364

Signed-off-by: Bernard Spil <[email protected]>
  • Loading branch information
Sp1l committed Feb 11, 2017
1 parent cfb8584 commit 20eccfb
Show file tree
Hide file tree
Showing 5 changed files with 94 additions and 48 deletions.
27 changes: 27 additions & 0 deletions security/certificate-transparency/files/patch-Makefile.am
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,15 @@
cpp/monitoring/prometheus/metrics.pb.cc \
cpp/monitoring/prometheus/metrics.pb.h \
proto/ct.pb.cc \
@@ -112,7 +110,7 @@ TESTS = \
cpp/util/sync_task_test \
cpp/util/task_test

-if !OPENSSL_IS_BORINGSSL
+if !OPENSSL_NO_CMS
TESTS += cpp/log/cms_verifier_test
endif

@@ -131,9 +129,6 @@ endif
cpp/gtest-all.cc: $(GTEST_DIR)/src/gtest-all.cc
$(AM_V_at)cp $^ $@
Expand All @@ -19,6 +28,15 @@
test/testdata/urlfetcher_test_certs/localhost-key.pem: test/create_url_fetcher_test_certs.sh
$(AM_V_GEN)test/create_url_fetcher_test_certs.sh

@@ -217,7 +212,7 @@ cpp_libcore_a_SOURCES = \
proto/ct.pb.cc \
proto/ct.pb.h

-if !OPENSSL_IS_BORINGSSL
+if !OPENSSL_NO_CMS
cpp_libcore_a_SOURCES += cpp/log/cms_verifier.cc
endif

@@ -226,8 +221,6 @@ cpp_libtest_a_CPPFLAGS = \
-I$(GTEST_DIR) \
$(AM_CPPFLAGS)
Expand All @@ -28,3 +46,12 @@
cpp/util/testing.cc

cpp_server_ct_mirror_LDADD = \
@@ -907,7 +900,7 @@ cpp_log_cert_test_SOURCES = \
cpp/log/cert_test.cc \
cpp/util/util.cc

-if !OPENSSL_IS_BORINGSSL
+if !OPENSSL_NO_CMS
cpp_log_cms_verifier_test_LDADD = \
cpp/libcore.a \
cpp/libtest.a \
26 changes: 26 additions & 0 deletions security/certificate-transparency/files/patch-configure.ac
Original file line number Diff line number Diff line change
Expand Up @@ -29,3 +29,29 @@
save_LIBS="$LIBS"
AS_UNSET([LIBS])
AC_SEARCH_LIBS([snappy_compress], [snappy],,, [$save_LIBS])
@@ -146,6 +147,17 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#in
[AC_MSG_RESULT([yes]); openssl_is_boringssl=1],
[AC_MSG_RESULT([no])])

+AC_MSG_CHECKING([for LibreSSL])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include <openssl/opensslv.h>]],
+ [[
+ #ifndef LIBRESSL_VERSION_NUMBER
+ # error not LibreSSL
+ #endif
+ ]])
+ ],
+ [AC_MSG_RESULT([yes]); openssl_is_libressl=1],
+ [AC_MSG_RESULT([no])])
+
save_LIBS="$LIBS"
AS_UNSET([LIBS])
AC_SEARCH_LIBS([event_base_dispatch], [event],, [missing_libevent=1],
@@ -212,6 +224,7 @@ AM_CONDITIONAL([HAVE_ANT], [test -n "$AN
AM_CONDITIONAL([HAVE_LDNS], [test -z "$missing_ldns"])
AM_CONDITIONAL([HAVE_OBJECTHASH], [test -z "$missing_objecthash"])
AM_CONDITIONAL([OPENSSL_IS_BORINGSSL], [test -n "$openssl_is_boringssl"])
+AM_CONDITIONAL([OPENSSL_NO_CMS], [test -z "$openssl_is_boringssl" -o -z "$openssl_is_boringssl"])
AC_DEFINE_UNQUOTED([TEST_SRCDIR], ["$srcdir"], [Top of the source directory, for tests.])
AC_SUBST([INSTALL_DIR])
AC_CONFIG_FILES([Makefile])
58 changes: 10 additions & 48 deletions security/certificate-transparency/files/patch-cpp-client-ct.cc
Original file line number Diff line number Diff line change
@@ -1,49 +1,11 @@
--- cpp/client/ct.cc.orig 2016-10-14 17:11:57 UTC
--- cpp/client/ct.cc.orig 2017-02-11 20:58:57 UTC
+++ cpp/client/ct.cc
@@ -451,8 +451,8 @@ static void MakeCert() {

This comment has been minimized.

Copy link
@donnakids2018

donnakids2018 May 15, 2018

Donna E Santiago

// (This means the relevant section should be last in the configuration.)
// 1.2.3.1=DER:[raw encoding of proof]
static void WriteProofToConfig() {
- CHECK(!FLAGS_sct_token.empty()) << google::ProgramUsage();
- CHECK(!FLAGS_extensions_config_out.empty()) << google::ProgramUsage();
+ CHECK(!FLAGS_sct_token.empty()) << gflags::ProgramUsage();
+ CHECK(!FLAGS_extensions_config_out.empty()) << gflags::ProgramUsage();

string sct;

@@ -479,8 +479,8 @@ static const char kPEMLabel[] = "SERVERI
// Wrap the proof in the format expected by the TLS extension,
// so that we can feed it to OpenSSL.
static void ProofToExtensionData() {
- CHECK(!FLAGS_sct_token.empty()) << google::ProgramUsage();
- CHECK(!FLAGS_tls_extension_data_out.empty()) << google::ProgramUsage();
+ CHECK(!FLAGS_sct_token.empty()) << gflags::ProgramUsage();
+ CHECK(!FLAGS_tls_extension_data_out.empty()) << gflags::ProgramUsage();
string serialized_sct;
PCHECK(util::ReadBinaryFile(FLAGS_sct_token, &serialized_sct))
@@ -939,13 +939,13 @@ int GetSTH() {
// Exit code upon abnormal exit (CHECK failures): != 0
// (on UNIX, 134 is expected)
int main(int argc, char** argv) {
- google::SetUsageMessage(argv[0] + string(kUsage));
+ gflags::SetUsageMessage(argv[0] + string(kUsage));
util::InitCT(&argc, &argv);
ConfigureSerializerForV1CT();
const string main_command(argv[0]);
if (argc < 2) {
- std::cout << google::ProgramUsage();
+ std::cout << gflags::ProgramUsage();
return 1;
}
@@ -983,7 +983,7 @@ int main(int argc, char** argv) {
} else if (cmd == "sth") {
ret = GetSTH();
} else {
- std::cout << google::ProgramUsage();
+ std::cout << gflags::ProgramUsage();
ret = 1;
}
@@ -530,7 +530,7 @@ static void ProofToExtensionData() {
<< " for writing:" << strerror(errno);

// Work around broken PEM_write() declaration in older OpenSSL versions.
-#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
PEM_write(out, const_cast<char*>(kPEMLabel), const_cast<char*>(""),
const_cast<unsigned char*>(reinterpret_cast<const unsigned char*>(
extension_data_out.str().data())),
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
--- cpp/client/ssl_client.cc.orig 2016-10-14 17:11:57 UTC
+++ cpp/client/ssl_client.cc
@@ -88,7 +88,7 @@ SSLClient::SSLClient(const string& serve

SSL_CTX_set_cert_verify_callback(ctx_.get(), &VerifyCallback, &verify_args_);

-#if OPENSSL_VERSION_NUMBER >= 0x10002000L
+#if OPENSSL_VERSION_NUMBER >= 0x10002000L && !defined(LIBRESSL_VERSION_NUMBER)
SSL_CTX_add_client_custom_ext(ctx_.get(), CT_EXTENSION_TYPE, NULL, NULL,
NULL, ExtensionCallback, &verify_args_);
#else
20 changes: 20 additions & 0 deletions security/certificate-transparency/files/patch-cpp_log_cert.cc
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
--- cpp/log/cert.cc.orig 2016-10-14 17:11:57 UTC
+++ cpp/log/cert.cc
@@ -31,7 +31,7 @@ using util::StatusOr;
using util::error::Code;


-#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(OPENSSL_IS_BORINGSSL)
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(OPENSSL_IS_BORINGSSL) || defined(LIBRESSL_VERSION_NUMBER)
// Backport from 1.0.2-beta3.
static int i2d_re_X509_tbs(X509* x, unsigned char** pp) {
x->cert_info->enc.modified = 1;
@@ -39,7 +39,7 @@ static int i2d_re_X509_tbs(X509* x, unsi
}
#endif

-#if OPENSSL_VERSION_NUMBER < 0x10002000L
+#if OPENSSL_VERSION_NUMBER < 0x10002000L || defined(LIBRESSL_VERSION_NUMBER)
static int X509_get_signature_nid(const X509* x) {
return OBJ_obj2nid(x->sig_alg->algorithm);
}

0 comments on commit 20eccfb

Please sign in to comment.