From 132ef38556cb2d16497a0fe2c473bfaa63b3f784 Mon Sep 17 00:00:00 2001 From: Deye Date: Tue, 25 Jun 2024 15:44:15 -0700 Subject: [PATCH 01/13] added initial x509 tool --- CMakeLists.txt | 1 + tool-openssl/CMakeLists.txt | 56 +++++++++++++++++ tool-openssl/README.md | 8 +++ tool-openssl/internal.h | 14 +++++ tool-openssl/tool.cc | 120 ++++++++++++++++++++++++++++++++++++ tool-openssl/x509.cc | 96 +++++++++++++++++++++++++++++ tool-openssl/x509_test.cc | 98 +++++++++++++++++++++++++++++ 7 files changed, 393 insertions(+) create mode 100644 tool-openssl/CMakeLists.txt create mode 100644 tool-openssl/README.md create mode 100644 tool-openssl/internal.h create mode 100644 tool-openssl/tool.cc create mode 100644 tool-openssl/x509.cc create mode 100644 tool-openssl/x509_test.cc diff --git a/CMakeLists.txt b/CMakeLists.txt index efeefc040f..6ed581521f 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -949,6 +949,7 @@ if(BUILD_LIBSSL) add_subdirectory(ssl) if(BUILD_TOOL) add_subdirectory(tool) + add_subdirectory(tool-openssl) endif() endif() add_subdirectory(util/fipstools) diff --git a/tool-openssl/CMakeLists.txt b/tool-openssl/CMakeLists.txt new file mode 100644 index 0000000000..59b6ce5e01 --- /dev/null +++ b/tool-openssl/CMakeLists.txt @@ -0,0 +1,56 @@ +add_executable( + openssl + + ../tool/args.cc + ../tool/file.cc + tool.cc + x509.cc +) + +target_include_directories(openssl PUBLIC ${PROJECT_SOURCE_DIR}/include) +target_compile_options(openssl PUBLIC -DINTERNAL_TOOL) + +if(WIN32) + target_link_libraries(openssl ws2_32) +endif() + +if(APPLE OR WIN32 OR ANDROID) + target_link_libraries(openssl ssl crypto) + set(LIBRT_FLAG "") +else() + find_library(FOUND_LIBRT rt) + if(FOUND_LIBRT) + target_link_libraries(openssl ssl crypto -lrt) + set(LIBRT_FLAG "-lrt") + else() + target_link_libraries(openssl ssl crypto) + set(LIBRT_FLAG "") + endif() +endif() + +target_include_directories(openssl BEFORE PRIVATE ${PROJECT_BINARY_DIR}/symbol_prefix_include) + +install(TARGETS openssl + RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} + BUNDLE DESTINATION ${CMAKE_INSTALL_BINDIR} +) + +if(MSVC AND CMAKE_BUILD_TYPE_LOWER MATCHES "relwithdebinfo" AND FIPS) + install (FILES $/openssl.pdb DESTINATION ${CMAKE_INSTALL_LIBDIR}) +endif() + + +add_executable( + x509_test + + x509_test.cc + ../tool/args.cc + ../tool/file.cc + x509.cc +) + +target_link_libraries(x509_test boringssl_gtest_main ssl crypto) +enable_testing() +add_test(NAME X509Test COMMAND x509_test) + + diff --git a/tool-openssl/README.md b/tool-openssl/README.md new file mode 100644 index 0000000000..a6a4da6f4c --- /dev/null +++ b/tool-openssl/README.md @@ -0,0 +1,8 @@ +# OpenSSL Tools for AWS-LC +*Files expected to change* + +Current status: +* Developed structure for new OpenSSL tools +* Contains initial implementation for OpenSSL x509 tool, options -in and -out (x509.cc), and unit test (x509_test.cc) +* x509_test.cc contains test portions ultimately to be used for future options but unnecessary for -in/-out unit test + diff --git a/tool-openssl/internal.h b/tool-openssl/internal.h new file mode 100644 index 0000000000..7049263b75 --- /dev/null +++ b/tool-openssl/internal.h @@ -0,0 +1,14 @@ +// +// Created by erindeye on 6/24/2024. +// + +#ifndef INTERNAL_H +#define INTERNAL_H + +#include "../tool/internal.h" + +bool X509Tool(const args_list_t &args) ; + +#endif //INTERNAL_H + + diff --git a/tool-openssl/tool.cc b/tool-openssl/tool.cc new file mode 100644 index 0000000000..118336582a --- /dev/null +++ b/tool-openssl/tool.cc @@ -0,0 +1,120 @@ +/* Copyright (c) 2014, Google Inc. +* + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include + +#include +#include +#include + +#if defined(OPENSSL_WINDOWS) +#include +#include +#else +#include +#include +#endif + +#include "../tool/internal.h" + +extern bool X509Tool(const args_list_t &args); + +typedef bool (*tool_func_t)(const std::vector &args); + +struct Tool { + const char *name; + tool_func_t func; +}; + +static const Tool kTools[] = { + { "x509", X509Tool }, + { "", nullptr }, +}; + +static void usage(const char *name) { + printf("Usage: %s COMMAND\n", name); + printf("\n"); + printf("Available commands:\n"); + + for (size_t i = 0;; i++) { + const Tool &tool = kTools[i]; + if (tool.func == nullptr) { + break; + } + printf(" %s\n", tool.name); + } +} + +static tool_func_t FindTool(const std::string &name) { + for (size_t i = 0;; i++) { + const Tool &tool = kTools[i]; + if (tool.func == nullptr || name == tool.name) { + return tool.func; + } + } +} + +int main(int argc, char **argv) { +#if defined(OPENSSL_WINDOWS) + // Read and write in binary mode. This makes bssl on Windows consistent with + // bssl on other platforms, and also makes it consistent with MSYS's commands + // like diff(1) and md5sum(1). This is especially important for the digest + // commands. + if (_setmode(_fileno(stdin), _O_BINARY) == -1) { + perror("_setmode(_fileno(stdin), O_BINARY)"); + return 1; + } + if (_setmode(_fileno(stdout), _O_BINARY) == -1) { + perror("_setmode(_fileno(stdout), O_BINARY)"); + return 1; + } + if (_setmode(_fileno(stderr), _O_BINARY) == -1) { + perror("_setmode(_fileno(stderr), O_BINARY)"); + return 1; + } +#else + signal(SIGPIPE, SIG_IGN); +#endif + + CRYPTO_library_init(); + + int starting_arg = 1; + tool_func_t tool = nullptr; +#if !defined(OPENSSL_WINDOWS) + tool = FindTool(basename(argv[0])); +#endif + if (tool == nullptr) { + starting_arg++; + if (argc > 1) { + tool = FindTool(argv[1]); + } + } + if (tool == nullptr) { + usage(argv[0]); + return 1; + } + + args_list_t args; + for (int i = starting_arg; i < argc; i++) { + args.push_back(argv[i]); + } + + if (!tool(args)) { + ERR_print_errors_fp(stderr); + return 1; + } + + return 0; +} diff --git a/tool-openssl/x509.cc b/tool-openssl/x509.cc new file mode 100644 index 0000000000..621102531b --- /dev/null +++ b/tool-openssl/x509.cc @@ -0,0 +1,96 @@ +/* Copyright (c) 2014, Google Inc. +* + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include +#include +#include +#include +#include +#include "../tool/internal.h" +#include "internal.h" + +static const argument_t kArguments[] = { + { "-in", kRequiredArgument, "Input file" }, + { "-out", kRequiredArgument, "Output file" }, + { "", kOptionalArgument, "" } +}; + +// Map arguments using tool/args.cc +bool X509Tool(const args_list_t &args) { + args_map_t parsed_args; + if (!ParseKeyValueArguments(&parsed_args, args, kArguments)) { + PrintUsage(kArguments); + return false; + } + + // Check for required arguments + std::string in_path, out_path; + if (!GetString(&in_path, "-in", "", parsed_args)) { + fprintf(stderr, "Missing required argument: -in\n"); + PrintUsage(kArguments); + return false; + } + if (!GetString(&out_path, "-out", "", parsed_args)) { + fprintf(stderr, "Missing required argument: -out\n"); + PrintUsage(kArguments); + return false; + } + + // Read input file using ReadAll function from tool/file.cc + std::vector input_data; + { + FILE *in_file = fopen(in_path.c_str(), "rb"); + if (!in_file) { + fprintf(stderr, "Failed to open input file '%s'.\n", in_path.c_str()); + return false; + } + if (!ReadAll(&input_data, in_file)) { + fprintf(stderr, "Failed to read input file '%s'.\n", in_path.c_str()); + fclose(in_file); + return false; + } + fclose(in_file); + } + + // Parse x509 certificate from input file + const uint8_t *p = input_data.data(); + X509 *x509 = d2i_X509(nullptr, &p, input_data.size()); + if (!x509) { + fprintf(stderr, "Failed to parse X509 certificate from '%s'.\n", in_path.c_str()); + ERR_print_errors_fp(stderr); + return false; + } + + // Serialize certificate to DER format + uint8_t *out_data = nullptr; + int len = i2d_X509(x509, &out_data); + if (len < 0) { + fprintf(stderr, "Failed to serialize X509 certificate.\n"); + ERR_print_errors_fp(stderr); + X509_free(x509); + return false; + } + + // Write output file using WriteToFile function from tool/file.cc + if (!WriteToFile(out_path, out_data, len)) { + fprintf(stderr, "Failed to write X509 certificate to '%s'.\n", out_path.c_str()); + OPENSSL_free(out_data); + X509_free(x509); + return false; + } + + OPENSSL_free(out_data); + X509_free(x509); + return true; +} diff --git a/tool-openssl/x509_test.cc b/tool-openssl/x509_test.cc new file mode 100644 index 0000000000..a998421764 --- /dev/null +++ b/tool-openssl/x509_test.cc @@ -0,0 +1,98 @@ +/* Copyright (c) 2014, Google Inc. +* + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION + * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN + * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ + +#include "openssl/x509.h" +#include +#include +#include +#include +#include +#include "../tool/internal.h" +#include "internal.h" + +// Test x509 -in and -out +TEST(X509Test, X509ToolTest) { + std::string in_path = "test_input.der"; + std::string out_path = "test_output.der"; + + X509 *x509 = X509_new(); + ASSERT_TRUE(x509 != nullptr); + + // Set validity period + ASSERT_TRUE(X509_gmtime_adj(X509_getm_notBefore(x509), 0)); + ASSERT_TRUE(X509_gmtime_adj(X509_getm_notAfter(x509), 31536000L)); + + // Generate and set the public key + EVP_PKEY *pkey = EVP_PKEY_new(); + ASSERT_TRUE(pkey != nullptr); + RSA *rsa = RSA_new(); + BIGNUM *bn = BN_new(); + ASSERT_TRUE(bn != nullptr); + ASSERT_TRUE(BN_set_word(bn, RSA_F4)); + ASSERT_TRUE(RSA_generate_key_ex(rsa, 2048, bn, nullptr)); + ASSERT_TRUE(EVP_PKEY_assign_RSA(pkey, rsa)); + BN_free(bn); + ASSERT_TRUE(X509_set_pubkey(x509, pkey)); + + // Sign certificate + ASSERT_TRUE(X509_sign(x509, pkey, EVP_sha256()) > 0); + EVP_PKEY_free(pkey); + + // Serialize certificate to DER format + uint8_t *der_data = nullptr; + int len = i2d_X509(x509, &der_data); + if (len <= 0) { + ERR_print_errors_fp(stderr); + } + ASSERT_GT(len, 0); + + FILE *in_file = fopen(in_path.c_str(), "wb"); + ASSERT_TRUE(in_file != nullptr); + fwrite(der_data, 1, len, in_file); + fclose(in_file); + OPENSSL_free(der_data); + + // Set up x509 tool arguments + args_list_t args = {"-in", in_path, "-out", out_path}; + + // Call x509 tool function + bool result = X509Tool(args); + ASSERT_TRUE(result); + + // Read and verify output file + FILE *out_file = fopen(out_path.c_str(), "rb"); + ASSERT_TRUE(out_file != nullptr); + + std::vector output_data; + ASSERT_TRUE(ReadAll(&output_data, out_file)); + fclose(out_file); + + // Ensure output data not empty + ASSERT_FALSE(output_data.empty()); + + // Parse x509 cert from output file + const uint8_t *p = output_data.data(); + X509 *parsed_x509 = d2i_X509(nullptr, &p, output_data.size()); + ASSERT_TRUE(parsed_x509 != nullptr); + + X509_free(parsed_x509); + X509_free(x509); + remove(in_path.c_str()); + remove(out_path.c_str()); +} + +int main(int argc, char **argv) { + ::testing::InitGoogleTest(&argc, argv); + return RUN_ALL_TESTS(); +} \ No newline at end of file From 0955744db6d315c09da6e1f38ca54fcfd30c3ccc Mon Sep 17 00:00:00 2001 From: Deye Date: Tue, 25 Jun 2024 16:02:20 -0700 Subject: [PATCH 02/13] added initial x509 tool --- tool-openssl/x509_test.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tool-openssl/x509_test.cc b/tool-openssl/x509_test.cc index a998421764..e9f0753540 100644 --- a/tool-openssl/x509_test.cc +++ b/tool-openssl/x509_test.cc @@ -21,7 +21,7 @@ #include "../tool/internal.h" #include "internal.h" -// Test x509 -in and -out +// Test x509 -in and -out TEST(X509Test, X509ToolTest) { std::string in_path = "test_input.der"; std::string out_path = "test_output.der"; From 6c72ab2e66ff69039aa2a097b44500046f867567 Mon Sep 17 00:00:00 2001 From: Deye Date: Tue, 25 Jun 2024 16:42:26 -0700 Subject: [PATCH 03/13] added copyright --- tool-openssl/internal.h | 5 ++--- tool-openssl/tool.cc | 15 ++------------- tool-openssl/x509.cc | 15 ++------------- tool-openssl/x509_test.cc | 15 ++------------- 4 files changed, 8 insertions(+), 42 deletions(-) diff --git a/tool-openssl/internal.h b/tool-openssl/internal.h index 7049263b75..b93a9731f3 100644 --- a/tool-openssl/internal.h +++ b/tool-openssl/internal.h @@ -1,6 +1,5 @@ -// -// Created by erindeye on 6/24/2024. -// +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 OR ISC #ifndef INTERNAL_H #define INTERNAL_H diff --git a/tool-openssl/tool.cc b/tool-openssl/tool.cc index 118336582a..8a8160d7a2 100644 --- a/tool-openssl/tool.cc +++ b/tool-openssl/tool.cc @@ -1,16 +1,5 @@ -/* Copyright (c) 2014, Google Inc. -* - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 OR ISC #include #include diff --git a/tool-openssl/x509.cc b/tool-openssl/x509.cc index 621102531b..f8a92a9840 100644 --- a/tool-openssl/x509.cc +++ b/tool-openssl/x509.cc @@ -1,16 +1,5 @@ -/* Copyright (c) 2014, Google Inc. -* - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 OR ISC #include #include diff --git a/tool-openssl/x509_test.cc b/tool-openssl/x509_test.cc index e9f0753540..b3eebc24ca 100644 --- a/tool-openssl/x509_test.cc +++ b/tool-openssl/x509_test.cc @@ -1,16 +1,5 @@ -/* Copyright (c) 2014, Google Inc. -* - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY - * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION - * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN - * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. +// SPDX-License-Identifier: Apache-2.0 OR ISC #include "openssl/x509.h" #include From ce9b35fe2f0b3342d5d108664b87aa6162168ad2 Mon Sep 17 00:00:00 2001 From: Deye Date: Tue, 25 Jun 2024 16:44:53 -0700 Subject: [PATCH 04/13] added newline --- tool-openssl/x509_test.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tool-openssl/x509_test.cc b/tool-openssl/x509_test.cc index b3eebc24ca..4029e68962 100644 --- a/tool-openssl/x509_test.cc +++ b/tool-openssl/x509_test.cc @@ -84,4 +84,4 @@ TEST(X509Test, X509ToolTest) { int main(int argc, char **argv) { ::testing::InitGoogleTest(&argc, argv); return RUN_ALL_TESTS(); -} \ No newline at end of file +} From 21528ef48d874bbcae287e7b55368d701a3640df Mon Sep 17 00:00:00 2001 From: Deye Date: Thu, 27 Jun 2024 14:49:06 -0700 Subject: [PATCH 05/13] updated tool, x509, x509_test files --- tool-openssl/internal.h | 2 + tool-openssl/tool.cc | 81 ++++++++++++++++++++++----------------- tool-openssl/x509.cc | 9 ++--- tool-openssl/x509_test.cc | 74 +++++++++++++++++++++++------------ 4 files changed, 101 insertions(+), 65 deletions(-) diff --git a/tool-openssl/internal.h b/tool-openssl/internal.h index b93a9731f3..192e570d32 100644 --- a/tool-openssl/internal.h +++ b/tool-openssl/internal.h @@ -6,6 +6,8 @@ #include "../tool/internal.h" +X509* CreateAndSignX509Certificate(); + bool X509Tool(const args_list_t &args) ; #endif //INTERNAL_H diff --git a/tool-openssl/tool.cc b/tool-openssl/tool.cc index 8a8160d7a2..9c3248be7f 100644 --- a/tool-openssl/tool.cc +++ b/tool-openssl/tool.cc @@ -3,6 +3,8 @@ #include #include +#include +#include #include #include @@ -17,8 +19,7 @@ #endif #include "../tool/internal.h" - -extern bool X509Tool(const args_list_t &args); +#include "./internal.h" typedef bool (*tool_func_t)(const std::vector &args); @@ -27,35 +28,24 @@ struct Tool { tool_func_t func; }; -static const Tool kTools[] = { +static const std::array kTools = {{ { "x509", X509Tool }, { "", nullptr }, -}; +}}; -static void usage(const char *name) { - printf("Usage: %s COMMAND\n", name); - printf("\n"); - printf("Available commands:\n"); +static void usage(const std::string &name) { + std::cout << "Usage: " << name << " COMMAND\n\n"; + std::cout << "Available commands:\n"; - for (size_t i = 0;; i++) { - const Tool &tool = kTools[i]; + for (const auto& tool : kTools) { if (tool.func == nullptr) { break; } - printf(" %s\n", tool.name); - } -} - -static tool_func_t FindTool(const std::string &name) { - for (size_t i = 0;; i++) { - const Tool &tool = kTools[i]; - if (tool.func == nullptr || name == tool.name) { - return tool.func; - } + std::cout << " " << tool.name << "\n"; } } -int main(int argc, char **argv) { +static void initialize() { #if defined(OPENSSL_WINDOWS) // Read and write in binary mode. This makes bssl on Windows consistent with // bssl on other platforms, and also makes it consistent with MSYS's commands @@ -63,33 +53,54 @@ int main(int argc, char **argv) { // commands. if (_setmode(_fileno(stdin), _O_BINARY) == -1) { perror("_setmode(_fileno(stdin), O_BINARY)"); - return 1; + exit(1); } if (_setmode(_fileno(stdout), _O_BINARY) == -1) { perror("_setmode(_fileno(stdout), O_BINARY)"); - return 1; + exit(1); } if (_setmode(_fileno(stderr), _O_BINARY) == -1) { perror("_setmode(_fileno(stderr), O_BINARY)"); - return 1; + exit(1); } #else + // Ignore SIGPIPE to prevent the process from terminating if it tries to + // write to a pipe that has been closed by the reading end. SIGPIPE can be + // received when writing to sockets or pipes that are no longer connected. signal(SIGPIPE, SIG_IGN); #endif +} - CRYPTO_library_init(); +tool_func_t FindTool(const std::string &name) { + for (const auto& tool : kTools) { + if (tool.name == name) { + return tool.func; + } + } + return nullptr; +} - int starting_arg = 1; - tool_func_t tool = nullptr; +tool_func_t FindTool(int argc, char **argv, int &starting_arg) { #if !defined(OPENSSL_WINDOWS) - tool = FindTool(basename(argv[0])); + tool_func_t tool = FindTool(basename(argv[0])); + if (tool != nullptr) { + return tool; + } #endif - if (tool == nullptr) { - starting_arg++; - if (argc > 1) { - tool = FindTool(argv[1]); - } + starting_arg++; + if (argc > 1) { + return FindTool(argv[1]); } + return nullptr; +} + +int main(int argc, char **argv) { + initialize(); + CRYPTO_library_init(); + + int starting_arg = 1; + tool_func_t tool = FindTool(argc, argv, starting_arg); + if (tool == nullptr) { usage(argv[0]); return 1; @@ -97,7 +108,7 @@ int main(int argc, char **argv) { args_list_t args; for (int i = starting_arg; i < argc; i++) { - args.push_back(argv[i]); + args.emplace_back(argv[i]); } if (!tool(args)) { @@ -106,4 +117,4 @@ int main(int argc, char **argv) { } return 0; -} +} \ No newline at end of file diff --git a/tool-openssl/x509.cc b/tool-openssl/x509.cc index f8a92a9840..5bb2849227 100644 --- a/tool-openssl/x509.cc +++ b/tool-openssl/x509.cc @@ -6,6 +6,7 @@ #include #include #include +#include #include "../tool/internal.h" #include "internal.h" @@ -54,7 +55,8 @@ bool X509Tool(const args_list_t &args) { // Parse x509 certificate from input file const uint8_t *p = input_data.data(); - X509 *x509 = d2i_X509(nullptr, &p, input_data.size()); + auto x509Deleter = [](X509* x509) { X509_free(x509); }; + std::unique_ptr x509(d2i_X509(nullptr, &p, input_data.size()), x509Deleter); if (!x509) { fprintf(stderr, "Failed to parse X509 certificate from '%s'.\n", in_path.c_str()); ERR_print_errors_fp(stderr); @@ -63,11 +65,10 @@ bool X509Tool(const args_list_t &args) { // Serialize certificate to DER format uint8_t *out_data = nullptr; - int len = i2d_X509(x509, &out_data); + int len = i2d_X509(x509.get(), &out_data); if (len < 0) { fprintf(stderr, "Failed to serialize X509 certificate.\n"); ERR_print_errors_fp(stderr); - X509_free(x509); return false; } @@ -75,11 +76,9 @@ bool X509Tool(const args_list_t &args) { if (!WriteToFile(out_path, out_data, len)) { fprintf(stderr, "Failed to write X509 certificate to '%s'.\n", out_path.c_str()); OPENSSL_free(out_data); - X509_free(x509); return false; } OPENSSL_free(out_data); - X509_free(x509); return true; } diff --git a/tool-openssl/x509_test.cc b/tool-openssl/x509_test.cc index 4029e68962..239cc88387 100644 --- a/tool-openssl/x509_test.cc +++ b/tool-openssl/x509_test.cc @@ -7,40 +7,66 @@ #include #include #include +#include #include "../tool/internal.h" #include "internal.h" +X509* CreateAndSignX509Certificate() { + X509 *x509 = X509_new(); + if (!x509) return nullptr; + + // Set validity period + if (!X509_gmtime_adj(X509_getm_notBefore(x509), 0) || + !X509_gmtime_adj(X509_getm_notAfter(x509), 31536000L)) { + X509_free(x509); + return nullptr; + } + + // Generate and set the public key + EVP_PKEY *pkey = EVP_PKEY_new(); + if (!pkey) { + X509_free(x509); + return nullptr; + } + RSA *rsa = RSA_new(); + BIGNUM *bn = BN_new(); + if (!bn || !BN_set_word(bn, RSA_F4) || + !RSA_generate_key_ex(rsa, 2048, bn, nullptr) || + !EVP_PKEY_assign_RSA(pkey, rsa)) { + BN_free(bn); + EVP_PKEY_free(pkey); + X509_free(x509); + return nullptr; + } + BN_free(bn); + if (!X509_set_pubkey(x509, pkey)) { + EVP_PKEY_free(pkey); + X509_free(x509); + return nullptr; + } + + // Sign certificate + if (X509_sign(x509, pkey, EVP_sha256()) <= 0) { + EVP_PKEY_free(pkey); + X509_free(x509); + return nullptr; + } + + EVP_PKEY_free(pkey); + return x509; +} + // Test x509 -in and -out TEST(X509Test, X509ToolTest) { std::string in_path = "test_input.der"; std::string out_path = "test_output.der"; - X509 *x509 = X509_new(); + std::unique_ptr x509(CreateAndSignX509Certificate(), X509_free); ASSERT_TRUE(x509 != nullptr); - // Set validity period - ASSERT_TRUE(X509_gmtime_adj(X509_getm_notBefore(x509), 0)); - ASSERT_TRUE(X509_gmtime_adj(X509_getm_notAfter(x509), 31536000L)); - - // Generate and set the public key - EVP_PKEY *pkey = EVP_PKEY_new(); - ASSERT_TRUE(pkey != nullptr); - RSA *rsa = RSA_new(); - BIGNUM *bn = BN_new(); - ASSERT_TRUE(bn != nullptr); - ASSERT_TRUE(BN_set_word(bn, RSA_F4)); - ASSERT_TRUE(RSA_generate_key_ex(rsa, 2048, bn, nullptr)); - ASSERT_TRUE(EVP_PKEY_assign_RSA(pkey, rsa)); - BN_free(bn); - ASSERT_TRUE(X509_set_pubkey(x509, pkey)); - - // Sign certificate - ASSERT_TRUE(X509_sign(x509, pkey, EVP_sha256()) > 0); - EVP_PKEY_free(pkey); - // Serialize certificate to DER format uint8_t *der_data = nullptr; - int len = i2d_X509(x509, &der_data); + int len = i2d_X509(x509.get(), &der_data); if (len <= 0) { ERR_print_errors_fp(stderr); } @@ -72,11 +98,9 @@ TEST(X509Test, X509ToolTest) { // Parse x509 cert from output file const uint8_t *p = output_data.data(); - X509 *parsed_x509 = d2i_X509(nullptr, &p, output_data.size()); + std::unique_ptr parsed_x509(d2i_X509(nullptr, &p, output_data.size()), X509_free); ASSERT_TRUE(parsed_x509 != nullptr); - X509_free(parsed_x509); - X509_free(x509); remove(in_path.c_str()); remove(out_path.c_str()); } From 43c30ec0dfc3fc7bb8b6258c5c3d483938cc9839 Mon Sep 17 00:00:00 2001 From: Deye Date: Thu, 27 Jun 2024 15:50:36 -0700 Subject: [PATCH 06/13] added build testing flag --- tool-openssl/CMakeLists.txt | 28 +++++++++++++--------------- util/all_tests.json | 5 +++++ 2 files changed, 18 insertions(+), 15 deletions(-) diff --git a/tool-openssl/CMakeLists.txt b/tool-openssl/CMakeLists.txt index 59b6ce5e01..aacaaf2834 100644 --- a/tool-openssl/CMakeLists.txt +++ b/tool-openssl/CMakeLists.txt @@ -39,18 +39,16 @@ if(MSVC AND CMAKE_BUILD_TYPE_LOWER MATCHES "relwithdebinfo" AND FIPS) install (FILES $/openssl.pdb DESTINATION ${CMAKE_INSTALL_LIBDIR}) endif() - -add_executable( - x509_test - - x509_test.cc - ../tool/args.cc - ../tool/file.cc - x509.cc -) - -target_link_libraries(x509_test boringssl_gtest_main ssl crypto) -enable_testing() -add_test(NAME X509Test COMMAND x509_test) - - +if(BUILD_TESTING) + add_executable( + x509_test + + x509_test.cc + ../tool/args.cc + ../tool/file.cc + x509.cc + ) + + target_link_libraries(x509_test boringssl_gtest_main ssl crypto) + add_dependencies(all_tests x509_test) +endif() diff --git a/util/all_tests.json b/util/all_tests.json index 464414ad8d..7fa3c333dd 100644 --- a/util/all_tests.json +++ b/util/all_tests.json @@ -125,5 +125,10 @@ "cmd": [ "crypto/rwlock_static_init" ] + }, + { + "cmd": [ + "tool-openssl/x509_test" + ] } ] From b199bf08f49e4b87c121e8a0e3c23f69b4e55f05 Mon Sep 17 00:00:00 2001 From: Deye Date: Thu, 27 Jun 2024 15:55:43 -0700 Subject: [PATCH 07/13] added newline --- tool-openssl/tool.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tool-openssl/tool.cc b/tool-openssl/tool.cc index 9c3248be7f..c298253ca3 100644 --- a/tool-openssl/tool.cc +++ b/tool-openssl/tool.cc @@ -117,4 +117,4 @@ int main(int argc, char **argv) { } return 0; -} \ No newline at end of file +} From be761306988a1e79f4d0ce30c739c0e80eae91fc Mon Sep 17 00:00:00 2001 From: Deye Date: Thu, 27 Jun 2024 16:01:45 -0700 Subject: [PATCH 08/13] updated header to fix FindTool error --- tool-openssl/internal.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/tool-openssl/internal.h b/tool-openssl/internal.h index 192e570d32..25e4f39850 100644 --- a/tool-openssl/internal.h +++ b/tool-openssl/internal.h @@ -5,10 +5,16 @@ #define INTERNAL_H #include "../tool/internal.h" +#include +#include + +typedef bool (*tool_func_t)(const std::vector &args); X509* CreateAndSignX509Certificate(); +tool_func_t FindTool(const std::string &name); +tool_func_t FindTool(int argc, char **argv, int &starting_arg); -bool X509Tool(const args_list_t &args) ; +bool X509Tool(const args_list_t &args); #endif //INTERNAL_H From d4e7677d6cd58663903b48ea18c5fbd0a7fc460e Mon Sep 17 00:00:00 2001 From: Deye Date: Fri, 28 Jun 2024 16:58:22 -0700 Subject: [PATCH 09/13] cleaned up x509 and x509_test --- tool-openssl/CMakeLists.txt | 6 +-- tool-openssl/internal.h | 2 +- tool-openssl/tool.cc | 9 +--- tool-openssl/x509.cc | 28 ++++------- tool-openssl/x509_test.cc | 94 +++++++++++++++---------------------- util/all_tests.json | 2 +- 6 files changed, 53 insertions(+), 88 deletions(-) diff --git a/tool-openssl/CMakeLists.txt b/tool-openssl/CMakeLists.txt index aacaaf2834..ad7da2fd38 100644 --- a/tool-openssl/CMakeLists.txt +++ b/tool-openssl/CMakeLists.txt @@ -41,7 +41,7 @@ endif() if(BUILD_TESTING) add_executable( - x509_test + tool_openssl_test x509_test.cc ../tool/args.cc @@ -49,6 +49,6 @@ if(BUILD_TESTING) x509.cc ) - target_link_libraries(x509_test boringssl_gtest_main ssl crypto) - add_dependencies(all_tests x509_test) + target_link_libraries(tool_openssl_test boringssl_gtest_main ssl crypto) + add_dependencies(all_tests tool_openssl_test) endif() diff --git a/tool-openssl/internal.h b/tool-openssl/internal.h index 25e4f39850..0078af1eba 100644 --- a/tool-openssl/internal.h +++ b/tool-openssl/internal.h @@ -5,8 +5,8 @@ #define INTERNAL_H #include "../tool/internal.h" -#include #include +#include typedef bool (*tool_func_t)(const std::vector &args); diff --git a/tool-openssl/tool.cc b/tool-openssl/tool.cc index c298253ca3..f363d885ce 100644 --- a/tool-openssl/tool.cc +++ b/tool-openssl/tool.cc @@ -1,13 +1,8 @@ // Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. // SPDX-License-Identifier: Apache-2.0 OR ISC -#include -#include #include #include - -#include -#include #include #if defined(OPENSSL_WINDOWS) @@ -18,7 +13,6 @@ #include #endif -#include "../tool/internal.h" #include "./internal.h" typedef bool (*tool_func_t)(const std::vector &args); @@ -28,9 +22,8 @@ struct Tool { tool_func_t func; }; -static const std::array kTools = {{ +static const std::array kTools = {{ { "x509", X509Tool }, - { "", nullptr }, }}; static void usage(const std::string &name) { diff --git a/tool-openssl/x509.cc b/tool-openssl/x509.cc index 5bb2849227..aca034b01e 100644 --- a/tool-openssl/x509.cc +++ b/tool-openssl/x509.cc @@ -3,11 +3,6 @@ #include #include -#include -#include -#include -#include -#include "../tool/internal.h" #include "internal.h" static const argument_t kArguments[] = { @@ -39,24 +34,19 @@ bool X509Tool(const args_list_t &args) { // Read input file using ReadAll function from tool/file.cc std::vector input_data; - { - FILE *in_file = fopen(in_path.c_str(), "rb"); - if (!in_file) { - fprintf(stderr, "Failed to open input file '%s'.\n", in_path.c_str()); - return false; - } - if (!ReadAll(&input_data, in_file)) { - fprintf(stderr, "Failed to read input file '%s'.\n", in_path.c_str()); - fclose(in_file); - return false; - } - fclose(in_file); + ScopedFILE in_file(fopen(in_path.c_str(), "rb")); + if (!in_file) { + fprintf(stderr, "Failed to open input file '%s'.\n", in_path.c_str()); + return false; + } + if (!ReadAll(&input_data, in_file.get())) { + fprintf(stderr, "Failed to read input file '%s'.\n", in_path.c_str()); + return false; } // Parse x509 certificate from input file const uint8_t *p = input_data.data(); - auto x509Deleter = [](X509* x509) { X509_free(x509); }; - std::unique_ptr x509(d2i_X509(nullptr, &p, input_data.size()), x509Deleter); + bssl::UniquePtr x509(d2i_X509(nullptr, &p, input_data.size())); if (!x509) { fprintf(stderr, "Failed to parse X509 certificate from '%s'.\n", in_path.c_str()); ERR_print_errors_fp(stderr); diff --git a/tool-openssl/x509_test.cc b/tool-openssl/x509_test.cc index 239cc88387..e179907b36 100644 --- a/tool-openssl/x509_test.cc +++ b/tool-openssl/x509_test.cc @@ -4,80 +4,68 @@ #include "openssl/x509.h" #include #include -#include -#include -#include -#include #include "../tool/internal.h" #include "internal.h" +size_t createTempFILEpath(char buffer[PATH_MAX]); + X509* CreateAndSignX509Certificate() { - X509 *x509 = X509_new(); + bssl::UniquePtr x509(X509_new()); if (!x509) return nullptr; - // Set validity period - if (!X509_gmtime_adj(X509_getm_notBefore(x509), 0) || - !X509_gmtime_adj(X509_getm_notAfter(x509), 31536000L)) { - X509_free(x509); + // Set validity period for 1 year + if (!X509_gmtime_adj(X509_getm_notBefore(x509.get()), 0) || + !X509_gmtime_adj(X509_getm_notAfter(x509.get()), 31536000L)) { return nullptr; - } + } // Generate and set the public key - EVP_PKEY *pkey = EVP_PKEY_new(); + bssl::UniquePtr pkey(EVP_PKEY_new()); if (!pkey) { - X509_free(x509); return nullptr; } - RSA *rsa = RSA_new(); - BIGNUM *bn = BN_new(); - if (!bn || !BN_set_word(bn, RSA_F4) || - !RSA_generate_key_ex(rsa, 2048, bn, nullptr) || - !EVP_PKEY_assign_RSA(pkey, rsa)) { - BN_free(bn); - EVP_PKEY_free(pkey); - X509_free(x509); + bssl::UniquePtr rsa(RSA_new()); + bssl::UniquePtr bn(BN_new()); + if (!bn || !BN_set_word(bn.get(), RSA_F4) || + !RSA_generate_key_ex(rsa.get(), 2048, bn.get(), nullptr) || + !EVP_PKEY_assign_RSA(pkey.get(), rsa.release())) { return nullptr; - } - BN_free(bn); - if (!X509_set_pubkey(x509, pkey)) { - EVP_PKEY_free(pkey); - X509_free(x509); + } + if (!X509_set_pubkey(x509.get(), pkey.get())) { return nullptr; } // Sign certificate - if (X509_sign(x509, pkey, EVP_sha256()) <= 0) { - EVP_PKEY_free(pkey); - X509_free(x509); + if (X509_sign(x509.get(), pkey.get(), EVP_sha256()) <= 0) { return nullptr; } - EVP_PKEY_free(pkey); - return x509; + return x509.release(); } // Test x509 -in and -out TEST(X509Test, X509ToolTest) { - std::string in_path = "test_input.der"; - std::string out_path = "test_output.der"; + char in_path[PATH_MAX]; + char out_path[PATH_MAX]; + + ASSERT_GT(createTempFILEpath(in_path), 0u); + ASSERT_GT(createTempFILEpath(out_path), 0u); - std::unique_ptr x509(CreateAndSignX509Certificate(), X509_free); - ASSERT_TRUE(x509 != nullptr); + bssl::UniquePtr x509(CreateAndSignX509Certificate()); + ASSERT_TRUE(x509); // Serialize certificate to DER format uint8_t *der_data = nullptr; int len = i2d_X509(x509.get(), &der_data); - if (len <= 0) { - ERR_print_errors_fp(stderr); - } - ASSERT_GT(len, 0); - - FILE *in_file = fopen(in_path.c_str(), "wb"); - ASSERT_TRUE(in_file != nullptr); - fwrite(der_data, 1, len, in_file); - fclose(in_file); + ASSERT_GT(static_cast(len), 0u); + + ScopedFILE in_file(fopen(in_path, "wb")); + ASSERT_TRUE(in_file); + fwrite(der_data, 1, len, in_file.get()); OPENSSL_free(der_data); + in_file.reset(); + // Set up x509 tool arguments args_list_t args = {"-in", in_path, "-out", out_path}; @@ -86,26 +74,20 @@ TEST(X509Test, X509ToolTest) { ASSERT_TRUE(result); // Read and verify output file - FILE *out_file = fopen(out_path.c_str(), "rb"); - ASSERT_TRUE(out_file != nullptr); + ScopedFILE out_file(fopen(out_path, "rb")); + ASSERT_TRUE(out_file); std::vector output_data; - ASSERT_TRUE(ReadAll(&output_data, out_file)); - fclose(out_file); + ASSERT_TRUE(ReadAll(&output_data, out_file.get())); // Ensure output data not empty ASSERT_FALSE(output_data.empty()); // Parse x509 cert from output file const uint8_t *p = output_data.data(); - std::unique_ptr parsed_x509(d2i_X509(nullptr, &p, output_data.size()), X509_free); - ASSERT_TRUE(parsed_x509 != nullptr); - - remove(in_path.c_str()); - remove(out_path.c_str()); -} + bssl::UniquePtr parsed_x509(d2i_X509(nullptr, &p, output_data.size())); + ASSERT_TRUE(parsed_x509); -int main(int argc, char **argv) { - ::testing::InitGoogleTest(&argc, argv); - return RUN_ALL_TESTS(); + remove(in_path); + remove(out_path); } diff --git a/util/all_tests.json b/util/all_tests.json index 7fa3c333dd..246b5af026 100644 --- a/util/all_tests.json +++ b/util/all_tests.json @@ -128,7 +128,7 @@ }, { "cmd": [ - "tool-openssl/x509_test" + "tool-openssl/tool_openssl_test" ] } ] From 99e5b487cb90e02009ef21dcd9030346d80a2dbf Mon Sep 17 00:00:00 2001 From: Deye Date: Mon, 1 Jul 2024 10:26:41 -0700 Subject: [PATCH 10/13] added declaration --- tool-openssl/x509_test.cc | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/tool-openssl/x509_test.cc b/tool-openssl/x509_test.cc index e179907b36..4c2d6ef4f6 100644 --- a/tool-openssl/x509_test.cc +++ b/tool-openssl/x509_test.cc @@ -7,6 +7,14 @@ #include "../tool/internal.h" #include "internal.h" +#ifndef PATH_MAX +#ifdef _WIN32 +#define PATH_MAX MAX_PATH +#else +#define PATH_MAX 4096 +#endif +#endif + size_t createTempFILEpath(char buffer[PATH_MAX]); X509* CreateAndSignX509Certificate() { From 76fd1be758211f8c2af9c0250be545b3d7328481 Mon Sep 17 00:00:00 2001 From: Deye Date: Mon, 1 Jul 2024 10:59:42 -0700 Subject: [PATCH 11/13] x509_test update --- tool-openssl/x509_test.cc | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/tool-openssl/x509_test.cc b/tool-openssl/x509_test.cc index 4c2d6ef4f6..f0dc90e97d 100644 --- a/tool-openssl/x509_test.cc +++ b/tool-openssl/x509_test.cc @@ -7,10 +7,14 @@ #include "../tool/internal.h" #include "internal.h" -#ifndef PATH_MAX #ifdef _WIN32 +#include +#ifndef PATH_MAX #define PATH_MAX MAX_PATH +#endif #else +#include +#ifndef PATH_MAX #define PATH_MAX 4096 #endif #endif From a2395845ad075bc57c113ca4f910f3b121640727 Mon Sep 17 00:00:00 2001 From: Deye Date: Mon, 1 Jul 2024 12:26:54 -0700 Subject: [PATCH 12/13] cmake update --- tool-openssl/CMakeLists.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/tool-openssl/CMakeLists.txt b/tool-openssl/CMakeLists.txt index ad7da2fd38..d43ede6c3a 100644 --- a/tool-openssl/CMakeLists.txt +++ b/tool-openssl/CMakeLists.txt @@ -7,6 +7,7 @@ add_executable( x509.cc ) +target_include_directories(${INTEGRATION_TEST_EXEC} BEFORE PRIVATE ${PROJECT_BINARY_DIR}/symbol_prefix_include) target_include_directories(openssl PUBLIC ${PROJECT_SOURCE_DIR}/include) target_compile_options(openssl PUBLIC -DINTERNAL_TOOL) From aa03672aa93028123bbb96f17341db87454b3bff Mon Sep 17 00:00:00 2001 From: Deye Date: Mon, 1 Jul 2024 12:33:04 -0700 Subject: [PATCH 13/13] cmake update --- tool-openssl/CMakeLists.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tool-openssl/CMakeLists.txt b/tool-openssl/CMakeLists.txt index d43ede6c3a..7f5b4231a0 100644 --- a/tool-openssl/CMakeLists.txt +++ b/tool-openssl/CMakeLists.txt @@ -7,7 +7,6 @@ add_executable( x509.cc ) -target_include_directories(${INTEGRATION_TEST_EXEC} BEFORE PRIVATE ${PROJECT_BINARY_DIR}/symbol_prefix_include) target_include_directories(openssl PUBLIC ${PROJECT_SOURCE_DIR}/include) target_compile_options(openssl PUBLIC -DINTERNAL_TOOL) @@ -51,5 +50,6 @@ if(BUILD_TESTING) ) target_link_libraries(tool_openssl_test boringssl_gtest_main ssl crypto) + target_include_directories(tool_openssl_test BEFORE PRIVATE ${PROJECT_BINARY_DIR}/symbol_prefix_include) add_dependencies(all_tests tool_openssl_test) endif()