Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fixed OpenSSL bindings to recognize LibreSSL #5676

Merged
merged 7 commits into from
Apr 13, 2018
Merged

Fixed OpenSSL bindings to recognize LibreSSL #5676

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
7fcacfa
Fixed OpenSSL bindings to recognize LibreSSL
Feb 2, 2018
c8a7ec5
Fixed OpenSSL header parsing macros to work with OS X
Feb 4, 2018
4c106f5
Fixed OpenSSL linking on OS X
Feb 4, 2018
dd2daac
Added ALPN support for LibreSSL >= 2.5.0
Feb 5, 2018
2be7a5c
Added a compilation flag to NOT use OpenSSL libs supplied by homebrew
Feb 6, 2018
f483d8d
Added a compilation flag to use homebrew's LibreSSL instead of OpenSSL
Feb 6, 2018
eb71557
Replaced homebrew specific hacks with pkg-config
Feb 9, 2018
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion bin/ci
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,7 +84,7 @@ prepare_build() {

on_linux docker pull "jhass/crystal-build-$ARCH"

on_osx brew install crystal-lang
on_osx brew install crystal-lang pkg-config

# Make sure binaries from llvm are available in PATH
on_osx brew install jq
Expand Down Expand Up @@ -123,6 +123,7 @@ with_build_env() {
on_osx sudo systemsetup -settimezone $TZ
on_osx PATH="/usr/local/opt/llvm/bin:\$PATH" \
CRYSTAL_CACHE_DIR="/tmp/crystal" \
PKG_CONFIG_PATH="$(brew --prefix)/opt/openssl/lib/pkgconfig:$PKG_CONFIG_PATH" \
/bin/sh -c "'$command'"

}
Expand Down
18 changes: 15 additions & 3 deletions src/openssl/lib_crypto.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,23 @@
{% begin %}
lib LibCrypto
OPENSSL_110 = {{ `command -v pkg-config > /dev/null && pkg-config --atleast-version=1.1.0 libcrypto || printf %s false`.stringify != "false" }}
OPENSSL_102 = {{ `command -v pkg-config > /dev/null && pkg-config --atleast-version=1.0.2 libcrypto || printf %s false`.stringify != "false" }}
# An extra zero is appended to the output of LIBRESSL_VERSION to make it 0 when LibreSSL does not exist on the system.
# Any comparisons to it should be affixed with an extra zero as well e.g. `(LIBRESSL_VERSION_NUMBER >= 0x2050500F0)`.
LIBRESSL_VERSION = {{ system("echo \"#include <openssl/opensslv.h>\nLIBRESSL_VERSION_NUMBER\" | " +
(env("CC") || "cc") + " " + `pkg-config --cflags --silence-errors libssl || true`.chomp.stringify + " -E -").chomp.split('\n').last.split('L').first.id + "0" }}
OPENSSL_VERSION = {{ system("echo \"#include <openssl/opensslv.h>\nOPENSSL_VERSION_NUMBER\" | " +
(env("CC") || "cc") + " " + `pkg-config --cflags --silence-errors libssl || true`.chomp.stringify + " -E -").chomp.split('\n').last.split('L').first.id }}
end
{% end %}

@[Link(ldflags: "`command -v pkg-config > /dev/null && pkg-config --libs --silence-errors libcrypto || printf %s '-lcrypto'`")]
{% begin %}
lib LibCrypto
OPENSSL_110 = {{ (LibCrypto::LIBRESSL_VERSION == 0) && (LibCrypto::OPENSSL_VERSION >= 0x10101000) }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't 0x101010 checking if openssl is greater than 1.1.1, not 1.1.0?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

0x101010000x10100000 makes the problem go away

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Openssl 1.1.1 is in prerelease, so i'm not sure how this happened.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe someone just got too excited typing alternating ones and zeros 😆

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I remember fixing the same thing in somewhere else, version integers are still new to me. My bad, thanks for fixing that.

Maybe someone just got too excited typing alternating ones and zeros

Probably 😆

OPENSSL_102 = {{ (LibCrypto::LIBRESSL_VERSION == 0) && (LibCrypto::OPENSSL_VERSION >= 0x10002000) }}
LIBRESSL_250 = {{ LibCrypto::LIBRESSL_VERSION >= 0x205000000 }}
end
{% end %}

@[Link(ldflags: "`command -v pkg-config > /dev/null && pkg-config --libs --silence-errors libcrypto || printf %s ' -lcrypto'`")]
lib LibCrypto
alias Char = LibC::Char
alias Int = LibC::Int
Expand Down
15 changes: 10 additions & 5 deletions src/openssl/lib_ssl.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,9 @@ require "./lib_crypto"

{% begin %}
lib LibSSL
OPENSSL_110 = {{ `command -v pkg-config > /dev/null && pkg-config --atleast-version=1.1.0 libssl || printf %s false`.stringify != "false" }}
OPENSSL_102 = {{ `command -v pkg-config > /dev/null && pkg-config --atleast-version=1.0.2 libssl || printf %s false`.stringify != "false" }}
OPENSSL_110 = {{ LibCrypto::OPENSSL_110 }}
OPENSSL_102 = {{ LibCrypto::OPENSSL_102 }}
LIBRESSL_250 = {{ LibCrypto::LIBRESSL_250 }}
end
{% end %}

Expand Down Expand Up @@ -198,13 +199,17 @@ lib LibSSL
fun sslv23_method = SSLv23_method : SSLMethod
{% end %}

{% if OPENSSL_102 %}
{% if OPENSSL_102 || LIBRESSL_250 %}
alias ALPNCallback = (SSL, Char**, Char*, Char*, Int, Void*) -> Int
alias X509VerifyParam = LibCrypto::X509VerifyParam

fun ssl_get0_param = SSL_get0_param(handle : SSL) : X509VerifyParam
fun ssl_get0_alpn_selected = SSL_get0_alpn_selected(handle : SSL, data : Char**, len : LibC::UInt*) : Void
fun ssl_ctx_set_alpn_select_cb = SSL_CTX_set_alpn_select_cb(ctx : SSLContext, cb : ALPNCallback, arg : Void*) : Void
{% end %}

{% if OPENSSL_102 %}
alias X509VerifyParam = LibCrypto::X509VerifyParam

fun ssl_get0_param = SSL_get0_param(handle : SSL) : X509VerifyParam
fun ssl_ctx_get0_param = SSL_CTX_get0_param(ctx : SSLContext) : X509VerifyParam
fun ssl_ctx_set1_param = SSL_CTX_set1_param(ctx : SSLContext, param : X509VerifyParam) : Int
{% end %}
Expand Down
6 changes: 5 additions & 1 deletion src/openssl/ssl/context.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -305,7 +305,7 @@ abstract class OpenSSL::SSL::Context
LibSSL.ssl_ctx_set_verify(@handle, mode, nil)
end

{% if LibSSL::OPENSSL_102 %}
{% if LibSSL::OPENSSL_102 || LibSSL::LIBRESSL_250 %}

@alpn_protocol : Pointer(Void)?

Expand Down Expand Up @@ -338,6 +338,10 @@ abstract class OpenSSL::SSL::Context
LibSSL.ssl_ctx_set_alpn_select_cb(@handle, alpn_cb, alpn_protocol)
end

{% end %}

{% if LibSSL::OPENSSL_102 %}

# Set this context verify param to the default one of the given name.
#
# Depending on the OpenSSL version, the available defaults are
Expand Down
2 changes: 1 addition & 1 deletion src/openssl/ssl/socket.cr
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,7 @@ abstract class OpenSSL::SSL::Socket < IO
@bio.io.flush
end

{% if LibSSL::OPENSSL_102 %}
{% if LibSSL::OPENSSL_102 || LibSSL::LIBRESSL_250 %}
# Returns the negotiated ALPN protocol (eg: `"h2"`) of `nil` if no protocol was
# negotiated.
def alpn_protocol
Expand Down