1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
|
cmake_minimum_required(VERSION 3.5)
project(swipl-ssl)
include("../cmake/PrologPackage.cmake")
include(CheckTypeSize)
include(CheckStructHasMember)
include(Sockets)
find_package(OpenSSL)
if(OPENSSL_FOUND)
if(NOT OPENSSL_OS_LIBS)
if(WIN32)
set(OPENSSL_OS_LIBS ws2_32.lib gdi32.lib crypt32.lib z.lib)
else()
set(OPENSSL_OS_LIBS)
endif()
endif()
set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES}
${OPENSSL_CRYPTO_LIBRARY} ${OPENSSL_LIBRARIES} ${OPENSSL_OS_LIBS})
if(APPLE)
set(CMAKE_REQUIRED_LIBRARIES ${CMAKE_REQUIRED_LIBRARIES}
"-framework CoreFoundation" "-framework Security")
endif()
set(CMAKE_REQUIRED_INCLUDES ${CMAKE_REQUIRED_INCLUDES}
${OPENSSL_INCLUDE_DIR})
AC_CHECK_HEADERS(unistd.h sys/types.h sys/time.h sys/select.h fcntl.h
Security/Security.h)
check_c_source_compiles(
"#include <sys/types.h>
#include <Security/Security.h>
int main() { const void *key = kSecClass; return 0; }"
HAVE_KSECCLASS)
AC_CHECK_FUNCS(timegm ERR_remove_state ERR_remove_thread_state)
AC_CHECK_FUNCS(X509_check_host)
AC_CHECK_FUNCS(CRYPTO_THREADID_get_callback CRYPTO_THREADID_set_callback)
AC_CHECK_FUNCS(EVP_MD_CTX_free OPENSSL_zalloc)
AC_CHECK_FUNCS(X509_CRL_get0_signature X509_get0_signature)
AC_CHECK_FUNCS(X509_get0_notBefore X509_get0_notAfter)
AC_CHECK_FUNCS(X509_digest X509_CRL_digest)
AC_CHECK_FUNCS(X509_STORE_CTX_get0_chain)
AC_CHECK_FUNCS(i2d_re_X509_tbs)
AC_CHECK_FUNCS(OpenSSL_version)
AC_CHECK_FUNCS(EVP_CIPHER_CTX_reset)
AC_CHECK_FUNCS(EVP_blake2b512 EVP_blake2s256)
AC_CHECK_FUNCS(EVP_sha3_224 EVP_sha3_256 EVP_sha3_384 EVP_sha3_512)
AC_CHECK_FUNCS(HMAC_CTX_new HMAC_CTX_free)
AC_CHECK_FUNCS(EVP_MAC_fetch EVP_MAC_CTX_free EVP_MAC_update EVP_MAC_final)
AC_CHECK_FUNCS(EVP_PKEY_new EVP_PKEY_free EVP_PKEY_get_bn_param EVP_PKEY_get_octet_string_param EVP_PKEY_get_size EVP_PKEY_decrypt EVP_PKEY_encrypt EVP_PKEY_sign EVP_PKEY_verify)
AC_CHECK_FUNCS(EVP_PKEY_Q_keygen)
AC_CHECK_FUNCS(OSSL_PARAM_construct_utf8_string)
AC_CHECK_FUNCS(BN_check_prime)
AC_CHECK_FUNCS(SSL_CTX_set_alpn_protos)
AC_CHECK_FUNCS(OSSL_PARAM_BLD_new)
AC_CHECK_HEADERS(openssl/kdf.h)
AC_CHECK_HEADERS(openssl/core_names.h)
AC_CHECK_HEADERS(openssl/param_build.h)
if(NOT DEFINED GET0SIG_CONST_T)
if(HAVE_X509_GET0_SIGNATURE)
set(_cmake_saved_dlags ${CMAKE_REQUIRED_FLAGS})
set(CMAKE_REQUIRED_FLAGS ${CMAKE_REQUIRED_FLAGS} -Werror)
check_c_source_compiles(
"#include <openssl/x509.h>
int main() {
const ASN1_BIT_STRING *psig;
const X509_ALGOR *palg;
const X509 *data;
X509_get0_signature(&psig, &palg, data);
return 0;
}"
GET_SIGNATURE_PASSED)
set(CMAKE_REQUIRED_FLAGS ${_cmake_saved_dlags})
if(GET_SIGNATURE_PASSED)
set(GET0SIG_CONST_T const)
else()
set(GET0SIG_CONST_T)
endif()
else(HAVE_X509_GET0_SIGNATURE)
set(GET0SIG_CONST_T const)
endif(HAVE_X509_GET0_SIGNATURE)
message("-- GET0SIG_CONST_T ${GET0SIG_CONST_T}")
set(GET0SIG_CONST_T ${GET0SIG_CONST_T}
CACHE INTERNAL "Define X509_get0_signature const args")
endif(NOT DEFINED GET0SIG_CONST_T)
check_type_size(CRYPTO_THREADID SIZEOF_CRYPTO_THREADID)
if(NOT SIZEOF_CRYPTO_THREADID STREQUAL "")
set(HAVE_CRYPTO_THREADID)
endif()
check_struct_has_member(X509_VERIFY_PARAM id openssl/ssl.h
HAVE_X509_VERIFY_PARAM_ID)
if(NOT DEFINED SYSTEM_CACERT_FILENAME)
set(CERT_CANDIDATES
/data/data/com.termux/files/usr/etc/tls/cert.pem
/etc/ssl/certs/ca-certificates.crt
/etc/pki/tls/certs/ca-bundle.crt
/etc/ssl/ca-bundle.pem
/etc/ssl/cert.pem)
set(SYSTEM_CACERT_FILENAME /etc/ssl/certs/ca-certificates.crt)
foreach(f ${CERT_CANDIDATES})
if(EXISTS ${f})
set(SYSTEM_CACERT_FILENAME ${f})
endif()
endforeach()
set(SYSTEM_CACERT_FILENAME ${SYSTEM_CACERT_FILENAME}
CACHE STRING
"Location of the system TLS root certificate file")
endif()
configure_file(config.h.cmake config.h)
if(BUILD_TESTING AND NOT SKIP_SSL_TESTS)
if(NOT PROG_OPENSSL)
set(prog_openssl_new ON)
endif()
if(CMAKE_CROSSCOMPILING AND SWIPL_NATIVE_FRIEND)
find_program(PROG_OPENSSL openssl${CMAKE_HOST_EXECUTABLE_SUFFIX}
PATHS /usr/bin /bin /usr/sbin /sbin
/opt/local/bin /opt/local/sbin
/usr/local/bin /usr/local/sbin
NO_CMAKE_FIND_ROOT_PATH # Do not search cross compiling paths
NO_DEFAULT_PATH)
else()
find_program(PROG_OPENSSL openssl${CMAKE_EXECUTABLE_SUFFIX}
HINTS ${OPENSSL_ROOT_DIR}/bin)
endif()
if(PROG_OPENSSL)
if(prog_openssl_new)
message("-- Using ${PROG_OPENSSL} to create ssl test certificates")
endif()
configure_file(mkcerts.pl.in mkcerts.pl @ONLY)
set(SSL_TESTS ON)
else()
message("-- Could not find openssl program. Skipping ssl tests")
set(SSL_TESTS OFF)
endif()
unset(prog_openssl_new)
if(SSL_TESTS)
add_custom_command(
OUTPUT tests/test_certs/generated
COMMAND ${CMAKE_COMMAND} -E make_directory tests
COMMAND ${PROG_SWIPL} -f none --no-packs
${CMAKE_CURRENT_BINARY_DIR}/mkcerts.pl
--source=${CMAKE_CURRENT_SOURCE_DIR}/tests
--dest=tests
COMMAND touch tests/test_certs/generated
DEPENDS core prolog_home clib)
add_custom_target(
test_certificates ALL
DEPENDS tests/test_certs/generated)
test_libs(
ssl
PACKAGES clib sgml http
)
if(INSTALL_TESTS)
install(FILES https.pl
DESTINATION ${INSTALL_TESTS_DIR}/packages/ssl
COMPONENT Tests)
install(DIRECTORY etc
DESTINATION ${INSTALL_TESTS_DIR}/packages/ssl
COMPONENT Tests)
install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/tests
DESTINATION ${INSTALL_TESTS_DIR}/packages/ssl
COMPONENT Tests)
endif()
endif()
endif(BUILD_TESTING AND NOT SKIP_SSL_TESTS)
has_package(http HAVE_HTTP)
add_compile_options(-D__SWI_PROLOG__
-DSERVER_CERT_REQUIRED=TRUE
-DCLIENT_CERT_REQUIRED=TRUE)
swipl_plugin(
ssl4pl
C_SOURCES ssl4pl.c ../clib/error.c
THREADED
C_LIBS ${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY} ${OPENSSL_OS_LIBS}
C_INCLUDE_DIR ${OPENSSL_INCLUDE_DIR}
PL_LIBS ssl.pl)
swipl_plugin(
crypto4pl
C_SOURCES crypto4pl.c ../clib/error.c
THREADED
C_LIBS ${OPENSSL_CRYPTO_LIBRARY} ${OPENSSL_OS_LIBS}
C_INCLUDE_DIR ${OPENSSL_INCLUDE_DIR}
PL_LIBS crypto.pl)
if(APPLE)
target_link_libraries(
plugin_ssl4pl PRIVATE
"-framework CoreFoundation"
"-framework Security")
endif()
install_dll(${OPENSSL_SSL_LIBRARY} ${OPENSSL_CRYPTO_LIBRARY})
swipl_plugin(
saml
PL_LIBS saml.pl xmldsig.pl xmlenc.pl)
add_custom_target(ssl)
add_dependencies(
ssl
ssl4pl crypto4pl saml)
if(HAVE_HTTP)
swipl_plugin(
ssl_http_plugin
PL_LIB_SUBDIR http
PL_LIBS http_ssl_plugin.pl)
add_dependencies(ssl ssl_http_plugin)
endif()
swipl_examples(client.pl server.pl https.pl)
install_src(pkg_ssl_etc
DIRECTORY etc
DESTINATION
${SWIPL_INSTALL_SHARE_PREFIX}/doc/packages/examples/${SWIPL_PKG}
COMPONENT Examples)
pkg_doc(ssl
SOURCES
crypto.doc
SECTION
SOURCE ssl.pl ssllib.tex
SOURCE cryptolib.md --lib=crypto --module=crypto
SUBSECTION
saml.pl xmldsig.pl xmlenc.pl
DEPENDS ssl zlib)
endif(OPENSSL_FOUND)
|
