add support for building libtls

Use './configure --enable-libtls' to build the library and install the
associated manpages. Note that the API and ABI of this library may
change still, though feedback is welcome.

ok deraadt@ jsing@ tedu@

.gitignore

@@ -87,12 +87,16 @@ INSTALL
 crypto/Makefile.am
 include/openssl/Makefile.am
 ssl/Makefile.am
+tls/Makefile.am
 apps/Makefile.am
 tests/Makefile.am
 
 ssl/*.c
 ssl/*.h
+tls/*.c
+tls/*.h
 include/pqueue.h
+include/tls.h
 include/openssl/*.h
 include/openssl/*.he
 apps/*.c

Makefile.am

@@ -1,7 +1,11 @@
-SUBDIRS = crypto ssl include apps tests man
+SUBDIRS = crypto ssl tls include apps tests man
 ACLOCAL_AMFLAGS = -I m4
 
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcrypto.pc libssl.pc openssl.pc
 
+if ENABLE_LIBTLS
+pkgconfig_DATA += libtls.pc
+endif
+
 EXTRA_DIST = VERSION

configure.ac

@@ -143,14 +143,20 @@ AC_ARG_ENABLE([asm],
 	AS_HELP_STRING([--disable-asm], [Disable assembly]))
 AS_IF([test "x$enable_asm" = "xno"], [CFLAGS="$CFLAGS -DOPENSSL_NO_ASM"])
 
+AC_ARG_ENABLE([libtls],
+	AS_HELP_STRING([--enable-libtls], [Enable building the libtls library]))
+AM_CONDITIONAL([ENABLE_LIBTLS], [test "x$enable_libtls" = xyes])
+AM_COND_IF([ENABLE_LIBTLS], [AC_CONFIG_FILES([libtls.pc])])
+
 LT_INIT
 
 AC_CONFIG_FILES([
 	Makefile
 	include/Makefile
 	include/openssl/Makefile
-	ssl/Makefile
 	crypto/Makefile
+	ssl/Makefile
+	tls/Makefile
 	tests/Makefile
 	apps/Makefile
 	man/Makefile

include/Makefile.am

@@ -1,3 +1,5 @@
+include $(top_srcdir)/Makefile.am.common
+
 SUBDIRS = openssl
 
 noinst_HEADERS = err.h
@@ -24,3 +26,7 @@ noinst_HEADERS += sys/select.h
 noinst_HEADERS += sys/socket.h
 noinst_HEADERS += sys/times.h
 noinst_HEADERS += sys/types.h
+
+if ENABLE_LIBTLS
+include_HEADERS = tls.h
+endif

libtls.pc.in

@@ -0,0 +1,16 @@
+#libtls pkg-config source file
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: LibreSSL-libtls
+Description: Secure communications using the TLS socket protocol.
+Version: @VERSION@
+Requires:
+Requires.private: libcrypto libssl
+Conflicts:
+Libs: -L${libdir} -ltls
+Libs.private: @LIBS@ -lcrypto -lssl
+Cflags: -I${includedir}

man/Makefile.am.tpl

@@ -1,3 +1,2 @@
 include $(top_srcdir)/Makefile.am.common
 dist_man_MANS=
-

man/links

@@ -1,4 +1,32 @@
-MLINKS="ASN1_OBJECT_new.3,ASN1_OBJECT_free.3 \
+TLS_MLINKS="tls_init.3,tls_config_new.3
+	tls_init.3,tls_config_free.3
+	tls_init.3,tls_config_set_ca_file.3
+	tls_init.3,tls_config_set_ca_path.3
+	tls_init.3,tls_config_set_cert_file.3
+	tls_init.3,tls_config_set_cert_mem.3
+	tls_init.3,tls_config_set_ciphers.3
+	tls_init.3,tls_config_set_ecdhcurve.3
+	tls_init.3,tls_config_set_key_file.3
+	tls_init.3,tls_config_set_key_mem.3
+	tls_init.3,tls_config_set_protocols.3
+	tls_init.3,tls_config_set_verify_depth.3
+	tls_init.3,tls_config_clear_keys.3
+	tls_init.3,tls_config_insecure_noverifyhost.3
+	tls_init.3,tls_config_insecure_noverifycert.3
+	tls_init.3,tls_config_verify.3
+	tls_init.3,tls_client.3
+	tls_init.3,tls_server.3
+	tls_init.3,tls_configure.3
+	tls_init.3,tls_error.3
+	tls_init.3,tls_reset.3
+	tls_init.3,tls_free.3
+	tls_init.3,tls_close.3
+	tls_init.3,tls_connect.3
+	tls_init.3,tls_connect_socket.3
+	tls_init.3,tls_read.3
+	tls_init.3,tls_write.3"
+
+SSL_MLINKS="ASN1_OBJECT_new.3,ASN1_OBJECT_free.3 \
 	ASN1_STRING_length.3,ASN1_STRING_cmp.3 \
 	ASN1_STRING_length.3,ASN1_STRING_data.3 \
 	ASN1_STRING_length.3,ASN1_STRING_dup.3 \

tls/Makefile.am.tpl

@@ -0,0 +1,10 @@
+include $(top_srcdir)/Makefile.am.common
+
+lib_LTLIBRARIES = libtls.la
+
+libtls_la_LDFLAGS = -version-info libtls-version
+
+libtls_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
+libtls_la_SOURCES =
+noinst_HEADERS =
+

update.sh

@@ -16,21 +16,26 @@ fi
  git pull --rebase)
 
 dir=`pwd`
-libssl_src=$dir/openbsd/src/lib/libssl
-libssl_regress=$dir/openbsd/src/regress/lib/libssl
 libc_src=$dir/openbsd/src/lib/libc
 libc_regress=$dir/openbsd/src/regress/lib/libc
 libcrypto_src=$dir/openbsd/src/lib/libcrypto
-openssl_cmd_src=$dir/openbsd/src/usr.bin/openssl
 libcrypto_regress=$dir/openbsd/src/regress/lib/libcrypto
-
-source $libssl_src/ssl/shlib_version
-libssl_version=$major:$minor:0
-echo libssl version $libssl_version
+libssl_src=$dir/openbsd/src/lib/libssl
+libssl_regress=$dir/openbsd/src/regress/lib/libssl
+libtls_src=$dir/openbsd/src/lib/libtls
+openssl_cmd_src=$dir/openbsd/src/usr.bin/openssl
 
 source $libcrypto_src/crypto/shlib_version
 libcrypto_version=$major:$minor:0
-echo libcrypto version $libcrypto_version
+echo "libcrypto version $libcrypto_version"
+
+source $libssl_src/ssl/shlib_version
+libssl_version=$major:$minor:0
+echo "libssl version $libssl_version"
+
+source $libtls_src/shlib_version
+libtls_version=$major:$minor:0
+echo "libtls version $libtls_version"
 
 CP='cp -p'
 
@@ -63,6 +68,7 @@ $CP $libcrypto_src/crypto/arch/amd64/opensslconf.h include/openssl
 $CP $libssl_src/src/crypto/opensslfeatures.h include/openssl
 $CP $libssl_src/src/e_os2.h include/openssl
 $CP $libssl_src/src/ssl/pqueue.h include
+$CP $libtls_src/tls.h include
 
 for i in explicit_bzero.c strlcpy.c strlcat.c strndup.c strnlen.c \
 		timingsafe_bcmp.c timingsafe_memcmp.c; do
@@ -386,6 +392,23 @@ echo "EXTRA_DIST += testssl ca.pem server.pem" >> tests/Makefile.am
 	done
 )
 
+rm -f tls/*.c tls/*.h
+for i in tls_internal.h tls.c tls_server.c tls_client.c tls_util.c \
+    tls_config.c tls_verify.c; do
+	cp $libtls_src/$i tls
+done
+(cd tls
+	sed -e "s/libtls-version/${libtls_version}/" Makefile.am.tpl > Makefile.am
+	echo "if ENABLE_LIBTLS" >> Makefile.am
+	for i in `ls -1 *.c|sort`; do
+		echo "libtls_la_SOURCES += $i" >> Makefile.am
+	done
+	for i in `ls -1 *.h|sort`; do
+		echo "noinst_HEADERS += $i" >> Makefile.am
+	done
+	echo "endif" >> Makefile.am
+)
+
 # do not directly compile C files that are included in other C files
 crypto_excludes=(
 	des/ncbc_enc.c
@@ -478,6 +501,10 @@ apps_win32_only=(
 	done
 	$CP $openssl_cmd_src/openssl.1 .
 	echo "dist_man_MANS += openssl.1" >> Makefile.am
+	$CP $libtls_src/tls_init.3 .
+	echo "if ENABLE_LIBTLS" >> Makefile.am
+	echo "dist_man_MANS += tls_init.3" >> Makefile.am
+	echo "endif" >> Makefile.am
 
 	# convert remaining POD manpages
 	for i in `ls -1 $libssl_src/src/doc/crypto/*.pod | sort`; do
@@ -494,8 +521,14 @@ apps_win32_only=(
 
 	echo "install-data-hook:" >> Makefile.am
 	source ./links
-	for i in $MLINKS; do
+	for i in $SSL_MLINKS; do
 		IFS=","; set $i; unset IFS
 		echo "	ln -f \$(DESTDIR)\$(mandir)/man3/$1 \$(DESTDIR)\$(mandir)/man3/$2" >> Makefile.am
 	done
+	echo "if ENABLE_LIBTLS" >> Makefile.am
+	for i in $TLS_MLINKS; do
+		IFS=","; set $i; unset IFS
+		echo "	ln -f \$(DESTDIR)\$(mandir)/man3/$1 \$(DESTDIR)\$(mandir)/man3/$2" >> Makefile.am
+	done
+	echo "endif" >> Makefile.am
 )