- add cmake build options as configure provides
* -DENABLE_ASM (default ON)
* -DENABLE_EXTRATESTS (default OFF)
* -DENABLE_NC (default OFF)
* -DOPENSSLDIR (default ${CMAKE_INSTALL_PREFIX}/etc/ssl)
- add biotest and pidwraptest if ENABLE_EXTRATESTS is ON
- add compiler flag `-fno-common` if CMAKE_SYSTEM_NAME is Darwin
to prevent link error Undefined symbols "_OPENSSL_ia32cap_P"
- modify structure of CMakeLists.txt under apps/
* move apps/CMakeLists.txt to apps/openssl/ since this is for openssl build
* create new apps/nc/CMakeLists.txt for nc build
* modify apps/CMakeLists.txt just add_subdirectory()
- add checking and compile of arc4random_uniform()
- add installing man files, openssl.1 and nc.1
VS2013 has trouble with relative include paths for apps/openssl, so move
certhash_win/apps_win.c back to apps/openssl.
gmtime_r on mingw64 fails with negative time_t, override
gmtime_s fails all of the time unit tests, override
SHUT_RD/WR are defined in newer mingw64 headers, check before overriding
The build system incorrectly set include directives in AM_CFLAGS which
causes them to be placed after the configured CPPFLAGS. Thus, if
a user or packaging system sets CPPFLAGS to a location that has
libressl or openssl headers installed, they will be used instead
of the bundled versions. This corrects that issue by setting up
the variables correctly.
https://github.com/libressl-portable/portable/issues/150
Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
This moves the compatibility include files from include to
include/compat so we can use the awful MS C compiler
<../include/> trick to emulate the GNU #include_next extension.
This also removes a few old compat files we do not need anymore.
From deraadt@ upstream:
Remove all getenv() calls, especially those wrapped by issetugid().
getenv()'s wrapped by issetugid() are safe, but issetugid() is ...
difficult to impliment on many operating systems. By accident, a grand
experiment was run over the last year, where issetugid() returned 1 (the
safe value) on a few operating systems. Noone noticed & complained that
certain environment variables were not working.......
Move define adjustments to CPPFLAGS.
Adjust user CFLAGS directly, do not override during configuration.
USER_CFLAGS is not necessary to build libcompat_noopt correctly.
The current NetBSD release, 6.1.5, fails to reseed arc4random fork. Work
around it by providing arc4random/getentropy shims. Revisit when NetBSD
7 is available.
tested on: HP-UX 11.31 ia64,
gcc 4.7.1(HP AllianceOne version)
gcc 4.2.3(http://hpux.connect.org.uk)
HP C/aC++
HP-UX defaults to use LP32 and it treats long as 32 bit (= 4 bytes).
This build forces LP64 for treating long as 64 bit.
This adds initial support for assembly crypto acceleration on x86_64 for
ELF (Linux, *BSD, Solaris) and Mach-O (OS-X) systems.
The build method is a little different than OpenSSL and OpenBSD. All
the .s files are generated ahead of time when the tarball is generated,
so there are no complicated makefile rules at configure/build time. This
also means the builds are faster and perl is not required on the build
system.
Thanks to Wouter Clarie for providing the initial cleanup and patch
that this is based on.
This makes building and testing easier because the library Makefile.am
files are use directly rather than as templates. Thanks to Wouter Clarie
for the idea.
Remove a lot of complex shell code. Upstream churn has slowed down, so
it is now easier to maintain this directly as automake files. This is
also needed to start integrating CPU-specific acceleration support.
Since we are deriving the copy list from the Makefile.am files, we can
now get rid of copy_src/copy_crypto.
The FreeBSD-native arc4random_buf implementation falls back to weak
sources of entropy if the sysctl fails. Remove these dangerous fallbacks
by overriding locally.
Unfortunately, pthread_atfork() is broken on FreeBSD (at least 9 and 10)
if a program does not link to -lthr. Callbacks registered with
pthread_atfork() simply fail silently. So, it is not always possible to
detect a PID wraparound. I wish we could do better.
This improves arc4random_buf's safety compared to the native FreeBSD
implementation. Tested on FreeBSD 9 and 10.
ok beck@ deraadt@
Simplify autoconf checks by using AC_CHECK_FUNCS/HEADERS.
Clarify some ambiguous dependencies around strnlen/strndup.
Unconditionally enable pidwraptest for all arc4random implementations.
Remove HAVE_VASPRINTF conditional, since asprintf requires vasprintf.
ok @doug
* use the original name for the file from OpenSSH (remove duplicate version)
* add va_copy/__va_copy checks to configure
* incorporate proposed fixes to openssh version:
+ include more system headers directly for various definitions
+ limit the scope of va_copy/va_end to their affected vsnprintf calls
+ simplify error handling, removing a dead assignment
Use canonical host rather than target so that this works:
CC=i686-w64-mingw32-gcc ./configure --host=i686-w64-mingw32
Conditionally compile Linux issetugid compatibility function
ok beck@
From kettenis@
People have suggested using pthread_atfork(3) before, but discarded
the idea because it involves linking with -lpthread, which has other
undesirable consequences. However:
* Most systems actually have pthread_atfork(3) in libc. I verified
this on OS X and Solaris. I believe this is the case on Linux
systems that use musl as well.
* On Linux systems that use glibc, this isn't the case. However,
those systems have __register_atfork(3), which is fully documented
in the "Linux Standard Base Core Specification".
ok kettenis@ deraadt@ beck@
