Compare commits
	
		
			51 Commits
		
	
	
		
			OPENBSD_5_
			...
			v2.4.3
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|   | c4ebe2518c | ||
|   | 1d36474726 | ||
|   | 48ecc2d05d | ||
|   | 7f322bfe7e | ||
|   | 47d4f7109f | ||
|   | 12348e6f64 | ||
|   | 1b10e48a1f | ||
|   | a9332ccecf | ||
|   | fa435db8df | ||
|   | 618c32e4a1 | ||
|   | b13529f791 | ||
|   | 30adf9c06e | ||
|   | 23083e7724 | ||
|   | aab671088d | ||
|   | ccf66c469f | ||
|   | ec4c98718d | ||
|   | 13b7ac8ada | ||
|   | ddb22413ed | ||
|   | 2cbdc049bb | ||
|   | 4a9e42808c | ||
|   | de4a123930 | ||
|   | 72ce1e1c9f | ||
|   | 0c4d1b9cef | ||
|   | 1f6f1a3527 | ||
|   | 7b420734d4 | ||
|   | ff021e8abd | ||
|   | 40974784c0 | ||
|   | 552817b77f | ||
|   | 5582be55b4 | ||
|   | a653a67a1e | ||
|   | 466e389d3f | ||
|   | 02e1cc4df1 | ||
|   | 49eabdcb16 | ||
|   | 08089a1b20 | ||
|   | bda62f7fe4 | ||
|   | c94670a8cd | ||
|   | 752ad82d33 | ||
|   | 2510a5e6f9 | ||
|   | 9a98de6c34 | ||
|   | 34bf322e6e | ||
|   | d9b0838432 | ||
|   | e1f8a1e160 | ||
|   | 177e13159b | ||
|   | cf45f2bdfd | ||
|   | 3207606f11 | ||
|   | 2997b8577c | ||
|   | 02b00b5c07 | ||
|   | 8131b377bf | ||
|   | 04ceeb2c75 | ||
|   | 9a0f8a424b | ||
|   | 14aa5f73ab | 
| @@ -1,9 +1,10 @@ | ||||
| cmake_minimum_required (VERSION 2.8) | ||||
| cmake_minimum_required (VERSION 2.8.8) | ||||
| include(CheckFunctionExists) | ||||
| include(CheckLibraryExists) | ||||
| include(CheckIncludeFiles) | ||||
| include(CheckTypeSize) | ||||
|  | ||||
| project (LibreSSL) | ||||
| project (LibreSSL C) | ||||
|  | ||||
| enable_testing() | ||||
|  | ||||
| @@ -22,6 +23,17 @@ string(STRIP ${TLS_VERSION} TLS_VERSION) | ||||
| string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION}) | ||||
| string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION}) | ||||
|  | ||||
| option(ENABLE_ASM "Enable assembly" ON) | ||||
| option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF) | ||||
| option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF) | ||||
| set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE) | ||||
|  | ||||
| set(BUILD_NC true) | ||||
|  | ||||
| if(CMAKE_SYSTEM_NAME MATCHES "Darwin") | ||||
| 	add_definitions(-fno-common) | ||||
| endif() | ||||
|  | ||||
| if(CMAKE_SYSTEM_NAME MATCHES "OpenBSD") | ||||
| 	add_definitions(-DHAVE_ATTRIBUTE__BOUNDED__) | ||||
| endif() | ||||
| @@ -33,9 +45,34 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux") | ||||
| 	add_definitions(-D_GNU_SOURCE) | ||||
| endif() | ||||
|  | ||||
| if(CMAKE_SYSTEM_NAME MATCHES "MINGW") | ||||
| 	set(BUILD_NC false) | ||||
| endif() | ||||
|  | ||||
| if(MSVC) | ||||
| 	set(BUILD_NC false) | ||||
| endif() | ||||
|  | ||||
| if(CMAKE_SYSTEM_NAME MATCHES "HP-UX") | ||||
| 	if(CMAKE_C_COMPILER MATCHES "gcc") | ||||
| 		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing") | ||||
| 		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlp64") | ||||
| 	else() | ||||
| 		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 +DD64 +Otype_safety=off") | ||||
| 	endif() | ||||
| 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT") | ||||
| endif() | ||||
|  | ||||
| if(CMAKE_SYSTEM_NAME MATCHES "SunOS") | ||||
| 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing") | ||||
| 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__EXTENSIONS__") | ||||
| 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600") | ||||
| 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBSD_COMP") | ||||
| 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic -m64") | ||||
| endif() | ||||
|  | ||||
| add_definitions(-DLIBRESSL_INTERNAL) | ||||
| add_definitions(-DOPENSSL_NO_HW_PADLOCK) | ||||
| add_definitions(-DOPENSSL_NO_ASM) | ||||
|  | ||||
| set(CMAKE_POSITION_INDEPENDENT_CODE true) | ||||
|  | ||||
| @@ -131,6 +168,11 @@ if(HAVE_ARC4RANDOM_BUF) | ||||
| 	add_definitions(-DHAVE_ARC4RANDOM_BUF) | ||||
| endif() | ||||
|  | ||||
| check_function_exists(arc4random_uniform HAVE_ARC4RANDOM_UNIFORM) | ||||
| if(HAVE_ARC4RANDOM_UNIFORM) | ||||
| 	add_definitions(-DHAVE_ARC4RANDOM_UNIFORM) | ||||
| endif() | ||||
|  | ||||
| check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO) | ||||
| if(HAVE_EXPLICIT_BZERO) | ||||
| 	add_definitions(-DHAVE_EXPLICIT_BZERO) | ||||
| @@ -156,11 +198,28 @@ if(HAVE_MEMCMP) | ||||
| 	add_definitions(-DHAVE_MEMCMP) | ||||
| endif() | ||||
|  | ||||
| check_function_exists(memmem HAVE_MEMMEM) | ||||
| if(HAVE_MEMMEM) | ||||
| 	add_definitions(-DHAVE_MEMMEM) | ||||
| endif() | ||||
|  | ||||
| check_include_files(err.h HAVE_ERR_H) | ||||
| if(HAVE_ERR_H) | ||||
| 	add_definitions(-DHAVE_ERR_H) | ||||
| endif() | ||||
|  | ||||
| if(ENABLE_ASM) | ||||
| 	if("${CMAKE_C_COMPILER_ABI}" STREQUAL "ELF") | ||||
| 		if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)") | ||||
| 			set(HOST_ASM_ELF_X86_64 true) | ||||
| 		elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386") | ||||
| 			set(HOST_ASM_ELF_X86_64 true) | ||||
| 		endif() | ||||
| 	elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") | ||||
| 		set(HOST_ASM_MACOSX_X86_64 true) | ||||
| 	endif() | ||||
| endif() | ||||
|  | ||||
| set(OPENSSL_LIBS ssl crypto) | ||||
| if(CMAKE_HOST_WIN32) | ||||
| 	set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32) | ||||
| @@ -171,11 +230,25 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux") | ||||
| 		set(OPENSSL_LIBS ${OPENSSL_LIBS} rt) | ||||
| 	endif() | ||||
| endif() | ||||
| if(CMAKE_SYSTEM_NAME MATCHES "HP-UX") | ||||
| 	set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread) | ||||
| endif() | ||||
| if(CMAKE_SYSTEM_NAME MATCHES "SunOS") | ||||
| 	set(OPENSSL_LIBS ${OPENSSL_LIBS} nsl socket) | ||||
| endif() | ||||
|  | ||||
| if(NOT (CMAKE_SYSTEM_NAME MATCHES "Darwin" OR MSVC)) | ||||
| if(NOT (CMAKE_SYSTEM_NAME MATCHES "(Darwin|MINGW|CYGWIN)" OR MSVC)) | ||||
| 	set(BUILD_SHARED true) | ||||
| endif() | ||||
|  | ||||
| check_type_size(time_t SIZEOF_TIME_T) | ||||
| if(SIZEOF_TIME_T STREQUAL "4") | ||||
| 	set(SMALL_TIME_T true) | ||||
| 	message(WARNING " ** Warning, this system is unable to represent times past 2038\n" | ||||
| 	                " ** It will behave incorrectly when handling valid RFC5280 dates") | ||||
| endif() | ||||
| add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T}) | ||||
|  | ||||
| add_subdirectory(crypto) | ||||
| add_subdirectory(ssl) | ||||
| add_subdirectory(apps) | ||||
| @@ -185,3 +258,11 @@ if(NOT MSVC) | ||||
| 	add_subdirectory(man) | ||||
| 	add_subdirectory(tests) | ||||
| endif() | ||||
|  | ||||
| configure_file( | ||||
| 	"${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in" | ||||
| 	"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake" | ||||
| 	IMMEDIATE @ONLY) | ||||
|  | ||||
| add_custom_target(uninstall | ||||
| 	COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake) | ||||
|   | ||||
							
								
								
									
										96
									
								
								ChangeLog
									
									
									
									
									
								
							
							
						
						
									
										96
									
								
								ChangeLog
									
									
									
									
									
								
							| @@ -28,25 +28,11 @@ history is also available from Git. | ||||
|  | ||||
| LibreSSL Portable Release Notes: | ||||
|  | ||||
| 2.3.10 - Security and compatibility fixes | ||||
| 2.4.3 - Bug fixes and reliability improvements | ||||
|  | ||||
| 	* Avoid a side-channel cache-timing attack that can leak the ECDSA | ||||
| 	  private keys when signing. This is due to BN_mod_inverse() being | ||||
| 	  used without the constant time flag being set. | ||||
|  | ||||
| 	  This issue was reported by Cesar Pereida Garcia and Billy Brumley | ||||
| 	  (Tampere University of Technology). The fix was developed by Cesar | ||||
| 	  Pereida Garcia. | ||||
|  | ||||
| 	* iOS and MacOS compatibility updates from Simone Basso and Jacob | ||||
| 	  Berkman. | ||||
|  | ||||
| 2.3.9 - Reliability improvements | ||||
|  | ||||
| 	* Avoid continual processing of an unlimited number of TLS records, | ||||
| 	  which can cause a denial-of-service condition. | ||||
|  | ||||
| 2.3.8 - Security and reliability fixes | ||||
| 	* Reverted change that cleans up the EVP cipher context in | ||||
| 	  EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the | ||||
| 	  previous behaviour. | ||||
|  | ||||
| 	* Avoid unbounded memory growth in libssl, which can be triggered by a | ||||
| 	  TLS client repeatedly renegotiating and sending OCSP Status Request | ||||
| @@ -55,25 +41,79 @@ LibreSSL Portable Release Notes: | ||||
| 	* Avoid falling back to a weak digest for (EC)DH when using SNI with | ||||
| 	  libssl. | ||||
|  | ||||
| 2.3.7 - OCSP fixes | ||||
| 2.4.2 - Bug fixes and improvements | ||||
|  | ||||
| 	* Fix several issues in the OCSP code that could result in the | ||||
| 	  incorrect generation and parsing of OCSP requests. This remediates a | ||||
| 	  lack of error checking on time parsing in these functions, and | ||||
| 	  ensures that only GENERALIZEDTIME formats are accepted for OCSP, as | ||||
| 	  per RFC 6960. | ||||
| 	* Fixed loading default certificate locations with openssl s_client. | ||||
|  | ||||
| 	  Issues reported, and fixes provided by  Kazuki Yamaguchi <k@rhe.jp> | ||||
| 	  and Kinichiro Inoguchi <kinichiro.inoguchi@gmail.com> | ||||
| 	* Ensured OSCP only uses and compares GENERALIZEDTIME values as per | ||||
| 	  RFC6960. Also added fixes for OCSP to work with intermediate | ||||
| 	  certificates provided in responses. | ||||
|  | ||||
| 2.3.6 - Security fix | ||||
| 	* Improved behavior of arc4random on Windows to not appear to leak | ||||
| 	  memory in debug tools, reduced privileges of allocated memory. | ||||
|  | ||||
| 	* Fixed incorrect results from BN_mod_word() when the modulus is too | ||||
| 	  large, thanks to Brian Smith from BoringSSL. | ||||
|  | ||||
| 	* Correctly handle an EOF prior to completing the TLS handshake in | ||||
| 	  libtls. | ||||
|  | ||||
| 	* Improved libtls ceritificate loading and cipher string validation. | ||||
|  | ||||
| 	* Updated libtls cipher group suites into four categories: | ||||
| 	    "secure"   (TLSv1.2+AEAD+PFS) | ||||
| 	    "compat"   (HIGH:!aNULL) | ||||
| 	    "legacy"   (HIGH:MEDIUM:!aNULL) | ||||
| 	    "insecure" (ALL:!aNULL:!eNULL) | ||||
| 	  This allows for flexibility and finer grained control, rather than | ||||
| 	  having two extremes. | ||||
|  | ||||
| 	* Limited support for 'backward compatible' SSLv2 handshake packets to | ||||
| 	  when TLS 1.0 is enabled, providing more restricted compatibility | ||||
| 	  with TLS 1.0 clients. | ||||
|  | ||||
| 	* openssl(1) and other documentation improvements. | ||||
|  | ||||
| 	* Removed flags for disabling constant-time operations. | ||||
| 	  This removes support for DSA_FLAG_NO_EXP_CONSTTIME, | ||||
| 	  DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making | ||||
| 	  all of these operations unconditionally constant-time. | ||||
|  | ||||
|  | ||||
| 2.4.1 - Security fix | ||||
|  | ||||
| 	* Correct a problem that prevents the DSA signing algorithm from | ||||
| 	  running in constant time even if the flag BN_FLG_CONSTTIME is set. | ||||
| 	  This issue was reported by Cesar Pereida (Aalto University), Billy | ||||
| 	  Brumley (Tampere University of Technology), and Yuval Yarom (The | ||||
| 	  University of Adelaide and NICTA). The fix was developed by Cesar | ||||
| 	  Pereida. See OpenBSD 5.9 errata 11, June 6, 2016 | ||||
| 	  Pereida. | ||||
|  | ||||
| 2.4.0 - Build improvements, new features | ||||
|  | ||||
| 	* Many improvements to the CMake build infrastructure, including | ||||
| 	  Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro | ||||
| 	  Inoguchi for this work. | ||||
|  | ||||
| 	* Added missing error handling around bn_wexpand() calls. | ||||
|  | ||||
| 	* Added explicit_bzero calls for freed ASN.1 objects. | ||||
|  | ||||
| 	* Fixed X509_*set_object functions to return 0 on allocation failure. | ||||
|  | ||||
| 	* Implemented the IETF ChaCha20-Poly1305 cipher suites. | ||||
|  | ||||
| 	* Changed default EVP_aead_chacha20_poly1305() implementation to the | ||||
| 	  IETF version, which is now the default. | ||||
|  | ||||
| 	* Fixed password prompts from openssl(1) to properly handle ^C. | ||||
|  | ||||
| 	* Reworked error handling in libtls so that configuration errors are | ||||
| 	  visible. | ||||
|  | ||||
| 	* Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final. | ||||
|  | ||||
| 	* Manpage fixes and updates | ||||
|  | ||||
| 2.3.5 - Reliability fix | ||||
|  | ||||
|   | ||||
| @@ -5,7 +5,7 @@ pkgconfigdir = $(libdir)/pkgconfig | ||||
| pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc | ||||
|  | ||||
| EXTRA_DIST = README.md README.windows VERSION config scripts | ||||
| EXTRA_DIST += CMakeLists.txt | ||||
| EXTRA_DIST += CMakeLists.txt cmake_uninstall.cmake.in | ||||
|  | ||||
| .PHONY: install_sw | ||||
| install_sw: install | ||||
|   | ||||
| @@ -1 +1 @@ | ||||
| OPENBSD_5_9 | ||||
| OPENBSD_6_0 | ||||
|   | ||||
| @@ -30,7 +30,7 @@ At the time of this writing, LibreSSL is know to build and work on: | ||||
|  | ||||
| * Linux (kernel 3.17 or later recommended) | ||||
| * FreeBSD (tested with 9.2 and later) | ||||
| * NetBSD (tested with 6.1.5) | ||||
| * NetBSD (7.0 or later recommended) | ||||
| * HP-UX (11i) | ||||
| * Solaris (11 and later preferred) | ||||
| * Mac OS X (tested with 10.8 and later) | ||||
|   | ||||
| @@ -1,80 +1,2 @@ | ||||
| include_directories( | ||||
| 	. | ||||
| 	../include | ||||
| 	../include/compat | ||||
| ) | ||||
|  | ||||
| set( | ||||
| 	OPENSSL_SRC | ||||
| 	openssl/apps.c | ||||
| 	openssl/asn1pars.c | ||||
| 	openssl/ca.c | ||||
| 	openssl/ciphers.c | ||||
| 	openssl/cms.c | ||||
| 	openssl/crl.c | ||||
| 	openssl/crl2p7.c | ||||
| 	openssl/dgst.c | ||||
| 	openssl/dh.c | ||||
| 	openssl/dhparam.c | ||||
| 	openssl/dsa.c | ||||
| 	openssl/dsaparam.c | ||||
| 	openssl/ec.c | ||||
| 	openssl/ecparam.c | ||||
| 	openssl/enc.c | ||||
| 	openssl/errstr.c | ||||
| 	openssl/gendh.c | ||||
| 	openssl/gendsa.c | ||||
| 	openssl/genpkey.c | ||||
| 	openssl/genrsa.c | ||||
| 	openssl/nseq.c | ||||
| 	openssl/ocsp.c | ||||
| 	openssl/openssl.c | ||||
| 	openssl/passwd.c | ||||
| 	openssl/pkcs12.c | ||||
| 	openssl/pkcs7.c | ||||
| 	openssl/pkcs8.c | ||||
| 	openssl/pkey.c | ||||
| 	openssl/pkeyparam.c | ||||
| 	openssl/pkeyutl.c | ||||
| 	openssl/prime.c | ||||
| 	openssl/rand.c | ||||
| 	openssl/req.c | ||||
| 	openssl/rsa.c | ||||
| 	openssl/rsautl.c | ||||
| 	openssl/s_cb.c | ||||
| 	openssl/s_client.c | ||||
| 	openssl/s_server.c | ||||
| 	openssl/s_socket.c | ||||
| 	openssl/s_time.c | ||||
| 	openssl/sess_id.c | ||||
| 	openssl/smime.c | ||||
| 	openssl/speed.c | ||||
| 	openssl/spkac.c | ||||
| 	openssl/ts.c | ||||
| 	openssl/verify.c | ||||
| 	openssl/version.c | ||||
| 	openssl/x509.c | ||||
| ) | ||||
|  | ||||
| if(CMAKE_HOST_UNIX) | ||||
| 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_posix.c) | ||||
| 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash.c) | ||||
| endif() | ||||
|  | ||||
| if(CMAKE_HOST_WIN32) | ||||
| 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_win.c) | ||||
| 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash_win.c) | ||||
| 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/poll_win.c) | ||||
| endif() | ||||
|  | ||||
| check_function_exists(strtonum HAVE_STRTONUM) | ||||
| if(HAVE_STRTONUM) | ||||
| 	add_definitions(-DHAVE_STRTONUM) | ||||
| else() | ||||
| 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/strtonum.c) | ||||
| endif() | ||||
|  | ||||
| add_executable(openssl ${OPENSSL_SRC}) | ||||
| target_link_libraries(openssl ${OPENSSL_LIBS}) | ||||
|  | ||||
| install(TARGETS openssl DESTINATION bin) | ||||
| add_subdirectory(openssl) | ||||
| add_subdirectory(nc) | ||||
|   | ||||
							
								
								
									
										60
									
								
								apps/nc/CMakeLists.txt
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										60
									
								
								apps/nc/CMakeLists.txt
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,60 @@ | ||||
| if(BUILD_NC) | ||||
|  | ||||
| include_directories( | ||||
| 	. | ||||
| 	./compat | ||||
| 	../../include | ||||
| 	../../include/compat | ||||
| ) | ||||
|  | ||||
| set( | ||||
| 	NC_SRC | ||||
| 	atomicio.c | ||||
| 	netcat.c | ||||
| 	socks.c | ||||
| 	compat/socket.c | ||||
| ) | ||||
|  | ||||
| check_function_exists(b64_ntop HAVE_B64_NTOP) | ||||
| if(HAVE_B64_NTOP) | ||||
| 	add_definitions(-DHAVE_B64_NTOP) | ||||
| else() | ||||
| 	set(NC_SRC ${NC_SRC} compat/base64.c) | ||||
| endif() | ||||
|  | ||||
| check_function_exists(accept4 HAVE_ACCEPT4) | ||||
| if(HAVE_ACCEPT4) | ||||
| 	add_definitions(-DHAVE_ACCEPT4) | ||||
| else() | ||||
| 	set(NC_SRC ${NC_SRC} compat/accept4.c) | ||||
| endif() | ||||
|  | ||||
| check_function_exists(readpassphrase HAVE_READPASSPHRASE) | ||||
| if(HAVE_READPASSPHRASE) | ||||
| 	add_definitions(-DHAVE_READPASSPHRASE) | ||||
| else() | ||||
| 	set(NC_SRC ${NC_SRC} compat/readpassphrase.c) | ||||
| endif() | ||||
|  | ||||
| check_function_exists(strtonum HAVE_STRTONUM) | ||||
| if(HAVE_STRTONUM) | ||||
| 	add_definitions(-DHAVE_STRTONUM) | ||||
| else() | ||||
| 	set(NC_SRC ${NC_SRC} compat/strtonum.c) | ||||
| endif() | ||||
|  | ||||
| if(NOT "${OPENSSLDIR}" STREQUAL "") | ||||
| 	add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") | ||||
| else() | ||||
| 	add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\") | ||||
| endif() | ||||
|  | ||||
| add_executable(nc ${NC_SRC}) | ||||
| target_link_libraries(nc tls ${OPENSSL_LIBS}) | ||||
|  | ||||
| if(ENABLE_NC) | ||||
| 	install(TARGETS nc DESTINATION bin) | ||||
| 	install(FILES nc.1 DESTINATION share/man/man1) | ||||
| endif() | ||||
|  | ||||
| endif() | ||||
| @@ -9,6 +9,7 @@ noinst_PROGRAMS = nc | ||||
| endif | ||||
|  | ||||
| EXTRA_DIST = nc.1 | ||||
| EXTRA_DIST += CMakeLists.txt | ||||
|  | ||||
| nc_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) | ||||
| nc_LDADD += $(abs_top_builddir)/crypto/libcrypto.la | ||||
|   | ||||
							
								
								
									
										89
									
								
								apps/openssl/CMakeLists.txt
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										89
									
								
								apps/openssl/CMakeLists.txt
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,89 @@ | ||||
| include_directories( | ||||
| 	. | ||||
| 	../../include | ||||
| 	../../include/compat | ||||
| ) | ||||
|  | ||||
| set( | ||||
| 	OPENSSL_SRC | ||||
| 	apps.c | ||||
| 	asn1pars.c | ||||
| 	ca.c | ||||
| 	ciphers.c | ||||
| 	cms.c | ||||
| 	crl.c | ||||
| 	crl2p7.c | ||||
| 	dgst.c | ||||
| 	dh.c | ||||
| 	dhparam.c | ||||
| 	dsa.c | ||||
| 	dsaparam.c | ||||
| 	ec.c | ||||
| 	ecparam.c | ||||
| 	enc.c | ||||
| 	errstr.c | ||||
| 	gendh.c | ||||
| 	gendsa.c | ||||
| 	genpkey.c | ||||
| 	genrsa.c | ||||
| 	nseq.c | ||||
| 	ocsp.c | ||||
| 	openssl.c | ||||
| 	passwd.c | ||||
| 	pkcs12.c | ||||
| 	pkcs7.c | ||||
| 	pkcs8.c | ||||
| 	pkey.c | ||||
| 	pkeyparam.c | ||||
| 	pkeyutl.c | ||||
| 	prime.c | ||||
| 	rand.c | ||||
| 	req.c | ||||
| 	rsa.c | ||||
| 	rsautl.c | ||||
| 	s_cb.c | ||||
| 	s_client.c | ||||
| 	s_server.c | ||||
| 	s_socket.c | ||||
| 	s_time.c | ||||
| 	sess_id.c | ||||
| 	smime.c | ||||
| 	speed.c | ||||
| 	spkac.c | ||||
| 	ts.c | ||||
| 	verify.c | ||||
| 	version.c | ||||
| 	x509.c | ||||
| ) | ||||
|  | ||||
| if(CMAKE_HOST_UNIX) | ||||
| 	set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c) | ||||
| 	set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c) | ||||
| endif() | ||||
|  | ||||
| if(CMAKE_HOST_WIN32) | ||||
| 	set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c) | ||||
| 	set(OPENSSL_SRC ${OPENSSL_SRC} certhash_win.c) | ||||
| 	set(OPENSSL_SRC ${OPENSSL_SRC} compat/poll_win.c) | ||||
| endif() | ||||
|  | ||||
| check_function_exists(strtonum HAVE_STRTONUM) | ||||
| if(HAVE_STRTONUM) | ||||
| 	add_definitions(-DHAVE_STRTONUM) | ||||
| else() | ||||
| 	set(OPENSSL_SRC ${OPENSSL_SRC} compat/strtonum.c) | ||||
| endif() | ||||
|  | ||||
| add_executable(openssl ${OPENSSL_SRC}) | ||||
| target_link_libraries(openssl ${OPENSSL_LIBS}) | ||||
|  | ||||
| install(TARGETS openssl DESTINATION bin) | ||||
| install(FILES openssl.1 DESTINATION share/man/man1) | ||||
|  | ||||
| if(NOT "${OPENSSLDIR}" STREQUAL "") | ||||
| 	set(CONF_DIR "${OPENSSLDIR}") | ||||
| else() | ||||
| 	set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl") | ||||
| endif() | ||||
| install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR}) | ||||
| install(DIRECTORY DESTINATION ${CONF_DIR}/cert) | ||||
| @@ -89,6 +89,7 @@ noinst_HEADERS += timeouts.h | ||||
| EXTRA_DIST = cert.pem | ||||
| EXTRA_DIST += openssl.cnf | ||||
| EXTRA_DIST += x509v3.cnf | ||||
| EXTRA_DIST += CMakeLists.txt | ||||
|  | ||||
| install-exec-hook: | ||||
| 	@if [ "@OPENSSLDIR@x" != "x" ]; then \ | ||||
|   | ||||
							
								
								
									
										21
									
								
								cmake_uninstall.cmake.in
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										21
									
								
								cmake_uninstall.cmake.in
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,21 @@ | ||||
| if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") | ||||
| 	message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") | ||||
| endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") | ||||
|  | ||||
| file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files) | ||||
| string(REGEX REPLACE "\n" ";" files "${files}") | ||||
| foreach(file ${files}) | ||||
| 	message(STATUS "Uninstalling $ENV{DESTDIR}${file}") | ||||
| 	if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") | ||||
| 		exec_program( | ||||
| 			"@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\"" | ||||
| 			OUTPUT_VARIABLE rm_out | ||||
| 			RETURN_VALUE rm_retval | ||||
| 			) | ||||
| 		if(NOT "${rm_retval}" STREQUAL 0) | ||||
| 			message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}") | ||||
| 		endif(NOT "${rm_retval}" STREQUAL 0) | ||||
| 	else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") | ||||
| 		message(STATUS "File $ENV{DESTDIR}${file} does not exist.") | ||||
| 	endif(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") | ||||
| endforeach(file) | ||||
| @@ -8,16 +8,107 @@ include_directories( | ||||
| 	modes | ||||
| ) | ||||
|  | ||||
| if(HOST_ASM_ELF_X86_64) | ||||
| 	set( | ||||
| 		ASM_X86_64_ELF_SRC | ||||
| 		aes/aes-elf-x86_64.s | ||||
| 		aes/bsaes-elf-x86_64.s | ||||
| 		aes/vpaes-elf-x86_64.s | ||||
| 		aes/aesni-elf-x86_64.s | ||||
| 		aes/aesni-sha1-elf-x86_64.s | ||||
| 		bn/modexp512-elf-x86_64.s | ||||
| 		bn/mont-elf-x86_64.s | ||||
| 		bn/mont5-elf-x86_64.s | ||||
| 		bn/gf2m-elf-x86_64.s | ||||
| 		camellia/cmll-elf-x86_64.s | ||||
| 		md5/md5-elf-x86_64.s | ||||
| 		modes/ghash-elf-x86_64.s | ||||
| 		rc4/rc4-elf-x86_64.s | ||||
| 		rc4/rc4-md5-elf-x86_64.s | ||||
| 		sha/sha1-elf-x86_64.s | ||||
| 		sha/sha256-elf-x86_64.S | ||||
| 		sha/sha512-elf-x86_64.S | ||||
| 		whrlpool/wp-elf-x86_64.s | ||||
| 		cpuid-elf-x86_64.S | ||||
| 	) | ||||
| 	add_definitions(-DAES_ASM) | ||||
| 	add_definitions(-DBSAES_ASM) | ||||
| 	add_definitions(-DVPAES_ASM) | ||||
| 	add_definitions(-DOPENSSL_IA32_SSE2) | ||||
| 	add_definitions(-DOPENSSL_BN_ASM_MONT) | ||||
| 	add_definitions(-DOPENSSL_BN_ASM_MONT5) | ||||
| 	add_definitions(-DOPENSSL_BN_ASM_GF2m) | ||||
| 	add_definitions(-DMD5_ASM) | ||||
| 	add_definitions(-DGHASH_ASM) | ||||
| 	add_definitions(-DRSA_ASM) | ||||
| 	add_definitions(-DSHA1_ASM) | ||||
| 	add_definitions(-DSHA256_ASM) | ||||
| 	add_definitions(-DSHA512_ASM) | ||||
| 	add_definitions(-DWHIRLPOOL_ASM) | ||||
| 	add_definitions(-DOPENSSL_CPUID_OBJ) | ||||
| 	set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_ELF_SRC}) | ||||
| 	set_property(SOURCE ${ASM_X86_64_ELF_SRC} PROPERTY LANGUAGE C) | ||||
| endif() | ||||
|  | ||||
| if(HOST_ASM_MACOSX_X86_64) | ||||
| 	set( | ||||
| 		ASM_X86_64_MACOSX_SRC | ||||
| 		aes/aes-macosx-x86_64.s | ||||
| 		aes/bsaes-macosx-x86_64.s | ||||
| 		aes/vpaes-macosx-x86_64.s | ||||
| 		aes/aesni-macosx-x86_64.s | ||||
| 		aes/aesni-sha1-macosx-x86_64.s | ||||
| 		bn/modexp512-macosx-x86_64.s | ||||
| 		bn/mont-macosx-x86_64.s | ||||
| 		bn/mont5-macosx-x86_64.s | ||||
| 		bn/gf2m-macosx-x86_64.s | ||||
| 		camellia/cmll-macosx-x86_64.s | ||||
| 		md5/md5-macosx-x86_64.s | ||||
| 		modes/ghash-macosx-x86_64.s | ||||
| 		rc4/rc4-macosx-x86_64.s | ||||
| 		rc4/rc4-md5-macosx-x86_64.s | ||||
| 		sha/sha1-macosx-x86_64.s | ||||
| 		sha/sha256-macosx-x86_64.S | ||||
| 		sha/sha512-macosx-x86_64.S | ||||
| 		whrlpool/wp-macosx-x86_64.s | ||||
| 		cpuid-macosx-x86_64.S | ||||
| 	) | ||||
| 	add_definitions(-DAES_ASM) | ||||
| 	add_definitions(-DBSAES_ASM) | ||||
| 	add_definitions(-DVPAES_ASM) | ||||
| 	add_definitions(-DOPENSSL_IA32_SSE2) | ||||
| 	add_definitions(-DOPENSSL_BN_ASM_MONT) | ||||
| 	add_definitions(-DOPENSSL_BN_ASM_MONT5) | ||||
| 	add_definitions(-DOPENSSL_BN_ASM_GF2m) | ||||
| 	add_definitions(-DMD5_ASM) | ||||
| 	add_definitions(-DGHASH_ASM) | ||||
| 	add_definitions(-DRSA_ASM) | ||||
| 	add_definitions(-DSHA1_ASM) | ||||
| 	add_definitions(-DSHA256_ASM) | ||||
| 	add_definitions(-DSHA512_ASM) | ||||
| 	add_definitions(-DWHIRLPOOL_ASM) | ||||
| 	add_definitions(-DOPENSSL_CPUID_OBJ) | ||||
| 	set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_MACOSX_SRC}) | ||||
| 	set_property(SOURCE ${ASM_X86_64_MACOSX_SRC} PROPERTY LANGUAGE C) | ||||
| endif() | ||||
|  | ||||
| if((NOT HOST_ASM_ELF_X86_64) AND (NOT HOST_ASM_MACOSX_X86_64)) | ||||
| 	set( | ||||
| 		CRYPTO_SRC | ||||
| 		${CRYPTO_SRC} | ||||
| 		aes/aes_cbc.c | ||||
| 		aes/aes_core.c | ||||
| 		camellia/camellia.c | ||||
| 		camellia/cmll_cbc.c | ||||
| 		rc4/rc4_enc.c | ||||
| 		rc4/rc4_skey.c | ||||
| 		whrlpool/wp_block.c | ||||
| 	) | ||||
| endif() | ||||
|  | ||||
| set( | ||||
| 	CRYPTO_SRC | ||||
|  | ||||
| 	aes/aes_cbc.c | ||||
| 	aes/aes_core.c | ||||
| 	camellia/camellia.c | ||||
| 	camellia/cmll_cbc.c | ||||
| 	rc4/rc4_enc.c | ||||
| 	rc4/rc4_skey.c | ||||
| 	whrlpool/wp_block.c | ||||
| 	${CRYPTO_SRC} | ||||
| 	cpt_err.c | ||||
| 	cryptlib.c | ||||
| 	cversion.c | ||||
| @@ -617,6 +708,8 @@ if(NOT HAVE_ARC4RANDOM_BUF) | ||||
| 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c) | ||||
| 		elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD") | ||||
| 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c) | ||||
| 		elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX") | ||||
| 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_hpux.c) | ||||
| 		elseif(CMAKE_SYSTEM_NAME MATCHES "Linux") | ||||
| 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c) | ||||
| 		elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD") | ||||
| @@ -629,6 +722,10 @@ if(NOT HAVE_ARC4RANDOM_BUF) | ||||
| 	endif() | ||||
| endif() | ||||
|  | ||||
| if(NOT HAVE_ARC4RANDOM_UNIFORM) | ||||
| 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random_uniform.c) | ||||
| endif() | ||||
|  | ||||
| if(NOT HAVE_TIMINGSAFE_BCMP) | ||||
| 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c) | ||||
| endif() | ||||
| @@ -637,6 +734,20 @@ if(NOT HAVE_TIMINGSAFE_MEMCMP) | ||||
| 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c) | ||||
| endif() | ||||
|  | ||||
| if(NOT ENABLE_ASM) | ||||
| 	add_definitions(-DOPENSSL_NO_ASM) | ||||
| else() | ||||
| 	if(CMAKE_HOST_WIN32) | ||||
| 		add_definitions(-DOPENSSL_NO_ASM) | ||||
| 	endif() | ||||
| endif() | ||||
|  | ||||
| if(NOT "${OPENSSLDIR}" STREQUAL "") | ||||
| 	add_definitions(-DOPENSSLDIR=\"${OPENSSLDIR}\") | ||||
| else() | ||||
| 	add_definitions(-DOPENSSLDIR=\"${CMAKE_INSTALL_PREFIX}/etc/ssl\") | ||||
| endif() | ||||
|  | ||||
| if (BUILD_SHARED) | ||||
| 	add_library(crypto-objects OBJECT ${CRYPTO_SRC}) | ||||
| 	add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>) | ||||
|   | ||||
| @@ -2,4 +2,4 @@ install(DIRECTORY . | ||||
|         DESTINATION include | ||||
|         PATTERN "CMakeLists.txt" EXCLUDE | ||||
|         PATTERN "compat" EXCLUDE | ||||
|         PATTERN "Makefile.*" EXCLUDE) | ||||
|         PATTERN "Makefile*" EXCLUDE) | ||||
|   | ||||
| @@ -11,5 +11,5 @@ Version: @VERSION@ | ||||
| Requires: | ||||
| Conflicts: | ||||
| Libs: -L${libdir} -lcrypto | ||||
| Libs.private: @LIBS@ | ||||
| Libs.private: @LIBS@ @PLATFORM_LDADD@ | ||||
| Cflags: -I${includedir} | ||||
|   | ||||
| @@ -12,5 +12,5 @@ Requires: | ||||
| Requires.private: libcrypto | ||||
| Conflicts: | ||||
| Libs: -L${libdir} -lssl | ||||
| Libs.private: @LIBS@ -lcrypto | ||||
| Libs.private: @LIBS@ -lcrypto @PLATFORM_LDADD@ | ||||
| Cflags: -I${includedir} | ||||
|   | ||||
| @@ -12,5 +12,5 @@ Requires: | ||||
| Requires.private: libcrypto libssl | ||||
| Conflicts: | ||||
| Libs: -L${libdir} -ltls | ||||
| Libs.private: @LIBS@ -lcrypto -lssl | ||||
| Libs.private: @LIBS@ -lcrypto -lssl @PLATFORM_LDADD@ | ||||
| Cflags: -I${includedir} | ||||
|   | ||||
| @@ -47,52 +47,7 @@ AM_CONDITIONAL([HAVE_B64_NTOP], [test "x$ac_cv_func_b64_ntop_arg" = xyes]) | ||||
| AC_DEFUN([CHECK_CRYPTO_COMPAT], [ | ||||
| # Check crypto-related libc functions and syscalls | ||||
| AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform]) | ||||
| AC_CHECK_FUNCS([explicit_bzero getauxval]) | ||||
|  | ||||
| AC_CACHE_CHECK([for getentropy], ac_cv_func_getentropy, [ | ||||
| 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[ | ||||
| #include <sys/types.h> | ||||
| #include <unistd.h> | ||||
|  | ||||
| /* | ||||
|  * Explanation: | ||||
|  * | ||||
|  *   - iOS <= 10.1 fails because of missing sys/random.h | ||||
|  * | ||||
|  *   - in macOS 10.12 getentropy is not tagged as introduced in | ||||
|  *     10.12 so we cannot use it for target < 10.12 | ||||
|  */ | ||||
| #ifdef __APPLE__ | ||||
| #  include <AvailabilityMacros.h> | ||||
| #  include <TargetConditionals.h> | ||||
|  | ||||
| # if (TARGET_OS_IPHONE || TARGET_OS_SIMULATOR) | ||||
| #  include <sys/random.h> /* Not available as of iOS <= 10.1 */ | ||||
| # else | ||||
|  | ||||
| #  include <sys/random.h> /* Pre 10.12 systems should die here */ | ||||
|  | ||||
| /* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */ | ||||
| #  ifndef MAC_OS_X_VERSION_10_12 | ||||
| #    define MAC_OS_X_VERSION_10_12 101200 /* Robustness */ | ||||
| #  endif | ||||
| #  if defined(MAC_OS_X_VERSION_MIN_REQUIRED) | ||||
| #    if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12 | ||||
| #      error "Targeting on Mac OSX 10.11 or earlier" | ||||
| #    endif | ||||
| #  endif | ||||
|  | ||||
| # endif | ||||
| #endif /* __APPLE__ */ | ||||
| 		]], [[ | ||||
| 	char buffer; | ||||
| 	(void)getentropy(&buffer, sizeof (buffer)); | ||||
| ]])], | ||||
| 	[ ac_cv_func_getentropy="yes" ], | ||||
| 	[ ac_cv_func_getentropy="no" | ||||
| 	]) | ||||
| ]) | ||||
|  | ||||
| AC_CHECK_FUNCS([explicit_bzero getauxval getentropy]) | ||||
| AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp]) | ||||
| AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes]) | ||||
| AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes]) | ||||
|   | ||||
| @@ -17,45 +17,10 @@ case $host_os in | ||||
| 	*darwin*) | ||||
| 		HOST_OS=darwin | ||||
| 		HOST_ABI=macosx | ||||
| 		# | ||||
| 		# Don't use arc4random on systems before 10.12 because of | ||||
| 		# weak seed on failure to open /dev/random, based on latest | ||||
| 		# public source: | ||||
| 		# http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c | ||||
| 		# | ||||
| 		# We use the presence of getentropy() to detect 10.12. The | ||||
| 		# following check take into account that: | ||||
|  		# | ||||
| 		#   - iOS <= 10.1 fails because of missing getentropy and | ||||
| 		#     hence they miss sys/random.h | ||||
| 		# | ||||
| 		#   - in macOS 10.12 getentropy is not tagged as introduced in | ||||
| 		#     10.12 so we cannot use it for target < 10.12 | ||||
| 		# | ||||
| 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ | ||||
| #include <AvailabilityMacros.h> | ||||
| #include <unistd.h> | ||||
| #include <sys/random.h>  /* Systems without getentropy() should die here */ | ||||
|  | ||||
| /* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */ | ||||
| #ifndef MAC_OS_X_VERSION_10_12 | ||||
| #  define MAC_OS_X_VERSION_10_12 101200 | ||||
| #endif | ||||
| #if defined(MAC_OS_X_VERSION_MIN_REQUIRED) | ||||
| #  if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12 | ||||
| #    error "Running on Mac OSX 10.11 or earlier" | ||||
| #  endif | ||||
| #endif | ||||
|                        ]], [[ | ||||
| char buf[1]; getentropy(buf, 1); | ||||
| 					   ]])], | ||||
|                        [ USE_BUILTIN_ARC4RANDOM=no ], | ||||
|                        [ USE_BUILTIN_ARC4RANDOM=yes ] | ||||
| 		) | ||||
| 		AC_MSG_CHECKING([whether to use builtin arc4random]) | ||||
| 		AC_MSG_RESULT([$USE_BUILTIN_ARC4RANDOM]) | ||||
| 		# Not available on iOS | ||||
| 		AC_CHECK_HEADER([arpa/telnet.h], [], [BUILD_NC=no]) | ||||
| 		USE_BUILTIN_ARC4RANDOM=yes | ||||
| 		;; | ||||
| 	*freebsd*) | ||||
| 		HOST_OS=freebsd | ||||
|   | ||||
| @@ -1,17 +1,6 @@ | ||||
| --- apps/nc/netcat.c.orig	Mon Dec 28 08:46:10 2015 | ||||
| +++ apps/nc/netcat.c	Mon Dec 28 08:46:19 2015 | ||||
| @@ -57,6 +57,10 @@ | ||||
|  #include <tls.h> | ||||
|  #include "atomicio.h" | ||||
|   | ||||
| +#ifndef IPV6_TCLASS | ||||
| +#define IPV6_TCLASS -1 | ||||
| +#endif | ||||
| + | ||||
|  #define PORT_MAX	65535 | ||||
|  #define UNIX_DG_TMP_SOCKET_SIZE	19 | ||||
|   | ||||
| @@ -65,7 +69,9 @@ | ||||
| --- apps/nc/netcat.c.orig	Thu Jun 30 19:56:49 2016 | ||||
| +++ apps/nc/netcat.c	Thu Jun 30 19:59:09 2016 | ||||
| @@ -65,7 +65,9 @@ | ||||
|  #define POLL_NETIN 2 | ||||
|  #define POLL_STDOUT 3 | ||||
|  #define BUFSIZE 16384 | ||||
| @@ -21,7 +10,7 @@ | ||||
|   | ||||
|  #define TLS_LEGACY	(1 << 1) | ||||
|  #define TLS_NOVERIFY	(1 << 2) | ||||
| @@ -92,9 +98,13 @@ | ||||
| @@ -92,9 +94,13 @@ | ||||
|  int	Dflag;					/* sodebug */ | ||||
|  int	Iflag;					/* TCP receive buffer size */ | ||||
|  int	Oflag;					/* TCP send buffer size */ | ||||
| @@ -35,7 +24,7 @@ | ||||
|   | ||||
|  int	usetls;					/* use TLS */ | ||||
|  char    *Cflag;					/* Public cert file */ | ||||
| @@ -150,7 +160,7 @@ | ||||
| @@ -152,7 +158,7 @@ | ||||
|  	struct servent *sv; | ||||
|  	socklen_t len; | ||||
|  	struct sockaddr_storage cliaddr; | ||||
| @@ -44,7 +33,7 @@ | ||||
|  	const char *errstr, *proxyhost = "", *proxyport = NULL; | ||||
|  	struct addrinfo proxyhints; | ||||
|  	char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE]; | ||||
| @@ -251,12 +261,14 @@ | ||||
| @@ -262,12 +268,14 @@ | ||||
|  		case 'u': | ||||
|  			uflag = 1; | ||||
|  			break; | ||||
| @@ -59,7 +48,7 @@ | ||||
|  		case 'v': | ||||
|  			vflag = 1; | ||||
|  			break; | ||||
| @@ -289,9 +301,11 @@ | ||||
| @@ -300,9 +308,11 @@ | ||||
|  				errx(1, "TCP send window %s: %s", | ||||
|  				    errstr, optarg); | ||||
|  			break; | ||||
| @@ -71,7 +60,7 @@ | ||||
|  		case 'T': | ||||
|  			errstr = NULL; | ||||
|  			errno = 0; | ||||
| @@ -315,9 +329,11 @@ | ||||
| @@ -326,9 +336,11 @@ | ||||
|  	argc -= optind; | ||||
|  	argv += optind; | ||||
|   | ||||
| @@ -83,7 +72,7 @@ | ||||
|   | ||||
|  	if (family == AF_UNIX) { | ||||
|  		if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) | ||||
| @@ -460,7 +476,10 @@ | ||||
| @@ -480,7 +492,10 @@ | ||||
|  				errx(1, "-H and -T noverify may not be used" | ||||
|  				    "together"); | ||||
|  			tls_config_insecure_noverifycert(tls_cfg); | ||||
| @@ -95,19 +84,19 @@ | ||||
|  	} | ||||
|  	if (lflag) { | ||||
|  		struct tls *tls_cctx = NULL; | ||||
| @@ -807,7 +826,10 @@ | ||||
| @@ -832,7 +847,10 @@ | ||||
|  remote_connect(const char *host, const char *port, struct addrinfo hints) | ||||
|  { | ||||
|  	struct addrinfo *res, *res0; | ||||
| -	int s, error, on = 1; | ||||
| +	int s, error; | ||||
| -	int s, error, on = 1, save_errno; | ||||
| +	int s, error, save_errno; | ||||
| +#ifdef SO_BINDANY | ||||
| +	int on = 1; | ||||
| +#endif | ||||
|   | ||||
|  	if ((error = getaddrinfo(host, port, &hints, &res))) | ||||
|  		errx(1, "getaddrinfo: %s", gai_strerror(error)); | ||||
| @@ -822,8 +844,10 @@ | ||||
| @@ -847,8 +865,10 @@ | ||||
|  		if (sflag || pflag) { | ||||
|  			struct addrinfo ahints, *ares; | ||||
|   | ||||
| @@ -118,19 +107,19 @@ | ||||
|  			memset(&ahints, 0, sizeof(struct addrinfo)); | ||||
|  			ahints.ai_family = res0->ai_family; | ||||
|  			ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; | ||||
| @@ -892,7 +916,10 @@ | ||||
| @@ -919,7 +939,10 @@ | ||||
|  local_listen(char *host, char *port, struct addrinfo hints) | ||||
|  { | ||||
|  	struct addrinfo *res, *res0; | ||||
| -	int s, ret, x = 1; | ||||
| +	int s; | ||||
| -	int s, ret, x = 1, save_errno; | ||||
| +	int s, save_errno; | ||||
| +#ifdef SO_REUSEPORT | ||||
| +	int ret, x = 1; | ||||
| +#endif | ||||
|  	int error; | ||||
|   | ||||
|  	/* Allow nodename to be null. */ | ||||
| @@ -914,9 +941,11 @@ | ||||
| @@ -941,9 +964,11 @@ | ||||
|  		    res0->ai_protocol)) < 0) | ||||
|  			continue; | ||||
|   | ||||
| @@ -142,7 +131,7 @@ | ||||
|   | ||||
|  		set_common_sockopts(s, res0->ai_family); | ||||
|   | ||||
| @@ -1356,11 +1385,13 @@ | ||||
| @@ -1401,11 +1426,13 @@ | ||||
|  { | ||||
|  	int x = 1; | ||||
|   | ||||
| @@ -156,7 +145,26 @@ | ||||
|  	if (Dflag) { | ||||
|  		if (setsockopt(s, SOL_SOCKET, SO_DEBUG, | ||||
|  			&x, sizeof(x)) == -1) | ||||
| @@ -1538,14 +1569,22 @@ | ||||
| @@ -1442,13 +1469,17 @@ | ||||
|  	} | ||||
|   | ||||
|  	if (minttl != -1) { | ||||
| +#ifdef IP_MINTTL | ||||
|  		if (af == AF_INET && setsockopt(s, IPPROTO_IP, | ||||
|  		    IP_MINTTL, &minttl, sizeof(minttl))) | ||||
|  			err(1, "set IP min TTL"); | ||||
| +#endif | ||||
|   | ||||
| -		else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, | ||||
| +#ifdef IPV6_MINHOPCOUNT | ||||
| +		if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, | ||||
|  		    IPV6_MINHOPCOUNT, &minttl, sizeof(minttl))) | ||||
|  			err(1, "set IPv6 min hop count"); | ||||
| +#endif | ||||
|  	} | ||||
|  } | ||||
|   | ||||
| @@ -1605,14 +1636,22 @@ | ||||
|  	\t-P proxyuser\tUsername for proxy authentication\n\ | ||||
|  	\t-p port\t	Specify local port for remote connects\n\ | ||||
|  	\t-R CAfile	CA bundle\n\ | ||||
|   | ||||
| @@ -9,14 +9,11 @@ include_directories( | ||||
| 	../apps/openssl/compat | ||||
| ) | ||||
|  | ||||
| set(ENV{srcdir} ${CMAKE_CURRENT_SOURCE_DIR}) | ||||
|  | ||||
| # aeadtest | ||||
| #add_executable(aeadtest aeadtest.c) | ||||
| #target_link_libraries(aeadtest ${OPENSSL_LIBS}) | ||||
| #add_test(aeadtest aeadtest.sh) | ||||
| #configure_file(aeadtests.txt aeadtests.txt COPYONLY) | ||||
| #configure_file(aeadtest.sh aeadtest.sh COPYONLY) | ||||
| add_executable(aeadtest aeadtest.c) | ||||
| target_link_libraries(aeadtest ${OPENSSL_LIBS}) | ||||
| add_test(aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtest.sh) | ||||
| set_tests_properties(aeadtest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") | ||||
|  | ||||
| # aes_wrap | ||||
| add_executable(aes_wrap aes_wrap.c) | ||||
| @@ -25,7 +22,7 @@ add_test(aes_wrap aes_wrap) | ||||
|  | ||||
| # arc4randomforktest | ||||
| # Windows/mingw does not have fork, but Cygwin does. | ||||
| if(NOT CMAKE_HOST_WIN32) | ||||
| if(NOT CMAKE_HOST_WIN32 AND NOT CMAKE_SYSTEM_NAME MATCHES "MINGW") | ||||
| add_executable(arc4randomforktest arc4randomforktest.c) | ||||
| target_link_libraries(arc4randomforktest ${OPENSSL_LIBS}) | ||||
| add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh) | ||||
| @@ -51,6 +48,14 @@ add_executable(bftest bftest.c) | ||||
| target_link_libraries(bftest ${OPENSSL_LIBS}) | ||||
| add_test(bftest bftest) | ||||
|  | ||||
| # biotest | ||||
| # the BIO tests rely on resolver results that are OS and environment-specific | ||||
| if(ENABLE_EXTRATESTS) | ||||
| 	add_executable(biotest biotest.c) | ||||
| 	target_link_libraries(biotest ${OPENSSL_LIBS}) | ||||
| 	add_test(biotest biotest) | ||||
| endif() | ||||
|  | ||||
| # bntest | ||||
| add_executable(bntest bntest.c) | ||||
| target_link_libraries(bntest ${OPENSSL_LIBS}) | ||||
| @@ -127,19 +132,21 @@ target_link_libraries(enginetest ${OPENSSL_LIBS}) | ||||
| add_test(enginetest enginetest) | ||||
|  | ||||
| # evptest | ||||
| #add_executable(evptest evptest.c) | ||||
| #target_link_libraries(evptest ${OPENSSL_LIBS}) | ||||
| #add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh) | ||||
| add_executable(evptest evptest.c) | ||||
| target_link_libraries(evptest ${OPENSSL_LIBS}) | ||||
| add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh) | ||||
| set_tests_properties(evptest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") | ||||
|  | ||||
| # explicit_bzero | ||||
| # explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows | ||||
| if(NOT CMAKE_HOST_WIN32) | ||||
| add_executable(explicit_bzero explicit_bzero.c) | ||||
| if(HAVE_MEMMEM) | ||||
| 	add_executable(explicit_bzero explicit_bzero.c) | ||||
| else() | ||||
| 	add_executable(explicit_bzero explicit_bzero.c memmem.c) | ||||
| endif() | ||||
| target_link_libraries(explicit_bzero ${OPENSSL_LIBS}) | ||||
| add_test(explicit_bzero explicit_bzero) | ||||
| #if !HAVE_MEMMEM | ||||
| #explicit_bzero_SOURCES += memmem.c | ||||
| #endif | ||||
| endif() | ||||
|  | ||||
| # exptest | ||||
| @@ -187,6 +194,19 @@ add_executable(mont mont.c) | ||||
| target_link_libraries(mont ${OPENSSL_LIBS}) | ||||
| add_test(mont mont) | ||||
|  | ||||
| # ocsp_test | ||||
| if(ENABLE_EXTRATESTS) | ||||
| 	if(NOT "${OPENSSLDIR}" STREQUAL "") | ||||
| 		add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\") | ||||
| 	else() | ||||
| 		add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\") | ||||
| 	endif() | ||||
| 	add_executable(ocsp_test ocsp_test.c) | ||||
| 	target_link_libraries(ocsp_test ${OPENSSL_LIBS}) | ||||
| 	add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh) | ||||
| 	set_tests_properties(ocsptest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") | ||||
| endif() | ||||
|  | ||||
| # optionstest | ||||
| add_executable(optionstest optionstest.c) | ||||
| target_link_libraries(optionstest ${OPENSSL_LIBS}) | ||||
| @@ -197,6 +217,15 @@ add_executable(pbkdf2 pbkdf2.c) | ||||
| target_link_libraries(pbkdf2 ${OPENSSL_LIBS}) | ||||
| add_test(pbkdf2 pbkdf2) | ||||
|  | ||||
| # pidwraptest | ||||
| # pidwraptest relies on an OS-specific way to give out pids and is generally | ||||
| # awkward on systems with slow fork | ||||
| if(ENABLE_EXTRATESTS) | ||||
| 	add_executable(pidwraptest pidwraptest.c) | ||||
| 	target_link_libraries(pidwraptest ${OPENSSL_LIBS}) | ||||
| 	add_test(pidwraptest ${CMAKE_CURRENT_SOURCE_DIR}/pidwraptest.sh) | ||||
| endif() | ||||
|  | ||||
| # pkcs7test | ||||
| add_executable(pkcs7test pkcs7test.c) | ||||
| target_link_libraries(pkcs7test ${OPENSSL_LIBS}) | ||||
| @@ -208,9 +237,10 @@ target_link_libraries(poly1305test ${OPENSSL_LIBS}) | ||||
| add_test(poly1305test poly1305test) | ||||
|  | ||||
| # pq_test | ||||
| #add_executable(pq_test pq_test.c) | ||||
| #target_link_libraries(pq_test ${OPENSSL_LIBS}) | ||||
| #add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh) | ||||
| add_executable(pq_test pq_test.c) | ||||
| target_link_libraries(pq_test ${OPENSSL_LIBS}) | ||||
| add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh) | ||||
| set_tests_properties(pq_test PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") | ||||
|  | ||||
| # randtest | ||||
| add_executable(randtest randtest.c) | ||||
| @@ -230,7 +260,11 @@ add_test(rc4test rc4test) | ||||
| # rfc5280time | ||||
| add_executable(rfc5280time rfc5280time.c) | ||||
| target_link_libraries(rfc5280time ${OPENSSL_LIBS}) | ||||
| add_test(rfc5280time rfc5280time) | ||||
| if(SMALL_TIME_T) | ||||
| 	add_test(rfc5280time ${CMAKE_CURRENT_SOURCE_DIR}/rfc5280time_small.test) | ||||
| else() | ||||
| 	add_test(rfc5280time rfc5280time) | ||||
| endif() | ||||
|  | ||||
| # rmdtest | ||||
| add_executable(rmdtest rmdtest.c) | ||||
| @@ -253,18 +287,22 @@ target_link_libraries(sha512test ${OPENSSL_LIBS}) | ||||
| add_test(sha512test sha512test) | ||||
|  | ||||
| # ssltest | ||||
| #add_executable(ssltest ssltest.c) | ||||
| #target_link_libraries(ssltest ${OPENSSL_LIBS}) | ||||
| #add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh) | ||||
| add_executable(ssltest ssltest.c) | ||||
| target_link_libraries(ssltest ${OPENSSL_LIBS}) | ||||
| add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh) | ||||
| set_tests_properties(ssltest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") | ||||
|  | ||||
| # testdsa | ||||
| #add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh) | ||||
| add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh) | ||||
| set_tests_properties(testdsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") | ||||
|  | ||||
| # testenc | ||||
| add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh) | ||||
| set_tests_properties(testenc PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") | ||||
|  | ||||
| # testrsa | ||||
| #add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh) | ||||
| add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh) | ||||
| set_tests_properties(testrsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}") | ||||
|  | ||||
| # timingsafe | ||||
| add_executable(timingsafe timingsafe.c) | ||||
|   | ||||
| @@ -208,6 +208,14 @@ TESTS += mont | ||||
| check_PROGRAMS += mont | ||||
| mont_SOURCES = mont.c | ||||
|  | ||||
| # ocsp_test | ||||
| if ENABLE_EXTRATESTS | ||||
| TESTS += ocsptest.sh | ||||
| check_PROGRAMS += ocsp_test | ||||
| ocsp_test_SOURCES = ocsp_test.c | ||||
| endif | ||||
| EXTRA_DIST += ocsptest.sh | ||||
|  | ||||
| # optionstest | ||||
| TESTS += optionstest | ||||
| check_PROGRAMS += optionstest | ||||
|   | ||||
							
								
								
									
										8
									
								
								tests/ocsptest.sh
									
									
									
									
									
										Executable file
									
								
							
							
						
						
									
										8
									
								
								tests/ocsptest.sh
									
									
									
									
									
										Executable file
									
								
							| @@ -0,0 +1,8 @@ | ||||
| #!/bin/sh | ||||
| set -e | ||||
| TEST=./ocsp_test | ||||
| if [ -e ./ocsp_test.exe ]; then | ||||
| 	TEST=./ocsp_test.exe | ||||
| fi | ||||
| $TEST www.amazon.com 443 | ||||
| $TEST cloudflare.com 443 | ||||
| @@ -6,9 +6,16 @@ if [ -e ./ssltest.exe ]; then | ||||
| 	ssltest_bin=./ssltest.exe | ||||
| fi | ||||
|  | ||||
| openssl_bin=../apps/openssl/openssl | ||||
| if [ -e ../apps/openssl/openssl.exe ]; then | ||||
| 	openssl_bin=../apps/openssl/openssl.exe | ||||
| if [ -d ../apps/openssl ]; then | ||||
| 	openssl_bin=../apps/openssl/openssl | ||||
| 	if [ -e ../apps/openssl/openssl.exe ]; then | ||||
| 		openssl_bin=../apps/openssl/openssl.exe | ||||
| 	fi | ||||
| else | ||||
| 	openssl_bin=../apps/openssl | ||||
| 	if [ -e ../apps/openssl.exe ]; then | ||||
| 		openssl_bin=../apps/openssl.exe | ||||
| 	fi | ||||
| fi | ||||
|  | ||||
| if [ -z $srcdir ]; then | ||||
|   | ||||
| @@ -4,9 +4,16 @@ | ||||
|  | ||||
| #Test DSA certificate generation of openssl | ||||
|  | ||||
| cmd=../apps/openssl/openssl | ||||
| if [ -e ../apps/openssl/openssl.exe ]; then | ||||
| 	cmd=../apps/openssl/openssl.exe | ||||
| if [ -d ../apps/openssl ]; then | ||||
| 	cmd=../apps/openssl/openssl | ||||
| 	if [ -e ../apps/openssl/openssl.exe ]; then | ||||
| 		cmd=../apps/openssl/openssl.exe | ||||
| 	fi | ||||
| else | ||||
| 	cmd=../apps/openssl | ||||
| 	if [ -e ../apps/openssl.exe ]; then | ||||
| 		cmd=../apps/openssl.exe | ||||
| 	fi | ||||
| fi | ||||
|  | ||||
| if [ -z $srcdir ]; then | ||||
|   | ||||
| @@ -2,12 +2,23 @@ | ||||
| #	$OpenBSD: testenc.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $ | ||||
|  | ||||
| test=p | ||||
| cmd=../apps/openssl/openssl | ||||
| if [ -e ../apps/openssl/openssl.exe ]; then | ||||
| 	cmd=../apps/openssl/openssl.exe | ||||
| if [ -d ../apps/openssl ]; then | ||||
| 	cmd=../apps/openssl/openssl | ||||
| 	if [ -e ../apps/openssl/openssl.exe ]; then | ||||
| 		cmd=../apps/openssl/openssl.exe | ||||
| 	fi | ||||
| else | ||||
| 	cmd=../apps/openssl | ||||
| 	if [ -e ../apps/openssl.exe ]; then | ||||
| 		cmd=../apps/openssl.exe | ||||
| 	fi | ||||
| fi | ||||
|  | ||||
| cat openssl.cnf >$test; | ||||
| if [ -z $srcdir ]; then | ||||
| 	srcdir=. | ||||
| fi | ||||
|  | ||||
| cat $srcdir/openssl.cnf >$test; | ||||
|  | ||||
| echo cat | ||||
| $cmd enc < $test > $test.cipher | ||||
|   | ||||
| @@ -4,9 +4,16 @@ | ||||
|  | ||||
| #Test RSA certificate generation of openssl | ||||
|  | ||||
| cmd=../apps/openssl/openssl | ||||
| if [ -e ../apps/openssl/openssl.exe ]; then | ||||
| 	cmd=../apps/openssl/openssl.exe | ||||
| if [ -d ../apps/openssl ]; then | ||||
| 	cmd=../apps/openssl/openssl | ||||
| 	if [ -e ../apps/openssl/openssl.exe ]; then | ||||
| 		cmd=../apps/openssl/openssl.exe | ||||
| 	fi | ||||
| else | ||||
| 	cmd=../apps/openssl | ||||
| 	if [ -e ../apps/openssl.exe ]; then | ||||
| 		cmd=../apps/openssl.exe | ||||
| 	fi | ||||
| fi | ||||
|  | ||||
| if [ -z $srcdir ]; then | ||||
|   | ||||
| @@ -17,10 +17,16 @@ set( | ||||
| ) | ||||
|  | ||||
|  | ||||
| if(NOT HAVE_STRCASECMP) | ||||
| if(NOT HAVE_STRSEP) | ||||
| 	set(TLS_SRC ${TLS_SRC} strsep.c) | ||||
| endif() | ||||
|  | ||||
| if(NOT "${OPENSSLDIR}" STREQUAL "") | ||||
| 	add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\") | ||||
| else() | ||||
| 	add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\") | ||||
| endif() | ||||
|  | ||||
| if (BUILD_SHARED) | ||||
| 	add_library(tls-objects OBJECT ${TLS_SRC}) | ||||
| 	add_library(tls STATIC $<TARGET_OBJECTS:tls-objects>) | ||||
|   | ||||
		Reference in New Issue
	
	Block a user