Land #376, adjust MSVC warnings

Merge remote-tracking branch 'upstream/pr/374'

.gitignore

@@ -53,6 +53,7 @@ test-driver
 *.trs
 tests/aes_wrap*
 tests/arc4random_fork*
+tests/asn1evp*
 tests/asn1time*
 tests/cipher*
 tests/explicit_bzero*

ChangeLog

@@ -28,6 +28,17 @@ history is also available from Git.
 
 LibreSSL Portable Release Notes:
 
+2.7.0 - Bug fixes and improvements
+
+	* Merged more DTLS support into the regular TLS code path, removing
+	  duplicated code.
+
+	* Converted ssl3_send_client_hello(), ssl3_send_server_hello() to CBB.
+
+	* Rewrite ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
+	  This removes the last remaining use of the old M_ASN1_* macros
+	  (asn1_mac.h) from API that needs to continue to exist.
+
 2.6.4 - Bug fixes
 
 	* Make tls_config_parse_protocols() work correctly when passed a NULL

OPENBSD_BRANCH

@@ -1 +1 @@
-OPENBSD_6_2
+master

apps/openssl/apps_win.c

@@ -13,7 +13,7 @@
 #include "apps.h"
 
 double
-app_tminterval(int stop, int usertime)
+app_timer_user(int stop)
 {
 	static unsigned __int64 tmstart;
 	union {
@@ -22,13 +22,11 @@ app_tminterval(int stop, int usertime)
 	} ct, et, kt, ut;
 
 	GetProcessTimes(GetCurrentProcess(), &ct.ft, &et.ft, &kt.ft, &ut.ft);
-
-	if (stop == TM_START) {
-		tmstart = ut.u64 + kt.u64;
-	} else {
+	if (stop)
 		return (ut.u64 + kt.u64 - tmstart) / (double) 10000000;
-	}
-	return 0;
+
+	tmstart = ut.u64 + kt.u64;
+	return 0.0;
 }
 
 int

include/compat/sys/time.h

@@ -13,4 +13,20 @@ int gettimeofday(struct timeval *tp, void *tzp);
 #include_next <sys/time.h>
 #endif
 
+#ifndef CLOCK_MONOTONIC
+#define CLOCK_MONOTONIC CLOCK_REALTIME
+#endif
+
+#ifndef timersub
+#define timersub(tvp, uvp, vvp)                                         \
+	do {                                                            \
+		(vvp)->tv_sec = (tvp)->tv_sec - (uvp)->tv_sec;          \
+		(vvp)->tv_usec = (tvp)->tv_usec - (uvp)->tv_usec;       \
+		if ((vvp)->tv_usec < 0) {                               \
+			(vvp)->tv_sec--;                                \
+			(vvp)->tv_usec += 1000000;                      \
+		}                                                       \
+	} while (0)
+#endif
+
 #endif

include/compat/time.h

@@ -21,3 +21,15 @@ struct tm *__gmtime_r(const time_t * t, struct tm * tm);
 #ifndef HAVE_TIMEGM
 time_t timegm(struct tm *tm);
 #endif
+
+#ifndef timespecsub
+#define timespecsub(tsp, usp, vsp)                                      \
+        do {                                                            \
+                (vsp)->tv_sec = (tsp)->tv_sec - (usp)->tv_sec;          \
+                (vsp)->tv_nsec = (tsp)->tv_nsec - (usp)->tv_nsec;       \
+                if ((vsp)->tv_nsec < 0) {                               \
+                        (vsp)->tv_sec--;                                \
+                        (vsp)->tv_nsec += 1000000000L;                  \
+                }                                                       \
+        } while (0)
+#endif

man/links

@@ -2052,6 +2052,7 @@ tls_config_verify.3,tls_config_insecure_noverifytime.3
 tls_conn_version.3,tls_conn_alpn_selected.3
 tls_conn_version.3,tls_conn_cipher.3
 tls_conn_version.3,tls_conn_servername.3
+tls_conn_version.3,tls_peer_cert_chain_pem.3
 tls_conn_version.3,tls_peer_cert_contains_name.3
 tls_conn_version.3,tls_peer_cert_hash.3
 tls_conn_version.3,tls_peer_cert_issuer.3

patches/tlsexttest.c.patch

@@ -1,6 +1,6 @@
---- tests/tlsexttest.c.orig	Sun Sep  3 00:44:51 2017
-+++ tests/tlsexttest.c	Sun Sep  3 00:47:06 2017
-@@ -1676,7 +1676,9 @@ static unsigned char tlsext_sni_clienthello[] = {
+--- tests/tlsexttest.c.orig	2017-12-30 20:03:09.279079726 +0900
++++ tests/tlsexttest.c	2017-12-30 20:07:21.849939140 +0900
+@@ -1676,7 +1676,9 @@ static unsigned char tlsext_sni_clienthe
  };
  
  static unsigned char tlsext_sni_serverhello[] = {
@@ -39,3 +39,73 @@
  	if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) {
  		FAIL("failed to parse serverhello SNI\n");
  		goto err;
+@@ -2741,7 +2743,10 @@ unsigned char tlsext_clienthello_default
+ 	0x03, 0x01, 0x03, 0x03, 0x02, 0x01, 0x02, 0x03,
+ };
+ 
+-unsigned char tlsext_clienthello_disabled[] = {};
++unsigned char tlsext_clienthello_disabled[] = {
++	0x00
++};
++const size_t sizeof_tlsext_clienthello_disabled = 0;
+ 
+ static int
+ test_tlsext_clienthello_build(void)
+@@ -2806,18 +2811,18 @@ test_tlsext_clienthello_build(void)
+ 	if (!CBB_finish(&cbb, &data, &dlen))
+ 		errx(1, "failed to finish CBB");
+ 
+-	if (dlen != sizeof(tlsext_clienthello_disabled)) {
++	if (dlen != sizeof_tlsext_clienthello_disabled) {
+ 		FAIL("got clienthello extensions with length %zu, "
+ 		    "want length %zu\n", dlen,
+-		    sizeof(tlsext_clienthello_disabled));
++		    sizeof_tlsext_clienthello_disabled);
+ 		compare_data(data, dlen, tlsext_clienthello_disabled,
+-		    sizeof(tlsext_clienthello_disabled));
++		    sizeof_tlsext_clienthello_disabled);
+ 		goto err;
+ 	}
+ 	if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
+ 		FAIL("clienthello extensions differs:\n");
+ 		compare_data(data, dlen, tlsext_clienthello_disabled,
+-		    sizeof(tlsext_clienthello_disabled));
++		    sizeof_tlsext_clienthello_disabled);
+ 		goto err;
+ 	}
+ 
+@@ -2832,7 +2837,10 @@ test_tlsext_clienthello_build(void)
+ 	return (failure);
+ }
+ 
+-unsigned char tlsext_serverhello_default[] = {};
++unsigned char tlsext_serverhello_default[] = {
++	0x00
++};
++const size_t sizeof_tlsext_serverhello_default = 0;
+ 
+ unsigned char tlsext_serverhello_enabled[] = {
+ 	0x00, 0x13, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
+@@ -2872,18 +2880,18 @@ test_tlsext_serverhello_build(void)
+ 	if (!CBB_finish(&cbb, &data, &dlen))
+ 		errx(1, "failed to finish CBB");
+ 
+-	if (dlen != sizeof(tlsext_serverhello_default)) {
++	if (dlen != sizeof_tlsext_serverhello_default) {
+ 		FAIL("got serverhello extensions with length %zu, "
+ 		    "want length %zu\n", dlen,
+-		    sizeof(tlsext_serverhello_default));
++		    sizeof_tlsext_serverhello_default);
+ 		compare_data(data, dlen, tlsext_serverhello_default,
+-		    sizeof(tlsext_serverhello_default));
++		    sizeof_tlsext_serverhello_default);
+ 		goto err;
+ 	}
+ 	if (memcmp(data, tlsext_serverhello_default, dlen) != 0) {
+ 		FAIL("serverhello extensions differs:\n");
+ 		compare_data(data, dlen, tlsext_serverhello_default,
+-		    sizeof(tlsext_serverhello_default));
++		    sizeof_tlsext_serverhello_default);
+ 		goto err;
+ 	}
+ 

tests/CMakeLists.txt

@@ -41,6 +41,11 @@ if(NOT CMAKE_HOST_WIN32 AND NOT CMAKE_SYSTEM_NAME MATCHES "MINGW")
 	add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh)
 endif()
 
+# asn1evp
+add_executable(asn1evp asn1evp.c)
+target_link_libraries(asn1evp ${TESTS_LIBS})
+add_test(asn1evp asn1evp)
+
 # asn1test
 add_executable(asn1test asn1test.c)
 target_link_libraries(asn1test ${TESTS_LIBS})
@@ -105,6 +110,11 @@ add_executable(clienttest clienttest.c)
 target_link_libraries(clienttest ${TESTS_LIBS})
 add_test(clienttest clienttest)
 
+# configtest
+add_executable(configtest configtest.c)
+target_link_libraries(configtest ${TESTS_LIBS})
+add_test(configtest configtest)
+
 # cts128test
 add_executable(cts128test cts128test.c)
 target_link_libraries(cts128test ${TESTS_LIBS})

tests/Makefile.am

@@ -43,6 +43,11 @@ arc4randomforktest_SOURCES = arc4randomforktest.c
 endif
 EXTRA_DIST += arc4randomforktest.sh
 
+# asn1evp
+TESTS += asn1evp
+check_PROGRAMS += asn1evp
+asn1evp_SOURCES = asn1evp.c
+
 # asn1test
 TESTS += asn1test
 check_PROGRAMS += asn1test
@@ -108,6 +113,11 @@ TESTS += clienttest
 check_PROGRAMS += clienttest
 clienttest_SOURCES = clienttest.c
 
+# configtest
+TESTS += configtest
+check_PROGRAMS += configtest
+configtest_SOURCES = configtest.c
+
 # cts128test
 TESTS += cts128test
 check_PROGRAMS += cts128test