Compare commits
16 Commits
main
...
OPENBSD_6_
Author | SHA1 | Date | |
---|---|---|---|
|
9a1e5a561c | ||
|
79f5ca9b69 | ||
|
de9ea11a07 | ||
|
3cf0bc1226 | ||
|
f3e7ad5b06 | ||
|
da995141dc | ||
|
9834f621fa | ||
|
b09eba6ae2 | ||
|
c402f3877d | ||
|
6a1cc14967 | ||
|
fe69b6b418 | ||
|
df4451aeec | ||
|
58e4acdb19 | ||
|
b2a6ff75b7 | ||
|
3eed3a4198 | ||
|
43b4792df5 |
4
.gitignore
vendored
4
.gitignore
vendored
@ -45,7 +45,6 @@ Makefile.in
|
||||
# man pages
|
||||
*.1
|
||||
*.3
|
||||
*.5
|
||||
|
||||
# tests
|
||||
test-driver
|
||||
@ -53,11 +52,9 @@ test-driver
|
||||
*.trs
|
||||
tests/aes_wrap*
|
||||
tests/arc4random_fork*
|
||||
tests/asn1evp*
|
||||
tests/asn1time*
|
||||
tests/cipher*
|
||||
tests/explicit_bzero*
|
||||
tests/freenull*
|
||||
tests/gost2814789t*
|
||||
tests/mont*
|
||||
tests/rfc5280time*
|
||||
@ -146,7 +143,6 @@ include/openssl/*.h
|
||||
!/crypto/compat/arc4random.h
|
||||
!/crypto/compat/b_win.c
|
||||
!/crypto/compat/explicit_bzero_win.c
|
||||
!/crypto/compat/freezero.c
|
||||
!/crypto/compat/getpagesize.c
|
||||
!/crypto/compat/posix_win.c
|
||||
!/crypto/compat/bsd_asprintf.c
|
||||
|
@ -27,18 +27,12 @@ string(STRIP ${TLS_VERSION} TLS_VERSION)
|
||||
string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION})
|
||||
string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})
|
||||
|
||||
option(LIBRESSL_SKIP_INSTALL "Skip installation" ${LIBRESSL_SKIP_INSTALL})
|
||||
option(ENABLE_ASM "Enable assembly" ON)
|
||||
option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
|
||||
option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
|
||||
option(ENABLE_VSTEST "Enable test on Visual Studio" OFF)
|
||||
set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)
|
||||
|
||||
if(NOT LIBRESSL_SKIP_INSTALL)
|
||||
set( ENABLE_LIBRESSL_INSTALL ON )
|
||||
endif(NOT LIBRESSL_SKIP_INSTALL)
|
||||
|
||||
|
||||
set(BUILD_NC true)
|
||||
|
||||
if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
|
||||
@ -107,23 +101,20 @@ if(MSVC)
|
||||
message(STATUS "Using [${CMAKE_C_COMPILER_ID}] compiler")
|
||||
if(CMAKE_C_COMPILER_ID MATCHES "MSVC")
|
||||
set(MSVC_DISABLED_WARNINGS_LIST
|
||||
"C4018" # 'expression' : signed/unsigned mismatch
|
||||
"C4057" # 'operator' : 'identifier1' indirection to
|
||||
# slightly different base types from 'identifier2'
|
||||
"C4100" # 'identifier' : unreferenced formal parameter
|
||||
"C4057" # C4057: 'initializing' : 'unsigned char *' differs in
|
||||
# indirection to slightly different base types from 'char [2]'
|
||||
"C4100" # 'exarg' : unreferenced formal parameter
|
||||
"C4127" # conditional expression is constant
|
||||
"C4146" # unary minus operator applied to unsigned type,
|
||||
# result still unsigned
|
||||
"C4244" # 'argument' : conversion from 'type1' to 'type2',
|
||||
"C4242" # 'function' : conversion from 'int' to 'uint8_t',
|
||||
# possible loss of data
|
||||
"C4245" # 'conversion' : conversion from 'type1' to 'type2',
|
||||
# signed/unsigned mismatch
|
||||
"C4267" # 'var' : conversion from 'size_t' to 'type',
|
||||
"C4244" # 'function' : conversion from 'int' to 'uint8_t',
|
||||
# possible loss of data
|
||||
"C4389" # 'operator' : signed/unsigned mismatch
|
||||
"C4267" # conversion from 'size_t' to 'some type that is almost
|
||||
# certainly safe to convert a size_t to'.
|
||||
"C4706" # assignment within conditional expression
|
||||
"C4996" # The POSIX name for this item is deprecated.
|
||||
# Instead, use the ISO C and C++ conformant name
|
||||
"C4820" # 'bytes' bytes padding added after construct 'member_name'
|
||||
"C4996" # 'read': The POSIX name for this item is deprecated. Instead,
|
||||
# use the ISO C++ conformant name: _read.
|
||||
)
|
||||
elseif(CMAKE_C_COMPILER_ID MATCHES "Intel")
|
||||
add_definitions(-D_CRT_SUPPRESS_RESTRICT)
|
||||
@ -303,7 +294,6 @@ endif()
|
||||
check_type_size(time_t SIZEOF_TIME_T)
|
||||
if(SIZEOF_TIME_T STREQUAL "4")
|
||||
set(SMALL_TIME_T true)
|
||||
add_definitions(-DSMALL_TIME_T)
|
||||
message(WARNING " ** Warning, this system is unable to represent times past 2038\n"
|
||||
" ** It will behave incorrectly when handling valid RFC5280 dates")
|
||||
endif()
|
||||
@ -321,23 +311,6 @@ if(NOT MSVC OR ENABLE_VSTEST)
|
||||
add_subdirectory(tests)
|
||||
endif()
|
||||
|
||||
if(NOT MSVC)
|
||||
# Create pkgconfig files.
|
||||
set(prefix ${CMAKE_INSTALL_PREFIX})
|
||||
set(exec_prefix \${prefix})
|
||||
set(libdir \${exec_prefix}/${CMAKE_INSTALL_LIBDIR})
|
||||
set(includedir \${prefix}/include)
|
||||
file(STRINGS "VERSION" VERSION LIMIT_COUNT 1)
|
||||
file(GLOB OPENSSL_PKGCONFIGS "*.pc.in")
|
||||
foreach(file ${OPENSSL_PKGCONFIGS})
|
||||
get_filename_component(filename ${file} NAME)
|
||||
string(REPLACE ".in" "" new_file "${filename}")
|
||||
configure_file(${filename} pkgconfig/${new_file} @ONLY)
|
||||
endforeach()
|
||||
install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/pkgconfig
|
||||
DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
endif()
|
||||
|
||||
configure_file(
|
||||
"${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
|
||||
"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
|
||||
|
164
ChangeLog
164
ChangeLog
@ -28,170 +28,6 @@ history is also available from Git.
|
||||
|
||||
LibreSSL Portable Release Notes:
|
||||
|
||||
2.7.0 - Bug fixes and improvements
|
||||
|
||||
* Merged more DTLS support into the regular TLS code path, removing
|
||||
duplicated code.
|
||||
|
||||
* Converted ssl3_send_client_hello(), ssl3_send_server_hello() to CBB.
|
||||
|
||||
* Rewrite ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
|
||||
This removes the last remaining use of the old M_ASN1_* macros
|
||||
(asn1_mac.h) from API that needs to continue to exist.
|
||||
|
||||
2.6.4 - Bug fixes
|
||||
|
||||
* Make tls_config_parse_protocols() work correctly when passed a NULL
|
||||
pointer for a protocol string. Issue found by semarie@, who also
|
||||
provided the diff.
|
||||
|
||||
* Correct TLS extensions handling when no extensions are present.
|
||||
If no TLS extensions are present in a client hello or server hello,
|
||||
omit the entire extensions block, rather than including it with a
|
||||
length of zero. Thanks to Eric Elena <eric at voguemerry dot com> for
|
||||
providing packet captures and testing the fix.
|
||||
|
||||
* Fixed portable builds on older Android systems, and systems with out
|
||||
IPV6_TCLASS support.
|
||||
|
||||
2.6.3 - OpenBSD 6.2 Release
|
||||
|
||||
* No core changes from LibreSSL 2.6.2
|
||||
|
||||
* Minor compatibility fixes in portable version.
|
||||
|
||||
2.6.2 - Bug fixes
|
||||
|
||||
* Provide a useful error with libtls if there are no OCSP URLs in a
|
||||
peer certificate.
|
||||
|
||||
* Keep track of which keypair is in use by a TLS context, fixing a bug
|
||||
where a TLS server with SNI would only return the OCSP staple for the
|
||||
default keypair. Issue reported by William Graeber and confirmed by
|
||||
Andreas Bartelt.
|
||||
|
||||
* Fixed various issues in the OCSP extension parsing code.
|
||||
The original code incorrectly passes the pointer allocated via
|
||||
CBS_stow() (using malloc()) to a d2i_*() function and then calls
|
||||
free() on the now incremented pointer, most likely resulting in a
|
||||
crash. This issue was reported by Robert Swiecki who found the issue
|
||||
using honggfuzz.
|
||||
|
||||
* If tls_config_parse_protocols() is called with a NULL pointer,
|
||||
return the default protocols instead of crashing - this makes the
|
||||
behaviour more useful and mirrors what we already do in
|
||||
tls_config_set_ciphers() et al.
|
||||
|
||||
2.6.1 - Code removal, rewrites
|
||||
|
||||
* Added a "-T tlscompat" option to nc(1), which enables the use of all
|
||||
TLS protocols and "compat" ciphers. This allows for TLS connections
|
||||
to TLS servers that are using less than ideal cipher suites, without
|
||||
having to resort to "-T tlsall" which enables all known cipher
|
||||
suites. Diff from Kyle J. McKay.
|
||||
|
||||
* Added a new TLS extension handling framework, somewhat analogous to
|
||||
BoringSSL, and converted all TLS extensions to use it. Added new TLS
|
||||
extension regression tests.
|
||||
|
||||
* Improved and added many new manpages. Updated *check_private_key
|
||||
manpages with additional cautions regarding their use.
|
||||
|
||||
* Cleaned up the EC key/curve configuration handling.
|
||||
|
||||
* Added tls_config_set_ecdhecurves() to libtls, which allows the names
|
||||
of the eliptical curves that may be used during client and server
|
||||
key exchange to be specified.
|
||||
|
||||
* Converted more code paths to use CBB/CBS.
|
||||
|
||||
* Removed support for DSS/DSA, since we removed the cipher suites a
|
||||
while back.
|
||||
|
||||
* Removed NPN support. NPN was never standardised and the last draft
|
||||
expired in October 2012. ALPN was standardised in July 2014 and has
|
||||
been supported in LibreSSL since December 2014. NPN has also been
|
||||
removed from Chromium in May 2016.
|
||||
|
||||
* Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
|
||||
CryptoPro clients.
|
||||
|
||||
* Removed support for the TLS padding extension, which was added as a
|
||||
workaround for an old bug in F5's TLS termination.
|
||||
|
||||
* Worked around another bug in F5's TLS termination handling of the
|
||||
elliptical curves extension. RFC 4492 only defines elliptic_curves
|
||||
for ClientHello. However, F5 is sending it in ServerHello. We need
|
||||
to skip over it since our TLS extension parsing code is now more
|
||||
strict. Thanks to Armin Wolfermann and WJ Liu for reporting.
|
||||
|
||||
* Added ability to clamp notafter valies in certificates for systems
|
||||
with 32-bit time_t. This is necessary to conform to RFC 5280
|
||||
4.1.2.5.
|
||||
|
||||
* Implemented the SSL_CTX_set_min_proto_version(3) API.
|
||||
|
||||
* Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
|
||||
|
||||
* Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
|
||||
|
||||
2.6.0 - New APIs, bug fixes and improvements
|
||||
|
||||
* Added support for providing CRLs to libtls. Once a CRL is provided we
|
||||
enable CRL checking for the full certificate chain. Based on a diff
|
||||
from Jack Burton
|
||||
|
||||
* Allow non-compliant clients using IP literal addresses with SNI
|
||||
to connect to a server using libtls.
|
||||
|
||||
* Avoid a potential NULL pointer dereference in d2i_ECPrivateKey().
|
||||
Reported by Robert Swiecki, who found the issue using honggfuzz.
|
||||
|
||||
* Added definitions for three OIDs used in EV certificates.
|
||||
From Kyle J. McKay
|
||||
|
||||
* Added tls_peer_cert_chain_pem to libtls, useful in private
|
||||
certificate validation callbacks such as those in relayd.
|
||||
|
||||
* Converted explicit clear/free sequences to use freezero(3).
|
||||
|
||||
* Reworked TLS certificate name verification code to more strictly
|
||||
follow RFC 6125.
|
||||
|
||||
* Cleaned up and simplified server key exchange EC point handling.
|
||||
|
||||
* Added tls_keypair_clear_key for clearing key material.
|
||||
|
||||
* Removed inconsistent IPv6 handling from BIO_get_accept_socket,
|
||||
simplified BIO_get_host_ip and BIO_accept.
|
||||
|
||||
* Fixed the openssl(1) ca command so that is generates certificates
|
||||
with RFC 5280-conformant time. Problem noticed by Harald Dunkel.
|
||||
|
||||
* Added ASN1_TIME_set_tm to set an asn1 from a struct tm *
|
||||
|
||||
* Added SSL{,_CTX}_set_{min,max}_proto_version() functions.
|
||||
|
||||
* Added HKDF (HMAC Key Derivation Function) from BoringSSL
|
||||
|
||||
* Provided a tls_unload_file() function that frees the memory returned
|
||||
from a tls_load_file() call, ensuring that it the contents become
|
||||
inaccessible. This is specifically needed on platforms where the
|
||||
library allocators may be different from the application allocator.
|
||||
|
||||
* Perform reference counting for tls_config. This allows
|
||||
tls_config_free() to be called as soon as it has been passed to the
|
||||
final tls_configure() call, simplifying lifetime tracking for the
|
||||
application.
|
||||
|
||||
* Moved internal state of SSL and other structures to be opaque.
|
||||
|
||||
* Dropped cipher suites with DSS authentication.
|
||||
|
||||
* nc(1) improvements, including:
|
||||
nc -W to terminate nc after receiving a number of packets
|
||||
nc -Z for saving the peer certificate and chain in a pem file
|
||||
|
||||
2.5.5 - Bug fixes
|
||||
|
||||
* Distinguish between self-issued certificates and self-signed
|
||||
|
@ -1 +1 @@
|
||||
master
|
||||
OPENBSD_6_1
|
||||
|
42
README.md
42
README.md
@ -56,25 +56,20 @@ or to the github
|
||||
Severe vulnerabilities or bugs requiring coordination with OpenSSL can be
|
||||
sent to the core team at libressl-security@openbsd.org.
|
||||
|
||||
# Building LibreSSL #
|
||||
## Prerequisites when building from git ##
|
||||
|
||||
## Prerequisites when building from a Git checkout ##
|
||||
|
||||
If you have checked this source using Git, or have downloaded a source tarball
|
||||
from Github, follow these initial steps to prepare the source tree for
|
||||
building. _Note: Your build will fail if you do not follow these instructions! If you cannot follow these instructions (e.g. Windows system using CMake) or cannot meet these prerequistes, please download an official release distribution from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ instead. Using official releases is strongly advised if you are not a developer._
|
||||
If you have checked this source using Git, follow these initial steps to
|
||||
prepare the source tree for building:
|
||||
|
||||
1. Ensure you have the following packages installed:
|
||||
automake, autoconf, git, libtool, perl
|
||||
automake, autoconf, git, libtool, perl, pod2man
|
||||
2. Run './autogen.sh' to prepare the source tree for building or
|
||||
run './dist.sh' to prepare a tarball.
|
||||
|
||||
## Steps that apply to all builds ##
|
||||
## Building LibreSSL ##
|
||||
|
||||
Once you have a source tree, either by downloaded using git and having
|
||||
run the autogen.sh script above, or by downloading a release distribution from
|
||||
an OpenBSD mirror, run these commands to build and install the package on most
|
||||
systems:
|
||||
Once you have a source tree from Git or FTP, run these commands to build and
|
||||
install the package on most systems:
|
||||
|
||||
```sh
|
||||
./configure # see ./configure --help for configuration options
|
||||
@ -124,9 +119,9 @@ should work. See README.windows for more information
|
||||
|
||||
#### Windows - Visual Studio ####
|
||||
|
||||
LibreSSL builds using the CMake target "Visual Studio 12 2013" and newer. To
|
||||
generate a Visual Studio project, install CMake, enter the LibreSSL source
|
||||
directory and run:
|
||||
LibreSSL builds using the CMake target "Visual Studio 12 2013", and may build
|
||||
against older/newer targets as well. To generate a Visual Studio project,
|
||||
install CMake, enter the LibreSSL source directory and run:
|
||||
|
||||
```sh
|
||||
mkdir build-vs2013
|
||||
@ -134,18 +129,5 @@ directory and run:
|
||||
cmake -G"Visual Studio 12 2013" ..
|
||||
```
|
||||
|
||||
Replace "Visual Studion 12 2013" with whatever version of Visual Studio you
|
||||
have installed. This will generate a LibreSSL.sln file that you can incorporate
|
||||
into other projects or build by itself.
|
||||
|
||||
#### Cmake - Additional Options ####
|
||||
|
||||
| Option Name | Default | Description
|
||||
| ------------ | -----: | ------
|
||||
| LIBRESSL_SKIP_INSTALL | OFF | allows skipping install() rules. Can be specified from command line using <br>```-DLIBRESSL_SKIP_INSTALL=ON``` |
|
||||
| ENABLE_ASM | ON | builds assembly optimized rules. |
|
||||
| ENABLE_EXTRATESTS | OFF | Enable extra tests that may be unreliable on some platforms |
|
||||
| ENABLE_NC | OFF | Enable installing TLS-enabled nc(1) |
|
||||
| ENABLE_VSTEST | OFF | Enable test on Visual Studio |
|
||||
| OPENSSLDIR | Blank | Set the default openssl directory. Can be specified from command line using <br>```-DOPENSSLDIR=<dirname>``` |
|
||||
|
||||
This will generate a LibreSSL.sln file that you can incorporate into other
|
||||
projects or build by itself.
|
||||
|
@ -53,10 +53,8 @@ add_executable(nc ${NC_SRC})
|
||||
target_link_libraries(nc tls ${OPENSSL_LIBS})
|
||||
|
||||
if(ENABLE_NC)
|
||||
if(ENABLE_LIBRESSL_INSTALL)
|
||||
install(TARGETS nc DESTINATION ${CMAKE_INSTALL_BINDIR})
|
||||
install(FILES nc.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
|
||||
endif(ENABLE_LIBRESSL_INSTALL)
|
||||
endif()
|
||||
|
||||
endif()
|
||||
|
@ -20,7 +20,7 @@ else()
|
||||
set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/inet_ntop.c)
|
||||
endif()
|
||||
|
||||
check_function_exists(memmem HAVE_MEMMEM)
|
||||
check_function_exists(inet_ntop HAVE_MEMMEM)
|
||||
if(HAVE_MEMMEM)
|
||||
add_definitions(-DHAVE_MEMMEM)
|
||||
else()
|
||||
@ -36,10 +36,7 @@ endif()
|
||||
add_executable(ocspcheck ${OCSPCHECK_SRC})
|
||||
target_link_libraries(ocspcheck tls ${OPENSSL_LIBS})
|
||||
|
||||
if(ENABLE_LIBRESSL_INSTALL)
|
||||
install(TARGETS ocspcheck DESTINATION ${CMAKE_INSTALL_BINDIR})
|
||||
install(FILES ocspcheck.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8)
|
||||
|
||||
endif(ENABLE_LIBRESSL_INSTALL)
|
||||
|
||||
endif()
|
||||
|
@ -76,17 +76,13 @@ endif()
|
||||
add_executable(openssl ${OPENSSL_SRC})
|
||||
target_link_libraries(openssl ${OPENSSL_LIBS})
|
||||
|
||||
if(ENABLE_LIBRESSL_INSTALL)
|
||||
install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR})
|
||||
install(FILES openssl.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
|
||||
endif(ENABLE_LIBRESSL_INSTALL)
|
||||
|
||||
if(NOT "${OPENSSLDIR}" STREQUAL "")
|
||||
set(CONF_DIR "${OPENSSLDIR}")
|
||||
else()
|
||||
set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
|
||||
endif()
|
||||
if(ENABLE_LIBRESSL_INSTALL)
|
||||
install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
|
||||
install(DIRECTORY DESTINATION ${CONF_DIR}/certs)
|
||||
endif(ENABLE_LIBRESSL_INSTALL)
|
||||
install(DIRECTORY DESTINATION ${CONF_DIR}/cert)
|
||||
|
@ -13,7 +13,7 @@
|
||||
#include "apps.h"
|
||||
|
||||
double
|
||||
app_timer_user(int stop)
|
||||
app_tminterval(int stop, int usertime)
|
||||
{
|
||||
static unsigned __int64 tmstart;
|
||||
union {
|
||||
@ -22,11 +22,13 @@ app_timer_user(int stop)
|
||||
} ct, et, kt, ut;
|
||||
|
||||
GetProcessTimes(GetCurrentProcess(), &ct.ft, &et.ft, &kt.ft, &ut.ft);
|
||||
if (stop)
|
||||
return (ut.u64 + kt.u64 - tmstart) / (double) 10000000;
|
||||
|
||||
if (stop == TM_START) {
|
||||
tmstart = ut.u64 + kt.u64;
|
||||
return 0.0;
|
||||
} else {
|
||||
return (ut.u64 + kt.u64 - tmstart) / (double) 10000000;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
|
@ -253,9 +253,7 @@ poll(struct pollfd *pfds, nfds_t nfds, int timeout_ms)
|
||||
looptime_ms = timeout_ms > 100 ? 100 : timeout_ms;
|
||||
|
||||
do {
|
||||
struct timeval tv;
|
||||
tv.tv_sec = 0;
|
||||
tv.tv_usec = looptime_ms * 1000;
|
||||
struct timeval tv = {0, looptime_ms * 1000};
|
||||
int handle_signaled = 0;
|
||||
|
||||
/*
|
||||
|
@ -57,7 +57,6 @@ fi
|
||||
echo "differences between release and regenerated release tag:"
|
||||
diff -urN \
|
||||
-x *.3 \
|
||||
-x *.5 \
|
||||
-x Makefile.in \
|
||||
-x aclocal.m4 \
|
||||
-x compile \
|
||||
|
@ -10,13 +10,7 @@ macro(export_symbol TARGET FILENAME)
|
||||
target_sources(${TARGET} PRIVATE ${DEF_FILENAME})
|
||||
|
||||
elseif(APPLE)
|
||||
file(READ ${FILENAME} SYMBOLS)
|
||||
string(REGEX REPLACE "\n$" "" SYMBOLS ${SYMBOLS})
|
||||
string(REPLACE "\n" "\n_" SYMBOLS ${SYMBOLS})
|
||||
string(REGEX REPLACE "(.)$" "\\1\\n" SYMBOLS ${SYMBOLS})
|
||||
string(REPLACE ".sym" ".exp" EXP_FILENAME ${FILENAME})
|
||||
file(WRITE ${EXP_FILENAME} "_${SYMBOLS}")
|
||||
set(FLAG "-exported_symbols_list ${EXP_FILENAME}")
|
||||
set(FLAG "-exported_symbols_list ${FILENAME}")
|
||||
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
|
||||
|
||||
elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
|
||||
|
25
configure.ac
25
configure.ac
@ -54,6 +54,8 @@ CHECK_CRYPTO_COMPAT
|
||||
CHECK_VA_COPY
|
||||
CHECK_B64_NTOP
|
||||
|
||||
GENERATE_CRYPTO_PORTABLE_SYM
|
||||
|
||||
AC_ARG_WITH([openssldir],
|
||||
AS_HELP_STRING([--with-openssldir],
|
||||
[Set the default openssl directory]),
|
||||
@ -78,15 +80,19 @@ AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"],
|
||||
BSWAP4=no)
|
||||
CFLAGS="$old_cflags"
|
||||
|
||||
AS_CASE([$host_cpu],
|
||||
[*sparc*], [CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT"],
|
||||
[*arm*], AS_IF([test "x$BSWAP4" = "xyes"],,
|
||||
CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT"),
|
||||
[*amd64*], [host_cpu=x86_64, HOSTARCH=intel],
|
||||
[i?86], [HOSTARCH=intel],
|
||||
[x86_64], [HOSTARCH=intel]
|
||||
)
|
||||
AM_CONDITIONAL([HOST_CPU_IS_INTEL], [test "x$HOSTARCH" = "xintel"])
|
||||
case $host_cpu in
|
||||
*sparc*)
|
||||
CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT"
|
||||
;;
|
||||
*arm*)
|
||||
AS_IF([test "x$BSWAP4" = "xyes"],,
|
||||
CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT")
|
||||
;;
|
||||
*amd64*)
|
||||
host_cpu=x86_64
|
||||
;;
|
||||
|
||||
esac
|
||||
|
||||
AC_MSG_CHECKING([if .gnu.warning accepts long strings])
|
||||
AC_LINK_IFELSE([AC_LANG_SOURCE([[
|
||||
@ -134,7 +140,6 @@ AC_CONFIG_FILES([
|
||||
|
||||
AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
|
||||
if test "$ac_cv_sizeof_time_t" = "4"; then
|
||||
AC_DEFINE([SMALL_TIME_T])
|
||||
echo " ** Warning, this system is unable to represent times past 2038"
|
||||
echo " ** It will behave incorrectly when handling valid RFC5280 dates"
|
||||
|
||||
|
@ -352,6 +352,10 @@ set(
|
||||
ec/ecp_mont.c
|
||||
ec/ecp_nist.c
|
||||
ec/ecp_oct.c
|
||||
ec/ecp_nistp224.c
|
||||
ec/ecp_nistp256.c
|
||||
ec/ecp_nistp521.c
|
||||
ec/ecp_nistputil.c
|
||||
ec/ecp_smpl.c
|
||||
ecdh/ech_err.c
|
||||
ecdh/ech_key.c
|
||||
@ -459,7 +463,6 @@ set(
|
||||
gost/gostr341001_pmeth.c
|
||||
gost/gostr341194.c
|
||||
gost/streebog.c
|
||||
hkdf/hkdf.c
|
||||
hmac/hm_ameth.c
|
||||
hmac/hm_pmeth.c
|
||||
hmac/hmac.c
|
||||
@ -559,6 +562,7 @@ set(
|
||||
rsa/rsa_pss.c
|
||||
rsa/rsa_saos.c
|
||||
rsa/rsa_sign.c
|
||||
rsa/rsa_ssl.c
|
||||
rsa/rsa_x931.c
|
||||
sha/sha1_one.c
|
||||
sha/sha1dgst.c
|
||||
@ -677,11 +681,6 @@ if(NOT HAVE_ASPRINTF)
|
||||
set(EXTRA_EXPORT ${EXTRA_EXPORT} vasprintf)
|
||||
endif()
|
||||
|
||||
if(NOT HAVE_FREEZERO)
|
||||
set(CRYPTO_SRC ${CRYPTO_SRC} compat/freezero.c)
|
||||
set(EXTRA_EXPORT ${EXTRA_EXPORT} freezero)
|
||||
endif()
|
||||
|
||||
if(NOT HAVE_GETPAGESIZE)
|
||||
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getpagesize.c)
|
||||
endif()
|
||||
@ -824,13 +823,9 @@ if (BUILD_SHARED)
|
||||
ARCHIVE_OUTPUT_NAME crypto${CRYPTO_POSTFIX})
|
||||
set_target_properties(crypto-shared PROPERTIES VERSION
|
||||
${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
|
||||
if(ENABLE_LIBRESSL_INSTALL)
|
||||
install(TARGETS crypto crypto-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
endif(ENABLE_LIBRESSL_INSTALL)
|
||||
else()
|
||||
add_library(crypto STATIC ${CRYPTO_SRC})
|
||||
if(ENABLE_LIBRESSL_INSTALL)
|
||||
install(TARGETS crypto DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
endif(ENABLE_LIBRESSL_INSTALL)
|
||||
endif()
|
||||
|
||||
|
@ -18,80 +18,6 @@ EXTRA_DIST += compat/strcasecmp.c
|
||||
BUILT_SOURCES = crypto_portable.sym
|
||||
CLEANFILES = crypto_portable.sym
|
||||
|
||||
crypto_portable.sym:
|
||||
-echo "generating crypto_portable.sym ..."
|
||||
-cp $(top_srcdir)/crypto/crypto.sym crypto_portable.sym
|
||||
-chmod u+w crypto_portable.sym
|
||||
if !HAVE_ARC4RANDOM_BUF
|
||||
-echo arc4random >> crypto_portable.sym
|
||||
-echo arc4random_buf >> crypto_portable.sym
|
||||
-echo arc4random_uniform >> crypto_portable.sym
|
||||
if !HAVE_GETENTROPY
|
||||
-echo getentropy >> crypto_portable.sym
|
||||
endif
|
||||
endif
|
||||
if !HAVE_ASPRINTF
|
||||
-echo asprintf >> crypto_portable.sym
|
||||
-echo vasprintf >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_EXPLICIT_BZERO
|
||||
-echo explicit_bzero >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_FREEZERO
|
||||
-echo freezero >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_INET_PTON
|
||||
-echo inet_pton >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_REALLOCARRAY
|
||||
-echo reallocarray >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_RECALLOCARRAY
|
||||
-echo recallocarray >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_STRLCAT
|
||||
-echo strlcat >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_STRLCPY
|
||||
-echo strlcpy >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_STRNDUP
|
||||
-echo strndup >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_STRNLEN
|
||||
-echo strnlen >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_STRSEP
|
||||
-echo strsep >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_TIMEGM
|
||||
-echo timegm >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_TIMINGSAFE_BCMP
|
||||
-echo timingsafe_bcmp >> crypto_portable.sym
|
||||
endif
|
||||
if !HAVE_TIMINGSAFE_MEMCMP
|
||||
-echo timingsafe_memcmp >> crypto_portable.sym
|
||||
endif
|
||||
if HOST_CPU_IS_INTEL
|
||||
-echo OPENSSL_ia32cap_P >> crypto_portable.sym
|
||||
endif
|
||||
if HOST_WIN
|
||||
-echo posix_perror >> crypto_portable.sym
|
||||
-echo posix_fopen >> crypto_portable.sym
|
||||
-echo posix_fgets >> crypto_portable.sym
|
||||
-echo posix_open >> crypto_portable.sym
|
||||
-echo posix_rename >> crypto_portable.sym
|
||||
-echo posix_connect >> crypto_portable.sym
|
||||
-echo posix_close >> crypto_portable.sym
|
||||
-echo posix_read >> crypto_portable.sym
|
||||
-echo posix_write >> crypto_portable.sym
|
||||
-echo posix_getsockopt >> crypto_portable.sym
|
||||
-echo posix_setsockopt >> crypto_portable.sym
|
||||
-grep -v BIO_s_log crypto_portable.sym > crypto_portable.sym.tmp
|
||||
-mv crypto_portable.sym.tmp crypto_portable.sym
|
||||
endif
|
||||
|
||||
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym
|
||||
libcrypto_la_LIBADD = libcompat.la
|
||||
if !HAVE_EXPLICIT_BZERO
|
||||
@ -158,10 +84,6 @@ if !HAVE_ASPRINTF
|
||||
libcompat_la_SOURCES += compat/bsd-asprintf.c
|
||||
endif
|
||||
|
||||
if !HAVE_FREEZERO
|
||||
libcompat_la_SOURCES += compat/freezero.c
|
||||
endif
|
||||
|
||||
if !HAVE_GETPAGESIZE
|
||||
libcompat_la_SOURCES += compat/getpagesize.c
|
||||
endif
|
||||
@ -524,6 +446,10 @@ libcrypto_la_SOURCES += ec/ec_print.c
|
||||
libcrypto_la_SOURCES += ec/eck_prn.c
|
||||
libcrypto_la_SOURCES += ec/ecp_mont.c
|
||||
libcrypto_la_SOURCES += ec/ecp_nist.c
|
||||
libcrypto_la_SOURCES += ec/ecp_nistp224.c
|
||||
libcrypto_la_SOURCES += ec/ecp_nistp256.c
|
||||
libcrypto_la_SOURCES += ec/ecp_nistp521.c
|
||||
libcrypto_la_SOURCES += ec/ecp_nistputil.c
|
||||
libcrypto_la_SOURCES += ec/ecp_oct.c
|
||||
libcrypto_la_SOURCES += ec/ecp_smpl.c
|
||||
noinst_HEADERS += ec/ec_lcl.h
|
||||
@ -653,9 +579,6 @@ noinst_HEADERS += gost/gost.h
|
||||
noinst_HEADERS += gost/gost_asn1.h
|
||||
noinst_HEADERS += gost/gost_locl.h
|
||||
|
||||
# hkdf
|
||||
libcrypto_la_SOURCES += hkdf/hkdf.c
|
||||
|
||||
# hmac
|
||||
libcrypto_la_SOURCES += hmac/hm_ameth.c
|
||||
libcrypto_la_SOURCES += hmac/hm_pmeth.c
|
||||
@ -799,6 +722,7 @@ libcrypto_la_SOURCES += rsa/rsa_prn.c
|
||||
libcrypto_la_SOURCES += rsa/rsa_pss.c
|
||||
libcrypto_la_SOURCES += rsa/rsa_saos.c
|
||||
libcrypto_la_SOURCES += rsa/rsa_sign.c
|
||||
libcrypto_la_SOURCES += rsa/rsa_ssl.c
|
||||
libcrypto_la_SOURCES += rsa/rsa_x931.c
|
||||
noinst_HEADERS += rsa/rsa_locl.h
|
||||
|
||||
|
@ -1,32 +0,0 @@
|
||||
/*
|
||||
* Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net>
|
||||
* Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
|
||||
* Copyright (c) 2008 Damien Miller <djm@openbsd.org>
|
||||
* Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org>
|
||||
*
|
||||
* Permission to use, copy, modify, and distribute this software for any
|
||||
* purpose with or without fee is hereby granted, provided that the above
|
||||
* copyright notice and this permission notice appear in all copies.
|
||||
*
|
||||
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
|
||||
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
|
||||
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
|
||||
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
|
||||
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
|
||||
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
|
||||
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
void
|
||||
freezero(void *ptr, size_t sz)
|
||||
{
|
||||
/* This is legal. */
|
||||
if (ptr == NULL)
|
||||
return;
|
||||
|
||||
explicit_bzero(ptr, sz);
|
||||
free(ptr);
|
||||
}
|
@ -209,7 +209,6 @@ posix_setsockopt(int sockfd, int level, int optname,
|
||||
}
|
||||
|
||||
#ifdef _MSC_VER
|
||||
struct timezone;
|
||||
int gettimeofday(struct timeval * tp, struct timezone * tzp)
|
||||
{
|
||||
/*
|
||||
|
2
dist.sh
2
dist.sh
@ -1,7 +1,7 @@
|
||||
#!/bin/sh
|
||||
set -e
|
||||
|
||||
rm -f man/*.[35] include/openssl/*.h
|
||||
rm -f man/*.1 man/*.3 include/openssl/*.h
|
||||
./autogen.sh
|
||||
./configure
|
||||
make -j2 distcheck
|
||||
|
@ -1,8 +1,5 @@
|
||||
if(ENABLE_LIBRESSL_INSTALL)
|
||||
install(DIRECTORY .
|
||||
DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
|
||||
PATTERN "CMakeLists.txt" EXCLUDE
|
||||
PATTERN "compat" EXCLUDE
|
||||
PATTERN "pqueue.h" EXCLUDE
|
||||
PATTERN "Makefile*" EXCLUDE)
|
||||
endif(ENABLE_LIBRESSL_INSTALL)
|
||||
|
@ -34,9 +34,9 @@ err(int eval, const char *fmt, ...)
|
||||
vfprintf(stderr, fmt, ap);
|
||||
fprintf(stderr, ": ");
|
||||
}
|
||||
va_end(ap);
|
||||
fprintf(stderr, "%s\n", strerror(sverrno));
|
||||
exit(eval);
|
||||
va_end(ap);
|
||||
}
|
||||
|
||||
#if defined(_MSC_VER)
|
||||
@ -52,9 +52,9 @@ errx(int eval, const char *fmt, ...)
|
||||
va_start(ap, fmt);
|
||||
if (fmt != NULL)
|
||||
vfprintf(stderr, fmt, ap);
|
||||
va_end(ap);
|
||||
fprintf(stderr, "\n");
|
||||
exit(eval);
|
||||
va_end(ap);
|
||||
}
|
||||
|
||||
static inline void
|
||||
@ -68,8 +68,8 @@ warn(const char *fmt, ...)
|
||||
vfprintf(stderr, fmt, ap);
|
||||
fprintf(stderr, ": ");
|
||||
}
|
||||
va_end(ap);
|
||||
fprintf(stderr, "%s\n", strerror(sverrno));
|
||||
va_end(ap);
|
||||
}
|
||||
|
||||
static inline void
|
||||
@ -80,8 +80,8 @@ warnx(const char *fmt, ...)
|
||||
va_start(ap, fmt);
|
||||
if (fmt != NULL)
|
||||
vfprintf(stderr, fmt, ap);
|
||||
va_end(ap);
|
||||
fprintf(stderr, "\n");
|
||||
va_end(ap);
|
||||
}
|
||||
|
||||
#endif
|
||||
|
@ -25,10 +25,6 @@ void arc4random_buf(void *_buf, size_t n);
|
||||
uint32_t arc4random_uniform(uint32_t upper_bound);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_FREEZERO
|
||||
void freezero(void *ptr, size_t sz);
|
||||
#endif
|
||||
|
||||
#ifndef HAVE_REALLOCARRAY
|
||||
void *reallocarray(void *, size_t, size_t);
|
||||
#endif
|
||||
|
@ -13,20 +13,4 @@ int gettimeofday(struct timeval *tp, void *tzp);
|
||||
#include_next <sys/time.h>
|
||||
#endif
|
||||
|
||||
#ifndef CLOCK_MONOTONIC
|
||||
#define CLOCK_MONOTONIC CLOCK_REALTIME
|
||||
#endif
|
||||
|
||||
#ifndef timersub
|
||||
#define timersub(tvp, uvp, vvp) \
|
||||
do { \
|
||||
(vvp)->tv_sec = (tvp)->tv_sec - (uvp)->tv_sec; \
|
||||
(vvp)->tv_usec = (tvp)->tv_usec - (uvp)->tv_usec; \
|
||||
if ((vvp)->tv_usec < 0) { \
|
||||
(vvp)->tv_sec--; \
|
||||
(vvp)->tv_usec += 1000000; \
|
||||
} \
|
||||
} while (0)
|
||||
#endif
|
||||
|
||||
#endif
|
||||
|
@ -20,14 +20,12 @@
|
||||
|
||||
#ifdef __MINGW32__
|
||||
#include <_bsd_types.h>
|
||||
typedef uint32_t in_addr_t;
|
||||
#endif
|
||||
|
||||
#ifdef _MSC_VER
|
||||
typedef unsigned char u_char;
|
||||
typedef unsigned short u_short;
|
||||
typedef unsigned int u_int;
|
||||
typedef uint32_t in_addr_t;
|
||||
|
||||
#include <basetsd.h>
|
||||
typedef SSIZE_T ssize_t;
|
||||
|
@ -21,15 +21,3 @@ struct tm *__gmtime_r(const time_t * t, struct tm * tm);
|
||||
#ifndef HAVE_TIMEGM
|
||||
time_t timegm(struct tm *tm);
|
||||
#endif
|
||||
|
||||
#ifndef timespecsub
|
||||
#define timespecsub(tsp, usp, vsp) \
|
||||
do { \
|
||||
(vsp)->tv_sec = (tsp)->tv_sec - (usp)->tv_sec; \
|
||||
(vsp)->tv_nsec = (tsp)->tv_nsec - (usp)->tv_nsec; \
|
||||
if ((vsp)->tv_nsec < 0) { \
|
||||
(vsp)->tv_sec--; \
|
||||
(vsp)->tv_nsec += 1000000000L; \
|
||||
} \
|
||||
} while (0)
|
||||
#endif
|
||||
|
100
m4/check-libc.m4
100
m4/check-libc.m4
@ -2,25 +2,11 @@ AC_DEFUN([CHECK_LIBC_COMPAT], [
|
||||
# Check for libc headers
|
||||
AC_CHECK_HEADERS([err.h readpassphrase.h])
|
||||
# Check for general libc functions
|
||||
AC_CHECK_FUNCS([asprintf freezero inet_ntop inet_pton memmem])
|
||||
AC_CHECK_FUNCS([readpassphrase reallocarray recallocarray])
|
||||
AC_CHECK_FUNCS([asprintf getpagesize inet_ntop inet_pton memmem readpassphrase])
|
||||
AC_CHECK_FUNCS([reallocarray recallocarray])
|
||||
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
|
||||
AC_CHECK_FUNCS([timegm _mkgmtime])
|
||||
AC_CACHE_CHECK([for getpagesize], ac_cv_func_getpagesize, [
|
||||
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
|
||||
// Since Android NDK v16 getpagesize is defined as inline inside unistd.h
|
||||
#ifdef __ANDROID__
|
||||
# include <unistd.h>
|
||||
#endif
|
||||
]], [[
|
||||
getpagesize();
|
||||
]])],
|
||||
[ ac_cv_func_getpagesize="yes" ],
|
||||
[ ac_cv_func_getpagesize="no"
|
||||
])
|
||||
])
|
||||
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
|
||||
AM_CONDITIONAL([HAVE_FREEZERO], [test "x$ac_cv_func_freezero" = xyes])
|
||||
AM_CONDITIONAL([HAVE_GETPAGESIZE], [test "x$ac_cv_func_getpagesize" = xyes])
|
||||
AM_CONDITIONAL([HAVE_INET_NTOP], [test "x$ac_cv_func_inet_ntop" = xyes])
|
||||
AM_CONDITIONAL([HAVE_INET_PTON], [test "x$ac_cv_func_inet_pton" = xyes])
|
||||
@ -161,3 +147,85 @@ if test "x$ac_cv_have___va_copy" = "xyes" ; then
|
||||
AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
|
||||
fi
|
||||
])
|
||||
|
||||
AC_DEFUN([GENERATE_CRYPTO_PORTABLE_SYM], [
|
||||
AS_CASE([$host_cpu],
|
||||
[i?86], [HOSTARCH=intel],
|
||||
[x86_64], [HOSTARCH=intel],
|
||||
[amd64], [HOSTARCH=intel],
|
||||
)
|
||||
AC_SUBST([HOSTARCH])
|
||||
crypto_sym=$srcdir/crypto/crypto.sym
|
||||
crypto_p_sym=./crypto/crypto_portable.sym
|
||||
echo "generating $crypto_p_sym ..."
|
||||
mkdir -p ./crypto
|
||||
cp $crypto_sym $crypto_p_sym
|
||||
chmod u+w $crypto_p_sym
|
||||
if test "x$ac_cv_func_arc4random_buf" = "xno" ; then
|
||||
echo arc4random >> $crypto_p_sym
|
||||
echo arc4random_buf >> $crypto_p_sym
|
||||
echo arc4random_uniform >> $crypto_p_sym
|
||||
if test "x$ac_cv_func_getentropy" = "xno" ; then
|
||||
echo getentropy >> $crypto_p_sym
|
||||
fi
|
||||
fi
|
||||
if test "x$ac_cv_func_asprintf" = "xno" ; then
|
||||
echo asprintf >> $crypto_p_sym
|
||||
echo vasprintf >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$ac_cv_func_explicit_bzero" = "xno" ; then
|
||||
echo explicit_bzero >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$ac_cv_func_inet_pton" = "xno" ; then
|
||||
echo inet_pton >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$ac_cv_func_reallocarray" = "xno" ; then
|
||||
echo reallocarray >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$ac_cv_func_recallocarray" = "xno" ; then
|
||||
echo recallocarray >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$ac_cv_func_strlcat" = "xno" ; then
|
||||
echo strlcat >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$ac_cv_func_strlcpy" = "xno" ; then
|
||||
echo strlcpy >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$ac_cv_func_strndup" = "xno" ; then
|
||||
echo strndup >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$ac_cv_func_strnlen" = "xno" ; then
|
||||
echo strnlen >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$ac_cv_func_strsep" = "xno" ; then
|
||||
echo strsep >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$ac_cv_func_timegm" = "xno" ; then
|
||||
echo timegm >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$ac_cv_func_timingsafe_bcmp" = "xno" ; then
|
||||
echo timingsafe_bcmp >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$ac_cv_func_timingsafe_memcmp" = "xno" ; then
|
||||
echo timingsafe_memcmp >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$HOSTARCH" = "xintel" ; then
|
||||
echo OPENSSL_ia32cap_P >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$HOST_OS" = "xwin" ; then
|
||||
echo posix_perror >> $crypto_p_sym
|
||||
echo posix_fopen >> $crypto_p_sym
|
||||
echo posix_fgets >> $crypto_p_sym
|
||||
echo posix_open >> $crypto_p_sym
|
||||
echo posix_rename >> $crypto_p_sym
|
||||
echo posix_connect >> $crypto_p_sym
|
||||
echo posix_close >> $crypto_p_sym
|
||||
echo posix_read >> $crypto_p_sym
|
||||
echo posix_write >> $crypto_p_sym
|
||||
echo posix_getsockopt >> $crypto_p_sym
|
||||
echo posix_setsockopt >> $crypto_p_sym
|
||||
|
||||
grep -v BIO_s_log $crypto_p_sym > $crypto_p_sym.tmp
|
||||
mv $crypto_p_sym.tmp $crypto_p_sym
|
||||
fi
|
||||
])
|
||||
|
@ -13,7 +13,6 @@ case $host_os in
|
||||
;;
|
||||
*cygwin*)
|
||||
HOST_OS=cygwin
|
||||
CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
|
||||
;;
|
||||
*darwin*)
|
||||
HOST_OS=darwin
|
||||
@ -112,7 +111,6 @@ char buf[1]; getentropy(buf, 1);
|
||||
*solaris*)
|
||||
HOST_OS=solaris
|
||||
HOST_ABI=elf
|
||||
CFLAGS="$CFLAGS -m64"
|
||||
CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
|
||||
AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
|
||||
;;
|
||||
|
@ -1,11 +1,9 @@
|
||||
if(ENABLE_LIBRESSL_INSTALL)
|
||||
install(DIRECTORY .
|
||||
DESTINATION ${CMAKE_INSTALL_MANDIR}/man3
|
||||
FILES_MATCHING PATTERN "*.3"
|
||||
)
|
||||
|
||||
install(DIRECTORY .
|
||||
DESTINATION ${CMAKE_INSTALL_MANDIR}/man5
|
||||
FILES_MATCHING PATTERN "*.5"
|
||||
DESTINATION ${CMAKE_INSTALL_MANDIR}/man1
|
||||
FILES_MATCHING PATTERN "*.1"
|
||||
)
|
||||
endif(ENABLE_LIBRESSL_INSTALL)
|
||||
|
63
man/links
63
man/links
@ -3,8 +3,6 @@ ACCESS_DESCRIPTION_new.3,ACCESS_DESCRIPTION_free.3
|
||||
ACCESS_DESCRIPTION_new.3,AUTHORITY_INFO_ACCESS_free.3
|
||||
ACCESS_DESCRIPTION_new.3,AUTHORITY_INFO_ACCESS_new.3
|
||||
ASN1_OBJECT_new.3,ASN1_OBJECT_free.3
|
||||
ASN1_STRING_TABLE_add.3,ASN1_STRING_TABLE_cleanup.3
|
||||
ASN1_STRING_TABLE_add.3,ASN1_STRING_TABLE_get.3
|
||||
ASN1_STRING_length.3,ASN1_STRING_cmp.3
|
||||
ASN1_STRING_length.3,ASN1_STRING_data.3
|
||||
ASN1_STRING_length.3,ASN1_STRING_dup.3
|
||||
@ -53,22 +51,10 @@ ASN1_STRING_new.3,DISPLAYTEXT_new.3
|
||||
ASN1_STRING_print_ex.3,ASN1_STRING_print.3
|
||||
ASN1_STRING_print_ex.3,ASN1_STRING_print_ex_fp.3
|
||||
ASN1_STRING_print_ex.3,ASN1_tag2str.3
|
||||
ASN1_TIME_set.3,ASN1_GENERALIZEDTIME_adj.3
|
||||
ASN1_TIME_set.3,ASN1_GENERALIZEDTIME_check.3
|
||||
ASN1_TIME_set.3,ASN1_GENERALIZEDTIME_print.3
|
||||
ASN1_TIME_set.3,ASN1_GENERALIZEDTIME_set.3
|
||||
ASN1_TIME_set.3,ASN1_GENERALIZEDTIME_set_string.3
|
||||
ASN1_TIME_set.3,ASN1_TIME_adj.3
|
||||
ASN1_TIME_set.3,ASN1_TIME_check.3
|
||||
ASN1_TIME_set.3,ASN1_TIME_print.3
|
||||
ASN1_TIME_set.3,ASN1_TIME_set_string.3
|
||||
ASN1_TIME_set.3,ASN1_TIME_to_generalizedtime.3
|
||||
ASN1_TIME_set.3,ASN1_UTCTIME_adj.3
|
||||
ASN1_TIME_set.3,ASN1_UTCTIME_check.3
|
||||
ASN1_TIME_set.3,ASN1_UTCTIME_cmp_time_t.3
|
||||
ASN1_TIME_set.3,ASN1_UTCTIME_print.3
|
||||
ASN1_TIME_set.3,ASN1_UTCTIME_set.3
|
||||
ASN1_TIME_set.3,ASN1_UTCTIME_set_string.3
|
||||
ASN1_TYPE_get.3,ASN1_TYPE_cmp.3
|
||||
ASN1_TYPE_get.3,ASN1_TYPE_free.3
|
||||
ASN1_TYPE_get.3,ASN1_TYPE_new.3
|
||||
@ -85,7 +71,6 @@ ASN1_item_d2i.3,ASN1_item_print.3
|
||||
ASN1_item_d2i.3,d2i_ASN1_TYPE.3
|
||||
ASN1_item_d2i.3,i2d_ASN1_TYPE.3
|
||||
ASN1_item_new.3,ASN1_item_free.3
|
||||
ASN1_time_parse.3,ASN1_TIME_set_tm.3
|
||||
ASN1_time_parse.3,ASN1_time_tm_cmp.3
|
||||
AUTHORITY_KEYID_new.3,AUTHORITY_KEYID_free.3
|
||||
BASIC_CONSTRAINTS_new.3,BASIC_CONSTRAINTS_free.3
|
||||
@ -331,10 +316,8 @@ BUF_MEM_new.3,BUF_strdup.3
|
||||
CONF_modules_free.3,CONF_modules_finish.3
|
||||
CONF_modules_free.3,CONF_modules_unload.3
|
||||
CONF_modules_load_file.3,CONF_modules_load.3
|
||||
CRYPTO_get_mem_functions.3,CRYPTO_MEM_LEAK_CB.3
|
||||
CRYPTO_get_mem_functions.3,CRYPTO_mem_ctrl.3
|
||||
CRYPTO_get_mem_functions.3,CRYPTO_mem_leaks.3
|
||||
CRYPTO_get_mem_functions.3,CRYPTO_mem_leaks_cb.3
|
||||
CRYPTO_get_mem_functions.3,CRYPTO_mem_leaks_fp.3
|
||||
CRYPTO_get_mem_functions.3,CRYPTO_set_mem_functions.3
|
||||
CRYPTO_set_ex_data.3,CRYPTO_EX_dup.3
|
||||
@ -577,6 +560,7 @@ EVP_AEAD_CTX_init.3,EVP_AEAD_nonce_length.3
|
||||
EVP_AEAD_CTX_init.3,EVP_aead_aes_128_gcm.3
|
||||
EVP_AEAD_CTX_init.3,EVP_aead_aes_256_gcm.3
|
||||
EVP_AEAD_CTX_init.3,EVP_aead_chacha20_poly1305.3
|
||||
EVP_AEAD_CTX_init.3,EVP_aead_chacha20_poly1305_ietf.3
|
||||
EVP_DigestInit.3,EVP_DigestFinal.3
|
||||
EVP_DigestInit.3,EVP_DigestFinal_ex.3
|
||||
EVP_DigestInit.3,EVP_DigestInit_ex.3
|
||||
@ -664,7 +648,6 @@ EVP_EncryptInit.3,EVP_EncryptFinal_ex.3
|
||||
EVP_EncryptInit.3,EVP_EncryptInit_ex.3
|
||||
EVP_EncryptInit.3,EVP_EncryptUpdate.3
|
||||
EVP_EncryptInit.3,EVP_aes_128_cbc.3
|
||||
EVP_EncryptInit.3,EVP_aes_128_cbc_hmac_sha1.3
|
||||
EVP_EncryptInit.3,EVP_aes_128_ccm.3
|
||||
EVP_EncryptInit.3,EVP_aes_128_cfb.3
|
||||
EVP_EncryptInit.3,EVP_aes_128_ecb.3
|
||||
@ -677,7 +660,6 @@ EVP_EncryptInit.3,EVP_aes_192_ecb.3
|
||||
EVP_EncryptInit.3,EVP_aes_192_gcm.3
|
||||
EVP_EncryptInit.3,EVP_aes_192_ofb.3
|
||||
EVP_EncryptInit.3,EVP_aes_256_cbc.3
|
||||
EVP_EncryptInit.3,EVP_aes_256_cbc_hmac_sha1.3
|
||||
EVP_EncryptInit.3,EVP_aes_256_ccm.3
|
||||
EVP_EncryptInit.3,EVP_aes_256_cfb.3
|
||||
EVP_EncryptInit.3,EVP_aes_256_ecb.3
|
||||
@ -721,7 +703,6 @@ EVP_EncryptInit.3,EVP_rc2_ecb.3
|
||||
EVP_EncryptInit.3,EVP_rc2_ofb.3
|
||||
EVP_EncryptInit.3,EVP_rc4.3
|
||||
EVP_EncryptInit.3,EVP_rc4_40.3
|
||||
EVP_EncryptInit.3,EVP_rc4_hmac_md5.3
|
||||
EVP_EncryptInit.3,EVP_rc5_32_12_16_cbc.3
|
||||
EVP_EncryptInit.3,EVP_rc5_32_12_16_cfb.3
|
||||
EVP_EncryptInit.3,EVP_rc5_32_12_16_ecb.3
|
||||
@ -733,10 +714,10 @@ EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_dh_paramgen_generator.3
|
||||
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_dh_paramgen_prime_len.3
|
||||
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_dsa_paramgen_bits.3
|
||||
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_ec_paramgen_curve_nid.3
|
||||
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_rsa_keygen_bits.3
|
||||
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_rsa_keygen_pubexp.3
|
||||
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_rsa_padding.3
|
||||
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_rsa_pss_saltlen.3
|
||||
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3
|
||||
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_signature_md.3
|
||||
EVP_PKEY_CTX_new.3,EVP_PKEY_CTX_dup.3
|
||||
EVP_PKEY_CTX_new.3,EVP_PKEY_CTX_free.3
|
||||
@ -1060,10 +1041,12 @@ RSA_get_ex_new_index.3,RSA_set_ex_data.3
|
||||
RSA_new.3,RSA_free.3
|
||||
RSA_padding_add_PKCS1_type_1.3,RSA_padding_add_PKCS1_OAEP.3
|
||||
RSA_padding_add_PKCS1_type_1.3,RSA_padding_add_PKCS1_type_2.3
|
||||
RSA_padding_add_PKCS1_type_1.3,RSA_padding_add_SSLv23.3
|
||||
RSA_padding_add_PKCS1_type_1.3,RSA_padding_add_none.3
|
||||
RSA_padding_add_PKCS1_type_1.3,RSA_padding_check_PKCS1_OAEP.3
|
||||
RSA_padding_add_PKCS1_type_1.3,RSA_padding_check_PKCS1_type_1.3
|
||||
RSA_padding_add_PKCS1_type_1.3,RSA_padding_check_PKCS1_type_2.3
|
||||
RSA_padding_add_PKCS1_type_1.3,RSA_padding_check_SSLv23.3
|
||||
RSA_padding_add_PKCS1_type_1.3,RSA_padding_check_none.3
|
||||
RSA_print.3,DHparams_print.3
|
||||
RSA_print.3,DHparams_print_fp.3
|
||||
@ -1110,9 +1093,12 @@ SSL_CIPHER_get_name.3,SSL_CIPHER_get_version.3
|
||||
SSL_COMP_add_compression_method.3,SSL_COMP_get_compression_methods.3
|
||||
SSL_CTX_add_extra_chain_cert.3,SSL_CTX_clear_extra_chain_certs.3
|
||||
SSL_CTX_add_session.3,SSL_CTX_remove_session.3
|
||||
SSL_CTX_add_session.3,SSL_add_session.3
|
||||
SSL_CTX_add_session.3,SSL_remove_session.3
|
||||
SSL_CTX_ctrl.3,SSL_CTX_callback_ctrl.3
|
||||
SSL_CTX_ctrl.3,SSL_callback_ctrl.3
|
||||
SSL_CTX_ctrl.3,SSL_ctrl.3
|
||||
SSL_CTX_flush_sessions.3,SSL_flush_sessions.3
|
||||
SSL_CTX_get_ex_new_index.3,SSL_CTX_get_ex_data.3
|
||||
SSL_CTX_get_ex_new_index.3,SSL_CTX_set_ex_data.3
|
||||
SSL_CTX_get_verify_mode.3,SSL_CTX_get_verify_callback.3
|
||||
@ -1159,13 +1145,6 @@ SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_set_remove_cb.3
|
||||
SSL_CTX_sess_set_get_cb.3,get_session_cb.3
|
||||
SSL_CTX_sess_set_get_cb.3,new_session_cb.3
|
||||
SSL_CTX_sess_set_get_cb.3,remove_session_cb.3
|
||||
SSL_CTX_set1_groups.3,SSL_CTX_set1_curves.3
|
||||
SSL_CTX_set1_groups.3,SSL_CTX_set1_curves_list.3
|
||||
SSL_CTX_set1_groups.3,SSL_CTX_set1_groups_list.3
|
||||
SSL_CTX_set1_groups.3,SSL_set1_curves.3
|
||||
SSL_CTX_set1_groups.3,SSL_set1_curves_list.3
|
||||
SSL_CTX_set1_groups.3,SSL_set1_groups.3
|
||||
SSL_CTX_set1_groups.3,SSL_set1_groups_list.3
|
||||
SSL_CTX_set_alpn_select_cb.3,SSL_CTX_set_alpn_protos.3
|
||||
SSL_CTX_set_alpn_select_cb.3,SSL_get0_alpn_selected.3
|
||||
SSL_CTX_set_alpn_select_cb.3,SSL_select_next_proto.3
|
||||
@ -1188,9 +1167,6 @@ SSL_CTX_set_info_callback.3,SSL_set_info_callback.3
|
||||
SSL_CTX_set_max_cert_list.3,SSL_CTX_get_max_cert_list.3
|
||||
SSL_CTX_set_max_cert_list.3,SSL_get_max_cert_list.3
|
||||
SSL_CTX_set_max_cert_list.3,SSL_set_max_cert_list.3
|
||||
SSL_CTX_set_min_proto_version.3,SSL_CTX_set_max_proto_version.3
|
||||
SSL_CTX_set_min_proto_version.3,SSL_set_max_proto_version.3
|
||||
SSL_CTX_set_min_proto_version.3,SSL_set_min_proto_version.3
|
||||
SSL_CTX_set_mode.3,SSL_CTX_get_mode.3
|
||||
SSL_CTX_set_mode.3,SSL_get_mode.3
|
||||
SSL_CTX_set_mode.3,SSL_set_mode.3
|
||||
@ -1215,10 +1191,6 @@ SSL_CTX_set_session_id_context.3,SSL_set_session_id_context.3
|
||||
SSL_CTX_set_ssl_version.3,SSL_get_ssl_method.3
|
||||
SSL_CTX_set_ssl_version.3,SSL_set_ssl_method.3
|
||||
SSL_CTX_set_timeout.3,SSL_CTX_get_timeout.3
|
||||
SSL_CTX_set_tlsext_servername_callback.3,SSL_CTX_set_tlsext_servername_arg.3
|
||||
SSL_CTX_set_tlsext_servername_callback.3,SSL_get_servername.3
|
||||
SSL_CTX_set_tlsext_servername_callback.3,SSL_get_servername_type.3
|
||||
SSL_CTX_set_tlsext_servername_callback.3,SSL_set_tlsext_host_name.3
|
||||
SSL_CTX_set_tlsext_status_cb.3,SSL_CTX_set_tlsext_status_arg.3
|
||||
SSL_CTX_set_tlsext_status_cb.3,SSL_get_tlsext_status_ocsp_resp.3
|
||||
SSL_CTX_set_tlsext_status_cb.3,SSL_set_tlsext_status_ocsp_resp.3
|
||||
@ -1231,6 +1203,7 @@ SSL_CTX_set_tmp_rsa_callback.3,SSL_CTX_set_tmp_rsa.3
|
||||
SSL_CTX_set_tmp_rsa_callback.3,SSL_need_tmp_rsa.3
|
||||
SSL_CTX_set_tmp_rsa_callback.3,SSL_set_tmp_rsa.3
|
||||
SSL_CTX_set_tmp_rsa_callback.3,SSL_set_tmp_rsa_callback.3
|
||||
SSL_CTX_set_tmp_rsa_callback.3,tmp_rsa_callback.3
|
||||
SSL_CTX_set_verify.3,SSL_CTX_set_verify_depth.3
|
||||
SSL_CTX_set_verify.3,SSL_set_verify.3
|
||||
SSL_CTX_set_verify.3,SSL_set_verify_depth.3
|
||||
@ -1306,11 +1279,6 @@ SSL_set_fd.3,SSL_set_rfd.3
|
||||
SSL_set_fd.3,SSL_set_wfd.3
|
||||
SSL_set_max_send_fragment.3,SSL_CTX_set_max_send_fragment.3
|
||||
SSL_set_shutdown.3,SSL_get_shutdown.3
|
||||
SSL_set_tmp_ecdh.3,SSL_CTX_set_ecdh_auto.3
|
||||
SSL_set_tmp_ecdh.3,SSL_CTX_set_tmp_ecdh.3
|
||||
SSL_set_tmp_ecdh.3,SSL_CTX_set_tmp_ecdh_callback.3
|
||||
SSL_set_tmp_ecdh.3,SSL_set_ecdh_auto.3
|
||||
SSL_set_tmp_ecdh.3,SSL_set_tmp_ecdh_callback.3
|
||||
SSL_state_string.3,SSL_state_string_long.3
|
||||
SSL_want.3,SSL_want_nothing.3
|
||||
SSL_want.3,SSL_want_read.3
|
||||
@ -1490,10 +1458,6 @@ X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set_trust.3
|
||||
X509_check_host.3,X509_check_email.3
|
||||
X509_check_host.3,X509_check_ip.3
|
||||
X509_check_host.3,X509_check_ip_asc.3
|
||||
X509_check_private_key.3,X509_REQ_check_private_key.3
|
||||
X509_cmp_time.3,X509_cmp_current_time.3
|
||||
X509_cmp_time.3,X509_time_adj.3
|
||||
X509_cmp_time.3,X509_time_adj_ex.3
|
||||
X509_digest.3,PKCS7_ISSUER_AND_SERIAL_digest.3
|
||||
X509_digest.3,X509_CRL_digest.3
|
||||
X509_digest.3,X509_NAME_digest.3
|
||||
@ -1597,6 +1561,7 @@ d2i_ASN1_OCTET_STRING.3,d2i_ASN1_PRINTABLE.3
|
||||
d2i_ASN1_OCTET_STRING.3,d2i_ASN1_PRINTABLESTRING.3
|
||||
d2i_ASN1_OCTET_STRING.3,d2i_ASN1_T61STRING.3
|
||||
d2i_ASN1_OCTET_STRING.3,d2i_ASN1_TIME.3
|
||||
d2i_ASN1_OCTET_STRING.3,d2i_ASN1_TIME_new.3
|
||||
d2i_ASN1_OCTET_STRING.3,d2i_ASN1_UINTEGER.3
|
||||
d2i_ASN1_OCTET_STRING.3,d2i_ASN1_UNIVERSALSTRING.3
|
||||
d2i_ASN1_OCTET_STRING.3,d2i_ASN1_UTCTIME.3
|
||||
@ -1616,6 +1581,7 @@ d2i_ASN1_OCTET_STRING.3,i2d_ASN1_PRINTABLE.3
|
||||
d2i_ASN1_OCTET_STRING.3,i2d_ASN1_PRINTABLESTRING.3
|
||||
d2i_ASN1_OCTET_STRING.3,i2d_ASN1_T61STRING.3
|
||||
d2i_ASN1_OCTET_STRING.3,i2d_ASN1_TIME.3
|
||||
d2i_ASN1_OCTET_STRING.3,i2d_ASN1_TIME_new.3
|
||||
d2i_ASN1_OCTET_STRING.3,i2d_ASN1_UNIVERSALSTRING.3
|
||||
d2i_ASN1_OCTET_STRING.3,i2d_ASN1_UTCTIME.3
|
||||
d2i_ASN1_OCTET_STRING.3,i2d_ASN1_UTF8STRING.3
|
||||
@ -1676,6 +1642,8 @@ d2i_ECPKParameters.3,d2i_EC_PUBKEY_fp.3
|
||||
d2i_ECPKParameters.3,i2d_ECPKParameters.3
|
||||
d2i_ECPKParameters.3,i2d_ECPKParameters_bio.3
|
||||
d2i_ECPKParameters.3,i2d_ECPKParameters_fp.3
|
||||
d2i_ECPKParameters.3,i2d_ECPKPrivateKey_fp.3
|
||||
d2i_ECPKParameters.3,i2d_ECPK_PUBKEY_fp.3
|
||||
d2i_ECPKParameters.3,i2d_ECParameters.3
|
||||
d2i_ECPKParameters.3,i2d_ECPrivateKey.3
|
||||
d2i_ECPKParameters.3,i2d_ECPrivateKey_bio.3
|
||||
@ -2035,7 +2003,6 @@ tls_accept_socket.3,tls_accept_cbs.3
|
||||
tls_accept_socket.3,tls_accept_fds.3
|
||||
tls_client.3,tls_configure.3
|
||||
tls_client.3,tls_free.3
|
||||
tls_client.3,tls_reset.3
|
||||
tls_client.3,tls_server.3
|
||||
tls_config_set_protocols.3,tls_config_parse_protocols.3
|
||||
tls_config_set_protocols.3,tls_config_prefer_ciphers_client.3
|
||||
@ -2043,7 +2010,7 @@ tls_config_set_protocols.3,tls_config_prefer_ciphers_server.3
|
||||
tls_config_set_protocols.3,tls_config_set_alpn.3
|
||||
tls_config_set_protocols.3,tls_config_set_ciphers.3
|
||||
tls_config_set_protocols.3,tls_config_set_dheparams.3
|
||||
tls_config_set_protocols.3,tls_config_set_ecdhecurves.3
|
||||
tls_config_set_protocols.3,tls_config_set_ecdhecurve.3
|
||||
tls_config_set_session_id.3,tls_config_add_ticket_key.3
|
||||
tls_config_set_session_id.3,tls_config_set_session_lifetime.3
|
||||
tls_config_verify.3,tls_config_insecure_noverifycert.3
|
||||
@ -2052,7 +2019,6 @@ tls_config_verify.3,tls_config_insecure_noverifytime.3
|
||||
tls_conn_version.3,tls_conn_alpn_selected.3
|
||||
tls_conn_version.3,tls_conn_cipher.3
|
||||
tls_conn_version.3,tls_conn_servername.3
|
||||
tls_conn_version.3,tls_peer_cert_chain_pem.3
|
||||
tls_conn_version.3,tls_peer_cert_contains_name.3
|
||||
tls_conn_version.3,tls_peer_cert_hash.3
|
||||
tls_conn_version.3,tls_peer_cert_issuer.3
|
||||
@ -2077,8 +2043,6 @@ tls_load_file.3,tls_config_set_ca_mem.3
|
||||
tls_load_file.3,tls_config_set_ca_path.3
|
||||
tls_load_file.3,tls_config_set_cert_file.3
|
||||
tls_load_file.3,tls_config_set_cert_mem.3
|
||||
tls_load_file.3,tls_config_set_crl_file.3
|
||||
tls_load_file.3,tls_config_set_crl_mem.3
|
||||
tls_load_file.3,tls_config_set_key_file.3
|
||||
tls_load_file.3,tls_config_set_key_mem.3
|
||||
tls_load_file.3,tls_config_set_keypair_file.3
|
||||
@ -2090,7 +2054,6 @@ tls_load_file.3,tls_config_set_ocsp_staple_mem.3
|
||||
tls_load_file.3,tls_config_set_verify_depth.3
|
||||
tls_load_file.3,tls_config_verify_client.3
|
||||
tls_load_file.3,tls_config_verify_client_optional.3
|
||||
tls_load_file.3,tls_unload_file.3
|
||||
tls_ocsp_process_response.3,tls_peer_ocsp_cert_status.3
|
||||
tls_ocsp_process_response.3,tls_peer_ocsp_crl_reason.3
|
||||
tls_ocsp_process_response.3,tls_peer_ocsp_next_update.3
|
||||
|
@ -1,12 +0,0 @@
|
||||
--- apps/ocspcheck/http.c.orig Sun Jun 4 00:45:29 2017
|
||||
+++ apps/ocspcheck/http.c Sun Jun 4 00:45:57 2017
|
||||
@@ -35,7 +35,9 @@
|
||||
#include "http.h"
|
||||
#include <tls.h>
|
||||
|
||||
+#ifndef DEFAULT_CA_FILE
|
||||
#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
|
||||
+#endif
|
||||
|
||||
/*
|
||||
* A buffer for transferring HTTP/S data.
|
@ -1,6 +1,6 @@
|
||||
--- apps/nc/netcat.c.orig Mon Jul 17 06:06:51 2017
|
||||
+++ apps/nc/netcat.c Mon Jul 17 06:11:24 2017
|
||||
@@ -66,7 +66,9 @@
|
||||
--- apps/nc/netcat.c.orig Thu Mar 16 19:26:06 2017
|
||||
+++ apps/nc/netcat.c Sat Mar 25 11:17:36 2017
|
||||
@@ -65,7 +65,9 @@
|
||||
#define POLL_NETIN 2
|
||||
#define POLL_STDOUT 3
|
||||
#define BUFSIZE 16384
|
||||
@ -10,7 +10,7 @@
|
||||
|
||||
#define TLS_ALL (1 << 1)
|
||||
#define TLS_NOVERIFY (1 << 2)
|
||||
@@ -95,9 +97,13 @@
|
||||
@@ -93,9 +95,13 @@
|
||||
int Dflag; /* sodebug */
|
||||
int Iflag; /* TCP receive buffer size */
|
||||
int Oflag; /* TCP send buffer size */
|
||||
@ -24,7 +24,16 @@
|
||||
|
||||
int usetls; /* use TLS */
|
||||
char *Cflag; /* Public cert file */
|
||||
@@ -266,12 +272,14 @@
|
||||
@@ -149,7 +155,7 @@
|
||||
struct servent *sv;
|
||||
socklen_t len;
|
||||
struct sockaddr_storage cliaddr;
|
||||
- char *proxy, *proxyport = NULL;
|
||||
+ char *proxy = NULL, *proxyport = NULL;
|
||||
const char *errstr;
|
||||
struct addrinfo proxyhints;
|
||||
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
|
||||
@@ -259,12 +265,14 @@
|
||||
case 'u':
|
||||
uflag = 1;
|
||||
break;
|
||||
@ -39,7 +48,7 @@
|
||||
case 'v':
|
||||
vflag = 1;
|
||||
break;
|
||||
@@ -318,9 +326,11 @@
|
||||
@@ -300,9 +308,11 @@
|
||||
case 'o':
|
||||
oflag = optarg;
|
||||
break;
|
||||
@ -51,7 +60,7 @@
|
||||
case 'T':
|
||||
errstr = NULL;
|
||||
errno = 0;
|
||||
@@ -344,9 +354,11 @@
|
||||
@@ -326,9 +336,11 @@
|
||||
argc -= optind;
|
||||
argv += optind;
|
||||
|
||||
@ -63,7 +72,7 @@
|
||||
|
||||
if (family == AF_UNIX) {
|
||||
if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
|
||||
@@ -892,7 +904,10 @@
|
||||
@@ -865,7 +877,10 @@
|
||||
remote_connect(const char *host, const char *port, struct addrinfo hints)
|
||||
{
|
||||
struct addrinfo *res, *res0;
|
||||
@ -75,7 +84,7 @@
|
||||
|
||||
if ((error = getaddrinfo(host, port, &hints, &res0)))
|
||||
errx(1, "getaddrinfo for host \"%s\" port %s: %s", host,
|
||||
@@ -907,8 +922,10 @@
|
||||
@@ -880,8 +895,10 @@
|
||||
if (sflag || pflag) {
|
||||
struct addrinfo ahints, *ares;
|
||||
|
||||
@ -86,7 +95,7 @@
|
||||
memset(&ahints, 0, sizeof(struct addrinfo));
|
||||
ahints.ai_family = res->ai_family;
|
||||
ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
|
||||
@@ -979,7 +996,10 @@
|
||||
@@ -952,7 +969,10 @@
|
||||
local_listen(char *host, char *port, struct addrinfo hints)
|
||||
{
|
||||
struct addrinfo *res, *res0;
|
||||
@ -98,7 +107,7 @@
|
||||
int error;
|
||||
|
||||
/* Allow nodename to be null. */
|
||||
@@ -1000,9 +1020,11 @@
|
||||
@@ -973,9 +993,11 @@
|
||||
res->ai_protocol)) < 0)
|
||||
continue;
|
||||
|
||||
@ -110,7 +119,7 @@
|
||||
|
||||
set_common_sockopts(s, res->ai_family);
|
||||
|
||||
@@ -1458,11 +1480,13 @@
|
||||
@@ -1425,11 +1447,13 @@
|
||||
{
|
||||
int x = 1;
|
||||
|
||||
@ -124,24 +133,7 @@
|
||||
if (Dflag) {
|
||||
if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
|
||||
&x, sizeof(x)) == -1)
|
||||
@@ -1473,9 +1497,16 @@
|
||||
IP_TOS, &Tflag, sizeof(Tflag)) == -1)
|
||||
err(1, "set IP ToS");
|
||||
|
||||
+#ifdef IPV6_TCLASS
|
||||
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
|
||||
IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1)
|
||||
err(1, "set IPv6 traffic class");
|
||||
+#else
|
||||
+ else if (af == AF_INET6) {
|
||||
+ errno = ENOPROTOOPT;
|
||||
+ err(1, "set IPv6 traffic class not supported");
|
||||
+ }
|
||||
+#endif
|
||||
}
|
||||
if (Iflag) {
|
||||
if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
|
||||
@@ -1499,13 +1530,17 @@
|
||||
@@ -1466,13 +1490,17 @@
|
||||
}
|
||||
|
||||
if (minttl != -1) {
|
||||
@ -160,7 +152,7 @@
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1714,14 +1749,22 @@
|
||||
@@ -1666,14 +1694,22 @@
|
||||
\t-P proxyuser\tUsername for proxy authentication\n\
|
||||
\t-p port\t Specify local port for remote connects\n\
|
||||
\t-R CAfile CA bundle\n\
|
||||
@ -185,5 +177,5 @@
|
||||
+#endif
|
||||
+ "\
|
||||
\t-v Verbose\n\
|
||||
\t-W recvlimit Terminate after receiving a number of packets\n\
|
||||
\t-w timeout Timeout for connects and final net reads\n\
|
||||
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
|
||||
|
@ -1,12 +1,12 @@
|
||||
--- tls/tls_internal.h.orig Sun Jul 9 06:16:17 2017
|
||||
+++ tls/tls_internal.h Mon Jul 17 06:10:01 2017
|
||||
@@ -26,7 +26,9 @@
|
||||
--- ./openbsd/src/lib/libtls/tls_internal.h Thu Oct 15 16:12:24 2015
|
||||
+++ ./tls/tls_internal.h Sun Dec 6 20:18:17 2015
|
||||
@@ -24,7 +24,9 @@
|
||||
|
||||
__BEGIN_HIDDEN_DECLS
|
||||
#include <openssl/ssl.h>
|
||||
|
||||
+#ifndef _PATH_SSL_CA_FILE
|
||||
#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
|
||||
+#endif
|
||||
|
||||
#define TLS_CIPHERS_COMPAT "ALL:!aNULL:!eNULL"
|
||||
#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
|
||||
#define TLS_CIPHERS_COMPAT "HIGH:!aNULL"
|
||||
|
@ -1,111 +0,0 @@
|
||||
--- tests/tlsexttest.c.orig 2017-12-30 20:03:09.279079726 +0900
|
||||
+++ tests/tlsexttest.c 2017-12-30 20:07:21.849939140 +0900
|
||||
@@ -1676,7 +1676,9 @@ static unsigned char tlsext_sni_clienthe
|
||||
};
|
||||
|
||||
static unsigned char tlsext_sni_serverhello[] = {
|
||||
+ 0x00
|
||||
};
|
||||
+const size_t sizeof_tlsext_sni_serverhello = 0;
|
||||
|
||||
static int
|
||||
test_tlsext_sni_clienthello(void)
|
||||
@@ -1839,9 +1841,9 @@ test_tlsext_sni_serverhello(void)
|
||||
if (!CBB_finish(&cbb, &data, &dlen))
|
||||
errx(1, "failed to finish CBB");
|
||||
|
||||
- if (dlen != sizeof(tlsext_sni_serverhello)) {
|
||||
+ if (dlen != sizeof_tlsext_sni_serverhello) {
|
||||
FAIL("got serverhello SNI with length %zu, "
|
||||
- "want length %zu\n", dlen, sizeof(tlsext_sni_serverhello));
|
||||
+ "want length %zu\n", dlen, sizeof_tlsext_sni_serverhello);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -1850,14 +1852,14 @@ test_tlsext_sni_serverhello(void)
|
||||
fprintf(stderr, "received:\n");
|
||||
hexdump(data, dlen);
|
||||
fprintf(stderr, "test data:\n");
|
||||
- hexdump(tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));
|
||||
+ hexdump(tlsext_sni_serverhello, sizeof_tlsext_sni_serverhello);
|
||||
goto err;
|
||||
}
|
||||
|
||||
free(ssl->session->tlsext_hostname);
|
||||
ssl->session->tlsext_hostname = NULL;
|
||||
|
||||
- CBS_init(&cbs, tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));
|
||||
+ CBS_init(&cbs, tlsext_sni_serverhello, sizeof_tlsext_sni_serverhello);
|
||||
if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) {
|
||||
FAIL("failed to parse serverhello SNI\n");
|
||||
goto err;
|
||||
@@ -2741,7 +2743,10 @@ unsigned char tlsext_clienthello_default
|
||||
0x03, 0x01, 0x03, 0x03, 0x02, 0x01, 0x02, 0x03,
|
||||
};
|
||||
|
||||
-unsigned char tlsext_clienthello_disabled[] = {};
|
||||
+unsigned char tlsext_clienthello_disabled[] = {
|
||||
+ 0x00
|
||||
+};
|
||||
+const size_t sizeof_tlsext_clienthello_disabled = 0;
|
||||
|
||||
static int
|
||||
test_tlsext_clienthello_build(void)
|
||||
@@ -2806,18 +2811,18 @@ test_tlsext_clienthello_build(void)
|
||||
if (!CBB_finish(&cbb, &data, &dlen))
|
||||
errx(1, "failed to finish CBB");
|
||||
|
||||
- if (dlen != sizeof(tlsext_clienthello_disabled)) {
|
||||
+ if (dlen != sizeof_tlsext_clienthello_disabled) {
|
||||
FAIL("got clienthello extensions with length %zu, "
|
||||
"want length %zu\n", dlen,
|
||||
- sizeof(tlsext_clienthello_disabled));
|
||||
+ sizeof_tlsext_clienthello_disabled);
|
||||
compare_data(data, dlen, tlsext_clienthello_disabled,
|
||||
- sizeof(tlsext_clienthello_disabled));
|
||||
+ sizeof_tlsext_clienthello_disabled);
|
||||
goto err;
|
||||
}
|
||||
if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
|
||||
FAIL("clienthello extensions differs:\n");
|
||||
compare_data(data, dlen, tlsext_clienthello_disabled,
|
||||
- sizeof(tlsext_clienthello_disabled));
|
||||
+ sizeof_tlsext_clienthello_disabled);
|
||||
goto err;
|
||||
}
|
||||
|
||||
@@ -2832,7 +2837,10 @@ test_tlsext_clienthello_build(void)
|
||||
return (failure);
|
||||
}
|
||||
|
||||
-unsigned char tlsext_serverhello_default[] = {};
|
||||
+unsigned char tlsext_serverhello_default[] = {
|
||||
+ 0x00
|
||||
+};
|
||||
+const size_t sizeof_tlsext_serverhello_default = 0;
|
||||
|
||||
unsigned char tlsext_serverhello_enabled[] = {
|
||||
0x00, 0x13, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
|
||||
@@ -2872,18 +2880,18 @@ test_tlsext_serverhello_build(void)
|
||||
if (!CBB_finish(&cbb, &data, &dlen))
|
||||
errx(1, "failed to finish CBB");
|
||||
|
||||
- if (dlen != sizeof(tlsext_serverhello_default)) {
|
||||
+ if (dlen != sizeof_tlsext_serverhello_default) {
|
||||
FAIL("got serverhello extensions with length %zu, "
|
||||
"want length %zu\n", dlen,
|
||||
- sizeof(tlsext_serverhello_default));
|
||||
+ sizeof_tlsext_serverhello_default);
|
||||
compare_data(data, dlen, tlsext_serverhello_default,
|
||||
- sizeof(tlsext_serverhello_default));
|
||||
+ sizeof_tlsext_serverhello_default);
|
||||
goto err;
|
||||
}
|
||||
if (memcmp(data, tlsext_serverhello_default, dlen) != 0) {
|
||||
FAIL("serverhello extensions differs:\n");
|
||||
compare_data(data, dlen, tlsext_serverhello_default,
|
||||
- sizeof(tlsext_serverhello_default));
|
||||
+ sizeof_tlsext_serverhello_default);
|
||||
goto err;
|
||||
}
|
||||
|
@ -13,8 +13,9 @@ diff -u include/openssl.orig/dtls1.h include/openssl/dtls1.h
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
--- include/openssl/opensslconf.h.orig Sat Nov 5 08:36:25 2016
|
||||
+++ include/openssl/opensslconf.h Mon Jul 17 06:06:58 2017
|
||||
diff -u include/openssl.orig/opensslconf.h include/openssl/opensslconf.h
|
||||
--- include/openssl.orig/opensslconf.h Mon Dec 7 07:58:32 2015
|
||||
+++ include/openssl/opensslconf.h Mon Dec 7 07:56:14 2015
|
||||
@@ -1,6 +1,10 @@
|
||||
#include <openssl/opensslfeatures.h>
|
||||
/* crypto/opensslconf.h.in */
|
||||
@ -25,7 +26,7 @@ diff -u include/openssl.orig/dtls1.h include/openssl/dtls1.h
|
||||
+
|
||||
#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
|
||||
#define OPENSSLDIR "/etc/ssl"
|
||||
#endif
|
||||
|
||||
diff -u include/openssl.orig/ossl_typ.h include/openssl/ossl_typ.h
|
||||
--- include/openssl.orig/ossl_typ.h Mon Dec 7 07:58:32 2015
|
||||
+++ include/openssl/ossl_typ.h Mon Dec 7 07:56:14 2015
|
||||
|
@ -35,7 +35,6 @@ set(
|
||||
ssl_sess.c
|
||||
ssl_srvr.c
|
||||
ssl_stat.c
|
||||
ssl_tlsext.c
|
||||
ssl_txt.c
|
||||
ssl_versions.c
|
||||
t1_clnt.c
|
||||
@ -43,6 +42,7 @@ set(
|
||||
t1_hash.c
|
||||
t1_lib.c
|
||||
t1_meth.c
|
||||
t1_reneg.c
|
||||
t1_srvr.c
|
||||
)
|
||||
|
||||
@ -51,9 +51,8 @@ if (BUILD_SHARED)
|
||||
add_library(ssl STATIC $<TARGET_OBJECTS:ssl-objects>)
|
||||
add_library(ssl-shared SHARED $<TARGET_OBJECTS:ssl-objects>)
|
||||
export_symbol(ssl-shared ${CMAKE_CURRENT_SOURCE_DIR}/ssl.sym)
|
||||
target_link_libraries(ssl-shared crypto-shared)
|
||||
if (WIN32)
|
||||
target_link_libraries(ssl-shared Ws2_32.lib)
|
||||
target_link_libraries(ssl-shared crypto-shared Ws2_32.lib)
|
||||
set(SSL_POSTFIX -${SSL_MAJOR_VERSION})
|
||||
endif()
|
||||
set_target_properties(ssl-shared PROPERTIES
|
||||
@ -61,12 +60,8 @@ if (BUILD_SHARED)
|
||||
ARCHIVE_OUTPUT_NAME ssl${SSL_POSTFIX})
|
||||
set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION}
|
||||
SOVERSION ${SSL_MAJOR_VERSION})
|
||||
if(ENABLE_LIBRESSL_INSTALL)
|
||||
install(TARGETS ssl ssl-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
endif(ENABLE_LIBRESSL_INSTALL)
|
||||
else()
|
||||
add_library(ssl STATIC ${SSL_SRC})
|
||||
if(ENABLE_LIBRESSL_INSTALL)
|
||||
install(TARGETS ssl DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
endif(ENABLE_LIBRESSL_INSTALL)
|
||||
endif()
|
||||
|
@ -38,7 +38,6 @@ libssl_la_SOURCES += ssl_rsa.c
|
||||
libssl_la_SOURCES += ssl_sess.c
|
||||
libssl_la_SOURCES += ssl_srvr.c
|
||||
libssl_la_SOURCES += ssl_stat.c
|
||||
libssl_la_SOURCES += ssl_tlsext.c
|
||||
libssl_la_SOURCES += ssl_txt.c
|
||||
libssl_la_SOURCES += ssl_versions.c
|
||||
libssl_la_SOURCES += t1_clnt.c
|
||||
@ -46,9 +45,9 @@ libssl_la_SOURCES += t1_enc.c
|
||||
libssl_la_SOURCES += t1_hash.c
|
||||
libssl_la_SOURCES += t1_lib.c
|
||||
libssl_la_SOURCES += t1_meth.c
|
||||
libssl_la_SOURCES += t1_reneg.c
|
||||
libssl_la_SOURCES += t1_srvr.c
|
||||
|
||||
noinst_HEADERS = srtp.h
|
||||
noinst_HEADERS += ssl_locl.h
|
||||
noinst_HEADERS += ssl_tlsext.h
|
||||
noinst_HEADERS += bytestring.h
|
||||
|
@ -1,5 +1,5 @@
|
||||
#! /bin/sh
|
||||
# Copyright (C) 2011-2017 Free Software Foundation, Inc.
|
||||
# Copyright (C) 2011-2014 Free Software Foundation, Inc.
|
||||
#
|
||||
# This program is free software; you can redistribute it and/or modify
|
||||
# it under the terms of the GNU General Public License as published by
|
||||
@ -646,6 +646,6 @@ test $? -eq 0 || fatal "I/O or internal error"
|
||||
# eval: (add-hook 'write-file-hooks 'time-stamp)
|
||||
# time-stamp-start: "scriptversion="
|
||||
# time-stamp-format: "%:y-%02m-%02d.%02H"
|
||||
# time-stamp-time-zone: "UTC0"
|
||||
# time-stamp-time-zone: "UTC"
|
||||
# time-stamp-end: "; # UTC"
|
||||
# End:
|
||||
|
@ -41,11 +41,6 @@ if(NOT CMAKE_HOST_WIN32 AND NOT CMAKE_SYSTEM_NAME MATCHES "MINGW")
|
||||
add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh)
|
||||
endif()
|
||||
|
||||
# asn1evp
|
||||
add_executable(asn1evp asn1evp.c)
|
||||
target_link_libraries(asn1evp ${TESTS_LIBS})
|
||||
add_test(asn1evp asn1evp)
|
||||
|
||||
# asn1test
|
||||
add_executable(asn1test asn1test.c)
|
||||
target_link_libraries(asn1test ${TESTS_LIBS})
|
||||
@ -110,11 +105,6 @@ add_executable(clienttest clienttest.c)
|
||||
target_link_libraries(clienttest ${TESTS_LIBS})
|
||||
add_test(clienttest clienttest)
|
||||
|
||||
# configtest
|
||||
add_executable(configtest configtest.c)
|
||||
target_link_libraries(configtest ${TESTS_LIBS})
|
||||
add_test(configtest configtest)
|
||||
|
||||
# cts128test
|
||||
add_executable(cts128test cts128test.c)
|
||||
target_link_libraries(cts128test ${TESTS_LIBS})
|
||||
@ -178,11 +168,6 @@ set_source_files_properties(exptest.c PROPERTIES COMPILE_FLAGS -ULIBRESSL_INTERN
|
||||
target_link_libraries(exptest ${TESTS_LIBS})
|
||||
add_test(exptest exptest)
|
||||
|
||||
# freenull
|
||||
add_executable(freenull freenull.c)
|
||||
target_link_libraries(freenull ${TESTS_LIBS})
|
||||
add_test(freenull freenull)
|
||||
|
||||
# gcm128test
|
||||
add_executable(gcm128test gcm128test.c)
|
||||
target_link_libraries(gcm128test ${TESTS_LIBS})
|
||||
@ -193,11 +178,6 @@ add_executable(gost2814789t gost2814789t.c)
|
||||
target_link_libraries(gost2814789t ${TESTS_LIBS})
|
||||
add_test(gost2814789t gost2814789t)
|
||||
|
||||
# hkdf_test
|
||||
add_executable(hkdf_test hkdf_test.c)
|
||||
target_link_libraries(hkdf_test ${TESTS_LIBS})
|
||||
add_test(hkdf_test hkdf_test)
|
||||
|
||||
# hmactest
|
||||
add_executable(hmactest hmactest.c)
|
||||
target_link_libraries(hmactest ${TESTS_LIBS})
|
||||
@ -381,11 +361,6 @@ add_executable(timingsafe timingsafe.c)
|
||||
target_link_libraries(timingsafe ${TESTS_LIBS})
|
||||
add_test(timingsafe timingsafe)
|
||||
|
||||
# tlsexttest
|
||||
add_executable(tlsexttest tlsexttest.c)
|
||||
target_link_libraries(tlsexttest ${TESTS_LIBS})
|
||||
add_test(tlsexttest tlsexttest)
|
||||
|
||||
# tlstest
|
||||
set(TLSTEST_SRC tlstest.c)
|
||||
check_function_exists(pipe2 HAVE_PIPE2)
|
||||
|
@ -43,11 +43,6 @@ arc4randomforktest_SOURCES = arc4randomforktest.c
|
||||
endif
|
||||
EXTRA_DIST += arc4randomforktest.sh
|
||||
|
||||
# asn1evp
|
||||
TESTS += asn1evp
|
||||
check_PROGRAMS += asn1evp
|
||||
asn1evp_SOURCES = asn1evp.c
|
||||
|
||||
# asn1test
|
||||
TESTS += asn1test
|
||||
check_PROGRAMS += asn1test
|
||||
@ -113,11 +108,6 @@ TESTS += clienttest
|
||||
check_PROGRAMS += clienttest
|
||||
clienttest_SOURCES = clienttest.c
|
||||
|
||||
# configtest
|
||||
TESTS += configtest
|
||||
check_PROGRAMS += configtest
|
||||
configtest_SOURCES = configtest.c
|
||||
|
||||
# cts128test
|
||||
TESTS += cts128test
|
||||
check_PROGRAMS += cts128test
|
||||
@ -184,11 +174,6 @@ check_PROGRAMS += exptest
|
||||
exptest_CPPFLAGS = $(AM_CPPFLAGS) -ULIBRESSL_INTERNAL
|
||||
exptest_SOURCES = exptest.c
|
||||
|
||||
# freenull
|
||||
TESTS += freenull
|
||||
check_PROGRAMS += freenull
|
||||
freenull_SOURCES = freenull.c
|
||||
|
||||
# gcm128test
|
||||
TESTS += gcm128test
|
||||
check_PROGRAMS += gcm128test
|
||||
@ -199,11 +184,6 @@ TESTS += gost2814789t
|
||||
check_PROGRAMS += gost2814789t
|
||||
gost2814789t_SOURCES = gost2814789t.c
|
||||
|
||||
# hkdf_test
|
||||
TESTS += hkdftest
|
||||
check_PROGRAMS += hkdftest
|
||||
hkdftest_SOURCES = hkdf_test.c
|
||||
|
||||
# hmactest
|
||||
TESTS += hmactest
|
||||
check_PROGRAMS += hmactest
|
||||
@ -365,11 +345,6 @@ TESTS += timingsafe
|
||||
check_PROGRAMS += timingsafe
|
||||
timingsafe_SOURCES = timingsafe.c
|
||||
|
||||
# tlsexttest
|
||||
TESTS += tlsexttest
|
||||
check_PROGRAMS += tlsexttest
|
||||
tlsexttest_SOURCES = tlsexttest.c
|
||||
|
||||
# tlstest
|
||||
TESTS += tlstest.sh
|
||||
check_PROGRAMS += tlstest
|
||||
|
@ -123,6 +123,18 @@ for %%p in ( SSLv3 ) do (
|
||||
)
|
||||
)
|
||||
|
||||
REM #
|
||||
REM # Next Protocol Negotiation tests
|
||||
REM #
|
||||
echo "Testing NPN..."
|
||||
%ssltest% -bio_pair -tls1 -npn_client & if !errorlevel! neq 0 exit /b 1
|
||||
%ssltest% -bio_pair -tls1 -npn_server & if !errorlevel! neq 0 exit /b 1
|
||||
%ssltest% -bio_pair -tls1 -npn_server_reject & if !errorlevel! neq 0 exit /b 1
|
||||
%ssltest% -bio_pair -tls1 -npn_client -npn_server_reject & if !errorlevel! neq 0 exit /b 1
|
||||
%ssltest% -bio_pair -tls1 -npn_client -npn_server & if !errorlevel! neq 0 exit /b 1
|
||||
%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 & if !errorlevel! neq 0 exit /b 1
|
||||
%ssltest% -bio_pair -tls1 -npn_client -npn_server -num 2 -reuse & if !errorlevel! neq 0 exit /b 1
|
||||
|
||||
REM #
|
||||
REM # ALPN tests
|
||||
REM #
|
||||
|
@ -9,7 +9,7 @@ if "%srcdir%"=="" (
|
||||
set srcdir=.
|
||||
)
|
||||
|
||||
%tlstest_bin% %srcdir%\ca.pem %srcdir%\server.pem %srcdir%\server.pem
|
||||
%tlstest_bin% %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem
|
||||
if !errorlevel! neq 0 (
|
||||
exit /b 1
|
||||
)
|
||||
|
@ -10,4 +10,4 @@ if [ -z $srcdir ]; then
|
||||
srcdir=.
|
||||
fi
|
||||
|
||||
$tlstest_bin $srcdir/ca.pem $srcdir/server.pem $srcdir/server.pem
|
||||
$tlstest_bin $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem
|
||||
|
@ -30,9 +30,8 @@ if (BUILD_SHARED)
|
||||
add_library(tls STATIC $<TARGET_OBJECTS:tls-objects>)
|
||||
add_library(tls-shared SHARED $<TARGET_OBJECTS:tls-objects>)
|
||||
export_symbol(tls-shared ${CMAKE_CURRENT_SOURCE_DIR}/tls.sym)
|
||||
target_link_libraries(tls-shared ssl-shared crypto-shared)
|
||||
if (WIN32)
|
||||
target_link_libraries(tls-shared Ws2_32.lib)
|
||||
target_link_libraries(tls-shared ssl-shared crypto-shared Ws2_32.lib)
|
||||
set(TLS_POSTFIX -${TLS_MAJOR_VERSION})
|
||||
endif()
|
||||
set_target_properties(tls-shared PROPERTIES
|
||||
@ -40,13 +39,9 @@ if (BUILD_SHARED)
|
||||
ARCHIVE_OUTPUT_NAME tls${TLS_POSTFIX})
|
||||
set_target_properties(tls-shared PROPERTIES VERSION ${TLS_VERSION}
|
||||
SOVERSION ${TLS_MAJOR_VERSION})
|
||||
if(ENABLE_LIBRESSL_INSTALL)
|
||||
install(TARGETS tls tls-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
endif(ENABLE_LIBRESSL_INSTALL)
|
||||
else()
|
||||
add_library(tls STATIC ${TLS_SRC})
|
||||
if(ENABLE_LIBRESSL_INSTALL)
|
||||
install(TARGETS tls DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
endif(ENABLE_LIBRESSL_INSTALL)
|
||||
endif()
|
||||
|
||||
|
53
update.sh
53
update.sh
@ -13,23 +13,21 @@ if [ ! -d openbsd ]; then
|
||||
fi
|
||||
fi
|
||||
(cd openbsd
|
||||
git fetch
|
||||
git checkout $openbsd_branch
|
||||
git pull --rebase)
|
||||
|
||||
# setup source paths
|
||||
CWD=`pwd`
|
||||
OPENBSD_SRC=$CWD/openbsd/src
|
||||
libc_src=$OPENBSD_SRC/lib/libc
|
||||
libc_regress=$OPENBSD_SRC/regress/lib/libc
|
||||
libcrypto_src=$OPENBSD_SRC/lib/libcrypto
|
||||
libcrypto_regress=$OPENBSD_SRC/regress/lib/libcrypto
|
||||
libssl_src=$OPENBSD_SRC/lib/libssl
|
||||
libssl_regress=$OPENBSD_SRC/regress/lib/libssl
|
||||
libtls_src=$OPENBSD_SRC/lib/libtls
|
||||
libtls_regress=$OPENBSD_SRC/regress/lib/libtls
|
||||
bin_src=$OPENBSD_SRC/usr.bin
|
||||
sbin_src=$OPENBSD_SRC/usr.sbin
|
||||
libc_src=$CWD/openbsd/src/lib/libc
|
||||
libc_regress=$CWD/openbsd/src/regress/lib/libc
|
||||
libcrypto_src=$CWD/openbsd/src/lib/libcrypto
|
||||
libcrypto_regress=$CWD/openbsd/src/regress/lib/libcrypto
|
||||
libssl_src=$CWD/openbsd/src/lib/libssl
|
||||
libssl_regress=$CWD/openbsd/src/regress/lib/libssl
|
||||
libtls_src=$CWD/openbsd/src/lib/libtls
|
||||
libtls_regress=$CWD/openbsd/src/regress/lib/libtls
|
||||
bin_src=$CWD/openbsd/src/usr.bin
|
||||
sbin_src=$CWD/openbsd/src/usr.sbin
|
||||
|
||||
# load library versions
|
||||
. $libcrypto_src/shlib_version
|
||||
@ -64,10 +62,6 @@ do_cp_libc() {
|
||||
CP_LIBC='do_cp_libc'
|
||||
|
||||
CP='cp -p'
|
||||
GREP='grep'
|
||||
if [ -x /opt/csw/bin/ggrep ]; then
|
||||
GREP='/opt/csw/bin/ggrep'
|
||||
fi
|
||||
|
||||
$CP $libssl_src/LICENSE COPYING
|
||||
|
||||
@ -126,7 +120,7 @@ copy_hdrs $libcrypto_src "stack/stack.h lhash/lhash.h stack/safestack.h
|
||||
ossl_typ.h err/err.h crypto.h comp/comp.h x509/x509.h buffer/buffer.h
|
||||
objects/objects.h asn1/asn1.h bn/bn.h ec/ec.h ecdsa/ecdsa.h
|
||||
ecdh/ecdh.h rsa/rsa.h sha/sha.h x509/x509_vfy.h pkcs7/pkcs7.h pem/pem.h
|
||||
pem/pem2.h hkdf/hkdf.h hmac/hmac.h rand/rand.h md5/md5.h
|
||||
pem/pem2.h hmac/hmac.h rand/rand.h md5/md5.h
|
||||
asn1/asn1_mac.h x509v3/x509v3.h conf/conf.h ocsp/ocsp.h
|
||||
aes/aes.h modes/modes.h asn1/asn1t.h dso/dso.h bf/blowfish.h
|
||||
bio/bio.h cast/cast.h cmac/cmac.h conf/conf_api.h des/des.h dh/dh.h
|
||||
@ -157,7 +151,7 @@ done
|
||||
$CP crypto/compat/b_win.c crypto/bio
|
||||
$CP crypto/compat/ui_openssl_win.c crypto/ui
|
||||
# add the libcrypto symbol export list
|
||||
$GREP -v OPENSSL_ia32cap_P $libcrypto_src/Symbols.list | $GREP '^[[:alpha:]]' > crypto/crypto.sym
|
||||
grep -v OPENSSL_ia32cap_P $libcrypto_src/Symbols.list | grep '^[[:alpha:]]' > crypto/crypto.sym
|
||||
|
||||
# generate assembly crypto algorithms
|
||||
asm_src=$libcrypto_src
|
||||
@ -212,7 +206,7 @@ for i in `awk '/SOURCES|HEADERS/ { print $3 }' tls/Makefile.am` ; do
|
||||
fi
|
||||
done
|
||||
# add the libtls symbol export list
|
||||
$GREP '^[[:alpha:]]' < $libtls_src/Symbols.list > tls/tls.sym
|
||||
grep '^[[:alpha:]]' < $libtls_src/Symbols.list > tls/tls.sym
|
||||
|
||||
mkdir -p libtls-standalone/m4
|
||||
$CP m4/check*.m4 \
|
||||
@ -265,7 +259,7 @@ for i in `awk '/SOURCES|HEADERS/ { print $3 }' ssl/Makefile.am` ; do
|
||||
$CP $libssl_src/$i ssl
|
||||
done
|
||||
# add the libssl symbol export list
|
||||
$GREP '^[[:alpha:]]' < $libssl_src/Symbols.list > ssl/ssl.sym
|
||||
grep '^[[:alpha:]]' < $libssl_src/Symbols.list > ssl/ssl.sym
|
||||
|
||||
# copy libcrypto tests
|
||||
echo "copying tests"
|
||||
@ -310,7 +304,7 @@ add_man_links() {
|
||||
filter=$1
|
||||
dest=$2
|
||||
echo "install-data-hook:" >> $dest
|
||||
for i in `$GREP $filter man/links`; do
|
||||
for i in `grep $filter man/links`; do
|
||||
IFS=","; set $i; unset IFS
|
||||
if [ "$2" != "" ]; then
|
||||
echo " ln -sf \"$1\" \"\$(DESTDIR)\$(mandir)/man3/$2\"" >> $dest
|
||||
@ -318,7 +312,7 @@ add_man_links() {
|
||||
done
|
||||
echo "" >> $dest
|
||||
echo "uninstall-local:" >> $dest
|
||||
for i in `$GREP $filter man/links`; do
|
||||
for i in `grep $filter man/links`; do
|
||||
IFS=","; set $i; unset IFS
|
||||
if [ "$2" != "" ]; then
|
||||
echo " -rm -f \"\$(DESTDIR)\$(mandir)/man3/$2\"" >> $dest
|
||||
@ -339,32 +333,25 @@ done
|
||||
# copy manpages
|
||||
echo "copying manpages"
|
||||
echo EXTRA_DIST = CMakeLists.txt > man/Makefile.am
|
||||
echo dist_man3_MANS = >> man/Makefile.am
|
||||
echo dist_man5_MANS = >> man/Makefile.am
|
||||
echo dist_man_MANS = >> man/Makefile.am
|
||||
|
||||
(cd man
|
||||
for i in `ls -1 $libssl_src/man/*.3 | sort`; do
|
||||
NAME=`basename "$i"`
|
||||
$CP $i .
|
||||
echo "dist_man3_MANS += $NAME" >> Makefile.am
|
||||
echo "dist_man_MANS += $NAME" >> Makefile.am
|
||||
done
|
||||
|
||||
for i in `ls -1 $libcrypto_src/man/*.3 | sort`; do
|
||||
NAME=`basename "$i"`
|
||||
$CP $i .
|
||||
echo "dist_man3_MANS += $NAME" >> Makefile.am
|
||||
echo "dist_man_MANS += $NAME" >> Makefile.am
|
||||
done
|
||||
|
||||
for i in `ls -1 $libtls_src/man/*.3 | sort`; do
|
||||
NAME=`basename "$i"`
|
||||
$CP $i .
|
||||
echo "dist_man3_MANS += $NAME" >> Makefile.am
|
||||
done
|
||||
|
||||
for i in `ls -1 $libcrypto_src/man/*.5 | sort`; do
|
||||
NAME=`basename "$i"`
|
||||
$CP $i .
|
||||
echo "dist_man5_MANS += $NAME" >> Makefile.am
|
||||
echo "dist_man_MANS += $NAME" >> Makefile.am
|
||||
done
|
||||
)
|
||||
add_man_links . man/Makefile.am
|
||||
|
Loading…
Reference in New Issue
Block a user