generic-library/libreSSL
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: generic-library:main
Branches Tags
generic-library:main generic-library:OPENBSD_6_2 generic-library:OPENBSD_6_1 generic-library:OPENBSD_6_0 generic-library:OPENBSD_5_9 generic-library:OPENBSD_5_8 generic-library:OPENBSD_5_7 generic-library:OPENBSD_5_6
generic-library:v2.6.4 generic-library:v2.6.3 generic-library:v2.6.2 generic-library:v2.6.1 generic-library:v2.6.0 generic-library:v2.5.5 generic-library:v2.5.4 generic-library:v2.5.3 generic-library:v2.5.2 generic-library:v2.5.1 generic-library:v2.4.5 generic-library:v2.3.10 generic-library:v2.3.9 generic-library:v2.4.4 generic-library:v2.5.0 generic-library:v2.3.8 generic-library:v2.4.3 generic-library:v2.3.7 generic-library:v2.4.2 generic-library:v2.4.1 generic-library:v2.3.6 generic-library:v2.2.9 generic-library:v2.4.0 generic-library:v2.3.5 generic-library:v2.2.8 generic-library:v2.2.7 generic-library:v2.3.4 generic-library:v2.3.3 generic-library:v2.1.10 generic-library:v2.2.6 generic-library:v2.3.2 generic-library:v2.2.5 generic-library:v2.1.9 generic-library:v2.3.1 generic-library:v2.0.6 generic-library:v2.1.8 generic-library:v2.2.4 generic-library:v2.3.0 generic-library:v2.2.3 generic-library:v2.2.2 generic-library:v2.2.1 generic-library:v2.2.0 generic-library:v2.1.7 generic-library:v2.1.6 generic-library:v2.1.5 generic-library:v2.1.4 generic-library:v2.1.3 generic-library:v2.1.2
..
compare: generic-library:v2.1.5
Branches Tags
generic-library:OPENBSD_6_2 generic-library:main generic-library:OPENBSD_6_1 generic-library:OPENBSD_6_0 generic-library:OPENBSD_5_9 generic-library:OPENBSD_5_8 generic-library:OPENBSD_5_7 generic-library:OPENBSD_5_6
generic-library:v2.6.4 generic-library:v2.6.3 generic-library:v2.6.2 generic-library:v2.6.1 generic-library:v2.6.0 generic-library:v2.5.5 generic-library:v2.5.4 generic-library:v2.5.3 generic-library:v2.5.2 generic-library:v2.5.1 generic-library:v2.4.5 generic-library:v2.3.10 generic-library:v2.3.9 generic-library:v2.4.4 generic-library:v2.5.0 generic-library:v2.3.8 generic-library:v2.4.3 generic-library:v2.3.7 generic-library:v2.4.2 generic-library:v2.4.1 generic-library:v2.3.6 generic-library:v2.2.9 generic-library:v2.4.0 generic-library:v2.3.5 generic-library:v2.2.8 generic-library:v2.2.7 generic-library:v2.3.4 generic-library:v2.3.3 generic-library:v2.1.10 generic-library:v2.2.6 generic-library:v2.3.2 generic-library:v2.2.5 generic-library:v2.1.9 generic-library:v2.3.1 generic-library:v2.0.6 generic-library:v2.1.8 generic-library:v2.2.4 generic-library:v2.3.0 generic-library:v2.2.3 generic-library:v2.2.2 generic-library:v2.2.1 generic-library:v2.2.0 generic-library:v2.1.7 generic-library:v2.1.6 generic-library:v2.1.5 generic-library:v2.1.4 generic-library:v2.1.3 generic-library:v2.1.2

3 Commits
main ... v2.1.5

Author SHA1 Message Date
Brent Cook
58f869bfd5 use correct patch level 2015-03-09 07:11:28 -05:00
Brent Cook
1eea14957d clarify 2.1.5 release note 
Specify that we are rejecting server ephemeral DH keys < 1024 bits.
 2015-03-08 22:34:48 -05:00
Brent Cook
44d308df41 track the OPENBSD_5_7 tag 2015-03-08 22:04:14 -05:00
165 changed files with 2429 additions and 15217 deletions
Expand all files Collapse all files

204
.gitignore vendored
View File

@@ -39,79 +39,64 @@ Makefile.in
*.la *.la
*.def *.def
*.sym
*.pc *.pc
# man pages
*.1
*.3
*.5
# tests # tests
test-driver test-driver
*.log *.log
*.trs *.trs
tests/aes_wrap* tests/aes_wrap*
tests/arc4random_fork* tests/arc4random_fork*
tests/asn1evp*
tests/asn1time*
tests/cipher*
tests/explicit_bzero* tests/explicit_bzero*
tests/freenull*
tests/gost2814789t* tests/gost2814789t*
tests/mont* tests/mont*
tests/rfc5280time*
tests/ssl_versions*
tests/timingsafe* tests/timingsafe*
tests/tls_ext_alpn*
tests/tls_prf*
tests/*test tests/*test
tests/tests.h
tests/*test.c tests/*test.c
tests/memmem.c
tests/pbkdf2* tests/pbkdf2*
tests/*.pem tests/*.pem
tests/testssl tests/testssl
tests/*.txt tests/*.txt
tests/compat/*.c
!tests/optionstest.c
!tests/*.test
# ctags stuff # ctags stuff
TAGS TAGS
autom4te.cache ## The initial / makes these files only get ignored in particular directories.
/autom4te.cache
# Libtool adds these, at least sometimes # Libtool adds these, at least sometimes
INSTALL INSTALL
/COPYING /m4/libtool.m4
!m4/check*.m4 /m4/ltoptions.m4
m4/l* /m4/ltsugar.m4
/m4/ltversion.m4
/m4/lt~obsolete.m4
aclocal.m4 /aclocal.m4
compile /compile
doxygen /doxygen
config.guess /config.guess
config.log /config.log
config.status /config.status
config.sub /config.sub
configure /configure
depcomp /depcomp
config.h /config.h
config.h.in /config.h.in
install-sh /install-sh
libtool /libtool
ltmain.sh /ltmain.sh
missing /missing
stamp-h1 /stamp-h1
stamp-h2 /stamp-h2
include/openssl/Makefile.am include/openssl/Makefile.am
tests/Makefile.am
VERSION
crypto/VERSION crypto/VERSION
ssl/VERSION ssl/VERSION
tls/VERSION tls/VERSION
libtls-standalone/VERSION
ssl/*.c ssl/*.c
ssl/*.h ssl/*.h
@@ -120,55 +105,98 @@ tls/*.h
include/pqueue.h include/pqueue.h
include/tls.h include/tls.h
include/openssl/*.h include/openssl/*.h
include/openssl/*.he
apps/*.h
apps/*.c
apps/openssl
apps/openssl.cnf
!apps/apps_win.c
!apps/poll_win.c
!apps/certhash_disabled.c
/apps/ocspcheck/*.h crypto/compat/arc4random.c
/apps/ocspcheck/*.c crypto/compat/chacha_private.h
/apps/ocspcheck/ocspcheck* crypto/compat/explicit_bzero.c
/apps/ocspcheck/compat/inet_ntop.c crypto/compat/getentropy_*.c
/apps/ocspcheck/compat/memmem.c crypto/compat/reallocarray.c
crypto/compat/strlcat.c
/apps/nc/*.h crypto/compat/strlcpy.c
/apps/nc/*.c crypto/compat/strndup.c
/apps/nc/nc* crypto/compat/strnlen.c
!/apps/nc/readpassphrase.c crypto/compat/timingsafe_bcmp.c
/apps/nc/compat/*.c crypto/compat/timingsafe_memcmp.c
crypto/compat/arc4random_*.h
/apps/openssl/*.h
/apps/openssl/*.c
/apps/openssl/*.cnf
/apps/openssl/*.pem
/apps/openssl/openssl
/apps/openssl/compat/strtonum.c
!/apps/openssl/apps_win.c
!/apps/openssl/certhash_win.c
!/crypto/Makefile.am.*
!/crypto/compat/arc4random.h
!/crypto/compat/b_win.c
!/crypto/compat/explicit_bzero_win.c
!/crypto/compat/freezero.c
!/crypto/compat/getpagesize.c
!/crypto/compat/posix_win.c
!/crypto/compat/bsd_asprintf.c
!/crypto/compat/inet_pton.c
!/crypto/compat/timegm.c
!/crypto/compat/ui_openssl_win.c
!/crypto/CMakeLists.txt
/crypto
!/libtls-standalone/compat/Makefile.am
/libtls-standalone/include/*.h
/libtls-standalone/src/*.c
/libtls-standalone/src/*.h
/libtls-standalone/src
/libtls-standalone/tests/test
/libtls-standalone/compat
/libtls-standalone/VERSION
/libtls-standalone/m4
/libtls-standalone/man
crypto/aes/
crypto/asn1/
crypto/bf/
crypto/bio/
crypto/bn/
crypto/buffer/
crypto/camellia/
crypto/cast/
crypto/camellia/
crypto/chacha/
crypto/cmac/
crypto/comp/
crypto/conf/
crypto/cpt_err.c
crypto/cryptlib.c
crypto/cryptlib.h
crypto/cversion.c
crypto/des/
crypto/dh/
crypto/dsa/
crypto/dso/
crypto/ec/
crypto/ecdh/
crypto/ecdsa/
crypto/engine/
crypto/err/
crypto/evp/
crypto/ex_data.c
crypto/gost/
crypto/hmac/
crypto/idea/
crypto/krb5/
crypto/lhash/
crypto/malloc-wrapper.c
crypto/md32_common.h
crypto/md4/
crypto/md5/
crypto/mdc2/
crypto/mem_clr.c
crypto/mem_dbg.c
crypto/modes/
crypto/o_init.c
crypto/o_str.c
crypto/o_time.c
crypto/o_time.h
crypto/objects
crypto/ocsp/
crypto/pem/
crypto/pkcs12/
crypto/pkcs7/
crypto/poly1305/
crypto/pqueue/
crypto/rand/
crypto/rc2/
crypto/rc4/
crypto/ripemd/
crypto/rsa/
crypto/sha/
crypto/stack/
crypto/ts/
crypto/txt_db/
crypto/ui/
crypto/whrlpool/
crypto/x509/
crypto/x509v3/
openbsd/ openbsd/
*.tar.gz *.tar.gz
apps/*.1*
man/*.3
man/*.1
man/Makefile.am man/Makefile.am
man/mandoc.db .gitmodules
COPYING

8
.travis.yml
View File

@@ -10,23 +10,15 @@ matrix:
- compiler: clang - compiler: clang
os: linux os: linux
env: ARCH=native env: ARCH=native
dist: trusty
sudo: required
- compiler: gcc - compiler: gcc
os: linux os: linux
env: ARCH=native env: ARCH=native
dist: trusty
sudo: required
- compiler: gcc - compiler: gcc
os: linux os: linux
env: ARCH=mingw32 env: ARCH=mingw32
dist: trusty
sudo: required
- compiler: gcc - compiler: gcc
os: linux os: linux
env: ARCH=mingw64 env: ARCH=mingw64
dist: trusty
sudo: required
script: script:
"./scripts/travis" "./scripts/travis"

0
libtls-standalone/AUTHORS → AUTHORS
View File

347
CMakeLists.txt
View File

@@ -1,347 +0,0 @@
cmake_minimum_required (VERSION 2.8.8)
include(CheckFunctionExists)
include(CheckLibraryExists)
include(CheckIncludeFiles)
include(CheckTypeSize)
set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}" ${CMAKE_MODULE_PATH})
include(cmake_export_symbol)
include(GNUInstallDirs)
project (LibreSSL C)
enable_testing()
file(READ ${CMAKE_CURRENT_SOURCE_DIR}/ssl/VERSION SSL_VERSION)
string(STRIP ${SSL_VERSION} SSL_VERSION)
string(REPLACE ":" "." SSL_VERSION ${SSL_VERSION})
string(REGEX REPLACE "\\..*" "" SSL_MAJOR_VERSION ${SSL_VERSION})
file(READ ${CMAKE_CURRENT_SOURCE_DIR}/crypto/VERSION CRYPTO_VERSION)
string(STRIP ${CRYPTO_VERSION} CRYPTO_VERSION)
string(REPLACE ":" "." CRYPTO_VERSION ${CRYPTO_VERSION})
string(REGEX REPLACE "\\..*" "" CRYPTO_MAJOR_VERSION ${CRYPTO_VERSION})
file(READ ${CMAKE_CURRENT_SOURCE_DIR}/tls/VERSION TLS_VERSION)
string(STRIP ${TLS_VERSION} TLS_VERSION)
string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION})
string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})
option(LIBRESSL_SKIP_INSTALL "Skip installation" ${LIBRESSL_SKIP_INSTALL})
option(ENABLE_ASM "Enable assembly" ON)
option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
option(ENABLE_VSTEST "Enable test on Visual Studio" OFF)
set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)
if(NOT LIBRESSL_SKIP_INSTALL)
set( ENABLE_LIBRESSL_INSTALL ON )
endif(NOT LIBRESSL_SKIP_INSTALL)
set(BUILD_NC true)
if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
add_definitions(-fno-common)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "OpenBSD")
add_definitions(-DHAVE_ATTRIBUTE__BOUNDED__)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
add_definitions(-D_DEFAULT_SOURCE)
add_definitions(-D_BSD_SOURCE)
add_definitions(-D_POSIX_SOURCE)
add_definitions(-D_GNU_SOURCE)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "MINGW")
set(BUILD_NC false)
endif()
if(WIN32)
set(BUILD_NC false)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
if(CMAKE_C_COMPILER MATCHES "gcc")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlp64")
else()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 +DD64 +Otype_safety=off")
endif()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT")
endif()
if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__EXTENSIONS__")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBSD_COMP")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic -m64")
endif()
add_definitions(-DLIBRESSL_INTERNAL)
add_definitions(-DOPENSSL_NO_HW_PADLOCK)
add_definitions(-D__BEGIN_HIDDEN_DECLS=)
add_definitions(-D__END_HIDDEN_DECLS=)
set(CMAKE_POSITION_INDEPENDENT_CODE true)
if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
add_definitions(-Wno-pointer-sign)
endif()
if(WIN32)
add_definitions(-Drestrict)
add_definitions(-D_CRT_SECURE_NO_WARNINGS)
add_definitions(-D_CRT_DEPRECATED_NO_WARNINGS)
add_definitions(-D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS)
add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501)
add_definitions(-DCPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG -DNO_CRYPT)
endif()
if(MSVC)
add_definitions(-Dinline=__inline)
message(STATUS "Using [${CMAKE_C_COMPILER_ID}] compiler")
if(CMAKE_C_COMPILER_ID MATCHES "MSVC")
set(MSVC_DISABLED_WARNINGS_LIST
"C4018" # 'expression' : signed/unsigned mismatch
"C4057" # 'operator' : 'identifier1' indirection to
# slightly different base types from 'identifier2'
"C4100" # 'identifier' : unreferenced formal parameter
"C4127" # conditional expression is constant
"C4146" # unary minus operator applied to unsigned type,
# result still unsigned
"C4244" # 'argument' : conversion from 'type1' to 'type2',
# possible loss of data
"C4245" # 'conversion' : conversion from 'type1' to 'type2',
# signed/unsigned mismatch
"C4267" # 'var' : conversion from 'size_t' to 'type',
# possible loss of data
"C4389" # 'operator' : signed/unsigned mismatch
"C4706" # assignment within conditional expression
"C4996" # The POSIX name for this item is deprecated.
# Instead, use the ISO C and C++ conformant name
)
elseif(CMAKE_C_COMPILER_ID MATCHES "Intel")
add_definitions(-D_CRT_SUPPRESS_RESTRICT)
set(MSVC_DISABLED_WARNINGS_LIST
"C111" # Unreachable statement
"C128" # Unreachable loop
"C167" # Unexplict casting unsigned to signed
"C186" # Pointless comparison of unsigned int with zero
"C188" # Enumerated type mixed with another type
"C344" # Redeclared type
"C556" # Unexplict casting signed to unsigned
"C869" # Unreferenced parameters
"C1786" # Deprecated functions
"C2545" # Empty else statement
"C2557" # Comparing signed to unsigned
"C2722" # List init syntax is c++11 feature
"C3280" # Declaration hides variable
)
endif()
string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
${MSVC_DISABLED_WARNINGS_LIST})
string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS})
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 ${MSVC_DISABLED_WARNINGS_STR}")
endif()
check_function_exists(asprintf HAVE_ASPRINTF)
if(HAVE_ASPRINTF)
add_definitions(-DHAVE_ASPRINTF)
endif()
check_function_exists(inet_pton HAVE_INET_PTON)
if(HAVE_INET_PTON)
add_definitions(-DHAVE_INET_PTON)
endif()
check_function_exists(reallocarray HAVE_REALLOCARRAY)
if(HAVE_REALLOCARRAY)
add_definitions(-DHAVE_REALLOCARRAY)
endif()
check_function_exists(strcasecmp HAVE_STRCASECMP)
if(HAVE_STRCASECMP)
add_definitions(-DHAVE_STRCASECMP)
endif()
check_function_exists(strlcat HAVE_STRLCAT)
if(HAVE_STRLCAT)
add_definitions(-DHAVE_STRLCAT)
endif()
check_function_exists(strlcpy HAVE_STRLCPY)
if(HAVE_STRLCPY)
add_definitions(-DHAVE_STRLCPY)
endif()
check_function_exists(strndup HAVE_STRNDUP)
if(HAVE_STRNDUP)
add_definitions(-DHAVE_STRNDUP)
endif()
if(WIN32)
set(HAVE_STRNLEN true)
add_definitions(-DHAVE_STRNLEN)
else()
check_function_exists(strnlen HAVE_STRNLEN)
if(HAVE_STRNLEN)
add_definitions(-DHAVE_STRNLEN)
endif()
endif()
check_function_exists(strsep HAVE_STRSEP)
if(HAVE_STRSEP)
add_definitions(-DHAVE_STRSEP)
endif()
check_function_exists(timegm HAVE_TIMEGM)
if(HAVE_TIMEGM)
add_definitions(-DHAVE_TIMEGM)
endif()
check_function_exists(arc4random_buf HAVE_ARC4RANDOM_BUF)
if(HAVE_ARC4RANDOM_BUF)
add_definitions(-DHAVE_ARC4RANDOM_BUF)
endif()
check_function_exists(arc4random_uniform HAVE_ARC4RANDOM_UNIFORM)
if(HAVE_ARC4RANDOM_UNIFORM)
add_definitions(-DHAVE_ARC4RANDOM_UNIFORM)
endif()
check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
if(HAVE_EXPLICIT_BZERO)
add_definitions(-DHAVE_EXPLICIT_BZERO)
endif()
check_function_exists(getauxval HAVE_GETAUXVAL)
if(HAVE_GETAUXVAL)
add_definitions(-DHAVE_GETAUXVAL)
endif()
check_function_exists(getentropy HAVE_GETENTROPY)
if(HAVE_GETENTROPY)
add_definitions(-DHAVE_GETENTROPY)
endif()
check_function_exists(getpagesize HAVE_GETPAGESIZE)
if(HAVE_GETPAGESIZE)
add_definitions(-DHAVE_GETPAGESIZE)
endif()
check_function_exists(timingsafe_bcmp HAVE_TIMINGSAFE_BCMP)
if(HAVE_TIMINGSAFE_BCMP)
add_definitions(-DHAVE_TIMINGSAFE_BCMP)
endif()
check_function_exists(timingsafe_memcmp HAVE_TIMINGSAFE_MEMCMP)
if(HAVE_MEMCMP)
add_definitions(-DHAVE_MEMCMP)
endif()
check_function_exists(memmem HAVE_MEMMEM)
if(HAVE_MEMMEM)
add_definitions(-DHAVE_MEMMEM)
endif()
check_include_files(err.h HAVE_ERR_H)
if(HAVE_ERR_H)
add_definitions(-DHAVE_ERR_H)
endif()
if(ENABLE_ASM)
if("${CMAKE_C_COMPILER_ABI}" STREQUAL "ELF")
if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)")
set(HOST_ASM_ELF_X86_64 true)
elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386")
set(HOST_ASM_ELF_X86_64 true)
endif()
elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
set(HOST_ASM_MACOSX_X86_64 true)
endif()
endif()
if(NOT (CMAKE_SYSTEM_NAME MATCHES "(Darwin|CYGWIN)"))
set(BUILD_SHARED true)
endif()
# USE_SHARED builds applications (e.g. openssl) using shared LibreSSL.
# By default, applications use LibreSSL static library to avoid dependencies.
# USE_SHARED isn't set by default; use -DUSE_SHARED=ON with CMake to enable.
# Can be helpful for debugging; don't use for public releases.
if(NOT BUILD_SHARED)
set(USE_SHARED off)
endif()
if(USE_SHARED)
set(OPENSSL_LIBS tls-shared ssl-shared crypto-shared)
else()
set(OPENSSL_LIBS tls ssl crypto)
endif()
if(CMAKE_HOST_WIN32)
set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME)
if (HAVE_CLOCK_GETTIME)
set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
set(OPENSSL_LIBS ${OPENSSL_LIBS} nsl socket)
endif()
check_type_size(time_t SIZEOF_TIME_T)
if(SIZEOF_TIME_T STREQUAL "4")
set(SMALL_TIME_T true)
add_definitions(-DSMALL_TIME_T)
message(WARNING " ** Warning, this system is unable to represent times past 2038\n"
" ** It will behave incorrectly when handling valid RFC5280 dates")
endif()
add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T})
add_subdirectory(crypto)
add_subdirectory(ssl)
add_subdirectory(apps)
add_subdirectory(tls)
add_subdirectory(include)
if(NOT MSVC)
add_subdirectory(man)
endif()
if(NOT MSVC OR ENABLE_VSTEST)
add_subdirectory(tests)
endif()
if(NOT MSVC)
# Create pkgconfig files.
set(prefix ${CMAKE_INSTALL_PREFIX})
set(exec_prefix \${prefix})
set(libdir \${exec_prefix}/${CMAKE_INSTALL_LIBDIR})
set(includedir \${prefix}/include)
file(STRINGS "VERSION" VERSION LIMIT_COUNT 1)
file(GLOB OPENSSL_PKGCONFIGS "*.pc.in")
foreach(file ${OPENSSL_PKGCONFIGS})
get_filename_component(filename ${file} NAME)
string(REPLACE ".in" "" new_file "${filename}")
configure_file(${filename} pkgconfig/${new_file} @ONLY)
endforeach()
install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/pkgconfig
DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif()
configure_file(
"${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
IMMEDIATE @ONLY)
add_custom_target(uninstall
COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)

748
ChangeLog
View File

@@ -28,758 +28,12 @@ history is also available from Git.
LibreSSL Portable Release Notes: LibreSSL Portable Release Notes:
2.7.0 - Bug fixes and improvements
* Merged more DTLS support into the regular TLS code path, removing
duplicated code.
* Converted ssl3_send_client_hello(), ssl3_send_server_hello() to CBB.
* Rewrite ASN1_TYPE_{get,set}_octetstring() using templated ASN.1.
This removes the last remaining use of the old M_ASN1_* macros
(asn1_mac.h) from API that needs to continue to exist.
2.6.4 - Bug fixes
* Make tls_config_parse_protocols() work correctly when passed a NULL
pointer for a protocol string. Issue found by semarie@, who also
provided the diff.
* Correct TLS extensions handling when no extensions are present.
If no TLS extensions are present in a client hello or server hello,
omit the entire extensions block, rather than including it with a
length of zero. Thanks to Eric Elena <eric at voguemerry dot com> for
providing packet captures and testing the fix.
* Fixed portable builds on older Android systems, and systems with out
IPV6_TCLASS support.
2.6.3 - OpenBSD 6.2 Release
* No core changes from LibreSSL 2.6.2
* Minor compatibility fixes in portable version.
2.6.2 - Bug fixes
* Provide a useful error with libtls if there are no OCSP URLs in a
peer certificate.
* Keep track of which keypair is in use by a TLS context, fixing a bug
where a TLS server with SNI would only return the OCSP staple for the
default keypair. Issue reported by William Graeber and confirmed by
Andreas Bartelt.
* Fixed various issues in the OCSP extension parsing code.
The original code incorrectly passes the pointer allocated via
CBS_stow() (using malloc()) to a d2i_*() function and then calls
free() on the now incremented pointer, most likely resulting in a
crash. This issue was reported by Robert Swiecki who found the issue
using honggfuzz.
* If tls_config_parse_protocols() is called with a NULL pointer,
return the default protocols instead of crashing - this makes the
behaviour more useful and mirrors what we already do in
tls_config_set_ciphers() et al.
2.6.1 - Code removal, rewrites
* Added a "-T tlscompat" option to nc(1), which enables the use of all
TLS protocols and "compat" ciphers. This allows for TLS connections
to TLS servers that are using less than ideal cipher suites, without
having to resort to "-T tlsall" which enables all known cipher
suites. Diff from Kyle J. McKay.
* Added a new TLS extension handling framework, somewhat analogous to
BoringSSL, and converted all TLS extensions to use it. Added new TLS
extension regression tests.
* Improved and added many new manpages. Updated *check_private_key
manpages with additional cautions regarding their use.
* Cleaned up the EC key/curve configuration handling.
* Added tls_config_set_ecdhecurves() to libtls, which allows the names
of the eliptical curves that may be used during client and server
key exchange to be specified.
* Converted more code paths to use CBB/CBS.
* Removed support for DSS/DSA, since we removed the cipher suites a
while back.
* Removed NPN support. NPN was never standardised and the last draft
expired in October 2012. ALPN was standardised in July 2014 and has
been supported in LibreSSL since December 2014. NPN has also been
removed from Chromium in May 2016.
* Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
CryptoPro clients.
* Removed support for the TLS padding extension, which was added as a
workaround for an old bug in F5's TLS termination.
* Worked around another bug in F5's TLS termination handling of the
elliptical curves extension. RFC 4492 only defines elliptic_curves
for ClientHello. However, F5 is sending it in ServerHello. We need
to skip over it since our TLS extension parsing code is now more
strict. Thanks to Armin Wolfermann and WJ Liu for reporting.
* Added ability to clamp notafter valies in certificates for systems
with 32-bit time_t. This is necessary to conform to RFC 5280
4.1.2.5.
* Implemented the SSL_CTX_set_min_proto_version(3) API.
* Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
* Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
2.6.0 - New APIs, bug fixes and improvements
* Added support for providing CRLs to libtls. Once a CRL is provided we
enable CRL checking for the full certificate chain. Based on a diff
from Jack Burton
* Allow non-compliant clients using IP literal addresses with SNI
to connect to a server using libtls.
* Avoid a potential NULL pointer dereference in d2i_ECPrivateKey().
Reported by Robert Swiecki, who found the issue using honggfuzz.
* Added definitions for three OIDs used in EV certificates.
From Kyle J. McKay
* Added tls_peer_cert_chain_pem to libtls, useful in private
certificate validation callbacks such as those in relayd.
* Converted explicit clear/free sequences to use freezero(3).
* Reworked TLS certificate name verification code to more strictly
follow RFC 6125.
* Cleaned up and simplified server key exchange EC point handling.
* Added tls_keypair_clear_key for clearing key material.
* Removed inconsistent IPv6 handling from BIO_get_accept_socket,
simplified BIO_get_host_ip and BIO_accept.
* Fixed the openssl(1) ca command so that is generates certificates
with RFC 5280-conformant time. Problem noticed by Harald Dunkel.
* Added ASN1_TIME_set_tm to set an asn1 from a struct tm *
* Added SSL{,_CTX}_set_{min,max}_proto_version() functions.
* Added HKDF (HMAC Key Derivation Function) from BoringSSL
* Provided a tls_unload_file() function that frees the memory returned
from a tls_load_file() call, ensuring that it the contents become
inaccessible. This is specifically needed on platforms where the
library allocators may be different from the application allocator.
* Perform reference counting for tls_config. This allows
tls_config_free() to be called as soon as it has been passed to the
final tls_configure() call, simplifying lifetime tracking for the
application.
* Moved internal state of SSL and other structures to be opaque.
* Dropped cipher suites with DSS authentication.
* nc(1) improvements, including:
nc -W to terminate nc after receiving a number of packets
nc -Z for saving the peer certificate and chain in a pem file
2.5.5 - Bug fixes
* Distinguish between self-issued certificates and self-signed
certificates. The certificate verification code has special cases
for self-signed certificates and without this change, self-issued
certificates (which it seems are common place with
openvpn/easyrsa) were also being included in this category.
* Added getpagesize fallback, needed for Android bionic libc.
2.5.4 - Security Updates
* Revert a previous change that forced consistency between return
value and error code when specifing a certificate verification
callback, since this breaks the documented API. When a user supplied
callback always returns 1, and later code checks the error code to
potentially abort post verification, this will result in incorrect
successul certificate verification.
* Switched Linux getrandom() usage to non-blocking mode, continuing to
use fallback mechanims if unsuccessful. This works around a design
flaw in Linux getrandom(2) where early boot usage in a library makes
it impossible to recover if getrandom(2) is not yet initialized.
* Fixed a bug caused by the return value being set early to signal
successful DTLS cookie validation. This can mask a later failure and
result in a positive return value being returned from
ssl3_get_client_hello(), when it should return a negative value to
propagate the error.
* Fixed a build error on non-x86/x86_64 systems running Solaris.
2.5.3 - OpenBSD 6.1 Release
* Documentation updates
* Improved ocspcheck(1) error handling
2.5.2 - Security features and bugfixes
* Added the recallocarray(3) memory allocation function, and converted
various places in the library to use it, such as CBB and BUF_MEM_grow.
recallocarray(3) is similar to reallocarray. Newly allocated memory
is cleared similar to calloc(3). Memory that becomes unallocated
while shrinking or moving existing allocations is explicitly
discarded by unmapping or clearing to 0
* Added new root CAs from SECOM Trust Systems / Security Communication
of Japan.
* Added EVP interface for MD5+SHA1 hashes.
* Fixed DTLS client failures when the server sends a certificate
request.
* Correct handling of padding when upgrading an SSLv2 challenge into
an SSLv3/TLS connection.
* Allow protocols and ciphers to be set on a TLS config object in
libtls.
* Improved nc(1) TLS handshake CPU usage and server-side error
reporting.
2.5.1 - Bug and security fixes, new features, documentation updates
* X509_cmp_time() now passes a malformed GeneralizedTime field as an
error. Reported by Theofilos Petsios.
* Detect zero-length encrypted session data early, instead of when
malloc(0) fails or the HMAC check fails. Noted independently by
jsing@ and Kurt Cancemi.
* Check for and handle failure of HMAC_{Update,Final} or
EVP_DecryptUpdate().
* Massive update and normalization of manpages, conversion to
mandoc format. Many pages were rewritten for clarity and accuracy.
Portable doc links are up-to-date with a new conversion tool.
* Curve25519 Key Exchange support.
* Support for alternate chains for certificate verification.
* Code cleanups, CBS conversions, further unification of DTLS/SSL
handshake code, further ASN1 macro expansion and removal.
* Private symbol are now hidden in libssl and libcryto.
* Friendly certificate verification error messages in libtls, peer
verification is now always enabled.
* Added OCSP stapling support to libtls and netcat.
* Added ocspcheck utility to validate a certificate against its OCSP
responder and save the reply for stapling
* Enhanced regression tests and error handling for libtls.
* Added explicit constant and non-constant time BN functions,
defaulting to constant time wherever possible.
* Moved many leaked implementation details in public structs behind
opaque pointers.
* Added ticket support to libtls.
* Added support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
SSL{_CTX}_set1_curves{_list} names. This also changes the default
list of curves to be X25519, P-256 and P-384. All other curves must
be manually enabled.
* Added -groups option to openssl(1) s_client for specifying the curves
to be used in a colon-separated list.
* Merged client/server version negotiation code paths into one,
reducing much duplicate code.
* Removed error function codes from libssl and libcrypto.
* Fixed an issue where a truncated packet could crash via an OOB read.
* Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
client-initiated renegotiation. This is the default for libtls
servers.
* Avoid a side-channel cache-timing attack that can leak the ECDSA
private keys when signing. This is due to BN_mod_inverse() being
used without the constant time flag being set. Reported by Cesar
Pereida Garcia and Billy Brumley (Tampere University of Technology).
The fix was developed by Cesar Pereida Garcia.
* iOS and MacOS compatibility updates from Simone Basso and Jacob
Berkman.
2.5.0 - New APIs, bug fixes and improvements
* libtls now supports ALPN and SNI
* libtls adds a new callback interface for integrating custom IO
functions. Thanks to Tobias Pape.
* libtls now handles 4 cipher suite groups:
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than
having two extremes (an issue raised by Marko Kreen some time ago).
* Tightened error handling for tls_config_set_ciphers().
* libtls now always loads CA, key and certificate files at the time the
configuration function is called. This simplifies code and results in
a single memory based code path being used to provide data to libssl.
* Add support for OCSP intermediate certificates.
* Added functions used by stunnel and exim from BoringSSL - this
brings in X509_check_host, X509_check_email, X509_check_ip, and
X509_check_ip_asc.
* Added initial support for iOS, thanks to Jacob Berkman.
* Improved behavior of arc4random on Windows when using memory leak
analysis software.
* Correctly handle an EOF that occurs prior to the TLS handshake
completing. Reported by Vasily Kolobkov, based on a diff from Marko
Kreen.
* Limit the support of the "backward compatible" ssl2 handshake to
only be used if TLS 1.0 is enabled.
* Fix incorrect results in certain cases on 64-bit systems when
BN_mod_word() can return incorrect results. BN_mod_word() now can
return an error condition. Thanks to Brian Smith.
* Added constant-time updates to address CVE-2016-0702
* Fixed undefined behavior in BN_GF2m_mod_arr()
* Removed unused Cryptographic Message Support (CMS)
* More conversions of long long idioms to time_t
* Improved compatibility by avoiding printing NULL strings with
printf.
* Reverted change that cleans up the EVP cipher context in
EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
previous behaviour.
* Avoid unbounded memory growth in libssl, which can be triggered by a
TLS client repeatedly renegotiating and sending OCSP Status Request
TLS extensions.
* Avoid falling back to a weak digest for (EC)DH when using SNI with
libssl.
2.4.2 - Bug fixes and improvements
* Fixed loading default certificate locations with openssl s_client.
* Ensured OCSP only uses and compares GENERALIZEDTIME values as per
RFC6960. Also added fixes for OCSP to work with intermediate
certificates provided in responses.
* Improved behavior of arc4random on Windows to not appear to leak
memory in debug tools, reduced privileges of allocated memory.
* Fixed incorrect results from BN_mod_word() when the modulus is too
large, thanks to Brian Smith from BoringSSL.
* Correctly handle an EOF prior to completing the TLS handshake in
libtls.
* Improved libtls ceritificate loading and cipher string validation.
* Updated libtls cipher group suites into four categories:
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than
having two extremes.
* Limited support for 'backward compatible' SSLv2 handshake packets to
when TLS 1.0 is enabled, providing more restricted compatibility
with TLS 1.0 clients.
* openssl(1) and other documentation improvements.
* Removed flags for disabling constant-time operations.
This removes support for DSA_FLAG_NO_EXP_CONSTTIME,
DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making
all of these operations unconditionally constant-time.
2.4.1 - Security fix
* Correct a problem that prevents the DSA signing algorithm from
running in constant time even if the flag BN_FLG_CONSTTIME is set.
This issue was reported by Cesar Pereida (Aalto University), Billy
Brumley (Tampere University of Technology), and Yuval Yarom (The
University of Adelaide and NICTA). The fix was developed by Cesar
Pereida.
2.4.0 - Build improvements, new features
* Many improvements to the CMake build infrastructure, including
Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro
Inoguchi for this work.
* Added missing error handling around bn_wexpand() calls.
* Added explicit_bzero calls for freed ASN.1 objects.
* Fixed X509_*set_object functions to return 0 on allocation failure.
* Implemented the IETF ChaCha20-Poly1305 cipher suites.
* Changed default EVP_aead_chacha20_poly1305() implementation to the
IETF version, which is now the default.
* Fixed password prompts from openssl(1) to properly handle ^C.
* Reworked error handling in libtls so that configuration errors are
visible.
* Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
* Manpage fixes and updates
2.3.5 - Reliability fix
* Fixed an error in libcrypto when parsing some ASN.1 elements > 16k.
2.3.4 - Security Update
* Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.
From OpenSSL.
* Minor build fixes
2.3.3 - OpenBSD 5.9 release branch tagged
* Reworked build scripts to better sync with OpenNTPD-portable
* Fixed broken manpage links
* Fixed an nginx compatibility issue by adding an 'install_sw' make alias
* Fixed HP-UX builds
* Changed the default configuration directory to c:\LibreSSL\ssl on Windows
binary builds
* cert.pem has been reorganized and synced with Mozilla's certificate store
2.3.2 - Compatibility and Reliability fixes
* Changed format of LIBRESSL_VERSION_NUMBER to match that of
OPENSSL_VERSION_NUMBER, see:
https://wiki.openssl.org/index.php/Manual:OPENSSL_VERSION_NUMBER(3)
* Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
construction introduced in RFC 7539, which is different than that
already used in TLS with EVP_aead_chacha20_poly1305()
* Avoid a potential undefined C99+ behavior due to shift overflow in
AES_decrypt, reported by Pascal Cuoq <cuoq at trust-in-soft.com>
* More man pages converted from pod to mdoc format
* Added COMODO RSA Certification Authority and QuoVadis
root certificates to cert.pem
* Removed Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem
* Added support for building nc(1) on Solaris
* Fixed GCC 5.x+ preprocessor checks, reported by Ruslan Babayev
* Improved console handling with openssl(1) on Windows
* Ensure the network stack is enabled on Windows when running
tls_init()
* Fixed incorrect TLS certificate loading by nc(1)
* Added support for Solaris 11.3's getentropy(2) system call
* Enabled support for using NetBSD 7.0's arc4random(3) implementation
* Deprecated the SSL_OP_SINGLE_DH_USE flag by disabling its effect
* Fixes from OpenSSL 1.0.1q
- CVE-2015-3194 - NULL pointer dereference in client side certificate
validation.
- CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL
* The following OpenSSL CVEs did not apply to LibreSSL
- CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery
squaring procedure.
- CVE-2015-3196 - Double free race condition of the identify hint
data.
See https://marc.info/?l=openbsd-announce&m=144925068504102
2.3.1 - ASN.1 and time handling cleanups
* ASN.1 cleanups and RFC5280 compliance fixes.
* Time representations switched from 'unsigned long' to 'time_t'. LibreSSL
now checks if the host OS supports 64-bit time_t.
* Fixed a leak in SSL_new in the error path.
* Support always extracting the peer cipher and version with libtls.
* Added ability to check certificate validity times with libtls,
tls_peer_cert_notbefore and tls_peer_cert_notafter.
* Changed tls_connect_servername to use the first address that resolves with
getaddrinfo().
* Remove broken conditional EVP_CHECK_DES_KEY code (non-functional since
initial commit in 2004).
* Fixed a memory leak and out-of-bounds access in OBJ_obj2txt, reported
by Qualys Security.
* Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
sizeof(RC4_CHUNK), reported by Pascal Cuoq <cuoq at trust-in-soft.com>.
* Reject too small bits value in BN_generate_prime_ex(), so that it does
not risk becoming negative in probable_prime_dh_safe(), reported by
Franck Denis.
* Enable nc(1) builds on more platforms.
2.3.0 - SSLv3 removed, libtls API changes, portability improvements
* SSLv3 is now permanently removed from the tree.
* The libtls API is changed from the 2.2.x series.
The read/write functions work correctly with external event
libraries. See the tls_init man page for examples of using libtls
correctly in asynchronous mode.
Client-side verification is now supported, with the client supplying
the certificate to the server.
Also, when using tls_connect_fds, tls_connect_socket or
tls_accept_fds, libtls no longer implicitly closes the passed in
sockets. The caller is responsible for closing them in this case.
* When loading a DSA key from an raw (without DH parameters) ASN.1
serialization, perform some consistency checks on its `p' and `q'
values, and return an error if the checks failed.
Thanks for Georgi Guninski (guninski at guninski dot com) for
mentioning the possibility of a weak (non prime) q value and
providing a test case.
See
https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html
for a longer discussion.
* Fixed a bug in ECDH_compute_key that can lead to silent truncation
of the result key without error. A coding error could cause software
to use much shorter keys than intended.
* Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no
longer supported.
* The engine command and parameters are removed from the openssl(1).
Previous releases removed dynamic and builtin engine support
already.
* SHA-0 is removed, which was withdrawn shortly after publication 20
years ago.
* Added Certplus CA root certificate to the default cert.pem file.
* New interface OPENSSL_cpu_caps is provided that does not allow
software to inadvertently modify cpu capability flags.
OPENSSL_ia32cap and OPENSSL_ia32cap_loc are removed.
* The out_len argument of AEAD changed from ssize_t to size_t.
* Deduplicated DTLS code, sharing bugfixes and improvements with
TLS.
* Converted 'nc' to use libtls for client and server operations; it is
included in the libressl-portable distribution as an example of how
to use the library.
2.2.3 - Bug fixes, build enhancements
* LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
include TLS extensions, resulting in such handshakes being aborted.
This release corrects the handling of such messages. Thanks to
Ligushka from github for reporting the issue.
* Added install target for cmake builds. Thanks to TheNietsnie from
github.
* Updated pkgconfig files to correctly report the release version
number, not the individual library ABI version numbers. Thanks to
Jan Engelhardt for reporting the issue.
2.2.2 - More TLS parser rework, bug fixes, expanded portable build support
* Switched 'openssl dhparam' default from 512 to 2048 bits
* Reworked openssl(1) option handling
* More CRYPTO ByteString (CBC) packet parsing conversions
* Fixed 'openssl pkeyutl -verify' to exit with a 0 on success
* Fixed dozens of Coverity issues including dead code, memory leaks,
logic errors and more.
* Ensure that openssl(1) restores terminal echo state after reading a
password.
* Incorporated fix for OpenSSL Issue #3683
* LibreSSL version define LIBRESSL_VERSION_NUMBER will now be bumped
for each portable release.
* Removed workarounds for TLS client padding bugs.
* No longer disable ECDHE-ECDSA on OS X
* Removed SSLv3 support from openssl(1)
* Removed IE 6 SSLv3 workarounds.
* Modified tls_write in libtls to allow partial writes, clarified with
examples in the documentation.
* Removed RSAX engine
* Tested SSLv3 removal with the OpenBSD ports tree and found several
applications that were not ready to build without SSLv3 yet. For
now, building a program that intentionally uses SSLv3 will result in
a linker warning.
* Added TLS_method, TLS_client_method and TLS_server_method as a
replacement for the SSLv23_*method calls.
* Added initial cmake build support, including support for building with
Visual Studio, currently tested with Visual Studio 2013 Community
Edition.
* --with-enginesdir is removed as a configuration parameter
* Default cert.pem, openssl.cnf, and x509v3.cnf files are now
installed under $sysconfdir/ssl or the directory specified by
--with-openssldir. Previous versions of LibreSSL left these empty.
2.2.1 - Build fixes, feature added, features removed
* Assorted build fixes for musl, HP-UX, Mingw, Solaris.
* Initial support for Windows Embedded 2009, Server 2003, XP
* Protocol parsing conversions to BoringSSL's CRYPTO ByteString (CBS) API
* Added EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL
* Removed Dynamic Engine support
* Removed unused and obsolete MDC-2DES cipher
* Removed workarounds for obsolete SSL implementations
2.2.0 - Build cleanups and new OS support, Security Updates
* AIX Support - thanks to Michael Felt
* Cygwin Support - thanks to Corinna Vinschen
* Refactored build macros, support packaging libtls independently.
There are more pieces required to support building and using OpenSSL
with libtls, but this is an initial start at providing an
independent package for people to start hacking on.
* Removal of OPENSSL_issetugid and all library getenv calls.
Applications can and should no longer rely on environment variables
for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still
supported with the openssl(1) command.
* libtls API and documentation additions
* Various bug fixes and simplifications to libssl and libcrypto
* Fixes for the following issues are integrated into LibreSSL 2.2.0:
- CVE-2015-1788 - Malformed ECParameters causes infinite loop
- CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
- CVE-2015-1792 - CMS verify infinite loop with unknown hash function
* The following CVEs did not apply to LibreSSL or were fixed in
earlier releases:
- CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
- CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
- CVE-2014-8176 - Invalid free in DTLS
* Fixes for the following CVEs are still in review for LibreSSL
- CVE-2015-1791 - Race condition handling NewSessionTicket
2.1.6 - Security update
* Fixes for the following issues are integrated into LibreSSL 2.1.6:
- CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
- CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
- CVE-2015-0287 - ASN.1 structure reuse memory corruption
- CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
- CVE-2015-0289 - PKCS7 NULL pointer dereferences
* The fix for CVE-2015-0207 - Segmentation fault in DTLSv1_listen
is integrated for safety, but LibreSSL is not vulnerable.
* Libtls is now built by default. The --enable-libtls
configuration option is no longer required.
The libtls API is now stable for the 2.1.x series.
2.1.5 - Bug fixes and a security update 2.1.5 - Bug fixes and a security update
* Fix incorrect comparison function in openssl(1) certhash command. * Fix incorrect comparison function in openssl(1) certhash command.
Thanks to Christian Neukirchen / Void Linux.
* Windows port improvements and bug fixes. * Windows port improvements and bug fixes.
- Removed a dependency on libgcc in 32-bit dynamic libraries.
- Correct a hang in openssl(1) reading from stdin on an connection.
- Initialize winsock in openssl(1) earlier, allow 'openssl ocsp' and
any other network-related commands to function properly.
* Reject all server DH keys smaller than 1024 bits. * Reject server ephemeral DH keys smaller than 1024 bits.
2.1.4 - Security and feature updates 2.1.4 - Security and feature updates
* Improvements to libtls: * Improvements to libtls:

10
Makefile.am
View File

@@ -2,10 +2,10 @@ SUBDIRS = crypto ssl tls include apps tests man
ACLOCAL_AMFLAGS = -I m4 ACLOCAL_AMFLAGS = -I m4
pkgconfigdir = $(libdir)/pkgconfig pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc pkgconfig_DATA = libcrypto.pc libssl.pc openssl.pc
EXTRA_DIST = README.md README.windows VERSION config scripts if ENABLE_LIBTLS
EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in pkgconfig_DATA += libtls.pc
endif
.PHONY: install_sw EXTRA_DIST = README README.windows VERSION config scripts
install_sw: install

5
Makefile.am.common
View File

@@ -1,3 +1,2 @@
AM_CFLAGS = AM_CPPFLAGS = -I$(top_srcdir)/include
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL AM_CPPFLAGS += -DLIBRESSL_INTERNAL
AM_CPPFLAGS += -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS=

0
libtls-standalone/NEWS → NEWS
View File

2
OPENBSD_BRANCH
View File

@@ -1 +1 @@
master OPENBSD_5_7

50
README Normal file
View File

@@ -0,0 +1,50 @@
This package is the official portable version of LibreSSL
(http://www.libressl.org).
LibreSSL is a fork of OpenSSL developed by the OpenBSD project
(http://www.openbsd.org). LibreSSL is developed on OpenBSD. This
package then adds portability shims for other operating systems.
Official release tarballs are available at your friendly neighborhood
OpenBSD mirror in directory LibreSSL, e.g.:
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
although we suggest that you use a mirror:
http://www.openbsd.org/ftp.html
The LibreSSL portable build framework is also mirrored in Github:
https://github.com/libressl-portable/portable
Please report bugs either to tech@openbsd.org, or to the github issue tracker:
https://github.com/libressl-portable/portable/issues
If you have checked this source using Git, follow these initial steps to
prepare the source tree for building:
1. ensure you have the following packages installed:
automake, autoconf, bash, git, libtool, perl, pod2man
2. run './autogen.sh' to prepare the source tree for building
or run './dist.sh' to prepare a tarball.
Once you have a source tree from Git or FTP, run these commands to build and
install the package:
./configure # see ./configure --help for configuration options
make check # runs builtin unit tests
make install # set DESTDIR= to install to an alternate location
The resulting library and 'openssl' utility is largely API-compatible with
OpenSSL 1.0.1. However, it is not ABI compatible - you will need to relink your
programs to LibreSSL in order to use it, just as in moving from OpenSSL 0.9.8
to 1.0.1.
The project attempts to provide working alternatives for operating systems with
limited or broken security primitives (e.g. arc4random(3), issetugid(2)) and
assists with improving OS-native implementations where possible.
LibreSSL portable will build on any reasonably modern version of Linux,
Solaris, or OSX with a standards-compliant compiler and C library.

151
README.md
View File

@@ -1,151 +0,0 @@
![LibreSSL image](http://www.libressl.org/images/libressl.jpg)
## Official portable version of [LibreSSL](http://www.libressl.org) ##
[![Build Status](https://travis-ci.org/libressl-portable/portable.svg?branch=master)](https://travis-ci.org/libressl-portable/portable)
LibreSSL is a fork of [OpenSSL](https://www.openssl.org) 1.0.1g developed by the
[OpenBSD](http://www.openbsd.org) project. Our goal is to modernize the codebase,
improve security, and apply best practice development processes from OpenBSD.
## Compatibility with OpenSSL: ##
LibreSSL is API compatible with OpenSSL 1.0.1, but does not yet include all
new APIs from OpenSSL 1.0.2 and later. LibreSSL also includes APIs not yet
present in OpenSSL. The current common API subset is OpenSSL 1.0.1.
LibreSSL is not ABI compatible with any release of OpenSSL, or necessarily
earlier releases of LibreSSL. You will need to relink your programs to
LibreSSL in order to use it, just as in moving between major versions of OpenSSL.
LibreSSL's installed library version numbers are incremented to account for
ABI and API changes.
## Compatibility with other operating systems: ##
While primarily developed on and taking advantage of APIs available on OpenBSD,
the LibreSSL portable project attempts to provide working alternatives for
other operating systems, and assists with improving OS-native implementations
where possible.
At the time of this writing, LibreSSL is know to build and work on:
* Linux (kernel 3.17 or later recommended)
* FreeBSD (tested with 9.2 and later)
* NetBSD (7.0 or later recommended)
* HP-UX (11i)
* Solaris (11 and later preferred)
* Mac OS X (tested with 10.8 and later)
* AIX (5.3 and later)
LibreSSL also supports the following Windows environments:
* Microsoft Windows (XP or higher, x86 and x64)
* Wine (32-bit and 64-bit)
* Builds with Mingw-w64, Cygwin, and Visual Studio
Official release tarballs are available at your friendly neighborhood
OpenBSD mirror in directory
[LibreSSL](http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/),
although we suggest that you use a [mirror](http://www.openbsd.org/ftp.html).
The LibreSSL portable build framework is also
[mirrored](https://github.com/libressl-portable/portable) in Github.
Please report bugs either to the public libressl@openbsd.org mailing list,
or to the github
[issue tracker](https://github.com/libressl-portable/portable/issues)
Severe vulnerabilities or bugs requiring coordination with OpenSSL can be
sent to the core team at libressl-security@openbsd.org.
# Building LibreSSL #
## Prerequisites when building from a Git checkout ##
If you have checked this source using Git, or have downloaded a source tarball
from Github, follow these initial steps to prepare the source tree for
building. _Note: Your build will fail if you do not follow these instructions! If you cannot follow these instructions (e.g. Windows system using CMake) or cannot meet these prerequistes, please download an official release distribution from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ instead. Using official releases is strongly advised if you are not a developer._
1. Ensure you have the following packages installed:
automake, autoconf, git, libtool, perl
2. Run './autogen.sh' to prepare the source tree for building or
run './dist.sh' to prepare a tarball.
## Steps that apply to all builds ##
Once you have a source tree, either by downloaded using git and having
run the autogen.sh script above, or by downloading a release distribution from
an OpenBSD mirror, run these commands to build and install the package on most
systems:
```sh
./configure # see ./configure --help for configuration options
make check # runs builtin unit tests
make install # set DESTDIR= to install to an alternate location
```
If you wish to use the CMake build system, use these commands:
```sh
mkdir build
cd build
cmake ..
make
make test
```
For faster builds, you can use Ninja as well:
```sh
mkdir build-ninja
cd build-ninja
cmake -G"Ninja" ..
ninja
ninja test
```
### OS specific build information: ###
#### HP-UX (11i) ####
Set the UNIX_STD environment variable to '2003' before running 'configure'
in order to build with the HP C/aC++ compiler. See the "standards(5)" man
page for more details.
```sh
export UNIX_STD=2003
./configure
make
```
#### Windows - Mingw-w64 ####
LibreSSL builds against relatively recent versions of Mingw-w64, not to be
confused with the original mingw.org project. Mingw-w64 3.2 or later
should work. See README.windows for more information
#### Windows - Visual Studio ####
LibreSSL builds using the CMake target "Visual Studio 12 2013" and newer. To
generate a Visual Studio project, install CMake, enter the LibreSSL source
directory and run:
```sh
mkdir build-vs2013
cd build-vs2013
cmake -G"Visual Studio 12 2013" ..
```
Replace "Visual Studion 12 2013" with whatever version of Visual Studio you
have installed. This will generate a LibreSSL.sln file that you can incorporate
into other projects or build by itself.
#### Cmake - Additional Options ####
| Option Name | Default | Description
| ------------ | -----: | ------
| LIBRESSL_SKIP_INSTALL | OFF | allows skipping install() rules. Can be specified from command line using <br>```-DLIBRESSL_SKIP_INSTALL=ON``` |
| ENABLE_ASM | ON | builds assembly optimized rules. |
| ENABLE_EXTRATESTS | OFF | Enable extra tests that may be unreliable on some platforms |
| ENABLE_NC | OFF | Enable installing TLS-enabled nc(1) |
| ENABLE_VSTEST | OFF | Enable test on Visual Studio |
| OPENSSLDIR | Blank | Set the default openssl directory. Can be specified from command line using <br>```-DOPENSSLDIR=<dirname>``` |

37
README.windows
View File

@@ -6,14 +6,14 @@ GCC or Clang as the compiler. Contrary to its name, mingw-w64 supports both
then LibreSSL should integrate very nicely. Old versions of the mingw-w64 then LibreSSL should integrate very nicely. Old versions of the mingw-w64
toolchain, such as the one packaged with Ubuntu 12.04, may have trouble toolchain, such as the one packaged with Ubuntu 12.04, may have trouble
building LibreSSL. Please try it with a recent toolchain if you encounter building LibreSSL. Please try it with a recent toolchain if you encounter
troubles. Cygwin provides an easy method of installing the latest mingw-w64 troubles. If you are building under Cygwin, only builds with the mingw-w64
cross compilers on Windows. compiler are supported, though you can easily use Cygwin to drive the build
process.
To configure and build LibreSSL for a 32-bit system, use the following To configure and build LibreSSL for a 32-bit system, use the following
build steps: build steps:
CC=i686-w64-mingw32-gcc CPPFLAGS=-D__MINGW_USE_VC2005_COMPAT \ CC=i686-w64-mingw32-gcc ./configure --host=i686-w64-mingw32
./configure --host=i686-w64-mingw32
make make
make check make check
@@ -23,25 +23,6 @@ For 64-bit builds, use these instead:
make make
make check make check
# Why the -D__MINGW_USE_VC2005_COMPAT flag on 32-bit systems?
An ABI change introduced with Microsoft Visual C++ 2005 (also known as
Visual C++ 8.0) switched time_t from 32-bit to 64-bit. It is important to
build LibreSSL with 64-bit time_t whenever possible, because 32-bit time_t
is unable to represent times past 2038 (this is commonly known as the
Y2K38 problem).
If LibreSSL is built with 32-bit time_t, when verifying a certificate whose
expiry date is set past 19 January 2038, it will be unable to tell if the
certificate has expired or not, and thus take the safe stance and reject it.
In order to avoid this, you need to build LibreSSL (and everything that links
with it) with the -D__MINGW_USE_VC2005_COMPAT flag. This tells mingw-w64 to
use the new ABI.
64-bit systems always have a 64-bit time_t and are not affected by this
problem.
# Using Libressl with Visual Studio # Using Libressl with Visual Studio
A script for generating ready-to-use .DLL and static .LIB files is included in A script for generating ready-to-use .DLL and static .LIB files is included in
@@ -55,11 +36,5 @@ cv2pdb to generate Visual Studio and windbg compatible debug files. cv2pdb is a
tool developed for the D language and can be found here: tool developed for the D language and can be found here:
https://github.com/rainers/cv2pdb https://github.com/rainers/cv2pdb
Pre-built Windows binaries are available with LibreSSL releases if you do not Pre-build Windows binaries are available with the LibreSSL release for your
have a mingw-w64 build environment. Mingw-w64 code is largely, but not 100%, convenience.
compatible with code built from Visual Studio. Notably, FILE * pointers cannot
be shared between code built for Mingw-w64 and Visual Studio.
As of LibreSSL 2.2.2, Visual Studio Native builds can be produced using CMake.
This produces ABI-compatible libraries for linking with native code generated
by Visual Studio.

1
VERSION Normal file
View File

@@ -0,0 +1 @@
2.1.5

3
apps/CMakeLists.txt
View File

@@ -1,3 +0,0 @@
add_subdirectory(ocspcheck)
add_subdirectory(openssl)
add_subdirectory(nc)

87
apps/Makefile.am
View File

@@ -1,5 +1,88 @@
include $(top_srcdir)/Makefile.am.common include $(top_srcdir)/Makefile.am.common
SUBDIRS = ocspcheck openssl nc bin_PROGRAMS = openssl
EXTRA_DIST = CMakeLists.txt openssl_CFLAGS = $(USER_CFLAGS)
openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
openssl_LDADD += $(top_builddir)/ssl/libssl.la
openssl_LDADD += $(top_builddir)/crypto/libcrypto.la
openssl_SOURCES = apps.c
openssl_SOURCES += asn1pars.c
openssl_SOURCES += ca.c
openssl_SOURCES += ciphers.c
openssl_SOURCES += cms.c
openssl_SOURCES += crl.c
openssl_SOURCES += crl2p7.c
openssl_SOURCES += dgst.c
openssl_SOURCES += dh.c
openssl_SOURCES += dhparam.c
openssl_SOURCES += dsa.c
openssl_SOURCES += dsaparam.c
openssl_SOURCES += ec.c
openssl_SOURCES += ecparam.c
openssl_SOURCES += enc.c
openssl_SOURCES += engine.c
openssl_SOURCES += errstr.c
openssl_SOURCES += gendh.c
openssl_SOURCES += gendsa.c
openssl_SOURCES += genpkey.c
openssl_SOURCES += genrsa.c
openssl_SOURCES += nseq.c
openssl_SOURCES += ocsp.c
openssl_SOURCES += openssl.c
openssl_SOURCES += passwd.c
openssl_SOURCES += pkcs12.c
openssl_SOURCES += pkcs7.c
openssl_SOURCES += pkcs8.c
openssl_SOURCES += pkey.c
openssl_SOURCES += pkeyparam.c
openssl_SOURCES += pkeyutl.c
openssl_SOURCES += prime.c
openssl_SOURCES += rand.c
openssl_SOURCES += req.c
openssl_SOURCES += rsa.c
openssl_SOURCES += rsautl.c
openssl_SOURCES += s_cb.c
openssl_SOURCES += s_client.c
openssl_SOURCES += s_server.c
openssl_SOURCES += s_socket.c
openssl_SOURCES += s_time.c
openssl_SOURCES += sess_id.c
openssl_SOURCES += smime.c
openssl_SOURCES += speed.c
openssl_SOURCES += spkac.c
openssl_SOURCES += ts.c
openssl_SOURCES += verify.c
openssl_SOURCES += version.c
openssl_SOURCES += x509.c
if BUILD_CERTHASH
openssl_SOURCES += certhash.c
else
openssl_SOURCES += certhash_disabled.c
endif
if HOST_WIN
openssl_SOURCES += apps_win.c
else
openssl_SOURCES += apps_posix.c
endif
if !HAVE_POLL
if HOST_WIN
openssl_SOURCES += poll_win.c
endif
endif
if !HAVE_STRTONUM
openssl_SOURCES += strtonum.c
endif
noinst_HEADERS = apps.h
noinst_HEADERS += progs.h
noinst_HEADERS += s_apps.h
noinst_HEADERS += testdsa.h
noinst_HEADERS += testrsa.h
noinst_HEADERS += timeouts.h
noinst_HEADERS += openssl.cnf

29
apps/apps_win.c Normal file
View File

@@ -0,0 +1,29 @@
/*
* Public domain
*
* Dongsheng Song <dongsheng.song@gmail.com>
* Brent Cook <bcook@openbsd.org>
*/
#include <windows.h>
#include "apps.h"
double
app_tminterval(int stop, int usertime)
{
static unsigned __int64 tmstart;
union {
unsigned __int64 u64;
FILETIME ft;
} ct, et, kt, ut;
GetProcessTimes(GetCurrentProcess(), &ct.ft, &et.ft, &kt.ft, &ut.ft);
if (stop == TM_START) {
tmstart = ut.u64 + kt.u64;
} else {
return (ut.u64 + kt.u64 - tmstart) / (double) 10000000;
}
return 0;
}

0
apps/openssl/certhash_win.c → apps/certhash_disabled.c
View File

62
apps/nc/CMakeLists.txt
View File

@@ -1,62 +0,0 @@
if(BUILD_NC)
include_directories(
.
./compat
../../include
../../include/compat
)
set(
NC_SRC
atomicio.c
netcat.c
socks.c
compat/socket.c
)
check_function_exists(b64_ntop HAVE_B64_NTOP)
if(HAVE_B64_NTOP)
add_definitions(-DHAVE_B64_NTOP)
else()
set(NC_SRC ${NC_SRC} compat/base64.c)
endif()
check_function_exists(accept4 HAVE_ACCEPT4)
if(HAVE_ACCEPT4)
add_definitions(-DHAVE_ACCEPT4)
else()
set(NC_SRC ${NC_SRC} compat/accept4.c)
endif()
check_function_exists(readpassphrase HAVE_READPASSPHRASE)
if(HAVE_READPASSPHRASE)
add_definitions(-DHAVE_READPASSPHRASE)
else()
set(NC_SRC ${NC_SRC} compat/readpassphrase.c)
endif()
check_function_exists(strtonum HAVE_STRTONUM)
if(HAVE_STRTONUM)
add_definitions(-DHAVE_STRTONUM)
else()
set(NC_SRC ${NC_SRC} compat/strtonum.c)
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
else()
add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif()
add_executable(nc ${NC_SRC})
target_link_libraries(nc tls ${OPENSSL_LIBS})
if(ENABLE_NC)
if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS nc DESTINATION ${CMAKE_INSTALL_BINDIR})
install(FILES nc.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
endif(ENABLE_LIBRESSL_INSTALL)
endif()
endif()

46
apps/nc/Makefile.am
View File

@@ -1,46 +0,0 @@
include $(top_srcdir)/Makefile.am.common
if BUILD_NC
if ENABLE_NC
bin_PROGRAMS = nc
dist_man_MANS = nc.1
else
noinst_PROGRAMS = nc
endif
EXTRA_DIST = nc.1
EXTRA_DIST += CMakeLists.txt
nc_LDADD = $(abs_top_builddir)/crypto/libcrypto.la
nc_LDADD += $(abs_top_builddir)/ssl/libssl.la
nc_LDADD += $(abs_top_builddir)/tls/libtls.la
nc_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat
nc_SOURCES = atomicio.c
nc_SOURCES += netcat.c
nc_SOURCES += socks.c
noinst_HEADERS = atomicio.h
noinst_HEADERS += compat/sys/socket.h
nc_SOURCES += compat/socket.c
if !HAVE_B64_NTOP
nc_SOURCES += compat/base64.c
endif
if !HAVE_ACCEPT4
nc_SOURCES += compat/accept4.c
endif
if !HAVE_READPASSPHRASE
nc_SOURCES += compat/readpassphrase.c
endif
if !HAVE_STRTONUM
nc_SOURCES += compat/strtonum.c
endif
endif

17
apps/nc/compat/accept4.c
View File

@@ -1,17 +0,0 @@
#include <sys/socket.h>
#include <fcntl.h>
int
accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags)
{
int rets = accept(s, addr, addrlen);
if (rets == -1)
return s;
if (flags & SOCK_CLOEXEC) {
flags = fcntl(s, F_GETFD);
fcntl(rets, F_SETFD, flags | FD_CLOEXEC);
}
return rets;
}

205
apps/nc/compat/readpassphrase.c
View File

@@ -1,205 +0,0 @@
/* $OpenBSD: readpassphrase.c,v 1.22 2010/01/13 10:20:54 dtucker Exp $ */
/*
* Copyright (c) 2000-2002, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */
#include <termios.h>
#include <signal.h>
#include <ctype.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <readpassphrase.h>
#ifndef _PATH_TTY
# define _PATH_TTY "/dev/tty"
#endif
#ifdef TCSASOFT
# define _T_FLUSH (TCSAFLUSH|TCSASOFT)
#else
# define _T_FLUSH (TCSAFLUSH)
#endif
/* SunOS 4.x which lacks _POSIX_VDISABLE, but has VDISABLE */
#if !defined(_POSIX_VDISABLE) && defined(VDISABLE)
# define _POSIX_VDISABLE VDISABLE
#endif
#ifndef _NSIG
# ifdef NSIG
# define _NSIG NSIG
# else
# define _NSIG 128
# endif
#endif
static volatile sig_atomic_t signo[_NSIG];
static void handler(int);
char *
readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
{
ssize_t bytes_written = 0;
ssize_t nr;
int input, output, save_errno, i, need_restart;
char ch, *p, *end;
struct termios term, oterm;
struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
struct sigaction savetstp, savettin, savettou, savepipe;
/* I suppose we could alloc on demand in this case (XXX). */
if (bufsiz == 0) {
errno = EINVAL;
return(NULL);
}
restart:
for (i = 0; i < _NSIG; i++)
signo[i] = 0;
nr = -1;
save_errno = 0;
need_restart = 0;
/*
* Read and write to /dev/tty if available. If not, read from
* stdin and write to stderr unless a tty is required.
*/
if ((flags & RPP_STDIN) ||
(input = output = open(_PATH_TTY, O_RDWR)) == -1) {
if (flags & RPP_REQUIRE_TTY) {
errno = ENOTTY;
return(NULL);
}
input = STDIN_FILENO;
output = STDERR_FILENO;
}
/*
* Catch signals that would otherwise cause the user to end
* up with echo turned off in the shell. Don't worry about
* things like SIGXCPU and SIGVTALRM for now.
*/
sigemptyset(&sa.sa_mask);
sa.sa_flags = 0; /* don't restart system calls */
sa.sa_handler = handler;
(void)sigaction(SIGALRM, &sa, &savealrm);
(void)sigaction(SIGHUP, &sa, &savehup);
(void)sigaction(SIGINT, &sa, &saveint);
(void)sigaction(SIGPIPE, &sa, &savepipe);
(void)sigaction(SIGQUIT, &sa, &savequit);
(void)sigaction(SIGTERM, &sa, &saveterm);
(void)sigaction(SIGTSTP, &sa, &savetstp);
(void)sigaction(SIGTTIN, &sa, &savettin);
(void)sigaction(SIGTTOU, &sa, &savettou);
/* Turn off echo if possible. */
if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
memcpy(&term, &oterm, sizeof(term));
if (!(flags & RPP_ECHO_ON))
term.c_lflag &= ~(ECHO | ECHONL);
#ifdef VSTATUS
if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
term.c_cc[VSTATUS] = _POSIX_VDISABLE;
#endif
(void)tcsetattr(input, _T_FLUSH, &term);
} else {
memset(&term, 0, sizeof(term));
term.c_lflag |= ECHO;
memset(&oterm, 0, sizeof(oterm));
oterm.c_lflag |= ECHO;
}
/* No I/O if we are already backgrounded. */
if (signo[SIGTTOU] != 1 && signo[SIGTTIN] != 1) {
if (!(flags & RPP_STDIN))
bytes_written = write(output, prompt, strlen(prompt));
end = buf + bufsiz - 1;
p = buf;
while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
if (p < end) {
if ((flags & RPP_SEVENBIT))
ch &= 0x7f;
if (isalpha((unsigned char)ch)) {
if ((flags & RPP_FORCELOWER))
ch = (char)tolower((unsigned char)ch);
if ((flags & RPP_FORCEUPPER))
ch = (char)toupper((unsigned char)ch);
}
*p++ = ch;
}
}
*p = '\0';
save_errno = errno;
if (!(term.c_lflag & ECHO))
bytes_written = write(output, "\n", 1);
}
(void) bytes_written;
/* Restore old terminal settings and signals. */
if (memcmp(&term, &oterm, sizeof(term)) != 0) {
while (tcsetattr(input, _T_FLUSH, &oterm) == -1 &&
errno == EINTR)
continue;
}
(void)sigaction(SIGALRM, &savealrm, NULL);
(void)sigaction(SIGHUP, &savehup, NULL);
(void)sigaction(SIGINT, &saveint, NULL);
(void)sigaction(SIGQUIT, &savequit, NULL);
(void)sigaction(SIGPIPE, &savepipe, NULL);
(void)sigaction(SIGTERM, &saveterm, NULL);
(void)sigaction(SIGTSTP, &savetstp, NULL);
(void)sigaction(SIGTTIN, &savettin, NULL);
(void)sigaction(SIGTTOU, &savettou, NULL);
if (input != STDIN_FILENO)
(void)close(input);
/*
* If we were interrupted by a signal, resend it to ourselves
* now that we have restored the signal handlers.
*/
for (i = 0; i < _NSIG; i++) {
if (signo[i]) {
kill(getpid(), i);
switch (i) {
case SIGTSTP:
case SIGTTIN:
case SIGTTOU:
need_restart = 1;
}
}
}
if (need_restart)
goto restart;
if (save_errno)
errno = save_errno;
return(nr == -1 ? NULL : buf);
}
static void handler(int s)
{
signo[s] = 1;
}

29
apps/nc/compat/socket.c
View File

@@ -1,29 +0,0 @@
#define SOCKET_FLAGS_PRIV
#include <sys/socket.h>
#ifdef NEED_SOCKET_FLAGS
#include <fcntl.h>
int
_socket(int domain, int type, int protocol)
{
int s = socket(domain, type & ~(SOCK_CLOEXEC | SOCK_NONBLOCK), protocol);
int flags;
if (s == -1)
return s;
if (type & SOCK_CLOEXEC) {
flags = fcntl(s, F_GETFD);
fcntl(s, F_SETFD, flags | FD_CLOEXEC);
}
if (type & SOCK_NONBLOCK) {
flags = fcntl(s, F_GETFL);
fcntl(s, F_SETFL, flags | O_NONBLOCK);
}
return s;
}
#endif

31
apps/nc/compat/sys/socket.h
View File

@@ -1,31 +0,0 @@
/*
* Public domain
* sys/socket.h compatibility shim
*/
#ifndef _WIN32
#include_next <sys/socket.h>
#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC)
#define NEED_SOCKET_FLAGS
int _socket(int domain, int type, int protocol);
#ifndef SOCKET_FLAGS_PRIV
#define socket(d, t, p) _socket(d, t, p)
#endif
#endif
#ifndef SOCK_NONBLOCK
#define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */
#endif
#ifndef SOCK_CLOEXEC
#define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */
#endif
#ifndef HAVE_ACCEPT4
int accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags);
#endif
#else
#include <win32netcompat.h>
#endif

45
apps/ocspcheck/CMakeLists.txt
View File

@@ -1,45 +0,0 @@
if(NOT MSVC)
include_directories(
.
./compat
../../include
../../include/compat
)
set(
OCSPCHECK_SRC
http.c
ocspcheck.c
)
check_function_exists(inet_ntop HAVE_INET_NTOP)
if(HAVE_INET_NTOP)
add_definitions(-DHAVE_INET_NTOP)
else()
set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/inet_ntop.c)
endif()
check_function_exists(memmem HAVE_MEMMEM)
if(HAVE_MEMMEM)
add_definitions(-DHAVE_MEMMEM)
else()
set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/memmem.c)
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
else()
add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif()
add_executable(ocspcheck ${OCSPCHECK_SRC})
target_link_libraries(ocspcheck tls ${OPENSSL_LIBS})
if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS ocspcheck DESTINATION ${CMAKE_INSTALL_BINDIR})
install(FILES ocspcheck.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8)
endif(ENABLE_LIBRESSL_INSTALL)
endif()

23
apps/ocspcheck/Makefile.am
View File

@@ -1,23 +0,0 @@
include $(top_srcdir)/Makefile.am.common
bin_PROGRAMS = ocspcheck
EXTRA_DIST = ocspcheck.8
EXTRA_DIST += CMakeLists.txt
ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la
ocspcheck_LDADD += $(abs_top_builddir)/ssl/libssl.la
ocspcheck_LDADD += $(abs_top_builddir)/tls/libtls.la
ocspcheck_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
ocspcheck_SOURCES = http.c
ocspcheck_SOURCES += ocspcheck.c
noinst_HEADERS = http.h
if !HAVE_INET_NTOP
ocspcheck_SOURCES += compat/inet_ntop.c
endif
if !HAVE_MEMMEM
ocspcheck_SOURCES += compat/memmem.c
endif

0
apps/ocspcheck/compat/.gitignore vendored
View File

92
apps/openssl/CMakeLists.txt
View File

@@ -1,92 +0,0 @@
include_directories(
.
../../include
../../include/compat
)
set(
OPENSSL_SRC
apps.c
asn1pars.c
ca.c
ciphers.c
crl.c
crl2p7.c
dgst.c
dh.c
dhparam.c
dsa.c
dsaparam.c
ec.c
ecparam.c
enc.c
errstr.c
gendh.c
gendsa.c
genpkey.c
genrsa.c
nseq.c
ocsp.c
openssl.c
passwd.c
pkcs12.c
pkcs7.c
pkcs8.c
pkey.c
pkeyparam.c
pkeyutl.c
prime.c
rand.c
req.c
rsa.c
rsautl.c
s_cb.c
s_client.c
s_server.c
s_socket.c
s_time.c
sess_id.c
smime.c
speed.c
spkac.c
ts.c
verify.c
version.c
x509.c
)
if(CMAKE_HOST_UNIX)
set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c)
set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c)
endif()
if(CMAKE_HOST_WIN32)
set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} certhash_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} compat/poll_win.c)
endif()
check_function_exists(strtonum HAVE_STRTONUM)
if(HAVE_STRTONUM)
add_definitions(-DHAVE_STRTONUM)
else()
set(OPENSSL_SRC ${OPENSSL_SRC} compat/strtonum.c)
endif()
add_executable(openssl ${OPENSSL_SRC})
target_link_libraries(openssl ${OPENSSL_LIBS})
if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR})
install(FILES openssl.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
endif(ENABLE_LIBRESSL_INSTALL)
if(NOT "${OPENSSLDIR}" STREQUAL "")
set(CONF_DIR "${OPENSSLDIR}")
else()
set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
endif()
if(ENABLE_LIBRESSL_INSTALL)
install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
install(DIRECTORY DESTINATION ${CONF_DIR}/certs)
endif(ENABLE_LIBRESSL_INSTALL)

118
apps/openssl/Makefile.am
View File

@@ -1,118 +0,0 @@
include $(top_srcdir)/Makefile.am.common
bin_PROGRAMS = openssl
dist_man_MANS = openssl.1
openssl_LDADD = $(abs_top_builddir)/ssl/libssl.la
openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
openssl_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
openssl_SOURCES = apps.c
openssl_SOURCES += asn1pars.c
openssl_SOURCES += ca.c
openssl_SOURCES += ciphers.c
openssl_SOURCES += crl.c
openssl_SOURCES += crl2p7.c
openssl_SOURCES += dgst.c
openssl_SOURCES += dh.c
openssl_SOURCES += dhparam.c
openssl_SOURCES += dsa.c
openssl_SOURCES += dsaparam.c
openssl_SOURCES += ec.c
openssl_SOURCES += ecparam.c
openssl_SOURCES += enc.c
openssl_SOURCES += errstr.c
openssl_SOURCES += gendh.c
openssl_SOURCES += gendsa.c
openssl_SOURCES += genpkey.c
openssl_SOURCES += genrsa.c
openssl_SOURCES += nseq.c
openssl_SOURCES += ocsp.c
openssl_SOURCES += openssl.c
openssl_SOURCES += passwd.c
openssl_SOURCES += pkcs12.c
openssl_SOURCES += pkcs7.c
openssl_SOURCES += pkcs8.c
openssl_SOURCES += pkey.c
openssl_SOURCES += pkeyparam.c
openssl_SOURCES += pkeyutl.c
openssl_SOURCES += prime.c
openssl_SOURCES += rand.c
openssl_SOURCES += req.c
openssl_SOURCES += rsa.c
openssl_SOURCES += rsautl.c
openssl_SOURCES += s_cb.c
openssl_SOURCES += s_client.c
openssl_SOURCES += s_server.c
openssl_SOURCES += s_socket.c
openssl_SOURCES += s_time.c
openssl_SOURCES += sess_id.c
openssl_SOURCES += smime.c
openssl_SOURCES += speed.c
openssl_SOURCES += spkac.c
openssl_SOURCES += ts.c
openssl_SOURCES += verify.c
openssl_SOURCES += version.c
openssl_SOURCES += x509.c
if BUILD_CERTHASH
openssl_SOURCES += certhash.c
else
openssl_SOURCES += certhash_win.c
endif
if HOST_WIN
openssl_SOURCES += apps_win.c
else
openssl_SOURCES += apps_posix.c
endif
if !HAVE_POLL
if HOST_WIN
openssl_SOURCES += compat/poll_win.c
endif
endif
if !HAVE_STRTONUM
openssl_SOURCES += compat/strtonum.c
endif
noinst_HEADERS = apps.h
noinst_HEADERS += progs.h
noinst_HEADERS += s_apps.h
noinst_HEADERS += testdsa.h
noinst_HEADERS += testrsa.h
noinst_HEADERS += timeouts.h
EXTRA_DIST = cert.pem
EXTRA_DIST += openssl.cnf
EXTRA_DIST += x509v3.cnf
EXTRA_DIST += CMakeLists.txt
install-exec-hook:
@if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
else \
OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
fi; \
mkdir -p "$$OPENSSLDIR/certs"; \
for i in cert.pem openssl.cnf x509v3.cnf; do \
if [ ! -f "$$OPENSSLDIR/$i" ]; then \
$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
else \
echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
fi \
done
uninstall-local:
@if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
else \
OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
fi; \
for i in cert.pem openssl.cnf x509v3.cnf; do \
if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
rm -f "$$OPENSSLDIR/$$i"; \
fi \
done

58
apps/openssl/apps_win.c
View File

@@ -1,58 +0,0 @@
/*
* Public domain
*
* Dongsheng Song <dongsheng.song@gmail.com>
* Brent Cook <bcook@openbsd.org>
*/
#include <windows.h>
#include <io.h>
#include <fcntl.h>
#include "apps.h"
double
app_timer_user(int stop)
{
static unsigned __int64 tmstart;
union {
unsigned __int64 u64;
FILETIME ft;
} ct, et, kt, ut;
GetProcessTimes(GetCurrentProcess(), &ct.ft, &et.ft, &kt.ft, &ut.ft);
if (stop)
return (ut.u64 + kt.u64 - tmstart) / (double) 10000000;
tmstart = ut.u64 + kt.u64;
return 0.0;
}
int
setup_ui(void)
{
ui_method = UI_create_method("OpenSSL application user interface");
UI_method_set_opener(ui_method, ui_open);
UI_method_set_reader(ui_method, ui_read);
UI_method_set_writer(ui_method, ui_write);
UI_method_set_closer(ui_method, ui_close);
/*
* Set STDIO to binary
*/
_setmode(_fileno(stdin), _O_BINARY);
_setmode(_fileno(stdout), _O_BINARY);
_setmode(_fileno(stderr), _O_BINARY);
return 0;
}
void
destroy_ui(void)
{
if (ui_method) {
UI_destroy_method(ui_method);
ui_method = NULL;
}
}

4
apps/openssl/compat/poll_win.c → apps/poll_win.c
View File

@@ -253,9 +253,7 @@ poll(struct pollfd *pfds, nfds_t nfds, int timeout_ms)
looptime_ms = timeout_ms > 100 ? 100 : timeout_ms; looptime_ms = timeout_ms > 100 ? 100 : timeout_ms;
do { do {
struct timeval tv; struct timeval tv = {0, looptime_ms * 1000};
tv.tv_sec = 0;
tv.tv_usec = looptime_ms * 1000;
int handle_signaled = 0; int handle_signaled = 0;
/* /*

9
autogen.sh
View File

@@ -4,12 +4,3 @@ set -e
./update.sh ./update.sh
mkdir -p m4 mkdir -p m4
autoreconf -i -f autoreconf -i -f
# Patch libtool 2.4.2 to pass -fstack-protector as a linker argument
sed 's/-fuse-linker-plugin)/-fuse-linker-plugin|-fstack-protector*)/' \
ltmain.sh > ltmain.sh.fixed
mv -f ltmain.sh.fixed ltmain.sh
# Update config scripts and fixup permissions
find . ! -perm -u=w -exec chmod u+w {} \;
cp scripts/config.* .

71
check-release.sh
View File

@@ -1,71 +0,0 @@
#!/bin/sh
set -e
ver=$1
dir=libressl-$ver
tarball=$dir.tar.gz
tag=v$ver
if [ -z "$LIBRESSL_SSH" ]; then
if ! curl -v 1>/dev/null 2>&1; then
download="curl -O"
elif echo quit | ftp 1>/dev/null 2>&1; then
download=ftp
else
echo "need 'ftp' or 'curl' to verify"
exit
fi
fi
if [ "$ver" = "" ]; then
echo "please specify a version to check, e.g. $0 2.1.2"
exit
fi
if [ ! -e releases/$tarball ]; then
mkdir -p releases
rm -f $tarball
if [ -z "$LIBRESSL_SSH" ]; then
$download http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$tarball releases/
mv $tarball releases
else
scp $LIBRESSL_SSH/$tarball releases
fi
(cd releases; tar zxvf $tarball)
fi
if [ ! -e gen-releases/$tarball ]; then
rm -fr tests man include ssl crypto libtls-standalone/VERSION INSTALL
git checkout OPENBSD_BRANCH update.sh tests man include ssl crypto
git checkout $tag
echo "libressl-$tag" > OPENBSD_BRANCH
sed -i 's/git pull --rebase//' update.sh
./autogen.sh
./configure --enable-libtls
make dist
mkdir -p gen-releases
mv $tarball gen-releases
git checkout OPENBSD_BRANCH update.sh
git checkout master
fi
(cd gen-releases; rm -fr $dir; tar zxf $tarball)
(cd releases; rm -fr $dir; tar zxf $tarball)
echo "differences between release and regenerated release tag:"
diff -urN \
-x *.3 \
-x *.5 \
-x Makefile.in \
-x aclocal.m4 \
-x compile \
-x config.guess \
-x config.sub \
-x configure \
-x depcomp \
-x install-sh \
-x missing \
-x test-driver \
releases/$dir gen-releases/$dir

50
cmake_export_symbol.cmake
View File

@@ -1,50 +0,0 @@
macro(export_symbol TARGET FILENAME)
set(FLAG "")
if(WIN32)
string(REPLACE ".sym" ".def" DEF_FILENAME ${FILENAME})
file(WRITE ${DEF_FILENAME} "EXPORTS\n")
file(READ ${FILENAME} SYMBOLS)
file(APPEND ${DEF_FILENAME} "${SYMBOLS}")
target_sources(${TARGET} PRIVATE ${DEF_FILENAME})
elseif(APPLE)
file(READ ${FILENAME} SYMBOLS)
string(REGEX REPLACE "\n$" "" SYMBOLS ${SYMBOLS})
string(REPLACE "\n" "\n_" SYMBOLS ${SYMBOLS})
string(REGEX REPLACE "(.)$" "\\1\\n" SYMBOLS ${SYMBOLS})
string(REPLACE ".sym" ".exp" EXP_FILENAME ${FILENAME})
file(WRITE ${EXP_FILENAME} "_${SYMBOLS}")
set(FLAG "-exported_symbols_list ${EXP_FILENAME}")
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
file(READ ${FILENAME} SYMBOLS)
string(REGEX REPLACE "\n$" "" SYMBOLS ${SYMBOLS})
string(REPLACE "\n" "\n+e " SYMBOLS ${SYMBOLS})
string(REPLACE ".sym" ".opt" OPT_FILENAME ${FILENAME})
file(WRITE ${OPT_FILENAME} "+e ${SYMBOLS}")
set(FLAG "-Wl,-c,${OPT_FILENAME}")
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS")
file(READ ${FILENAME} SYMBOLS)
string(REPLACE "\n" ";\n" SYMBOLS ${SYMBOLS})
string(REPLACE ".sym" ".ver" VER_FILENAME ${FILENAME})
file(WRITE ${VER_FILENAME}
"{\nglobal:\n${SYMBOLS}\nlocal:\n*;\n};\n")
set(FLAG "-Wl,-M${VER_FILENAME}")
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
elseif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
file(READ ${FILENAME} SYMBOLS)
string(REPLACE "\n" ";\n" SYMBOLS ${SYMBOLS})
string(REPLACE ".sym" ".ver" VER_FILENAME ${FILENAME})
file(WRITE ${VER_FILENAME}
"{\nglobal:\n${SYMBOLS}\nlocal:\n*;\n};\n")
set(FLAG "-Wl,--version-script,\"${VER_FILENAME}\"")
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
endif()
endmacro()

21
cmake_uninstall.cmake.in
View File

@@ -1,21 +0,0 @@
if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files)
string(REGEX REPLACE "\n" ";" files "${files}")
foreach(file ${files})
message(STATUS "Uninstalling $ENV{DESTDIR}${file}")
if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
exec_program(
"@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\""
OUTPUT_VARIABLE rm_out
RETURN_VALUE rm_retval
)
if(NOT "${rm_retval}" STREQUAL 0)
message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}")
endif(NOT "${rm_retval}" STREQUAL 0)
else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
message(STATUS "File $ENV{DESTDIR}${file} does not exist.")
endif(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
endforeach(file)

357
configure.ac
View File

@@ -1,74 +1,291 @@
# Copyright (c) 2014-2015 Brent Cook
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([libressl], m4_esyscmd([tr -d '\n' < VERSION])) AC_INIT([libressl], m4_esyscmd([tr -d '\n' < VERSION]))
AC_SUBST([LIBCRYPTO_VERSION], m4_esyscmd([tr -d '\n' < crypto/VERSION])) AC_SUBST([LIBCRYPTO_VERSION], m4_esyscmd([tr -d '\n' < crypto/VERSION]))
AC_SUBST([LIBSSL_VERSION], m4_esyscmd([tr -d '\n' < ssl/VERSION])) AC_SUBST([LIBSSL_VERSION], m4_esyscmd([tr -d '\n' < ssl/VERSION]))
AC_SUBST([LIBTLS_VERSION], m4_esyscmd([tr -d '\n' < tls/VERSION])) AC_SUBST([LIBTLS_VERSION], m4_esyscmd([tr -d '\n' < tls/VERSION]))
AC_CANONICAL_HOST AC_CANONICAL_HOST
AM_INIT_AUTOMAKE([subdir-objects foreign]) AM_INIT_AUTOMAKE([subdir-objects])
AC_CONFIG_MACRO_DIR([m4]) AC_CONFIG_MACRO_DIR([m4])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
# This must be saved before AC_PROG_CC AC_SUBST([USER_CFLAGS], "$CFLAGS")
USER_CFLAGS="$CFLAGS" CFLAGS="-Wall -std=gnu99 -g -O2"
case $host_os in
*darwin*)
HOST_OS=darwin
HOST_ABI=macosx
;;
*freebsd*)
HOST_OS=freebsd
HOST_ABI=elf
AC_SUBST([PROG_LDADD], ['-lthr'])
;;
*hpux*)
HOST_OS=hpux;
CFLAGS="$CFLAGS -mlp64 -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
AC_SUBST([PLATFORM_LDADD], ['-lpthread'])
;;
*linux*)
HOST_OS=linux
HOST_ABI=elf
CFLAGS="$CFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
;;
*netbsd*)
HOST_OS=netbsd
;;
*openbsd*)
HOST_ABI=elf
AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
;;
*mingw*)
HOST_OS=win
CFLAGS="$CFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600 -DOPENSSL_NO_SPEED -DNO_SYSLOG -D__USE_MINGW_ANSI_STDIO -static-libgcc"
LDFLAGS="$LDFLAGS -static-libgcc"
AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
;;
*solaris*)
HOST_OS=solaris
HOST_ABI=elf
CFLAGS="$CFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
;;
*) ;;
esac
AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin])
AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
AM_CONDITIONAL([HOST_HPUX], [test x$HOST_OS = xhpux])
AM_CONDITIONAL([HOST_LINUX], [test x$HOST_OS = xlinux])
AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd])
AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
AM_CONDITIONAL([HOST_WIN], [test x$HOST_OS = xwin])
AC_CHECK_FUNC([clock_gettime],,
[AC_SEARCH_LIBS([clock_gettime],[rt posix4])])
AC_CHECK_FUNC([dl_iterate_phdr],,
[AC_SEARCH_LIBS([dl_iterate_phdr],[dl])])
AC_PROG_CC AC_PROG_CC
AC_PROG_LIBTOOL
AC_PROG_CC_STDC AC_PROG_CC_STDC
AM_PROG_CC_C_O AM_PROG_CC_C_O
AC_PROG_LIBTOOL
LT_INIT
CHECK_OS_OPTIONS AC_MSG_CHECKING([if compiling with clang])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
#ifndef __clang__
not clang
#endif
]])],
[CLANG=yes],
[CLANG=no]
)
AC_MSG_RESULT([$CLANG])
AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments])
CHECK_C_HARDENING_OPTIONS # We want to check for compiler flag support. Prior to clang v5.1, there was no
# way to make clang's "argument unused" warning fatal. So we invoke the
# compiler through a wrapper script that greps for this message.
saved_CC="$CC"
saved_LD="$LD"
flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
CC="$flag_wrap $CC"
LD="$flag_wrap $LD"
DISABLE_AS_EXECUTABLE_STACK AC_ARG_ENABLE([hardening],
[AS_HELP_STRING([--disable-hardening],
[Disable options to frustrate memory corruption exploits])],
[], [enable_hardening=yes])
AC_ARG_ENABLE([windows-ssp],
[AS_HELP_STRING([--enable-windows-ssp],
[Enable building the stack smashing protection on
Windows. This currently distributing libssp-0.dll.])])
AC_DEFUN([CHECK_CFLAG], [
AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $saved_CC supports "$1"])
old_cflags="$CFLAGS"
CFLAGS="$1 -Wall -Werror"
AC_TRY_LINK([
#include <stdio.h>
],
[printf("Hello")],
AC_MSG_RESULT([yes])
CFLAGS=$old_cflags
HARDEN_CFLAGS="$HARDEN_CFLAGS $1",
AC_MSG_RESULT([no])
CFLAGS=$old_cflags
[$2])
])
AC_DEFUN([CHECK_LDFLAG], [
AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $saved_LD supports "$1"])
old_ldflags="$LDFLAGS"
LDFLAGS="$1 -Wall -Werror"
AC_TRY_LINK([
#include <stdio.h>
],
[printf("Hello")],
AC_MSG_RESULT([yes])
LDFLAGS=$old_ldflags
HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1",
AC_MSG_RESULT([no])
LDFLAGS=$old_ldflags
[$2])
])
AS_IF([test "x$enable_hardening" = "xyes"], [
# Tell GCC to NOT optimize based on signed arithmetic overflow
CHECK_CFLAG([[-fno-strict-overflow]])
# _FORTIFY_SOURCE replaces builtin functions with safer versions.
CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
# Enable read only relocations
CHECK_LDFLAG([[-Wl,-z,relro]])
CHECK_LDFLAG([[-Wl,-z,now]])
# Windows security flags
AS_IF([test "x$HOST_OS" = "xwin"], [
CHECK_LDFLAG([[-Wl,--nxcompat]])
CHECK_LDFLAG([[-Wl,--dynamicbase]])
CHECK_LDFLAG([[-Wl,--high-entropy-va]])
])
# Use stack-protector-strong if available; if not, fallback to
# stack-protector-all which is considered to be overkill
AS_IF([test "x$enable_windows_ssp" = "xyes" -o "x$HOST_OS" != "xwin"], [
CHECK_CFLAG([[-fstack-protector-strong]],
CHECK_CFLAG([[-fstack-protector-all]],
AC_MSG_WARN([compiler does not appear to support stack protection])
)
)
AS_IF([test "x$HOST_OS" = "xwin"], [
AC_SEARCH_LIBS([__stack_chk_guard],[ssp])
])
])
])
# Restore CC, LD
CC="$saved_CC"
LD="$saved_LD"
CFLAGS="$CFLAGS $HARDEN_CFLAGS"
LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
# Removing the dependency on -Wno-pointer-sign should be a goal
save_cflags="$CFLAGS"
CFLAGS=-Wno-pointer-sign
AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[AM_CFLAGS=-Wno-pointer-sign],
[AC_MSG_RESULT([no])]
)
CFLAGS="$save_cflags $AM_CFLAGS"
save_cflags="$CFLAGS"
CFLAGS=
AC_MSG_CHECKING([whether AS supports .note.GNU-stack])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
__asm__(".section .note.GNU-stack,\"\",@progbits");]])],
[AC_MSG_RESULT([yes])]
[AM_CFLAGS=-DHAVE_GNU_STACK],
[AC_MSG_RESULT([no])]
)
CFLAGS="$save_cflags $AM_CFLAGS"
AM_PROG_AS AM_PROG_AS
DISABLE_COMPILER_WARNINGS CFLAGS="$CFLAGS $CLANG_CFLAGS"
LDFLAGS="$LDFLAGS $CLANG_FLAGS"
# Check if the certhash command should be built AC_CHECK_FUNCS([arc4random_buf asprintf explicit_bzero funopen getauxval])
AC_CHECK_FUNCS([getentropy issetugid memmem poll reallocarray])
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
AC_CHECK_FUNCS([symlink]) AC_CHECK_FUNCS([symlink])
AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
# Share test results with automake
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
AM_CONDITIONAL([HAVE_ISSETUGID], [test "x$ac_cv_func_issetugid" = xyes])
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes]) AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes])
# Check if funopen exists # overrides for arc4random_buf implementations with known issues
AC_CHECK_FUNC([funopen]) AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
[test "x$HOST_OS" != xdarwin \
-a "x$HOST_OS" != xfreebsd \
-a "x$HOST_OS" != xnetbsd \
-a "x$ac_cv_func_arc4random_buf" = xyes])
CHECK_LIBC_COMPAT # overrides for issetugid implementations with known issues
CHECK_SYSCALL_COMPAT AM_CONDITIONAL([HAVE_ISSETUGID],
CHECK_CRYPTO_COMPAT [test "x$HOST_OS" != xdarwin \
CHECK_VA_COPY -a "x$ac_cv_func_issetugid" = xyes])
CHECK_B64_NTOP
AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <stdarg.h>
va_list x,y;
]], [[ va_copy(x,y); ]])],
[ ac_cv_have_va_copy="yes" ],
[ ac_cv_have_va_copy="no"
])
])
if test "x$ac_cv_have_va_copy" = "xyes" ; then
AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
fi
AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <stdarg.h>
va_list x,y;
]], [[ __va_copy(x,y); ]])],
[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
])
])
if test "x$ac_cv_have___va_copy" = "xyes" ; then
AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
fi
AC_CHECK_HEADERS([sys/sysctl.h err.h])
AC_ARG_WITH([openssldir], AC_ARG_WITH([openssldir],
AS_HELP_STRING([--with-openssldir], AS_HELP_STRING([--with-openssldir],
[Set the default openssl directory]), [Set the default openssl directory]),
OPENSSLDIR="$withval" AC_DEFINE_UNQUOTED(OPENSSLDIR, "$withval")
AC_SUBST(OPENSSLDIR)
) )
AM_CONDITIONAL([OPENSSLDIR_DEFINED], [test x$with_openssldir != x])
AC_ARG_ENABLE([extratests], AC_ARG_WITH([enginesdir],
AS_HELP_STRING([--enable-extratests], [Enable extra tests that may be unreliable on some platforms])) AS_HELP_STRING([--with-enginesdir],
AM_CONDITIONAL([ENABLE_EXTRATESTS], [test "x$enable_extratests" = xyes]) [Set the default engines directory (use with openssldir)]),
AC_DEFINE_UNQUOTED(ENGINESDIR, "$withval")
)
AC_ARG_ENABLE([asm],
AS_HELP_STRING([--disable-asm], [Disable assembly]))
AM_CONDITIONAL([OPENSSL_NO_ASM], [test "x$enable_asm" = "xno"])
# Add CPU-specific alignment flags
old_cflags=$CFLAGS old_cflags=$CFLAGS
CFLAGS="$CFLAGS -I$srcdir/include" CFLAGS="$USER_CFLAGS -I$srcdir/include"
AC_MSG_CHECKING([if BSWAP4 builds without __STRICT_ALIGNMENT]) AC_MSG_CHECKING([if BSWAP4 builds without __STRICT_ALIGNMENT])
AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"], AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"],
[int a = 0; BSWAP4(a);], [int a = 0; BSWAP4(a);],
@@ -78,40 +295,27 @@ AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"],
BSWAP4=no) BSWAP4=no)
CFLAGS="$old_cflags" CFLAGS="$old_cflags"
AS_CASE([$host_cpu], case $host_cpu in
[*sparc*], [CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT"], *sparc*)
[*arm*], AS_IF([test "x$BSWAP4" = "xyes"],, CFLAGS="$CFLAGS -D__STRICT_ALIGNMENT"
CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT"), ;;
[*amd64*], [host_cpu=x86_64, HOSTARCH=intel], *arm*)
[i?86], [HOSTARCH=intel], AS_IF([test "x$BSWAP4" = "xyes"],,
[x86_64], [HOSTARCH=intel] CFLAGS="$CFLAGS -D__STRICT_ALIGNMENT")
) ;;
AM_CONDITIONAL([HOST_CPU_IS_INTEL], [test "x$HOSTARCH" = "xintel"]) esac
AC_MSG_CHECKING([if .gnu.warning accepts long strings])
AC_LINK_IFELSE([AC_LANG_SOURCE([[
extern void SSLv3_method();
__asm__(".section .gnu.warning.SSLv3_method; .ascii \"SSLv3_method is insecure\" ; .text");
int main() {return 0;}
]])], [
AC_DEFINE(HAS_GNU_WARNING_LONG, 1, [Define if .gnu.warning accepts long strings.])
AC_MSG_RESULT(yes)
], [
AC_MSG_RESULT(no)
])
AC_ARG_ENABLE([asm],
AS_HELP_STRING([--disable-asm], [Disable assembly]))
AM_CONDITIONAL([OPENSSL_NO_ASM], [test "x$enable_asm" = "xno"])
# Conditionally enable assembly by default
AM_CONDITIONAL([HOST_ASM_ELF_X86_64], AM_CONDITIONAL([HOST_ASM_ELF_X86_64],
[test "x$HOST_ABI" = "xelf" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"]) [test "x$HOST_ABI" = "xelf" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
AM_CONDITIONAL([HOST_ASM_MACOSX_X86_64], AM_CONDITIONAL([HOST_ASM_MACOSX_X86_64],
[test "x$HOST_ABI" = "xmacosx" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"]) [test "x$HOST_ABI" = "xmacosx" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
# Check if time_t is sized correctly AC_ARG_ENABLE([libtls],
AC_CHECK_SIZEOF([time_t], [time.h]) AS_HELP_STRING([--enable-libtls], [Enable building the libtls library]))
AM_CONDITIONAL([ENABLE_LIBTLS], [test "x$enable_libtls" = xyes])
AM_COND_IF([ENABLE_LIBTLS], [AC_CONFIG_FILES([libtls.pc])])
LT_INIT
AC_CONFIG_FILES([ AC_CONFIG_FILES([
Makefile Makefile
@@ -122,29 +326,10 @@ AC_CONFIG_FILES([
tls/Makefile tls/Makefile
tests/Makefile tests/Makefile
apps/Makefile apps/Makefile
apps/ocspcheck/Makefile
apps/openssl/Makefile
apps/nc/Makefile
man/Makefile man/Makefile
libcrypto.pc libcrypto.pc
libssl.pc libssl.pc
libtls.pc
openssl.pc openssl.pc
]) ])
AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
if test "$ac_cv_sizeof_time_t" = "4"; then
AC_DEFINE([SMALL_TIME_T])
echo " ** Warning, this system is unable to represent times past 2038"
echo " ** It will behave incorrectly when handling valid RFC5280 dates"
if test "$host_os" = "mingw32" ; then
echo " **"
echo " ** You can solve this by adjusting the build flags in your"
echo " ** mingw-w64 toolchain. Refer to README.windows for details."
fi
fi
AC_REQUIRE_AUX_FILE([tap-driver.sh])
AC_OUTPUT AC_OUTPUT

836
crypto/CMakeLists.txt
View File

@@ -1,836 +0,0 @@
include_directories(
.
../include
../include/compat
asn1
bn
dsa
evp
modes
)
if(HOST_ASM_ELF_X86_64)
set(
ASM_X86_64_ELF_SRC
aes/aes-elf-x86_64.S
aes/bsaes-elf-x86_64.S
aes/vpaes-elf-x86_64.S
aes/aesni-elf-x86_64.S
aes/aesni-sha1-elf-x86_64.S
bn/modexp512-elf-x86_64.S
bn/mont-elf-x86_64.S
bn/mont5-elf-x86_64.S
bn/gf2m-elf-x86_64.S
camellia/cmll-elf-x86_64.S
md5/md5-elf-x86_64.S
modes/ghash-elf-x86_64.S
rc4/rc4-elf-x86_64.S
rc4/rc4-md5-elf-x86_64.S
sha/sha1-elf-x86_64.S
sha/sha256-elf-x86_64.S
sha/sha512-elf-x86_64.S
whrlpool/wp-elf-x86_64.S
cpuid-elf-x86_64.S
)
add_definitions(-DAES_ASM)
add_definitions(-DBSAES_ASM)
add_definitions(-DVPAES_ASM)
add_definitions(-DOPENSSL_IA32_SSE2)
add_definitions(-DOPENSSL_BN_ASM_MONT)
add_definitions(-DOPENSSL_BN_ASM_MONT5)
add_definitions(-DOPENSSL_BN_ASM_GF2m)
add_definitions(-DMD5_ASM)
add_definitions(-DGHASH_ASM)
add_definitions(-DRSA_ASM)
add_definitions(-DSHA1_ASM)
add_definitions(-DSHA256_ASM)
add_definitions(-DSHA512_ASM)
add_definitions(-DWHIRLPOOL_ASM)
add_definitions(-DOPENSSL_CPUID_OBJ)
set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_ELF_SRC})
set_property(SOURCE ${ASM_X86_64_ELF_SRC} PROPERTY LANGUAGE C)
endif()
if(HOST_ASM_MACOSX_X86_64)
set(
ASM_X86_64_MACOSX_SRC
aes/aes-macosx-x86_64.S
aes/bsaes-macosx-x86_64.S
aes/vpaes-macosx-x86_64.S
aes/aesni-macosx-x86_64.S
aes/aesni-sha1-macosx-x86_64.S
bn/modexp512-macosx-x86_64.S
bn/mont-macosx-x86_64.S
bn/mont5-macosx-x86_64.S
bn/gf2m-macosx-x86_64.S
camellia/cmll-macosx-x86_64.S
md5/md5-macosx-x86_64.S
modes/ghash-macosx-x86_64.S
rc4/rc4-macosx-x86_64.S
rc4/rc4-md5-macosx-x86_64.S
sha/sha1-macosx-x86_64.S
sha/sha256-macosx-x86_64.S
sha/sha512-macosx-x86_64.S
whrlpool/wp-macosx-x86_64.S
cpuid-macosx-x86_64.S
)
add_definitions(-DAES_ASM)
add_definitions(-DBSAES_ASM)
add_definitions(-DVPAES_ASM)
add_definitions(-DOPENSSL_IA32_SSE2)
add_definitions(-DOPENSSL_BN_ASM_MONT)
add_definitions(-DOPENSSL_BN_ASM_MONT5)
add_definitions(-DOPENSSL_BN_ASM_GF2m)
add_definitions(-DMD5_ASM)
add_definitions(-DGHASH_ASM)
add_definitions(-DRSA_ASM)
add_definitions(-DSHA1_ASM)
add_definitions(-DSHA256_ASM)
add_definitions(-DSHA512_ASM)
add_definitions(-DWHIRLPOOL_ASM)
add_definitions(-DOPENSSL_CPUID_OBJ)
set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_MACOSX_SRC})
set_property(SOURCE ${ASM_X86_64_MACOSX_SRC} PROPERTY LANGUAGE C)
endif()
if((NOT HOST_ASM_ELF_X86_64) AND (NOT HOST_ASM_MACOSX_X86_64))
set(
CRYPTO_SRC
${CRYPTO_SRC}
aes/aes_cbc.c
aes/aes_core.c
camellia/camellia.c
camellia/cmll_cbc.c
rc4/rc4_enc.c
rc4/rc4_skey.c
whrlpool/wp_block.c
)
endif()
set(
CRYPTO_SRC
${CRYPTO_SRC}
cpt_err.c
cryptlib.c
cversion.c
ex_data.c
malloc-wrapper.c
mem_clr.c
mem_dbg.c
o_init.c
o_str.c
o_time.c
aes/aes_cfb.c
aes/aes_ctr.c
aes/aes_ecb.c
aes/aes_ige.c
aes/aes_misc.c
aes/aes_ofb.c
aes/aes_wrap.c
asn1/a_bitstr.c
asn1/a_bool.c
asn1/a_bytes.c
asn1/a_d2i_fp.c
asn1/a_digest.c
asn1/a_dup.c
asn1/a_enum.c
asn1/a_i2d_fp.c
asn1/a_int.c
asn1/a_mbstr.c
asn1/a_object.c
asn1/a_octet.c
asn1/a_print.c
asn1/a_set.c
asn1/a_sign.c
asn1/a_strex.c
asn1/a_strnid.c
asn1/a_time.c
asn1/a_time_tm.c
asn1/a_type.c
asn1/a_utf8.c
asn1/a_verify.c
asn1/ameth_lib.c
asn1/asn1_err.c
asn1/asn1_gen.c
asn1/asn1_lib.c
asn1/asn1_par.c
asn1/asn_mime.c
asn1/asn_moid.c
asn1/asn_pack.c
asn1/bio_asn1.c
asn1/bio_ndef.c
asn1/d2i_pr.c
asn1/d2i_pu.c
asn1/evp_asn1.c
asn1/f_enum.c
asn1/f_int.c
asn1/f_string.c
asn1/i2d_pr.c
asn1/i2d_pu.c
asn1/n_pkey.c
asn1/nsseq.c
asn1/p5_pbe.c
asn1/p5_pbev2.c
asn1/p8_pkey.c
asn1/t_bitst.c
asn1/t_crl.c
asn1/t_pkey.c
asn1/t_req.c
asn1/t_spki.c
asn1/t_x509.c
asn1/t_x509a.c
asn1/tasn_dec.c
asn1/tasn_enc.c
asn1/tasn_fre.c
asn1/tasn_new.c
asn1/tasn_prn.c
asn1/tasn_typ.c
asn1/tasn_utl.c
asn1/x_algor.c
asn1/x_attrib.c
asn1/x_bignum.c
asn1/x_crl.c
asn1/x_exten.c
asn1/x_info.c
asn1/x_long.c
asn1/x_name.c
asn1/x_nx509.c
asn1/x_pkey.c
asn1/x_pubkey.c
asn1/x_req.c
asn1/x_sig.c
asn1/x_spki.c
asn1/x_val.c
asn1/x_x509.c
asn1/x_x509a.c
bf/bf_cfb64.c
bf/bf_ecb.c
bf/bf_enc.c
bf/bf_ofb64.c
bf/bf_skey.c
bio/b_dump.c
bio/b_print.c
bio/b_sock.c
bio/bf_buff.c
bio/bf_nbio.c
bio/bf_null.c
bio/bio_cb.c
bio/bio_err.c
bio/bio_lib.c
bio/bss_acpt.c
bio/bss_bio.c
bio/bss_conn.c
bio/bss_dgram.c
bio/bss_fd.c
bio/bss_file.c
bio/bss_mem.c
bio/bss_null.c
bio/bss_sock.c
bn/bn_add.c
bn/bn_asm.c
bn/bn_blind.c
bn/bn_const.c
bn/bn_ctx.c
bn/bn_depr.c
bn/bn_div.c
bn/bn_err.c
bn/bn_exp.c
bn/bn_exp2.c
bn/bn_gcd.c
bn/bn_gf2m.c
bn/bn_kron.c
bn/bn_lib.c
bn/bn_mod.c
bn/bn_mont.c
bn/bn_mpi.c
bn/bn_mul.c
bn/bn_nist.c
bn/bn_prime.c
bn/bn_print.c
bn/bn_rand.c
bn/bn_recp.c
bn/bn_shift.c
bn/bn_sqr.c
bn/bn_sqrt.c
bn/bn_word.c
bn/bn_x931p.c
buffer/buf_err.c
buffer/buf_str.c
buffer/buffer.c
camellia/cmll_cfb.c
camellia/cmll_ctr.c
camellia/cmll_ecb.c
camellia/cmll_misc.c
camellia/cmll_ofb.c
cast/c_cfb64.c
cast/c_ecb.c
cast/c_enc.c
cast/c_ofb64.c
cast/c_skey.c
chacha/chacha.c
cmac/cm_ameth.c
cmac/cm_pmeth.c
cmac/cmac.c
comp/c_rle.c
comp/c_zlib.c
comp/comp_err.c
comp/comp_lib.c
conf/conf_api.c
conf/conf_def.c
conf/conf_err.c
conf/conf_lib.c
conf/conf_mall.c
conf/conf_mod.c
conf/conf_sap.c
curve25519/curve25519-generic.c
curve25519/curve25519.c
des/cbc_cksm.c
des/cbc_enc.c
des/cfb64ede.c
des/cfb64enc.c
des/cfb_enc.c
des/des_enc.c
des/ecb3_enc.c
des/ecb_enc.c
des/ede_cbcm_enc.c
des/enc_read.c
des/enc_writ.c
des/fcrypt.c
des/fcrypt_b.c
des/ofb64ede.c
des/ofb64enc.c
des/ofb_enc.c
des/pcbc_enc.c
des/qud_cksm.c
des/rand_key.c
des/set_key.c
des/str2key.c
des/xcbc_enc.c
dh/dh_ameth.c
dh/dh_asn1.c
dh/dh_check.c
dh/dh_depr.c
dh/dh_err.c
dh/dh_gen.c
dh/dh_key.c
dh/dh_lib.c
dh/dh_pmeth.c
dh/dh_prn.c
dsa/dsa_ameth.c
dsa/dsa_asn1.c
dsa/dsa_depr.c
dsa/dsa_err.c
dsa/dsa_gen.c
dsa/dsa_key.c
dsa/dsa_lib.c
dsa/dsa_ossl.c
dsa/dsa_pmeth.c
dsa/dsa_prn.c
dsa/dsa_sign.c
dsa/dsa_vrf.c
dso/dso_dlfcn.c
dso/dso_err.c
dso/dso_lib.c
dso/dso_null.c
dso/dso_openssl.c
ec/ec2_mult.c
ec/ec2_oct.c
ec/ec2_smpl.c
ec/ec_ameth.c
ec/ec_asn1.c
ec/ec_check.c
ec/ec_curve.c
ec/ec_cvt.c
ec/ec_err.c
ec/ec_key.c
ec/ec_lib.c
ec/ec_mult.c
ec/ec_oct.c
ec/ec_pmeth.c
ec/ec_print.c
ec/eck_prn.c
ec/ecp_mont.c
ec/ecp_nist.c
ec/ecp_oct.c
ec/ecp_smpl.c
ecdh/ech_err.c
ecdh/ech_key.c
ecdh/ech_lib.c
ecdsa/ecs_asn1.c
ecdsa/ecs_err.c
ecdsa/ecs_lib.c
ecdsa/ecs_ossl.c
ecdsa/ecs_sign.c
ecdsa/ecs_vrf.c
engine/eng_all.c
engine/eng_cnf.c
engine/eng_ctrl.c
engine/eng_dyn.c
engine/eng_err.c
engine/eng_fat.c
engine/eng_init.c
engine/eng_lib.c
engine/eng_list.c
engine/eng_openssl.c
engine/eng_pkey.c
engine/eng_table.c
engine/tb_asnmth.c
engine/tb_cipher.c
engine/tb_dh.c
engine/tb_digest.c
engine/tb_dsa.c
engine/tb_ecdh.c
engine/tb_ecdsa.c
engine/tb_pkmeth.c
engine/tb_rand.c
engine/tb_rsa.c
engine/tb_store.c
err/err.c
err/err_all.c
err/err_prn.c
evp/bio_b64.c
evp/bio_enc.c
evp/bio_md.c
evp/c_all.c
evp/digest.c
evp/e_aes.c
evp/e_aes_cbc_hmac_sha1.c
evp/e_bf.c
evp/e_camellia.c
evp/e_cast.c
evp/e_chacha.c
evp/e_chacha20poly1305.c
evp/e_des.c
evp/e_des3.c
evp/e_gost2814789.c
evp/e_idea.c
evp/e_null.c
evp/e_old.c
evp/e_rc2.c
evp/e_rc4.c
evp/e_rc4_hmac_md5.c
evp/e_xcbc_d.c
evp/encode.c
evp/evp_aead.c
evp/evp_enc.c
evp/evp_err.c
evp/evp_key.c
evp/evp_lib.c
evp/evp_pbe.c
evp/evp_pkey.c
evp/m_dss.c
evp/m_dss1.c
evp/m_ecdsa.c
evp/m_gost2814789.c
evp/m_gostr341194.c
evp/m_md4.c
evp/m_md5.c
evp/m_md5_sha1.c
evp/m_null.c
evp/m_ripemd.c
evp/m_sha1.c
evp/m_sigver.c
evp/m_streebog.c
evp/m_wp.c
evp/names.c
evp/p5_crpt.c
evp/p5_crpt2.c
evp/p_dec.c
evp/p_enc.c
evp/p_lib.c
evp/p_open.c
evp/p_seal.c
evp/p_sign.c
evp/p_verify.c
evp/pmeth_fn.c
evp/pmeth_gn.c
evp/pmeth_lib.c
gost/gost2814789.c
gost/gost89_keywrap.c
gost/gost89_params.c
gost/gost89imit_ameth.c
gost/gost89imit_pmeth.c
gost/gost_asn1.c
gost/gost_err.c
gost/gostr341001.c
gost/gostr341001_ameth.c
gost/gostr341001_key.c
gost/gostr341001_params.c
gost/gostr341001_pmeth.c
gost/gostr341194.c
gost/streebog.c
hkdf/hkdf.c
hmac/hm_ameth.c
hmac/hm_pmeth.c
hmac/hmac.c
idea/i_cbc.c
idea/i_cfb64.c
idea/i_ecb.c
idea/i_ofb64.c
idea/i_skey.c
lhash/lh_stats.c
lhash/lhash.c
md4/md4_dgst.c
md4/md4_one.c
md5/md5_dgst.c
md5/md5_one.c
modes/cbc128.c
modes/ccm128.c
modes/cfb128.c
modes/ctr128.c
modes/cts128.c
modes/gcm128.c
modes/ofb128.c
modes/xts128.c
objects/o_names.c
objects/obj_dat.c
objects/obj_err.c
objects/obj_lib.c
objects/obj_xref.c
ocsp/ocsp_asn.c
ocsp/ocsp_cl.c
ocsp/ocsp_err.c
ocsp/ocsp_ext.c
ocsp/ocsp_ht.c
ocsp/ocsp_lib.c
ocsp/ocsp_prn.c
ocsp/ocsp_srv.c
ocsp/ocsp_vfy.c
pem/pem_all.c
pem/pem_err.c
pem/pem_info.c
pem/pem_lib.c
pem/pem_oth.c
pem/pem_pk8.c
pem/pem_pkey.c
pem/pem_seal.c
pem/pem_sign.c
pem/pem_x509.c
pem/pem_xaux.c
pem/pvkfmt.c
pkcs12/p12_add.c
pkcs12/p12_asn.c
pkcs12/p12_attr.c
pkcs12/p12_crpt.c
pkcs12/p12_crt.c
pkcs12/p12_decr.c
pkcs12/p12_init.c
pkcs12/p12_key.c
pkcs12/p12_kiss.c
pkcs12/p12_mutl.c
pkcs12/p12_npas.c
pkcs12/p12_p8d.c
pkcs12/p12_p8e.c
pkcs12/p12_utl.c
pkcs12/pk12err.c
pkcs7/bio_pk7.c
pkcs7/pk7_asn1.c
pkcs7/pk7_attr.c
pkcs7/pk7_doit.c
pkcs7/pk7_lib.c
pkcs7/pk7_mime.c
pkcs7/pk7_smime.c
pkcs7/pkcs7err.c
poly1305/poly1305.c
rand/rand_err.c
rand/rand_lib.c
rand/randfile.c
rc2/rc2_cbc.c
rc2/rc2_ecb.c
rc2/rc2_skey.c
rc2/rc2cfb64.c
rc2/rc2ofb64.c
ripemd/rmd_dgst.c
ripemd/rmd_one.c
rsa/rsa_ameth.c
rsa/rsa_asn1.c
rsa/rsa_chk.c
rsa/rsa_crpt.c
rsa/rsa_depr.c
rsa/rsa_eay.c
rsa/rsa_err.c
rsa/rsa_gen.c
rsa/rsa_lib.c
rsa/rsa_none.c
rsa/rsa_oaep.c
rsa/rsa_pk1.c
rsa/rsa_pmeth.c
rsa/rsa_prn.c
rsa/rsa_pss.c
rsa/rsa_saos.c
rsa/rsa_sign.c
rsa/rsa_x931.c
sha/sha1_one.c
sha/sha1dgst.c
sha/sha256.c
sha/sha512.c
stack/stack.c
ts/ts_asn1.c
ts/ts_conf.c
ts/ts_err.c
ts/ts_lib.c
ts/ts_req_print.c
ts/ts_req_utils.c
ts/ts_rsp_print.c
ts/ts_rsp_sign.c
ts/ts_rsp_utils.c
ts/ts_rsp_verify.c
ts/ts_verify_ctx.c
txt_db/txt_db.c
ui/ui_err.c
ui/ui_lib.c
ui/ui_util.c
whrlpool/wp_dgst.c
x509/by_dir.c
x509/by_file.c
x509/by_mem.c
x509/x509_att.c
x509/x509_cmp.c
x509/x509_d2.c
x509/x509_def.c
x509/x509_err.c
x509/x509_ext.c
x509/x509_lu.c
x509/x509_obj.c
x509/x509_r2x.c
x509/x509_req.c
x509/x509_set.c
x509/x509_trs.c
x509/x509_txt.c
x509/x509_v3.c
x509/x509_vfy.c
x509/x509_vpm.c
x509/x509cset.c
x509/x509name.c
x509/x509rset.c
x509/x509spki.c
x509/x509type.c
x509/x_all.c
x509v3/pcy_cache.c
x509v3/pcy_data.c
x509v3/pcy_lib.c
x509v3/pcy_map.c
x509v3/pcy_node.c
x509v3/pcy_tree.c
x509v3/v3_akey.c
x509v3/v3_akeya.c
x509v3/v3_alt.c
x509v3/v3_bcons.c
x509v3/v3_bitst.c
x509v3/v3_conf.c
x509v3/v3_cpols.c
x509v3/v3_crld.c
x509v3/v3_enum.c
x509v3/v3_extku.c
x509v3/v3_genn.c
x509v3/v3_ia5.c
x509v3/v3_info.c
x509v3/v3_int.c
x509v3/v3_lib.c
x509v3/v3_ncons.c
x509v3/v3_ocsp.c
x509v3/v3_pci.c
x509v3/v3_pcia.c
x509v3/v3_pcons.c
x509v3/v3_pku.c
x509v3/v3_pmaps.c
x509v3/v3_prn.c
x509v3/v3_purp.c
x509v3/v3_skey.c
x509v3/v3_sxnet.c
x509v3/v3_utl.c
x509v3/v3err.c
)
if(CMAKE_HOST_UNIX)
set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_posix.c)
set(CRYPTO_SRC ${CRYPTO_SRC} bio/bss_log.c)
set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl.c)
endif()
if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_win.c)
set(CRYPTO_UNEXPORT ${CRYPTO_UNEXPORT} BIO_s_log)
set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl_win.c)
endif()
if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/posix_win.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} gettimeofday)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_perror)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_fopen)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_fgets)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_open)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_rename)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_connect)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_close)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_read)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_write)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_getsockopt)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_setsockopt)
set(EXTRA_EXPORT ${EXTRA_EXPORT} sleep)
endif()
if(NOT HAVE_ASPRINTF)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/bsd-asprintf.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} asprintf)
set(EXTRA_EXPORT ${EXTRA_EXPORT} vasprintf)
endif()
if(NOT HAVE_FREEZERO)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/freezero.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} freezero)
endif()
if(NOT HAVE_GETPAGESIZE)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getpagesize.c)
endif()
if(NOT HAVE_INET_PTON)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/inet_pton.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} inet_pton)
endif()
if(NOT HAVE_REALLOCARRAY)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/reallocarray.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} reallocarray)
endif()
if(NOT HAVE_RECALLOCARRAY)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/recallocarray.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} recallocarray)
endif()
if(NOT HAVE_STRCASECMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strcasecmp.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strcasecmp)
endif()
if(NOT HAVE_STRLCAT)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcat.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strlcat)
endif()
if(NOT HAVE_STRLCPY)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcpy.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strlcpy)
endif()
if(NOT HAVE_STRNDUP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strndup.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strndup)
if(NOT HAVE_STRNLEN)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strnlen.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strnlen)
endif()
endif()
if(NOT HAVE_STRSEP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strsep.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strsep)
endif()
if(NOT HAVE_TIMEGM)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timegm.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} timegm)
endif()
if(NOT HAVE_EXPLICIT_BZERO)
if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero_win.c)
else()
set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero.c)
set_source_files_properties(compat/explicit_bzero.c PROPERTIES COMPILE_FLAGS -O0)
endif()
set(EXTRA_EXPORT ${EXTRA_EXPORT} explicit_bzero)
endif()
if(NOT HAVE_ARC4RANDOM_BUF)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random.c)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random_uniform.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random)
set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_buf)
set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_uniform)
if(NOT HAVE_GETENTROPY)
if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_win.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "AIX")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_hpux.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "Linux")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_netbsd.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "Darwin")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_osx.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_solaris.c)
endif()
set(EXTRA_EXPORT ${EXTRA_EXPORT} getentropy)
endif()
endif()
if(NOT HAVE_TIMINGSAFE_BCMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_bcmp)
endif()
if(NOT HAVE_TIMINGSAFE_MEMCMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_memcmp)
endif()
if(NOT ENABLE_ASM)
add_definitions(-DOPENSSL_NO_ASM)
else()
if(CMAKE_HOST_WIN32)
add_definitions(-DOPENSSL_NO_ASM)
endif()
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
add_definitions(-DOPENSSLDIR=\"${OPENSSLDIR}\")
else()
add_definitions(-DOPENSSLDIR=\"${CMAKE_INSTALL_PREFIX}/etc/ssl\")
endif()
file(READ ${CMAKE_CURRENT_SOURCE_DIR}/crypto.sym SYMS)
foreach(SYM IN LISTS CRYPTO_UNEXPORT)
string(REPLACE "${SYM}\n" "" SYMS ${SYMS})
endforeach()
file(WRITE ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym ${SYMS})
if(EXTRA_EXPORT)
list(SORT EXTRA_EXPORT)
foreach(SYM IN LISTS EXTRA_EXPORT)
file(APPEND ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym "${SYM}\n")
endforeach()
endif()
add_library(crypto-objects OBJECT ${CRYPTO_SRC})
if (BUILD_SHARED)
add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>)
add_library(crypto-shared SHARED $<TARGET_OBJECTS:crypto-objects>)
export_symbol(crypto-shared ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym)
if (WIN32)
target_link_libraries(crypto-shared Ws2_32.lib)
set(CRYPTO_POSTFIX -${CRYPTO_MAJOR_VERSION})
endif()
set_target_properties(crypto-shared PROPERTIES
OUTPUT_NAME crypto${CRYPTO_POSTFIX}
ARCHIVE_OUTPUT_NAME crypto${CRYPTO_POSTFIX})
set_target_properties(crypto-shared PROPERTIES VERSION
${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS crypto crypto-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif(ENABLE_LIBRESSL_INSTALL)
else()
add_library(crypto STATIC ${CRYPTO_SRC})
if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS crypto DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif(ENABLE_LIBRESSL_INSTALL)
endif()

226
crypto/Makefile.am
View File

@@ -1,136 +1,37 @@
include $(top_srcdir)/Makefile.am.common include $(top_srcdir)/Makefile.am.common
AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1 AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I$(top_srcdir)/crypto/bn
AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I$(top_srcdir)/crypto
lib_LTLIBRARIES = libcrypto.la lib_LTLIBRARIES = libcrypto.la
EXTRA_DIST = VERSION EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
EXTRA_DIST += crypto.sym
# needed for a CMake target libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
EXTRA_DIST += compat/strcasecmp.c libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la
libcrypto_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
BUILT_SOURCES = crypto_portable.sym libcrypto_la_CFLAGS += -DOPENSSL_NO_HW_PADLOCK
CLEANFILES = crypto_portable.sym
crypto_portable.sym:
-echo "generating crypto_portable.sym ..."
-cp $(top_srcdir)/crypto/crypto.sym crypto_portable.sym
-chmod u+w crypto_portable.sym
if !HAVE_ARC4RANDOM_BUF
-echo arc4random >> crypto_portable.sym
-echo arc4random_buf >> crypto_portable.sym
-echo arc4random_uniform >> crypto_portable.sym
if !HAVE_GETENTROPY
-echo getentropy >> crypto_portable.sym
endif
endif
if !HAVE_ASPRINTF
-echo asprintf >> crypto_portable.sym
-echo vasprintf >> crypto_portable.sym
endif
if !HAVE_EXPLICIT_BZERO
-echo explicit_bzero >> crypto_portable.sym
endif
if !HAVE_FREEZERO
-echo freezero >> crypto_portable.sym
endif
if !HAVE_INET_PTON
-echo inet_pton >> crypto_portable.sym
endif
if !HAVE_REALLOCARRAY
-echo reallocarray >> crypto_portable.sym
endif
if !HAVE_RECALLOCARRAY
-echo recallocarray >> crypto_portable.sym
endif
if !HAVE_STRLCAT
-echo strlcat >> crypto_portable.sym
endif
if !HAVE_STRLCPY
-echo strlcpy >> crypto_portable.sym
endif
if !HAVE_STRNDUP
-echo strndup >> crypto_portable.sym
endif
if !HAVE_STRNLEN
-echo strnlen >> crypto_portable.sym
endif
if !HAVE_STRSEP
-echo strsep >> crypto_portable.sym
endif
if !HAVE_TIMEGM
-echo timegm >> crypto_portable.sym
endif
if !HAVE_TIMINGSAFE_BCMP
-echo timingsafe_bcmp >> crypto_portable.sym
endif
if !HAVE_TIMINGSAFE_MEMCMP
-echo timingsafe_memcmp >> crypto_portable.sym
endif
if HOST_CPU_IS_INTEL
-echo OPENSSL_ia32cap_P >> crypto_portable.sym
endif
if HOST_WIN
-echo posix_perror >> crypto_portable.sym
-echo posix_fopen >> crypto_portable.sym
-echo posix_fgets >> crypto_portable.sym
-echo posix_open >> crypto_portable.sym
-echo posix_rename >> crypto_portable.sym
-echo posix_connect >> crypto_portable.sym
-echo posix_close >> crypto_portable.sym
-echo posix_read >> crypto_portable.sym
-echo posix_write >> crypto_portable.sym
-echo posix_getsockopt >> crypto_portable.sym
-echo posix_setsockopt >> crypto_portable.sym
-grep -v BIO_s_log crypto_portable.sym > crypto_portable.sym.tmp
-mv crypto_portable.sym.tmp crypto_portable.sym
endif
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym
libcrypto_la_LIBADD = libcompat.la
if !HAVE_EXPLICIT_BZERO
libcrypto_la_LIBADD += libcompatnoopt.la
endif
libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS)
libcrypto_la_CPPFLAGS += -DLIBRESSL_INTERNAL
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_HW_PADLOCK
if OPENSSL_NO_ASM if OPENSSL_NO_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_ASM libcrypto_la_CFLAGS += -DOPENSSL_NO_ASM
else else
if HOST_WIN if HOST_WIN
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_ASM libcrypto_la_CFLAGS += -DOPENSSL_NO_ASM
endif endif
endif endif
if OPENSSLDIR_DEFINED noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
libcrypto_la_CPPFLAGS += -DOPENSSLDIR=\"@OPENSSLDIR@\"
else
libcrypto_la_CPPFLAGS += -DOPENSSLDIR=\"$(sysconfdir)/ssl\"
endif
noinst_LTLIBRARIES = libcompat.la
# compatibility functions that need to be built without optimizations # compatibility functions that need to be built without optimizations
if !HAVE_EXPLICIT_BZERO
noinst_LTLIBRARIES += libcompatnoopt.la
libcompatnoopt_la_CFLAGS = -O0 libcompatnoopt_la_CFLAGS = -O0
libcompatnoopt_la_SOURCES = libcompatnoopt_la_SOURCES =
if HOST_WIN if !HAVE_EXPLICIT_BZERO
libcompatnoopt_la_SOURCES += compat/explicit_bzero_win.c
else
libcompatnoopt_la_SOURCES += compat/explicit_bzero.c libcompatnoopt_la_SOURCES += compat/explicit_bzero.c
endif endif
endif
# other compatibility functions # other compatibility functions
libcompat_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
libcompat_la_SOURCES = libcompat_la_SOURCES =
libcompat_la_LIBADD = $(PLATFORM_LDADD) libcompat_la_LIBADD = $(PLATFORM_LDADD)
@@ -150,38 +51,14 @@ libcompat_la_SOURCES += compat/strnlen.c
endif endif
endif endif
if !HAVE_STRSEP
libcompat_la_SOURCES += compat/strsep.c
endif
if !HAVE_ASPRINTF if !HAVE_ASPRINTF
libcompat_la_SOURCES += compat/bsd-asprintf.c libcompat_la_SOURCES += compat/bsd-asprintf.c
endif endif
if !HAVE_FREEZERO
libcompat_la_SOURCES += compat/freezero.c
endif
if !HAVE_GETPAGESIZE
libcompat_la_SOURCES += compat/getpagesize.c
endif
if !HAVE_INET_PTON
libcompat_la_SOURCES += compat/inet_pton.c
endif
if !HAVE_TIMEGM
libcompat_la_SOURCES += compat/timegm.c
endif
if !HAVE_REALLOCARRAY if !HAVE_REALLOCARRAY
libcompat_la_SOURCES += compat/reallocarray.c libcompat_la_SOURCES += compat/reallocarray.c
endif endif
if !HAVE_RECALLOCARRAY
libcompat_la_SOURCES += compat/recallocarray.c
endif
if !HAVE_TIMINGSAFE_MEMCMP if !HAVE_TIMINGSAFE_MEMCMP
libcompat_la_SOURCES += compat/timingsafe_memcmp.c libcompat_la_SOURCES += compat/timingsafe_memcmp.c
endif endif
@@ -190,11 +67,60 @@ if !HAVE_TIMINGSAFE_BCMP
libcompat_la_SOURCES += compat/timingsafe_bcmp.c libcompat_la_SOURCES += compat/timingsafe_bcmp.c
endif endif
if !HAVE_ARC4RANDOM_BUF
libcompat_la_SOURCES += compat/arc4random.c
if !HAVE_GETENTROPY
if HOST_FREEBSD
libcompat_la_SOURCES += compat/getentropy_freebsd.c
endif
if HOST_HPUX
libcompat_la_SOURCES += compat/getentropy_hpux.c
endif
if HOST_LINUX
libcompat_la_SOURCES += compat/getentropy_linux.c
endif
if HOST_NETBSD
libcompat_la_SOURCES += compat/getentropy_netbsd.c
endif
if HOST_DARWIN
libcompat_la_SOURCES += compat/getentropy_osx.c
endif
if HOST_SOLARIS
libcompat_la_SOURCES += compat/getentropy_solaris.c
endif
if HOST_WIN if HOST_WIN
libcompat_la_SOURCES += compat/posix_win.c libcompat_la_SOURCES += compat/getentropy_win.c
endif
endif endif
include Makefile.am.arc4random endif
if !HAVE_ISSETUGID
if HOST_LINUX
libcompat_la_SOURCES += compat/issetugid_linux.c
endif
if HOST_HPUX
libcompat_la_SOURCES += compat/issetugid_hpux.c
endif
if HOST_DARWIN
libcompat_la_SOURCES += compat/issetugid_osx.c
endif
if HOST_WIN
libcompat_la_SOURCES += compat/issetugid_win.c
endif
endif
noinst_HEADERS =
noinst_HEADERS += compat/arc4random.h
noinst_HEADERS += compat/arc4random_freebsd.h
noinst_HEADERS += compat/arc4random_hpux.h
noinst_HEADERS += compat/arc4random_linux.h
noinst_HEADERS += compat/arc4random_netbsd.h
noinst_HEADERS += compat/arc4random_osx.h
noinst_HEADERS += compat/arc4random_solaris.h
noinst_HEADERS += compat/arc4random_win.h
noinst_HEADERS += compat/chacha_private.h
libcrypto_la_SOURCES = libcrypto_la_SOURCES =
EXTRA_libcrypto_la_SOURCES = EXTRA_libcrypto_la_SOURCES =
@@ -224,11 +150,9 @@ libcrypto_la_SOURCES += mem_dbg.c
libcrypto_la_SOURCES += o_init.c libcrypto_la_SOURCES += o_init.c
libcrypto_la_SOURCES += o_str.c libcrypto_la_SOURCES += o_str.c
libcrypto_la_SOURCES += o_time.c libcrypto_la_SOURCES += o_time.c
noinst_HEADERS += constant_time_locl.h
noinst_HEADERS += cryptlib.h noinst_HEADERS += cryptlib.h
noinst_HEADERS += md32_common.h noinst_HEADERS += md32_common.h
noinst_HEADERS += o_time.h noinst_HEADERS += o_time.h
noinst_HEADERS += x86_arch.h
# aes # aes
libcrypto_la_SOURCES += aes/aes_cfb.c libcrypto_la_SOURCES += aes/aes_cfb.c
@@ -248,6 +172,7 @@ libcrypto_la_SOURCES += asn1/a_d2i_fp.c
libcrypto_la_SOURCES += asn1/a_digest.c libcrypto_la_SOURCES += asn1/a_digest.c
libcrypto_la_SOURCES += asn1/a_dup.c libcrypto_la_SOURCES += asn1/a_dup.c
libcrypto_la_SOURCES += asn1/a_enum.c libcrypto_la_SOURCES += asn1/a_enum.c
libcrypto_la_SOURCES += asn1/a_gentm.c
libcrypto_la_SOURCES += asn1/a_i2d_fp.c libcrypto_la_SOURCES += asn1/a_i2d_fp.c
libcrypto_la_SOURCES += asn1/a_int.c libcrypto_la_SOURCES += asn1/a_int.c
libcrypto_la_SOURCES += asn1/a_mbstr.c libcrypto_la_SOURCES += asn1/a_mbstr.c
@@ -259,8 +184,8 @@ libcrypto_la_SOURCES += asn1/a_sign.c
libcrypto_la_SOURCES += asn1/a_strex.c libcrypto_la_SOURCES += asn1/a_strex.c
libcrypto_la_SOURCES += asn1/a_strnid.c libcrypto_la_SOURCES += asn1/a_strnid.c
libcrypto_la_SOURCES += asn1/a_time.c libcrypto_la_SOURCES += asn1/a_time.c
libcrypto_la_SOURCES += asn1/a_time_tm.c
libcrypto_la_SOURCES += asn1/a_type.c libcrypto_la_SOURCES += asn1/a_type.c
libcrypto_la_SOURCES += asn1/a_utctm.c
libcrypto_la_SOURCES += asn1/a_utf8.c libcrypto_la_SOURCES += asn1/a_utf8.c
libcrypto_la_SOURCES += asn1/a_verify.c libcrypto_la_SOURCES += asn1/a_verify.c
libcrypto_la_SOURCES += asn1/ameth_lib.c libcrypto_la_SOURCES += asn1/ameth_lib.c
@@ -351,9 +276,7 @@ libcrypto_la_SOURCES += bio/bss_conn.c
libcrypto_la_SOURCES += bio/bss_dgram.c libcrypto_la_SOURCES += bio/bss_dgram.c
libcrypto_la_SOURCES += bio/bss_fd.c libcrypto_la_SOURCES += bio/bss_fd.c
libcrypto_la_SOURCES += bio/bss_file.c libcrypto_la_SOURCES += bio/bss_file.c
if !HOST_WIN
libcrypto_la_SOURCES += bio/bss_log.c libcrypto_la_SOURCES += bio/bss_log.c
endif
libcrypto_la_SOURCES += bio/bss_mem.c libcrypto_la_SOURCES += bio/bss_mem.c
libcrypto_la_SOURCES += bio/bss_null.c libcrypto_la_SOURCES += bio/bss_null.c
libcrypto_la_SOURCES += bio/bss_sock.c libcrypto_la_SOURCES += bio/bss_sock.c
@@ -438,12 +361,6 @@ libcrypto_la_SOURCES += conf/conf_mod.c
libcrypto_la_SOURCES += conf/conf_sap.c libcrypto_la_SOURCES += conf/conf_sap.c
noinst_HEADERS += conf/conf_def.h noinst_HEADERS += conf/conf_def.h
# curve25519
libcrypto_la_SOURCES += curve25519/curve25519-generic.c
libcrypto_la_SOURCES += curve25519/curve25519.c
noinst_HEADERS += curve25519/curve25519_internal.h
# des # des
libcrypto_la_SOURCES += des/cbc_cksm.c libcrypto_la_SOURCES += des/cbc_cksm.c
libcrypto_la_SOURCES += des/cbc_enc.c libcrypto_la_SOURCES += des/cbc_enc.c
@@ -532,6 +449,7 @@ noinst_HEADERS += ec/ec_lcl.h
libcrypto_la_SOURCES += ecdh/ech_err.c libcrypto_la_SOURCES += ecdh/ech_err.c
libcrypto_la_SOURCES += ecdh/ech_key.c libcrypto_la_SOURCES += ecdh/ech_key.c
libcrypto_la_SOURCES += ecdh/ech_lib.c libcrypto_la_SOURCES += ecdh/ech_lib.c
libcrypto_la_SOURCES += ecdh/ech_ossl.c
noinst_HEADERS += ecdh/ech_locl.h noinst_HEADERS += ecdh/ech_locl.h
# ecdsa # ecdsa
@@ -555,6 +473,7 @@ libcrypto_la_SOURCES += engine/eng_lib.c
libcrypto_la_SOURCES += engine/eng_list.c libcrypto_la_SOURCES += engine/eng_list.c
libcrypto_la_SOURCES += engine/eng_openssl.c libcrypto_la_SOURCES += engine/eng_openssl.c
libcrypto_la_SOURCES += engine/eng_pkey.c libcrypto_la_SOURCES += engine/eng_pkey.c
libcrypto_la_SOURCES += engine/eng_rsax.c
libcrypto_la_SOURCES += engine/eng_table.c libcrypto_la_SOURCES += engine/eng_table.c
libcrypto_la_SOURCES += engine/tb_asnmth.c libcrypto_la_SOURCES += engine/tb_asnmth.c
libcrypto_la_SOURCES += engine/tb_cipher.c libcrypto_la_SOURCES += engine/tb_cipher.c
@@ -612,9 +531,10 @@ libcrypto_la_SOURCES += evp/m_gost2814789.c
libcrypto_la_SOURCES += evp/m_gostr341194.c libcrypto_la_SOURCES += evp/m_gostr341194.c
libcrypto_la_SOURCES += evp/m_md4.c libcrypto_la_SOURCES += evp/m_md4.c
libcrypto_la_SOURCES += evp/m_md5.c libcrypto_la_SOURCES += evp/m_md5.c
libcrypto_la_SOURCES += evp/m_md5_sha1.c libcrypto_la_SOURCES += evp/m_mdc2.c
libcrypto_la_SOURCES += evp/m_null.c libcrypto_la_SOURCES += evp/m_null.c
libcrypto_la_SOURCES += evp/m_ripemd.c libcrypto_la_SOURCES += evp/m_ripemd.c
libcrypto_la_SOURCES += evp/m_sha.c
libcrypto_la_SOURCES += evp/m_sha1.c libcrypto_la_SOURCES += evp/m_sha1.c
libcrypto_la_SOURCES += evp/m_sigver.c libcrypto_la_SOURCES += evp/m_sigver.c
libcrypto_la_SOURCES += evp/m_streebog.c libcrypto_la_SOURCES += evp/m_streebog.c
@@ -653,9 +573,6 @@ noinst_HEADERS += gost/gost.h
noinst_HEADERS += gost/gost_asn1.h noinst_HEADERS += gost/gost_asn1.h
noinst_HEADERS += gost/gost_locl.h noinst_HEADERS += gost/gost_locl.h
# hkdf
libcrypto_la_SOURCES += hkdf/hkdf.c
# hmac # hmac
libcrypto_la_SOURCES += hmac/hm_ameth.c libcrypto_la_SOURCES += hmac/hm_ameth.c
libcrypto_la_SOURCES += hmac/hm_pmeth.c libcrypto_la_SOURCES += hmac/hm_pmeth.c
@@ -669,6 +586,9 @@ libcrypto_la_SOURCES += idea/i_ofb64.c
libcrypto_la_SOURCES += idea/i_skey.c libcrypto_la_SOURCES += idea/i_skey.c
noinst_HEADERS += idea/idea_lcl.h noinst_HEADERS += idea/idea_lcl.h
# krb5
libcrypto_la_SOURCES += krb5/krb5_asn.c
# lhash # lhash
libcrypto_la_SOURCES += lhash/lh_stats.c libcrypto_la_SOURCES += lhash/lh_stats.c
libcrypto_la_SOURCES += lhash/lhash.c libcrypto_la_SOURCES += lhash/lhash.c
@@ -683,6 +603,10 @@ libcrypto_la_SOURCES += md5/md5_dgst.c
libcrypto_la_SOURCES += md5/md5_one.c libcrypto_la_SOURCES += md5/md5_one.c
noinst_HEADERS += md5/md5_locl.h noinst_HEADERS += md5/md5_locl.h
# mdc2
libcrypto_la_SOURCES += mdc2/mdc2_one.c
libcrypto_la_SOURCES += mdc2/mdc2dgst.c
# modes # modes
libcrypto_la_SOURCES += modes/cbc128.c libcrypto_la_SOURCES += modes/cbc128.c
libcrypto_la_SOURCES += modes/ccm128.c libcrypto_la_SOURCES += modes/ccm128.c
@@ -799,6 +723,7 @@ libcrypto_la_SOURCES += rsa/rsa_prn.c
libcrypto_la_SOURCES += rsa/rsa_pss.c libcrypto_la_SOURCES += rsa/rsa_pss.c
libcrypto_la_SOURCES += rsa/rsa_saos.c libcrypto_la_SOURCES += rsa/rsa_saos.c
libcrypto_la_SOURCES += rsa/rsa_sign.c libcrypto_la_SOURCES += rsa/rsa_sign.c
libcrypto_la_SOURCES += rsa/rsa_ssl.c
libcrypto_la_SOURCES += rsa/rsa_x931.c libcrypto_la_SOURCES += rsa/rsa_x931.c
noinst_HEADERS += rsa/rsa_locl.h noinst_HEADERS += rsa/rsa_locl.h
@@ -807,6 +732,8 @@ libcrypto_la_SOURCES += sha/sha1_one.c
libcrypto_la_SOURCES += sha/sha1dgst.c libcrypto_la_SOURCES += sha/sha1dgst.c
libcrypto_la_SOURCES += sha/sha256.c libcrypto_la_SOURCES += sha/sha256.c
libcrypto_la_SOURCES += sha/sha512.c libcrypto_la_SOURCES += sha/sha512.c
libcrypto_la_SOURCES += sha/sha_dgst.c
libcrypto_la_SOURCES += sha/sha_one.c
noinst_HEADERS += sha/sha_locl.h noinst_HEADERS += sha/sha_locl.h
# stack # stack
@@ -871,7 +798,6 @@ libcrypto_la_SOURCES += x509/x509spki.c
libcrypto_la_SOURCES += x509/x509type.c libcrypto_la_SOURCES += x509/x509type.c
libcrypto_la_SOURCES += x509/x_all.c libcrypto_la_SOURCES += x509/x_all.c
noinst_HEADERS += x509/x509_lcl.h noinst_HEADERS += x509/x509_lcl.h
noinst_HEADERS += x509/vpm_int.h
# x509v3 # x509v3
libcrypto_la_SOURCES += x509v3/pcy_cache.c libcrypto_la_SOURCES += x509v3/pcy_cache.c

46
crypto/Makefile.am.arc4random
View File

@@ -1,46 +0,0 @@
if !HAVE_ARC4RANDOM_BUF
libcompat_la_SOURCES += compat/arc4random.c
libcompat_la_SOURCES += compat/arc4random_uniform.c
if !HAVE_GETENTROPY
if HOST_AIX
libcompat_la_SOURCES += compat/getentropy_aix.c
endif
if HOST_FREEBSD
libcompat_la_SOURCES += compat/getentropy_freebsd.c
endif
if HOST_HPUX
libcompat_la_SOURCES += compat/getentropy_hpux.c
endif
if HOST_LINUX
libcompat_la_SOURCES += compat/getentropy_linux.c
endif
if HOST_NETBSD
libcompat_la_SOURCES += compat/getentropy_netbsd.c
endif
if HOST_DARWIN
libcompat_la_SOURCES += compat/getentropy_osx.c
endif
if HOST_SOLARIS
libcompat_la_SOURCES += compat/getentropy_solaris.c
endif
if HOST_WIN
libcompat_la_SOURCES += compat/getentropy_win.c
endif
endif
endif
noinst_HEADERS =
noinst_HEADERS += compat/arc4random.h
noinst_HEADERS += compat/arc4random_aix.h
noinst_HEADERS += compat/arc4random_freebsd.h
noinst_HEADERS += compat/arc4random_hpux.h
noinst_HEADERS += compat/arc4random_linux.h
noinst_HEADERS += compat/arc4random_netbsd.h
noinst_HEADERS += compat/arc4random_osx.h
noinst_HEADERS += compat/arc4random_solaris.h
noinst_HEADERS += compat/arc4random_win.h
noinst_HEADERS += compat/chacha_private.h

62
crypto/Makefile.am.elf-x86_64
View File

@@ -1,41 +1,41 @@
ASM_X86_64_ELF = aes/aes-elf-x86_64.S ASM_X86_64_ELF = aes/aes-elf-x86_64.s
ASM_X86_64_ELF += aes/bsaes-elf-x86_64.S ASM_X86_64_ELF += aes/bsaes-elf-x86_64.s
ASM_X86_64_ELF += aes/vpaes-elf-x86_64.S ASM_X86_64_ELF += aes/vpaes-elf-x86_64.s
ASM_X86_64_ELF += aes/aesni-elf-x86_64.S ASM_X86_64_ELF += aes/aesni-elf-x86_64.s
ASM_X86_64_ELF += aes/aesni-sha1-elf-x86_64.S ASM_X86_64_ELF += aes/aesni-sha1-elf-x86_64.s
ASM_X86_64_ELF += bn/modexp512-elf-x86_64.S ASM_X86_64_ELF += bn/modexp512-elf-x86_64.s
ASM_X86_64_ELF += bn/mont-elf-x86_64.S ASM_X86_64_ELF += bn/mont-elf-x86_64.s
ASM_X86_64_ELF += bn/mont5-elf-x86_64.S ASM_X86_64_ELF += bn/mont5-elf-x86_64.s
ASM_X86_64_ELF += bn/gf2m-elf-x86_64.S ASM_X86_64_ELF += bn/gf2m-elf-x86_64.s
ASM_X86_64_ELF += camellia/cmll-elf-x86_64.S ASM_X86_64_ELF += camellia/cmll-elf-x86_64.s
ASM_X86_64_ELF += md5/md5-elf-x86_64.S ASM_X86_64_ELF += md5/md5-elf-x86_64.s
ASM_X86_64_ELF += modes/ghash-elf-x86_64.S ASM_X86_64_ELF += modes/ghash-elf-x86_64.s
ASM_X86_64_ELF += rc4/rc4-elf-x86_64.S ASM_X86_64_ELF += rc4/rc4-elf-x86_64.s
ASM_X86_64_ELF += rc4/rc4-md5-elf-x86_64.S ASM_X86_64_ELF += rc4/rc4-md5-elf-x86_64.s
ASM_X86_64_ELF += sha/sha1-elf-x86_64.S ASM_X86_64_ELF += sha/sha1-elf-x86_64.s
ASM_X86_64_ELF += sha/sha256-elf-x86_64.S ASM_X86_64_ELF += sha/sha256-elf-x86_64.S
ASM_X86_64_ELF += sha/sha512-elf-x86_64.S ASM_X86_64_ELF += sha/sha512-elf-x86_64.S
ASM_X86_64_ELF += whrlpool/wp-elf-x86_64.S ASM_X86_64_ELF += whrlpool/wp-elf-x86_64.s
ASM_X86_64_ELF += cpuid-elf-x86_64.S ASM_X86_64_ELF += cpuid-elf-x86_64.S
EXTRA_DIST += $(ASM_X86_64_ELF) EXTRA_DIST += $(ASM_X86_64_ELF)
if HOST_ASM_ELF_X86_64 if HOST_ASM_ELF_X86_64
libcrypto_la_CPPFLAGS += -DAES_ASM libcrypto_la_CFLAGS += -DAES_ASM
libcrypto_la_CPPFLAGS += -DBSAES_ASM libcrypto_la_CFLAGS += -DBSAES_ASM
libcrypto_la_CPPFLAGS += -DVPAES_ASM libcrypto_la_CFLAGS += -DVPAES_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_IA32_SSE2 libcrypto_la_CFLAGS += -DOPENSSL_IA32_SSE2
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT5 libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT5
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_GF2m libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_GF2m
libcrypto_la_CPPFLAGS += -DMD5_ASM libcrypto_la_CFLAGS += -DMD5_ASM
libcrypto_la_CPPFLAGS += -DGHASH_ASM libcrypto_la_CFLAGS += -DGHASH_ASM
libcrypto_la_CPPFLAGS += -DRSA_ASM libcrypto_la_CFLAGS += -DRSA_ASM
libcrypto_la_CPPFLAGS += -DSHA1_ASM libcrypto_la_CFLAGS += -DSHA1_ASM
libcrypto_la_CPPFLAGS += -DSHA256_ASM libcrypto_la_CFLAGS += -DSHA256_ASM
libcrypto_la_CPPFLAGS += -DSHA512_ASM libcrypto_la_CFLAGS += -DSHA512_ASM
libcrypto_la_CPPFLAGS += -DWHIRLPOOL_ASM libcrypto_la_CFLAGS += -DWHIRLPOOL_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_CPUID_OBJ libcrypto_la_CFLAGS += -DOPENSSL_CPUID_OBJ
libcrypto_la_SOURCES += $(ASM_X86_64_ELF) libcrypto_la_SOURCES += $(ASM_X86_64_ELF)
endif endif

62
crypto/Makefile.am.macosx-x86_64
View File

@@ -1,41 +1,41 @@
ASM_X86_64_MACOSX = aes/aes-macosx-x86_64.S ASM_X86_64_MACOSX = aes/aes-macosx-x86_64.s
ASM_X86_64_MACOSX += aes/bsaes-macosx-x86_64.S ASM_X86_64_MACOSX += aes/bsaes-macosx-x86_64.s
ASM_X86_64_MACOSX += aes/vpaes-macosx-x86_64.S ASM_X86_64_MACOSX += aes/vpaes-macosx-x86_64.s
ASM_X86_64_MACOSX += aes/aesni-macosx-x86_64.S ASM_X86_64_MACOSX += aes/aesni-macosx-x86_64.s
ASM_X86_64_MACOSX += aes/aesni-sha1-macosx-x86_64.S ASM_X86_64_MACOSX += aes/aesni-sha1-macosx-x86_64.s
ASM_X86_64_MACOSX += bn/modexp512-macosx-x86_64.S ASM_X86_64_MACOSX += bn/modexp512-macosx-x86_64.s
ASM_X86_64_MACOSX += bn/mont-macosx-x86_64.S ASM_X86_64_MACOSX += bn/mont-macosx-x86_64.s
ASM_X86_64_MACOSX += bn/mont5-macosx-x86_64.S ASM_X86_64_MACOSX += bn/mont5-macosx-x86_64.s
ASM_X86_64_MACOSX += bn/gf2m-macosx-x86_64.S ASM_X86_64_MACOSX += bn/gf2m-macosx-x86_64.s
ASM_X86_64_MACOSX += camellia/cmll-macosx-x86_64.S ASM_X86_64_MACOSX += camellia/cmll-macosx-x86_64.s
ASM_X86_64_MACOSX += md5/md5-macosx-x86_64.S ASM_X86_64_MACOSX += md5/md5-macosx-x86_64.s
ASM_X86_64_MACOSX += modes/ghash-macosx-x86_64.S ASM_X86_64_MACOSX += modes/ghash-macosx-x86_64.s
ASM_X86_64_MACOSX += rc4/rc4-macosx-x86_64.S ASM_X86_64_MACOSX += rc4/rc4-macosx-x86_64.s
ASM_X86_64_MACOSX += rc4/rc4-md5-macosx-x86_64.S ASM_X86_64_MACOSX += rc4/rc4-md5-macosx-x86_64.s
ASM_X86_64_MACOSX += sha/sha1-macosx-x86_64.S ASM_X86_64_MACOSX += sha/sha1-macosx-x86_64.s
ASM_X86_64_MACOSX += sha/sha256-macosx-x86_64.S ASM_X86_64_MACOSX += sha/sha256-macosx-x86_64.S
ASM_X86_64_MACOSX += sha/sha512-macosx-x86_64.S ASM_X86_64_MACOSX += sha/sha512-macosx-x86_64.S
ASM_X86_64_MACOSX += whrlpool/wp-macosx-x86_64.S ASM_X86_64_MACOSX += whrlpool/wp-macosx-x86_64.s
ASM_X86_64_MACOSX += cpuid-macosx-x86_64.S ASM_X86_64_MACOSX += cpuid-macosx-x86_64.S
EXTRA_DIST += $(ASM_X86_64_MACOSX) EXTRA_DIST += $(ASM_X86_64_MACOSX)
if HOST_ASM_MACOSX_X86_64 if HOST_ASM_MACOSX_X86_64
libcrypto_la_CPPFLAGS += -DAES_ASM libcrypto_la_CFLAGS += -DAES_ASM
libcrypto_la_CPPFLAGS += -DBSAES_ASM libcrypto_la_CFLAGS += -DBSAES_ASM
libcrypto_la_CPPFLAGS += -DVPAES_ASM libcrypto_la_CFLAGS += -DVPAES_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_IA32_SSE2 libcrypto_la_CFLAGS += -DOPENSSL_IA32_SSE2
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT5 libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT5
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_GF2m libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_GF2m
libcrypto_la_CPPFLAGS += -DMD5_ASM libcrypto_la_CFLAGS += -DMD5_ASM
libcrypto_la_CPPFLAGS += -DGHASH_ASM libcrypto_la_CFLAGS += -DGHASH_ASM
libcrypto_la_CPPFLAGS += -DRSA_ASM libcrypto_la_CFLAGS += -DRSA_ASM
libcrypto_la_CPPFLAGS += -DSHA1_ASM libcrypto_la_CFLAGS += -DSHA1_ASM
libcrypto_la_CPPFLAGS += -DSHA256_ASM libcrypto_la_CFLAGS += -DSHA256_ASM
libcrypto_la_CPPFLAGS += -DSHA512_ASM libcrypto_la_CFLAGS += -DSHA512_ASM
libcrypto_la_CPPFLAGS += -DWHIRLPOOL_ASM libcrypto_la_CFLAGS += -DWHIRLPOOL_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_CPUID_OBJ libcrypto_la_CFLAGS += -DOPENSSL_CPUID_OBJ
libcrypto_la_SOURCES += $(ASM_X86_64_MACOSX) libcrypto_la_SOURCES += $(ASM_X86_64_MACOSX)
endif endif

5
crypto/compat/arc4random.h
View File

@@ -3,10 +3,7 @@
#include <sys/param.h> #include <sys/param.h>
#if defined(_AIX) #if defined(__FreeBSD__)
#include "arc4random_aix.h"
#elif defined(__FreeBSD__)
#include "arc4random_freebsd.h" #include "arc4random_freebsd.h"
#elif defined(__hpux) #elif defined(__hpux)

4
crypto/compat/b_win.c
View File

@@ -23,8 +23,8 @@ BIO_sock_init(void)
if (!wsa_init_done) { if (!wsa_init_done) {
if (WSAStartup(version_requested, &wsa_state) != 0) { if (WSAStartup(version_requested, &wsa_state) != 0) {
int err = WSAGetLastError(); int err = WSAGetLastError();
SYSerror(err); SYSerr(SYS_F_WSASTARTUP, err);
BIOerror(BIO_R_WSASTARTUP); BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP);
return (-1); return (-1);
} }
wsa_init_done = 1; wsa_init_done = 1;

13
crypto/compat/explicit_bzero_win.c
View File

@@ -1,13 +0,0 @@
/*
* Public domain.
* Win32 explicit_bzero compatibility shim.
*/
#include <windows.h>
#include <string.h>
void
explicit_bzero(void *buf, size_t len)
{
SecureZeroMemory(buf, len);
}

32
crypto/compat/freezero.c
View File

@@ -1,32 +0,0 @@
/*
* Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net>
* Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
* Copyright (c) 2008 Damien Miller <djm@openbsd.org>
* Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <string.h>
#include <stdlib.h>
void
freezero(void *ptr, size_t sz)
{
/* This is legal. */
if (ptr == NULL)
return;
explicit_bzero(ptr, sz);
free(ptr);
}

18
crypto/compat/getpagesize.c
View File

@@ -1,18 +0,0 @@
/* $OpenBSD$ */
#include <unistd.h>
#ifdef _MSC_VER
#include <windows.h>
#endif
int
getpagesize(void) {
#ifdef _MSC_VER
SYSTEM_INFO system_info;
GetSystemInfo(&system_info);
return system_info.dwPageSize;
#else
return sysconf(_SC_PAGESIZE);
#endif
}

17
crypto/compat/issetugid_hpux.c Normal file
View File

@@ -0,0 +1,17 @@
#include <stdio.h>
#include <unistd.h>
#include <sys/pstat.h>
/*
* HP-UX does not have issetugid().
* Use pstat_getproc() and check PS_CHANGEDPRIV bit of pst_flag. If this call
* cannot be used, assume we must be running in a privileged environment.
*/
int issetugid(void)
{
struct pst_status buf;
if (pstat_getproc(&buf, sizeof(buf), 0, getpid()) == 1 &&
!(buf.pst_flag & PS_CHANGEDPRIV))
return 0;
return 1;
}

47
crypto/compat/issetugid_linux.c Normal file
View File

@@ -0,0 +1,47 @@
/*
* issetugid implementation for Linux
* Public domain
*/
#include <errno.h>
#include <gnu/libc-version.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
/*
* Linux-specific glibc 2.16+ interface for determining if a process was
* launched setuid/setgid or with additional capabilities.
*/
#ifdef HAVE_GETAUXVAL
#include <sys/auxv.h>
#endif
int issetugid(void)
{
#ifdef HAVE_GETAUXVAL
/*
* The API for glibc < 2.19 does not indicate if there is an error with
* getauxval. While it should not be the case that any 2.6 or greater
* kernel ever does not supply AT_SECURE, an emulated software environment
* might rewrite the aux vector.
*
* See https://sourceware.org/bugzilla/show_bug.cgi?id=15846
*
* Perhaps this code should just read the aux vector itself, so we have
* backward-compatibility and error handling in older glibc versions.
* info: http://lwn.net/Articles/519085/
*
*/
const char *glcv = gnu_get_libc_version();
if (strverscmp(glcv, "2.19") >= 0) {
errno = 0;
if (getauxval(AT_SECURE) == 0) {
if (errno != ENOENT) {
return 0;
}
}
}
#endif
return 1;
}

16
crypto/compat/issetugid_osx.c Normal file
View File

@@ -0,0 +1,16 @@
/*
* issetugid implementation for OS X
* Public domain
*/
#include <unistd.h>
/*
* OS X has issetugid, but it is not fork-safe as of version 10.10.
* See this Solaris report for test code that fails similarly:
* http://mcarpenter.org/blog/2013/01/15/solaris-issetugid%282%29-bug
*/
int issetugid(void)
{
return 1;
}

26
crypto/compat/issetugid_win.c Normal file
View File

@@ -0,0 +1,26 @@
/*
* issetugid implementation for Windows
* Public domain
*/
#include <unistd.h>
/*
* Windows does not have a native setuid/setgid functionality.
* A user must enter credentials each time a process elevates its
* privileges.
*
* So, in theory, this could always return 0, given what I know currently.
* However, it makes sense to stub out initially in 'safe' mode until we
* understand more (and determine if any disabled functionality is actually
* useful on Windows anyway).
*
* Future versions of this function that are made more 'open' should thoroughly
* consider the case of this code running as a privileged service with saved
* user credentials or privilege escalations by other means (e.g. the old
* RunAsEx utility.)
*/
int issetugid(void)
{
return 1;
}

220
crypto/compat/timegm.c
View File

@@ -1,220 +0,0 @@
/*
* ----------------------------------------------------------------------
* Copyright © 2005-2014 Rich Felker, et al.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
* ----------------------------------------------------------------------
*/
#include <errno.h>
#include <limits.h>
#include <time.h>
/* 2000-03-01 (mod 400 year, immediately after feb29 */
#define LEAPOCH (946684800LL + 86400*(31+29))
#define DAYS_PER_400Y (365*400 + 97)
#define DAYS_PER_100Y (365*100 + 24)
#define DAYS_PER_4Y (365*4 + 1)
static int __month_to_secs(int month, int is_leap)
{
static const int secs_through_month[] = {
0, 31*86400, 59*86400, 90*86400,
120*86400, 151*86400, 181*86400, 212*86400,
243*86400, 273*86400, 304*86400, 334*86400 };
int t = secs_through_month[month];
if (is_leap && month >= 2) t+=86400;
return t;
}
static long long __year_to_secs(long long year, int *is_leap)
{
if (year-2ULL <= 136) {
int y = year;
int leaps = (y-68)>>2;
if (!((y-68)&3)) {
leaps--;
if (is_leap) *is_leap = 1;
} else if (is_leap) *is_leap = 0;
return 31536000*(y-70) + 86400*leaps;
}
int cycles, centuries, leaps, rem;
if (!is_leap) is_leap = &(int){0};
cycles = (year-100) / 400;
rem = (year-100) % 400;
if (rem < 0) {
cycles--;
rem += 400;
}
if (!rem) {
*is_leap = 1;
centuries = 0;
leaps = 0;
} else {
if (rem >= 200) {
if (rem >= 300) centuries = 3, rem -= 300;
else centuries = 2, rem -= 200;
} else {
if (rem >= 100) centuries = 1, rem -= 100;
else centuries = 0;
}
if (!rem) {
*is_leap = 0;
leaps = 0;
} else {
leaps = rem / 4U;
rem %= 4U;
*is_leap = !rem;
}
}
leaps += 97*cycles + 24*centuries - *is_leap;
return (year-100) * 31536000LL + leaps * 86400LL + 946684800 + 86400;
}
static long long __tm_to_secs(const struct tm *tm)
{
int is_leap;
long long year = tm->tm_year;
int month = tm->tm_mon;
if (month >= 12 || month < 0) {
int adj = month / 12;
month %= 12;
if (month < 0) {
adj--;
month += 12;
}
year += adj;
}
long long t = __year_to_secs(year, &is_leap);
t += __month_to_secs(month, is_leap);
t += 86400LL * (tm->tm_mday-1);
t += 3600LL * tm->tm_hour;
t += 60LL * tm->tm_min;
t += tm->tm_sec;
return t;
}
static int __secs_to_tm(long long t, struct tm *tm)
{
long long days, secs;
int remdays, remsecs, remyears;
int qc_cycles, c_cycles, q_cycles;
int years, months;
int wday, yday, leap;
static const char days_in_month[] = {31,30,31,30,31,31,30,31,30,31,31,29};
/* Reject time_t values whose year would overflow int */
if (t < INT_MIN * 31622400LL || t > INT_MAX * 31622400LL)
return -1;
secs = t - LEAPOCH;
days = secs / 86400;
remsecs = secs % 86400;
if (remsecs < 0) {
remsecs += 86400;
days--;
}
wday = (3+days)%7;
if (wday < 0) wday += 7;
qc_cycles = days / DAYS_PER_400Y;
remdays = days % DAYS_PER_400Y;
if (remdays < 0) {
remdays += DAYS_PER_400Y;
qc_cycles--;
}
c_cycles = remdays / DAYS_PER_100Y;
if (c_cycles == 4) c_cycles--;
remdays -= c_cycles * DAYS_PER_100Y;
q_cycles = remdays / DAYS_PER_4Y;
if (q_cycles == 25) q_cycles--;
remdays -= q_cycles * DAYS_PER_4Y;
remyears = remdays / 365;
if (remyears == 4) remyears--;
remdays -= remyears * 365;
leap = !remyears && (q_cycles || !c_cycles);
yday = remdays + 31 + 28 + leap;
if (yday >= 365+leap) yday -= 365+leap;
years = remyears + 4*q_cycles + 100*c_cycles + 400*qc_cycles;
for (months=0; days_in_month[months] <= remdays; months++)
remdays -= days_in_month[months];
if (years+100 > INT_MAX || years+100 < INT_MIN)
return -1;
tm->tm_year = years + 100;
tm->tm_mon = months + 2;
if (tm->tm_mon >= 12) {
tm->tm_mon -=12;
tm->tm_year++;
}
tm->tm_mday = remdays + 1;
tm->tm_wday = wday;
tm->tm_yday = yday;
tm->tm_hour = remsecs / 3600;
tm->tm_min = remsecs / 60 % 60;
tm->tm_sec = remsecs % 60;
return 0;
}
#ifdef _WIN32
struct tm *__gmtime_r(const time_t *t, struct tm *tm)
{
if (__secs_to_tm(*t, tm) < 0) {
errno = EOVERFLOW;
return 0;
}
tm->tm_isdst = 0;
return tm;
}
#endif
time_t timegm(struct tm *tm)
{
struct tm new;
long long t = __tm_to_secs(tm);
if (__secs_to_tm(t, &new) < 0) {
errno = EOVERFLOW;
return -1;
}
#if SIZEOF_TIME_T != 8
if (t > (long long)INT_MAX || t < (long long)INT_MIN) {
errno = EOVERFLOW;
return -1;
}
#endif
*tm = new;
tm->tm_isdst = 0;
return t;
}

26
crypto/compat/ui_openssl_win.c
View File

@@ -133,7 +133,6 @@
/* Define globals. They are protected by a lock */ /* Define globals. They are protected by a lock */
static void (*savsig[NX509_SIG])(int ); static void (*savsig[NX509_SIG])(int );
DWORD console_mode;
static FILE *tty_in, *tty_out; static FILE *tty_in, *tty_out;
static int is_a_tty; static int is_a_tty;
@@ -286,7 +285,7 @@ error:
if (ps >= 1) if (ps >= 1)
popsig(); popsig();
explicit_bzero(result, BUFSIZ); OPENSSL_cleanse(result, BUFSIZ);
return ok; return ok;
} }
@@ -301,25 +300,16 @@ open_console(UI *ui)
tty_in = stdin; tty_in = stdin;
tty_out = stderr; tty_out = stderr;
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
if (handle != NULL && handle != INVALID_HANDLE_VALUE) {
if (GetFileType(handle) == FILE_TYPE_CHAR)
return GetConsoleMode(handle, &console_mode);
else
return 1; return 1;
} }
return 0;
}
static int static int
noecho_console(UI *ui) noecho_console(UI *ui)
{ {
DWORD mode = 0;
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE); HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
if (handle != NULL && handle != INVALID_HANDLE_VALUE) { if (handle != INVALID_HANDLE_VALUE && handle != handle) {
if (GetFileType(handle) == FILE_TYPE_CHAR) return GetConsoleMode(handle, &mode) && SetConsoleMode(handle, mode & (~ENABLE_ECHO_INPUT));
return SetConsoleMode(handle, console_mode & ~ENABLE_ECHO_INPUT);
else
return 1;
} }
return 0; return 0;
} }
@@ -327,12 +317,10 @@ noecho_console(UI *ui)
static int static int
echo_console(UI *ui) echo_console(UI *ui)
{ {
DWORD mode = 0;
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE); HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
if (handle != NULL && handle != INVALID_HANDLE_VALUE) { if (handle != INVALID_HANDLE_VALUE && handle != handle) {
if (GetFileType(handle) == FILE_TYPE_CHAR) return GetConsoleMode(handle, &mode) && SetConsoleMode(handle, mode | ENABLE_ECHO_INPUT);
return SetConsoleMode(handle, console_mode);
else
return 1;
} }
return 0; return 0;
} }

13
dist-win.sh
View File

@@ -22,18 +22,27 @@ for ARCH in X86 X64; do
echo Building for $HOST echo Building for $HOST
CC=$HOST-gcc ./configure --host=$HOST --with-openssldir=c:/libressl/ssl CC=$HOST-gcc ./configure --host=$HOST --enable-libtls
make clean make clean
PATH=$PATH:/usr/$HOST/sys-root/mingw/bin \ PATH=$PATH:/usr/$HOST/sys-root/mingw/bin \
make -j 4 check make -j 4 check
make -j 4 install DESTDIR=`pwd`/stage-$ARCHDIR make -j 4 install DESTDIR=`pwd`/stage-$ARCHDIR
mkdir -p $DIST/$ARCHDIR mkdir -p $DIST/$ARCHDIR
#cp -a stage-$ARCHDIR/usr/local/lib/* $DIST/$ARCHDIR
if [ ! -e $DIST/include ]; then if [ ! -e $DIST/include ]; then
cp -r stage-$ARCHDIR/usr/local/include $DIST cp -a stage-$ARCHDIR/usr/local/include $DIST
sed -i -e 'N;/\n.*__non/s/"\? *\n/ /;P;D' \
$DIST/include/openssl/*.h $DIST/include/*.h
sed -i -e 'N;/\n.*__attr/s/"\? *\n/ /;P;D' \
$DIST/include/openssl/*.h $DIST/include/*.h
sed -i -e "s/__attr.*;/;/" \
-e "s/sys\/time.h/winsock2.h/" \
$DIST/include/openssl/*.h $DIST/include/*.h
fi fi
cp stage-$ARCHDIR/usr/local/bin/* $DIST/$ARCHDIR cp stage-$ARCHDIR/usr/local/bin/* $DIST/$ARCHDIR
#cp /usr/$HOST/sys-root/mingw/bin/libssp* $DIST/$ARCHDIR
for i in libcrypto libssl libtls; do for i in libcrypto libssl libtls; do
DLL=$(basename `ls -1 $DIST/$ARCHDIR/$i*.dll`|cut -d. -f1) DLL=$(basename `ls -1 $DIST/$ARCHDIR/$i*.dll`|cut -d. -f1)

6
dist.sh
View File

@@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
set -e set -e
rm -f man/*.[35] include/openssl/*.h rm -f man/*.1 man/*.3
./autogen.sh ./autogen.sh
./configure ./configure --enable-libtls
make -j2 distcheck make distcheck

10
gen-coverage-report.sh
View File

@@ -20,7 +20,7 @@ find -name '*.gcda' -o -name '*.gcno' -delete
rm -fr $DESTDIR rm -fr $DESTDIR
echo "Configuring to build with code coverage support" echo "Configuring to build with code coverage support"
./configure CFLAGS='-O0 -fprofile-arcs -ftest-coverage' ./configure --enable-libtls CFLAGS='-O0 -fprofile-arcs -ftest-coverage'
echo "Running all code paths" echo "Running all code paths"
make clean make clean
@@ -29,15 +29,9 @@ make check
echo "Generating report" echo "Generating report"
mkdir -p $DESTDIR mkdir -p $DESTDIR
find tests -name '*.gcda' -o -name '*.gcno' -delete find tests -name '*.gcda' -o -name '*.gcno' -delete
lcov --capture --output-file $DESTDIR/coverage.tmp \ lcov --directory . --capture --output-file $DESTDIR/coverage.tmp \
--rc lcov_branch_coverage=1 \
--directory crypto \
--directory ssl \
--directory tls \
--test-name "LibreSSL $VERSION" --test-name "LibreSSL $VERSION"
genhtml --prefix . --output-directory $DESTDIR \ genhtml --prefix . --output-directory $DESTDIR \
--branch-coverage --function-coverage \
--rc lcov_branch_coverage=1 \
--title "LibreSSL $VERSION" --legend --show-detail $DESTDIR/coverage.tmp --title "LibreSSL $VERSION" --legend --show-detail $DESTDIR/coverage.tmp
echo "Code coverage report is available under $DESTDIR" echo "Code coverage report is available under $DESTDIR"

20
gen-openbsd-tags.sh
View File

@@ -1,20 +0,0 @@
#!/bin/sh
set -e
for tag in `git tag`; do
branch=master
if [[ $tag = v2.0* ]]; then
branch=OPENBSD_5_6
elif [[ $tag = v2.1* ]]; then
branch=OPENBSD_5_7
elif [[ $tag = v2.2* ]]; then
branch=OPENBSD_5_8
elif [[ $tag = v2.3* ]]; then
branch=OPENBSD_5_9
fi
# adjust for 9 hour timezone delta between trees
release_ts=$((`git show -s --format=%ct $tag|tail -n1` + 32400))
commit=`git -C openbsd rev-list -n 1 --before=$release_ts $branch`
git -C openbsd tag -f libressl-$tag $commit
echo Tagged $tag as $commit in openbsd
done

8
include/CMakeLists.txt
View File

@@ -1,8 +0,0 @@
if(ENABLE_LIBRESSL_INSTALL)
install(DIRECTORY .
DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
PATTERN "CMakeLists.txt" EXCLUDE
PATTERN "compat" EXCLUDE
PATTERN "pqueue.h" EXCLUDE
PATTERN "Makefile*" EXCLUDE)
endif(ENABLE_LIBRESSL_INSTALL)

56
include/Makefile.am
View File

@@ -1,43 +1,33 @@
include $(top_srcdir)/Makefile.am.common include $(top_srcdir)/Makefile.am.common
EXTRA_DIST = CMakeLists.txt
SUBDIRS = openssl SUBDIRS = openssl
noinst_HEADERS = pqueue.h noinst_HEADERS = err.h
noinst_HEADERS += compat/dirent.h noinst_HEADERS += netdb.h
noinst_HEADERS += compat/dirent_msvc.h noinst_HEADERS += poll.h
noinst_HEADERS += compat/err.h noinst_HEADERS += pqueue.h
noinst_HEADERS += compat/fcntl.h noinst_HEADERS += stdio.h
noinst_HEADERS += compat/limits.h noinst_HEADERS += stdlib.h
noinst_HEADERS += compat/netdb.h noinst_HEADERS += string.h
noinst_HEADERS += compat/poll.h noinst_HEADERS += syslog.h
noinst_HEADERS += compat/readpassphrase.h noinst_HEADERS += unistd.h
noinst_HEADERS += compat/resolv.h noinst_HEADERS += win32netcompat.h
noinst_HEADERS += compat/stdio.h
noinst_HEADERS += compat/stdlib.h
noinst_HEADERS += compat/string.h
noinst_HEADERS += compat/time.h
noinst_HEADERS += compat/unistd.h
noinst_HEADERS += compat/win32netcompat.h
noinst_HEADERS += compat/arpa/inet.h noinst_HEADERS += arpa/inet.h
noinst_HEADERS += compat/arpa/nameser.h
noinst_HEADERS += compat/machine/endian.h noinst_HEADERS += machine/endian.h
noinst_HEADERS += compat/netinet/in.h noinst_HEADERS += netinet/in.h
noinst_HEADERS += compat/netinet/ip.h noinst_HEADERS += netinet/tcp.h
noinst_HEADERS += compat/netinet/tcp.h
noinst_HEADERS += compat/sys/ioctl.h noinst_HEADERS += sys/ioctl.h
noinst_HEADERS += compat/sys/mman.h noinst_HEADERS += sys/mman.h
noinst_HEADERS += compat/sys/param.h noinst_HEADERS += sys/select.h
noinst_HEADERS += compat/sys/select.h noinst_HEADERS += sys/socket.h
noinst_HEADERS += compat/sys/socket.h noinst_HEADERS += sys/times.h
noinst_HEADERS += compat/sys/stat.h noinst_HEADERS += sys/types.h
noinst_HEADERS += compat/sys/time.h noinst_HEADERS += sys/uio.h
noinst_HEADERS += compat/sys/types.h
noinst_HEADERS += compat/sys/uio.h
if ENABLE_LIBTLS
include_HEADERS = tls.h include_HEADERS = tls.h
endif

10
include/arpa/inet.h Normal file
View File

@@ -0,0 +1,10 @@
/*
* Public domain
* arpa/inet.h compatibility shim
*/
#ifndef _WIN32
#include_next <arpa/inet.h>
#else
#include <win32netcompat.h>
#endif

23
include/compat/arpa/inet.h
View File

@@ -1,23 +0,0 @@
/*
* Public domain
* arpa/inet.h compatibility shim
*/
#ifndef _WIN32
#include_next <arpa/inet.h>
#else
#include <win32netcompat.h>
#ifndef AI_ADDRCONFIG
#define AI_ADDRCONFIG 0x00000400
#endif
#endif
#ifndef HAVE_INET_NTOP
const char * inet_ntop(int af, const void *src, char *dst, socklen_t size);
#endif
#ifndef HAVE_INET_PTON
int inet_pton(int af, const char * src, void * dst);
#endif

23
include/compat/arpa/nameser.h
View File

@@ -1,23 +0,0 @@
/*
* Public domain
* arpa/inet.h compatibility shim
*/
#ifndef _WIN32
#include_next <arpa/nameser.h>
#else
#include <win32netcompat.h>
#ifndef INADDRSZ
#define INADDRSZ 4
#endif
#ifndef IN6ADDRSZ
#define IN6ADDRSZ 16
#endif
#ifndef INT16SZ
#define INT16SZ 2
#endif
#endif

17
include/compat/dirent.h
View File

@@ -1,17 +0,0 @@
/*
* Public domain
* dirent.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_DIRENT_H
#define LIBCRYPTOCOMPAT_DIRENT_H
#ifdef _MSC_VER
#include <windows.h>
#include <dirent_msvc.h>
#else
#include_next <dirent.h>
#endif
#endif

611
include/compat/dirent_msvc.h
View File

@@ -1,611 +0,0 @@
/*
* dirent.h - dirent API for Microsoft Visual Studio
*
* Copyright (C) 2006-2012 Toni Ronkko
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* ``Software''), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL TONI RONKKO BE LIABLE FOR ANY CLAIM, DAMAGES OR
* OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*
* $Id: dirent.h,v 1.20 2014/03/19 17:52:23 tronkko Exp $
*/
#ifndef DIRENT_MSVC_H
#define DIRENT_MSVC_H
#include <windows.h>
#if _MSC_VER >= 1900
#include <../ucrt/stdio.h>
#include <../ucrt/wchar.h>
#include <../ucrt/string.h>
#include <../ucrt/stdlib.h>
#include <../ucrt/sys/types.h>
#include <../ucrt/errno.h>
#else
#include <../include/stdio.h>
#include <../include/wchar.h>
#include <../include/string.h>
#include <../include/stdlib.h>
#include <../include/sys/types.h>
#include <../include/errno.h>
#endif
#include <stdarg.h>
#include <sys/stat.h>
/* Indicates that d_type field is available in dirent structure */
#define _DIRENT_HAVE_D_TYPE
/* Indicates that d_namlen field is available in dirent structure */
#define _DIRENT_HAVE_D_NAMLEN
/* Maximum length of file name */
#if !defined(PATH_MAX)
# define PATH_MAX MAX_PATH
#endif
#if !defined(FILENAME_MAX)
# define FILENAME_MAX MAX_PATH
#endif
#if !defined(NAME_MAX)
# define NAME_MAX FILENAME_MAX
#endif
/* Return the exact length of d_namlen without zero terminator */
#define _D_EXACT_NAMLEN(p)((p)->d_namlen)
/* Return number of bytes needed to store d_namlen */
#define _D_ALLOC_NAMLEN(p)(PATH_MAX)
/* Wide-character version */
struct _wdirent {
long d_ino; /* Always zero */
unsigned short d_reclen; /* Structure size */
size_t d_namlen; /* Length of name without \0 */
int d_type; /* File type */
wchar_t d_name[PATH_MAX]; /* File name */
};
typedef struct _wdirent _wdirent;
struct _WDIR {
struct _wdirent ent; /* Current directory entry */
WIN32_FIND_DATAW data; /* Private file data */
int cached; /* True if data is valid */
HANDLE handle; /* Win32 search handle */
wchar_t *patt; /* Initial directory name */
};
typedef struct _WDIR _WDIR;
static _WDIR *_wopendir(const wchar_t *dirname);
static struct _wdirent *_wreaddir(_WDIR *dirp);
static int _wclosedir(_WDIR *dirp);
static void _wrewinddir(_WDIR* dirp);
/* Multi-byte character versions */
struct dirent {
long d_ino; /* Always zero */
unsigned short d_reclen; /* Structure size */
size_t d_namlen; /* Length of name without \0 */
int d_type; /* File type */
char d_name[PATH_MAX]; /* File name */
};
typedef struct dirent dirent;
struct DIR {
struct dirent ent;
struct _WDIR *wdirp;
};
typedef struct DIR DIR;
static DIR *opendir(const char *dirname);
static struct dirent *readdir(DIR *dirp);
static int closedir(DIR *dirp);
static void rewinddir(DIR* dirp);
/* Internal utility functions */
static WIN32_FIND_DATAW *dirent_first(_WDIR *dirp);
static WIN32_FIND_DATAW *dirent_next(_WDIR *dirp);
static int dirent_mbstowcs_s(
size_t *pReturnValue,
wchar_t *wcstr,
size_t sizeInWords,
const char *mbstr,
size_t count);
static int dirent_wcstombs_s(
size_t *pReturnValue,
char *mbstr,
size_t sizeInBytes,
const wchar_t *wcstr,
size_t count);
/*
* Open directory stream DIRNAME for read and return a pointer to the
* internal working area that is used to retrieve individual directory
* entries.
*/
static _WDIR*
_wopendir(const wchar_t *dirname)
{
_WDIR *dirp = NULL;
int error;
/* Must have directory name */
if (dirname == NULL || dirname[0] == '\0') {
_set_errno(ENOENT);
return NULL;
}
/* Allocate new _WDIR structure */
dirp =(_WDIR*) malloc(sizeof(struct _WDIR));
if (dirp != NULL) {
DWORD n;
/* Reset _WDIR structure */
dirp->handle = INVALID_HANDLE_VALUE;
dirp->patt = NULL;
dirp->cached = 0;
/* Compute the length of full path plus zero terminator */
n = GetFullPathNameW(dirname, 0, NULL, NULL);
/* Allocate room for absolute directory name and search pattern */
dirp->patt =(wchar_t*) malloc(sizeof(wchar_t) * n + 16);
if (dirp->patt) {
/*
* Convert relative directory name to an absolute one. This
* allows rewinddir() to function correctly even when current
* working directory is changed between opendir() and rewinddir().
*/
n = GetFullPathNameW(dirname, n, dirp->patt, NULL);
if (n > 0) {
wchar_t *p;
/* Append search pattern \* to the directory name */
p = dirp->patt + n;
if (dirp->patt < p) {
switch(p[-1]) {
case '\\':
case '/':
case ':':
/* Directory ends in path separator, e.g. c:\temp\ */
/*NOP*/;
break;
default:
/* Directory name doesn't end in path separator */
*p++ = '\\';
}
}
*p++ = '*';
*p = '\0';
/* Open directory stream and retrieve the first entry */
if (dirent_first(dirp)) {
/* Directory stream opened successfully */
error = 0;
} else {
/* Cannot retrieve first entry */
error = 1;
_set_errno(ENOENT);
}
} else {
/* Cannot retrieve full path name */
_set_errno(ENOENT);
error = 1;
}
} else {
/* Cannot allocate memory for search pattern */
error = 1;
}
} else {
/* Cannot allocate _WDIR structure */
error = 1;
}
/* Clean up in case of error */
if (error && dirp) {
_wclosedir(dirp);
dirp = NULL;
}
return dirp;
}
/*
* Read next directory entry. The directory entry is returned in dirent
* structure in the d_name field. Individual directory entries returned by
* this function include regular files, sub-directories, pseudo-directories
* "." and ".." as well as volume labels, hidden files and system files.
*/
static struct _wdirent*
_wreaddir(_WDIR *dirp)
{
WIN32_FIND_DATAW *datap;
struct _wdirent *entp;
/* Read next directory entry */
datap = dirent_next(dirp);
if (datap) {
size_t n;
DWORD attr;
/* Pointer to directory entry to return */
entp = &dirp->ent;
/*
* Copy file name as wide-character string. If the file name is too
* long to fit in to the destination buffer, then truncate file name
* to PATH_MAX characters and zero-terminate the buffer.
*/
n = 0;
while(n + 1 < PATH_MAX && datap->cFileName[n] != 0) {
entp->d_name[n] = datap->cFileName[n];
n++;
}
dirp->ent.d_name[n] = 0;
/* Length of file name excluding zero terminator */
entp->d_namlen = n;
/* File type */
attr = datap->dwFileAttributes;
if ((attr & FILE_ATTRIBUTE_DEVICE) != 0) {
entp->d_type = DT_CHR;
} else if ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0) {
entp->d_type = DT_DIR;
} else {
entp->d_type = DT_REG;
}
/* Reset dummy fields */
entp->d_ino = 0;
entp->d_reclen = sizeof(struct _wdirent);
} else {
/* Last directory entry read */
entp = NULL;
}
return entp;
}
/*
* Close directory stream opened by opendir() function. This invalidates the
* DIR structure as well as any directory entry read previously by
* _wreaddir().
*/
static int
_wclosedir(_WDIR *dirp)
{
int ok;
if (dirp) {
/* Release search handle */
if (dirp->handle != INVALID_HANDLE_VALUE) {
FindClose(dirp->handle);
dirp->handle = INVALID_HANDLE_VALUE;
}
/* Release search pattern */
if (dirp->patt) {
free(dirp->patt);
dirp->patt = NULL;
}
/* Release directory structure */
free(dirp);
ok = /*success*/0;
} else {
/* Invalid directory stream */
_set_errno(EBADF);
ok = /*failure*/-1;
}
return ok;
}
/*
* Rewind directory stream such that _wreaddir() returns the very first
* file name again.
*/
static void
_wrewinddir(_WDIR* dirp)
{
if (dirp) {
/* Release existing search handle */
if (dirp->handle != INVALID_HANDLE_VALUE) {
FindClose(dirp->handle);
}
/* Open new search handle */
dirent_first(dirp);
}
}
/* Get first directory entry(internal) */
static WIN32_FIND_DATAW*
dirent_first(_WDIR *dirp)
{
WIN32_FIND_DATAW *datap;
/* Open directory and retrieve the first entry */
dirp->handle = FindFirstFileW(dirp->patt, &dirp->data);
if (dirp->handle != INVALID_HANDLE_VALUE) {
/* a directory entry is now waiting in memory */
datap = &dirp->data;
dirp->cached = 1;
} else {
/* Failed to re-open directory: no directory entry in memory */
dirp->cached = 0;
datap = NULL;
}
return datap;
}
/* Get next directory entry(internal) */
static WIN32_FIND_DATAW*
dirent_next(_WDIR *dirp)
{
WIN32_FIND_DATAW *p;
/* Get next directory entry */
if (dirp->cached != 0) {
/* A valid directory entry already in memory */
p = &dirp->data;
dirp->cached = 0;
} else if (dirp->handle != INVALID_HANDLE_VALUE) {
/* Get the next directory entry from stream */
if (FindNextFileW(dirp->handle, &dirp->data) != FALSE) {
/* Got a file */
p = &dirp->data;
} else {
/* The very last entry has been processed or an error occured */
FindClose(dirp->handle);
dirp->handle = INVALID_HANDLE_VALUE;
p = NULL;
}
} else {
/* End of directory stream reached */
p = NULL;
}
return p;
}
/*
* Open directory stream using plain old C-string.
*/
static DIR*
opendir(const char *dirname)
{
struct DIR *dirp;
int error;
/* Must have directory name */
if (dirname == NULL || dirname[0] == '\0') {
_set_errno(ENOENT);
return NULL;
}
/* Allocate memory for DIR structure */
dirp =(DIR*) malloc(sizeof(struct DIR));
if (dirp) {
wchar_t wname[PATH_MAX];
size_t n;
/* Convert directory name to wide-character string */
error = dirent_mbstowcs_s(&n, wname, PATH_MAX, dirname, PATH_MAX);
if (!error) {
/* Open directory stream using wide-character name */
dirp->wdirp = _wopendir(wname);
if (dirp->wdirp) {
/* Directory stream opened */
error = 0;
} else {
/* Failed to open directory stream */
error = 1;
}
} else {
/*
* Cannot convert file name to wide-character string. This
* occurs if the string contains invalid multi-byte sequences or
* the output buffer is too small to contain the resulting
* string.
*/
error = 1;
}
} else {
/* Cannot allocate DIR structure */
error = 1;
}
/* Clean up in case of error */
if (error && dirp) {
free(dirp);
dirp = NULL;
}
return dirp;
}
/*
* Read next directory entry.
*
* When working with text consoles, please note that file names returned by
* readdir() are represented in the default ANSI code page while any output to
* console is typically formatted on another code page. Thus, non-ASCII
* characters in file names will not usually display correctly on console. The
* problem can be fixed in two ways:(1) change the character set of console
* to 1252 using chcp utility and use Lucida Console font, or(2) use
* _cprintf function when writing to console. The _cprinf() will re-encode
* ANSI strings to the console code page so many non-ASCII characters will
* display correcly.
*/
static struct dirent*
readdir(DIR *dirp)
{
WIN32_FIND_DATAW *datap;
struct dirent *entp;
/* Read next directory entry */
datap = dirent_next(dirp->wdirp);
if (datap) {
size_t n;
int error;
/* Attempt to convert file name to multi-byte string */
error = dirent_wcstombs_s(
&n, dirp->ent.d_name, PATH_MAX, datap->cFileName, PATH_MAX);
/*
* If the file name cannot be represented by a multi-byte string,
* then attempt to use old 8+3 file name. This allows traditional
* Unix-code to access some file names despite of unicode
* characters, although file names may seem unfamiliar to the user.
*
* Be ware that the code below cannot come up with a short file
* name unless the file system provides one. At least
* VirtualBox shared folders fail to do this.
*/
if (error && datap->cAlternateFileName[0] != '\0') {
error = dirent_wcstombs_s(
&n, dirp->ent.d_name, PATH_MAX,
datap->cAlternateFileName, PATH_MAX);
}
if (!error) {
DWORD attr;
/* Initialize directory entry for return */
entp = &dirp->ent;
/* Length of file name excluding zero terminator */
entp->d_namlen = n - 1;
/* File attributes */
attr = datap->dwFileAttributes;
if ((attr & FILE_ATTRIBUTE_DEVICE) != 0) {
entp->d_type = DT_CHR;
} else if ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0) {
entp->d_type = DT_DIR;
} else {
entp->d_type = DT_REG;
}
/* Reset dummy fields */
entp->d_ino = 0;
entp->d_reclen = sizeof(struct dirent);
} else {
/*
* Cannot convert file name to multi-byte string so construct
* an errornous directory entry and return that. Note that
* we cannot return NULL as that would stop the processing
* of directory entries completely.
*/
entp = &dirp->ent;
entp->d_name[0] = '?';
entp->d_name[1] = '\0';
entp->d_namlen = 1;
entp->d_type = DT_UNKNOWN;
entp->d_ino = 0;
entp->d_reclen = 0;
}
} else {
/* No more directory entries */
entp = NULL;
}
return entp;
}
/*
* Close directory stream.
*/
static int
closedir(DIR *dirp)
{
int ok;
if (dirp) {
/* Close wide-character directory stream */
ok = _wclosedir(dirp->wdirp);
dirp->wdirp = NULL;
/* Release multi-byte character version */
free(dirp);
} else {
/* Invalid directory stream */
_set_errno(EBADF);
ok = /*failure*/-1;
}
return ok;
}
/*
* Rewind directory stream to beginning.
*/
static void
rewinddir(DIR* dirp)
{
/* Rewind wide-character string directory stream */
_wrewinddir(dirp->wdirp);
}
/* Convert multi-byte string to wide character string */
static int
dirent_mbstowcs_s(size_t *pReturnValue, wchar_t *wcstr,
size_t sizeInWords, const char *mbstr, size_t count)
{
return mbstowcs_s(pReturnValue, wcstr, sizeInWords, mbstr, count);
}
/* Convert wide-character string to multi-byte string */
static int
dirent_wcstombs_s(size_t *pReturnValue, char *mbstr,
size_t sizeInBytes, /* max size of mbstr */
const wchar_t *wcstr, size_t count)
{
return wcstombs_s(pReturnValue, mbstr, sizeInBytes, wcstr, count);
}
#endif /*DIRENT_H*/

89
include/compat/err.h
View File

@@ -1,89 +0,0 @@
/*
* Public domain
* err.h compatibility shim
*/
#ifdef HAVE_ERR_H
#include_next <err.h>
#else
#ifndef LIBCRYPTOCOMPAT_ERR_H
#define LIBCRYPTOCOMPAT_ERR_H
#include <errno.h>
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#if defined(_MSC_VER)
__declspec(noreturn)
#else
__attribute__((noreturn))
#endif
static inline void
err(int eval, const char *fmt, ...)
{
int sverrno = errno;
va_list ap;
va_start(ap, fmt);
if (fmt != NULL) {
vfprintf(stderr, fmt, ap);
fprintf(stderr, ": ");
}
va_end(ap);
fprintf(stderr, "%s\n", strerror(sverrno));
exit(eval);
}
#if defined(_MSC_VER)
__declspec(noreturn)
#else
__attribute__((noreturn))
#endif
static inline void
errx(int eval, const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
if (fmt != NULL)
vfprintf(stderr, fmt, ap);
va_end(ap);
fprintf(stderr, "\n");
exit(eval);
}
static inline void
warn(const char *fmt, ...)
{
int sverrno = errno;
va_list ap;
va_start(ap, fmt);
if (fmt != NULL) {
vfprintf(stderr, fmt, ap);
fprintf(stderr, ": ");
}
va_end(ap);
fprintf(stderr, "%s\n", strerror(sverrno));
}
static inline void
warnx(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
if (fmt != NULL)
vfprintf(stderr, fmt, ap);
va_end(ap);
fprintf(stderr, "\n");
}
#endif
#endif

32
include/compat/fcntl.h
View File

@@ -1,32 +0,0 @@
/*
* Public domain
* fcntl.h compatibility shim
*/
#ifndef _WIN32
#include_next <fcntl.h>
#else
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/fcntl.h>
#else
#include <../include/fcntl.h>
#endif
#else
#include_next <fcntl.h>
#endif
#endif
#ifndef O_NONBLOCK
#define O_NONBLOCK 0x100000
#endif
#ifndef O_CLOEXEC
#define O_CLOEXEC 0x200000
#endif
#ifndef FD_CLOEXEC
#define FD_CLOEXEC 1
#endif

25
include/compat/limits.h
View File

@@ -1,25 +0,0 @@
/*
* Public domain
* limits.h compatibility shim
*/
#ifdef _MSC_VER
#include <../include/limits.h>
#if _MSC_VER >= 1900
#include <../ucrt/stdlib.h>
#else
#include <../include/stdlib.h>
#endif
#ifndef PATH_MAX
#define PATH_MAX _MAX_PATH
#endif
#else
#include_next <limits.h>
#endif
#ifdef __hpux
#include <sys/param.h>
#ifndef PATH_MAX
#define PATH_MAX MAXPATHLEN
#endif
#endif

47
include/compat/netinet/ip.h
View File

@@ -1,47 +0,0 @@
/*
* Public domain
* netinet/ip.h compatibility shim
*/
#if defined(__hpux)
#include <netinet/in_systm.h>
#endif
#ifndef _WIN32
#include_next <netinet/ip.h>
#else
#include <win32netcompat.h>
#endif
/*
* Definitions for DiffServ Codepoints as per RFC2474
*/
#ifndef IPTOS_DSCP_CS0
#define IPTOS_DSCP_CS0 0x00
#define IPTOS_DSCP_CS1 0x20
#define IPTOS_DSCP_CS2 0x40
#define IPTOS_DSCP_CS3 0x60
#define IPTOS_DSCP_CS4 0x80
#define IPTOS_DSCP_CS5 0xa0
#define IPTOS_DSCP_CS6 0xc0
#define IPTOS_DSCP_CS7 0xe0
#endif
#ifndef IPTOS_DSCP_AF11
#define IPTOS_DSCP_AF11 0x28
#define IPTOS_DSCP_AF12 0x30
#define IPTOS_DSCP_AF13 0x38
#define IPTOS_DSCP_AF21 0x48
#define IPTOS_DSCP_AF22 0x50
#define IPTOS_DSCP_AF23 0x58
#define IPTOS_DSCP_AF31 0x68
#define IPTOS_DSCP_AF32 0x70
#define IPTOS_DSCP_AF33 0x78
#define IPTOS_DSCP_AF41 0x88
#define IPTOS_DSCP_AF42 0x90
#define IPTOS_DSCP_AF43 0x98
#endif
#ifndef IPTOS_DSCP_EF
#define IPTOS_DSCP_EF 0xb8
#endif

44
include/compat/readpassphrase.h
View File

@@ -1,44 +0,0 @@
/* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */
/*
* Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
#ifdef HAVE_READPASSPHRASE_H
#include_next <readpassphrase.h>
#else
#ifndef _READPASSPHRASE_H_
#define _READPASSPHRASE_H_
#define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */
#define RPP_ECHO_ON 0x01 /* Leave echo on. */
#define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */
#define RPP_FORCELOWER 0x04 /* Force input to lower case. */
#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */
#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */
#define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */
char * readpassphrase(const char *, char *, size_t, int);
#endif /* !_READPASSPHRASE_H_ */
#endif

24
include/compat/resolv.h
View File

@@ -1,24 +0,0 @@
/*
* Public domain
* resolv.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_RESOLV_H
#define LIBCRYPTOCOMPAT_RESOLV_H
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/resolv.h>
#else
#include <../include/resolv.h>
#endif
#else
#include_next <resolv.h>
#endif
#ifndef HAVE_B64_NTOP
int b64_ntop(unsigned char const *, size_t, char *, size_t);
int b64_pton(char const *, unsigned char *, size_t);
#endif
#endif

51
include/compat/stdio.h
View File

@@ -1,51 +0,0 @@
/*
* Public domain
* stdio.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_STDIO_H
#define LIBCRYPTOCOMPAT_STDIO_H
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/stdlib.h>
#include <../ucrt/corecrt_io.h>
#include <../ucrt/stdio.h>
#else
#include <../include/stdio.h>
#endif
#else
#include_next <stdio.h>
#endif
#ifndef HAVE_ASPRINTF
#include <stdarg.h>
int vasprintf(char **str, const char *fmt, va_list ap);
int asprintf(char **str, const char *fmt, ...);
#endif
#ifdef _WIN32
#if defined(_MSC_VER)
#define __func__ __FUNCTION__
#endif
void posix_perror(const char *s);
FILE * posix_fopen(const char *path, const char *mode);
char * posix_fgets(char *s, int size, FILE *stream);
int posix_rename(const char *oldpath, const char *newpath);
#ifndef NO_REDEF_POSIX_FUNCTIONS
#define perror(errnum) posix_perror(errnum)
#define fopen(path, mode) posix_fopen(path, mode)
#define fgets(s, size, stream) posix_fgets(s, size, stream)
#define rename(oldpath, newpath) posix_rename(oldpath, newpath)
#endif
#ifdef _MSC_VER
#define snprintf _snprintf
#endif
#endif
#endif

15
include/compat/sys/param.h
View File

@@ -1,15 +0,0 @@
/*
* Public domain
* sys/param.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_SYS_PARAM_H
#define LIBCRYPTOCOMPAT_SYS_PARAM_H
#ifdef _MSC_VER
#include <winsock2.h>
#else
#include_next <sys/param.h>
#endif
#endif

17
include/compat/sys/socket.h
View File

@@ -1,17 +0,0 @@
/*
* Public domain
* sys/socket.h compatibility shim
*/
#ifndef _WIN32
#include_next <sys/socket.h>
#else
#include <win32netcompat.h>
#endif
#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC)
#define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */
#define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */
int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]);
#define socketpair(d,t,p,sv) bsd_socketpair(d,t,p,sv)
#endif

109
include/compat/sys/stat.h
View File

@@ -1,109 +0,0 @@
/*
* Public domain
* sys/stat.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_SYS_STAT_H
#define LIBCRYPTOCOMPAT_SYS_STAT_H
#ifndef _MSC_VER
#include_next <sys/stat.h>
/* for old MinGW */
#ifndef S_IRGRP
#define S_IRGRP 0
#endif
#ifndef S_IROTH
#define S_IROTH 0
#endif
#else
#include <windows.h>
#if _MSC_VER >= 1900
#include <../ucrt/sys/stat.h>
#else
#include <../include/sys/stat.h>
#endif
/* File type and permission flags for stat() */
#if !defined(S_IFMT)
# define S_IFMT _S_IFMT /* File type mask */
#endif
#if !defined(S_IFDIR)
# define S_IFDIR _S_IFDIR /* Directory */
#endif
#if !defined(S_IFCHR)
# define S_IFCHR _S_IFCHR /* Character device */
#endif
#if !defined(S_IFFIFO)
# define S_IFFIFO _S_IFFIFO /* Pipe */
#endif
#if !defined(S_IFREG)
# define S_IFREG _S_IFREG /* Regular file */
#endif
#if !defined(S_IREAD)
# define S_IREAD _S_IREAD /* Read permission */
#endif
#if !defined(S_IWRITE)
# define S_IWRITE _S_IWRITE /* Write permission */
#endif
#if !defined(S_IEXEC)
# define S_IEXEC _S_IEXEC /* Execute permission */
#endif
#if !defined(S_IFIFO)
# define S_IFIFO _S_IFIFO /* Pipe */
#endif
#if !defined(S_IFBLK)
# define S_IFBLK 0 /* Block device */
#endif
#if !defined(S_IFLNK)
# define S_IFLNK 0 /* Link */
#endif
#if !defined(S_IFSOCK)
# define S_IFSOCK 0 /* Socket */
#endif
#if defined(_MSC_VER)
# define S_IRUSR S_IREAD /* Read user */
# define S_IWUSR S_IWRITE /* Write user */
# define S_IXUSR 0 /* Execute user */
# define S_IRGRP 0 /* Read group */
# define S_IWGRP 0 /* Write group */
# define S_IXGRP 0 /* Execute group */
# define S_IROTH 0 /* Read others */
# define S_IWOTH 0 /* Write others */
# define S_IXOTH 0 /* Execute others */
#endif
/* File type flags for d_type */
#define DT_UNKNOWN 0
#define DT_REG S_IFREG
#define DT_DIR S_IFDIR
#define DT_FIFO S_IFIFO
#define DT_SOCK S_IFSOCK
#define DT_CHR S_IFCHR
#define DT_BLK S_IFBLK
#define DT_LNK S_IFLNK
/* Macros for converting between st_mode and d_type */
#define IFTODT(mode) ((mode) & S_IFMT)
#define DTTOIF(type) (type)
/*
* File type macros. Note that block devices, sockets and links cannot be
* distinguished on Windows and the macros S_ISBLK, S_ISSOCK and S_ISLNK are
* only defined for compatibility. These macros should always return false
* on Windows.
*/
#define S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO)
#define S_ISDIR(mode) (((mode) & S_IFMT) == S_IFDIR)
#define S_ISREG(mode) (((mode) & S_IFMT) == S_IFREG)
#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK)
#define S_ISSOCK(mode) (((mode) & S_IFMT) == S_IFSOCK)
#define S_ISCHR(mode) (((mode) & S_IFMT) == S_IFCHR)
#define S_ISBLK(mode) (((mode) & S_IFMT) == S_IFBLK)
#endif
#endif

32
include/compat/sys/time.h
View File

@@ -1,32 +0,0 @@
/*
* Public domain
* sys/time.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_SYS_TIME_H
#define LIBCRYPTOCOMPAT_SYS_TIME_H
#ifdef _MSC_VER
#include <winsock2.h>
int gettimeofday(struct timeval *tp, void *tzp);
#else
#include_next <sys/time.h>
#endif
#ifndef CLOCK_MONOTONIC
#define CLOCK_MONOTONIC CLOCK_REALTIME
#endif
#ifndef timersub
#define timersub(tvp, uvp, vvp) \
do { \
(vvp)->tv_sec = (tvp)->tv_sec - (uvp)->tv_sec; \
(vvp)->tv_usec = (tvp)->tv_usec - (uvp)->tv_usec; \
if ((vvp)->tv_usec < 0) { \
(vvp)->tv_sec--; \
(vvp)->tv_usec += 1000000; \
} \
} while (0)
#endif
#endif

70
include/compat/sys/types.h
View File

@@ -1,70 +0,0 @@
/*
* Public domain
* sys/types.h compatibility shim
*/
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/sys/types.h>
#else
#include <../include/sys/types.h>
#endif
#else
#include_next <sys/types.h>
#endif
#ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H
#define LIBCRYPTOCOMPAT_SYS_TYPES_H
#include <stdint.h>
#ifdef __MINGW32__
#include <_bsd_types.h>
typedef uint32_t in_addr_t;
#endif
#ifdef _MSC_VER
typedef unsigned char u_char;
typedef unsigned short u_short;
typedef unsigned int u_int;
typedef uint32_t in_addr_t;
#include <basetsd.h>
typedef SSIZE_T ssize_t;
#ifndef SSIZE_MAX
#ifdef _WIN64
#define SSIZE_MAX _I64_MAX
#else
#define SSIZE_MAX INT_MAX
#endif
#endif
#endif
#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
# define __bounded__(x, y, z)
#endif
#ifdef _WIN32
#define __warn_references(sym,msg)
#else
#ifndef __warn_references
#ifndef __STRING
#define __STRING(x) #x
#endif
#if defined(__GNUC__) && defined (HAS_GNU_WARNING_LONG)
#define __warn_references(sym,msg) \
__asm__(".section .gnu.warning." __STRING(sym) \
" ; .ascii \"" msg "\" ; .text");
#else
#define __warn_references(sym,msg)
#endif
#endif /* __warn_references */
#endif /* _WIN32 */
#endif

35
include/compat/time.h
View File

@@ -1,35 +0,0 @@
/*
* Public domain
* sys/time.h compatibility shim
*/
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/time.h>
#else
#include <../include/time.h>
#endif
#else
#include_next <time.h>
#endif
#ifdef _WIN32
struct tm *__gmtime_r(const time_t * t, struct tm * tm);
#define gmtime_r(tp, tm) __gmtime_r(tp, tm)
#endif
#ifndef HAVE_TIMEGM
time_t timegm(struct tm *tm);
#endif
#ifndef timespecsub
#define timespecsub(tsp, usp, vsp) \
do { \
(vsp)->tv_sec = (tsp)->tv_sec - (usp)->tv_sec; \
(vsp)->tv_nsec = (tsp)->tv_nsec - (usp)->tv_nsec; \
if ((vsp)->tv_nsec < 0) { \
(vsp)->tv_sec--; \
(vsp)->tv_nsec += 1000000000L; \
} \
} while (0)
#endif

52
include/compat/unistd.h
View File

@@ -1,52 +0,0 @@
/*
* Public domain
* unistd.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_UNISTD_H
#define LIBCRYPTOCOMPAT_UNISTD_H
#ifndef _MSC_VER
#include_next <unistd.h>
#else
#include <stdlib.h>
#include <io.h>
#include <process.h>
#define STDOUT_FILENO 1
#define STDERR_FILENO 2
#define R_OK 4
#define W_OK 2
#define X_OK 0
#define F_OK 0
#define access _access
unsigned int sleep(unsigned int seconds);
#endif
#ifndef HAVE_GETENTROPY
int getentropy(void *buf, size_t buflen);
#else
/*
* Solaris 11.3 adds getentropy(2), but defines the function in sys/random.h
*/
#if defined(__sun)
#include <sys/random.h>
#endif
#endif
#ifndef HAVE_GETPAGESIZE
int getpagesize(void);
#endif
#define pledge(request, paths) 0
#ifndef HAVE_PIPE2
int pipe2(int fildes[2], int flags);
#endif
#endif

57
include/compat/win32netcompat.h
View File

@@ -1,57 +0,0 @@
/*
* Public domain
*
* BSD socket emulation code for Winsock2
* Brent Cook <bcook@openbsd.org>
*/
#ifndef LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
#define LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
#ifdef _WIN32
#include <ws2tcpip.h>
#include <errno.h>
#include <unistd.h>
#ifndef SHUT_RDWR
#define SHUT_RDWR SD_BOTH
#endif
#ifndef SHUT_RD
#define SHUT_RD SD_RECEIVE
#endif
#ifndef SHUT_WR
#define SHUT_WR SD_SEND
#endif
int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
int posix_open(const char *path, ...);
int posix_close(int fd);
ssize_t posix_read(int fd, void *buf, size_t count);
ssize_t posix_write(int fd, const void *buf, size_t count);
int posix_getsockopt(int sockfd, int level, int optname,
void *optval, socklen_t *optlen);
int posix_setsockopt(int sockfd, int level, int optname,
const void *optval, socklen_t optlen);
#ifndef NO_REDEF_POSIX_FUNCTIONS
#define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen)
#define open(path, ...) posix_open(path, __VA_ARGS__)
#define close(fd) posix_close(fd)
#define read(fd, buf, count) posix_read(fd, buf, count)
#define write(fd, buf, count) posix_write(fd, buf, count)
#define getsockopt(sockfd, level, optname, optval, optlen) \
posix_getsockopt(sockfd, level, optname, optval, optlen)
#define setsockopt(sockfd, level, optname, optval, optlen) \
posix_setsockopt(sockfd, level, optname, optval, optlen)
#endif
#endif
#endif

33
include/err.h Normal file
View File

@@ -0,0 +1,33 @@
/*
* Public domain
* err.h compatibility shim
*/
#ifdef HAVE_ERR_H
#include_next <err.h>
#else
#ifndef LIBCRYPTOCOMPAT_ERR_H
#define LIBCRYPTOCOMPAT_ERR_H
#include <errno.h>
#include <stdio.h>
#include <string.h>
#define err(exitcode, format, args...) \
errx(exitcode, format ": %s", ## args, strerror(errno))
#define errx(exitcode, format, args...) \
do { warnx(format, ## args); exit(exitcode); } while (0)
#define warn(format, args...) \
warnx(format ": %s", ## args, strerror(errno))
#define warnx(format, args...) \
fprintf(stderr, format "\n", ## args)
#endif
#endif

0
include/compat/machine/endian.h → include/machine/endian.h
View File

0
include/compat/netdb.h → include/netdb.h
View File

0
include/compat/netinet/in.h → include/netinet/in.h
View File

0
include/compat/netinet/tcp.h → include/netinet/tcp.h
View File

2
include/compat/poll.h → include/poll.h
View File

@@ -14,7 +14,7 @@
#ifndef LIBCRYPTOCOMPAT_POLL_H #ifndef LIBCRYPTOCOMPAT_POLL_H
#define LIBCRYPTOCOMPAT_POLL_H #define LIBCRYPTOCOMPAT_POLL_H
#ifndef _WIN32 #ifdef HAVE_POLL
#include_next <poll.h> #include_next <poll.h>
#else #else

30
include/stdio.h Normal file
View File

@@ -0,0 +1,30 @@
/*
* Public domain
* stdio.h compatibility shim
*/
#include_next <stdio.h>
#ifndef LIBCRYPTOCOMPAT_STDIO_H
#define LIBCRYPTOCOMPAT_STDIO_H
#ifndef HAVE_ASPRINTF
#include <stdarg.h>
int vasprintf(char **str, const char *fmt, va_list ap);
int asprintf(char **str, const char *fmt, ...);
#endif
#ifdef _WIN32
#include <errno.h>
#include <string.h>
static inline void
posix_perror(const char *s)
{
fprintf(stderr, "%s: %s\n", s, strerror(errno));
}
#define perror(errnum) posix_perror(errnum)
#endif
#endif

20
include/compat/stdlib.h → include/stdlib.h
View File

@@ -3,40 +3,24 @@
* Public domain * Public domain
*/ */
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/stdlib.h>
#else
#include <../include/stdlib.h>
#endif
#else
#include_next <stdlib.h> #include_next <stdlib.h>
#endif
#ifndef LIBCRYPTOCOMPAT_STDLIB_H #ifndef LIBCRYPTOCOMPAT_STDLIB_H
#define LIBCRYPTOCOMPAT_STDLIB_H #define LIBCRYPTOCOMPAT_STDLIB_H
#include <sys/types.h> #include <sys/stat.h>
#include <sys/time.h>
#include <stdint.h> #include <stdint.h>
#ifndef HAVE_ARC4RANDOM_BUF #ifndef HAVE_ARC4RANDOM_BUF
uint32_t arc4random(void); uint32_t arc4random(void);
void arc4random_buf(void *_buf, size_t n); void arc4random_buf(void *_buf, size_t n);
uint32_t arc4random_uniform(uint32_t upper_bound);
#endif
#ifndef HAVE_FREEZERO
void freezero(void *ptr, size_t sz);
#endif #endif
#ifndef HAVE_REALLOCARRAY #ifndef HAVE_REALLOCARRAY
void *reallocarray(void *, size_t, size_t); void *reallocarray(void *, size_t, size_t);
#endif #endif
#ifndef HAVE_RECALLOCARRAY
void *recallocarray(void *, size_t, size_t, size_t);
#endif
#ifndef HAVE_STRTONUM #ifndef HAVE_STRTONUM
long long strtonum(const char *nptr, long long minval, long long strtonum(const char *nptr, long long minval,
long long maxval, const char **errstr); long long maxval, const char **errstr);

22
include/compat/string.h → include/string.h
View File

@@ -3,34 +3,20 @@
* string.h compatibility shim * string.h compatibility shim
*/ */
#include_next <string.h>
#ifndef LIBCRYPTOCOMPAT_STRING_H #ifndef LIBCRYPTOCOMPAT_STRING_H
#define LIBCRYPTOCOMPAT_STRING_H #define LIBCRYPTOCOMPAT_STRING_H
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/string.h>
#else
#include <../include/string.h>
#endif
#else
#include_next <string.h>
#endif
#include <sys/types.h> #include <sys/types.h>
#if defined(__sun) || defined(_AIX) || defined(__hpux) #if defined(__sun) || defined(__hpux)
/* Some functions historically defined in string.h were placed in strings.h by /* Some functions historically defined in string.h were placed in strings.h by
* SUS. Use the same hack as OS X and FreeBSD use to work around on AIX, * SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris and HPUX.
* Solaris, and HPUX.
*/ */
#include <strings.h> #include <strings.h>
#endif #endif
#ifndef HAVE_STRCASECMP
int strcasecmp(const char *s1, const char *s2);
int strncasecmp(const char *s1, const char *s2, size_t len);
#endif
#ifndef HAVE_STRLCPY #ifndef HAVE_STRLCPY
size_t strlcpy(char *dst, const char *src, size_t siz); size_t strlcpy(char *dst, const char *src, size_t siz);
#endif #endif

0
include/compat/sys/ioctl.h → include/sys/ioctl.h
View File

0
include/compat/sys/mman.h → include/sys/mman.h
View File

0
include/compat/sys/select.h → include/sys/select.h
View File

10
include/sys/socket.h Normal file
View File

@@ -0,0 +1,10 @@
/*
* Public domain
* sys/socket.h compatibility shim
*/
#ifndef _WIN32
#include_next <sys/socket.h>
#else
#include <win32netcompat.h>
#endif

10
include/sys/times.h Normal file
View File

@@ -0,0 +1,10 @@
/*
* Public domain
* sys/times.h compatibility shim
*/
#ifndef _WIN32
#include_next <sys/times.h>
#else
#include <win32netcompat.h>
#endif

21
include/sys/types.h Normal file
View File

@@ -0,0 +1,21 @@
/*
* Public domain
* sys/types.h compatibility shim
*/
#include_next <sys/types.h>
#ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H
#define LIBCRYPTOCOMPAT_SYS_TYPES_H
#include <stdint.h>
#ifdef __MINGW32__
#include <_bsd_types.h>
#endif
#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
# define __bounded__(x, y, z)
#endif
#endif

0
include/compat/sys/uio.h → include/sys/uio.h
View File

38
include/syslog.h Normal file
View File

@@ -0,0 +1,38 @@
/*
* Public domain
* syslog.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_SYSLOG_H
#define LIBCRYPTOCOMPAT_SYSLOG_H
#ifndef _WIN32
#include_next <syslog.h>
#else
/* priorities */
#define LOG_EMERG 0
#define LOG_ALERT 1
#define LOG_CRIT 2
#define LOG_ERR 3
#define LOG_WARNING 4
#define LOG_NOTICE 5
#define LOG_INFO 6
#define LOG_DEBUG 7
/* facility codes */
#define LOG_KERN (0<<3)
#define LOG_USER (1<<3)
#define LOG_DAEMON (3<<3)
/* flags for openlog */
#define LOG_PID 0x01
#define LOG_CONS 0x02
extern void openlog(const char *ident, int option, int facility);
extern void syslog(int priority, const char *fmt, ...)
__attribute__ ((__format__ (__printf__, 2, 3)));
extern void closelog (void);
#endif
#endif /* LIBCRYPTOCOMPAT_SYSLOG_H */

19
include/unistd.h Normal file
View File

@@ -0,0 +1,19 @@
/*
* Public domain
* unistd.h compatibility shim
*/
#include_next <unistd.h>
#ifndef LIBCRYPTOCOMPAT_UNISTD_H
#define LIBCRYPTOCOMPAT_UNISTD_H
#ifndef HAVE_GETENTROPY
int getentropy(void *buf, size_t buflen);
#endif
#ifndef HAVE_ISSETUGID
int issetugid(void);
#endif
#endif

144
crypto/compat/posix_win.c → include/win32netcompat.h
View File

@@ -2,86 +2,23 @@
* Public domain * Public domain
* *
* BSD socket emulation code for Winsock2 * BSD socket emulation code for Winsock2
* File IO compatibility shims
* Brent Cook <bcook@openbsd.org> * Brent Cook <bcook@openbsd.org>
*/ */
#define NO_REDEF_POSIX_FUNCTIONS #ifndef LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
#define LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
#ifdef _WIN32
#include <windows.h>
#include <ws2tcpip.h> #include <ws2tcpip.h>
#define SHUT_RDWR SD_BOTH
#define SHUT_RD SD_RECEIVE
#define SHUT_WR SD_SEND
#include <errno.h> #include <errno.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h> #include <unistd.h>
void
posix_perror(const char *s)
{
fprintf(stderr, "%s: %s\n", s, strerror(errno));
}
FILE *
posix_fopen(const char *path, const char *mode)
{
if (strchr(mode, 'b') == NULL) {
char *bin_mode = NULL;
if (asprintf(&bin_mode, "%sb", mode) == -1)
return NULL;
FILE *f = fopen(path, bin_mode);
free(bin_mode);
return f;
}
return fopen(path, mode);
}
int
posix_open(const char *path, ...)
{
va_list ap;
int mode = 0;
int flags;
va_start(ap, path);
flags = va_arg(ap, int);
if (flags & O_CREAT)
mode = va_arg(ap, int);
va_end(ap);
flags |= O_BINARY;
if (flags & O_CLOEXEC) {
flags &= ~O_CLOEXEC;
flags |= O_NOINHERIT;
}
flags &= ~O_NONBLOCK;
return open(path, flags, mode);
}
char *
posix_fgets(char *s, int size, FILE *stream)
{
char *ret = fgets(s, size, stream);
if (ret != NULL) {
size_t end = strlen(ret);
if (end >= 2 && ret[end - 2] == '\r' && ret[end - 1] == '\n') {
ret[end - 2] = '\n';
ret[end - 1] = '\0';
}
}
return ret;
}
int
posix_rename(const char *oldpath, const char *newpath)
{
return MoveFileEx(oldpath, newpath, MOVEFILE_REPLACE_EXISTING) ? 0 : -1;
}
static int static int
wsa_errno(int err) wsa_errno(int err)
{ {
@@ -132,9 +69,6 @@ wsa_errno(int err)
case WSAEAFNOSUPPORT: case WSAEAFNOSUPPORT:
errno = EAFNOSUPPORT; errno = EAFNOSUPPORT;
break; break;
case WSAEBADF:
errno = EBADF;
break;
case WSAENETRESET: case WSAENETRESET:
case WSAENOTCONN: case WSAENOTCONN:
case WSAECONNABORTED: case WSAECONNABORTED:
@@ -147,7 +81,7 @@ wsa_errno(int err)
return -1; return -1;
} }
int static inline int
posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen) posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
{ {
int rc = connect(sockfd, addr, addrlen); int rc = connect(sockfd, addr, addrlen);
@@ -156,42 +90,50 @@ posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
return rc; return rc;
} }
int #define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen)
static inline int
posix_close(int fd) posix_close(int fd)
{ {
if (closesocket(fd) == SOCKET_ERROR) { if (closesocket(fd) == SOCKET_ERROR) {
int err = WSAGetLastError(); int err = WSAGetLastError();
return (err == WSAENOTSOCK || err == WSAEBADF) ? return err == WSAENOTSOCK ?
close(fd) : wsa_errno(err); close(fd) : wsa_errno(err);
} }
return 0; return 0;
} }
ssize_t #define close(fd) posix_close(fd)
static inline ssize_t
posix_read(int fd, void *buf, size_t count) posix_read(int fd, void *buf, size_t count)
{ {
ssize_t rc = recv(fd, buf, count, 0); ssize_t rc = recv(fd, buf, count, 0);
if (rc == SOCKET_ERROR) { if (rc == SOCKET_ERROR) {
int err = WSAGetLastError(); int err = WSAGetLastError();
return (err == WSAENOTSOCK || err == WSAEBADF) ? return err == WSAENOTSOCK ?
read(fd, buf, count) : wsa_errno(err); read(fd, buf, count) : wsa_errno(err);
} }
return rc; return rc;
} }
ssize_t #define read(fd, buf, count) posix_read(fd, buf, count)
static inline ssize_t
posix_write(int fd, const void *buf, size_t count) posix_write(int fd, const void *buf, size_t count)
{ {
ssize_t rc = send(fd, buf, count, 0); ssize_t rc = send(fd, buf, count, 0);
if (rc == SOCKET_ERROR) { if (rc == SOCKET_ERROR) {
int err = WSAGetLastError(); int err = WSAGetLastError();
return (err == WSAENOTSOCK || err == WSAEBADF) ? return err == WSAENOTSOCK ?
write(fd, buf, count) : wsa_errno(err); write(fd, buf, count) : wsa_errno(err);
} }
return rc; return rc;
} }
int #define write(fd, buf, count) posix_write(fd, buf, count)
static inline int
posix_getsockopt(int sockfd, int level, int optname, posix_getsockopt(int sockfd, int level, int optname,
void *optval, socklen_t *optlen) void *optval, socklen_t *optlen)
{ {
@@ -200,7 +142,10 @@ posix_getsockopt(int sockfd, int level, int optname,
} }
int #define getsockopt(sockfd, level, optname, optval, optlen) \
posix_getsockopt(sockfd, level, optname, optval, optlen)
static inline int
posix_setsockopt(int sockfd, int level, int optname, posix_setsockopt(int sockfd, int level, int optname,
const void *optval, socklen_t optlen) const void *optval, socklen_t optlen)
{ {
@@ -208,34 +153,9 @@ posix_setsockopt(int sockfd, int level, int optname,
return rc == 0 ? 0 : wsa_errno(WSAGetLastError()); return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
} }
#ifdef _MSC_VER #define setsockopt(sockfd, level, optname, optval, optlen) \
struct timezone; posix_setsockopt(sockfd, level, optname, optval, optlen)
int gettimeofday(struct timeval * tp, struct timezone * tzp)
{ #endif
/*
* Note: some broken versions only have 8 trailing zero's, the correct
* epoch has 9 trailing zero's
*/
static const uint64_t EPOCH = ((uint64_t) 116444736000000000ULL);
SYSTEMTIME system_time;
FILETIME file_time;
uint64_t time;
GetSystemTime(&system_time);
SystemTimeToFileTime(&system_time, &file_time);
time = ((uint64_t)file_time.dwLowDateTime);
time += ((uint64_t)file_time.dwHighDateTime) << 32;
tp->tv_sec = (long)((time - EPOCH) / 10000000L);
tp->tv_usec = (long)(system_time.wMilliseconds * 1000);
return 0;
}
unsigned int sleep(unsigned int seconds)
{
Sleep(seconds * 1000);
return seconds;
}
#endif #endif

8
libcrypto.pc.in
View File

@@ -5,11 +5,11 @@ exec_prefix=@exec_prefix@
libdir=@libdir@ libdir=@libdir@
includedir=@includedir@ includedir=@includedir@
Name: LibreSSL-libcrypto Name: LibreSSL-libssl
Description: LibreSSL cryptography library Description: Secure Sockets Layer and cryptography libraries
Version: @VERSION@ Version: @LIBCRYPTO_VERSION@
Requires: Requires:
Conflicts: Conflicts:
Libs: -L${libdir} -lcrypto Libs: -L${libdir} -lcrypto
Libs.private: @LIBS@ @PLATFORM_LDADD@ Libs.private: @LIBS@
Cflags: -I${includedir} Cflags: -I${includedir}

4
libssl.pc.in
View File

@@ -7,10 +7,10 @@ includedir=@includedir@
Name: LibreSSL-libssl Name: LibreSSL-libssl
Description: Secure Sockets Layer and cryptography libraries Description: Secure Sockets Layer and cryptography libraries
Version: @VERSION@ Version: @LIBSSL_VERSION@
Requires: Requires:
Requires.private: libcrypto Requires.private: libcrypto
Conflicts: Conflicts:
Libs: -L${libdir} -lssl Libs: -L${libdir} -lssl
Libs.private: @LIBS@ -lcrypto @PLATFORM_LDADD@ Libs.private: @LIBS@ -lcrypto
Cflags: -I${includedir} Cflags: -I${includedir}

13
libtls-standalone/COPYING
View File

@@ -1,13 +0,0 @@
libtls is ISC licensed as per OpenBSD's normal licensing policy.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

0
libtls-standalone/ChangeLog
View File

Some files were not shown because too many files have changed in this diff Show More