add 2.1.3 notes

The current NetBSD release, 6.1.5, fails to reseed arc4random fork. Work
around it by providing arc4random/getentropy shims. Revisit when NetBSD
7 is available.

.travis.yml

@@ -0,0 +1,8 @@
+language: c
+compiler:
+        - clang
+        - gcc
+os:
+        - linux
+        - osx
+script: "./dist.sh"

ChangeLog

@@ -28,6 +28,48 @@ history is also available from Git.
 
 LibreSSL Portable Release Notes:
 
+2.1.3 - Security update and OS support improvements
+	* Fixed various memory leaks in DTLS, including fixes for
+	  CVE-2015-0206.
+
+	* Added Application-Layer Protocol Negotiation (ALPN) support.
+
+	* Removed GOST R 34.10-94 signature authentication.
+
+	* Removed nonfunctional Netscape browser-hang workaround code.
+
+	* Simplfied and refactored SSL/DTLS handshake code.
+
+	* Added SHA256 Camellia cipher suites for TLS 1.2 from RFC 5932.
+
+	* Hide timing info about padding errors during handshakes.
+
+	* Improved libtls support for non-blocking sockets, added randomized
+	  session ID contexts. Work is ongoing with this library - feedback
+	  and potential use-cases are welcome.
+
+	* Support building Windows DLLs.
+	  Thanks to Jan Engelhard.
+
+	* Packaged config wrapper for better compatibility with OpenSSL-based
+	  build systems.
+	  Thanks to @technion from github
+
+	* Ensure the stack is marked non-executable for assembly sections.
+	  Thanks to Anthony G. Bastile.
+
+	* Enable extra compiler hardening flags by default, where applicable.
+	  The default set of hardening features can vary by OS to OS, so
+	  feedback is welcome on this. To disable the default hardening flags,
+	  specify '--disable-hardening' during configure.
+	  Thanks to Jim Barlow
+
+	* Initial HP-UX support, tested with HP-UX 11.31 ia64
+	  Thanks to Kinichiro Inoguchi
+
+	* Initial NetBSD support, tested with NetBSD 6.1.5 x86_64
+	  Imported from OpenNTPD, thanks to @gitisihara from github
+
 2.1.2 - Many new features and improvements
 	* Added reworked GOST cipher suite support
 	   thanks to Dmitry Eremin-Solenikov

Makefile.am

@@ -8,4 +8,4 @@ if ENABLE_LIBTLS
 pkgconfig_DATA += libtls.pc
 endif
 
-EXTRA_DIST = VERSION
+EXTRA_DIST = VERSION config scripts

VERSION

@@ -1 +1 @@
-2.1.2
+2.1.3

configure.ac

@@ -22,18 +22,26 @@ case $host_os in
 		HOST_ABI=elf
 		AC_SUBST([PROG_LDADD], ['-lthr'])
 		;;
+	*hpux*)
+		HOST_OS=hpux;
+		CFLAGS="$CFLAGS -mlp64 -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
+		AC_SUBST([PLATFORM_LDADD], ['-lpthread'])
+		;;
 	*linux*)
 		HOST_OS=linux
 		HOST_ABI=elf
 		CFLAGS="$CFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
 		;;
+	*netbsd*)
+		HOST_OS=netbsd
+		;;
 	*openbsd*)
 		HOST_ABI=elf
 		AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
 		;;
 	*mingw*)
 		HOST_OS=win
-		CFLAGS="$CFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600 -DOPENSSL_NO_SPEED -D__USE_MINGW_ANSI_STDIO"
+		CFLAGS="$CFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600 -DOPENSSL_NO_SPEED -DNO_SYSLOG -D__USE_MINGW_ANSI_STDIO"
 		AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
 		;;
 	*solaris*)
@@ -45,9 +53,17 @@ case $host_os in
 	*) ;;
 esac
 
+case $host_cpu in
+	*sparc*)
+		CFLAGS="$CFLAGS -D__STRICT_ALIGNMENT"
+		;;
+esac
+
 AM_CONDITIONAL([HOST_DARWIN],  [test x$HOST_OS = xdarwin])
 AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
+AM_CONDITIONAL([HOST_HPUX],    [test x$HOST_OS = xhpux])
 AM_CONDITIONAL([HOST_LINUX],   [test x$HOST_OS = xlinux])
+AM_CONDITIONAL([HOST_NETBSD],  [test x$HOST_OS = xnetbsd])
 AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
 AM_CONDITIONAL([HOST_WIN],     [test x$HOST_OS = xwin])
 
@@ -57,12 +73,102 @@ AC_CHECK_FUNC([clock_gettime],,
 AC_CHECK_FUNC([dl_iterate_phdr],,
 	[AC_SEARCH_LIBS([dl_iterate_phdr],[dl])])
 
-AM_PROG_AS
 AC_PROG_CC
 AC_PROG_LIBTOOL
 AC_PROG_CC_STDC
 AM_PROG_CC_C_O
 
+AC_MSG_CHECKING([if compiling with clang])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
+#ifndef __clang__
+	not clang
+#endif
+	]])],
+	[CLANG=yes],
+	[CLANG=no]
+)
+AC_MSG_RESULT([$CLANG])
+AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments])
+
+# We want to check for compiler flag support. Prior to clang v5.1, there was no
+# way to make clang's "argument unused" warning fatal.  So we invoke the
+# compiler through a wrapper script that greps for this message.
+saved_CC="$CC"
+saved_LD="$LD"
+flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
+CC="$flag_wrap $CC"
+LD="$flag_wrap $LD"
+
+AC_ARG_ENABLE([hardening],
+	[AS_HELP_STRING([--disable-hardening],
+			[Disable options to frustrate memory corruption exploits])],
+	[], [enable_hardening=yes])
+
+AC_DEFUN([CHECK_CFLAG], [
+	 AC_LANG_ASSERT(C)
+	 AC_MSG_CHECKING([if $saved_CC supports "$1"])
+	 old_cflags="$CFLAGS"
+	 CFLAGS="$1 -Wall -Werror"
+	 AC_TRY_LINK([
+		      #include <stdio.h>
+		      ],
+		     [printf("Hello")],
+		     AC_MSG_RESULT([yes])
+		     CFLAGS=$old_cflags
+		     HARDEN_CFLAGS="$HARDEN_CFLAGS $1",
+		     AC_MSG_RESULT([no])
+		     CFLAGS=$old_cflags
+		     [$2])
+])
+
+AC_DEFUN([CHECK_LDFLAG], [
+	 AC_LANG_ASSERT(C)
+	 AC_MSG_CHECKING([if $saved_LD supports "$1"])
+	 old_ldflags="$LDFLAGS"
+	 LDFLAGS="$1 -Wall -Werror"
+	 AC_TRY_LINK([
+		      #include <stdio.h>
+		      ],
+		     [printf("Hello")],
+		     AC_MSG_RESULT([yes])
+		     LDFLAGS=$old_ldflags
+		     HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1",
+		     AC_MSG_RESULT([no])
+		     LDFLAGS=$old_ldflags
+		     [$2])
+])
+
+AS_IF([test "x$enable_hardening" = "xyes"], [
+	# Tell GCC to NOT optimize based on signed arithmetic overflow
+	CHECK_CFLAG([[-fno-strict-overflow]])
+
+	# _FORTIFY_SOURCE replaces builtin functions with safer versions.
+	CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
+
+	# Enable read only relocations
+	CHECK_LDFLAG([[-Wl,-z,relro]])
+	CHECK_LDFLAG([[-Wl,-z,now]])
+])
+
+# Use stack-protector-strong if available; if not, fallback to
+# stack-protector-all which is considered to be overkill
+AS_IF([test "x$enable_hardening" = "xyes" -a "x$HOST_OS" != "xwin"], [
+	CHECK_CFLAG([[-fstack-protector-strong]],
+		CHECK_CFLAG([[-fstack-protector-all]],
+			AC_MSG_WARN([compiler does not appear to support stack protection])
+		)
+	)
+])
+
+
+# Restore CC, LD
+CC="$saved_CC"
+LD="$saved_LD"
+
+CFLAGS="$CFLAGS $HARDEN_CFLAGS"
+LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
+
+# Removing the dependency on -Wno-pointer-sign should be a goal
 save_cflags="$CFLAGS"
 CFLAGS=-Wno-pointer-sign
 AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
@@ -73,16 +179,18 @@ AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
 )
 CFLAGS="$save_cflags $AM_CFLAGS"
 
-AC_MSG_CHECKING([if compiling with clang])
+save_cflags="$CFLAGS"
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
+CFLAGS=
-#ifndef __clang__
+AC_MSG_CHECKING([whether AS supports .note.GNU-stack])
-	not clang
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
-#endif
+__asm__(".section .note.GNU-stack,\"\",@progbits");]])],
-	]])],
 	[AC_MSG_RESULT([yes])]
-	[CLANG_FLAGS=-Qunused-arguments],
+	[AM_CFLAGS=-DHAVE_GNU_STACK],
 	[AC_MSG_RESULT([no])]
 )
+CFLAGS="$save_cflags $AM_CFLAGS"
+AM_PROG_AS
+
 CFLAGS="$CFLAGS $CLANG_CFLAGS"
 LDFLAGS="$LDFLAGS $CLANG_FLAGS"
 
@@ -110,7 +218,10 @@ AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp"
 
 # overrides for arc4random_buf implementations with known issues
 AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
-	[test "x$HOST_OS" != xdarwin -a "x$HOST_OS" != xfreebsd -a "x$ac_cv_func_arc4random_buf" = xyes])
+	[test "x$HOST_OS" != xdarwin \
+	   -a "x$HOST_OS" != xfreebsd \
+	   -a "x$HOST_OS" != xnetbsd \
+	   -a "x$ac_cv_func_arc4random_buf" = xyes])
 
 AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
 	AC_LINK_IFELSE([AC_LANG_PROGRAM([[

crypto/Makefile.am

@@ -8,7 +8,7 @@ lib_LTLIBRARIES = libcrypto.la
 
 EXTRA_DIST = VERSION
 
-libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@
+libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
 libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la
 libcrypto_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
 libcrypto_la_CFLAGS += -DOPENSSL_NO_HW_PADLOCK
@@ -74,9 +74,15 @@ if !HAVE_GETENTROPY
 if HOST_FREEBSD
 libcompat_la_SOURCES += compat/getentropy_freebsd.c
 endif
+if HOST_HPUX
+libcompat_la_SOURCES += compat/getentropy_hpux.c
+endif
 if HOST_LINUX
 libcompat_la_SOURCES += compat/getentropy_linux.c
 endif
+if HOST_NETBSD
+libcompat_la_SOURCES += compat/getentropy_netbsd.c
+endif
 if HOST_DARWIN
 libcompat_la_SOURCES += compat/getentropy_osx.c
 endif
@@ -94,6 +100,9 @@ if !HAVE_ISSETUGID
 if HOST_LINUX
 libcompat_la_SOURCES += compat/issetugid_linux.c
 endif
+if HOST_HPUX
+libcompat_la_SOURCES += compat/issetugid_hpux.c
+endif
 if HOST_WIN
 libcompat_la_SOURCES += compat/issetugid_win.c
 endif
@@ -102,7 +111,9 @@ endif
 noinst_HEADERS =
 noinst_HEADERS += compat/arc4random.h
 noinst_HEADERS += compat/arc4random_freebsd.h
+noinst_HEADERS += compat/arc4random_hpux.h
 noinst_HEADERS += compat/arc4random_linux.h
+noinst_HEADERS += compat/arc4random_netbsd.h
 noinst_HEADERS += compat/arc4random_osx.h
 noinst_HEADERS += compat/arc4random_solaris.h
 noinst_HEADERS += compat/arc4random_win.h

crypto/compat/arc4random.h

@@ -6,9 +6,15 @@
 #if defined(__FreeBSD__)
 #include "arc4random_freebsd.h"
 
+#elif defined(__hpux)
+#include "arc4random_hpux.h"
+
 #elif defined(__linux__)
 #include "arc4random_linux.h"
 
+#elif defined(__NetBSD__)
+#include "arc4random_netbsd.h"
+
 #elif defined(__APPLE__)
 #include "arc4random_osx.h"
 

crypto/compat/issetugid_hpux.c

@@ -0,0 +1,26 @@
+#include <stdio.h>
+#include <unistd.h>
+#include <sys/pstat.h>
+
+/*
+ * HP-UX does not have issetugid().
+ * This experimental implementation uses pstat_getproc() and get*id().
+ * First, try pstat_getproc() and check PS_CHANGEDPRIV bit of pst_flag. 
+ * In case unsuccessful calling pstat_getproc(), using get*id().
+ *
+ */
+int issetugid(void)
+{
+	struct pst_status buf;
+	if(pstat_getproc(&buf, sizeof(buf), 0, getpid()) != 1) {
+	    perror("pstat_getproc()");
+	} else {
+	    if(buf.pst_flag & PS_CHANGEDPRIV)
+		return 1;
+	}
+	if(getuid() != geteuid())
+	    return 1;
+	if(getgid() != getegid())
+	    return 1;
+	return 0;
+}

libcrypto.pc.in

@@ -7,7 +7,7 @@ includedir=@includedir@
 
 Name: LibreSSL-libssl
 Description: Secure Sockets Layer and cryptography libraries
-Version: @VERSION@
+Version: @LIBCRYPTO_VERSION@
 Requires:
 Conflicts:
 Libs: -L${libdir} -lcrypto

libssl.pc.in

@@ -7,7 +7,7 @@ includedir=@includedir@
 
 Name: LibreSSL-libssl
 Description: Secure Sockets Layer and cryptography libraries
-Version: @VERSION@
+Version: @LIBSSL_VERSION@
 Requires:
 Requires.private: libcrypto
 Conflicts:

libtls.pc.in

@@ -7,7 +7,7 @@ includedir=@includedir@
 
 Name: LibreSSL-libtls
 Description: Secure communications using the TLS socket protocol.
-Version: @VERSION@
+Version: @LIBTLS_VERSION@
 Requires:
 Requires.private: libcrypto libssl
 Conflicts:

scripts/wrap-compiler-for-flag-check

@@ -0,0 +1,31 @@
+#!/bin/sh
+
+# This file is in the public domain.
+# https://github.com/kmcallister/autoharden/blob/c5c7842f39c2f8d19836bb5427d6479db4436d62/LICENSE
+#
+# From kmcallister: 
+# https://github.com/kmcallister/autoharden/blob/efaf5a16612589808c276a11536ea9a47071f74b/scripts/wrap-compiler-for-flag-check
+
+# Prior to clang v5.1, there was no way to make
+# clang's "argument unused" warning fatal.  This
+# wrapper script that greps for this warning message. Newer clang's have no issues.
+#
+# Ideally the search string would also include 'clang: ' but this output might
+# depend on clang's argv[0].
+#
+set -o errexit
+set -o nounset
+
+if out=`"$@" 2>&1`; then
+  echo "$out"
+  if echo "$out" | grep 'warning: argument unused' >/dev/null; then
+    echo "$0: found clang warning"
+    exit 1
+  else
+    exit 0
+  fi
+else
+  code=$?
+  echo "$out"
+  exit $code
+fi

ssl/Makefile.am

@@ -4,8 +4,9 @@ lib_LTLIBRARIES = libssl.la
 
 EXTRA_DIST = VERSION
 
-libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@
+libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined
 libssl_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
+libssl_la_LIBADD = ../crypto/libcrypto.la
 
 libssl_la_SOURCES = bio_ssl.c
 libssl_la_SOURCES += d1_both.c

tls/Makefile.am

@@ -5,8 +5,9 @@ lib_LTLIBRARIES = libtls.la
 
 EXTRA_DIST = VERSION
 
-libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@
+libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined
 libtls_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
+libtls_la_LIBADD = ../crypto/libcrypto.la ../ssl/libssl.la $(PLATFORM_LDADD)
 
 libtls_la_SOURCES = tls.c
 libtls_la_SOURCES += tls_client.c

update.sh

@@ -86,7 +86,7 @@ copy_hdrs() {
 	done
 }
 
-copy_hdrs crypto "stack/stack.h lhash/lhash.h stack/safestack.h opensslv.h
+copy_hdrs crypto "stack/stack.h lhash/lhash.h stack/safestack.h
 	ossl_typ.h err/err.h crypto.h comp/comp.h x509/x509.h buffer/buffer.h
 	objects/objects.h asn1/asn1.h bn/bn.h ec/ec.h ecdsa/ecdsa.h
 	ecdh/ecdh.h rsa/rsa.h sha/sha.h x509/x509_vfy.h pkcs7/pkcs7.h pem/pem.h
@@ -102,6 +102,10 @@ copy_hdrs crypto "stack/stack.h lhash/lhash.h stack/safestack.h opensslv.h
 
 copy_hdrs ssl "srtp.h ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h"
 
+sed -e "s/\"LibreSSL .*\"/\"LibreSSL ${libressl_version}\"/" \
+	$libssl_src/src/crypto/opensslv.h > include/openssl/opensslv.h.lcl
+$MV include/openssl/opensslv.h.lcl include/openssl/opensslv.h
+
 # copy libcrypto source
 echo copying libcrypto source
 rm -f crypto/*.c crypto/*.h
@@ -121,10 +125,20 @@ $CP crypto/compat/ui_openssl_win.c crypto/ui
 asm_src=$libssl_src/src/crypto
 gen_asm_stdout() {
 	perl $asm_src/$2 $1 > $3.tmp
+	[[ $1 == "elf" ]] && cat <<-EOF >> $3.tmp
+	#if defined(HAVE_GNU_STACK)
+	.section .note.GNU-stack,"",%progbits
+	#endif
+	EOF
 	$MV $3.tmp $3
 }
 gen_asm() {
 	perl $asm_src/$2 $1 $3.tmp
+	[[ $1 == "elf" ]] && cat <<-EOF >> $3.tmp
+	#if defined(HAVE_GNU_STACK)
+	.section .note.GNU-stack,"",%progbits
+	#endif
+	EOF
 	$MV $3.tmp $3
 }
 for abi in elf macosx; do