generic-library/libreSSL
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: generic-library:v2.1.4
Branches Tags
generic-library:main generic-library:OPENBSD_6_2 generic-library:OPENBSD_6_1 generic-library:OPENBSD_6_0 generic-library:OPENBSD_5_9 generic-library:OPENBSD_5_8 generic-library:OPENBSD_5_7 generic-library:OPENBSD_5_6
generic-library:v2.6.4 generic-library:v2.6.3 generic-library:v2.6.2 generic-library:v2.6.1 generic-library:v2.6.0 generic-library:v2.5.5 generic-library:v2.5.4 generic-library:v2.5.3 generic-library:v2.5.2 generic-library:v2.5.1 generic-library:v2.4.5 generic-library:v2.3.10 generic-library:v2.3.9 generic-library:v2.4.4 generic-library:v2.5.0 generic-library:v2.3.8 generic-library:v2.4.3 generic-library:v2.3.7 generic-library:v2.4.2 generic-library:v2.4.1 generic-library:v2.3.6 generic-library:v2.2.9 generic-library:v2.4.0 generic-library:v2.3.5 generic-library:v2.2.8 generic-library:v2.2.7 generic-library:v2.3.4 generic-library:v2.3.3 generic-library:v2.1.10 generic-library:v2.2.6 generic-library:v2.3.2 generic-library:v2.2.5 generic-library:v2.1.9 generic-library:v2.3.1 generic-library:v2.0.6 generic-library:v2.1.8 generic-library:v2.2.4 generic-library:v2.3.0 generic-library:v2.2.3 generic-library:v2.2.2 generic-library:v2.2.1 generic-library:v2.2.0 generic-library:v2.1.7 generic-library:v2.1.6 generic-library:v2.1.5 generic-library:v2.1.4 generic-library:v2.1.3 generic-library:v2.1.2
...
compare: generic-library:OPENBSD_5_8
Branches Tags
generic-library:OPENBSD_6_2 generic-library:main generic-library:OPENBSD_6_1 generic-library:OPENBSD_6_0 generic-library:OPENBSD_5_9 generic-library:OPENBSD_5_8 generic-library:OPENBSD_5_7 generic-library:OPENBSD_5_6
generic-library:v2.6.4 generic-library:v2.6.3 generic-library:v2.6.2 generic-library:v2.6.1 generic-library:v2.6.0 generic-library:v2.5.5 generic-library:v2.5.4 generic-library:v2.5.3 generic-library:v2.5.2 generic-library:v2.5.1 generic-library:v2.4.5 generic-library:v2.3.10 generic-library:v2.3.9 generic-library:v2.4.4 generic-library:v2.5.0 generic-library:v2.3.8 generic-library:v2.4.3 generic-library:v2.3.7 generic-library:v2.4.2 generic-library:v2.4.1 generic-library:v2.3.6 generic-library:v2.2.9 generic-library:v2.4.0 generic-library:v2.3.5 generic-library:v2.2.8 generic-library:v2.2.7 generic-library:v2.3.4 generic-library:v2.3.3 generic-library:v2.1.10 generic-library:v2.2.6 generic-library:v2.3.2 generic-library:v2.2.5 generic-library:v2.1.9 generic-library:v2.3.1 generic-library:v2.0.6 generic-library:v2.1.8 generic-library:v2.2.4 generic-library:v2.3.0 generic-library:v2.2.3 generic-library:v2.2.2 generic-library:v2.2.1 generic-library:v2.2.0 generic-library:v2.1.7 generic-library:v2.1.6 generic-library:v2.1.5 generic-library:v2.1.4 generic-library:v2.1.3 generic-library:v2.1.2

154 Commits
v2.1.4 ... OPENBSD_5_

Author SHA1 Message Date
Brent Cook
9ce9c4d2e8 update changelog to get the right openbsd source tags 2016-06-07 07:03:19 -05:00
Brent Cook
5dacd8e02c update changelog 2016-06-06 05:04:55 -05:00
Brent Cook
c0cb9e9ae1 Update changelog 2016-05-30 09:07:24 -05:00
Brent Cook
17bf566573 set windows binary OPENSSLDIR to something plausible 2016-05-30 09:04:43 -05:00
Brent Cook
fa41ca5182 moved patch upstream 2016-05-03 09:29:38 -05:00
Brent Cook
bb9c1f2838 prefer limits.h over sys/limits.h 2016-05-03 02:38:40 -05:00
Brent Cook
2169962cb4 update Changelog 2016-05-03 02:38:40 -05:00
Brent Cook
9092f35957 add constant_time_locl.h 2016-05-02 22:46:25 -05:00
Brent Cook
92902f7040 update changelog for 2.2.6 2016-01-28 12:17:23 -06:00
Brent Cook
271ad075dd update ChangeLog for 2.2.5 2015-12-05 13:15:46 -06:00
Brent Cook
248af93e3a update changelog for 2.2.4 2015-10-15 16:13:58 -05:00
Jeremy Huddleston Sequoia
97478266ca Use bundled headers instead of installed headers when building 
The build system incorrectly set include directives in AM_CFLAGS which
causes them to be placed after the configured CPPFLAGS.  Thus, if
a user or packaging system sets CPPFLAGS to a location that has
libressl or openssl headers installed, they will be used instead
of the bundled versions.  This corrects that issue by setting up
the variables correctly.

https://github.com/libressl-portable/portable/issues/150

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
 2015-10-15 15:23:44 -05:00
Brent Cook
0e7a252d0d update changelog for 2.2.4 2015-09-11 17:11:37 -05:00
Brent Cook
0c125d1ee3 bump version to 2.2.4 2015-09-11 17:10:11 -05:00
Brent Cook
e953fdbb96 add -lrt check for linux 2015-09-11 16:52:03 -05:00
Brent Cook
14fbc41003 speed up builds without killing os x perhaps 2015-09-11 16:52:03 -05:00
Brent Cook
f927fc2a90 add cmake test support 2015-09-11 16:52:03 -05:00
Will Tange
5c164446dd Small README typo 2015-09-11 16:38:14 -05:00
Brent Cook
b8853fd092 ensure headers are sanitized before release 
When a public header is removed, we need to ensure it gets removed
in the release distribution as well. Also, remove nonexistent *.he
exclude.
 2015-09-11 16:37:59 -05:00
Brent Cook
aad86fe1f9 remove support for old MSVC versions, KNF 2015-09-11 16:36:42 -05:00
Brent Cook
72039968e2 Do not build lib-objects targets if we are just building static libs. 
This confuses some cmake targets.
 2015-09-11 16:36:26 -05:00
Brent Cook
9c2f0ef51c updates for MSVC 2015's degenerate headers 
Note that 'perror' moves from stdio.h to stdlib.h, and 'rename' moves
from stdio.h to io.h. Also, standard C includes move from the compiler
to the Windows SDK, which changes the base path for the include files.
 2015-09-11 16:36:18 -05:00
Brent Cook
e13a39a5a7 distribute strcasecmp.c 2015-09-11 16:36:11 -05:00
Brent Cook
9c9a9858e8 disable shared CMake builds for OS X / Windows for now 2015-09-11 16:36:03 -05:00
Brent Cook
90f851568a adjust order for ! .gitignore rule precedence 2015-09-11 16:35:55 -05:00
Brent Cook
6f7ad9c6d6 update messages about Cygwin support 2015-09-11 16:35:48 -05:00
Brent Cook
52582562d8 distribute include and man CMakefiles 2015-09-11 16:35:38 -05:00
Brent Cook
da424147c9 clarify reporters 2015-08-28 23:24:28 -05:00
Brent Cook
61ad89df15 update contributor attributions 2015-08-28 22:30:57 -05:00
Brent Cook
b5002ca5ac update summary 2015-08-28 13:45:03 -05:00
Brent Cook
332b03c8b7 update Changelog for 2.2.3 2015-08-28 13:42:01 -05:00
Brent Cook
83e3f22710 replace remaining bash-only features in the update script 
We used to need more features, but as the Makefile.am's
stopped being dynamically generated, there is less need.
 2015-08-28 13:17:13 -05:00
Brent Cook
b3f22d85e5 VERSION is now generated 2015-08-28 13:17:13 -05:00
Brent Cook
ab1de85a42 update pc files to use the package version, not library ABI version 2015-08-28 13:17:13 -05:00
Brent Cook
cd16a21cab derive version numbers from VERSION files 2015-08-28 13:17:12 -05:00
Jeff Davey
9caf754a59 Add install targets and shared libraries to CMake 2015-08-28 13:17:12 -05:00
Brent Cook
2f2f08e60c update to pull from OPENBSD_5_8 2015-08-19 20:01:42 -05:00
kinichiro
9aa4e1d960 disable strict aliasing on HP-UX C/aC++ compiler 
to disable strict aliasing on HP-UX C/aC++, `+Otype_safety=off` is right.
`+Otype_safety=strong` forces ANSI aliasing.
 2015-08-04 19:08:42 +09:00
Brent Cook
03ba7b70b9 rebuild manpages on opensslv.h changes 2015-08-03 07:39:21 -05:00
Brent Cook
13d910c11e disable explicit_bzero optimizations with CMake builds 2015-08-03 07:37:24 -05:00
Brent Cook
3465c5105b update build information 2015-08-03 07:19:25 -05:00
Brent Cook
75b90b157c MSVC is not yet ready to build all of the tests 2015-08-03 07:05:40 -05:00
Brent Cook
c66d80a438 add win32-specific explicit_bzero implementation 2015-08-03 06:56:59 -05:00
Brent Cook
058e3ebe77 expand changelog, fix typo 2015-08-03 05:23:54 -05:00
Brent Cook
a6d5b32276 update release notes for 2.2.2 2015-08-02 23:42:48 -05:00
Brent Cook
6527c32039 initial Linux cmake suppport 
tested on Ubuntu 14.04
 2015-08-01 05:33:19 -05:00
Brent Cook
b521a76a46 disable current broken cmake tests 2015-07-22 11:42:34 -05:00
Brent Cook
dd0704b176 s/CMakeFiles/CMakeLists/, start porting test scripts 2015-07-22 11:40:16 -05:00
Brent Cook
a9b16c2d66 correct fallback err.h macro behavior 2015-07-22 09:00:38 -05:00
Brent Cook
a9122f74e0 add cmake tests 2015-07-21 22:21:14 -05:00
Brent Cook
3614acd62e tests aren't ready for cmake, skip for now 2015-07-21 20:01:00 -05:00
Brent Cook
1828bcb9bf don't build eng_rsax.c anymore 2015-07-21 20:00:42 -05:00
Brent Cook
9d5eb631e3 move sleep shim to posix_win.c 2015-07-21 12:52:29 -06:00
Brent Cook
63161e85dc add initial build for arc4random/getentropy fallbacks 2015-07-21 12:52:14 -06:00
Brent Cook
cbdc8ca820 tighten up compat include paths, fix glibc compatibility 2015-07-21 12:04:07 -06:00
Brent Cook
5d8a1cf715 add initial CMake and Visual Studio build support 
This moves the compatibility include files from include to
include/compat so we can use the awful MS C compiler
<../include/> trick to emulate the GNU #include_next extension.

This also removes a few old compat files we do not need anymore.
 2015-07-21 12:08:18 -05:00
Brent Cook
7a4a37cf59 remove generated version file 2015-07-20 01:09:00 -05:00
Brent Cook
792a5acb67 eng_rsax is gone 2015-07-20 01:08:01 -05:00
Brent Cook
998cdebf36 update man links 2015-07-19 10:41:00 -05:00
Brent Cook
a1a0f2c6e2 implement compatibility shim for __warn_references 
This will allow us to warn about deprecated function references at link-time.
 2015-07-17 16:54:23 -05:00
Brent Cook
fafc3e47f2 derive VERSION from opensslv.h from upstream 2015-07-16 17:52:50 -05:00
Scott Parker
0bab46dde2 patch headers to avoid redefinitions on windows 2015-07-16 13:09:42 -05:00
Brent Cook
b9291face3 disable strict aliasing on AIX xlc and HP-UX aC++ compilers 2015-07-16 11:34:07 -05:00
Brent Cook
ddeb740426 win32 openssl CLI: preserve original echo state 
Mirror the patch to ui_openssl.c, also fix the broken conditional that
made it not actually turn off echo in the first place.

ok guenther@
 2015-07-16 10:27:57 -05:00
Brent Cook
c1a162d83b disable strict aliasing by default, noticed by miod@ 2015-07-15 20:24:05 -05:00
Brent Cook
db974c34e9 fixup how OPENSSLDIR is derived and expanded 
As per
http://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Installation-Directory-Variables.html
we should not try to expand variables like sysconfdir in the
configure script, but rather derive the correct value in the Makefiles
instead. This fixes missing expansions as the preprocessor define.
 2015-07-15 20:02:38 -05:00
Brent Cook
4cffda193b build libcrypto with -DLIBRESSL_INTERNAL 
Since libcrypto defines its own CPPFLAGS, we need to set this for
libcrypto specifically.
 2015-07-15 19:17:27 -05:00
Brent Cook
c136688ad7 Land #107, improve default OPENSSLDIR install behavior 2015-07-12 22:15:04 -05:00
Brent Cook
e2903fcefc Land #105, fix changelog typo 2015-07-12 22:13:33 -05:00
Brent Cook
f1f3147aff bump version to 2.2.2 2015-07-12 22:12:55 -05:00
Brent Cook
bda20bd13f Improve automatic handling of OPENSSLDIR 
Install a default cert.pem, openssl.cnf, x509v3.cnf in OPENSSLDIR, which
is derived by default from sysconfdir and the prefix setting.
 2015-07-12 22:10:48 -05:00
vanderhoorn
1ff2f4bc7d Fix typo in the ChangeLog 
Embeded -> Embedded
 2015-07-09 17:50:53 +02:00
Brent Cook
83d07710b5 remove unused --with-enginesdir configuration parameter 2015-07-08 09:02:12 -05:00
Brent Cook
5d916a25d2 update and clarify windows versions 2015-07-08 08:56:01 -05:00
Brent Cook
c194be1009 release note update for 2.2.1 2015-07-02 17:49:51 -05:00
Brent Cook
8c6ed379eb add compatible version of arpa/nameser.h for Windows 2015-07-02 17:49:03 -05:00
Brent Cook
545454277a add check for inet_pton, nudge minimum win32 compat to 0x0501 2015-07-02 00:19:53 -05:00
Brent Cook
8414df69bc added 2.2.1 changes 2015-07-01 03:19:21 -05:00
Brent Cook
45a7a43997 ignore more imported test files 2015-06-29 23:05:09 -05:00
Brent Cook
b7f699ab34 add cipher_list test 2015-06-29 22:49:37 -05:00
Brent Cook
89880c2e3a link build status 2015-06-23 06:39:28 -05:00
Brent Cook
d83bdd41e7 include build status link 2015-06-23 06:38:00 -05:00
Brent Cook
b9f1b83a79 update for mdc2 removal 2015-06-20 10:40:04 -05:00
Brent Cook
b67c9460ba remove unneeded local tls.h patch 2015-06-19 02:09:27 -05:00
Brent Cook
9764453937 package README.md 2015-06-14 06:06:55 -05:00
Doug Hogan
7dcb02169a Rename to README.md and add markdown 
Since it's now a foreign project in automake, we can use github markdown
in the README.
 2015-06-13 23:11:08 -07:00
Brent Cook
407c7cd1f5 set 'foreign' flag in automake 
Avoid warnings about following GNU standards, since this is not a GNU
project. Thanks to Doug Hogan for pointing this out.
 2015-06-13 22:31:26 -05:00
Brent Cook
b091d23685 fix libtool 2.4.2 stack-protector flag handling 
Teach libtool 2.4.2 how to pass -fstack-protector* to the linker so
libssp is properly linked in on some toolchains. See upstream patch:
https://github.com/instantinfrastructure/poky-daisy/blob/master/meta/recipes-devtools/libtool/libtool/respect-fstack-protector.patch

Thanks to kinichiro inoguchi
 2015-06-13 22:26:58 -05:00
Brent Cook
bc7b93470f add a missing header and fix typo in windows posix layer 2015-06-13 21:43:55 -05:00
Brent Cook
06d034ceb0 bump version 2015-06-12 22:01:04 -05:00
Brent Cook
351b51613b add security update notes 2015-06-11 09:02:54 -05:00
Brent Cook
04a8eca5d3 always check if ssp needs to be linked 2015-06-11 08:47:12 -05:00
Brent Cook
cf0bcbd599 add OS-specific build notes 2015-06-11 06:26:20 -05:00
Brent Cook
aed0eee768 add libtls-standalone COPYING file 2015-06-05 22:35:29 -05:00
Brent Cook
88acad37ce return 1 on failure 2015-06-05 22:16:02 -05:00
Brent Cook
df703ada9f update changelog 2015-06-05 05:56:18 -05:00
Brent Cook
a224727702 update readme with supported OSes 2015-06-05 05:37:59 -05:00
Brent Cook
b4a6a61513 refactor win32 shims into posix_win.c 
this also adds a rename shim that allows overwrites
 2015-06-05 04:50:18 -05:00
Brent Cook
1d27b22e82 set stdin/out/err to binary mode on Windows 2015-06-05 04:50:18 -05:00
Brent Cook
b239fc25fc all file IO should be binary, auto-append the flag 2015-06-05 04:50:17 -05:00
Brent Cook
8eec2f485a use correct binary on native windows builds 2015-06-05 04:50:17 -05:00
Brent Cook
d5a09e199a update man links 2015-05-25 22:59:14 -05:00
Brent Cook
bc70c1c2c1 patch in std headers and C++ support for tls.h 2015-05-23 19:27:57 -05:00
Brent Cook
901ea927ce flesh out libtls test program a bit, move to tests 2015-05-23 19:27:57 -05:00
Brent Cook
1a369f0fd7 ship manpages with libtls-standalone 2015-05-23 19:27:57 -05:00
Brent Cook
edfc569005 fix definition of DISABLE_AS_EXECUTABLE_STACK 2015-05-23 19:27:57 -05:00
Brent Cook
d2faf2ed63 set the shared library version number 2015-05-23 19:27:57 -05:00
Brent Cook
189cdf7103 revert changes to libtls-standalone Makefile.am that ended up in tls 2015-05-23 19:27:57 -05:00
Brent Cook
8dedbb4b2b add Makefile.am.arc4random 2015-05-23 19:27:57 -05:00
Brent Cook
769d58e494 further refactoring, working libtls-standalone 2015-05-23 19:27:57 -05:00
Brent Cook
d3771a41cb refactor configure into separate m4 macros 
this allows for some reusability with libtls
 2015-05-23 19:27:57 -05:00
Brent Cook
28353c1df1 stub in initial libtls standalone tree 2015-05-23 19:26:51 -05:00
Dave Huseby
7de7605b95 adding support for bitrig 2015-05-14 15:32:27 -07:00
Brent Cook
134f323923 add branch coverage, skip coverage check of tests themselves 2015-05-07 07:56:19 -05:00
Brent Cook
abd0688b18 distcheck fixes 2015-05-06 22:53:28 -05:00
Brent Cook
51bfd4921a add app tests from regress/usr.bin/openssl 
These are added directly rather than imported by update.sh since they
require local modifications and its not worth breaking everyone's git
forks yet to import them through cvs2git.
 2015-05-06 22:39:32 -05:00
Brent Cook
91f01629b9 use the same gcc test for AIX as HP-UX 2015-04-27 08:26:22 -05:00
kinichiro
97c910ecfd modify for HP-UX build, choose correct CFLAGS for gcc. 2015-04-27 21:20:20 +09:00
Brent Cook
b0565945e4 use soft links for related man pages. 
This matches the behavior of OpenSSL's installer and prevents
hitting the max hard link limit on some file systems.
 2015-04-26 23:19:58 -05:00
Brent Cook
7dbc4ed363 remove unneeded check for sys/sysctl.h 2015-04-19 15:14:52 -05:00
Brent Cook
dcb97d12a4 use alternate cflags on AIX and HP-UX vendor compilers 2015-04-19 14:55:25 -05:00
Brent Cook
2753f5ca87 Revert configure-time checks for -Wall/-std=gnu99 
There is a problem with these on some compilers, revert while a solution
is found.
 2015-04-14 22:12:52 -05:00
Brent Cook
5cf05de18c make compiler checks for -Wall and -std=gnu99 
Yes, there are compilers that do not understand or need these.
 2015-04-14 08:45:47 -05:00
Brent Cook
3096ab0e45 remove issetuigid wrappers, now that all getenv calls are gone. 
From deraadt@ upstream:

Remove all getenv() calls, especially those wrapped by issetugid().
getenv()'s wrapped by issetugid() are safe, but issetugid() is ...
difficult to impliment on many operating systems.  By accident, a grand
experiment was run over the last year, where issetugid() returned 1 (the
safe value) on a few operating systems.  Noone noticed & complained that
certain environment variables were not working.......
 2015-04-14 07:55:23 -05:00
Brent Cook
fe3f7fc636 Add experimental AIX support. 
This includes a WIP failsafe issetugid for now, while research continues
on the proper way to do this in a race-free fashion in AIX.
 2015-03-31 09:25:21 -05:00
Brent Cook
20101fd6b3 avoid install failures on case-insensitive file systems 2015-03-31 08:36:21 -05:00
Brent Cook
273bd7bd61 Use mandoc database to get man links. 
Previously, we semi-manually grabbed the MLINKS from the libressl
Makefiles. The better way is to extract this information from the mandoc
link database files directly, allowing for MLINKS to eventually go away
upstream.
 2015-03-27 06:42:45 -05:00
Brent Cook
34bf96ce4b move define to CPPFLAGS 2015-03-22 08:14:27 -05:00
Brent Cook
569177eabd Merged support for using _OPENBSD_SOURCE on NetBSD 8.x 2015-03-22 08:11:53 -05:00
Brent Cook
cc3bdea44a copy remaining test harness dependencies 2015-03-22 08:03:02 -05:00
Brent Cook
a34d319f8d copy memmem.c on update 2015-03-22 07:53:18 -05:00
Brent Cook
ad2a38ab4a rework CFLAGS/CPPFLAGS settings during configuration 
Move define adjustments to CPPFLAGS.
Adjust user CFLAGS directly, do not override during configuration.
USER_CFLAGS is not necessary to build libcompat_noopt correctly.
 2015-03-22 07:43:55 -05:00
Brent Cook
809fcf4ea7 move clang flags adjustment next to the check, fix typo 2015-03-22 06:06:40 -05:00
Brent Cook
4106a08da9 check for build tools earlier in configuration 2015-03-22 06:06:40 -05:00
Brent Cook
989bc3e3ac the BIO_sock_init() patch is upstream. 2015-03-22 06:06:32 -05:00
Brent Cook
dcf31221ef Merge native cygwin support 2015-03-21 19:08:04 -05:00
Brent Cook
45065de1ba rework tests Makefile.am 
There are so many test exceptions that need handling that it is easier
to simply edit it directly rather than doing autogeneration anymore.

This also puts biotest and pidwraptest behind a new --enable-extratests
option, so they are easy to run but are not enabled by default.
 2015-03-21 19:04:54 -05:00
Brent Cook
4d122c0be6 set version to 2.2.0 on master 2015-03-19 10:28:54 -05:00
Brent Cook
df0c0cd146 update changelog for 2.1.6 2015-03-19 09:27:31 -05:00
Brent Cook
dd646a3302 enable libtls by default 
The API/ABI for the LibreSSL 2.1.x series is now fixed, so we can safely
enable libtls it by default. This is useful for new OpenNTPD and
OpenSMTPD releases as well.

ok deraadt@ beck@ sthen@
 2015-03-19 00:39:50 -05:00
Brent Cook
1d62b3be37 expand on changelog 2015-03-09 07:23:21 -05:00
Brent Cook
f5389343d6 use correct patch level 2015-03-09 07:23:21 -05:00
Brent Cook
14c53cd02c clarify 2.1.5 release note 
Specify that we are rejecting server ephemeral DH keys < 1024 bits.
 2015-03-08 22:37:04 -05:00
Brent Cook
ab0dea2321 update changelog for 2.1.5 2015-03-08 22:02:54 -05:00
Brent Cook
8dbe1d6257 bump version to 2.1.5 2015-03-08 22:02:54 -05:00
Brent Cook
73329d4311 update __STRICT_ALIGNMENT check 2015-03-08 22:02:54 -05:00
Brent Cook
f7e4e4a266 initialize winsock earlier in openssl(1) 
This allows commands like ocsp to work properly since we no longer
initialize Winsock as a side-effect of doing a BIO_gethostbyname.
 2015-03-08 22:02:54 -05:00
Brent Cook
031f0aaa8f specify -static-libgcc for mingw builds 
Avoid external external dependencies on 32-bit windows builds.
 2015-03-08 22:02:19 -05:00
Brent Cook
148aebdbb1 fix hangs reading stdin on Windows 2015-03-08 20:47:03 -05:00
Kamil Rytarowski
bbf021e11c Reuse _OPENBSD_SOURCE namespace on NetBSD (>=8.x) 2015-03-08 01:35:20 +00:00
Brent Cook
213eb9465e avoid doubling user-specified cflags 2015-03-07 12:02:57 -06:00
Corinna Vinschen
e38dc152d6 Allow to disable tests easily 
- Introduce the tests_disabled array, add biotest, explicit_bzero and
  pidwraptest.
- Add preceeding comment to explain why every test is skipped
- Rearrange loops generating Makefile.am dependencies to look for tests
  in tests_disabled first and skip them.

Signed-off-by: Corinna Vinschen <github@cygwin.de>
 2015-03-04 11:55:50 +01:00
Corinna Vinschen
9cad5993a2 Drop test for adding -lssp again, not required with latest libtool 
Signed-off-by: Corinna Vinschen <github@cygwin.de>
 2015-03-03 18:39:31 +01:00
Corinna Vinschen
98902539a4 Add preliminary Cygwin support 
Signed-off-by: Corinna Vinschen <github@cygwin.de>
 2015-03-03 16:37:23 +01:00
111 changed files with 6223 additions and 2100 deletions
Expand all files Collapse all files

169
.gitignore vendored
View File

@@ -45,13 +45,16 @@ Makefile.in
test-driver
*.log
*.trs
!tests/optionstest.c
tests/aes_wrap*
tests/arc4random_fork*
tests/cipher*
tests/explicit_bzero*
tests/gost2814789t*
tests/mont*
tests/timingsafe*
tests/*test
tests/tests.h
tests/*test.c
tests/memmem.c
tests/pbkdf2*
@@ -62,41 +65,39 @@ tests/*.txt
# ctags stuff
TAGS
## The initial / makes these files only get ignored in particular directories.
/autom4te.cache
autom4te.cache
# Libtool adds these, at least sometimes
INSTALL
/m4/libtool.m4
/m4/ltoptions.m4
/m4/ltsugar.m4
/m4/ltversion.m4
/m4/lt~obsolete.m4
/COPYING
!m4/check*.m4
m4/l*
/aclocal.m4
/compile
/doxygen
/config.guess
/config.log
/config.status
/config.sub
/configure
/depcomp
/config.h
/config.h.in
/install-sh
/libtool
/ltmain.sh
/missing
/stamp-h1
/stamp-h2
aclocal.m4
compile
doxygen
config.guess
config.log
config.status
config.sub
configure
depcomp
config.h
config.h.in
install-sh
libtool
ltmain.sh
missing
stamp-h1
stamp-h2
include/openssl/Makefile.am
tests/Makefile.am
VERSION
crypto/VERSION
ssl/VERSION
tls/VERSION
libtls-standalone/VERSION
ssl/*.c
ssl/*.h
@@ -105,98 +106,42 @@ tls/*.h
include/pqueue.h
include/tls.h
include/openssl/*.h
include/openssl/*.he
apps/*.h
apps/*.c
apps/openssl
apps/openssl.cnf
!apps/apps_win.c
!apps/poll_win.c
!apps/certhash_disabled.c
crypto/compat/arc4random.c
crypto/compat/chacha_private.h
crypto/compat/explicit_bzero.c
crypto/compat/getentropy_*.c
crypto/compat/reallocarray.c
crypto/compat/strlcat.c
crypto/compat/strlcpy.c
crypto/compat/strndup.c
crypto/compat/strnlen.c
crypto/compat/timingsafe_bcmp.c
crypto/compat/timingsafe_memcmp.c
crypto/compat/arc4random_*.h
!/apps/apps_win.c
!/apps/poll_win.c
!/apps/certhash_disabled.c
/apps/*.h
/apps/*.c
/apps/*.cnf
/apps/*.pem
/apps/openssl
!/crypto/Makefile.am.*
!/crypto/compat/arc4random.h
!/crypto/compat/b_win.c
!/crypto/compat/explicit_bzero_win.c
!/crypto/compat/posix_win.c
!/crypto/compat/bsd_asprintf.c
!/crypto/compat/inet_pton.c
!/crypto/compat/ui_openssl_win.c
!/crypto/CMakeLists.txt
/crypto
!/libtls-standalone/compat/Makefile.am
/libtls-standalone/include/*.h
/libtls-standalone/src/*.c
/libtls-standalone/src/*.h
/libtls-standalone/src
/libtls-standalone/tests/test
/libtls-standalone/compat
/libtls-standalone/VERSION
/libtls-standalone/m4
/libtls-standalone/man
crypto/aes/
crypto/asn1/
crypto/bf/
crypto/bio/
crypto/bn/
crypto/buffer/
crypto/camellia/
crypto/cast/
crypto/camellia/
crypto/chacha/
crypto/cmac/
crypto/comp/
crypto/conf/
crypto/cpt_err.c
crypto/cryptlib.c
crypto/cryptlib.h
crypto/cversion.c
crypto/des/
crypto/dh/
crypto/dsa/
crypto/dso/
crypto/ec/
crypto/ecdh/
crypto/ecdsa/
crypto/engine/
crypto/err/
crypto/evp/
crypto/ex_data.c
crypto/gost/
crypto/hmac/
crypto/idea/
crypto/krb5/
crypto/lhash/
crypto/malloc-wrapper.c
crypto/md32_common.h
crypto/md4/
crypto/md5/
crypto/mdc2/
crypto/mem_clr.c
crypto/mem_dbg.c
crypto/modes/
crypto/o_init.c
crypto/o_str.c
crypto/o_time.c
crypto/o_time.h
crypto/objects
crypto/ocsp/
crypto/pem/
crypto/pkcs12/
crypto/pkcs7/
crypto/poly1305/
crypto/pqueue/
crypto/rand/
crypto/rc2/
crypto/rc4/
crypto/ripemd/
crypto/rsa/
crypto/sha/
crypto/stack/
crypto/ts/
crypto/txt_db/
crypto/ui/
crypto/whrlpool/
crypto/x509/
crypto/x509v3/
openbsd/
*.tar.gz
apps/*.1*
man/*.3
man/*.1
man/Makefile.am
.gitmodules
COPYING

182
CMakeLists.txt Normal file
View File

@@ -0,0 +1,182 @@
cmake_minimum_required (VERSION 2.8)
include(CheckFunctionExists)
include(CheckLibraryExists)
include(CheckIncludeFiles)
project (LibreSSL)
enable_testing()
file(READ ${CMAKE_SOURCE_DIR}/ssl/VERSION SSL_VERSION)
string(STRIP ${SSL_VERSION} SSL_VERSION)
string(REPLACE ":" "." SSL_VERSION ${SSL_VERSION})
string(REGEX REPLACE "\\..*" "" SSL_MAJOR_VERSION ${SSL_VERSION})
file(READ ${CMAKE_SOURCE_DIR}/crypto/VERSION CRYPTO_VERSION)
string(STRIP ${CRYPTO_VERSION} CRYPTO_VERSION)
string(REPLACE ":" "." CRYPTO_VERSION ${CRYPTO_VERSION})
string(REGEX REPLACE "\\..*" "" CRYPTO_MAJOR_VERSION ${CRYPTO_VERSION})
file(READ ${CMAKE_SOURCE_DIR}/tls/VERSION TLS_VERSION)
string(STRIP ${TLS_VERSION} TLS_VERSION)
string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION})
string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})
if(CMAKE_SYSTEM_NAME MATCHES "OpenBSD")
add_definitions(-DHAVE_ATTRIBUTE__BOUNDED__)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
add_definitions(-D_DEFAULT_SOURCE)
add_definitions(-D_BSD_SOURCE)
add_definitions(-D_POSIX_SOURCE)
add_definitions(-D_GNU_SOURCE)
endif()
add_definitions(-DLIBRESSL_INTERNAL)
add_definitions(-DOPENSSL_NO_HW_PADLOCK)
add_definitions(-DOPENSSL_NO_ASM)
set(CMAKE_POSITION_INDEPENDENT_CODE true)
if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
add_definitions(-Wno-pointer-sign)
endif()
if(MSVC)
add_definitions(-Dinline=__inline)
add_definitions(-Drestrict)
add_definitions(-D_CRT_SECURE_NO_WARNINGS)
add_definitions(-D_CRT_DEPRECATED_NO_WARNINGS)
add_definitions(-D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS)
add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501)
add_definitions(-DCPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG -DNO_CRYPT)
set(MSVC_DISABLED_WARNINGS_LIST
"C4057" # C4057: 'initializing' : 'unsigned char *' differs in
# indirection to slightly different base types from 'char [2]'
"C4100" # 'exarg' : unreferenced formal parameter
"C4127" # conditional expression is constant
"C4242" # 'function' : conversion from 'int' to 'uint8_t',
# possible loss of data
"C4244" # 'function' : conversion from 'int' to 'uint8_t',
# possible loss of data
"C4706" # assignment within conditional expression
"C4820" # 'bytes' bytes padding added after construct 'member_name'
"C4996" # 'read': The POSIX name for this item is deprecated. Instead,
# use the ISO C++ conformant name: _read.
)
string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
${MSVC_DISABLED_WARNINGS_LIST})
set(CMAKE_C_FLAGS "-MP -W4 ${MSVC_DISABLED_WARNINGS_STR}")
endif()
check_function_exists(asprintf HAVE_ASPRINTF)
if(HAVE_ASPRINTF)
add_definitions(-DHAVE_ASPRINTF)
endif()
check_function_exists(inet_pton HAVE_INET_PTON)
if(HAVE_INET_PTON)
add_definitions(-DHAVE_INET_PTON)
endif()
check_function_exists(reallocarray HAVE_REALLOCARRAY)
if(HAVE_REALLOCARRAY)
add_definitions(-DHAVE_REALLOCARRAY)
endif()
check_function_exists(strcasecmp HAVE_STRCASECMP)
if(HAVE_STRCASECMP)
add_definitions(-DHAVE_STRCASECMP)
endif()
check_function_exists(strlcat HAVE_STRLCAT)
if(HAVE_STRLCAT)
add_definitions(-DHAVE_STRLCAT)
endif()
check_function_exists(strlcat HAVE_STRLCPY)
if(HAVE_STRLCPY)
add_definitions(-DHAVE_STRLCPY)
endif()
check_function_exists(strndup HAVE_STRNDUP)
if(HAVE_STRNDUP)
add_definitions(-DHAVE_STRNDUP)
endif()
if(MSVC)
set(HAVE_STRNLEN)
add_definitions(-DHAVE_STRNLEN)
else()
check_function_exists(strnlen HAVE_STRNLEN)
if(HAVE_STRNLEN)
add_definitions(-DHAVE_STRNLEN)
endif()
endif()
check_function_exists(strsep HAVE_STRSEP)
if(HAVE_STRSEP)
add_definitions(-DHAVE_STRSEP)
endif()
check_function_exists(arc4random_buf HAVE_ARC4RANDOM_BUF)
if(HAVE_ARC4RANDOM_BUF)
add_definitions(-DHAVE_ARC4RANDOM_BUF)
endif()
check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
if(HAVE_EXPLICIT_BZERO)
add_definitions(-DHAVE_EXPLICIT_BZERO)
endif()
check_function_exists(getauxval HAVE_GETAUXVAL)
if(HAVE_GETAUXVAL)
add_definitions(-DHAVE_GETAUXVAL)
endif()
check_function_exists(getentropy HAVE_GETENTROPY)
if(HAVE_GETENTROPY)
add_definitions(-DHAVE_GETENTROPY)
endif()
check_function_exists(timingsafe_bcmp HAVE_TIMINGSAFE_BCMP)
if(HAVE_TIMINGSAFE_BCMP)
add_definitions(-DHAVE_TIMINGSAFE_BCMP)
endif()
check_function_exists(timingsafe_memcmp HAVE_TIMINGSAFE_MEMCMP)
if(HAVE_MEMCMP)
add_definitions(-DHAVE_MEMCMP)
endif()
check_include_files(err.h HAVE_ERR_H)
if(HAVE_ERR_H)
add_definitions(-DHAVE_ERR_H)
endif()
set(OPENSSL_LIBS ssl crypto)
if(CMAKE_HOST_WIN32)
set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME)
if (HAVE_CLOCK_GETTIME)
set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
endif()
endif()
if(NOT (CMAKE_SYSTEM_NAME MATCHES "Darwin" OR MSVC))
set(BUILD_SHARED true)
endif()
add_subdirectory(crypto)
add_subdirectory(ssl)
add_subdirectory(apps)
add_subdirectory(tls)
add_subdirectory(include)
if(NOT MSVC)
add_subdirectory(man)
add_subdirectory(tests)
endif()

192
ChangeLog
View File

@@ -28,6 +28,198 @@ history is also available from Git.
LibreSSL Portable Release Notes:
2.2.9 - Security fix
* Correct a problem that prevents the DSA signing algorithm from
running in constant time even if the flag BN_FLG_CONSTTIME is set.
This issue was reported by Cesar Pereida (Aalto University), Billy
Brumley (Tampere University of Technology), and Yuval Yarom (The
University of Adelaide and NICTA). The fix was developed by Cesar
Pereida. See OpenBSD 5.8 errata 17, June 6, 2016
2.2.8 - Reliability fix
* Fixed an error in libcrypto when parsing some ASN.1 elements > 16k.
2.2.7 - Security Update
* Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.
From OpenSSL.
2.2.6 - Security Update
* Deprecated the SSL_OP_SINGLE_DH_USE flag.
2.2.5 - Reliability Update
* Fixes from OpenSSL 1.0.1q
- CVE-2015-3194 - NULL pointer dereference in client side certificate
validation.
- CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL
* The following OpenSSL CVEs did not apply to LibreSSL
- CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery
squaring procedure.
- CVE-2015-3196 - Double free race condition of the identify hint
data.
See https://marc.info/?l=openbsd-announce&m=144925068504102
2.2.4 - Build and bug fixes
* Backported build fixes for CMake on Windows, OSX and Linux
* Fixes for a memory leak and out-of-bounds access in OBJ_obj2txt
reported by Qualys Security.
- CVE-2015-5333 - memory leak in OBJ_obj2txt
- CVE-2015-5334 - 1-byte buffer overflow in OBJ_obj2txt
See http://www.openwall.com/lists/oss-security/2015/10/16/1
2.2.3 - Bug fixes, build enhancements
* LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
include TLS extensions, resulting in such handshakes being aborted.
This release corrects the handling of such messages. Thanks to
Ligushka from github for reporting the issue.
* Added install target for cmake builds. Thanks to TheNietsnie from
github.
* Updated pkgconfig files to correctly report the release version
number, not the individual library ABI version numbers. Thanks to
Jan Engelhardt for reporting the issue.
2.2.2 - More TLS parser rework, bug fixes, expanded portable build support
* Switched 'openssl dhparam' default from 512 to 2048 bits
* Reworked openssl(1) option handling
* More CRYPTO ByteString (CBC) packet parsing conversions
* Fixed 'openssl pkeyutl -verify' to exit with a 0 on success
* Fixed dozens of Coverity issues including dead code, memory leaks,
logic errors and more.
* Ensure that openssl(1) restores terminal echo state after reading a
password.
* Incorporated fix for OpenSSL Issue #3683
* LibreSSL version define LIBRESSL_VERSION_NUMBER will now be bumped
for each portable release.
* Removed workarounds for TLS client padding bugs.
* No longer disable ECDHE-ECDSA on OS X
* Removed SSLv3 support from openssl(1)
* Removed IE 6 SSLv3 workarounds.
* Modified tls_write in libtls to allow partial writes, clarified with
examples in the documentation.
* Removed RSAX engine
* Tested SSLv3 removal with the OpenBSD ports tree and found several
applications that were not ready to build without SSLv3 yet. For
now, building a program that intentionally uses SSLv3 will result in
a linker warning.
* Added TLS_method, TLS_client_method and TLS_server_method as a
replacement for the SSLv23_*method calls.
* Added initial cmake build support, including support for building with
Visual Studio, currently tested with Visual Studio 2013 Community
Edition.
* --with-enginesdir is removed as a configuration parameter
* Default cert.pem, openssl.cnf, and x509v3.cnf files are now
installed under $sysconfdir/ssl or the directory specified by
--with-openssldir. Previous versions of LibreSSL left these empty.
2.2.1 - Build fixes, feature added, features removed
* Assorted build fixes for musl, HP-UX, Mingw, Solaris.
* Initial support for Windows Embedded 2009, Server 2003, XP
* Protocol parsing conversions to BoringSSL's CRYPTO ByteString (CBS) API
* Added EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL
* Removed Dynamic Engine support
* Removed unused and obsolete MDC-2DES cipher
* Removed workarounds for obsolete SSL implementations
2.2.0 - Build cleanups and new OS support, Security Updates
* AIX Support - thanks to Michael Felt
* Cygwin Support - thanks to Corinna Vinschen
* Refactored build macros, support packaging libtls independently.
There are more pieces required to support building and using OpenSSL
with libtls, but this is an initial start at providing an
independent package for people to start hacking on.
* Removal of OPENSSL_issetugid and all library getenv calls.
Applications can and should no longer rely on environment variables
for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still
supported with the openssl(1) command.
* libtls API and documentation additions
* Various bug fixes and simplifications to libssl and libcrypto
* Fixes for the following issues are integrated into LibreSSL 2.2.0:
- CVE-2015-1788 - Malformed ECParameters causes infinite loop
- CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
- CVE-2015-1792 - CMS verify infinite loop with unknown hash function
* The following CVEs did not apply to LibreSSL or were fixed in
earlier releases:
- CVE-2015-4000 - DHE man-in-the-middle protection (Logjam)
- CVE-2015-1790 - PKCS7 crash with missing EnvelopedContent
- CVE-2014-8176 - Invalid free in DTLS
* Fixes for the following CVEs are still in review for LibreSSL
- CVE-2015-1791 - Race condition handling NewSessionTicket
2.1.6 - Security update
* Fixes for the following issues are integrated into LibreSSL 2.1.6:
- CVE-2015-0209 - Use After Free following d2i_ECPrivatekey error
- CVE-2015-0286 - Segmentation fault in ASN1_TYPE_cmp
- CVE-2015-0287 - ASN.1 structure reuse memory corruption
- CVE-2015-0288 - X509_to_X509_REQ NULL pointer deref
- CVE-2015-0289 - PKCS7 NULL pointer dereferences
* The fix for CVE-2015-0207 - Segmentation fault in DTLSv1_listen
is integrated for safety, but LibreSSL is not vulnerable.
* Libtls is now built by default. The --enable-libtls
configuration option is no longer required.
The libtls API is now stable for the 2.1.x series.
2.1.5 - Bug fixes and a security update
* Fix incorrect comparison function in openssl(1) certhash command.
Thanks to Christian Neukirchen / Void Linux.
* Windows port improvements and bug fixes.
- Removed a dependency on libgcc in 32-bit dynamic libraries.
- Correct a hang in openssl(1) reading from stdin on an connection.
- Initialize winsock in openssl(1) earlier, allow 'openssl ocsp' and
any other network-related commands to function properly.
* Reject all server DH keys smaller than 1024 bits.
2.1.4 - Security and feature updates
* Improvements to libtls:
- a new API for loading CA chains directly from memory instead of a

9
Makefile.am
View File

@@ -2,10 +2,7 @@ SUBDIRS = crypto ssl tls include apps tests man
ACLOCAL_AMFLAGS = -I m4
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libcrypto.pc libssl.pc openssl.pc
pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc
if ENABLE_LIBTLS
pkgconfig_DATA += libtls.pc
endif
EXTRA_DIST = README README.windows VERSION config scripts
EXTRA_DIST = README.md README.windows VERSION config scripts
EXTRA_DIST += CMakeLists.txt

4
Makefile.am.common
View File

@@ -1,2 +1,2 @@
AM_CPPFLAGS = -I$(top_srcdir)/include
AM_CPPFLAGS += -DLIBRESSL_INTERNAL
AM_CFLAGS =
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL

2
OPENBSD_BRANCH
View File

@@ -1 +1 @@
master
OPENBSD_5_8

50
README
View File

@@ -1,50 +0,0 @@
This package is the official portable version of LibreSSL
(http://www.libressl.org).
LibreSSL is a fork of OpenSSL developed by the OpenBSD project
(http://www.openbsd.org). LibreSSL is developed on OpenBSD. This
package then adds portability shims for other operating systems.
Official release tarballs are available at your friendly neighborhood
OpenBSD mirror in directory LibreSSL, e.g.:
http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
although we suggest that you use a mirror:
http://www.openbsd.org/ftp.html
The LibreSSL portable build framework is also mirrored in Github:
https://github.com/libressl-portable/portable
Please report bugs either to tech@openbsd.org, or to the github issue tracker:
https://github.com/libressl-portable/portable/issues
If you have checked this source using Git, follow these initial steps to
prepare the source tree for building:
1. ensure you have the following packages installed:
automake, autoconf, bash, git, libtool, perl, pod2man
2. run './autogen.sh' to prepare the source tree for building
or run './dist.sh' to prepare a tarball.
Once you have a source tree from Git or FTP, run these commands to build and
install the package:
./configure # see ./configure --help for configuration options
make check # runs builtin unit tests
make install # set DESTDIR= to install to an alternate location
The resulting library and 'openssl' utility is largely API-compatible with
OpenSSL 1.0.1. However, it is not ABI compatible - you will need to relink your
programs to LibreSSL in order to use it, just as in moving from OpenSSL 0.9.8
to 1.0.1.
The project attempts to provide working alternatives for operating systems with
limited or broken security primitives (e.g. arc4random(3), issetugid(2)) and
assists with improving OS-native implementations where possible.
LibreSSL portable will build on any reasonably modern version of Linux,
Solaris, or OSX with a standards-compliant compiler and C library.

133
README.md Normal file
View File

@@ -0,0 +1,133 @@
![LibreSSL image](http://www.libressl.org/images/libressl.jpg)
## Official portable version of [LibreSSL](http://www.libressl.org) ##
[![Build Status](https://travis-ci.org/libressl-portable/portable.svg?branch=master)](https://travis-ci.org/libressl-portable/portable)
LibreSSL is a fork of [OpenSSL](https://www.openssl.org) 1.0.1g developed by the
[OpenBSD](http://www.openbsd.org) project. Our goal is to modernize the codebase,
improve security, and apply best practice development processes from OpenBSD.
## Compatibility with OpenSSL: ##
LibreSSL is API compatible with OpenSSL 1.0.1, but does not yet include all
new APIs from OpenSSL 1.0.2 and later. LibreSSL also includes APIs not yet
present in OpenSSL. The current common API subset is OpenSSL 1.0.1.
LibreSSL is not ABI compatible with any release of OpenSSL, or necessarily
earlier releases of LibreSSL. You will need to relink your programs to
LibreSSL in order to use it, just as in moving between major versions of OpenSSL.
LibreSSL's installed library version numbers are incremented to account for
ABI and API changes.
## Compatibility with other operating systems: ##
While primarily developed on and taking advantage of APIs available on OpenBSD,
the LibreSSL portable project attempts to provide working alternatives for
other operating systems, and assists with improving OS-native implementations
where possible.
At the time of this writing, LibreSSL is know to build and work on:
* Linux (kernel 3.17 or later recommended)
* FreeBSD (tested with 9.2 and later)
* NetBSD (tested with 6.1.5)
* HP-UX (11i)
* Solaris (11 and later preferred)
* Mac OS X (tested with 10.8 and later)
* AIX (5.3 and later)
LibreSSL also supports the following Windows environments:
* Microsoft Windows (XP or higher, x86 and x64)
* Wine (32-bit and 64-bit)
* Builds with Mingw-w64, Cygwin, and Visual Studio
Official release tarballs are available at your friendly neighborhood
OpenBSD mirror in directory
[LibreSSL](http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/),
although we suggest that you use a [mirror](http://www.openbsd.org/ftp.html).
The LibreSSL portable build framework is also
[mirrored](https://github.com/libressl-portable/portable) in Github.
Please report bugs either to the public libressl@openbsd.org mailing list,
or to the github
[issue tracker](https://github.com/libressl-portable/portable/issues)
Severe vulnerabilities or bugs requiring coordination with OpenSSL can be
sent to the core team at libressl-security@openbsd.org.
## Prerequisites when building from git ##
If you have checked this source using Git, follow these initial steps to
prepare the source tree for building:
1. Ensure you have the following packages installed:
automake, autoconf, git, libtool, perl, pod2man
2. Run './autogen.sh' to prepare the source tree for building or
run './dist.sh' to prepare a tarball.
## Building LibreSSL ##
Once you have a source tree from Git or FTP, run these commands to build and
install the package on most systems:
```sh
./configure # see ./configure --help for configuration options
make check # runs builtin unit tests
make install # set DESTDIR= to install to an alternate location
```
If you wish to use the CMake build system, use these commands:
```sh
mkdir build
cd build
cmake ..
make
make test
```
For faster builds, you can use Ninja as well:
```sh
mkdir build-ninja
cd build-ninja
cmake -G"Ninja" ..
ninja
ninja test
```
### OS specific build information: ###
#### HP-UX (11i) ####
Set the UNIX_STD environment variable to '2003' before running 'configure'
in order to build with the HP C/aC++ compiler. See the "standards(5)" man
page for more details.
```sh
export UNIX_STD=2003
./configure
make
```
#### Windows - Mingw-w64 ####
LibreSSL builds against relatively recent versions of Mingw-w64, not to be
confused with the original mingw.org project. Mingw-w64 3.2 or later
should work. See README.windows for more information
#### Windows - Visual Studio ####
LibreSSL builds using the CMake target "Visual Studio 12 2013", and may build
against older/newer targets as well. To generate a Visual Studio project,
install CMake, enter the LibreSSL source directory and run:
```sh
mkdir build-vs2013
cd build-vs2013
cmake -G"Visual Studio 12 2013" ..
```
This will generate a LibreSSL.sln file that you can incorporate into other
projects or build by itself.

15
README.windows
View File

@@ -6,9 +6,8 @@ GCC or Clang as the compiler. Contrary to its name, mingw-w64 supports both
then LibreSSL should integrate very nicely. Old versions of the mingw-w64
toolchain, such as the one packaged with Ubuntu 12.04, may have trouble
building LibreSSL. Please try it with a recent toolchain if you encounter
troubles. If you are building under Cygwin, only builds with the mingw-w64
compiler are supported, though you can easily use Cygwin to drive the build
process.
troubles. Cygwin provides an easy method of installing the latest mingw-w64
cross compilers on Windows.
To configure and build LibreSSL for a 32-bit system, use the following
build steps:
@@ -36,5 +35,11 @@ cv2pdb to generate Visual Studio and windbg compatible debug files. cv2pdb is a
tool developed for the D language and can be found here:
https://github.com/rainers/cv2pdb
Pre-build Windows binaries are available with the LibreSSL release for your
convenience.
Pre-built Windows binaries are available with LibreSSL releases if you do not
have a mingw-w64 build environment. Mingw-w64 code is largely, but not 100%,
compatible with code built from Visual Studio. Notably, FILE * pointers cannot
be shared between code built for Mingw-w64 and Visual Studio.
As of LibreSSL 2.2.2, Visual Studio Native builds can be produced using CMake.
This produces ABI-compatible libraries for linking with native code generated
by Visual Studio.

1
VERSION
View File

@@ -1 +0,0 @@
2.1.4

81
apps/CMakeLists.txt Normal file
View File

@@ -0,0 +1,81 @@
include_directories(
.
../include
../include/compat
)
set(
OPENSSL_SRC
apps.c
asn1pars.c
ca.c
ciphers.c
cms.c
crl.c
crl2p7.c
dgst.c
dh.c
dhparam.c
dsa.c
dsaparam.c
ec.c
ecparam.c
enc.c
engine.c
errstr.c
gendh.c
gendsa.c
genpkey.c
genrsa.c
nseq.c
ocsp.c
openssl.c
passwd.c
pkcs12.c
pkcs7.c
pkcs8.c
pkey.c
pkeyparam.c
pkeyutl.c
prime.c
rand.c
req.c
rsa.c
rsautl.c
s_cb.c
s_client.c
s_server.c
s_socket.c
s_time.c
sess_id.c
smime.c
speed.c
spkac.c
ts.c
verify.c
version.c
x509.c
)
if(CMAKE_HOST_UNIX)
set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c)
set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c)
endif()
if(CMAKE_HOST_WIN32)
set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} certhash_disabled.c)
set(OPENSSL_SRC ${OPENSSL_SRC} poll_win.c)
endif()
check_function_exists(strtonum HAVE_STRTONUM)
if(HAVE_STRTONUM)
add_definitions(-DHAVE_STRTONUM)
else()
set(OPENSSL_SRC ${OPENSSL_SRC} strtonum.c)
endif()
add_executable(openssl ${OPENSSL_SRC})
target_link_libraries(openssl ${OPENSSL_LIBS})
install(TARGETS openssl DESTINATION bin)

34
apps/Makefile.am
View File

@@ -2,7 +2,6 @@ include $(top_srcdir)/Makefile.am.common
bin_PROGRAMS = openssl
openssl_CFLAGS = $(USER_CFLAGS)
openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
openssl_LDADD += $(top_builddir)/ssl/libssl.la
openssl_LDADD += $(top_builddir)/crypto/libcrypto.la
@@ -85,4 +84,35 @@ noinst_HEADERS += s_apps.h
noinst_HEADERS += testdsa.h
noinst_HEADERS += testrsa.h
noinst_HEADERS += timeouts.h
noinst_HEADERS += openssl.cnf
EXTRA_DIST = cert.pem
EXTRA_DIST += openssl.cnf
EXTRA_DIST += x509v3.cnf
EXTRA_DIST += CMakeLists.txt
install-exec-hook:
@if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
else \
OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
fi; \
mkdir -p "$$OPENSSLDIR/certs"; \
for i in cert.pem openssl.cnf x509v3.cnf; do \
if [ ! -f "$$OPENSSLDIR/$i" ]; then \
$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
else \
echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
fi \
done
uninstall-local:
@if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
else \
OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
fi; \
for i in cert.pem openssl.cnf x509v3.cnf; do \
if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
rm -f "$$OPENSSLDIR/$$i"; \
fi \
done

39
apps/poll_win.c
View File

@@ -44,6 +44,8 @@ conn_has_oob_data(int fd)
static int
is_socket(int fd)
{
if (fd < 3)
return 0;
WSANETWORKEVENTS events;
return (WSAEnumNetworkEvents((SOCKET)fd, NULL, &events) == 0);
}
@@ -160,10 +162,6 @@ poll(struct pollfd *pfds, nfds_t nfds, int timeout_ms)
nfds_t i;
int timespent_ms, looptime_ms;
#define FD_IS_SOCKET (1 << 0)
int fd_state[FD_SETSIZE];
int num_fds;
/*
* select machinery
*/
@@ -190,14 +188,12 @@ poll(struct pollfd *pfds, nfds_t nfds, int timeout_ms)
FD_ZERO(&rfds);
FD_ZERO(&wfds);
FD_ZERO(&efds);
num_fds = 0;
num_sockets = 0;
num_handles = 0;
for (i = 0; i < nfds; i++) {
if ((int)pfds[i].fd < 0) {
if ((int)pfds[i].fd < 0)
continue;
}
if (is_socket(pfds[i].fd)) {
if (num_sockets >= FD_SETSIZE) {
@@ -205,8 +201,6 @@ poll(struct pollfd *pfds, nfds_t nfds, int timeout_ms)
return -1;
}
fd_state[num_fds] = FD_IS_SOCKET;
FD_SET(pfds[i].fd, &efds);
if (pfds[i].events &
@@ -229,8 +223,6 @@ poll(struct pollfd *pfds, nfds_t nfds, int timeout_ms)
handles[num_handles++] =
(HANDLE)_get_osfhandle(pfds[i].fd);
}
num_fds++;
}
/*
@@ -254,21 +246,22 @@ poll(struct pollfd *pfds, nfds_t nfds, int timeout_ms)
* than simply triggering if there is space available.
*/
timespent_ms = 0;
wait_rc = 0;
wait_rc = WAIT_FAILED;
if (timeout_ms < 0) {
if (timeout_ms < 0)
timeout_ms = INFINITE;
}
looptime_ms = timeout_ms > 100 ? 100 : timeout_ms;
do {
struct timeval tv = {0, looptime_ms * 1000};
int handle_signaled = 0;
/*
* Check if any file handles have signaled
*/
if (num_handles) {
wait_rc = WaitForMultipleObjects(num_handles, handles, FALSE, 0);
wait_rc = WaitForMultipleObjects(num_handles, handles,
FALSE, 0);
if (wait_rc == WAIT_FAILED) {
/*
* The documentation for WaitForMultipleObjects
@@ -285,18 +278,20 @@ poll(struct pollfd *pfds, nfds_t nfds, int timeout_ms)
/*
* If we signaled on a file handle, don't wait on the sockets.
*/
if (wait_rc >= WAIT_OBJECT_0)
if (wait_rc >= WAIT_OBJECT_0 &&
(wait_rc <= WAIT_OBJECT_0 + num_handles - 1)) {
tv.tv_usec = 0;
handle_signaled = 1;
}
/*
* Check if any sockets have signaled
*/
rc = select(0, &rfds, &wfds, &efds, &tv);
if (rc == SOCKET_ERROR) {
if (!handle_signaled && rc == SOCKET_ERROR)
return wsa_select_errno(WSAGetLastError());
}
if (wait_rc >= WAIT_OBJECT_0 || (num_sockets && rc > 0))
if (handle_signaled || (num_sockets && rc > 0))
break;
timespent_ms += looptime_ms;
@@ -305,14 +300,14 @@ poll(struct pollfd *pfds, nfds_t nfds, int timeout_ms)
rc = 0;
num_handles = 0;
num_fds = 0;
for (i = 0; i < nfds; i++) {
pfds[i].revents = 0;
if ((int)pfds[i].fd < 0)
continue;
if (fd_state[num_fds] & FD_IS_SOCKET) {
if (is_socket(pfds[i].fd)) {
pfds[i].revents = compute_select_revents(pfds[i].fd,
pfds[i].events, &rfds, &wfds, &efds);
@@ -323,8 +318,6 @@ poll(struct pollfd *pfds, nfds_t nfds, int timeout_ms)
num_handles++;
}
num_fds++;
if (pfds[i].revents)
rc++;
}

5
autogen.sh
View File

@@ -4,3 +4,8 @@ set -e
./update.sh
mkdir -p m4
autoreconf -i -f
# Patch libtool 2.4.2 to pass -fstack-protector as a linker argument
sed 's/-fuse-linker-plugin)/-fuse-linker-plugin|-fstack-protector*)/' \
ltmain.sh > ltmain.sh.fixed
mv -f ltmain.sh.fixed ltmain.sh

345
configure.ac
View File

@@ -1,317 +1,115 @@
# Copyright (c) 2014-2015 Brent Cook
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([libressl], m4_esyscmd([tr -d '\n' < VERSION]))
AC_SUBST([LIBCRYPTO_VERSION], m4_esyscmd([tr -d '\n' < crypto/VERSION]))
AC_SUBST([LIBSSL_VERSION], m4_esyscmd([tr -d '\n' < ssl/VERSION]))
AC_SUBST([LIBTLS_VERSION], m4_esyscmd([tr -d '\n' < tls/VERSION]))
AC_CANONICAL_HOST
AM_INIT_AUTOMAKE([subdir-objects])
AM_INIT_AUTOMAKE([subdir-objects foreign])
AC_CONFIG_MACRO_DIR([m4])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
AC_SUBST([USER_CFLAGS], "-O2 $CFLAGS")
CFLAGS="$CFLAGS -Wall -std=gnu99 -g"
case $host_os in
*darwin*)
HOST_OS=darwin
HOST_ABI=macosx
;;
*freebsd*)
HOST_OS=freebsd
HOST_ABI=elf
AC_SUBST([PROG_LDADD], ['-lthr'])
;;
*hpux*)
HOST_OS=hpux;
CFLAGS="$CFLAGS -mlp64 -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
AC_SUBST([PLATFORM_LDADD], ['-lpthread'])
;;
*linux*)
HOST_OS=linux
HOST_ABI=elf
CFLAGS="$CFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
;;
*netbsd*)
HOST_OS=netbsd
;;
*openbsd*)
HOST_ABI=elf
AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
;;
*mingw*)
HOST_OS=win
CFLAGS="$CFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600 -DOPENSSL_NO_SPEED -DNO_SYSLOG -D__USE_MINGW_ANSI_STDIO"
AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
;;
*solaris*)
HOST_OS=solaris
HOST_ABI=elf
CFLAGS="$CFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
;;
*) ;;
esac
AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin])
AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
AM_CONDITIONAL([HOST_HPUX], [test x$HOST_OS = xhpux])
AM_CONDITIONAL([HOST_LINUX], [test x$HOST_OS = xlinux])
AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd])
AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
AM_CONDITIONAL([HOST_WIN], [test x$HOST_OS = xwin])
AC_CHECK_FUNC([clock_gettime],,
[AC_SEARCH_LIBS([clock_gettime],[rt posix4])])
AC_CHECK_FUNC([dl_iterate_phdr],,
[AC_SEARCH_LIBS([dl_iterate_phdr],[dl])])
# This must be saved before AC_PROG_CC
USER_CFLAGS="$CFLAGS"
AC_PROG_CC
AC_PROG_LIBTOOL
AC_PROG_CC_STDC
AM_PROG_CC_C_O
AC_PROG_LIBTOOL
LT_INIT
AC_MSG_CHECKING([if compiling with clang])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
#ifndef __clang__
not clang
#endif
]])],
[CLANG=yes],
[CLANG=no]
)
AC_MSG_RESULT([$CLANG])
AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments])
CHECK_OS_OPTIONS
# We want to check for compiler flag support. Prior to clang v5.1, there was no
# way to make clang's "argument unused" warning fatal. So we invoke the
# compiler through a wrapper script that greps for this message.
saved_CC="$CC"
saved_LD="$LD"
flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
CC="$flag_wrap $CC"
LD="$flag_wrap $LD"
CHECK_C_HARDENING_OPTIONS
AC_ARG_ENABLE([hardening],
[AS_HELP_STRING([--disable-hardening],
[Disable options to frustrate memory corruption exploits])],
[], [enable_hardening=yes])
AC_ARG_ENABLE([windows-ssp],
[AS_HELP_STRING([--enable-windows-ssp],
[Enable building the stack smashing protection on
Windows. This currently distributing libssp-0.dll.])])
AC_DEFUN([CHECK_CFLAG], [
AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $saved_CC supports "$1"])
old_cflags="$CFLAGS"
CFLAGS="$1 -Wall -Werror"
AC_TRY_LINK([
#include <stdio.h>
],
[printf("Hello")],
AC_MSG_RESULT([yes])
CFLAGS=$old_cflags
HARDEN_CFLAGS="$HARDEN_CFLAGS $1",
AC_MSG_RESULT([no])
CFLAGS=$old_cflags
[$2])
])
AC_DEFUN([CHECK_LDFLAG], [
AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $saved_LD supports "$1"])
old_ldflags="$LDFLAGS"
LDFLAGS="$1 -Wall -Werror"
AC_TRY_LINK([
#include <stdio.h>
],
[printf("Hello")],
AC_MSG_RESULT([yes])
LDFLAGS=$old_ldflags
HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1",
AC_MSG_RESULT([no])
LDFLAGS=$old_ldflags
[$2])
])
AS_IF([test "x$enable_hardening" = "xyes"], [
# Tell GCC to NOT optimize based on signed arithmetic overflow
CHECK_CFLAG([[-fno-strict-overflow]])
# _FORTIFY_SOURCE replaces builtin functions with safer versions.
CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
# Enable read only relocations
CHECK_LDFLAG([[-Wl,-z,relro]])
CHECK_LDFLAG([[-Wl,-z,now]])
# Windows security flags
AS_IF([test "x$HOST_OS" = "xwin"], [
CHECK_LDFLAG([[-Wl,--nxcompat]])
CHECK_LDFLAG([[-Wl,--dynamicbase]])
CHECK_LDFLAG([[-Wl,--high-entropy-va]])
])
# Use stack-protector-strong if available; if not, fallback to
# stack-protector-all which is considered to be overkill
AS_IF([test "x$enable_windows_ssp" = "xyes" -o "x$HOST_OS" != "xwin"], [
CHECK_CFLAG([[-fstack-protector-strong]],
CHECK_CFLAG([[-fstack-protector-all]],
AC_MSG_WARN([compiler does not appear to support stack protection])
)
)
AS_IF([test "x$HOST_OS" = "xwin"], [
AC_SEARCH_LIBS([__stack_chk_guard],[ssp])
])
])
])
# Restore CC, LD
CC="$saved_CC"
LD="$saved_LD"
CFLAGS="$CFLAGS $HARDEN_CFLAGS"
LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
# Removing the dependency on -Wno-pointer-sign should be a goal
save_cflags="$CFLAGS"
CFLAGS=-Wno-pointer-sign
AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[AM_CFLAGS=-Wno-pointer-sign],
[AC_MSG_RESULT([no])]
)
CFLAGS="$save_cflags $AM_CFLAGS"
save_cflags="$CFLAGS"
CFLAGS=
AC_MSG_CHECKING([whether AS supports .note.GNU-stack])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
__asm__(".section .note.GNU-stack,\"\",@progbits");]])],
[AC_MSG_RESULT([yes])]
[AM_CFLAGS=-DHAVE_GNU_STACK],
[AC_MSG_RESULT([no])]
)
CFLAGS="$save_cflags $AM_CFLAGS"
DISABLE_AS_EXECUTABLE_STACK
AM_PROG_AS
CFLAGS="$CFLAGS $CLANG_CFLAGS"
LDFLAGS="$LDFLAGS $CLANG_FLAGS"
DISABLE_COMPILER_WARNINGS
AC_CHECK_FUNCS([arc4random_buf asprintf explicit_bzero funopen getauxval])
AC_CHECK_FUNCS([getentropy issetugid memmem poll reallocarray])
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
# Check if the certhash command should be built
AC_CHECK_FUNCS([symlink])
AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
# Share test results with automake
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
AM_CONDITIONAL([HAVE_ISSETUGID], [test "x$ac_cv_func_issetugid" = xyes])
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes])
# overrides for arc4random_buf implementations with known issues
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
[test "x$HOST_OS" != xdarwin \
-a "x$HOST_OS" != xfreebsd \
-a "x$HOST_OS" != xnetbsd \
-a "x$ac_cv_func_arc4random_buf" = xyes])
# Check if funopen exists
AC_CHECK_FUNC([funopen])
# overrides for issetugid implementations with known issues
AM_CONDITIONAL([HAVE_ISSETUGID],
[test "x$HOST_OS" != xdarwin \
-a "x$ac_cv_func_issetugid" = xyes])
CHECK_LIBC_COMPAT
CHECK_LIBC_CRYPTO_COMPAT
CHECK_VA_COPY
AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <stdarg.h>
va_list x,y;
]], [[ va_copy(x,y); ]])],
[ ac_cv_have_va_copy="yes" ],
[ ac_cv_have_va_copy="no"
])
])
if test "x$ac_cv_have_va_copy" = "xyes" ; then
AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
fi
AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <stdarg.h>
va_list x,y;
]], [[ __va_copy(x,y); ]])],
[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
])
])
if test "x$ac_cv_have___va_copy" = "xyes" ; then
AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
fi
AC_CHECK_HEADERS([sys/sysctl.h err.h])
AC_CHECK_HEADERS([err.h])
AC_ARG_WITH([openssldir],
AS_HELP_STRING([--with-openssldir],
[Set the default openssl directory]),
AC_DEFINE_UNQUOTED(OPENSSLDIR, "$withval")
OPENSSLDIR="$withval"
AC_SUBST(OPENSSLDIR)
)
AM_CONDITIONAL([OPENSSLDIR_DEFINED], [test x$with_openssldir != x])
AC_ARG_WITH([enginesdir],
AS_HELP_STRING([--with-enginesdir],
[Set the default engines directory (use with openssldir)]),
AC_DEFINE_UNQUOTED(ENGINESDIR, "$withval")
)
AC_ARG_ENABLE([extratests],
AS_HELP_STRING([--enable-extratests], [Enable extra tests that may be unreliable on some platforms]))
AM_CONDITIONAL([ENABLE_EXTRATESTS], [test "x$enable_extratests" = xyes])
# Add CPU-specific alignment flags
old_cflags=$CFLAGS
CFLAGS="$CFLAGS -I$srcdir/include"
AC_MSG_CHECKING([if BSWAP4 builds without __STRICT_ALIGNMENT])
AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"],
[int a = 0; BSWAP4(a);],
AC_MSG_RESULT([yes])
BSWAP4=yes,
AC_MSG_RESULT([no])
BSWAP4=no)
CFLAGS="$old_cflags"
case $host_cpu in
*sparc*)
CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT"
;;
*arm*)
AS_IF([test "x$BSWAP4" = "xyes"],,
CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT")
;;
esac
AC_MSG_CHECKING([if .gnu.warning accepts long strings])
AC_LINK_IFELSE([AC_LANG_SOURCE([[
extern void SSLv3_method();
__asm__(".section .gnu.warning.SSLv3_method; .ascii \"SSLv3_method is insecure\" ; .text");
int main() {return 0;}
]])], [
AC_DEFINE(HAS_GNU_WARNING_LONG, 1, [Define if .gnu.warning accepts long strings.])
AC_MSG_RESULT(yes)
], [
AC_MSG_RESULT(no)
])
AC_ARG_ENABLE([asm],
AS_HELP_STRING([--disable-asm], [Disable assembly]))
AM_CONDITIONAL([OPENSSL_NO_ASM], [test "x$enable_asm" = "xno"])
old_cflags=$CFLAGS
CFLAGS="$old_cflags -I$srcdir/include"
AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"],
[int a = 0; BSWAP4(a);],
BSWAP4=yes, BSWAP4=no)
CFLAGS="$old_cflags"
case $host_cpu in
*sparc*)
CFLAGS="$CFLAGS -D__STRICT_ALIGNMENT"
;;
*arm*)
AS_IF([test "x$BSWAP4" = "xyes"],,
CFLAGS="$old_cflags -D__STRICT_ALIGNMENT")
;;
esac
# Conditionally enable assembly by default
AM_CONDITIONAL([HOST_ASM_ELF_X86_64],
[test "x$HOST_ABI" = "xelf" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
AM_CONDITIONAL([HOST_ASM_MACOSX_X86_64],
[test "x$HOST_ABI" = "xmacosx" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
AC_ARG_ENABLE([libtls],
AS_HELP_STRING([--enable-libtls], [Enable building the libtls library]))
AM_CONDITIONAL([ENABLE_LIBTLS], [test "x$enable_libtls" = xyes])
AM_COND_IF([ENABLE_LIBTLS], [AC_CONFIG_FILES([libtls.pc])])
LT_INIT
AC_CONFIG_FILES([
Makefile
include/Makefile
@@ -324,6 +122,7 @@ AC_CONFIG_FILES([
man/Makefile
libcrypto.pc
libssl.pc
libtls.pc
openssl.pc
])

653
crypto/CMakeLists.txt Normal file
View File

@@ -0,0 +1,653 @@
include_directories(
.
../include
../include/compat
asn1
dsa
evp
modes
)
set(
CRYPTO_SRC
aes/aes_cbc.c
aes/aes_core.c
camellia/camellia.c
camellia/cmll_cbc.c
rc4/rc4_enc.c
rc4/rc4_skey.c
whrlpool/wp_block.c
cpt_err.c
cryptlib.c
cversion.c
ex_data.c
malloc-wrapper.c
mem_clr.c
mem_dbg.c
o_init.c
o_str.c
o_time.c
aes/aes_cfb.c
aes/aes_ctr.c
aes/aes_ecb.c
aes/aes_ige.c
aes/aes_misc.c
aes/aes_ofb.c
aes/aes_wrap.c
asn1/a_bitstr.c
asn1/a_bool.c
asn1/a_bytes.c
asn1/a_d2i_fp.c
asn1/a_digest.c
asn1/a_dup.c
asn1/a_enum.c
asn1/a_gentm.c
asn1/a_i2d_fp.c
asn1/a_int.c
asn1/a_mbstr.c
asn1/a_object.c
asn1/a_octet.c
asn1/a_print.c
asn1/a_set.c
asn1/a_sign.c
asn1/a_strex.c
asn1/a_strnid.c
asn1/a_time.c
asn1/a_type.c
asn1/a_utctm.c
asn1/a_utf8.c
asn1/a_verify.c
asn1/ameth_lib.c
asn1/asn1_err.c
asn1/asn1_gen.c
asn1/asn1_lib.c
asn1/asn1_par.c
asn1/asn_mime.c
asn1/asn_moid.c
asn1/asn_pack.c
asn1/bio_asn1.c
asn1/bio_ndef.c
asn1/d2i_pr.c
asn1/d2i_pu.c
asn1/evp_asn1.c
asn1/f_enum.c
asn1/f_int.c
asn1/f_string.c
asn1/i2d_pr.c
asn1/i2d_pu.c
asn1/n_pkey.c
asn1/nsseq.c
asn1/p5_pbe.c
asn1/p5_pbev2.c
asn1/p8_pkey.c
asn1/t_bitst.c
asn1/t_crl.c
asn1/t_pkey.c
asn1/t_req.c
asn1/t_spki.c
asn1/t_x509.c
asn1/t_x509a.c
asn1/tasn_dec.c
asn1/tasn_enc.c
asn1/tasn_fre.c
asn1/tasn_new.c
asn1/tasn_prn.c
asn1/tasn_typ.c
asn1/tasn_utl.c
asn1/x_algor.c
asn1/x_attrib.c
asn1/x_bignum.c
asn1/x_crl.c
asn1/x_exten.c
asn1/x_info.c
asn1/x_long.c
asn1/x_name.c
asn1/x_nx509.c
asn1/x_pkey.c
asn1/x_pubkey.c
asn1/x_req.c
asn1/x_sig.c
asn1/x_spki.c
asn1/x_val.c
asn1/x_x509.c
asn1/x_x509a.c
bf/bf_cfb64.c
bf/bf_ecb.c
bf/bf_enc.c
bf/bf_ofb64.c
bf/bf_skey.c
bio/b_dump.c
bio/b_print.c
bio/b_sock.c
bio/bf_buff.c
bio/bf_nbio.c
bio/bf_null.c
bio/bio_cb.c
bio/bio_err.c
bio/bio_lib.c
bio/bss_acpt.c
bio/bss_bio.c
bio/bss_conn.c
bio/bss_dgram.c
bio/bss_fd.c
bio/bss_file.c
bio/bss_mem.c
bio/bss_null.c
bio/bss_sock.c
bn/bn_add.c
bn/bn_asm.c
bn/bn_blind.c
bn/bn_const.c
bn/bn_ctx.c
bn/bn_depr.c
bn/bn_div.c
bn/bn_err.c
bn/bn_exp.c
bn/bn_exp2.c
bn/bn_gcd.c
bn/bn_gf2m.c
bn/bn_kron.c
bn/bn_lib.c
bn/bn_mod.c
bn/bn_mont.c
bn/bn_mpi.c
bn/bn_mul.c
bn/bn_nist.c
bn/bn_prime.c
bn/bn_print.c
bn/bn_rand.c
bn/bn_recp.c
bn/bn_shift.c
bn/bn_sqr.c
bn/bn_sqrt.c
bn/bn_word.c
bn/bn_x931p.c
buffer/buf_err.c
buffer/buf_str.c
buffer/buffer.c
camellia/cmll_cfb.c
camellia/cmll_ctr.c
camellia/cmll_ecb.c
camellia/cmll_misc.c
camellia/cmll_ofb.c
cast/c_cfb64.c
cast/c_ecb.c
cast/c_enc.c
cast/c_ofb64.c
cast/c_skey.c
chacha/chacha.c
cmac/cm_ameth.c
cmac/cm_pmeth.c
cmac/cmac.c
comp/c_rle.c
comp/c_zlib.c
comp/comp_err.c
comp/comp_lib.c
conf/conf_api.c
conf/conf_def.c
conf/conf_err.c
conf/conf_lib.c
conf/conf_mall.c
conf/conf_mod.c
conf/conf_sap.c
des/cbc_cksm.c
des/cbc_enc.c
des/cfb64ede.c
des/cfb64enc.c
des/cfb_enc.c
des/des_enc.c
des/ecb3_enc.c
des/ecb_enc.c
des/ede_cbcm_enc.c
des/enc_read.c
des/enc_writ.c
des/fcrypt.c
des/fcrypt_b.c
des/ofb64ede.c
des/ofb64enc.c
des/ofb_enc.c
des/pcbc_enc.c
des/qud_cksm.c
des/rand_key.c
des/set_key.c
des/str2key.c
des/xcbc_enc.c
dh/dh_ameth.c
dh/dh_asn1.c
dh/dh_check.c
dh/dh_depr.c
dh/dh_err.c
dh/dh_gen.c
dh/dh_key.c
dh/dh_lib.c
dh/dh_pmeth.c
dh/dh_prn.c
dsa/dsa_ameth.c
dsa/dsa_asn1.c
dsa/dsa_depr.c
dsa/dsa_err.c
dsa/dsa_gen.c
dsa/dsa_key.c
dsa/dsa_lib.c
dsa/dsa_ossl.c
dsa/dsa_pmeth.c
dsa/dsa_prn.c
dsa/dsa_sign.c
dsa/dsa_vrf.c
dso/dso_dlfcn.c
dso/dso_err.c
dso/dso_lib.c
dso/dso_null.c
dso/dso_openssl.c
ec/ec2_mult.c
ec/ec2_oct.c
ec/ec2_smpl.c
ec/ec_ameth.c
ec/ec_asn1.c
ec/ec_check.c
ec/ec_curve.c
ec/ec_cvt.c
ec/ec_err.c
ec/ec_key.c
ec/ec_lib.c
ec/ec_mult.c
ec/ec_oct.c
ec/ec_pmeth.c
ec/ec_print.c
ec/eck_prn.c
ec/ecp_mont.c
ec/ecp_nist.c
ec/ecp_oct.c
ec/ecp_smpl.c
ecdh/ech_err.c
ecdh/ech_key.c
ecdh/ech_lib.c
ecdh/ech_ossl.c
ecdsa/ecs_asn1.c
ecdsa/ecs_err.c
ecdsa/ecs_lib.c
ecdsa/ecs_ossl.c
ecdsa/ecs_sign.c
ecdsa/ecs_vrf.c
engine/eng_all.c
engine/eng_cnf.c
engine/eng_ctrl.c
engine/eng_dyn.c
engine/eng_err.c
engine/eng_fat.c
engine/eng_init.c
engine/eng_lib.c
engine/eng_list.c
engine/eng_openssl.c
engine/eng_pkey.c
engine/eng_table.c
engine/tb_asnmth.c
engine/tb_cipher.c
engine/tb_dh.c
engine/tb_digest.c
engine/tb_dsa.c
engine/tb_ecdh.c
engine/tb_ecdsa.c
engine/tb_pkmeth.c
engine/tb_rand.c
engine/tb_rsa.c
engine/tb_store.c
err/err.c
err/err_all.c
err/err_prn.c
evp/bio_b64.c
evp/bio_enc.c
evp/bio_md.c
evp/c_all.c
evp/digest.c
evp/e_aes.c
evp/e_aes_cbc_hmac_sha1.c
evp/e_bf.c
evp/e_camellia.c
evp/e_cast.c
evp/e_chacha.c
evp/e_chacha20poly1305.c
evp/e_des.c
evp/e_des3.c
evp/e_gost2814789.c
evp/e_idea.c
evp/e_null.c
evp/e_old.c
evp/e_rc2.c
evp/e_rc4.c
evp/e_rc4_hmac_md5.c
evp/e_xcbc_d.c
evp/encode.c
evp/evp_aead.c
evp/evp_enc.c
evp/evp_err.c
evp/evp_key.c
evp/evp_lib.c
evp/evp_pbe.c
evp/evp_pkey.c
evp/m_dss.c
evp/m_dss1.c
evp/m_ecdsa.c
evp/m_gost2814789.c
evp/m_gostr341194.c
evp/m_md4.c
evp/m_md5.c
evp/m_null.c
evp/m_ripemd.c
evp/m_sha.c
evp/m_sha1.c
evp/m_sigver.c
evp/m_streebog.c
evp/m_wp.c
evp/names.c
evp/p5_crpt.c
evp/p5_crpt2.c
evp/p_dec.c
evp/p_enc.c
evp/p_lib.c
evp/p_open.c
evp/p_seal.c
evp/p_sign.c
evp/p_verify.c
evp/pmeth_fn.c
evp/pmeth_gn.c
evp/pmeth_lib.c
gost/gost2814789.c
gost/gost89_keywrap.c
gost/gost89_params.c
gost/gost89imit_ameth.c
gost/gost89imit_pmeth.c
gost/gost_asn1.c
gost/gost_err.c
gost/gostr341001.c
gost/gostr341001_ameth.c
gost/gostr341001_key.c
gost/gostr341001_params.c
gost/gostr341001_pmeth.c
gost/gostr341194.c
gost/streebog.c
hmac/hm_ameth.c
hmac/hm_pmeth.c
hmac/hmac.c
idea/i_cbc.c
idea/i_cfb64.c
idea/i_ecb.c
idea/i_ofb64.c
idea/i_skey.c
krb5/krb5_asn.c
lhash/lh_stats.c
lhash/lhash.c
md4/md4_dgst.c
md4/md4_one.c
md5/md5_dgst.c
md5/md5_one.c
modes/cbc128.c
modes/ccm128.c
modes/cfb128.c
modes/ctr128.c
modes/cts128.c
modes/gcm128.c
modes/ofb128.c
modes/xts128.c
objects/o_names.c
objects/obj_dat.c
objects/obj_err.c
objects/obj_lib.c
objects/obj_xref.c
ocsp/ocsp_asn.c
ocsp/ocsp_cl.c
ocsp/ocsp_err.c
ocsp/ocsp_ext.c
ocsp/ocsp_ht.c
ocsp/ocsp_lib.c
ocsp/ocsp_prn.c
ocsp/ocsp_srv.c
ocsp/ocsp_vfy.c
pem/pem_all.c
pem/pem_err.c
pem/pem_info.c
pem/pem_lib.c
pem/pem_oth.c
pem/pem_pk8.c
pem/pem_pkey.c
pem/pem_seal.c
pem/pem_sign.c
pem/pem_x509.c
pem/pem_xaux.c
pem/pvkfmt.c
pkcs12/p12_add.c
pkcs12/p12_asn.c
pkcs12/p12_attr.c
pkcs12/p12_crpt.c
pkcs12/p12_crt.c
pkcs12/p12_decr.c
pkcs12/p12_init.c
pkcs12/p12_key.c
pkcs12/p12_kiss.c
pkcs12/p12_mutl.c
pkcs12/p12_npas.c
pkcs12/p12_p8d.c
pkcs12/p12_p8e.c
pkcs12/p12_utl.c
pkcs12/pk12err.c
pkcs7/bio_pk7.c
pkcs7/pk7_asn1.c
pkcs7/pk7_attr.c
pkcs7/pk7_doit.c
pkcs7/pk7_lib.c
pkcs7/pk7_mime.c
pkcs7/pk7_smime.c
pkcs7/pkcs7err.c
poly1305/poly1305.c
rand/rand_err.c
rand/rand_lib.c
rand/randfile.c
rc2/rc2_cbc.c
rc2/rc2_ecb.c
rc2/rc2_skey.c
rc2/rc2cfb64.c
rc2/rc2ofb64.c
ripemd/rmd_dgst.c
ripemd/rmd_one.c
rsa/rsa_ameth.c
rsa/rsa_asn1.c
rsa/rsa_chk.c
rsa/rsa_crpt.c
rsa/rsa_depr.c
rsa/rsa_eay.c
rsa/rsa_err.c
rsa/rsa_gen.c
rsa/rsa_lib.c
rsa/rsa_none.c
rsa/rsa_oaep.c
rsa/rsa_pk1.c
rsa/rsa_pmeth.c
rsa/rsa_prn.c
rsa/rsa_pss.c
rsa/rsa_saos.c
rsa/rsa_sign.c
rsa/rsa_ssl.c
rsa/rsa_x931.c
sha/sha1_one.c
sha/sha1dgst.c
sha/sha256.c
sha/sha512.c
sha/sha_dgst.c
sha/sha_one.c
stack/stack.c
ts/ts_asn1.c
ts/ts_conf.c
ts/ts_err.c
ts/ts_lib.c
ts/ts_req_print.c
ts/ts_req_utils.c
ts/ts_rsp_print.c
ts/ts_rsp_sign.c
ts/ts_rsp_utils.c
ts/ts_rsp_verify.c
ts/ts_verify_ctx.c
txt_db/txt_db.c
ui/ui_err.c
ui/ui_lib.c
ui/ui_util.c
whrlpool/wp_dgst.c
x509/by_dir.c
x509/by_file.c
x509/by_mem.c
x509/x509_att.c
x509/x509_cmp.c
x509/x509_d2.c
x509/x509_def.c
x509/x509_err.c
x509/x509_ext.c
x509/x509_lu.c
x509/x509_obj.c
x509/x509_r2x.c
x509/x509_req.c
x509/x509_set.c
x509/x509_trs.c
x509/x509_txt.c
x509/x509_v3.c
x509/x509_vfy.c
x509/x509_vpm.c
x509/x509cset.c
x509/x509name.c
x509/x509rset.c
x509/x509spki.c
x509/x509type.c
x509/x_all.c
x509v3/pcy_cache.c
x509v3/pcy_data.c
x509v3/pcy_lib.c
x509v3/pcy_map.c
x509v3/pcy_node.c
x509v3/pcy_tree.c
x509v3/v3_akey.c
x509v3/v3_akeya.c
x509v3/v3_alt.c
x509v3/v3_bcons.c
x509v3/v3_bitst.c
x509v3/v3_conf.c
x509v3/v3_cpols.c
x509v3/v3_crld.c
x509v3/v3_enum.c
x509v3/v3_extku.c
x509v3/v3_genn.c
x509v3/v3_ia5.c
x509v3/v3_info.c
x509v3/v3_int.c
x509v3/v3_lib.c
x509v3/v3_ncons.c
x509v3/v3_ocsp.c
x509v3/v3_pci.c
x509v3/v3_pcia.c
x509v3/v3_pcons.c
x509v3/v3_pku.c
x509v3/v3_pmaps.c
x509v3/v3_prn.c
x509v3/v3_purp.c
x509v3/v3_skey.c
x509v3/v3_sxnet.c
x509v3/v3_utl.c
x509v3/v3err.c
)
if(CMAKE_HOST_UNIX)
set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_posix.c)
set(CRYPTO_SRC ${CRYPTO_SRC} bio/bss_log.c)
set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl.c)
endif()
if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_win.c)
set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl_win.c)
endif()
if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/posix_win.c)
endif()
if(NOT HAVE_ASPRINTF)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/bsd-asprintf.c)
endif()
if(NOT HAVE_INET_PTON)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/inet_pton.c)
endif()
if(NOT HAVE_REALLOCARRAY)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/reallocarray.c)
endif()
if(NOT HAVE_STRCASECMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strcasecmp.c)
endif()
if(NOT HAVE_STRLCAT)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcat.c)
endif()
if(NOT HAVE_STRLCPY)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcpy.c)
endif()
if(NOT HAVE_STRNDUP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strndup.c)
if(NOT HAVE_STRNLEN)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strnlen.c)
endif()
endif()
if(NOT HAVE_EXPLICIT_BZERO)
if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero_win.c)
else()
set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero.c)
set_source_files_properties(compat/explicit_bzero.c PROPERTIES COMPILE_FLAGS -O0)
endif()
endif()
if(NOT HAVE_ARC4RANDOM_BUF)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random.c)
if(NOT HAVE_GETENTROPY)
if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_win.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "AIX")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "Linux")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_netbsd.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "Darwin")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_darwin.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_solaris.c)
endif()
endif()
endif()
if(NOT HAVE_TIMINGSAFE_BCMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c)
endif()
if(NOT HAVE_TIMINGSAFE_MEMCMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c)
endif()
if (BUILD_SHARED)
add_library(crypto-objects OBJECT ${CRYPTO_SRC})
add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>)
add_library(crypto-shared SHARED $<TARGET_OBJECTS:crypto-objects>)
set_target_properties(crypto-shared PROPERTIES OUTPUT_NAME crypto)
set_target_properties(crypto-shared PROPERTIES VERSION
${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
install(TARGETS crypto crypto-shared DESTINATION lib)
else()
add_library(crypto STATIC ${CRYPTO_SRC})
install(TARGETS crypto DESTINATION lib)
endif()

91
crypto/Makefile.am
View File

@@ -3,23 +3,35 @@ include $(top_srcdir)/Makefile.am.common
AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I$(top_srcdir)/crypto
lib_LTLIBRARIES = libcrypto.la
EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
# needed for a CMake target
EXTRA_DIST += compat/strcasecmp.c
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la
libcrypto_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
libcrypto_la_CFLAGS += -DOPENSSL_NO_HW_PADLOCK
libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS)
libcrypto_la_CPPFLAGS += -DLIBRESSL_INTERNAL
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_HW_PADLOCK
if OPENSSL_NO_ASM
libcrypto_la_CFLAGS += -DOPENSSL_NO_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_ASM
else
if HOST_WIN
libcrypto_la_CFLAGS += -DOPENSSL_NO_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_ASM
endif
endif
if OPENSSLDIR_DEFINED
libcrypto_la_CPPFLAGS += -DOPENSSLDIR=\"@OPENSSLDIR@\"
else
libcrypto_la_CPPFLAGS += -DOPENSSLDIR=\"$(sysconfdir)/ssl\"
endif
noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
# compatibility functions that need to be built without optimizations
@@ -27,11 +39,14 @@ libcompatnoopt_la_CFLAGS = -O0
libcompatnoopt_la_SOURCES =
if !HAVE_EXPLICIT_BZERO
if HOST_WIN
libcompatnoopt_la_SOURCES += compat/explicit_bzero_win.c
else
libcompatnoopt_la_SOURCES += compat/explicit_bzero.c
endif
endif
# other compatibility functions
libcompat_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
libcompat_la_SOURCES =
libcompat_la_LIBADD = $(PLATFORM_LDADD)
@@ -55,6 +70,10 @@ if !HAVE_ASPRINTF
libcompat_la_SOURCES += compat/bsd-asprintf.c
endif
if !HAVE_INET_PTON
libcompat_la_SOURCES += compat/inet_pton.c
endif
if !HAVE_REALLOCARRAY
libcompat_la_SOURCES += compat/reallocarray.c
endif
@@ -67,60 +86,11 @@ if !HAVE_TIMINGSAFE_BCMP
libcompat_la_SOURCES += compat/timingsafe_bcmp.c
endif
if !HAVE_ARC4RANDOM_BUF
libcompat_la_SOURCES += compat/arc4random.c
if !HAVE_GETENTROPY
if HOST_FREEBSD
libcompat_la_SOURCES += compat/getentropy_freebsd.c
endif
if HOST_HPUX
libcompat_la_SOURCES += compat/getentropy_hpux.c
endif
if HOST_LINUX
libcompat_la_SOURCES += compat/getentropy_linux.c
endif
if HOST_NETBSD
libcompat_la_SOURCES += compat/getentropy_netbsd.c
endif
if HOST_DARWIN
libcompat_la_SOURCES += compat/getentropy_osx.c
endif
if HOST_SOLARIS
libcompat_la_SOURCES += compat/getentropy_solaris.c
endif
if HOST_WIN
libcompat_la_SOURCES += compat/getentropy_win.c
endif
libcompat_la_SOURCES += compat/posix_win.c
endif
endif
if !HAVE_ISSETUGID
if HOST_LINUX
libcompat_la_SOURCES += compat/issetugid_linux.c
endif
if HOST_HPUX
libcompat_la_SOURCES += compat/issetugid_hpux.c
endif
if HOST_DARWIN
libcompat_la_SOURCES += compat/issetugid_osx.c
endif
if HOST_WIN
libcompat_la_SOURCES += compat/issetugid_win.c
endif
endif
noinst_HEADERS =
noinst_HEADERS += compat/arc4random.h
noinst_HEADERS += compat/arc4random_freebsd.h
noinst_HEADERS += compat/arc4random_hpux.h
noinst_HEADERS += compat/arc4random_linux.h
noinst_HEADERS += compat/arc4random_netbsd.h
noinst_HEADERS += compat/arc4random_osx.h
noinst_HEADERS += compat/arc4random_solaris.h
noinst_HEADERS += compat/arc4random_win.h
noinst_HEADERS += compat/chacha_private.h
include Makefile.am.arc4random
libcrypto_la_SOURCES =
EXTRA_libcrypto_la_SOURCES =
@@ -150,6 +120,7 @@ libcrypto_la_SOURCES += mem_dbg.c
libcrypto_la_SOURCES += o_init.c
libcrypto_la_SOURCES += o_str.c
libcrypto_la_SOURCES += o_time.c
noinst_HEADERS += constant_time_locl.h
noinst_HEADERS += cryptlib.h
noinst_HEADERS += md32_common.h
noinst_HEADERS += o_time.h
@@ -276,7 +247,9 @@ libcrypto_la_SOURCES += bio/bss_conn.c
libcrypto_la_SOURCES += bio/bss_dgram.c
libcrypto_la_SOURCES += bio/bss_fd.c
libcrypto_la_SOURCES += bio/bss_file.c
if !HOST_WIN
libcrypto_la_SOURCES += bio/bss_log.c
endif
libcrypto_la_SOURCES += bio/bss_mem.c
libcrypto_la_SOURCES += bio/bss_null.c
libcrypto_la_SOURCES += bio/bss_sock.c
@@ -473,7 +446,6 @@ libcrypto_la_SOURCES += engine/eng_lib.c
libcrypto_la_SOURCES += engine/eng_list.c
libcrypto_la_SOURCES += engine/eng_openssl.c
libcrypto_la_SOURCES += engine/eng_pkey.c
libcrypto_la_SOURCES += engine/eng_rsax.c
libcrypto_la_SOURCES += engine/eng_table.c
libcrypto_la_SOURCES += engine/tb_asnmth.c
libcrypto_la_SOURCES += engine/tb_cipher.c
@@ -531,7 +503,6 @@ libcrypto_la_SOURCES += evp/m_gost2814789.c
libcrypto_la_SOURCES += evp/m_gostr341194.c
libcrypto_la_SOURCES += evp/m_md4.c
libcrypto_la_SOURCES += evp/m_md5.c
libcrypto_la_SOURCES += evp/m_mdc2.c
libcrypto_la_SOURCES += evp/m_null.c
libcrypto_la_SOURCES += evp/m_ripemd.c
libcrypto_la_SOURCES += evp/m_sha.c
@@ -603,10 +574,6 @@ libcrypto_la_SOURCES += md5/md5_dgst.c
libcrypto_la_SOURCES += md5/md5_one.c
noinst_HEADERS += md5/md5_locl.h
# mdc2
libcrypto_la_SOURCES += mdc2/mdc2_one.c
libcrypto_la_SOURCES += mdc2/mdc2dgst.c
# modes
libcrypto_la_SOURCES += modes/cbc128.c
libcrypto_la_SOURCES += modes/ccm128.c

45
crypto/Makefile.am.arc4random Normal file
View File

@@ -0,0 +1,45 @@
if !HAVE_ARC4RANDOM_BUF
libcompat_la_SOURCES += compat/arc4random.c
if !HAVE_GETENTROPY
if HOST_AIX
libcompat_la_SOURCES += compat/getentropy_aix.c
endif
if HOST_FREEBSD
libcompat_la_SOURCES += compat/getentropy_freebsd.c
endif
if HOST_HPUX
libcompat_la_SOURCES += compat/getentropy_hpux.c
endif
if HOST_LINUX
libcompat_la_SOURCES += compat/getentropy_linux.c
endif
if HOST_NETBSD
libcompat_la_SOURCES += compat/getentropy_netbsd.c
endif
if HOST_DARWIN
libcompat_la_SOURCES += compat/getentropy_osx.c
endif
if HOST_SOLARIS
libcompat_la_SOURCES += compat/getentropy_solaris.c
endif
if HOST_WIN
libcompat_la_SOURCES += compat/getentropy_win.c
endif
endif
endif
noinst_HEADERS =
noinst_HEADERS += compat/arc4random.h
noinst_HEADERS += compat/arc4random_aix.h
noinst_HEADERS += compat/arc4random_freebsd.h
noinst_HEADERS += compat/arc4random_hpux.h
noinst_HEADERS += compat/arc4random_linux.h
noinst_HEADERS += compat/arc4random_netbsd.h
noinst_HEADERS += compat/arc4random_osx.h
noinst_HEADERS += compat/arc4random_solaris.h
noinst_HEADERS += compat/arc4random_win.h
noinst_HEADERS += compat/chacha_private.h

30
crypto/Makefile.am.elf-x86_64
View File

@@ -22,20 +22,20 @@ ASM_X86_64_ELF += cpuid-elf-x86_64.S
EXTRA_DIST += $(ASM_X86_64_ELF)
if HOST_ASM_ELF_X86_64
libcrypto_la_CFLAGS += -DAES_ASM
libcrypto_la_CFLAGS += -DBSAES_ASM
libcrypto_la_CFLAGS += -DVPAES_ASM
libcrypto_la_CFLAGS += -DOPENSSL_IA32_SSE2
libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT
libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT5
libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_GF2m
libcrypto_la_CFLAGS += -DMD5_ASM
libcrypto_la_CFLAGS += -DGHASH_ASM
libcrypto_la_CFLAGS += -DRSA_ASM
libcrypto_la_CFLAGS += -DSHA1_ASM
libcrypto_la_CFLAGS += -DSHA256_ASM
libcrypto_la_CFLAGS += -DSHA512_ASM
libcrypto_la_CFLAGS += -DWHIRLPOOL_ASM
libcrypto_la_CFLAGS += -DOPENSSL_CPUID_OBJ
libcrypto_la_CPPFLAGS += -DAES_ASM
libcrypto_la_CPPFLAGS += -DBSAES_ASM
libcrypto_la_CPPFLAGS += -DVPAES_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_IA32_SSE2
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT5
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_GF2m
libcrypto_la_CPPFLAGS += -DMD5_ASM
libcrypto_la_CPPFLAGS += -DGHASH_ASM
libcrypto_la_CPPFLAGS += -DRSA_ASM
libcrypto_la_CPPFLAGS += -DSHA1_ASM
libcrypto_la_CPPFLAGS += -DSHA256_ASM
libcrypto_la_CPPFLAGS += -DSHA512_ASM
libcrypto_la_CPPFLAGS += -DWHIRLPOOL_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_CPUID_OBJ
libcrypto_la_SOURCES += $(ASM_X86_64_ELF)
endif

30
crypto/Makefile.am.macosx-x86_64
View File

@@ -22,20 +22,20 @@ ASM_X86_64_MACOSX += cpuid-macosx-x86_64.S
EXTRA_DIST += $(ASM_X86_64_MACOSX)
if HOST_ASM_MACOSX_X86_64
libcrypto_la_CFLAGS += -DAES_ASM
libcrypto_la_CFLAGS += -DBSAES_ASM
libcrypto_la_CFLAGS += -DVPAES_ASM
libcrypto_la_CFLAGS += -DOPENSSL_IA32_SSE2
libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT
libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT5
libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_GF2m
libcrypto_la_CFLAGS += -DMD5_ASM
libcrypto_la_CFLAGS += -DGHASH_ASM
libcrypto_la_CFLAGS += -DRSA_ASM
libcrypto_la_CFLAGS += -DSHA1_ASM
libcrypto_la_CFLAGS += -DSHA256_ASM
libcrypto_la_CFLAGS += -DSHA512_ASM
libcrypto_la_CFLAGS += -DWHIRLPOOL_ASM
libcrypto_la_CFLAGS += -DOPENSSL_CPUID_OBJ
libcrypto_la_CPPFLAGS += -DAES_ASM
libcrypto_la_CPPFLAGS += -DBSAES_ASM
libcrypto_la_CPPFLAGS += -DVPAES_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_IA32_SSE2
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT5
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_GF2m
libcrypto_la_CPPFLAGS += -DMD5_ASM
libcrypto_la_CPPFLAGS += -DGHASH_ASM
libcrypto_la_CPPFLAGS += -DRSA_ASM
libcrypto_la_CPPFLAGS += -DSHA1_ASM
libcrypto_la_CPPFLAGS += -DSHA256_ASM
libcrypto_la_CPPFLAGS += -DSHA512_ASM
libcrypto_la_CPPFLAGS += -DWHIRLPOOL_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_CPUID_OBJ
libcrypto_la_SOURCES += $(ASM_X86_64_MACOSX)
endif

5
crypto/compat/arc4random.h
View File

@@ -3,7 +3,10 @@
#include <sys/param.h>
#if defined(__FreeBSD__)
#if defined(_AIX)
#include "arc4random_aix.h"
#elif defined(__FreeBSD__)
#include "arc4random_freebsd.h"
#elif defined(__hpux)

13
crypto/compat/explicit_bzero_win.c Normal file
View File

@@ -0,0 +1,13 @@
/*
* Public domain.
* Win32 explicit_bzero compatibility shim.
*/
#include <windows.h>
#include <string.h>
void
explicit_bzero(void *buf, size_t len)
{
SecureZeroMemory(buf, len);
}

212
crypto/compat/inet_pton.c Normal file
View File

@@ -0,0 +1,212 @@
/* $OpenBSD: inet_pton.c,v 1.9 2015/01/16 16:48:51 deraadt Exp $ */
/* Copyright (c) 1996 by Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <string.h>
#include <errno.h>
/*
* WARNING: Don't even consider trying to compile this on a system where
* sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
*/
static int inet_pton4(const char *src, u_char *dst);
static int inet_pton6(const char *src, u_char *dst);
/* int
* inet_pton(af, src, dst)
* convert from presentation format (which usually means ASCII printable)
* to network format (which is usually some kind of binary format).
* return:
* 1 if the address was valid for the specified address family
* 0 if the address wasn't valid (`dst' is untouched in this case)
* -1 if some other error occurred (`dst' is untouched in this case, too)
* author:
* Paul Vixie, 1996.
*/
int
inet_pton(int af, const char *src, void *dst)
{
switch (af) {
case AF_INET:
return (inet_pton4(src, dst));
case AF_INET6:
return (inet_pton6(src, dst));
default:
errno = EAFNOSUPPORT;
return (-1);
}
/* NOTREACHED */
}
/* int
* inet_pton4(src, dst)
* like inet_aton() but without all the hexadecimal and shorthand.
* return:
* 1 if `src' is a valid dotted quad, else 0.
* notice:
* does not touch `dst' unless it's returning 1.
* author:
* Paul Vixie, 1996.
*/
static int
inet_pton4(const char *src, u_char *dst)
{
static const char digits[] = "0123456789";
int saw_digit, octets, ch;
u_char tmp[INADDRSZ], *tp;
saw_digit = 0;
octets = 0;
*(tp = tmp) = 0;
while ((ch = *src++) != '\0') {
const char *pch;
if ((pch = strchr(digits, ch)) != NULL) {
u_int new = *tp * 10 + (pch - digits);
if (new > 255)
return (0);
if (! saw_digit) {
if (++octets > 4)
return (0);
saw_digit = 1;
}
*tp = new;
} else if (ch == '.' && saw_digit) {
if (octets == 4)
return (0);
*++tp = 0;
saw_digit = 0;
} else
return (0);
}
if (octets < 4)
return (0);
memcpy(dst, tmp, INADDRSZ);
return (1);
}
/* int
* inet_pton6(src, dst)
* convert presentation level address to network order binary form.
* return:
* 1 if `src' is a valid [RFC1884 2.2] address, else 0.
* notice:
* does not touch `dst' unless it's returning 1.
* credit:
* inspired by Mark Andrews.
* author:
* Paul Vixie, 1996.
*/
static int
inet_pton6(const char *src, u_char *dst)
{
static const char xdigits_l[] = "0123456789abcdef",
xdigits_u[] = "0123456789ABCDEF";
u_char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
const char *xdigits, *curtok;
int ch, saw_xdigit, count_xdigit;
u_int val;
memset((tp = tmp), '\0', IN6ADDRSZ);
endp = tp + IN6ADDRSZ;
colonp = NULL;
/* Leading :: requires some special handling. */
if (*src == ':')
if (*++src != ':')
return (0);
curtok = src;
saw_xdigit = count_xdigit = 0;
val = 0;
while ((ch = *src++) != '\0') {
const char *pch;
if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
pch = strchr((xdigits = xdigits_u), ch);
if (pch != NULL) {
if (count_xdigit >= 4)
return (0);
val <<= 4;
val |= (pch - xdigits);
if (val > 0xffff)
return (0);
saw_xdigit = 1;
count_xdigit++;
continue;
}
if (ch == ':') {
curtok = src;
if (!saw_xdigit) {
if (colonp)
return (0);
colonp = tp;
continue;
} else if (*src == '\0') {
return (0);
}
if (tp + INT16SZ > endp)
return (0);
*tp++ = (u_char) (val >> 8) & 0xff;
*tp++ = (u_char) val & 0xff;
saw_xdigit = 0;
count_xdigit = 0;
val = 0;
continue;
}
if (ch == '.' && ((tp + INADDRSZ) <= endp) &&
inet_pton4(curtok, tp) > 0) {
tp += INADDRSZ;
saw_xdigit = 0;
count_xdigit = 0;
break; /* '\0' was seen by inet_pton4(). */
}
return (0);
}
if (saw_xdigit) {
if (tp + INT16SZ > endp)
return (0);
*tp++ = (u_char) (val >> 8) & 0xff;
*tp++ = (u_char) val & 0xff;
}
if (colonp != NULL) {
/*
* Since some memmove()'s erroneously fail to handle
* overlapping regions, we'll do the shift by hand.
*/
const int n = tp - colonp;
int i;
if (tp == endp)
return (0);
for (i = 1; i <= n; i++) {
endp[- i] = colonp[n - i];
colonp[n - i] = 0;
}
tp = endp;
}
if (tp != endp)
return (0);
memcpy(dst, tmp, IN6ADDRSZ);
return (1);
}

17
crypto/compat/issetugid_hpux.c
View File

@@ -1,17 +0,0 @@
#include <stdio.h>
#include <unistd.h>
#include <sys/pstat.h>
/*
* HP-UX does not have issetugid().
* Use pstat_getproc() and check PS_CHANGEDPRIV bit of pst_flag. If this call
* cannot be used, assume we must be running in a privileged environment.
*/
int issetugid(void)
{
struct pst_status buf;
if (pstat_getproc(&buf, sizeof(buf), 0, getpid()) == 1 &&
!(buf.pst_flag & PS_CHANGEDPRIV))
return 0;
return 1;
}

47
crypto/compat/issetugid_linux.c
View File

@@ -1,47 +0,0 @@
/*
* issetugid implementation for Linux
* Public domain
*/
#include <errno.h>
#include <gnu/libc-version.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
/*
* Linux-specific glibc 2.16+ interface for determining if a process was
* launched setuid/setgid or with additional capabilities.
*/
#ifdef HAVE_GETAUXVAL
#include <sys/auxv.h>
#endif
int issetugid(void)
{
#ifdef HAVE_GETAUXVAL
/*
* The API for glibc < 2.19 does not indicate if there is an error with
* getauxval. While it should not be the case that any 2.6 or greater
* kernel ever does not supply AT_SECURE, an emulated software environment
* might rewrite the aux vector.
*
* See https://sourceware.org/bugzilla/show_bug.cgi?id=15846
*
* Perhaps this code should just read the aux vector itself, so we have
* backward-compatibility and error handling in older glibc versions.
* info: http://lwn.net/Articles/519085/
*
*/
const char *glcv = gnu_get_libc_version();
if (strverscmp(glcv, "2.19") >= 0) {
errno = 0;
if (getauxval(AT_SECURE) == 0) {
if (errno != ENOENT) {
return 0;
}
}
}
#endif
return 1;
}

16
crypto/compat/issetugid_osx.c
View File

@@ -1,16 +0,0 @@
/*
* issetugid implementation for OS X
* Public domain
*/
#include <unistd.h>
/*
* OS X has issetugid, but it is not fork-safe as of version 10.10.
* See this Solaris report for test code that fails similarly:
* http://mcarpenter.org/blog/2013/01/15/solaris-issetugid%282%29-bug
*/
int issetugid(void)
{
return 1;
}

26
crypto/compat/issetugid_win.c
View File

@@ -1,26 +0,0 @@
/*
* issetugid implementation for Windows
* Public domain
*/
#include <unistd.h>
/*
* Windows does not have a native setuid/setgid functionality.
* A user must enter credentials each time a process elevates its
* privileges.
*
* So, in theory, this could always return 0, given what I know currently.
* However, it makes sense to stub out initially in 'safe' mode until we
* understand more (and determine if any disabled functionality is actually
* useful on Windows anyway).
*
* Future versions of this function that are made more 'open' should thoroughly
* consider the case of this code running as a privileged service with saved
* user credentials or privilege escalations by other means (e.g. the old
* RunAsEx utility.)
*/
int issetugid(void)
{
return 1;
}

96
include/win32netcompat.h → crypto/compat/posix_win.c
View File

@@ -2,23 +2,48 @@
* Public domain
*
* BSD socket emulation code for Winsock2
* File IO compatibility shims
* Brent Cook <bcook@openbsd.org>
*/
#ifndef LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
#define LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
#ifdef _WIN32
#define NO_REDEF_POSIX_FUNCTIONS
#include <windows.h>
#include <ws2tcpip.h>
#define SHUT_RDWR SD_BOTH
#define SHUT_RD SD_RECEIVE
#define SHUT_WR SD_SEND
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
void
posix_perror(const char *s)
{
fprintf(stderr, "%s: %s\n", s, strerror(errno));
}
FILE *
posix_fopen(const char *path, const char *mode)
{
if (strchr(mode, 'b') == NULL) {
char *bin_mode = NULL;
if (asprintf(&bin_mode, "%sb", mode) == -1)
return NULL;
FILE *f = fopen(path, bin_mode);
free(bin_mode);
return f;
}
return fopen(path, mode);
}
int
posix_rename(const char *oldpath, const char *newpath)
{
return MoveFileEx(oldpath, newpath, MOVEFILE_REPLACE_EXISTING) ? 0 : -1;
}
static int
wsa_errno(int err)
{
@@ -81,7 +106,7 @@ wsa_errno(int err)
return -1;
}
static inline int
int
posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
{
int rc = connect(sockfd, addr, addrlen);
@@ -90,9 +115,7 @@ posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
return rc;
}
#define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen)
static inline int
int
posix_close(int fd)
{
if (closesocket(fd) == SOCKET_ERROR) {
@@ -103,9 +126,7 @@ posix_close(int fd)
return 0;
}
#define close(fd) posix_close(fd)
static inline ssize_t
ssize_t
posix_read(int fd, void *buf, size_t count)
{
ssize_t rc = recv(fd, buf, count, 0);
@@ -117,9 +138,7 @@ posix_read(int fd, void *buf, size_t count)
return rc;
}
#define read(fd, buf, count) posix_read(fd, buf, count)
static inline ssize_t
ssize_t
posix_write(int fd, const void *buf, size_t count)
{
ssize_t rc = send(fd, buf, count, 0);
@@ -131,9 +150,7 @@ posix_write(int fd, const void *buf, size_t count)
return rc;
}
#define write(fd, buf, count) posix_write(fd, buf, count)
static inline int
int
posix_getsockopt(int sockfd, int level, int optname,
void *optval, socklen_t *optlen)
{
@@ -142,10 +159,7 @@ posix_getsockopt(int sockfd, int level, int optname,
}
#define getsockopt(sockfd, level, optname, optval, optlen) \
posix_getsockopt(sockfd, level, optname, optval, optlen)
static inline int
int
posix_setsockopt(int sockfd, int level, int optname,
const void *optval, socklen_t optlen)
{
@@ -153,9 +167,33 @@ posix_setsockopt(int sockfd, int level, int optname,
return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
}
#define setsockopt(sockfd, level, optname, optval, optlen) \
posix_setsockopt(sockfd, level, optname, optval, optlen)
#endif
#ifdef _MSC_VER
int gettimeofday(struct timeval * tp, struct timezone * tzp)
{
/*
* Note: some broken versions only have 8 trailing zero's, the correct
* epoch has 9 trailing zero's
*/
static const uint64_t EPOCH = ((uint64_t) 116444736000000000ULL);
SYSTEMTIME system_time;
FILETIME file_time;
uint64_t time;
GetSystemTime(&system_time);
SystemTimeToFileTime(&system_time, &file_time);
time = ((uint64_t)file_time.dwLowDateTime);
time += ((uint64_t)file_time.dwHighDateTime) << 32;
tp->tv_sec = (long)((time - EPOCH) / 10000000L);
tp->tv_usec = (long)(system_time.wMilliseconds * 1000);
return 0;
}
unsigned int sleep(unsigned int seconds)
{
Sleep(seconds * 1000);
return seconds;
}
#endif

18
crypto/compat/ui_openssl_win.c
View File

@@ -133,6 +133,7 @@
/* Define globals. They are protected by a lock */
static void (*savsig[NX509_SIG])(int );
DWORD console_mode;
static FILE *tty_in, *tty_out;
static int is_a_tty;
@@ -300,28 +301,27 @@ open_console(UI *ui)
tty_in = stdin;
tty_out = stderr;
return 1;
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
if (handle != INVALID_HANDLE_VALUE)
return GetConsoleMode(handle, &console_mode);
return 0;
}
static int
noecho_console(UI *ui)
{
DWORD mode = 0;
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
if (handle != INVALID_HANDLE_VALUE && handle != handle) {
return GetConsoleMode(handle, &mode) && SetConsoleMode(handle, mode & (~ENABLE_ECHO_INPUT));
}
if (handle != INVALID_HANDLE_VALUE)
return SetConsoleMode(handle, console_mode & ~ENABLE_ECHO_INPUT);
return 0;
}
static int
echo_console(UI *ui)
{
DWORD mode = 0;
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
if (handle != INVALID_HANDLE_VALUE && handle != handle) {
return GetConsoleMode(handle, &mode) && SetConsoleMode(handle, mode | ENABLE_ECHO_INPUT);
}
if (handle != INVALID_HANDLE_VALUE)
return SetConsoleMode(handle, console_mode);
return 0;
}

3
dist-win.sh
View File

@@ -8,6 +8,7 @@ DIST=libressl-$VERSION-windows
rm -fr $DIST
mkdir -p $DIST
autoreconf -i
for ARCH in X86 X64; do
@@ -21,7 +22,7 @@ for ARCH in X86 X64; do
echo Building for $HOST
CC=$HOST-gcc ./configure --host=$HOST --enable-libtls
CC=$HOST-gcc ./configure --host=$HOST --with-openssldir=c:/libressl/ssl
make clean
PATH=$PATH:/usr/$HOST/sys-root/mingw/bin \
make -j 4 check

4
dist.sh
View File

@@ -1,7 +1,7 @@
#!/bin/sh
set -e
rm -f man/*.1 man/*.3
rm -f man/*.1 man/*.3 include/openssl/*.h
./autogen.sh
./configure --enable-libtls
./configure
make distcheck

10
gen-coverage-report.sh
View File

@@ -20,7 +20,7 @@ find -name '*.gcda' -o -name '*.gcno' -delete
rm -fr $DESTDIR
echo "Configuring to build with code coverage support"
./configure --enable-libtls CFLAGS='-O0 -fprofile-arcs -ftest-coverage'
./configure CFLAGS='-O0 -fprofile-arcs -ftest-coverage'
echo "Running all code paths"
make clean
@@ -29,9 +29,15 @@ make check
echo "Generating report"
mkdir -p $DESTDIR
find tests -name '*.gcda' -o -name '*.gcno' -delete
lcov --directory . --capture --output-file $DESTDIR/coverage.tmp \
lcov --capture --output-file $DESTDIR/coverage.tmp \
--rc lcov_branch_coverage=1 \
--directory crypto \
--directory ssl \
--directory tls \
--test-name "LibreSSL $VERSION"
genhtml --prefix . --output-directory $DESTDIR \
--branch-coverage --function-coverage \
--rc lcov_branch_coverage=1 \
--title "LibreSSL $VERSION" --legend --show-detail $DESTDIR/coverage.tmp
echo "Code coverage report is available under $DESTDIR"

5
include/CMakeLists.txt Normal file
View File

@@ -0,0 +1,5 @@
install(DIRECTORY .
DESTINATION include
PATTERN "CMakeLists.txt" EXCLUDE
PATTERN "compat" EXCLUDE
PATTERN "Makefile.*" EXCLUDE)

52
include/Makefile.am
View File

@@ -1,33 +1,39 @@
include $(top_srcdir)/Makefile.am.common
EXTRA_DIST = CMakeLists.txt
SUBDIRS = openssl
noinst_HEADERS = err.h
noinst_HEADERS += netdb.h
noinst_HEADERS += poll.h
noinst_HEADERS += pqueue.h
noinst_HEADERS += stdio.h
noinst_HEADERS += stdlib.h
noinst_HEADERS += string.h
noinst_HEADERS += syslog.h
noinst_HEADERS += unistd.h
noinst_HEADERS += win32netcompat.h
noinst_HEADERS = pqueue.h
noinst_HEADERS += compat/dirent.h
noinst_HEADERS += compat/dirent_msvc.h
noinst_HEADERS += compat/err.h
noinst_HEADERS += compat/netdb.h
noinst_HEADERS += compat/poll.h
noinst_HEADERS += compat/stdio.h
noinst_HEADERS += compat/stdlib.h
noinst_HEADERS += compat/string.h
noinst_HEADERS += compat/time.h
noinst_HEADERS += compat/unistd.h
noinst_HEADERS += compat/win32netcompat.h
noinst_HEADERS += arpa/inet.h
noinst_HEADERS += compat/arpa/inet.h
noinst_HEADERS += compat/arpa/nameser.h
noinst_HEADERS += machine/endian.h
noinst_HEADERS += compat/machine/endian.h
noinst_HEADERS += netinet/in.h
noinst_HEADERS += netinet/tcp.h
noinst_HEADERS += compat/netinet/in.h
noinst_HEADERS += compat/netinet/tcp.h
noinst_HEADERS += sys/ioctl.h
noinst_HEADERS += sys/mman.h
noinst_HEADERS += sys/select.h
noinst_HEADERS += sys/socket.h
noinst_HEADERS += sys/times.h
noinst_HEADERS += sys/types.h
noinst_HEADERS += sys/uio.h
noinst_HEADERS += compat/sys/cdefs.h
noinst_HEADERS += compat/sys/ioctl.h
noinst_HEADERS += compat/sys/mman.h
noinst_HEADERS += compat/sys/param.h
noinst_HEADERS += compat/sys/select.h
noinst_HEADERS += compat/sys/stat.h
noinst_HEADERS += compat/sys/socket.h
noinst_HEADERS += compat/sys/time.h
noinst_HEADERS += compat/sys/types.h
noinst_HEADERS += compat/sys/uio.h
if ENABLE_LIBTLS
include_HEADERS = tls.h
endif

10
include/arpa/inet.h
View File

@@ -1,10 +0,0 @@
/*
* Public domain
* arpa/inet.h compatibility shim
*/
#ifndef _WIN32
#include_next <arpa/inet.h>
#else
#include <win32netcompat.h>
#endif

19
include/compat/arpa/inet.h Normal file
View File

@@ -0,0 +1,19 @@
/*
* Public domain
* arpa/inet.h compatibility shim
*/
#ifndef _WIN32
#include_next <arpa/inet.h>
#else
#include <win32netcompat.h>
#ifndef AI_ADDRCONFIG
#define AI_ADDRCONFIG 0x00000400
#endif
#endif
#ifndef HAVE_INET_PTON
int inet_pton(int af, const char * src, void * dst);
#endif

23
include/compat/arpa/nameser.h Normal file
View File

@@ -0,0 +1,23 @@
/*
* Public domain
* arpa/inet.h compatibility shim
*/
#ifndef _WIN32
#include_next <arpa/nameser.h>
#else
#include <win32netcompat.h>
#ifndef INADDRSZ
#define INADDRSZ 4
#endif
#ifndef IN6ADDRSZ
#define IN6ADDRSZ 16
#endif
#ifndef INT16SZ
#define INT16SZ 2
#endif
#endif

17
include/compat/dirent.h Normal file
View File

@@ -0,0 +1,17 @@
/*
* Public domain
* dirent.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_DIRENT_H
#define LIBCRYPTOCOMPAT_DIRENT_H
#ifdef _MSC_VER
#include <windows.h>
#include <dirent_msvc.h>
#else
#include_next <dirent.h>
#endif
#endif

611
include/compat/dirent_msvc.h Normal file
View File

@@ -0,0 +1,611 @@
/*
* dirent.h - dirent API for Microsoft Visual Studio
*
* Copyright (C) 2006-2012 Toni Ronkko
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* ``Software''), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be included
* in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND, EXPRESS
* OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL TONI RONKKO BE LIABLE FOR ANY CLAIM, DAMAGES OR
* OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
* OTHER DEALINGS IN THE SOFTWARE.
*
* $Id: dirent.h,v 1.20 2014/03/19 17:52:23 tronkko Exp $
*/
#ifndef DIRENT_MSVC_H
#define DIRENT_MSVC_H
#include <windows.h>
#if _MSC_VER >= 1900
#include <../ucrt/stdio.h>
#include <../ucrt/wchar.h>
#include <../ucrt/string.h>
#include <../ucrt/stdlib.h>
#include <../ucrt/sys/types.h>
#include <../ucrt/errno.h>
#else
#include <../include/stdio.h>
#include <../include/wchar.h>
#include <../include/string.h>
#include <../include/stdlib.h>
#include <../include/sys/types.h>
#include <../include/errno.h>
#endif
#include <stdarg.h>
#include <sys/stat.h>
/* Indicates that d_type field is available in dirent structure */
#define _DIRENT_HAVE_D_TYPE
/* Indicates that d_namlen field is available in dirent structure */
#define _DIRENT_HAVE_D_NAMLEN
/* Maximum length of file name */
#if !defined(PATH_MAX)
# define PATH_MAX MAX_PATH
#endif
#if !defined(FILENAME_MAX)
# define FILENAME_MAX MAX_PATH
#endif
#if !defined(NAME_MAX)
# define NAME_MAX FILENAME_MAX
#endif
/* Return the exact length of d_namlen without zero terminator */
#define _D_EXACT_NAMLEN(p)((p)->d_namlen)
/* Return number of bytes needed to store d_namlen */
#define _D_ALLOC_NAMLEN(p)(PATH_MAX)
/* Wide-character version */
struct _wdirent {
long d_ino; /* Always zero */
unsigned short d_reclen; /* Structure size */
size_t d_namlen; /* Length of name without \0 */
int d_type; /* File type */
wchar_t d_name[PATH_MAX]; /* File name */
};
typedef struct _wdirent _wdirent;
struct _WDIR {
struct _wdirent ent; /* Current directory entry */
WIN32_FIND_DATAW data; /* Private file data */
int cached; /* True if data is valid */
HANDLE handle; /* Win32 search handle */
wchar_t *patt; /* Initial directory name */
};
typedef struct _WDIR _WDIR;
static _WDIR *_wopendir(const wchar_t *dirname);
static struct _wdirent *_wreaddir(_WDIR *dirp);
static int _wclosedir(_WDIR *dirp);
static void _wrewinddir(_WDIR* dirp);
/* Multi-byte character versions */
struct dirent {
long d_ino; /* Always zero */
unsigned short d_reclen; /* Structure size */
size_t d_namlen; /* Length of name without \0 */
int d_type; /* File type */
char d_name[PATH_MAX]; /* File name */
};
typedef struct dirent dirent;
struct DIR {
struct dirent ent;
struct _WDIR *wdirp;
};
typedef struct DIR DIR;
static DIR *opendir(const char *dirname);
static struct dirent *readdir(DIR *dirp);
static int closedir(DIR *dirp);
static void rewinddir(DIR* dirp);
/* Internal utility functions */
static WIN32_FIND_DATAW *dirent_first(_WDIR *dirp);
static WIN32_FIND_DATAW *dirent_next(_WDIR *dirp);
static int dirent_mbstowcs_s(
size_t *pReturnValue,
wchar_t *wcstr,
size_t sizeInWords,
const char *mbstr,
size_t count);
static int dirent_wcstombs_s(
size_t *pReturnValue,
char *mbstr,
size_t sizeInBytes,
const wchar_t *wcstr,
size_t count);
/*
* Open directory stream DIRNAME for read and return a pointer to the
* internal working area that is used to retrieve individual directory
* entries.
*/
static _WDIR*
_wopendir(const wchar_t *dirname)
{
_WDIR *dirp = NULL;
int error;
/* Must have directory name */
if (dirname == NULL || dirname[0] == '\0') {
_set_errno(ENOENT);
return NULL;
}
/* Allocate new _WDIR structure */
dirp =(_WDIR*) malloc(sizeof(struct _WDIR));
if (dirp != NULL) {
DWORD n;
/* Reset _WDIR structure */
dirp->handle = INVALID_HANDLE_VALUE;
dirp->patt = NULL;
dirp->cached = 0;
/* Compute the length of full path plus zero terminator */
n = GetFullPathNameW(dirname, 0, NULL, NULL);
/* Allocate room for absolute directory name and search pattern */
dirp->patt =(wchar_t*) malloc(sizeof(wchar_t) * n + 16);
if (dirp->patt) {
/*
* Convert relative directory name to an absolute one. This
* allows rewinddir() to function correctly even when current
* working directory is changed between opendir() and rewinddir().
*/
n = GetFullPathNameW(dirname, n, dirp->patt, NULL);
if (n > 0) {
wchar_t *p;
/* Append search pattern \* to the directory name */
p = dirp->patt + n;
if (dirp->patt < p) {
switch(p[-1]) {
case '\\':
case '/':
case ':':
/* Directory ends in path separator, e.g. c:\temp\ */
/*NOP*/;
break;
default:
/* Directory name doesn't end in path separator */
*p++ = '\\';
}
}
*p++ = '*';
*p = '\0';
/* Open directory stream and retrieve the first entry */
if (dirent_first(dirp)) {
/* Directory stream opened successfully */
error = 0;
} else {
/* Cannot retrieve first entry */
error = 1;
_set_errno(ENOENT);
}
} else {
/* Cannot retrieve full path name */
_set_errno(ENOENT);
error = 1;
}
} else {
/* Cannot allocate memory for search pattern */
error = 1;
}
} else {
/* Cannot allocate _WDIR structure */
error = 1;
}
/* Clean up in case of error */
if (error && dirp) {
_wclosedir(dirp);
dirp = NULL;
}
return dirp;
}
/*
* Read next directory entry. The directory entry is returned in dirent
* structure in the d_name field. Individual directory entries returned by
* this function include regular files, sub-directories, pseudo-directories
* "." and ".." as well as volume labels, hidden files and system files.
*/
static struct _wdirent*
_wreaddir(_WDIR *dirp)
{
WIN32_FIND_DATAW *datap;
struct _wdirent *entp;
/* Read next directory entry */
datap = dirent_next(dirp);
if (datap) {
size_t n;
DWORD attr;
/* Pointer to directory entry to return */
entp = &dirp->ent;
/*
* Copy file name as wide-character string. If the file name is too
* long to fit in to the destination buffer, then truncate file name
* to PATH_MAX characters and zero-terminate the buffer.
*/
n = 0;
while(n + 1 < PATH_MAX && datap->cFileName[n] != 0) {
entp->d_name[n] = datap->cFileName[n];
n++;
}
dirp->ent.d_name[n] = 0;
/* Length of file name excluding zero terminator */
entp->d_namlen = n;
/* File type */
attr = datap->dwFileAttributes;
if ((attr & FILE_ATTRIBUTE_DEVICE) != 0) {
entp->d_type = DT_CHR;
} else if ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0) {
entp->d_type = DT_DIR;
} else {
entp->d_type = DT_REG;
}
/* Reset dummy fields */
entp->d_ino = 0;
entp->d_reclen = sizeof(struct _wdirent);
} else {
/* Last directory entry read */
entp = NULL;
}
return entp;
}
/*
* Close directory stream opened by opendir() function. This invalidates the
* DIR structure as well as any directory entry read previously by
* _wreaddir().
*/
static int
_wclosedir(_WDIR *dirp)
{
int ok;
if (dirp) {
/* Release search handle */
if (dirp->handle != INVALID_HANDLE_VALUE) {
FindClose(dirp->handle);
dirp->handle = INVALID_HANDLE_VALUE;
}
/* Release search pattern */
if (dirp->patt) {
free(dirp->patt);
dirp->patt = NULL;
}
/* Release directory structure */
free(dirp);
ok = /*success*/0;
} else {
/* Invalid directory stream */
_set_errno(EBADF);
ok = /*failure*/-1;
}
return ok;
}
/*
* Rewind directory stream such that _wreaddir() returns the very first
* file name again.
*/
static void
_wrewinddir(_WDIR* dirp)
{
if (dirp) {
/* Release existing search handle */
if (dirp->handle != INVALID_HANDLE_VALUE) {
FindClose(dirp->handle);
}
/* Open new search handle */
dirent_first(dirp);
}
}
/* Get first directory entry(internal) */
static WIN32_FIND_DATAW*
dirent_first(_WDIR *dirp)
{
WIN32_FIND_DATAW *datap;
/* Open directory and retrieve the first entry */
dirp->handle = FindFirstFileW(dirp->patt, &dirp->data);
if (dirp->handle != INVALID_HANDLE_VALUE) {
/* a directory entry is now waiting in memory */
datap = &dirp->data;
dirp->cached = 1;
} else {
/* Failed to re-open directory: no directory entry in memory */
dirp->cached = 0;
datap = NULL;
}
return datap;
}
/* Get next directory entry(internal) */
static WIN32_FIND_DATAW*
dirent_next(_WDIR *dirp)
{
WIN32_FIND_DATAW *p;
/* Get next directory entry */
if (dirp->cached != 0) {
/* A valid directory entry already in memory */
p = &dirp->data;
dirp->cached = 0;
} else if (dirp->handle != INVALID_HANDLE_VALUE) {
/* Get the next directory entry from stream */
if (FindNextFileW(dirp->handle, &dirp->data) != FALSE) {
/* Got a file */
p = &dirp->data;
} else {
/* The very last entry has been processed or an error occured */
FindClose(dirp->handle);
dirp->handle = INVALID_HANDLE_VALUE;
p = NULL;
}
} else {
/* End of directory stream reached */
p = NULL;
}
return p;
}
/*
* Open directory stream using plain old C-string.
*/
static DIR*
opendir(const char *dirname)
{
struct DIR *dirp;
int error;
/* Must have directory name */
if (dirname == NULL || dirname[0] == '\0') {
_set_errno(ENOENT);
return NULL;
}
/* Allocate memory for DIR structure */
dirp =(DIR*) malloc(sizeof(struct DIR));
if (dirp) {
wchar_t wname[PATH_MAX];
size_t n;
/* Convert directory name to wide-character string */
error = dirent_mbstowcs_s(&n, wname, PATH_MAX, dirname, PATH_MAX);
if (!error) {
/* Open directory stream using wide-character name */
dirp->wdirp = _wopendir(wname);
if (dirp->wdirp) {
/* Directory stream opened */
error = 0;
} else {
/* Failed to open directory stream */
error = 1;
}
} else {
/*
* Cannot convert file name to wide-character string. This
* occurs if the string contains invalid multi-byte sequences or
* the output buffer is too small to contain the resulting
* string.
*/
error = 1;
}
} else {
/* Cannot allocate DIR structure */
error = 1;
}
/* Clean up in case of error */
if (error && dirp) {
free(dirp);
dirp = NULL;
}
return dirp;
}
/*
* Read next directory entry.
*
* When working with text consoles, please note that file names returned by
* readdir() are represented in the default ANSI code page while any output to
* console is typically formatted on another code page. Thus, non-ASCII
* characters in file names will not usually display correctly on console. The
* problem can be fixed in two ways:(1) change the character set of console
* to 1252 using chcp utility and use Lucida Console font, or(2) use
* _cprintf function when writing to console. The _cprinf() will re-encode
* ANSI strings to the console code page so many non-ASCII characters will
* display correcly.
*/
static struct dirent*
readdir(DIR *dirp)
{
WIN32_FIND_DATAW *datap;
struct dirent *entp;
/* Read next directory entry */
datap = dirent_next(dirp->wdirp);
if (datap) {
size_t n;
int error;
/* Attempt to convert file name to multi-byte string */
error = dirent_wcstombs_s(
&n, dirp->ent.d_name, PATH_MAX, datap->cFileName, PATH_MAX);
/*
* If the file name cannot be represented by a multi-byte string,
* then attempt to use old 8+3 file name. This allows traditional
* Unix-code to access some file names despite of unicode
* characters, although file names may seem unfamiliar to the user.
*
* Be ware that the code below cannot come up with a short file
* name unless the file system provides one. At least
* VirtualBox shared folders fail to do this.
*/
if (error && datap->cAlternateFileName[0] != '\0') {
error = dirent_wcstombs_s(
&n, dirp->ent.d_name, PATH_MAX,
datap->cAlternateFileName, PATH_MAX);
}
if (!error) {
DWORD attr;
/* Initialize directory entry for return */
entp = &dirp->ent;
/* Length of file name excluding zero terminator */
entp->d_namlen = n - 1;
/* File attributes */
attr = datap->dwFileAttributes;
if ((attr & FILE_ATTRIBUTE_DEVICE) != 0) {
entp->d_type = DT_CHR;
} else if ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0) {
entp->d_type = DT_DIR;
} else {
entp->d_type = DT_REG;
}
/* Reset dummy fields */
entp->d_ino = 0;
entp->d_reclen = sizeof(struct dirent);
} else {
/*
* Cannot convert file name to multi-byte string so construct
* an errornous directory entry and return that. Note that
* we cannot return NULL as that would stop the processing
* of directory entries completely.
*/
entp = &dirp->ent;
entp->d_name[0] = '?';
entp->d_name[1] = '\0';
entp->d_namlen = 1;
entp->d_type = DT_UNKNOWN;
entp->d_ino = 0;
entp->d_reclen = 0;
}
} else {
/* No more directory entries */
entp = NULL;
}
return entp;
}
/*
* Close directory stream.
*/
static int
closedir(DIR *dirp)
{
int ok;
if (dirp) {
/* Close wide-character directory stream */
ok = _wclosedir(dirp->wdirp);
dirp->wdirp = NULL;
/* Release multi-byte character version */
free(dirp);
} else {
/* Invalid directory stream */
_set_errno(EBADF);
ok = /*failure*/-1;
}
return ok;
}
/*
* Rewind directory stream to beginning.
*/
static void
rewinddir(DIR* dirp)
{
/* Rewind wide-character string directory stream */
_wrewinddir(dirp->wdirp);
}
/* Convert multi-byte string to wide character string */
static int
dirent_mbstowcs_s(size_t *pReturnValue, wchar_t *wcstr,
size_t sizeInWords, const char *mbstr, size_t count)
{
return mbstowcs_s(pReturnValue, wcstr, sizeInWords, mbstr, count);
}
/* Convert wide-character string to multi-byte string */
static int
dirent_wcstombs_s(size_t *pReturnValue, char *mbstr,
size_t sizeInBytes, /* max size of mbstr */
const wchar_t *wcstr, size_t count)
{
return wcstombs_s(pReturnValue, mbstr, sizeInBytes, wcstr, count);
}
#endif /*DIRENT_H*/

33
include/compat/err.h Normal file
View File

@@ -0,0 +1,33 @@
/*
* Public domain
* err.h compatibility shim
*/
#ifdef HAVE_ERR_H
#include_next <err.h>
#else
#ifndef LIBCRYPTOCOMPAT_ERR_H
#define LIBCRYPTOCOMPAT_ERR_H
#include <errno.h>
#include <stdio.h>
#include <string.h>
#define err(exitcode, format, ...) \
errx(exitcode, format ": %s", ## __VA_ARGS__, strerror(errno))
#define errx(exitcode, format, ...) \
do { warnx(format, ## __VA_ARGS__); exit(exitcode); } while (0)
#define warn(format, ...) \
warnx(format ": %s", ## __VA_ARGS__, strerror(errno))
#define warnx(format, ...) \
fprintf(stderr, format "\n", ## __VA_ARGS__)
#endif
#endif

0
include/machine/endian.h → include/compat/machine/endian.h
View File

0
include/netdb.h → include/compat/netdb.h
View File

0
include/netinet/in.h → include/compat/netinet/in.h
View File

0
include/netinet/tcp.h → include/compat/netinet/tcp.h
View File

2
include/poll.h → include/compat/poll.h
View File

@@ -14,7 +14,7 @@
#ifndef LIBCRYPTOCOMPAT_POLL_H
#define LIBCRYPTOCOMPAT_POLL_H
#ifdef HAVE_POLL
#ifndef _WIN32
#include_next <poll.h>
#else

45
include/compat/stdio.h Normal file
View File

@@ -0,0 +1,45 @@
/*
* Public domain
* stdio.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_STDIO_H
#define LIBCRYPTOCOMPAT_STDIO_H
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/stdlib.h>
#include <../ucrt/corecrt_io.h>
#include <../ucrt/stdio.h>
#else
#include <../include/stdio.h>
#endif
#else
#include_next <stdio.h>
#endif
#ifndef HAVE_ASPRINTF
#include <stdarg.h>
int vasprintf(char **str, const char *fmt, va_list ap);
int asprintf(char **str, const char *fmt, ...);
#endif
#ifdef _WIN32
void posix_perror(const char *s);
FILE * posix_fopen(const char *path, const char *mode);
int posix_rename(const char *oldpath, const char *newpath);
#ifndef NO_REDEF_POSIX_FUNCTIONS
#define perror(errnum) posix_perror(errnum)
#define fopen(path, mode) posix_fopen(path, mode)
#define rename(oldpath, newpath) posix_rename(oldpath, newpath)
#endif
#ifdef _MSC_VER
#define snprintf _snprintf
#endif
#endif
#endif

11
include/stdlib.h → include/compat/stdlib.h
View File

@@ -3,13 +3,20 @@
* Public domain
*/
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/stdlib.h>
#else
#include <../include/stdlib.h>
#endif
#else
#include_next <stdlib.h>
#endif
#ifndef LIBCRYPTOCOMPAT_STDLIB_H
#define LIBCRYPTOCOMPAT_STDLIB_H
#include <sys/stat.h>
#include <sys/time.h>
#include <sys/types.h>
#include <stdint.h>
#ifndef HAVE_ARC4RANDOM_BUF

17
include/string.h → include/compat/string.h
View File

@@ -3,11 +3,19 @@
* string.h compatibility shim
*/
#include_next <string.h>
#ifndef LIBCRYPTOCOMPAT_STRING_H
#define LIBCRYPTOCOMPAT_STRING_H
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/string.h>
#else
#include <../include/string.h>
#endif
#else
#include_next <string.h>
#endif
#include <sys/types.h>
#if defined(__sun) || defined(__hpux)
@@ -17,6 +25,11 @@
#include <strings.h>
#endif
#ifndef HAVE_STRCASECMP
int strcasecmp(const char *s1, const char *s2);
int strncasecmp(const char *s1, const char *s2, size_t len);
#endif
#ifndef HAVE_STRLCPY
size_t strlcpy(char *dst, const char *src, size_t siz);
#endif

31
include/compat/sys/cdefs.h Normal file
View File

@@ -0,0 +1,31 @@
/*
* Public domain
* sys/cdefs.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_SYS_CDEFS_H
#define LIBCRYPTOCOMPAT_SYS_CDEFS_H
#ifdef _WIN32
#define __warn_references(sym,msg)
#else
#include_next <sys/cdefs.h>
#ifndef __warn_references
#if defined(__GNUC__) && defined (HAS_GNU_WARNING_LONG)
#define __warn_references(sym,msg) \
__asm__(".section .gnu.warning." __STRING(sym) \
" ; .ascii \"" msg "\" ; .text");
#else
#define __warn_references(sym,msg)
#endif
#endif /* __warn_references */
#endif /* _WIN32 */
#endif /* LIBCRYPTOCOMPAT_SYS_CDEFS_H */

0
include/sys/ioctl.h → include/compat/sys/ioctl.h
View File

0
include/sys/mman.h → include/compat/sys/mman.h
View File

15
include/compat/sys/param.h Normal file
View File

@@ -0,0 +1,15 @@
/*
* Public domain
* sys/param.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_SYS_PARAM_H
#define LIBCRYPTOCOMPAT_SYS_PARAM_H
#ifdef _MSC_VER
#include <winsock2.h>
#else
#include_next <sys/param.h>
#endif
#endif

0
include/sys/select.h → include/compat/sys/select.h
View File

0
include/sys/socket.h → include/compat/sys/socket.h
View File

100
include/compat/sys/stat.h Normal file
View File

@@ -0,0 +1,100 @@
/*
* Public domain
* sys/stat.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_SYS_STAT_H
#define LIBCRYPTOCOMPAT_SYS_STAT_H
#ifndef _MSC_VER
#include_next <sys/stat.h>
#else
#include <windows.h>
#if _MSC_VER >= 1900
#include <../ucrt/sys/stat.h>
#else
#include <../include/sys/stat.h>
#endif
/* File type and permission flags for stat() */
#if !defined(S_IFMT)
# define S_IFMT _S_IFMT /* File type mask */
#endif
#if !defined(S_IFDIR)
# define S_IFDIR _S_IFDIR /* Directory */
#endif
#if !defined(S_IFCHR)
# define S_IFCHR _S_IFCHR /* Character device */
#endif
#if !defined(S_IFFIFO)
# define S_IFFIFO _S_IFFIFO /* Pipe */
#endif
#if !defined(S_IFREG)
# define S_IFREG _S_IFREG /* Regular file */
#endif
#if !defined(S_IREAD)
# define S_IREAD _S_IREAD /* Read permission */
#endif
#if !defined(S_IWRITE)
# define S_IWRITE _S_IWRITE /* Write permission */
#endif
#if !defined(S_IEXEC)
# define S_IEXEC _S_IEXEC /* Execute permission */
#endif
#if !defined(S_IFIFO)
# define S_IFIFO _S_IFIFO /* Pipe */
#endif
#if !defined(S_IFBLK)
# define S_IFBLK 0 /* Block device */
#endif
#if !defined(S_IFLNK)
# define S_IFLNK 0 /* Link */
#endif
#if !defined(S_IFSOCK)
# define S_IFSOCK 0 /* Socket */
#endif
#if defined(_MSC_VER)
# define S_IRUSR S_IREAD /* Read user */
# define S_IWUSR S_IWRITE /* Write user */
# define S_IXUSR 0 /* Execute user */
# define S_IRGRP 0 /* Read group */
# define S_IWGRP 0 /* Write group */
# define S_IXGRP 0 /* Execute group */
# define S_IROTH 0 /* Read others */
# define S_IWOTH 0 /* Write others */
# define S_IXOTH 0 /* Execute others */
#endif
/* File type flags for d_type */
#define DT_UNKNOWN 0
#define DT_REG S_IFREG
#define DT_DIR S_IFDIR
#define DT_FIFO S_IFIFO
#define DT_SOCK S_IFSOCK
#define DT_CHR S_IFCHR
#define DT_BLK S_IFBLK
#define DT_LNK S_IFLNK
/* Macros for converting between st_mode and d_type */
#define IFTODT(mode) ((mode) & S_IFMT)
#define DTTOIF(type) (type)
/*
* File type macros. Note that block devices, sockets and links cannot be
* distinguished on Windows and the macros S_ISBLK, S_ISSOCK and S_ISLNK are
* only defined for compatibility. These macros should always return false
* on Windows.
*/
#define S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO)
#define S_ISDIR(mode) (((mode) & S_IFMT) == S_IFDIR)
#define S_ISREG(mode) (((mode) & S_IFMT) == S_IFREG)
#define S_ISLNK(mode) (((mode) & S_IFMT) == S_IFLNK)
#define S_ISSOCK(mode) (((mode) & S_IFMT) == S_IFSOCK)
#define S_ISCHR(mode) (((mode) & S_IFMT) == S_IFCHR)
#define S_ISBLK(mode) (((mode) & S_IFMT) == S_IFBLK)
#endif
#endif

16
include/compat/sys/time.h Normal file
View File

@@ -0,0 +1,16 @@
/*
* Public domain
* sys/time.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_SYS_TIME_H
#define LIBCRYPTOCOMPAT_SYS_TIME_H
#ifdef _MSC_VER
#include <winsock2.h>
int gettimeofday(struct timeval *tp, void *tzp);
#else
#include_next <sys/time.h>
#endif
#endif

47
include/compat/sys/types.h Normal file
View File

@@ -0,0 +1,47 @@
/*
* Public domain
* sys/types.h compatibility shim
*/
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/sys/types.h>
#else
#include <../include/sys/types.h>
#endif
#else
#include_next <sys/types.h>
#endif
#ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H
#define LIBCRYPTOCOMPAT_SYS_TYPES_H
#include <stdint.h>
#ifdef __MINGW32__
#include <_bsd_types.h>
#endif
#ifdef _MSC_VER
typedef unsigned char u_char;
typedef unsigned short u_short;
typedef unsigned int u_int;
#include <basetsd.h>
typedef SSIZE_T ssize_t;
#ifndef SSIZE_MAX
#ifdef _WIN64
#define SSIZE_MAX _I64_MAX
#else
#define SSIZE_MAX INT_MAX
#endif
#endif
#endif
#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
# define __bounded__(x, y, z)
#endif
#endif

0
include/sys/uio.h → include/compat/sys/uio.h
View File

15
include/compat/time.h Normal file
View File

@@ -0,0 +1,15 @@
/*
* Public domain
* sys/time.h compatibility shim
*/
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/time.h>
#else
#include <../include/time.h>
#endif
#define gmtime_r(tp, tm) ((gmtime_s((tm), (tp)) == 0) ? (tm) : NULL)
#else
#include_next <time.h>
#endif

25
include/unistd.h → include/compat/unistd.h
View File

@@ -3,17 +3,30 @@
* unistd.h compatibility shim
*/
#include_next <unistd.h>
#ifndef LIBCRYPTOCOMPAT_UNISTD_H
#define LIBCRYPTOCOMPAT_UNISTD_H
#ifndef _MSC_VER
#include_next <unistd.h>
#else
#include <stdlib.h>
#include <io.h>
#include <process.h>
#define R_OK 4
#define W_OK 2
#define X_OK 0
#define F_OK 0
#define access _access
unsigned int sleep(unsigned int seconds);
#endif
#ifndef HAVE_GETENTROPY
int getentropy(void *buf, size_t buflen);
#endif
#ifndef HAVE_ISSETUGID
int issetugid(void);
#endif
#endif

48
include/compat/win32netcompat.h Normal file
View File

@@ -0,0 +1,48 @@
/*
* Public domain
*
* BSD socket emulation code for Winsock2
* Brent Cook <bcook@openbsd.org>
*/
#ifndef LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
#define LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
#ifdef _WIN32
#include <ws2tcpip.h>
#define SHUT_RDWR SD_BOTH
#define SHUT_RD SD_RECEIVE
#define SHUT_WR SD_SEND
#include <errno.h>
#include <unistd.h>
int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
int posix_close(int fd);
ssize_t posix_read(int fd, void *buf, size_t count);
ssize_t posix_write(int fd, const void *buf, size_t count);
int posix_getsockopt(int sockfd, int level, int optname,
void *optval, socklen_t *optlen);
int posix_setsockopt(int sockfd, int level, int optname,
const void *optval, socklen_t optlen);
#ifndef NO_REDEF_POSIX_FUNCTIONS
#define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen)
#define close(fd) posix_close(fd)
#define read(fd, buf, count) posix_read(fd, buf, count)
#define write(fd, buf, count) posix_write(fd, buf, count)
#define getsockopt(sockfd, level, optname, optval, optlen) \
posix_getsockopt(sockfd, level, optname, optval, optlen)
#define setsockopt(sockfd, level, optname, optval, optlen) \
posix_setsockopt(sockfd, level, optname, optval, optlen)
#endif
#endif
#endif

33
include/err.h
View File

@@ -1,33 +0,0 @@
/*
* Public domain
* err.h compatibility shim
*/
#ifdef HAVE_ERR_H
#include_next <err.h>
#else
#ifndef LIBCRYPTOCOMPAT_ERR_H
#define LIBCRYPTOCOMPAT_ERR_H
#include <errno.h>
#include <stdio.h>
#include <string.h>
#define err(exitcode, format, args...) \
errx(exitcode, format ": %s", ## args, strerror(errno))
#define errx(exitcode, format, args...) \
do { warnx(format, ## args); exit(exitcode); } while (0)
#define warn(format, args...) \
warnx(format ": %s", ## args, strerror(errno))
#define warnx(format, args...) \
fprintf(stderr, format "\n", ## args)
#endif
#endif

30
include/stdio.h
View File

@@ -1,30 +0,0 @@
/*
* Public domain
* stdio.h compatibility shim
*/
#include_next <stdio.h>
#ifndef LIBCRYPTOCOMPAT_STDIO_H
#define LIBCRYPTOCOMPAT_STDIO_H
#ifndef HAVE_ASPRINTF
#include <stdarg.h>
int vasprintf(char **str, const char *fmt, va_list ap);
int asprintf(char **str, const char *fmt, ...);
#endif
#ifdef _WIN32
#include <errno.h>
#include <string.h>
static inline void
posix_perror(const char *s)
{
fprintf(stderr, "%s: %s\n", s, strerror(errno));
}
#define perror(errnum) posix_perror(errnum)
#endif
#endif

10
include/sys/times.h
View File

@@ -1,10 +0,0 @@
/*
* Public domain
* sys/times.h compatibility shim
*/
#ifndef _WIN32
#include_next <sys/times.h>
#else
#include <win32netcompat.h>
#endif

21
include/sys/types.h
View File

@@ -1,21 +0,0 @@
/*
* Public domain
* sys/types.h compatibility shim
*/
#include_next <sys/types.h>
#ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H
#define LIBCRYPTOCOMPAT_SYS_TYPES_H
#include <stdint.h>
#ifdef __MINGW32__
#include <_bsd_types.h>
#endif
#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
# define __bounded__(x, y, z)
#endif
#endif

38
include/syslog.h
View File

@@ -1,38 +0,0 @@
/*
* Public domain
* syslog.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_SYSLOG_H
#define LIBCRYPTOCOMPAT_SYSLOG_H
#ifndef _WIN32
#include_next <syslog.h>
#else
/* priorities */
#define LOG_EMERG 0
#define LOG_ALERT 1
#define LOG_CRIT 2
#define LOG_ERR 3
#define LOG_WARNING 4
#define LOG_NOTICE 5
#define LOG_INFO 6
#define LOG_DEBUG 7
/* facility codes */
#define LOG_KERN (0<<3)
#define LOG_USER (1<<3)
#define LOG_DAEMON (3<<3)
/* flags for openlog */
#define LOG_PID 0x01
#define LOG_CONS 0x02
extern void openlog(const char *ident, int option, int facility);
extern void syslog(int priority, const char *fmt, ...)
__attribute__ ((__format__ (__printf__, 2, 3)));
extern void closelog (void);
#endif
#endif /* LIBCRYPTOCOMPAT_SYSLOG_H */

2
libcrypto.pc.in
View File

@@ -7,7 +7,7 @@ includedir=@includedir@
Name: LibreSSL-libssl
Description: Secure Sockets Layer and cryptography libraries
Version: @LIBCRYPTO_VERSION@
Version: @VERSION@
Requires:
Conflicts:
Libs: -L${libdir} -lcrypto

2
libssl.pc.in
View File

@@ -7,7 +7,7 @@ includedir=@includedir@
Name: LibreSSL-libssl
Description: Secure Sockets Layer and cryptography libraries
Version: @LIBSSL_VERSION@
Version: @VERSION@
Requires:
Requires.private: libcrypto
Conflicts:

0
AUTHORS → libtls-standalone/AUTHORS
View File

13
libtls-standalone/COPYING Normal file
View File

@@ -0,0 +1,13 @@
libtls is ISC licensed as per OpenBSD's normal licensing policy.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

0
NEWS → libtls-standalone/ChangeLog
View File

7
libtls-standalone/Makefile.am Normal file
View File

@@ -0,0 +1,7 @@
SUBDIRS = include compat src tests man
ACLOCAL_AMFLAGS = -I m4
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libtls.pc
EXTRA_DIST = README VERSION

0
libtls-standalone/NEWS Normal file
View File

0
libtls-standalone/README Normal file
View File

45
libtls-standalone/compat/Makefile.am Normal file
View File

@@ -0,0 +1,45 @@
#
# Copyright (c) 2014-2015 Brent Cook
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src
noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
# compatibility functions that need to be built without optimizations
libcompatnoopt_la_CFLAGS = -O0
libcompatnoopt_la_SOURCES =
if !HAVE_EXPLICIT_BZERO
libcompatnoopt_la_SOURCES += explicit_bzero.c
endif
# other compatibility functions
libcompat_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
libcompat_la_SOURCES =
libcompat_la_LIBADD = $(PLATFORM_LDADD)
if !HAVE_ASPRINTF
libcompat_la_SOURCES += bsd-asprintf.c
endif
if !HAVE_STRLCPY
libcompat_la_SOURCES += strlcpy.c
endif
if !HAVE_STRSEP
libcompat_la_SOURCES += strsep.c
endif
include Makefile.am.arc4random

52
libtls-standalone/configure.ac Normal file
View File

@@ -0,0 +1,52 @@
# Copyright (c) 2014-2015 Brent Cook
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([libtls], m4_esyscmd([tr -d '\n' < VERSION]))
AC_SUBST([LIBTLS_VERSION], m4_esyscmd([sed -e 's/\./:/g' VERSION | tr -d '\n']))
AC_CANONICAL_HOST
AM_INIT_AUTOMAKE([subdir-objects])
AC_CONFIG_MACRO_DIR([m4])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
# This must be called before AC_PROG_CC
USER_CFLAGS="$CFLAGS"
AC_PROG_CC
AC_PROG_CC_STDC
AM_PROG_CC_C_O
AC_PROG_LIBTOOL
LT_INIT
CHECK_OS_OPTIONS
CHECK_C_HARDENING_OPTIONS
DISABLE_COMPILER_WARNINGS
CHECK_LIBC_COMPAT
CHECK_LIBC_CRYPTO_COMPAT
AC_CONFIG_FILES([
Makefile
include/Makefile
compat/Makefile
man/Makefile
src/Makefile
tests/Makefile
libtls.pc
])
AC_OUTPUT

5
libtls-standalone/include/Makefile.am Normal file
View File

@@ -0,0 +1,5 @@
noinst_HEADERS = stdlib.h
noinst_HEADERS += string.h
noinst_HEADERS += unistd.h
include_HEADERS = tls.h

86
libtls-standalone/include/string.h Normal file
View File

@@ -0,0 +1,86 @@
/*
* Public domain
* string.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_STRING_H
#define LIBCRYPTOCOMPAT_STRING_H
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/string.h>
#else
#include <../include/string.h>
#endif
#else
#include_next <string.h>
#endif
#include <sys/types.h>
#if defined(__sun) || defined(__hpux)
/* Some functions historically defined in string.h were placed in strings.h by
* SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris and HPUX.
*/
#include <strings.h>
#endif
#ifndef HAVE_STRCASECMP
int strcasecmp(const char *s1, const char *s2);
int strncasecmp(const char *s1, const char *s2, size_t len);
#endif
#ifndef HAVE_STRLCPY
size_t strlcpy(char *dst, const char *src, size_t siz);
#endif
#ifndef HAVE_STRLCAT
size_t strlcat(char *dst, const char *src, size_t siz);
#endif
#ifndef HAVE_STRNDUP
char * strndup(const char *str, size_t maxlen);
/* the only user of strnlen is strndup, so only build it if needed */
#ifndef HAVE_STRNLEN
size_t strnlen(const char *str, size_t maxlen);
#endif
#endif
#ifndef HAVE_STRSEP
char *strsep(char **stringp, const char *delim);
#endif
#ifndef HAVE_EXPLICIT_BZERO
void explicit_bzero(void *, size_t);
#endif
#ifndef HAVE_TIMINGSAFE_BCMP
int timingsafe_bcmp(const void *b1, const void *b2, size_t n);
#endif
#ifndef HAVE_TIMINGSAFE_MEMCMP
int timingsafe_memcmp(const void *b1, const void *b2, size_t len);
#endif
#ifndef HAVE_MEMMEM
void * memmem(const void *big, size_t big_len, const void *little,
size_t little_len);
#endif
#ifdef _WIN32
#include <errno.h>
static inline char *
posix_strerror(int errnum)
{
if (errnum == ECONNREFUSED) {
return "Connection refused";
}
return strerror(errnum);
}
#define strerror(errnum) posix_strerror(errnum)
#endif
#endif

16
libtls-standalone/libtls.pc.in Normal file
View File

@@ -0,0 +1,16 @@
#libtls pkg-config source file
prefix=@prefix@
exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@
Name: LibreSSL-libtls
Description: Secure communications using the TLS socket protocol.
Version: @LIBTLS_VERSION@
Requires:
Requires.private: libcrypto libssl
Conflicts:
Libs: -L${libdir} -ltls
Libs.private: @LIBS@ -lcrypto -lssl
Cflags: -I${includedir}

16
libtls-standalone/src/Makefile.am Normal file
View File

@@ -0,0 +1,16 @@
AM_CFLAGS = -I$(top_srcdir)/include
lib_LTLIBRARIES = libtls.la
libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined
libtls_la_LIBADD = -lcrypto -lssl -lcrypto $(PLATFORM_LDADD)
libtls_la_LIBADD += $(top_builddir)/compat/libcompat.la
libtls_la_LIBADD += $(top_builddir)/compat/libcompatnoopt.la
libtls_la_SOURCES = tls.c
libtls_la_SOURCES += tls_client.c
libtls_la_SOURCES += tls_config.c
libtls_la_SOURCES += tls_server.c
libtls_la_SOURCES += tls_util.c
libtls_la_SOURCES += tls_verify.c
noinst_HEADERS = tls_internal.h

7
libtls-standalone/tests/Makefile.am Normal file
View File

@@ -0,0 +1,7 @@
AM_CFLAGS = -I$(top_srcdir)/include
check_PROGRAMS = test
TESTS = test
test_SOURCES = test.c
test_LDADD = -lcrypto -lssl $(top_builddir)/src/libtls.la

51
libtls-standalone/tests/test.c Normal file
View File

@@ -0,0 +1,51 @@
#include <stdio.h>
#include <tls.h>
int main()
{
struct tls *tls;
struct tls_config *tls_config;
size_t written, read;
char buf[4096];
if (tls_init() != 0) {
fprintf(stderr, "tls_init failed");
return 1;
}
if ((tls = tls_client()) == NULL)
goto err;
if ((tls_config = tls_config_new()) == NULL)
goto err;
if (tls_config_set_ciphers(tls_config, "compat") != 0)
goto err;
tls_config_insecure_noverifycert(tls_config);
tls_config_insecure_noverifyname(tls_config);
if (tls_configure(tls, tls_config) != 0)
goto err;
if (tls_connect(tls, "google.com", "443") != 0)
goto err;
if (tls_write(tls, "GET /\r\n", 7, &written) != 0)
goto err;
if (tls_read(tls, buf, sizeof(buf), &read) != 0)
goto err;
buf[read - 1] = '\0';
puts(buf);
if (tls_close(tls) != 0)
goto err;
return 0;
err:
fprintf(stderr, "%s\n", tls_error(tls));
return 1;
}

2
libtls.pc.in
View File

@@ -7,7 +7,7 @@ includedir=@includedir@
Name: LibreSSL-libtls
Description: Secure communications using the TLS socket protocol.
Version: @LIBTLS_VERSION@
Version: @VERSION@
Requires:
Requires.private: libcrypto libssl
Conflicts:

109
m4/check-hardening-options.m4 Normal file
View File

@@ -0,0 +1,109 @@
AC_DEFUN([CHECK_CFLAG], [
AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $saved_CC supports "$1"])
old_cflags="$CFLAGS"
CFLAGS="$1 -Wall -Werror"
AC_TRY_LINK([
#include <stdio.h>
],
[printf("Hello")],
AC_MSG_RESULT([yes])
CFLAGS=$old_cflags
HARDEN_CFLAGS="$HARDEN_CFLAGS $1",
AC_MSG_RESULT([no])
CFLAGS=$old_cflags
[$2])
])
AC_DEFUN([CHECK_LDFLAG], [
AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $saved_LD supports "$1"])
old_ldflags="$LDFLAGS"
LDFLAGS="$1 -Wall -Werror"
AC_TRY_LINK([
#include <stdio.h>
],
[printf("Hello")],
AC_MSG_RESULT([yes])
LDFLAGS=$old_ldflags
HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1",
AC_MSG_RESULT([no])
LDFLAGS=$old_ldflags
[$2])
])
AC_DEFUN([DISABLE_AS_EXECUTABLE_STACK], [
save_cflags="$CFLAGS"
CFLAGS=
AC_MSG_CHECKING([whether AS supports .note.GNU-stack])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
__asm__(".section .note.GNU-stack,\"\",@progbits");]])],
[AC_MSG_RESULT([yes])]
[AM_CFLAGS=-DHAVE_GNU_STACK],
[AC_MSG_RESULT([no])]
)
CFLAGS="$save_cflags $AM_CFLAGS"
])
AC_DEFUN([CHECK_C_HARDENING_OPTIONS], [
AC_ARG_ENABLE([hardening],
[AS_HELP_STRING([--disable-hardening],
[Disable options to frustrate memory corruption exploits])],
[], [enable_hardening=yes])
AC_ARG_ENABLE([windows-ssp],
[AS_HELP_STRING([--enable-windows-ssp],
[Enable building the stack smashing protection on
Windows. This currently distributing libssp-0.dll.])])
# We want to check for compiler flag support. Prior to clang v5.1, there was no
# way to make clang's "argument unused" warning fatal. So we invoke the
# compiler through a wrapper script that greps for this message.
saved_CC="$CC"
saved_LD="$LD"
flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
CC="$flag_wrap $CC"
LD="$flag_wrap $LD"
AS_IF([test "x$enable_hardening" = "xyes"], [
# Tell GCC to NOT optimize based on signed arithmetic overflow
CHECK_CFLAG([[-fno-strict-overflow]])
# _FORTIFY_SOURCE replaces builtin functions with safer versions.
CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
# Enable read only relocations
CHECK_LDFLAG([[-Wl,-z,relro]])
CHECK_LDFLAG([[-Wl,-z,now]])
# Windows security flags
AS_IF([test "x$HOST_OS" = "xwin"], [
CHECK_LDFLAG([[-Wl,--nxcompat]])
CHECK_LDFLAG([[-Wl,--dynamicbase]])
CHECK_LDFLAG([[-Wl,--high-entropy-va]])
])
# Use stack-protector-strong if available; if not, fallback to
# stack-protector-all which is considered to be overkill
AS_IF([test "x$enable_windows_ssp" = "xyes" -o "x$HOST_OS" != "xwin"], [
CHECK_CFLAG([[-fstack-protector-strong]],
CHECK_CFLAG([[-fstack-protector-all]],
AC_MSG_WARN([compiler does not appear to support stack protection])
)
)
AS_IF([test "x$HOST_OS" = "xwin"], [
AC_SEARCH_LIBS([__stack_chk_guard],[ssp])
])
])
])
# Restore CC, LD
CC="$saved_CC"
LD="$saved_LD"
CFLAGS="$CFLAGS $HARDEN_CFLAGS"
LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
])

66
m4/check-libc.m4 Normal file
View File

@@ -0,0 +1,66 @@
AC_DEFUN([CHECK_LIBC_COMPAT], [
# Check for general libc functions
AC_CHECK_FUNCS([asprintf inet_pton memmem poll reallocarray])
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
AM_CONDITIONAL([HAVE_INET_PTON], [test "x$ac_cv_func_inet_pton" = xyes])
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
])
AC_DEFUN([CHECK_LIBC_CRYPTO_COMPAT], [
# Check crypto-related libc functions
AC_CHECK_FUNCS([arc4random_buf explicit_bzero getauxval getentropy])
AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
# Override arc4random_buf implementations with known issues
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
[test "x$HOST_OS" != xdarwin \
-a "x$HOST_OS" != xfreebsd \
-a "x$HOST_OS" != xnetbsd \
-a "x$ac_cv_func_arc4random_buf" = xyes])
# Check for getentropy fallback dependencies
AC_CHECK_FUNC([getauxval])
AC_CHECK_FUNC([clock_gettime],, [AC_SEARCH_LIBS([clock_gettime],[rt posix4])])
AC_CHECK_FUNC([dl_iterate_phdr],, [AC_SEARCH_LIBS([dl_iterate_phdr],[dl])])
])
AC_DEFUN([CHECK_VA_COPY], [
AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <stdarg.h>
va_list x,y;
]], [[ va_copy(x,y); ]])],
[ ac_cv_have_va_copy="yes" ],
[ ac_cv_have_va_copy="no"
])
])
if test "x$ac_cv_have_va_copy" = "xyes" ; then
AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
fi
AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <stdarg.h>
va_list x,y;
]], [[ __va_copy(x,y); ]])],
[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
])
])
if test "x$ac_cv_have___va_copy" = "xyes" ; then
AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
fi
])

77
m4/check-os-options.m4 Normal file
View File

@@ -0,0 +1,77 @@
# This must be called before AC_PROG_CC
AC_DEFUN([CHECK_OS_OPTIONS], [
CFLAGS="$CFLAGS -Wall -std=gnu99 -fno-strict-aliasing"
case $host_os in
*aix*)
HOST_OS=aix
if test "`echo $CC | cut -d ' ' -f 1`" != "gcc" ; then
CFLAGS="-qnoansialias $USER_CFLAGS"
fi
AC_SUBST([PLATFORM_LDADD], ['-lperfstat -lpthread'])
;;
*cygwin*)
HOST_OS=cygwin
;;
*darwin*)
HOST_OS=darwin
HOST_ABI=macosx
;;
*freebsd*)
HOST_OS=freebsd
HOST_ABI=elf
AC_SUBST([PROG_LDADD], ['-lthr'])
;;
*hpux*)
HOST_OS=hpux;
if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then
CFLAGS="$CFLAGS -mlp64"
else
CFLAGS="-g -O2 +DD64 +Otype_safety=off $USER_CFLAGS"
fi
CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
AC_SUBST([PLATFORM_LDADD], ['-lpthread'])
;;
*linux*)
HOST_OS=linux
HOST_ABI=elf
CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
;;
*netbsd*)
HOST_OS=netbsd
CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
;;
*openbsd* | *bitrig*)
HOST_ABI=elf
AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
;;
*mingw*)
HOST_OS=win
CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501"
CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED"
CFLAGS="$CFLAGS -static-libgcc"
LDFLAGS="$LDFLAGS -static-libgcc"
AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
;;
*solaris*)
HOST_OS=solaris
HOST_ABI=elf
CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
;;
*) ;;
esac
AM_CONDITIONAL([HOST_AIX], [test x$HOST_OS = xaix])
AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin])
AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin])
AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
AM_CONDITIONAL([HOST_HPUX], [test x$HOST_OS = xhpux])
AM_CONDITIONAL([HOST_LINUX], [test x$HOST_OS = xlinux])
AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd])
AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
AM_CONDITIONAL([HOST_WIN], [test x$HOST_OS = xwin])
])

29
m4/disable-compiler-warnings.m4 Normal file
View File

@@ -0,0 +1,29 @@
AC_DEFUN([DISABLE_COMPILER_WARNINGS], [
# Clang throws a lot of warnings when it does not understand a flag. Disable
# this warning for now so other warnings are visible.
AC_MSG_CHECKING([if compiling with clang])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
#ifndef __clang__
not clang
#endif
]])],
[CLANG=yes],
[CLANG=no]
)
AC_MSG_RESULT([$CLANG])
AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments])
CFLAGS="$CFLAGS $CLANG_FLAGS"
LDFLAGS="$LDFLAGS $CLANG_FLAGS"
# Removing the dependency on -Wno-pointer-sign should be a goal. These are
# largely unsigned char */char* mismatches in asn1 functions.
save_cflags="$CFLAGS"
CFLAGS=-Wno-pointer-sign
AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[AM_CFLAGS=-Wno-pointer-sign],
[AC_MSG_RESULT([no])]
)
CFLAGS="$save_cflags $AM_CFLAGS"
])

9
man/CMakeLists.txt Normal file
View File

@@ -0,0 +1,9 @@
install(DIRECTORY .
DESTINATION share/man/man3
FILES_MATCHING PATTERN "*.3"
)
install(DIRECTORY .
DESTINATION share/man/man1
FILES_MATCHING PATTERN "*.1"
)

2
man/Makefile.am.tpl
View File

@@ -1,2 +0,0 @@
include $(top_srcdir)/Makefile.am.common
dist_man_MANS=

2206
man/links
View File

File diff suppressed because it is too large Load Diff

18
man/update_links.sh Executable file
View File

@@ -0,0 +1,18 @@
#!/bin/sh
# Run this periodically to ensure that the manpage links are up to date
echo "# This is an auto-generated file by $0" > links
sudo makewhatis
for i in `ls -1 *.3`; do
name=`echo $i|cut -d. -f1`
links=`sqlite3 /usr/share/man/mandoc.db \
"select names.name from mlinks,names where mlinks.name='$name' and mlinks.pageid=names.pageid;"`
for j in $links; do
a=`echo "x$j" | tr '[:upper:]' '[:lower:]'`
b=`echo "x$name" | tr '[:upper:]' '[:lower:]'`
if [ $a != $b ]; then
echo $name.3,$j.3 >> links
fi
done
done

15
patches/arc4random.c.patch Normal file
View File

@@ -0,0 +1,15 @@
--- crypto/compat/arc4random.c.orig 2015-07-20 07:41:17.000000000 -0600
+++ crypto/compat/arc4random.c 2015-07-20 07:41:58.000000000 -0600
@@ -36,8 +36,11 @@
#define KEYSTREAM_ONLY
#include "chacha_private.h"
+#ifndef min
#define min(a, b) ((a) < (b) ? (a) : (b))
-#ifdef __GNUC__
+#endif
+
+#if defined(__GNUC__) || defined(_MSC_VER)
#define inline __inline
#else /* !__GNUC__ */
#define inline

40
patches/openssl.c.patch Normal file
View File

@@ -0,0 +1,40 @@
--- apps/openssl.c.orig 2015-07-20 02:01:42.000000000 -0600
+++ apps/openssl.c 2015-07-20 02:02:00.000000000 -0600
@@ -130,6 +130,19 @@
#include <openssl/engine.h>
#endif
+#ifdef _WIN32
+#include <io.h>
+#include <fcntl.h>
+static void set_stdio_binary(void)
+{
+ _setmode(_fileno(stdin), _O_BINARY);
+ _setmode(_fileno(stdout), _O_BINARY);
+ _setmode(_fileno(stderr), _O_BINARY);
+}
+#else
+static void set_stdio_binary(void) {};
+#endif
+
#include "progs.h"
#include "s_apps.h"
@@ -204,7 +216,9 @@
static void
openssl_startup(void)
{
+#ifndef _WIN32
signal(SIGPIPE, SIG_IGN);
+#endif
CRYPTO_malloc_init();
OpenSSL_add_all_algorithms();
@@ -216,6 +230,7 @@
#endif
setup_ui_method();
+ set_stdio_binary();
}
static void

13
patches/opensslconf.h.patch Normal file
View File

@@ -0,0 +1,13 @@
--- include/openssl/opensslconf.h.orig 2015-07-19 23:21:47.000000000 -0600
+++ include/openssl/opensslconf.h 2015-07-19 23:21:17.000000000 -0600
@@ -1,6 +1,10 @@
#include <openssl/opensslfeatures.h>
/* crypto/opensslconf.h.in */
+#if defined(_MSC_VER) && !defined(__attribute__)
+#define __attribute__(a)
+#endif
+
/* Generate 80386 code? */
#undef I386_ONLY

25
patches/ossl_typ.h.patch Normal file
View File

@@ -0,0 +1,25 @@
--- include/openssl/ossl_typ.h.orig 2015-07-06 13:21:18.788571423 -0700
+++ include/openssl/ossl_typ.h 2015-07-06 13:24:14.906468003 -0700
@@ -100,6 +100,22 @@
typedef struct ASN1_ITEM_st ASN1_ITEM;
typedef struct asn1_pctx_st ASN1_PCTX;
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef X509_NAME
+#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#undef PKCS7_ISSUER_AND_SERIAL
+#endif
+
#ifdef BIGNUM
#undef BIGNUM
#endif

21
patches/pkcs7.h.patch Normal file
View File

@@ -0,0 +1,21 @@
--- include/openssl/pkcs7.h.orig 2015-07-06 13:26:27.369203527 -0700
+++ include/openssl/pkcs7.h 2015-07-06 13:27:37.637051967 -0700
@@ -69,6 +69,18 @@
extern "C" {
#endif
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef PKCS7_ISSUER_AND_SERIAL
+#undef PKCS7_SIGNER_INFO
+#endif
+
/*
Encryption_ID DES-CBC
Digest_ID MD5

22
patches/x509.h.patch Normal file
View File

@@ -0,0 +1,22 @@
--- include/openssl/x509.h.orig 2015-07-06 13:15:15.059306046 -0700
+++ include/openssl/x509.h 2015-07-06 13:16:10.506118278 -0700
@@ -112,6 +112,19 @@
extern "C" {
#endif
+#if defined(_WIN32)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef X509_NAME
+#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
+#endif
+
#define X509_FILETYPE_PEM 1
#define X509_FILETYPE_ASN1 2
#define X509_FILETYPE_DEFAULT 3

27
scripts/travis
View File

@@ -4,12 +4,29 @@ set -e
./autogen.sh
if [ "x$ARCH" = "xnative" ]; then
./configure --enable-libtls
# test autotools
./configure
make -j 4 check
# make distribution
make dist
tar zxvf libressl-*.tar.gz
cd libressl-*
mkdir build
cd build
# test cmake and ninja
if [ `uname` = "Darwin" ]; then
# OS X runs out of resources if we run 'make -j check'
make check
cmake ..
make
else
make -j distcheck
sudo apt-get update
sudo apt-get install -y python-software-properties
sudo apt-add-repository -y ppa:kalakris/cmake
sudo apt-get update
sudo apt-get install -y cmake ninja-build
cmake -GNinja ..
ninja
fi
else
CPU=i686
@@ -28,6 +45,6 @@ else
export PATH=$PATH:/opt/$ARCH/bin
fi
./configure --host=$CPU-w64-mingw32 --enable-libtls
./configure --host=$CPU-w64-mingw32
make -j
fi

65
ssl/CMakeLists.txt Normal file
View File

@@ -0,0 +1,65 @@
include_directories(
.
../include
../include/compat
)
set(
SSL_SRC
bio_ssl.c
bs_ber.c
bs_cbb.c
bs_cbs.c
d1_both.c
d1_clnt.c
d1_enc.c
d1_lib.c
d1_meth.c
d1_pkt.c
d1_srtp.c
d1_srvr.c
pqueue.c
s23_clnt.c
s23_lib.c
s23_meth.c
s23_pkt.c
s23_srvr.c
s3_both.c
s3_cbc.c
s3_clnt.c
s3_enc.c
s3_lib.c
s3_meth.c
s3_pkt.c
s3_srvr.c
ssl_algs.c
ssl_asn1.c
ssl_cert.c
ssl_ciph.c
ssl_err.c
ssl_err2.c
ssl_lib.c
ssl_rsa.c
ssl_sess.c
ssl_stat.c
ssl_txt.c
t1_clnt.c
t1_enc.c
t1_lib.c
t1_meth.c
t1_reneg.c
t1_srvr.c
)
if (BUILD_SHARED)
add_library(ssl-objects OBJECT ${SSL_SRC})
add_library(ssl STATIC $<TARGET_OBJECTS:ssl-objects>)
add_library(ssl-shared SHARED $<TARGET_OBJECTS:ssl-objects>)
set_target_properties(ssl-shared PROPERTIES OUTPUT_NAME ssl)
set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION}
SOVERSION ${SSL_MAJOR_VERSION})
install(TARGETS ssl ssl-shared DESTINATION lib)
else()
add_library(ssl STATIC ${SSL_SRC})
install(TARGETS ssl DESTINATION lib)
endif()

2
ssl/Makefile.am
View File

@@ -3,9 +3,9 @@ include $(top_srcdir)/Makefile.am.common
lib_LTLIBRARIES = libssl.la
EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined
libssl_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
libssl_la_LIBADD = ../crypto/libcrypto.la
libssl_la_SOURCES = bio_ssl.c

Some files were not shown because too many files have changed in this diff Show More