generic-library/libreSSL
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: generic-library:v2.2.0
Branches Tags
generic-library:main generic-library:OPENBSD_6_2 generic-library:OPENBSD_6_1 generic-library:OPENBSD_6_0 generic-library:OPENBSD_5_9 generic-library:OPENBSD_5_8 generic-library:OPENBSD_5_7 generic-library:OPENBSD_5_6
generic-library:v2.6.4 generic-library:v2.6.3 generic-library:v2.6.2 generic-library:v2.6.1 generic-library:v2.6.0 generic-library:v2.5.5 generic-library:v2.5.4 generic-library:v2.5.3 generic-library:v2.5.2 generic-library:v2.5.1 generic-library:v2.4.5 generic-library:v2.3.10 generic-library:v2.3.9 generic-library:v2.4.4 generic-library:v2.5.0 generic-library:v2.3.8 generic-library:v2.4.3 generic-library:v2.3.7 generic-library:v2.4.2 generic-library:v2.4.1 generic-library:v2.3.6 generic-library:v2.2.9 generic-library:v2.4.0 generic-library:v2.3.5 generic-library:v2.2.8 generic-library:v2.2.7 generic-library:v2.3.4 generic-library:v2.3.3 generic-library:v2.1.10 generic-library:v2.2.6 generic-library:v2.3.2 generic-library:v2.2.5 generic-library:v2.1.9 generic-library:v2.3.1 generic-library:v2.0.6 generic-library:v2.1.8 generic-library:v2.2.4 generic-library:v2.3.0 generic-library:v2.2.3 generic-library:v2.2.2 generic-library:v2.2.1 generic-library:v2.2.0 generic-library:v2.1.7 generic-library:v2.1.6 generic-library:v2.1.5 generic-library:v2.1.4 generic-library:v2.1.3 generic-library:v2.1.2
..
compare: generic-library:v2.1.10
Branches Tags
generic-library:OPENBSD_6_2 generic-library:main generic-library:OPENBSD_6_1 generic-library:OPENBSD_6_0 generic-library:OPENBSD_5_9 generic-library:OPENBSD_5_8 generic-library:OPENBSD_5_7 generic-library:OPENBSD_5_6
generic-library:v2.6.4 generic-library:v2.6.3 generic-library:v2.6.2 generic-library:v2.6.1 generic-library:v2.6.0 generic-library:v2.5.5 generic-library:v2.5.4 generic-library:v2.5.3 generic-library:v2.5.2 generic-library:v2.5.1 generic-library:v2.4.5 generic-library:v2.3.10 generic-library:v2.3.9 generic-library:v2.4.4 generic-library:v2.5.0 generic-library:v2.3.8 generic-library:v2.4.3 generic-library:v2.3.7 generic-library:v2.4.2 generic-library:v2.4.1 generic-library:v2.3.6 generic-library:v2.2.9 generic-library:v2.4.0 generic-library:v2.3.5 generic-library:v2.2.8 generic-library:v2.2.7 generic-library:v2.3.4 generic-library:v2.3.3 generic-library:v2.1.10 generic-library:v2.2.6 generic-library:v2.3.2 generic-library:v2.2.5 generic-library:v2.1.9 generic-library:v2.3.1 generic-library:v2.0.6 generic-library:v2.1.8 generic-library:v2.2.4 generic-library:v2.3.0 generic-library:v2.2.3 generic-library:v2.2.2 generic-library:v2.2.1 generic-library:v2.2.0 generic-library:v2.1.7 generic-library:v2.1.6 generic-library:v2.1.5 generic-library:v2.1.4 generic-library:v2.1.3 generic-library:v2.1.2

11 Commits
v2.2.0 ... v2.1.10

Author SHA1 Message Date
Brent Cook
20323ee367 update for 2.1.10 2016-01-28 12:28:22 -06:00
Brent Cook
5b093cd0c8 update version and changelog for 2.1.9 2015-12-05 13:13:12 -06:00
Brent Cook
6494230957 update for 2.1.8 2015-10-15 16:16:13 -05:00
Brent Cook
ce063e4989 2.1.7 security update 2015-06-11 09:00:29 -05:00
Brent Cook
89c5dc6bcf update changelog for 2.1.6 2015-03-19 01:13:01 -05:00
Brent Cook
2a7498cc7f bump version to 2.1.6 2015-03-19 00:40:37 -05:00
Brent Cook
f705e901a5 enable libtls by default 
The API/ABI for the LibreSSL 2.1.x series is now fixed, so we can safely
enable libtls it by default. This is useful for new OpenNTPD and
OpenSMTPD releases as well.

ok deraadt@ beck@ sthen@
 2015-03-19 00:40:26 -05:00
Brent Cook
13034da4d8 expand on changelog 2015-03-09 07:22:18 -05:00
Brent Cook
58f869bfd5 use correct patch level 2015-03-09 07:11:28 -05:00
Brent Cook
1eea14957d clarify 2.1.5 release note 
Specify that we are rejecting server ephemeral DH keys < 1024 bits.
 2015-03-08 22:34:48 -05:00
Brent Cook
44d308df41 track the OPENBSD_5_7 tag 2015-03-08 22:04:14 -05:00
58 changed files with 1954 additions and 3182 deletions
Expand all files Collapse all files

159
.gitignore vendored
View File

@@ -58,38 +58,41 @@ tests/pbkdf2*
tests/*.pem tests/*.pem
tests/testssl tests/testssl
tests/*.txt tests/*.txt
!tests/optionstest.c
# ctags stuff # ctags stuff
TAGS TAGS
autom4te.cache ## The initial / makes these files only get ignored in particular directories.
/autom4te.cache
# Libtool adds these, at least sometimes # Libtool adds these, at least sometimes
INSTALL INSTALL
/COPYING /m4/libtool.m4
m4/l* /m4/ltoptions.m4
!m4/check*.m4 /m4/ltsugar.m4
/m4/ltversion.m4
/m4/lt~obsolete.m4
aclocal.m4 /aclocal.m4
compile /compile
doxygen /doxygen
config.guess /config.guess
config.log /config.log
config.status /config.status
config.sub /config.sub
configure /configure
depcomp /depcomp
config.h /config.h
config.h.in /config.h.in
install-sh /install-sh
libtool /libtool
ltmain.sh /ltmain.sh
missing /missing
stamp-h1 /stamp-h1
stamp-h2 /stamp-h2
include/openssl/Makefile.am include/openssl/Makefile.am
tests/Makefile.am
crypto/VERSION crypto/VERSION
ssl/VERSION ssl/VERSION
@@ -103,37 +106,97 @@ include/pqueue.h
include/tls.h include/tls.h
include/openssl/*.h include/openssl/*.h
include/openssl/*.he include/openssl/*.he
apps/*.h
apps/*.c
apps/openssl
apps/openssl.cnf
!apps/apps_win.c
!apps/poll_win.c
!apps/certhash_disabled.c
/apps/*.h crypto/compat/arc4random.c
/apps/*.c crypto/compat/chacha_private.h
/apps/openssl crypto/compat/explicit_bzero.c
/apps/openssl.cnf crypto/compat/getentropy_*.c
!/apps/apps_win.c crypto/compat/reallocarray.c
!/apps/poll_win.c crypto/compat/strlcat.c
!/apps/certhash_disabled.c crypto/compat/strlcpy.c
crypto/compat/strndup.c
/crypto crypto/compat/strnlen.c
!/crypto/Makefile.am.* crypto/compat/timingsafe_bcmp.c
!/crypto/compat/arc4random.h crypto/compat/timingsafe_memcmp.c
!/crypto/compat/b_win.c crypto/compat/arc4random_*.h
!/crypto/compat/posix_win.c
!/crypto/compat/bsd_asprintf.c
!/crypto/compat/ui_openssl_win.c
/libtls-standalone/include/*.h
/libtls-standalone/src/*.c
/libtls-standalone/src/*.h
/libtls-standalone/src
/libtls-standalone/compat
!/libtls-standalone/compat/Makefile.am
/libtls-standalone/VERSION
/libtls-standalone/m4
/libtls-standalone/man
crypto/aes/
crypto/asn1/
crypto/bf/
crypto/bio/
crypto/bn/
crypto/buffer/
crypto/camellia/
crypto/cast/
crypto/camellia/
crypto/chacha/
crypto/cmac/
crypto/comp/
crypto/conf/
crypto/cpt_err.c
crypto/cryptlib.c
crypto/cryptlib.h
crypto/cversion.c
crypto/des/
crypto/dh/
crypto/dsa/
crypto/dso/
crypto/ec/
crypto/ecdh/
crypto/ecdsa/
crypto/engine/
crypto/err/
crypto/evp/
crypto/ex_data.c
crypto/gost/
crypto/hmac/
crypto/idea/
crypto/krb5/
crypto/lhash/
crypto/malloc-wrapper.c
crypto/md32_common.h
crypto/md4/
crypto/md5/
crypto/mdc2/
crypto/mem_clr.c
crypto/mem_dbg.c
crypto/modes/
crypto/o_init.c
crypto/o_str.c
crypto/o_time.c
crypto/o_time.h
crypto/objects
crypto/ocsp/
crypto/pem/
crypto/pkcs12/
crypto/pkcs7/
crypto/poly1305/
crypto/pqueue/
crypto/rand/
crypto/rc2/
crypto/rc4/
crypto/ripemd/
crypto/rsa/
crypto/sha/
crypto/stack/
crypto/ts/
crypto/txt_db/
crypto/ui/
crypto/whrlpool/
crypto/x509/
crypto/x509v3/
openbsd/ openbsd/
*.tar.gz *.tar.gz
apps/*.1* apps/*.1*
man/*.3 man/*.3
man/*.1 man/*.1
man/Makefile.am man/Makefile.am
.gitmodules
COPYING

37
ChangeLog
View File

@@ -31,27 +31,36 @@ LibreSSL Portable Release Notes:
This release primarily addresses a number of security issues in coordination This release primarily addresses a number of security issues in coordination
with the OpenSSL project. with the OpenSSL project.
2.2.0 - Build cleanups and new OS support, Security Updates 2.1.10
* AIX Support - thanks to Michael Felt * Deprecated the SSL_OP_SINGLE_DH_USE flag
* Cygwin Support - thanks to Corinna Vinschen 2.1.9 - Reliability Update
* Refactored build macros, support packaging libtls independently. * Fixes from OpenSSL 1.0.1q
There are more pieces required to support building and using OpenSSL - CVE-2015-3194 - NULL pointer dereference in client side certificate
with libtls, but this is an initial start at providing an validation.
independent package for people to start hacking on. - CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL
* Removal of OPENSSL_issetugid and all library getenv calls. * The following OpenSSL CVEs did not apply to LibreSSL
Applications can and should no longer rely on environment variables - CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery squaring
for changing library behavior. OPENSSL_CONF/SSLEAY_CONF is still procedure.
supported with the openssl(1) command. - CVE-2015-3196 - Double free race condition of the identify hint data.
* libtls API and documentation additions See https://marc.info/?l=openbsd-announce&m=144925068504102
* Various bug fixes and simplifications to libssl and libcrypto 2.1.8 - Security Update
* Fixes for the following issues are integrated into LibreSSL 2.2.0: * Fixes for a memory leak and out-of-bounds access in OBJ_obj2txt
reported by Qualys Security.
- CVE-2015-5333 - memory leak in OBJ_obj2txt
- CVE-2015-5334 - 1-byte buffer overflow in OBJ_obj2txt
See http://www.openwall.com/lists/oss-security/2015/10/16/1
2.1.7 - Security Update
* Fixes for the following issues are integrated into LibreSSL 2.1.7:
- CVE-2015-1788 - Malformed ECParameters causes infinite loop - CVE-2015-1788 - Malformed ECParameters causes infinite loop
- CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time - CVE-2015-1789 - Exploitable out-of-bounds read in X509_cmp_time
- CVE-2015-1792 - CMS verify infinite loop with unknown hash function - CVE-2015-1792 - CMS verify infinite loop with unknown hash function

4
Makefile.am.common
View File

@@ -1,2 +1,2 @@
AM_CFLAGS = -I$(top_srcdir)/include AM_CPPFLAGS = -I$(top_srcdir)/include
AM_CPPFLAGS = -DLIBRESSL_INTERNAL AM_CPPFLAGS += -DLIBRESSL_INTERNAL

2
OPENBSD_BRANCH
View File

@@ -1 +1 @@
master OPENBSD_5_7

63
README
View File

@@ -1,42 +1,9 @@
This package is the official portable version of LibreSSL This package is the official portable version of LibreSSL
(http://www.libressl.org). (http://www.libressl.org).
LibreSSL is a fork of OpenSSL 1.0.1 developed by the OpenBSD project. LibreSSL is a fork of OpenSSL developed by the OpenBSD project
(http://www.openbsd.org). (http://www.openbsd.org). LibreSSL is developed on OpenBSD. This
package then adds portability shims for other operating systems.
Compatibility with OpenSSL:
LibreSSL is API compatible with OpenSSL 1.0.1, but does not yet include all
new APIs from OpenSSL 1.0.2 and later. LibreSSL also includes APIs not yet
present in OpenSSL. The current common API subset is OpenSSL 1.0.1.
LibreSSL it is not ABI compatible with any release of OpenSSL, or necessarily
earlier releases of LibreSSL. You will need to relink your programs to
LibreSSL in order to use it, just as in moving between major versions of OpenSSL.
LibreSSL's installed library version numbers are incremented to account for
ABI and API changes.
Compatibility with other operating systems:
While primarily developed on and taking advantage of APIs available on OpenBSD,
the LibreSSL portable project attempts to provide working alternatives for
other operating systems, and assists with improving OS-native implementations
where possible.
At the time of this writing, LibreSSL is know to build and work on:
- Linux (kernel 3.17 or later recommended)
- FreeBSD (tested with 9.2 and later)
- NetBSD (tested with 6.1.5)
- HP-UX (11i)
- Solaris (11 and later preferred)
- Mac OS X (tested with 10.8 and later)
- AIX (5.3 and later)
LibreSSL also supports the following Windows environments:
- Microsoft Windows (Vista or higher, x86 and x64)
- Wine (32-bit and 64-bit)
- Builds with Mingw-w64 and Cygwin
Official release tarballs are available at your friendly neighborhood Official release tarballs are available at your friendly neighborhood
OpenBSD mirror in directory LibreSSL, e.g.: OpenBSD mirror in directory LibreSSL, e.g.:
@@ -64,24 +31,20 @@ prepare the source tree for building:
or run './dist.sh' to prepare a tarball. or run './dist.sh' to prepare a tarball.
Once you have a source tree from Git or FTP, run these commands to build and Once you have a source tree from Git or FTP, run these commands to build and
install the package on most systems. install the package:
./configure # see ./configure --help for configuration options ./configure # see ./configure --help for configuration options
make check # runs builtin unit tests make check # runs builtin unit tests
make install # set DESTDIR= to install to an alternate location make install # set DESTDIR= to install to an alternate location
OS specific build information: The resulting library and 'openssl' utility is largely API-compatible with
OpenSSL 1.0.1. However, it is not ABI compatible - you will need to relink your
programs to LibreSSL in order to use it, just as in moving from OpenSSL 0.9.8
to 1.0.1.
- HP-UX (11i) The project attempts to provide working alternatives for operating systems with
Set the UNIX_STD environment variable to '2003' before running 'configure' limited or broken security primitives (e.g. arc4random(3), issetugid(2)) and
in order to build with the HP C/aC++ compiler. See the "standards(5)" man assists with improving OS-native implementations where possible.
page for more details.
export UNIX_STD=2003 LibreSSL portable will build on any reasonably modern version of Linux,
./configure Solaris, or OSX with a standards-compliant compiler and C library.
make
- Windows - Mingw-w64
LibreSSL builds against relatively recent versions of Mingw-w64, not to be
confused with the original mingw.org project. Mingw-w64 3.2 or later
should work. See README.windows for more information

6
README.windows
View File

@@ -36,7 +36,5 @@ cv2pdb to generate Visual Studio and windbg compatible debug files. cv2pdb is a
tool developed for the D language and can be found here: tool developed for the D language and can be found here:
https://github.com/rainers/cv2pdb https://github.com/rainers/cv2pdb
Pre-built Windows binaries are available with LibreSSL releases if you do not Pre-build Windows binaries are available with the LibreSSL release for your
have a mingw-w64 build environment. Mingw-w64 code is largely, but not 100%, convenience.
compatible with code built from Visual Studio. Notably, FILE * pointers cannot
be shared between code built for Mingw-w64 and Visual Studio.

2
VERSION
View File

@@ -1 +1 @@
2.2.0 2.1.10

1
apps/Makefile.am
View File

@@ -2,6 +2,7 @@ include $(top_srcdir)/Makefile.am.common
bin_PROGRAMS = openssl bin_PROGRAMS = openssl
openssl_CFLAGS = $(USER_CFLAGS)
openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
openssl_LDADD += $(top_builddir)/ssl/libssl.la openssl_LDADD += $(top_builddir)/ssl/libssl.la
openssl_LDADD += $(top_builddir)/crypto/libcrypto.la openssl_LDADD += $(top_builddir)/crypto/libcrypto.la

292
configure.ac
View File

@@ -1,17 +1,3 @@
# Copyright (c) 2014-2015 Brent Cook
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([libressl], m4_esyscmd([tr -d '\n' < VERSION])) AC_INIT([libressl], m4_esyscmd([tr -d '\n' < VERSION]))
AC_SUBST([LIBCRYPTO_VERSION], m4_esyscmd([tr -d '\n' < crypto/VERSION])) AC_SUBST([LIBCRYPTO_VERSION], m4_esyscmd([tr -d '\n' < crypto/VERSION]))
AC_SUBST([LIBSSL_VERSION], m4_esyscmd([tr -d '\n' < ssl/VERSION])) AC_SUBST([LIBSSL_VERSION], m4_esyscmd([tr -d '\n' < ssl/VERSION]))
@@ -23,36 +9,264 @@ AC_CONFIG_MACRO_DIR([m4])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])]) m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
# This must be saved before AC_PROG_CC AC_SUBST([USER_CFLAGS], "$CFLAGS")
USER_CFLAGS="$CFLAGS" CFLAGS="-Wall -std=gnu99 -g -O2"
case $host_os in
*darwin*)
HOST_OS=darwin
HOST_ABI=macosx
;;
*freebsd*)
HOST_OS=freebsd
HOST_ABI=elf
AC_SUBST([PROG_LDADD], ['-lthr'])
;;
*hpux*)
HOST_OS=hpux;
CFLAGS="$CFLAGS -mlp64 -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
AC_SUBST([PLATFORM_LDADD], ['-lpthread'])
;;
*linux*)
HOST_OS=linux
HOST_ABI=elf
CFLAGS="$CFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
;;
*netbsd*)
HOST_OS=netbsd
;;
*openbsd*)
HOST_ABI=elf
AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
;;
*mingw*)
HOST_OS=win
CFLAGS="$CFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600 -DOPENSSL_NO_SPEED -DNO_SYSLOG -D__USE_MINGW_ANSI_STDIO -static-libgcc"
LDFLAGS="$LDFLAGS -static-libgcc"
AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
;;
*solaris*)
HOST_OS=solaris
HOST_ABI=elf
CFLAGS="$CFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
;;
*) ;;
esac
AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin])
AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
AM_CONDITIONAL([HOST_HPUX], [test x$HOST_OS = xhpux])
AM_CONDITIONAL([HOST_LINUX], [test x$HOST_OS = xlinux])
AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd])
AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
AM_CONDITIONAL([HOST_WIN], [test x$HOST_OS = xwin])
AC_CHECK_FUNC([clock_gettime],,
[AC_SEARCH_LIBS([clock_gettime],[rt posix4])])
AC_CHECK_FUNC([dl_iterate_phdr],,
[AC_SEARCH_LIBS([dl_iterate_phdr],[dl])])
AC_PROG_CC AC_PROG_CC
AC_PROG_LIBTOOL
AC_PROG_CC_STDC AC_PROG_CC_STDC
AM_PROG_CC_C_O AM_PROG_CC_C_O
AC_PROG_LIBTOOL
LT_INIT
CHECK_OS_OPTIONS AC_MSG_CHECKING([if compiling with clang])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
#ifndef __clang__
not clang
#endif
]])],
[CLANG=yes],
[CLANG=no]
)
AC_MSG_RESULT([$CLANG])
AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments])
CHECK_C_HARDENING_OPTIONS # We want to check for compiler flag support. Prior to clang v5.1, there was no
# way to make clang's "argument unused" warning fatal. So we invoke the
# compiler through a wrapper script that greps for this message.
saved_CC="$CC"
saved_LD="$LD"
flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
CC="$flag_wrap $CC"
LD="$flag_wrap $LD"
DISABLE_AS_EXECUTABLE_STACK AC_ARG_ENABLE([hardening],
[AS_HELP_STRING([--disable-hardening],
[Disable options to frustrate memory corruption exploits])],
[], [enable_hardening=yes])
AC_ARG_ENABLE([windows-ssp],
[AS_HELP_STRING([--enable-windows-ssp],
[Enable building the stack smashing protection on
Windows. This currently distributing libssp-0.dll.])])
AC_DEFUN([CHECK_CFLAG], [
AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $saved_CC supports "$1"])
old_cflags="$CFLAGS"
CFLAGS="$1 -Wall -Werror"
AC_TRY_LINK([
#include <stdio.h>
],
[printf("Hello")],
AC_MSG_RESULT([yes])
CFLAGS=$old_cflags
HARDEN_CFLAGS="$HARDEN_CFLAGS $1",
AC_MSG_RESULT([no])
CFLAGS=$old_cflags
[$2])
])
AC_DEFUN([CHECK_LDFLAG], [
AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $saved_LD supports "$1"])
old_ldflags="$LDFLAGS"
LDFLAGS="$1 -Wall -Werror"
AC_TRY_LINK([
#include <stdio.h>
],
[printf("Hello")],
AC_MSG_RESULT([yes])
LDFLAGS=$old_ldflags
HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1",
AC_MSG_RESULT([no])
LDFLAGS=$old_ldflags
[$2])
])
AS_IF([test "x$enable_hardening" = "xyes"], [
# Tell GCC to NOT optimize based on signed arithmetic overflow
CHECK_CFLAG([[-fno-strict-overflow]])
# _FORTIFY_SOURCE replaces builtin functions with safer versions.
CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
# Enable read only relocations
CHECK_LDFLAG([[-Wl,-z,relro]])
CHECK_LDFLAG([[-Wl,-z,now]])
# Windows security flags
AS_IF([test "x$HOST_OS" = "xwin"], [
CHECK_LDFLAG([[-Wl,--nxcompat]])
CHECK_LDFLAG([[-Wl,--dynamicbase]])
CHECK_LDFLAG([[-Wl,--high-entropy-va]])
])
# Use stack-protector-strong if available; if not, fallback to
# stack-protector-all which is considered to be overkill
AS_IF([test "x$enable_windows_ssp" = "xyes" -o "x$HOST_OS" != "xwin"], [
CHECK_CFLAG([[-fstack-protector-strong]],
CHECK_CFLAG([[-fstack-protector-all]],
AC_MSG_WARN([compiler does not appear to support stack protection])
)
)
AS_IF([test "x$HOST_OS" = "xwin"], [
AC_SEARCH_LIBS([__stack_chk_guard],[ssp])
])
])
])
# Restore CC, LD
CC="$saved_CC"
LD="$saved_LD"
CFLAGS="$CFLAGS $HARDEN_CFLAGS"
LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
# Removing the dependency on -Wno-pointer-sign should be a goal
save_cflags="$CFLAGS"
CFLAGS=-Wno-pointer-sign
AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[AM_CFLAGS=-Wno-pointer-sign],
[AC_MSG_RESULT([no])]
)
CFLAGS="$save_cflags $AM_CFLAGS"
save_cflags="$CFLAGS"
CFLAGS=
AC_MSG_CHECKING([whether AS supports .note.GNU-stack])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
__asm__(".section .note.GNU-stack,\"\",@progbits");]])],
[AC_MSG_RESULT([yes])]
[AM_CFLAGS=-DHAVE_GNU_STACK],
[AC_MSG_RESULT([no])]
)
CFLAGS="$save_cflags $AM_CFLAGS"
AM_PROG_AS AM_PROG_AS
DISABLE_COMPILER_WARNINGS CFLAGS="$CFLAGS $CLANG_CFLAGS"
LDFLAGS="$LDFLAGS $CLANG_FLAGS"
# Check if the certhash command should be built AC_CHECK_FUNCS([arc4random_buf asprintf explicit_bzero funopen getauxval])
AC_CHECK_FUNCS([getentropy issetugid memmem poll reallocarray])
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
AC_CHECK_FUNCS([symlink]) AC_CHECK_FUNCS([symlink])
AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
# Share test results with automake
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
AM_CONDITIONAL([HAVE_ISSETUGID], [test "x$ac_cv_func_issetugid" = xyes])
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes]) AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes])
# Check if funopen exists # overrides for arc4random_buf implementations with known issues
AC_CHECK_FUNC([funopen]) AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
[test "x$HOST_OS" != xdarwin \
-a "x$HOST_OS" != xfreebsd \
-a "x$HOST_OS" != xnetbsd \
-a "x$ac_cv_func_arc4random_buf" = xyes])
CHECK_LIBC_COMPAT # overrides for issetugid implementations with known issues
CHECK_LIBC_CRYPTO_COMPAT AM_CONDITIONAL([HAVE_ISSETUGID],
CHECK_VA_COPY [test "x$HOST_OS" != xdarwin \
-a "x$ac_cv_func_issetugid" = xyes])
AC_CHECK_HEADERS([err.h]) AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <stdarg.h>
va_list x,y;
]], [[ va_copy(x,y); ]])],
[ ac_cv_have_va_copy="yes" ],
[ ac_cv_have_va_copy="no"
])
])
if test "x$ac_cv_have_va_copy" = "xyes" ; then
AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
fi
AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <stdarg.h>
va_list x,y;
]], [[ __va_copy(x,y); ]])],
[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
])
])
if test "x$ac_cv_have___va_copy" = "xyes" ; then
AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
fi
AC_CHECK_HEADERS([sys/sysctl.h err.h])
AC_ARG_WITH([openssldir], AC_ARG_WITH([openssldir],
AS_HELP_STRING([--with-openssldir], AS_HELP_STRING([--with-openssldir],
@@ -66,13 +280,12 @@ AC_ARG_WITH([enginesdir],
AC_DEFINE_UNQUOTED(ENGINESDIR, "$withval") AC_DEFINE_UNQUOTED(ENGINESDIR, "$withval")
) )
AC_ARG_ENABLE([extratests], AC_ARG_ENABLE([asm],
AS_HELP_STRING([--enable-extratests], [Enable extra tests that may be unreliable on some platforms])) AS_HELP_STRING([--disable-asm], [Disable assembly]))
AM_CONDITIONAL([ENABLE_EXTRATESTS], [test "x$enable_extratests" = xyes]) AM_CONDITIONAL([OPENSSL_NO_ASM], [test "x$enable_asm" = "xno"])
# Add CPU-specific alignment flags
old_cflags=$CFLAGS old_cflags=$CFLAGS
CFLAGS="$CFLAGS -I$srcdir/include" CFLAGS="$USER_CFLAGS -I$srcdir/include"
AC_MSG_CHECKING([if BSWAP4 builds without __STRICT_ALIGNMENT]) AC_MSG_CHECKING([if BSWAP4 builds without __STRICT_ALIGNMENT])
AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"], AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"],
[int a = 0; BSWAP4(a);], [int a = 0; BSWAP4(a);],
@@ -84,24 +297,21 @@ CFLAGS="$old_cflags"
case $host_cpu in case $host_cpu in
*sparc*) *sparc*)
CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT" CFLAGS="$CFLAGS -D__STRICT_ALIGNMENT"
;; ;;
*arm*) *arm*)
AS_IF([test "x$BSWAP4" = "xyes"],, AS_IF([test "x$BSWAP4" = "xyes"],,
CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT") CFLAGS="$CFLAGS -D__STRICT_ALIGNMENT")
;; ;;
esac esac
AC_ARG_ENABLE([asm],
AS_HELP_STRING([--disable-asm], [Disable assembly]))
AM_CONDITIONAL([OPENSSL_NO_ASM], [test "x$enable_asm" = "xno"])
# Conditionally enable assembly by default
AM_CONDITIONAL([HOST_ASM_ELF_X86_64], AM_CONDITIONAL([HOST_ASM_ELF_X86_64],
[test "x$HOST_ABI" = "xelf" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"]) [test "x$HOST_ABI" = "xelf" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
AM_CONDITIONAL([HOST_ASM_MACOSX_X86_64], AM_CONDITIONAL([HOST_ASM_MACOSX_X86_64],
[test "x$HOST_ABI" = "xmacosx" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"]) [test "x$HOST_ABI" = "xmacosx" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
LT_INIT
AC_CONFIG_FILES([ AC_CONFIG_FILES([
Makefile Makefile
include/Makefile include/Makefile

67
crypto/Makefile.am
View File

@@ -1,8 +1,8 @@
include $(top_srcdir)/Makefile.am.common include $(top_srcdir)/Makefile.am.common
AM_CFLAGS += -I$(top_srcdir)/crypto/asn1 AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1
AM_CFLAGS += -I$(top_srcdir)/crypto/evp AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
AM_CFLAGS += -I$(top_srcdir)/crypto/modes AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
lib_LTLIBRARIES = libcrypto.la lib_LTLIBRARIES = libcrypto.la
@@ -10,12 +10,13 @@ EXTRA_DIST = VERSION
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la
libcrypto_la_CPPFLAGS = -DOPENSSL_NO_HW_PADLOCK libcrypto_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
libcrypto_la_CFLAGS += -DOPENSSL_NO_HW_PADLOCK
if OPENSSL_NO_ASM if OPENSSL_NO_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_ASM libcrypto_la_CFLAGS += -DOPENSSL_NO_ASM
else else
if HOST_WIN if HOST_WIN
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_ASM libcrypto_la_CFLAGS += -DOPENSSL_NO_ASM
endif endif
endif endif
@@ -30,6 +31,7 @@ libcompatnoopt_la_SOURCES += compat/explicit_bzero.c
endif endif
# other compatibility functions # other compatibility functions
libcompat_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
libcompat_la_SOURCES = libcompat_la_SOURCES =
libcompat_la_LIBADD = $(PLATFORM_LDADD) libcompat_la_LIBADD = $(PLATFORM_LDADD)
@@ -65,11 +67,60 @@ if !HAVE_TIMINGSAFE_BCMP
libcompat_la_SOURCES += compat/timingsafe_bcmp.c libcompat_la_SOURCES += compat/timingsafe_bcmp.c
endif endif
if !HAVE_ARC4RANDOM_BUF
libcompat_la_SOURCES += compat/arc4random.c
if !HAVE_GETENTROPY
if HOST_FREEBSD
libcompat_la_SOURCES += compat/getentropy_freebsd.c
endif
if HOST_HPUX
libcompat_la_SOURCES += compat/getentropy_hpux.c
endif
if HOST_LINUX
libcompat_la_SOURCES += compat/getentropy_linux.c
endif
if HOST_NETBSD
libcompat_la_SOURCES += compat/getentropy_netbsd.c
endif
if HOST_DARWIN
libcompat_la_SOURCES += compat/getentropy_osx.c
endif
if HOST_SOLARIS
libcompat_la_SOURCES += compat/getentropy_solaris.c
endif
if HOST_WIN if HOST_WIN
libcompat_la_SOURCES += compat/posix_win.c libcompat_la_SOURCES += compat/getentropy_win.c
endif
endif endif
include Makefile.am.arc4random endif
if !HAVE_ISSETUGID
if HOST_LINUX
libcompat_la_SOURCES += compat/issetugid_linux.c
endif
if HOST_HPUX
libcompat_la_SOURCES += compat/issetugid_hpux.c
endif
if HOST_DARWIN
libcompat_la_SOURCES += compat/issetugid_osx.c
endif
if HOST_WIN
libcompat_la_SOURCES += compat/issetugid_win.c
endif
endif
noinst_HEADERS =
noinst_HEADERS += compat/arc4random.h
noinst_HEADERS += compat/arc4random_freebsd.h
noinst_HEADERS += compat/arc4random_hpux.h
noinst_HEADERS += compat/arc4random_linux.h
noinst_HEADERS += compat/arc4random_netbsd.h
noinst_HEADERS += compat/arc4random_osx.h
noinst_HEADERS += compat/arc4random_solaris.h
noinst_HEADERS += compat/arc4random_win.h
noinst_HEADERS += compat/chacha_private.h
libcrypto_la_SOURCES = libcrypto_la_SOURCES =
EXTRA_libcrypto_la_SOURCES = EXTRA_libcrypto_la_SOURCES =

45
crypto/Makefile.am.arc4random
View File

@@ -1,45 +0,0 @@
if !HAVE_ARC4RANDOM_BUF
libcompat_la_SOURCES += compat/arc4random.c
if !HAVE_GETENTROPY
if HOST_AIX
libcompat_la_SOURCES += compat/getentropy_aix.c
endif
if HOST_FREEBSD
libcompat_la_SOURCES += compat/getentropy_freebsd.c
endif
if HOST_HPUX
libcompat_la_SOURCES += compat/getentropy_hpux.c
endif
if HOST_LINUX
libcompat_la_SOURCES += compat/getentropy_linux.c
endif
if HOST_NETBSD
libcompat_la_SOURCES += compat/getentropy_netbsd.c
endif
if HOST_DARWIN
libcompat_la_SOURCES += compat/getentropy_osx.c
endif
if HOST_SOLARIS
libcompat_la_SOURCES += compat/getentropy_solaris.c
endif
if HOST_WIN
libcompat_la_SOURCES += compat/getentropy_win.c
endif
endif
endif
noinst_HEADERS =
noinst_HEADERS += compat/arc4random.h
noinst_HEADERS += compat/arc4random_aix.h
noinst_HEADERS += compat/arc4random_freebsd.h
noinst_HEADERS += compat/arc4random_hpux.h
noinst_HEADERS += compat/arc4random_linux.h
noinst_HEADERS += compat/arc4random_netbsd.h
noinst_HEADERS += compat/arc4random_osx.h
noinst_HEADERS += compat/arc4random_solaris.h
noinst_HEADERS += compat/arc4random_win.h
noinst_HEADERS += compat/chacha_private.h

30
crypto/Makefile.am.elf-x86_64
View File

@@ -22,20 +22,20 @@ ASM_X86_64_ELF += cpuid-elf-x86_64.S
EXTRA_DIST += $(ASM_X86_64_ELF) EXTRA_DIST += $(ASM_X86_64_ELF)
if HOST_ASM_ELF_X86_64 if HOST_ASM_ELF_X86_64
libcrypto_la_CPPFLAGS += -DAES_ASM libcrypto_la_CFLAGS += -DAES_ASM
libcrypto_la_CPPFLAGS += -DBSAES_ASM libcrypto_la_CFLAGS += -DBSAES_ASM
libcrypto_la_CPPFLAGS += -DVPAES_ASM libcrypto_la_CFLAGS += -DVPAES_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_IA32_SSE2 libcrypto_la_CFLAGS += -DOPENSSL_IA32_SSE2
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT5 libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT5
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_GF2m libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_GF2m
libcrypto_la_CPPFLAGS += -DMD5_ASM libcrypto_la_CFLAGS += -DMD5_ASM
libcrypto_la_CPPFLAGS += -DGHASH_ASM libcrypto_la_CFLAGS += -DGHASH_ASM
libcrypto_la_CPPFLAGS += -DRSA_ASM libcrypto_la_CFLAGS += -DRSA_ASM
libcrypto_la_CPPFLAGS += -DSHA1_ASM libcrypto_la_CFLAGS += -DSHA1_ASM
libcrypto_la_CPPFLAGS += -DSHA256_ASM libcrypto_la_CFLAGS += -DSHA256_ASM
libcrypto_la_CPPFLAGS += -DSHA512_ASM libcrypto_la_CFLAGS += -DSHA512_ASM
libcrypto_la_CPPFLAGS += -DWHIRLPOOL_ASM libcrypto_la_CFLAGS += -DWHIRLPOOL_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_CPUID_OBJ libcrypto_la_CFLAGS += -DOPENSSL_CPUID_OBJ
libcrypto_la_SOURCES += $(ASM_X86_64_ELF) libcrypto_la_SOURCES += $(ASM_X86_64_ELF)
endif endif

30
crypto/Makefile.am.macosx-x86_64
View File

@@ -22,20 +22,20 @@ ASM_X86_64_MACOSX += cpuid-macosx-x86_64.S
EXTRA_DIST += $(ASM_X86_64_MACOSX) EXTRA_DIST += $(ASM_X86_64_MACOSX)
if HOST_ASM_MACOSX_X86_64 if HOST_ASM_MACOSX_X86_64
libcrypto_la_CPPFLAGS += -DAES_ASM libcrypto_la_CFLAGS += -DAES_ASM
libcrypto_la_CPPFLAGS += -DBSAES_ASM libcrypto_la_CFLAGS += -DBSAES_ASM
libcrypto_la_CPPFLAGS += -DVPAES_ASM libcrypto_la_CFLAGS += -DVPAES_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_IA32_SSE2 libcrypto_la_CFLAGS += -DOPENSSL_IA32_SSE2
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT5 libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT5
libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_GF2m libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_GF2m
libcrypto_la_CPPFLAGS += -DMD5_ASM libcrypto_la_CFLAGS += -DMD5_ASM
libcrypto_la_CPPFLAGS += -DGHASH_ASM libcrypto_la_CFLAGS += -DGHASH_ASM
libcrypto_la_CPPFLAGS += -DRSA_ASM libcrypto_la_CFLAGS += -DRSA_ASM
libcrypto_la_CPPFLAGS += -DSHA1_ASM libcrypto_la_CFLAGS += -DSHA1_ASM
libcrypto_la_CPPFLAGS += -DSHA256_ASM libcrypto_la_CFLAGS += -DSHA256_ASM
libcrypto_la_CPPFLAGS += -DSHA512_ASM libcrypto_la_CFLAGS += -DSHA512_ASM
libcrypto_la_CPPFLAGS += -DWHIRLPOOL_ASM libcrypto_la_CFLAGS += -DWHIRLPOOL_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_CPUID_OBJ libcrypto_la_CFLAGS += -DOPENSSL_CPUID_OBJ
libcrypto_la_SOURCES += $(ASM_X86_64_MACOSX) libcrypto_la_SOURCES += $(ASM_X86_64_MACOSX)
endif endif

5
crypto/compat/arc4random.h
View File

@@ -3,10 +3,7 @@
#include <sys/param.h> #include <sys/param.h>
#if defined(_AIX) #if defined(__FreeBSD__)
#include "arc4random_aix.h"
#elif defined(__FreeBSD__)
#include "arc4random_freebsd.h" #include "arc4random_freebsd.h"
#elif defined(__hpux) #elif defined(__hpux)

17
crypto/compat/issetugid_hpux.c Normal file
View File

@@ -0,0 +1,17 @@
#include <stdio.h>
#include <unistd.h>
#include <sys/pstat.h>
/*
* HP-UX does not have issetugid().
* Use pstat_getproc() and check PS_CHANGEDPRIV bit of pst_flag. If this call
* cannot be used, assume we must be running in a privileged environment.
*/
int issetugid(void)
{
struct pst_status buf;
if (pstat_getproc(&buf, sizeof(buf), 0, getpid()) == 1 &&
!(buf.pst_flag & PS_CHANGEDPRIV))
return 0;
return 1;
}

47
crypto/compat/issetugid_linux.c Normal file
View File

@@ -0,0 +1,47 @@
/*
* issetugid implementation for Linux
* Public domain
*/
#include <errno.h>
#include <gnu/libc-version.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
/*
* Linux-specific glibc 2.16+ interface for determining if a process was
* launched setuid/setgid or with additional capabilities.
*/
#ifdef HAVE_GETAUXVAL
#include <sys/auxv.h>
#endif
int issetugid(void)
{
#ifdef HAVE_GETAUXVAL
/*
* The API for glibc < 2.19 does not indicate if there is an error with
* getauxval. While it should not be the case that any 2.6 or greater
* kernel ever does not supply AT_SECURE, an emulated software environment
* might rewrite the aux vector.
*
* See https://sourceware.org/bugzilla/show_bug.cgi?id=15846
*
* Perhaps this code should just read the aux vector itself, so we have
* backward-compatibility and error handling in older glibc versions.
* info: http://lwn.net/Articles/519085/
*
*/
const char *glcv = gnu_get_libc_version();
if (strverscmp(glcv, "2.19") >= 0) {
errno = 0;
if (getauxval(AT_SECURE) == 0) {
if (errno != ENOENT) {
return 0;
}
}
}
#endif
return 1;
}

16
crypto/compat/issetugid_osx.c Normal file
View File

@@ -0,0 +1,16 @@
/*
* issetugid implementation for OS X
* Public domain
*/
#include <unistd.h>
/*
* OS X has issetugid, but it is not fork-safe as of version 10.10.
* See this Solaris report for test code that fails similarly:
* http://mcarpenter.org/blog/2013/01/15/solaris-issetugid%282%29-bug
*/
int issetugid(void)
{
return 1;
}

26
crypto/compat/issetugid_win.c Normal file
View File

@@ -0,0 +1,26 @@
/*
* issetugid implementation for Windows
* Public domain
*/
#include <unistd.h>
/*
* Windows does not have a native setuid/setgid functionality.
* A user must enter credentials each time a process elevates its
* privileges.
*
* So, in theory, this could always return 0, given what I know currently.
* However, it makes sense to stub out initially in 'safe' mode until we
* understand more (and determine if any disabled functionality is actually
* useful on Windows anyway).
*
* Future versions of this function that are made more 'open' should thoroughly
* consider the case of this code running as a privileged service with saved
* user credentials or privilege escalations by other means (e.g. the old
* RunAsEx utility.)
*/
int issetugid(void)
{
return 1;
}

167
crypto/compat/posix_win.c
View File

@@ -1,167 +0,0 @@
/*
* Public domain
*
* BSD socket emulation code for Winsock2
* File IO compatibility shims
* Brent Cook <bcook@openbsd.org>
*/
#define NO_REDEF_POSIX_FUNCTIONS
#include <windows.h>
#include <ws2tcpip.h>
#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <unistd.h>
void
posix_perror(const char *s)
{
fprintf(stderr, "%s: %s\n", s, strerror(errno));
}
FILE *
posix_fopen(const char *path, const char *mode)
{
if (strchr(mode, 'b') == NULL) {
char *bin_mode = NULL;
if (asprintf(&bin_mode, "%sb", mode) == -1)
return NULL;
FILE *f = fopen(path, bin_mode);
free(bin_mode);
return f;
}
return fopen(path, mode);
}
int
posix_rename(const char *oldpath, const char *newpath)
{
MoveFileEx(oldpath, newpath, MOVEFILE_REPLACE_EXISTING) ? 0 : -1;
}
static int
wsa_errno(int err)
{
switch (err) {
case WSAENOBUFS:
errno = ENOMEM;
break;
case WSAEACCES:
errno = EACCES;
break;
case WSANOTINITIALISED:
errno = EPERM;
break;
case WSAEHOSTUNREACH:
case WSAENETDOWN:
errno = EIO;
break;
case WSAEFAULT:
errno = EFAULT;
break;
case WSAEINTR:
errno = EINTR;
break;
case WSAEINVAL:
errno = EINVAL;
break;
case WSAEINPROGRESS:
errno = EINPROGRESS;
break;
case WSAEWOULDBLOCK:
errno = EAGAIN;
break;
case WSAEOPNOTSUPP:
errno = ENOTSUP;
break;
case WSAEMSGSIZE:
errno = EFBIG;
break;
case WSAENOTSOCK:
errno = ENOTSOCK;
break;
case WSAENOPROTOOPT:
errno = ENOPROTOOPT;
break;
case WSAECONNREFUSED:
errno = ECONNREFUSED;
break;
case WSAEAFNOSUPPORT:
errno = EAFNOSUPPORT;
break;
case WSAENETRESET:
case WSAENOTCONN:
case WSAECONNABORTED:
case WSAECONNRESET:
case WSAESHUTDOWN:
case WSAETIMEDOUT:
errno = EPIPE;
break;
}
return -1;
}
int
posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
{
int rc = connect(sockfd, addr, addrlen);
if (rc == SOCKET_ERROR)
return wsa_errno(WSAGetLastError());
return rc;
}
int
posix_close(int fd)
{
if (closesocket(fd) == SOCKET_ERROR) {
int err = WSAGetLastError();
return err == WSAENOTSOCK ?
close(fd) : wsa_errno(err);
}
return 0;
}
ssize_t
posix_read(int fd, void *buf, size_t count)
{
ssize_t rc = recv(fd, buf, count, 0);
if (rc == SOCKET_ERROR) {
int err = WSAGetLastError();
return err == WSAENOTSOCK ?
read(fd, buf, count) : wsa_errno(err);
}
return rc;
}
ssize_t
posix_write(int fd, const void *buf, size_t count)
{
ssize_t rc = send(fd, buf, count, 0);
if (rc == SOCKET_ERROR) {
int err = WSAGetLastError();
return err == WSAENOTSOCK ?
write(fd, buf, count) : wsa_errno(err);
}
return rc;
}
int
posix_getsockopt(int sockfd, int level, int optname,
void *optval, socklen_t *optlen)
{
int rc = getsockopt(sockfd, level, optname, (char *)optval, optlen);
return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
}
int
posix_setsockopt(int sockfd, int level, int optname,
const void *optval, socklen_t optlen)
{
int rc = setsockopt(sockfd, level, optname, (char *)optval, optlen);
return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
}

8
gen-coverage-report.sh
View File

@@ -29,15 +29,9 @@ make check
echo "Generating report" echo "Generating report"
mkdir -p $DESTDIR mkdir -p $DESTDIR
find tests -name '*.gcda' -o -name '*.gcno' -delete find tests -name '*.gcda' -o -name '*.gcno' -delete
lcov --capture --output-file $DESTDIR/coverage.tmp \ lcov --directory . --capture --output-file $DESTDIR/coverage.tmp \
--rc lcov_branch_coverage=1 \
--directory crypto \
--directory ssl \
--directory tls \
--test-name "LibreSSL $VERSION" --test-name "LibreSSL $VERSION"
genhtml --prefix . --output-directory $DESTDIR \ genhtml --prefix . --output-directory $DESTDIR \
--branch-coverage --function-coverage \
--rc lcov_branch_coverage=1 \
--title "LibreSSL $VERSION" --legend --show-detail $DESTDIR/coverage.tmp --title "LibreSSL $VERSION" --legend --show-detail $DESTDIR/coverage.tmp
echo "Code coverage report is available under $DESTDIR" echo "Code coverage report is available under $DESTDIR"

15
include/stdio.h
View File

@@ -15,17 +15,16 @@ int asprintf(char **str, const char *fmt, ...);
#endif #endif
#ifdef _WIN32 #ifdef _WIN32
#include <errno.h>
#include <string.h>
void posix_perror(const char *s); static inline void
FILE * posix_fopen(const char *path, const char *mode); posix_perror(const char *s)
int posix_rename(const char *oldpath, const char *newpath); {
fprintf(stderr, "%s: %s\n", s, strerror(errno));
}
#ifndef NO_REDEF_POSIX_FUNCTIONS
#define perror(errnum) posix_perror(errnum) #define perror(errnum) posix_perror(errnum)
#define fopen(path, mode) posix_fopen(path, mode)
#define rename(oldpath, newpath) posix_rename(oldpath, newpath)
#endif
#endif #endif
#endif #endif

4
include/unistd.h
View File

@@ -12,4 +12,8 @@
int getentropy(void *buf, size_t buflen); int getentropy(void *buf, size_t buflen);
#endif #endif
#ifndef HAVE_ISSETUGID
int issetugid(void);
#endif
#endif #endif

139
include/win32netcompat.h
View File

@@ -19,29 +19,142 @@
#include <errno.h> #include <errno.h>
#include <unistd.h> #include <unistd.h>
int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen); static int
wsa_errno(int err)
{
switch (err) {
case WSAENOBUFS:
errno = ENOMEM;
break;
case WSAEACCES:
errno = EACCES;
break;
case WSANOTINITIALISED:
errno = EPERM;
break;
case WSAEHOSTUNREACH:
case WSAENETDOWN:
errno = EIO;
break;
case WSAEFAULT:
errno = EFAULT;
break;
case WSAEINTR:
errno = EINTR;
break;
case WSAEINVAL:
errno = EINVAL;
break;
case WSAEINPROGRESS:
errno = EINPROGRESS;
break;
case WSAEWOULDBLOCK:
errno = EAGAIN;
break;
case WSAEOPNOTSUPP:
errno = ENOTSUP;
break;
case WSAEMSGSIZE:
errno = EFBIG;
break;
case WSAENOTSOCK:
errno = ENOTSOCK;
break;
case WSAENOPROTOOPT:
errno = ENOPROTOOPT;
break;
case WSAECONNREFUSED:
errno = ECONNREFUSED;
break;
case WSAEAFNOSUPPORT:
errno = EAFNOSUPPORT;
break;
case WSAENETRESET:
case WSAENOTCONN:
case WSAECONNABORTED:
case WSAECONNRESET:
case WSAESHUTDOWN:
case WSAETIMEDOUT:
errno = EPIPE;
break;
}
return -1;
}
int posix_close(int fd); static inline int
ssize_t posix_read(int fd, void *buf, size_t count); posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
{
int rc = connect(sockfd, addr, addrlen);
if (rc == SOCKET_ERROR)
return wsa_errno(WSAGetLastError());
return rc;
}
ssize_t posix_write(int fd, const void *buf, size_t count);
int posix_getsockopt(int sockfd, int level, int optname,
void *optval, socklen_t *optlen);
int posix_setsockopt(int sockfd, int level, int optname,
const void *optval, socklen_t optlen);
#ifndef NO_REDEF_POSIX_FUNCTIONS
#define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen) #define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen)
static inline int
posix_close(int fd)
{
if (closesocket(fd) == SOCKET_ERROR) {
int err = WSAGetLastError();
return err == WSAENOTSOCK ?
close(fd) : wsa_errno(err);
}
return 0;
}
#define close(fd) posix_close(fd) #define close(fd) posix_close(fd)
static inline ssize_t
posix_read(int fd, void *buf, size_t count)
{
ssize_t rc = recv(fd, buf, count, 0);
if (rc == SOCKET_ERROR) {
int err = WSAGetLastError();
return err == WSAENOTSOCK ?
read(fd, buf, count) : wsa_errno(err);
}
return rc;
}
#define read(fd, buf, count) posix_read(fd, buf, count) #define read(fd, buf, count) posix_read(fd, buf, count)
static inline ssize_t
posix_write(int fd, const void *buf, size_t count)
{
ssize_t rc = send(fd, buf, count, 0);
if (rc == SOCKET_ERROR) {
int err = WSAGetLastError();
return err == WSAENOTSOCK ?
write(fd, buf, count) : wsa_errno(err);
}
return rc;
}
#define write(fd, buf, count) posix_write(fd, buf, count) #define write(fd, buf, count) posix_write(fd, buf, count)
static inline int
posix_getsockopt(int sockfd, int level, int optname,
void *optval, socklen_t *optlen)
{
int rc = getsockopt(sockfd, level, optname, (char *)optval, optlen);
return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
}
#define getsockopt(sockfd, level, optname, optval, optlen) \ #define getsockopt(sockfd, level, optname, optval, optlen) \
posix_getsockopt(sockfd, level, optname, optval, optlen) posix_getsockopt(sockfd, level, optname, optval, optlen)
static inline int
posix_setsockopt(int sockfd, int level, int optname,
const void *optval, socklen_t optlen)
{
int rc = setsockopt(sockfd, level, optname, (char *)optval, optlen);
return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
}
#define setsockopt(sockfd, level, optname, optval, optlen) \ #define setsockopt(sockfd, level, optname, optval, optlen) \
posix_setsockopt(sockfd, level, optname, optval, optlen) posix_setsockopt(sockfd, level, optname, optval, optlen)
#endif
#endif #endif

0
libtls-standalone/AUTHORS
View File

13
libtls-standalone/COPYING
View File

@@ -1,13 +0,0 @@
libtls is ISC licensed as per OpenBSD's normal licensing policy.
Permission to use, copy, modify, and distribute this software for any
purpose with or without fee is hereby granted, provided that the above
copyright notice and this permission notice appear in all copies.
THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

0
libtls-standalone/ChangeLog
View File

7
libtls-standalone/Makefile.am
View File

@@ -1,7 +0,0 @@
SUBDIRS = include compat src tests man
ACLOCAL_AMFLAGS = -I m4
pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libtls.pc
EXTRA_DIST = README VERSION

0
libtls-standalone/NEWS
View File

0
libtls-standalone/README
View File

1
libtls-standalone/VERSION
View File

@@ -1 +0,0 @@
3.1.0

45
libtls-standalone/compat/Makefile.am
View File

@@ -1,45 +0,0 @@
#
# Copyright (c) 2014-2015 Brent Cook
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src
noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
# compatibility functions that need to be built without optimizations
libcompatnoopt_la_CFLAGS = -O0
libcompatnoopt_la_SOURCES =
if !HAVE_EXPLICIT_BZERO
libcompatnoopt_la_SOURCES += explicit_bzero.c
endif
# other compatibility functions
libcompat_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
libcompat_la_SOURCES =
libcompat_la_LIBADD = $(PLATFORM_LDADD)
if !HAVE_ASPRINTF
libcompat_la_SOURCES += bsd-asprintf.c
endif
if !HAVE_STRLCPY
libcompat_la_SOURCES += strlcpy.c
endif
if !HAVE_STRSEP
libcompat_la_SOURCES += strsep.c
endif
include Makefile.am.arc4random

52
libtls-standalone/configure.ac
View File

@@ -1,52 +0,0 @@
# Copyright (c) 2014-2015 Brent Cook
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT([libtls], m4_esyscmd([tr -d '\n' < VERSION]))
AC_SUBST([LIBTLS_VERSION], m4_esyscmd([sed -e 's/\./:/g' VERSION | tr -d '\n']))
AC_CANONICAL_HOST
AM_INIT_AUTOMAKE([subdir-objects])
AC_CONFIG_MACRO_DIR([m4])
m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
# This must be called before AC_PROG_CC
USER_CFLAGS="$CFLAGS"
AC_PROG_CC
AC_PROG_CC_STDC
AM_PROG_CC_C_O
AC_PROG_LIBTOOL
LT_INIT
CHECK_OS_OPTIONS
CHECK_C_HARDENING_OPTIONS
DISABLE_COMPILER_WARNINGS
CHECK_LIBC_COMPAT
CHECK_LIBC_CRYPTO_COMPAT
AC_CONFIG_FILES([
Makefile
include/Makefile
compat/Makefile
man/Makefile
src/Makefile
tests/Makefile
libtls.pc
])
AC_OUTPUT

5
libtls-standalone/include/Makefile.am
View File

@@ -1,5 +0,0 @@
noinst_HEADERS = stdlib.h
noinst_HEADERS += string.h
noinst_HEADERS += unistd.h
include_HEADERS = tls.h

73
libtls-standalone/include/string.h
View File

@@ -1,73 +0,0 @@
/*
* Public domain
* string.h compatibility shim
*/
#include_next <string.h>
#ifndef LIBCRYPTOCOMPAT_STRING_H
#define LIBCRYPTOCOMPAT_STRING_H
#include <sys/types.h>
#if defined(__sun) || defined(__hpux)
/* Some functions historically defined in string.h were placed in strings.h by
* SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris and HPUX.
*/
#include <strings.h>
#endif
#ifndef HAVE_STRLCPY
size_t strlcpy(char *dst, const char *src, size_t siz);
#endif
#ifndef HAVE_STRLCAT
size_t strlcat(char *dst, const char *src, size_t siz);
#endif
#ifndef HAVE_STRNDUP
char * strndup(const char *str, size_t maxlen);
/* the only user of strnlen is strndup, so only build it if needed */
#ifndef HAVE_STRNLEN
size_t strnlen(const char *str, size_t maxlen);
#endif
#endif
#ifndef HAVE_STRSEP
char *strsep(char **stringp, const char *delim);
#endif
#ifndef HAVE_EXPLICIT_BZERO
void explicit_bzero(void *, size_t);
#endif
#ifndef HAVE_TIMINGSAFE_BCMP
int timingsafe_bcmp(const void *b1, const void *b2, size_t n);
#endif
#ifndef HAVE_TIMINGSAFE_MEMCMP
int timingsafe_memcmp(const void *b1, const void *b2, size_t len);
#endif
#ifndef HAVE_MEMMEM
void * memmem(const void *big, size_t big_len, const void *little,
size_t little_len);
#endif
#ifdef _WIN32
#include <errno.h>
static inline char *
posix_strerror(int errnum)
{
if (errnum == ECONNREFUSED) {
return "Connection refused";
}
return strerror(errnum);
}
#define strerror(errnum) posix_strerror(errnum)
#endif
#endif

16
libtls-standalone/libtls.pc.in
View File

@@ -1,16 +0,0 @@
#libtls pkg-config source file
prefix=@prefix@
exec_prefix=@exec_prefix@
libdir=@libdir@
includedir=@includedir@
Name: LibreSSL-libtls
Description: Secure communications using the TLS socket protocol.
Version: @LIBTLS_VERSION@
Requires:
Requires.private: libcrypto libssl
Conflicts:
Libs: -L${libdir} -ltls
Libs.private: @LIBS@ -lcrypto -lssl
Cflags: -I${includedir}

16
libtls-standalone/src/Makefile.am
View File

@@ -1,16 +0,0 @@
AM_CFLAGS = -I$(top_srcdir)/include
lib_LTLIBRARIES = libtls.la
libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined
libtls_la_LIBADD = -lcrypto -lssl -lcrypto $(PLATFORM_LDADD)
libtls_la_LIBADD += $(top_builddir)/compat/libcompat.la
libtls_la_LIBADD += $(top_builddir)/compat/libcompatnoopt.la
libtls_la_SOURCES = tls.c
libtls_la_SOURCES += tls_client.c
libtls_la_SOURCES += tls_config.c
libtls_la_SOURCES += tls_server.c
libtls_la_SOURCES += tls_util.c
libtls_la_SOURCES += tls_verify.c
noinst_HEADERS = tls_internal.h

7
libtls-standalone/tests/Makefile.am
View File

@@ -1,7 +0,0 @@
AM_CFLAGS = -I$(top_srcdir)/include
check_PROGRAMS = test
TESTS = test
test_SOURCES = test.c
test_LDADD = -lcrypto -lssl $(top_builddir)/src/libtls.la

51
libtls-standalone/tests/test.c
View File

@@ -1,51 +0,0 @@
#include <stdio.h>
#include <tls.h>
int main()
{
struct tls *tls;
struct tls_config *tls_config;
size_t written, read;
char buf[4096];
if (tls_init() != 0) {
fprintf(stderr, "tls_init failed");
return 1;
}
if ((tls = tls_client()) == NULL)
goto err;
if ((tls_config = tls_config_new()) == NULL)
goto err;
if (tls_config_set_ciphers(tls_config, "compat") != 0)
goto err;
tls_config_insecure_noverifycert(tls_config);
tls_config_insecure_noverifyname(tls_config);
if (tls_configure(tls, tls_config) != 0)
goto err;
if (tls_connect(tls, "google.com", "443") != 0)
goto err;
if (tls_write(tls, "GET /\r\n", 7, &written) != 0)
goto err;
if (tls_read(tls, buf, sizeof(buf), &read) != 0)
goto err;
buf[read - 1] = '\0';
puts(buf);
if (tls_close(tls) != 0)
goto err;
return 0;
err:
fprintf(stderr, "%s\n", tls_error(tls));
return 1;
}

107
m4/check-hardening-options.m4
View File

@@ -1,107 +0,0 @@
AC_DEFUN([CHECK_CFLAG], [
AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $saved_CC supports "$1"])
old_cflags="$CFLAGS"
CFLAGS="$1 -Wall -Werror"
AC_TRY_LINK([
#include <stdio.h>
],
[printf("Hello")],
AC_MSG_RESULT([yes])
CFLAGS=$old_cflags
HARDEN_CFLAGS="$HARDEN_CFLAGS $1",
AC_MSG_RESULT([no])
CFLAGS=$old_cflags
[$2])
])
AC_DEFUN([CHECK_LDFLAG], [
AC_LANG_ASSERT(C)
AC_MSG_CHECKING([if $saved_LD supports "$1"])
old_ldflags="$LDFLAGS"
LDFLAGS="$1 -Wall -Werror"
AC_TRY_LINK([
#include <stdio.h>
],
[printf("Hello")],
AC_MSG_RESULT([yes])
LDFLAGS=$old_ldflags
HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1",
AC_MSG_RESULT([no])
LDFLAGS=$old_ldflags
[$2])
])
AC_DEFUN([DISABLE_AS_EXECUTABLE_STACK], [
save_cflags="$CFLAGS"
CFLAGS=
AC_MSG_CHECKING([whether AS supports .note.GNU-stack])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
__asm__(".section .note.GNU-stack,\"\",@progbits");]])],
[AC_MSG_RESULT([yes])]
[AM_CFLAGS=-DHAVE_GNU_STACK],
[AC_MSG_RESULT([no])]
)
CFLAGS="$save_cflags $AM_CFLAGS"
])
AC_DEFUN([CHECK_C_HARDENING_OPTIONS], [
AC_ARG_ENABLE([hardening],
[AS_HELP_STRING([--disable-hardening],
[Disable options to frustrate memory corruption exploits])],
[], [enable_hardening=yes])
AC_ARG_ENABLE([windows-ssp],
[AS_HELP_STRING([--enable-windows-ssp],
[Enable building the stack smashing protection on
Windows. This currently distributing libssp-0.dll.])])
# We want to check for compiler flag support. Prior to clang v5.1, there was no
# way to make clang's "argument unused" warning fatal. So we invoke the
# compiler through a wrapper script that greps for this message.
saved_CC="$CC"
saved_LD="$LD"
flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
CC="$flag_wrap $CC"
LD="$flag_wrap $LD"
AS_IF([test "x$enable_hardening" = "xyes"], [
# Tell GCC to NOT optimize based on signed arithmetic overflow
CHECK_CFLAG([[-fno-strict-overflow]])
# _FORTIFY_SOURCE replaces builtin functions with safer versions.
CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
# Enable read only relocations
CHECK_LDFLAG([[-Wl,-z,relro]])
CHECK_LDFLAG([[-Wl,-z,now]])
# Windows security flags
AS_IF([test "x$HOST_OS" = "xwin"], [
CHECK_LDFLAG([[-Wl,--nxcompat]])
CHECK_LDFLAG([[-Wl,--dynamicbase]])
CHECK_LDFLAG([[-Wl,--high-entropy-va]])
])
# Use stack-protector-strong if available; if not, fallback to
# stack-protector-all which is considered to be overkill
AS_IF([test "x$enable_windows_ssp" = "xyes" -o "x$HOST_OS" != "xwin"], [
CHECK_CFLAG([[-fstack-protector-strong]],
CHECK_CFLAG([[-fstack-protector-all]],
AC_MSG_WARN([compiler does not appear to support stack protection])
)
)
AC_SEARCH_LIBS([__stack_chk_guard],[ssp])
])
])
# Restore CC, LD
CC="$saved_CC"
LD="$saved_LD"
CFLAGS="$CFLAGS $HARDEN_CFLAGS"
LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
])

65
m4/check-libc.m4
View File

@@ -1,65 +0,0 @@
AC_DEFUN([CHECK_LIBC_COMPAT], [
# Check for general libc functions
AC_CHECK_FUNCS([asprintf memmem poll reallocarray])
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
])
AC_DEFUN([CHECK_LIBC_CRYPTO_COMPAT], [
# Check crypto-related libc functions
AC_CHECK_FUNCS([arc4random_buf explicit_bzero getauxval getentropy])
AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
# Override arc4random_buf implementations with known issues
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
[test "x$HOST_OS" != xdarwin \
-a "x$HOST_OS" != xfreebsd \
-a "x$HOST_OS" != xnetbsd \
-a "x$ac_cv_func_arc4random_buf" = xyes])
# Check for getentropy fallback dependencies
AC_CHECK_FUNC([getauxval])
AC_CHECK_FUNC([clock_gettime],, [AC_SEARCH_LIBS([clock_gettime],[rt posix4])])
AC_CHECK_FUNC([dl_iterate_phdr],, [AC_SEARCH_LIBS([dl_iterate_phdr],[dl])])
])
AC_DEFUN([CHECK_VA_COPY], [
AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <stdarg.h>
va_list x,y;
]], [[ va_copy(x,y); ]])],
[ ac_cv_have_va_copy="yes" ],
[ ac_cv_have_va_copy="no"
])
])
if test "x$ac_cv_have_va_copy" = "xyes" ; then
AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
fi
AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <stdarg.h>
va_list x,y;
]], [[ __va_copy(x,y); ]])],
[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
])
])
if test "x$ac_cv_have___va_copy" = "xyes" ; then
AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
fi
])

77
m4/check-os-options.m4
View File

@@ -1,77 +0,0 @@
# This must be called before AC_PROG_CC
AC_DEFUN([CHECK_OS_OPTIONS], [
CFLAGS="$CFLAGS -Wall -std=gnu99"
case $host_os in
*aix*)
HOST_OS=aix
if test "`echo $CC | cut -d ' ' -f 1`" != "gcc" ; then
CFLAGS="$USER_CFLAGS"
fi
AC_SUBST([PLATFORM_LDADD], ['-lperfstat -lpthread'])
;;
*cygwin*)
HOST_OS=cygwin
;;
*darwin*)
HOST_OS=darwin
HOST_ABI=macosx
;;
*freebsd*)
HOST_OS=freebsd
HOST_ABI=elf
AC_SUBST([PROG_LDADD], ['-lthr'])
;;
*hpux*)
HOST_OS=hpux;
if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then
CFLAGS="$CFLAGS -mlp64"
else
CFLAGS="-g -O2 +DD64 $USER_CFLAGS"
fi
CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
AC_SUBST([PLATFORM_LDADD], ['-lpthread'])
;;
*linux*)
HOST_OS=linux
HOST_ABI=elf
CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
;;
*netbsd*)
HOST_OS=netbsd
CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
;;
*openbsd* | *bitrig*)
HOST_ABI=elf
AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
;;
*mingw*)
HOST_OS=win
CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600"
CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG"
CFLAGS="$CFLAGS -static-libgcc"
LDFLAGS="$LDFLAGS -static-libgcc"
AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
;;
*solaris*)
HOST_OS=solaris
HOST_ABI=elf
CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
;;
*) ;;
esac
AM_CONDITIONAL([HOST_AIX], [test x$HOST_OS = xaix])
AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin])
AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin])
AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
AM_CONDITIONAL([HOST_HPUX], [test x$HOST_OS = xhpux])
AM_CONDITIONAL([HOST_LINUX], [test x$HOST_OS = xlinux])
AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd])
AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
AM_CONDITIONAL([HOST_WIN], [test x$HOST_OS = xwin])
])

29
m4/disable-compiler-warnings.m4
View File

@@ -1,29 +0,0 @@
AC_DEFUN([DISABLE_COMPILER_WARNINGS], [
# Clang throws a lot of warnings when it does not understand a flag. Disable
# this warning for now so other warnings are visible.
AC_MSG_CHECKING([if compiling with clang])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
#ifndef __clang__
not clang
#endif
]])],
[CLANG=yes],
[CLANG=no]
)
AC_MSG_RESULT([$CLANG])
AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments])
CFLAGS="$CFLAGS $CLANG_FLAGS"
LDFLAGS="$LDFLAGS $CLANG_FLAGS"
# Removing the dependency on -Wno-pointer-sign should be a goal. These are
# largely unsigned char */char* mismatches in asn1 functions.
save_cflags="$CFLAGS"
CFLAGS=-Wno-pointer-sign
AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
[AC_MSG_RESULT([yes])]
[AM_CFLAGS=-Wno-pointer-sign],
[AC_MSG_RESULT([no])]
)
CFLAGS="$save_cflags $AM_CFLAGS"
])

2
man/Makefile.am.tpl Normal file
View File

@@ -0,0 +1,2 @@
include $(top_srcdir)/Makefile.am.common
dist_man_MANS=

2207
man/links
View File

File diff suppressed because it is too large Load Diff

18
man/update_links.sh
View File

@@ -1,18 +0,0 @@
#!/bin/sh
# Run this periodically to ensure that the manpage links are up to date
echo "# This is an auto-generated file by $0" > links
sudo makewhatis
for i in `ls -1 *.3`; do
name=`echo $i|cut -d. -f1`
links=`sqlite3 /usr/share/man/mandoc.db \
"select names.name from mlinks,names where mlinks.name='$name' and mlinks.pageid=names.pageid;"`
for j in $links; do
a=`echo "x$j" | tr '[:upper:]' '[:lower:]'`
b=`echo "x$name" | tr '[:upper:]' '[:lower:]'`
if [ $a != $b ]; then
echo $name.3,$j.3 >> links
fi
done
done

29
patches/openssl.c.patch
View File

@@ -1,29 +0,0 @@
--- apps/openssl.c.orig 2015-06-05 03:42:12.956112944 -0500
+++ apps/openssl.c 2015-06-05 03:41:54.215381908 -0500
@@ -130,6 +130,18 @@
#include <openssl/engine.h>
#endif
+#ifdef _WIN32
+#include <fcntl.h>
+static void set_stdio_binary(void)
+{
+ _setmode(_fileno(stdin), _O_BINARY);
+ _setmode(_fileno(stdout), _O_BINARY);
+ _setmode(_fileno(stderr), _O_BINARY);
+}
+#else
+static void set_stdio_binary(void) {};
+#endif
+
#include "progs.h"
#include "s_apps.h"
@@ -216,6 +228,7 @@
#endif
setup_ui_method();
+ set_stdio_binary();
}
static void

25
patches/tls.h.patch
View File

@@ -1,25 +0,0 @@
--- include/tls.h.orig 2015-05-23 19:18:30.002576267 -0500
+++ include/tls.h 2015-05-23 19:18:09.830576581 -0500
@@ -18,6 +18,13 @@
#ifndef HEADER_TLS_H
#define HEADER_TLS_H
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#include <stddef.h>
+#include <stdint.h>
+
#define TLS_API 20141031
#define TLS_PROTOCOL_TLSv1_0 (1 << 1)
@@ -88,4 +95,8 @@
uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);
+#ifdef __cplusplus
+}
+#endif
+
#endif /* HEADER_TLS_H */

44
patches/win_bio_sock_init.diff Normal file
View File

@@ -0,0 +1,44 @@
diff --git a/src/usr.bin/openssl/openssl.c b/src/usr.bin/openssl/openssl.c
index e7dd11c..cfd4593 100644
--- a/src/usr.bin/openssl/openssl.c
+++ b/src/usr.bin/openssl/openssl.c
@@ -253,6 +253,11 @@ main(int argc, char **argv)
arg.data = NULL;
arg.count = 0;
+ if (BIO_sock_init() != 1) {
+ fprintf(stderr, "BIO_sock_init failed\n");
+ exit(1);
+ }
+
bio_err = BIO_new_fp(stderr, BIO_NOCLOSE);
if (bio_err == NULL) {
fprintf(stderr, "openssl: failed to initialise bio_err\n");
diff --git a/src/usr.bin/openssl/s_socket.c b/src/usr.bin/openssl/s_socket.c
index 3b96b1a..2ce31eb 100644
--- a/src/usr.bin/openssl/s_socket.c
+++ b/src/usr.bin/openssl/s_socket.c
@@ -85,11 +85,6 @@ init_client(int *sock, char *host, char *port, int type, int af)
struct addrinfo hints, *ai_top, *ai;
int i, s;
- if (BIO_sock_init() != 1) {
- BIO_printf(bio_err, "BIO_sock_init failed\n");
- return (0);
- }
-
memset(&hints, '\0', sizeof(hints));
hints.ai_family = af;
hints.ai_socktype = type;
@@ -181,11 +176,6 @@ init_server_long(int *sock, int port, char *ip, int type)
struct sockaddr_in server;
int s = -1;
- if (BIO_sock_init() != 1) {
- BIO_printf(bio_err, "BIO_sock_init failed\n");
- return (0);
- }
-
memset((char *) &server, 0, sizeof(server));
server.sin_family = AF_INET;
server.sin_port = htons((unsigned short) port);

1
ssl/Makefile.am
View File

@@ -5,6 +5,7 @@ lib_LTLIBRARIES = libssl.la
EXTRA_DIST = VERSION EXTRA_DIST = VERSION
libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined
libssl_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
libssl_la_LIBADD = ../crypto/libcrypto.la libssl_la_LIBADD = ../crypto/libcrypto.la
libssl_la_SOURCES = bio_ssl.c libssl_la_SOURCES = bio_ssl.c

301
tests/Makefile.am
View File

@@ -1,301 +0,0 @@
include $(top_srcdir)/Makefile.am.common
AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I $(top_srcdir)/ssl
AM_CPPFLAGS += -I $(top_srcdir)/apps
LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
LDADD += $(top_builddir)/ssl/libssl.la
LDADD += $(top_builddir)/crypto/libcrypto.la
TESTS =
check_PROGRAMS =
EXTRA_DIST =
DISTCLEANFILES = pidwraptest.txt
# aeadtest
TESTS += aeadtest.sh
check_PROGRAMS += aeadtest
aeadtest_SOURCES = aeadtest.c
EXTRA_DIST += aeadtest.sh
EXTRA_DIST += aeadtests.txt
# aes_wrap
TESTS += aes_wrap
check_PROGRAMS += aes_wrap
aes_wrap_SOURCES = aes_wrap.c
# arc4randomforktest
# Windows/mingw does not have fork, but Cygwin does.
if !HOST_WIN
TESTS += arc4randomforktest.sh
check_PROGRAMS += arc4randomforktest
arc4randomforktest_SOURCES = arc4randomforktest.c
endif
EXTRA_DIST += arc4randomforktest.sh
# asn1test
TESTS += asn1test
check_PROGRAMS += asn1test
asn1test_SOURCES = asn1test.c
# base64test
TESTS += base64test
check_PROGRAMS += base64test
base64test_SOURCES = base64test.c
# bftest
TESTS += bftest
check_PROGRAMS += bftest
bftest_SOURCES = bftest.c
# biotest
# the BIO tests rely on resolver results that are OS and environment-specific
if ENABLE_EXTRATESTS
TESTS += biotest
check_PROGRAMS += biotest
biotest_SOURCES = biotest.c
endif
# bntest
TESTS += bntest
check_PROGRAMS += bntest
bntest_SOURCES = bntest.c
# bytestringtest
TESTS += bytestringtest
check_PROGRAMS += bytestringtest
bytestringtest_SOURCES = bytestringtest.c
# casttest
TESTS += casttest
check_PROGRAMS += casttest
casttest_SOURCES = casttest.c
# chachatest
TESTS += chachatest
check_PROGRAMS += chachatest
chachatest_SOURCES = chachatest.c
# cipherstest
TESTS += cipherstest
check_PROGRAMS += cipherstest
cipherstest_SOURCES = cipherstest.c
# cts128test
TESTS += cts128test
check_PROGRAMS += cts128test
cts128test_SOURCES = cts128test.c
# destest
TESTS += destest
check_PROGRAMS += destest
destest_SOURCES = destest.c
# dhtest
TESTS += dhtest
check_PROGRAMS += dhtest
dhtest_SOURCES = dhtest.c
# dsatest
TESTS += dsatest
check_PROGRAMS += dsatest
dsatest_SOURCES = dsatest.c
# ecdhtest
TESTS += ecdhtest
check_PROGRAMS += ecdhtest
ecdhtest_SOURCES = ecdhtest.c
# ecdsatest
TESTS += ecdsatest
check_PROGRAMS += ecdsatest
ecdsatest_SOURCES = ecdsatest.c
# ectest
TESTS += ectest
check_PROGRAMS += ectest
ectest_SOURCES = ectest.c
# enginetest
TESTS += enginetest
check_PROGRAMS += enginetest
enginetest_SOURCES = enginetest.c
# evptest
TESTS += evptest.sh
check_PROGRAMS += evptest
evptest_SOURCES = evptest.c
EXTRA_DIST += evptest.sh
EXTRA_DIST += evptests.txt
# explicit_bzero
# explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
if !HOST_WIN
if !HOST_CYGWIN
TESTS += explicit_bzero
check_PROGRAMS += explicit_bzero
explicit_bzero_SOURCES = explicit_bzero.c
if !HAVE_MEMMEM
explicit_bzero_SOURCES += memmem.c
endif
endif
endif
# exptest
TESTS += exptest
check_PROGRAMS += exptest
exptest_SOURCES = exptest.c
# gcm128test
TESTS += gcm128test
check_PROGRAMS += gcm128test
gcm128test_SOURCES = gcm128test.c
# gost2814789t
TESTS += gost2814789t
check_PROGRAMS += gost2814789t
gost2814789t_SOURCES = gost2814789t.c
# hmactest
TESTS += hmactest
check_PROGRAMS += hmactest
hmactest_SOURCES = hmactest.c
# ideatest
TESTS += ideatest
check_PROGRAMS += ideatest
ideatest_SOURCES = ideatest.c
# igetest
TESTS += igetest
check_PROGRAMS += igetest
igetest_SOURCES = igetest.c
# md4test
TESTS += md4test
check_PROGRAMS += md4test
md4test_SOURCES = md4test.c
# md5test
TESTS += md5test
check_PROGRAMS += md5test
md5test_SOURCES = md5test.c
# mdc2test
TESTS += mdc2test
check_PROGRAMS += mdc2test
mdc2test_SOURCES = mdc2test.c
# mont
TESTS += mont
check_PROGRAMS += mont
mont_SOURCES = mont.c
# optionstest
TESTS += optionstest
check_PROGRAMS += optionstest
optionstest_SOURCES = optionstest.c
# pbkdf2
TESTS += pbkdf2
check_PROGRAMS += pbkdf2
pbkdf2_SOURCES = pbkdf2.c
# pidwraptest
# pidwraptest relies on an OS-specific way to give out pids and is generally
# awkward on systems with slow fork
if ENABLE_EXTRATESTS
TESTS += pidwraptest
check_PROGRAMS += pidwraptest
pidwraptest_SOURCES = pidwraptest.c
endif
# pkcs7test
TESTS += pkcs7test
check_PROGRAMS += pkcs7test
pkcs7test_SOURCES = pkcs7test.c
# poly1305test
TESTS += poly1305test
check_PROGRAMS += poly1305test
poly1305test_SOURCES = poly1305test.c
# pq_test
TESTS += pq_test.sh
check_PROGRAMS += pq_test
pq_test_SOURCES = pq_test.c
EXTRA_DIST += pq_test.sh
EXTRA_DIST += pq_expected.txt
# randtest
TESTS += randtest
check_PROGRAMS += randtest
randtest_SOURCES = randtest.c
# rc2test
TESTS += rc2test
check_PROGRAMS += rc2test
rc2test_SOURCES = rc2test.c
# rc4test
TESTS += rc4test
check_PROGRAMS += rc4test
rc4test_SOURCES = rc4test.c
# rmdtest
TESTS += rmdtest
check_PROGRAMS += rmdtest
rmdtest_SOURCES = rmdtest.c
# sha1test
TESTS += sha1test
check_PROGRAMS += sha1test
sha1test_SOURCES = sha1test.c
# sha256test
TESTS += sha256test
check_PROGRAMS += sha256test
sha256test_SOURCES = sha256test.c
# sha512test
TESTS += sha512test
check_PROGRAMS += sha512test
sha512test_SOURCES = sha512test.c
# shatest
TESTS += shatest
check_PROGRAMS += shatest
shatest_SOURCES = shatest.c
# ssltest
TESTS += ssltest.sh
check_PROGRAMS += ssltest
ssltest_SOURCES = ssltest.c
EXTRA_DIST += ssltest.sh
EXTRA_DIST += testssl ca.pem server.pem
# testdsa
TESTS += testdsa.sh
EXTRA_DIST += testdsa.sh
EXTRA_DIST += openssl.cnf
# testenc
TESTS += testenc.sh
EXTRA_DIST += testenc.sh
# testrsa
TESTS += testrsa.sh
EXTRA_DIST += testrsa.sh
# timingsafe
TESTS += timingsafe
check_PROGRAMS += timingsafe
timingsafe_SOURCES = timingsafe.c
# utf8test
TESTS += utf8test
check_PROGRAMS += utf8test
utf8test_SOURCES = utf8test.c

15
tests/Makefile.am.tpl Normal file
View File

@@ -0,0 +1,15 @@
include $(top_srcdir)/Makefile.am.common
AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I $(top_srcdir)/ssl
LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
LDADD += $(top_builddir)/ssl/libssl.la
LDADD += $(top_builddir)/crypto/libcrypto.la
TESTS =
check_PROGRAMS =
EXTRA_DIST =
DISTCLEANFILES = pidwraptest.txt

29
tests/openssl.cnf
View File

@@ -1,29 +0,0 @@
# $OpenBSD: openssl.cnf,v 1.1 2014/08/26 17:50:07 jsing Exp $
#
# SSLeay example configuration file.
# This is mostly being used for generation of certificate requests.
#
# hacked by iang to do DSA certs - Server
RANDFILE = ./.rnd
####################################################################
[ req ]
distinguished_name = req_distinguished_name
encrypt_rsa_key = no
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = CA
countryName_value = CA
organizationName = Organization Name (eg, company)
organizationName_value = Shake it Vera
0.commonName = Common Name (eg, YOUR name)
0.commonName_value = Wastelandus
1.commonName = Common Name (eg, YOUR name)
1.commonName_value = Maximus

382
tests/optionstest.c
View File

@@ -1,382 +0,0 @@
/* $OpenBSD: optionstest.c,v 1.8 2015/01/22 05:48:00 doug Exp $ */
/*
* Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <openssl/bio.h>
#include <openssl/conf.h>
#include <apps.h>
#include <apps.c>
#include <strtonum.c>
/* Needed to keep apps.c happy... */
BIO *bio_err;
CONF *config;
static int argfunc(char *arg);
static int defaultarg(int argc, char **argv, int *argsused);
static int multiarg(int argc, char **argv, int *argsused);
static struct {
char *arg;
int flag;
} test_config;
static struct option test_options[] = {
{
.name = "arg",
.argname = "argname",
.type = OPTION_ARG,
.opt.arg = &test_config.arg,
},
{
.name = "argfunc",
.argname = "argname",
.type = OPTION_ARG_FUNC,
.opt.argfunc = argfunc,
},
{
.name = "flag",
.type = OPTION_FLAG,
.opt.flag = &test_config.flag,
},
{
.name = "multiarg",
.type = OPTION_ARGV_FUNC,
.opt.argvfunc = multiarg,
},
{
.name = NULL,
.type = OPTION_ARGV_FUNC,
.opt.argvfunc = defaultarg,
},
{ NULL },
};
char *args1[] = { "opts" };
char *args2[] = { "opts", "-arg", "arg", "-flag" };
char *args3[] = { "opts", "-arg", "arg", "-flag", "unnamed" };
char *args4[] = { "opts", "-arg", "arg", "unnamed", "-flag" };
char *args5[] = { "opts", "unnamed1", "-arg", "arg", "-flag", "unnamed2" };
char *args6[] = { "opts", "-argfunc", "arg", "-flag" };
char *args7[] = { "opts", "-arg", "arg", "-flag", "-", "-unnamed" };
char *args8[] = { "opts", "-arg", "arg", "-flag", "file1", "file2", "file3" };
char *args9[] = { "opts", "-arg", "arg", "-flag", "file1", "-file2", "file3" };
char *args10[] = { "opts", "-arg", "arg", "-flag", "-", "file1", "file2" };
char *args11[] = { "opts", "-arg", "arg", "-flag", "-", "-file1", "-file2" };
char *args12[] = { "opts", "-multiarg", "arg1", "arg2", "-flag", "unnamed" };
char *args13[] = { "opts", "-multiargz", "arg1", "arg2", "-flagz", "unnamed" };
struct options_test {
int argc;
char **argv;
enum {
OPTIONS_TEST_NONE,
OPTIONS_TEST_UNNAMED,
OPTIONS_TEST_ARGSUSED,
} type;
char *unnamed;
int used;
int want;
char *wantarg;
int wantflag;
};
struct options_test options_tests[] = {
{
/* Test 1 - No arguments (only program name). */
.argc = 1,
.argv = args1,
.type = OPTIONS_TEST_NONE,
.want = 0,
.wantarg = NULL,
.wantflag = 0,
},
{
/* Test 2 - Named arguments (unnamed not permitted). */
.argc = 4,
.argv = args2,
.type = OPTIONS_TEST_NONE,
.want = 0,
.wantarg = "arg",
.wantflag = 1,
},
{
/* Test 3 - Named arguments (unnamed permitted). */
.argc = 4,
.argv = args2,
.type = OPTIONS_TEST_UNNAMED,
.unnamed = NULL,
.want = 0,
.wantarg = "arg",
.wantflag = 1,
},
{
/* Test 4 - Named and single unnamed (unnamed not permitted). */
.argc = 5,
.argv = args3,
.type = OPTIONS_TEST_NONE,
.want = 1,
},
{
/* Test 5 - Named and single unnamed (unnamed permitted). */
.argc = 5,
.argv = args3,
.type = OPTIONS_TEST_UNNAMED,
.unnamed = "unnamed",
.want = 0,
.wantarg = "arg",
.wantflag = 1,
},
{
/* Test 6 - Named and single unnamed (different sequence). */
.argc = 5,
.argv = args4,
.type = OPTIONS_TEST_UNNAMED,
.unnamed = "unnamed",
.want = 0,
.wantarg = "arg",
.wantflag = 1,
},
{
/* Test 7 - Multiple unnamed arguments (should fail). */
.argc = 6,
.argv = args5,
.type = OPTIONS_TEST_UNNAMED,
.want = 1,
},
{
/* Test 8 - Function. */
.argc = 4,
.argv = args6,
.type = OPTIONS_TEST_NONE,
.want = 0,
.wantarg = "arg",
.wantflag = 1,
},
{
/* Test 9 - Named and single unnamed (hyphen separated). */
.argc = 6,
.argv = args7,
.type = OPTIONS_TEST_UNNAMED,
.unnamed = "-unnamed",
.want = 0,
.wantarg = "arg",
.wantflag = 1,
},
{
/* Test 10 - Named and multiple unnamed. */
.argc = 7,
.argv = args8,
.used = 4,
.type = OPTIONS_TEST_ARGSUSED,
.want = 0,
.wantarg = "arg",
.wantflag = 1,
},
{
/* Test 11 - Named and multiple unnamed. */
.argc = 7,
.argv = args9,
.used = 4,
.type = OPTIONS_TEST_ARGSUSED,
.want = 0,
.wantarg = "arg",
.wantflag = 1,
},
{
/* Test 12 - Named and multiple unnamed. */
.argc = 7,
.argv = args10,
.used = 5,
.type = OPTIONS_TEST_ARGSUSED,
.want = 0,
.wantarg = "arg",
.wantflag = 1,
},
{
/* Test 13 - Named and multiple unnamed. */
.argc = 7,
.argv = args11,
.used = 5,
.type = OPTIONS_TEST_ARGSUSED,
.want = 0,
.wantarg = "arg",
.wantflag = 1,
},
{
/* Test 14 - Named only. */
.argc = 4,
.argv = args2,
.used = 4,
.type = OPTIONS_TEST_ARGSUSED,
.want = 0,
.wantarg = "arg",
.wantflag = 1,
},
{
/* Test 15 - Multiple argument callback. */
.argc = 6,
.argv = args12,
.unnamed = "unnamed",
.type = OPTIONS_TEST_UNNAMED,
.want = 0,
.wantarg = NULL,
.wantflag = 1,
},
{
/* Test 16 - Multiple argument callback. */
.argc = 6,
.argv = args12,
.used = 5,
.type = OPTIONS_TEST_ARGSUSED,
.want = 0,
.wantarg = NULL,
.wantflag = 1,
},
{
/* Test 17 - Default callback. */
.argc = 6,
.argv = args13,
.unnamed = "unnamed",
.type = OPTIONS_TEST_UNNAMED,
.want = 0,
.wantarg = NULL,
.wantflag = 1,
},
{
/* Test 18 - Default callback. */
.argc = 6,
.argv = args13,
.used = 5,
.type = OPTIONS_TEST_ARGSUSED,
.want = 0,
.wantarg = NULL,
.wantflag = 1,
},
};
#define N_OPTIONS_TESTS \
(sizeof(options_tests) / sizeof(*options_tests))
static int
argfunc(char *arg)
{
test_config.arg = arg;
return (0);
}
static int
defaultarg(int argc, char **argv, int *argsused)
{
if (argc < 1)
return (1);
if (strcmp(argv[0], "-multiargz") == 0) {
if (argc < 3)
return (1);
*argsused = 3;
return (0);
} else if (strcmp(argv[0], "-flagz") == 0) {
test_config.flag = 1;
*argsused = 1;
return (0);
}
return (1);
}
static int
multiarg(int argc, char **argv, int *argsused)
{
if (argc < 3)
return (1);
*argsused = 3;
return (0);
}
static int
do_options_test(int test_no, struct options_test *ot)
{
int *argsused = NULL;
char *unnamed = NULL;
char **arg = NULL;
int used = 0;
int ret;
if (ot->type == OPTIONS_TEST_UNNAMED)
arg = &unnamed;
else if (ot->type == OPTIONS_TEST_ARGSUSED)
argsused = &used;
memset(&test_config, 0, sizeof(test_config));
ret = options_parse(ot->argc, ot->argv, test_options, arg, argsused);
if (ret != ot->want) {
fprintf(stderr, "FAIL: test %i options_parse() returned %i, "
"want %i\n", test_no, ret, ot->want);
return (1);
}
if (ret != 0)
return (0);
if ((test_config.arg != NULL || ot->wantarg != NULL) &&
(test_config.arg == NULL || ot->wantarg == NULL ||
strcmp(test_config.arg, ot->wantarg) != 0)) {
fprintf(stderr, "FAIL: test %i got arg '%s', want '%s'\n",
test_no, test_config.arg, ot->wantarg);
return (1);
}
if (test_config.flag != ot->wantflag) {
fprintf(stderr, "FAIL: test %i got flag %i, want %i\n",
test_no, test_config.flag, ot->wantflag);
return (1);
}
if (ot->type == OPTIONS_TEST_UNNAMED &&
(unnamed != NULL || ot->unnamed != NULL) &&
(unnamed == NULL || ot->unnamed == NULL ||
strcmp(unnamed, ot->unnamed) != 0)) {
fprintf(stderr, "FAIL: test %i got unnamed '%s', want '%s'\n",
test_no, unnamed, ot->unnamed);
return (1);
}
if (ot->type == OPTIONS_TEST_ARGSUSED && used != ot->used) {
fprintf(stderr, "FAIL: test %i got used %i, want %i\n",
test_no, used, ot->used);
return (1);
}
return (0);
}
int
main(int argc, char **argv)
{
int failed = 0;
size_t i;
for (i = 0; i < N_OPTIONS_TESTS; i++) {
printf("Test %d%s\n", (int)(i + 1), options_tests[i].want == 0 ?
"" : " is expected to complain");
failed += do_options_test(i + 1, &options_tests[i]);
}
return (failed);
}

38
tests/testdsa.sh
View File

@@ -1,38 +0,0 @@
#!/bin/sh
# $OpenBSD: testdsa.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $
#Test DSA certificate generation of openssl
cmd=../apps/openssl
if [ -e ../apps/openssl.exe ]; then
cmd=../apps/openssl.exe
fi
if [ -z $srcdir ]; then
srcdir=.
fi
# Generate DSA paramter set
$cmd dsaparam 512 -out dsa512.pem
if [ $? != 0 ]; then
exit 1;
fi
# Denerate a DSA certificate
$cmd req -config $srcdir/openssl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key
if [ $? != 0 ]; then
exit 1;
fi
# Now check the certificate
$cmd x509 -text -in testdsa.pem
if [ $? != 0 ]; then
exit 1;
fi
rm testdsa.key dsa512.pem testdsa.pem
exit 0

69
tests/testenc.sh
View File

@@ -1,69 +0,0 @@
#!/bin/sh
# $OpenBSD: testenc.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $
test=p
cmd=../apps/openssl
if [ -e ../apps/openssl.exe ]; then
cmd=../apps/openssl.exe
fi
cat openssl.cnf >$test;
echo cat
$cmd enc < $test > $test.cipher
$cmd enc < $test.cipher >$test.clear
cmp $test $test.clear
if [ $? != 0 ]
then
exit 1
else
/bin/rm $test.cipher $test.clear
fi
echo base64
$cmd enc -a -e < $test > $test.cipher
$cmd enc -a -d < $test.cipher >$test.clear
cmp $test $test.clear
if [ $? != 0 ]
then
exit 1
else
/bin/rm $test.cipher $test.clear
fi
for i in \
aes-128-cbc aes-128-cfb aes-128-cfb1 aes-128-cfb8 \
aes-128-ecb aes-128-ofb aes-192-cbc aes-192-cfb \
aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb \
aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8 \
aes-256-ecb aes-256-ofb \
bf-cbc bf-cfb bf-ecb bf-ofb \
cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb \
des-cbc des-cfb des-cfb8 des-ecb des-ede \
des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 \
des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb desx-cbc \
rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb \
rc4 rc4-40
do
echo $i
$cmd $i -e -k test < $test > $test.$i.cipher
$cmd $i -d -k test < $test.$i.cipher >$test.$i.clear
cmp $test $test.$i.clear
if [ $? != 0 ]
then
exit 1
else
/bin/rm $test.$i.cipher $test.$i.clear
fi
echo $i base64
$cmd $i -a -e -k test < $test > $test.$i.cipher
$cmd $i -a -d -k test < $test.$i.cipher >$test.$i.clear
cmp $test $test.$i.clear
if [ $? != 0 ]
then
exit 1
else
/bin/rm $test.$i.cipher $test.$i.clear
fi
done
rm -f $test

38
tests/testrsa.sh
View File

@@ -1,38 +0,0 @@
#!/bin/sh
# $OpenBSD: testrsa.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $
#Test RSA certificate generation of openssl
cmd=../apps/openssl
if [ -e ../apps/openssl.exe ]; then
cmd=../apps/openssl.exe
fi
if [ -z $srcdir ]; then
srcdir=.
fi
# Generate RSA private key
$cmd genrsa -out rsakey.pem
if [ $? != 0 ]; then
exit 1;
fi
# Generate an RSA certificate
$cmd req -config $srcdir/openssl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem
if [ $? != 0 ]; then
exit 1;
fi
# Now check the certificate
$cmd x509 -text -in rsacert.pem
if [ $? != 0 ]; then
exit 1;
fi
rm -f rsacert.pem rsakey.pem
exit 0

1
tls/Makefile.am
View File

@@ -5,6 +5,7 @@ lib_LTLIBRARIES = libtls.la
EXTRA_DIST = VERSION EXTRA_DIST = VERSION
libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined
libtls_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
libtls_la_LIBADD = ../crypto/libcrypto.la ../ssl/libssl.la $(PLATFORM_LDADD) libtls_la_LIBADD = ../crypto/libcrypto.la ../ssl/libssl.la $(PLATFORM_LDADD)
libtls_la_SOURCES = tls.c libtls_la_SOURCES = tls.c

191
update.sh
View File

@@ -43,7 +43,6 @@ source $libtls_src/shlib_version
libtls_version=$major:$minor:0 libtls_version=$major:$minor:0
echo "libtls version $libtls_version" echo "libtls version $libtls_version"
echo $libtls_version > tls/VERSION echo $libtls_version > tls/VERSION
echo $major.$minor.0 > libtls-standalone/VERSION
do_mv() { do_mv() {
if ! cmp -s "$1" "$2" if ! cmp -s "$1" "$2"
@@ -62,35 +61,17 @@ $CP $libcrypto_src/crypto/arch/amd64/opensslconf.h include/openssl
$CP $libssl_src/src/crypto/opensslfeatures.h include/openssl $CP $libssl_src/src/crypto/opensslfeatures.h include/openssl
$CP $libssl_src/src/e_os2.h include/openssl $CP $libssl_src/src/e_os2.h include/openssl
$CP $libssl_src/src/ssl/pqueue.h include $CP $libssl_src/src/ssl/pqueue.h include
$CP $libtls_src/tls.h include
$CP $libtls_src/tls.h include/tls.h for i in explicit_bzero.c strlcpy.c strlcat.c strndup.c strnlen.c \
patch -p0 < patches/tls.h.patch timingsafe_bcmp.c timingsafe_memcmp.c; do
$CP include/tls.h libtls-standalone/include $CP $libc_src/string/$i crypto/compat
for i in crypto/compat libtls-standalone/compat; do
$CP $libc_src/crypt/arc4random.c \
$libc_src/crypt/chacha_private.h \
$libc_src/string/explicit_bzero.c \
$libc_src/stdlib/reallocarray.c \
$libc_src/string/strlcpy.c \
$libc_src/string/strlcat.c \
$libc_src/string/strndup.c \
$libc_src/string/strnlen.c \
$libc_src/string/timingsafe_bcmp.c \
$libc_src/string/timingsafe_memcmp.c \
$libcrypto_src/crypto/getentropy_*.c \
$libcrypto_src/crypto/arc4random_*.h \
$i
done done
$CP $libc_src/stdlib/reallocarray.c crypto/compat
$CP include/stdlib.h \ $CP $libc_src/crypt/arc4random.c crypto/compat
include/string.h \ $CP $libc_src/crypt/chacha_private.h crypto/compat
include/unistd.h \ $CP $libcrypto_src/crypto/getentropy_*.c crypto/compat
libtls-standalone/include $CP $libcrypto_src/crypto/arc4random_*.h crypto/compat
$CP crypto/compat/arc4random*.h \
crypto/compat/bsd-asprintf.c \
libtls-standalone/compat
(cd $libssl_src/src/crypto/objects/; (cd $libssl_src/src/crypto/objects/;
perl objects.pl objects.txt obj_mac.num obj_mac.h; perl objects.pl objects.txt obj_mac.num obj_mac.h;
@@ -185,21 +166,14 @@ done
# copy libtls source # copy libtls source
echo copying libtls source echo copying libtls source
rm -f tls/*.c tls/*.h libtls/src/*.c libtls/src/*.h rm -f tls/*.c tls/*.h
for i in `awk '/SOURCES|HEADERS/ { print $3 }' tls/Makefile.am` ; do for i in `awk '/SOURCES|HEADERS/ { print $3 }' tls/Makefile.am` ; do
if [ -e $libtls_src/$i ]; then if [ -e $libtls_src/$i ]; then
$CP $libtls_src/$i tls $CP $libtls_src/$i tls
$CP $libtls_src/$i libtls-standalone/src else
$CP $libc_src/string/$i tls
fi fi
done done
$CP $libc_src/string/strsep.c tls
$CP $libc_src/string/strsep.c libtls-standalone/compat
mkdir -p libtls-standalone/m4
$CP m4/check*.m4 \
m4/disable*.m4 \
libtls-standalone/m4
sed -e "s/compat\///" crypto/Makefile.am.arc4random > \
libtls-standalone/compat/Makefile.am.arc4random
# copy openssl(1) source # copy openssl(1) source
echo "copying openssl(1) source" echo "copying openssl(1) source"
@@ -210,7 +184,8 @@ for i in `awk '/SOURCES|HEADERS/ { print $3 }' apps/Makefile.am` ; do
$CP $openssl_app_src/$i apps $CP $openssl_app_src/$i apps
fi fi
done done
patch -p0 < patches/openssl.c.patch # patch for openssl(1) oscp on windows
(cd apps; patch -p4 < $CWD/patches/win_bio_sock_init.diff)
# copy libssl source # copy libssl source
echo "copying libssl source" echo "copying libssl source"
@@ -224,14 +199,13 @@ echo "copying tests"
for i in `find $libcrypto_regress -name '*.c'`; do for i in `find $libcrypto_regress -name '*.c'`; do
$CP "$i" tests $CP "$i" tests
done done
$CP $libcrypto_regress/evp/evptests.txt tests
$CP $libcrypto_regress/aead/aeadtests.txt tests # the BIO tests rely on resolver results that are OS and environment-specific
$CP $libcrypto_regress/pqueue/expected.txt tests/pq_expected.txt rm tests/biotest.c
# copy libc tests # copy libc tests
$CP $libc_regress/arc4random-fork/arc4random-fork.c tests/arc4randomforktest.c $CP $libc_regress/arc4random-fork/arc4random-fork.c tests/arc4randomforktest.c
$CP $libc_regress/explicit_bzero/explicit_bzero.c tests $CP $libc_regress/explicit_bzero/explicit_bzero.c tests
$CP $libc_src/string/memmem.c tests
$CP $libc_regress/timingsafe/timingsafe.c tests $CP $libc_regress/timingsafe/timingsafe.c tests
# copy libssl tests # copy libssl tests
@@ -242,9 +216,68 @@ done
$CP $libssl_regress/certs/ca.pem tests $CP $libssl_regress/certs/ca.pem tests
$CP $libssl_regress/certs/server.pem tests $CP $libssl_regress/certs/server.pem tests
chmod 755 tests/testssl # setup test drivers
# do not directly run all test programs
test_drivers=(
aeadtest
evptest
pq_test
ssltest
arc4randomforktest
pidwraptest
)
tests_posix_only=(
arc4randomforktest
explicit_bzero
pidwraptest
)
$CP $libc_src/string/memmem.c tests/
(cd tests
$CP Makefile.am.tpl Makefile.am
for i in `ls -1 *.c|sort|grep -v memmem.c`; do
TEST=`echo $i|sed -e "s/\.c//"`
if [[ ${tests_posix_only[*]} =~ "$TEST" ]]; then
echo "if !HOST_WIN" >> Makefile.am
fi
if ! [[ ${test_drivers[*]} =~ "$TEST" ]]; then
echo "TESTS += $TEST" >> Makefile.am
fi
echo "check_PROGRAMS += $TEST" >> Makefile.am
echo "${TEST}_SOURCES = $i" >> Makefile.am
if [[ ${TEST} = "explicit_bzero" ]]; then
echo "if !HAVE_MEMMEM" >> Makefile.am
echo "explicit_bzero_SOURCES += memmem.c" >> Makefile.am
echo "endif" >> Makefile.am
fi
if [[ ${tests_posix_only[*]} =~ "$TEST" ]]; then
echo "endif" >> Makefile.am
fi
done
)
$CP $libcrypto_regress/evp/evptests.txt tests
$CP $libcrypto_regress/aead/aeadtests.txt tests
$CP $libcrypto_regress/pqueue/expected.txt tests/pq_expected.txt
chmod 755 tests/testssl
for i in "${test_drivers[@]}"; do
if [ -e tests/${i}.sh ]; then
if [[ ${tests_posix_only[*]} =~ "$i" ]]; then
echo "if !HOST_WIN" >> tests/Makefile.am
fi
if ! [[ ${tests_disabled[*]} =~ "$i" ]]; then
echo "TESTS += ${i}.sh" >> tests/Makefile.am
fi
if [[ ${tests_posix_only[*]} =~ "$i" ]]; then
echo "endif" >> tests/Makefile.am
fi
echo "EXTRA_DIST += ${i}.sh" >> tests/Makefile.am
fi
done
echo "EXTRA_DIST += aeadtests.txt" >> tests/Makefile.am
echo "EXTRA_DIST += evptests.txt" >> tests/Makefile.am
echo "EXTRA_DIST += pq_expected.txt" >> tests/Makefile.am
echo "EXTRA_DIST += testssl ca.pem server.pem" >> tests/Makefile.am
# add headers
(cd include/openssl (cd include/openssl
$CP Makefile.am.tpl Makefile.am $CP Makefile.am.tpl Makefile.am
for i in `ls -1 *.h|sort`; do for i in `ls -1 *.h|sort`; do
@@ -252,49 +285,26 @@ chmod 755 tests/testssl
done done
) )
add_man_links() {
filter=$1
dest=$2
echo "install-data-hook:" >> $dest
for i in `grep $filter man/links`; do
IFS=","; set $i; unset IFS
if [ "$2" != "" ]; then
echo " ln -sf $1 \$(DESTDIR)\$(mandir)/man3/$2" >> $dest
fi
done
echo "" >> $dest
echo "uninstall-local:" >> $dest
for i in `grep $filter man/links`; do
IFS=","; set $i; unset IFS
if [ "$2" != "" ]; then
echo " -rm -f \$(DESTDIR)\$(mandir)/man3/$2" >> $dest
fi
done
}
# copy manpages
echo "copying manpages" echo "copying manpages"
echo dist_man_MANS= > man/Makefile.am # copy manpages
$CP $openssl_app_src/openssl.1 man
echo "dist_man_MANS += openssl.1" >> man/Makefile.am
$CP $libtls_src/tls_init.3 man
echo "dist_man_MANS += tls_init.3" >> man/Makefile.am
(cd man (cd man
$CP Makefile.am.tpl Makefile.am
# update new-style manpages # update new-style manpages
for i in `ls -1 $libssl_src/src/doc/ssl/*.3 | sort`; do for i in `ls -1 $libssl_src/src/doc/ssl/*.3 | sort`; do
NAME=`basename "$i"` NAME=`basename "$i"`
$CP $i . $CP $i .
echo "dist_man_MANS += $NAME" >> Makefile.am echo "dist_man_MANS += $NAME" >> Makefile.am
done done
for i in `ls -1 $libcrypto_src/man/*.3 | sort`; do for i in `ls -1 $libcrypto_src/man/*.3 | sort`; do
NAME=`basename "$i"` NAME=`basename "$i"`
$CP $i . $CP $i .
echo "dist_man_MANS += $NAME" >> Makefile.am echo "dist_man_MANS += $NAME" >> Makefile.am
done done
$CP $openssl_app_src/openssl.1 .
echo "dist_man_MANS += openssl.1" >> Makefile.am
$CP $libtls_src/tls_init.3 .
echo "dist_man_MANS += tls_init.3" >> Makefile.am
# convert remaining POD manpages # convert remaining POD manpages
for i in `ls -1 $libssl_src/src/doc/crypto/*.pod | sort`; do for i in `ls -1 $libssl_src/src/doc/crypto/*.pod | sort`; do
@@ -308,12 +318,27 @@ echo "dist_man_MANS += tls_init.3" >> man/Makefile.am
fi fi
echo "dist_man_MANS += $NAME.3" >> Makefile.am echo "dist_man_MANS += $NAME.3" >> Makefile.am
done done
echo "install-data-hook:" >> Makefile.am
source ./links
for i in $SSL_MLINKS; do
IFS=","; set $i; unset IFS
echo " ln -f \$(DESTDIR)\$(mandir)/man3/$1 \\" >> Makefile.am
echo " \$(DESTDIR)\$(mandir)/man3/$2" >> Makefile.am
done
for i in $TLS_MLINKS; do
IFS=","; set $i; unset IFS
echo " ln -f \$(DESTDIR)\$(mandir)/man3/$1 \\" >> Makefile.am
echo " \$(DESTDIR)\$(mandir)/man3/$2" >> Makefile.am
done
echo "" >> Makefile.am
echo "uninstall-local:" >> Makefile.am
for i in $SSL_MLINKS; do
IFS=","; set $i; unset IFS
echo " -rm -f \$(DESTDIR)\$(mandir)/man3/$2" >> Makefile.am
done
for i in $TLS_MLINKS; do
IFS=","; set $i; unset IFS
echo " rm -f \$(DESTDIR)\$(mandir)/man3/$2" >> Makefile.am
done
) )
add_man_links . man/Makefile.am
# standalone libtls manpages
mkdir -p libtls-standalone/man
echo "dist_man_MANS = tls_init.3" > libtls-standalone/man/Makefile.am
$CP $libtls_src/tls_init.3 libtls-standalone/man
add_man_links tls_init libtls-standalone/man/Makefile.am