generic-library/libreSSL
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: generic-library:v2.2.5
Branches Tags
generic-library:main generic-library:OPENBSD_6_2 generic-library:OPENBSD_6_1 generic-library:OPENBSD_6_0 generic-library:OPENBSD_5_9 generic-library:OPENBSD_5_8 generic-library:OPENBSD_5_7 generic-library:OPENBSD_5_6
generic-library:v2.6.4 generic-library:v2.6.3 generic-library:v2.6.2 generic-library:v2.6.1 generic-library:v2.6.0 generic-library:v2.5.5 generic-library:v2.5.4 generic-library:v2.5.3 generic-library:v2.5.2 generic-library:v2.5.1 generic-library:v2.4.5 generic-library:v2.3.10 generic-library:v2.3.9 generic-library:v2.4.4 generic-library:v2.5.0 generic-library:v2.3.8 generic-library:v2.4.3 generic-library:v2.3.7 generic-library:v2.4.2 generic-library:v2.4.1 generic-library:v2.3.6 generic-library:v2.2.9 generic-library:v2.4.0 generic-library:v2.3.5 generic-library:v2.2.8 generic-library:v2.2.7 generic-library:v2.3.4 generic-library:v2.3.3 generic-library:v2.1.10 generic-library:v2.2.6 generic-library:v2.3.2 generic-library:v2.2.5 generic-library:v2.1.9 generic-library:v2.3.1 generic-library:v2.0.6 generic-library:v2.1.8 generic-library:v2.2.4 generic-library:v2.3.0 generic-library:v2.2.3 generic-library:v2.2.2 generic-library:v2.2.1 generic-library:v2.2.0 generic-library:v2.1.7 generic-library:v2.1.6 generic-library:v2.1.5 generic-library:v2.1.4 generic-library:v2.1.3 generic-library:v2.1.2
...
compare: generic-library:v2.3.8
Branches Tags
generic-library:OPENBSD_6_2 generic-library:main generic-library:OPENBSD_6_1 generic-library:OPENBSD_6_0 generic-library:OPENBSD_5_9 generic-library:OPENBSD_5_8 generic-library:OPENBSD_5_7 generic-library:OPENBSD_5_6
generic-library:v2.6.4 generic-library:v2.6.3 generic-library:v2.6.2 generic-library:v2.6.1 generic-library:v2.6.0 generic-library:v2.5.5 generic-library:v2.5.4 generic-library:v2.5.3 generic-library:v2.5.2 generic-library:v2.5.1 generic-library:v2.4.5 generic-library:v2.3.10 generic-library:v2.3.9 generic-library:v2.4.4 generic-library:v2.5.0 generic-library:v2.3.8 generic-library:v2.4.3 generic-library:v2.3.7 generic-library:v2.4.2 generic-library:v2.4.1 generic-library:v2.3.6 generic-library:v2.2.9 generic-library:v2.4.0 generic-library:v2.3.5 generic-library:v2.2.8 generic-library:v2.2.7 generic-library:v2.3.4 generic-library:v2.3.3 generic-library:v2.1.10 generic-library:v2.2.6 generic-library:v2.3.2 generic-library:v2.2.5 generic-library:v2.1.9 generic-library:v2.3.1 generic-library:v2.0.6 generic-library:v2.1.8 generic-library:v2.2.4 generic-library:v2.3.0 generic-library:v2.2.3 generic-library:v2.2.2 generic-library:v2.2.1 generic-library:v2.2.0 generic-library:v2.1.7 generic-library:v2.1.6 generic-library:v2.1.5 generic-library:v2.1.4 generic-library:v2.1.3 generic-library:v2.1.2

166 Commits
v2.2.5 ... v2.3.8

Author SHA1 Message Date
Brent Cook
b67802c2db update changelog for 2.3.8 2016-09-23 05:43:25 -05:00
Brent Cook
25d8a429c1 update for 2.3.7 2016-07-31 17:59:59 -05:00
Brent Cook
926aa53242 set link library dependencies with MSVC, fixes #221 2016-07-31 17:12:47 -05:00
Brent Cook
950dcb2d07 properly enable strnlen checks for MSVC 2016-07-31 17:12:47 -05:00
Brent Cook
f6582d1d76 avoid BSWAP assembly for ARM <= v6 2016-07-19 05:49:05 -05:00
Brent Cook
3a193a58d4 format 64-bit int portably (windows wants %l64d) 2016-07-19 05:48:49 -05:00
celan69
94532f9619 Fix typo in USE_BUILTIN_ARC4RANDOM check 
Solaris 11 recently introduced a builtin arc4random in libc which fails the tests in "make check". Found USE_BUILTIN_ARC4RANDOM, but could not get it to work. Apparently, there is a typo in the configure logic rendering USE_BUILTIN_ARC4RANDOM ineffective.
 2016-07-19 05:46:16 -05:00
Brent Cook
0ae23dfcc3 bump changelog to sync tags with openbsd source 2016-06-07 07:04:16 -05:00
Brent Cook
bff756ef62 update changelog 2016-06-06 05:03:27 -05:00
Brent Cook
5b39a35bf8 Update changelog 2016-05-30 09:08:29 -05:00
Brent Cook
41d8aa6aef pushed encode.c change upstream 2016-05-03 09:25:59 -05:00
Brent Cook
b8b8628640 prefer limits.h over sys/limits.h 2016-05-03 02:13:13 -05:00
Brent Cook
6cb804b342 update changelog 2016-05-02 22:51:07 -05:00
Brent Cook
00eb776ee9 add constant_time_locl.h 2016-05-02 22:47:45 -05:00
Brent Cook
534ee348a9 check linker flags before checking for functions 2016-05-02 22:12:53 -05:00
kinichiro
ad914139c4 fix ld warning "attempted multiple inclusion of file" on Solaris 
- To avoid ld warning on Solaris, use abs_top_builddir in Makefile.am
 2016-05-02 22:12:53 -05:00
Brent Cook
6a136f72ff update changelog 2016-03-21 21:56:24 -05:00
Brent Cook
3b3f213ca5 updated changelog 2016-03-21 21:56:24 -05:00
Brent Cook
4b5daaaf44 set windows binary OPENSSLDIR to something plausible 2016-03-21 21:56:24 -05:00
kinichiro
1ffdb2ae25 modify include/compat/netinet/ip.h 
- add including <netinet/in_systm.h> for n_long on HP-UX
 2016-03-13 13:09:25 -05:00
Brent Cook
ef874034cf connect to the OPENBSD_5_9 branch 2016-03-12 17:30:33 -06:00
Brent Cook
05f3422a9b fix check for strlcat 
fixes #175
 2016-03-12 17:10:03 -06:00
Brent Cook
be3b129221 add install_sw alias for latest nginx 
fixes #174
 2016-03-12 17:07:28 -06:00
Brent Cook
2c751b1cf9 update man links 2016-02-29 05:20:58 -06:00
Brent Cook
d4d040c171 add things to minimize diffs with OpenNTPD-portable 2016-02-15 13:39:06 -06:00
Brent Cook
9df51efab0 updated changelog 2016-01-27 12:33:34 -06:00
Brent Cook
8c91563f60 add solaris include for getentropy(2) 2016-01-18 09:50:23 -06:00
Brent Cook
d0ff644edc package pidwraptest.sh script 2016-01-03 21:29:35 -06:00
Brent Cook
35e669fd1a whitelist NetBSD 7.0 native arc4random(3) implementation. 
NetBSD 7 improves arc4random(3) over earlier versions by adding fork
detection, stronger assertions on seed failure.
 2016-01-03 21:24:05 -06:00
Brent Cook
d0009039de enable nc on AIX 2016-01-03 21:20:03 -06:00
Brent Cook
07e541cc2e replace err.h macros with inline functions 
Passing NULL for the format is just easier with a function.
 2016-01-03 21:20:03 -06:00
Brent Cook
cf86bf8581 prefer gnu patch on AIX 2016-01-03 21:20:02 -06:00
Brent Cook
38c577d758 include strings.h in string.h on AIX as well 2016-01-03 21:19:55 -06:00
Brent Cook
07056b2949 -path isn't really needed for perms fixup, and not supported everywhere 2016-01-03 18:55:04 -06:00
Brent Cook
f5a4ee56be rebase netcat patch 2015-12-28 08:46:59 -06:00
Brent Cook
4a931b58fc add upstream config.guess/config.sub 
This adds refreshed OS and CPU detection.
https://www.gnu.org/software/gettext/manual/html_node/config_002eguess.html
 2015-12-27 22:33:51 -06:00
Brent Cook
53cd105d6e update check for b64_ntop 
typo spotted by Jonas 'Sortie' Termansen
 2015-12-27 22:12:35 -06:00
Brent Cook
733d581028 note the removed Verisign certificate 2015-12-15 21:38:35 -06:00
Brent Cook
b95c92c62b update added certs 2015-12-14 19:51:15 -06:00
Brent Cook
3af1387b18 Revert back to GetStdHandle, since it works fine with pipes. 
Also include the formerly-missing NULL check, since this can fail in two
ways.
 2015-12-11 09:22:12 -06:00
Brent Cook
bd8fe5868f include stdint.h uint*_t 2015-12-11 09:21:43 -06:00
Anthony Novatsis
5727d3274e Replace STDIN_FILENO with _fileno 
Replace STDIN_FILENO with _fileno as STDIN_FILENO results in compile
errors with Visual Studio 2015 (using CMake).
 2015-12-11 16:32:00 +11:00
Brent Cook
4db1ad6797 installing nc(1) should imply building, even if not whitelisted 2015-12-07 08:24:41 -06:00
Brent Cook
28aaab4323 allow optionally installing nc(1) with '--enable-nc' 2015-12-07 08:14:51 -06:00
Brent Cook
19f58fdb1b rebase windows headers patch 2015-12-07 08:03:44 -06:00
Brent Cook
1988b8f65e fixup cert.pem path override for libtls, add for nc(1) 
this also fixes the formatting of help for nc(1)
 2015-12-07 07:55:05 -06:00
Brent Cook
905e2a3b80 refresh nc(1) support 2015-12-06 23:32:18 -06:00
Brent Cook
5b49c30cbc override _PATH_SSL_CA_FILE with OPENSSLDIR at build time 
fix #160
 2015-12-06 20:35:09 -06:00
Brent Cook
fabe122b4e update changelog 2015-12-06 20:34:32 -06:00
Brent Cook
afcc027da7 only set the console mode if stdin is a console (not a pipe) 
This allows piping commands and running from a cygwin console.
 2015-12-06 16:49:01 -06:00
Brent Cook
75ef5bb160 wrap gets on Windows, replacing '\r\n' with '\n' 2015-12-05 13:58:37 -06:00
Brent Cook
d7317353a9 Update 2.3.2 release notes 2015-12-05 13:29:09 -06:00
Brent Cook
585b57b202 no special workaround needed for MSVC2015 2015-12-02 08:39:22 -06:00
Zhicheng Wei
84f0a9dbda fix libtls-standalone tests for tls_read and tls_write changed api 2015-11-23 02:11:02 -06:00
Brent Cook
7a82b7c0fd build nc on solaris and cygwin 2015-11-23 02:07:23 -06:00
Brent Cook
7109fb3260 ensure we don't pass a negative int to ctypes functions 
Some implementations, e.g. cygwin, use a table lookup that can cast
a char to a negative array offset.
 2015-11-23 02:06:03 -06:00
Brent Cook
9574b6c8ec do not link libcompatnoopt if it is unneeded/built 
from andy-js on github, fix #158
 2015-11-22 17:31:51 -06:00
Brent Cook
9c5105eeb1 omit <type> links 2015-11-22 06:37:13 -06:00
Brent Cook
fbe05ec826 update manpage links 2015-11-22 04:56:36 -06:00
Brent Cook
d35e8bbeaf update netcat patch 2015-11-22 04:55:22 -06:00
Brent Cook
1d5dfff695 update patches 2015-11-02 20:22:26 -06:00
Brent Cook
7180bed3bb update changelog for 2.3.1 2015-10-26 05:58:08 -05:00
Brent Cook
24b5a96a7c whitelist nc on other BSDs 2015-10-23 16:19:07 -07:00
Brent Cook
c31b03c1d4 update netcat patch 2015-10-23 16:17:45 -07:00
Brent Cook
9be9055791 remove a_gen/utctm.c for cmake 2015-10-21 22:19:09 -05:00
Brent Cook
3f79a49dd2 check bounds before casting (long long) to time_t 2015-10-21 22:17:13 -05:00
Brent Cook
959241fe88 remove a_gen/utctm.c 2015-10-21 21:39:59 -05:00
Brent Cook
2c168b7127 move rfc5280time to rfc5280time_small 
Having the same name as the executable confuses the driver, and it runs
the wrong thing.
 2015-10-18 11:18:23 -05:00
Brent Cook
b28e5bedab include tap-driver.sh in the source repo 
Newer autotools appears to install it automatically, but not all do.
 2015-10-18 10:51:09 -05:00
Brent Cook
0086809a82 update apps.h include 2015-10-18 10:48:17 -05:00
Brent Cook
c8c23ad8e3 make it clear that we skipped 64-bit time_t tests 2015-10-18 10:36:31 -05:00
Brent Cook
0197a58969 Windows compatibility fixes 
VS2013 has trouble with relative include paths for apps/openssl, so move
certhash_win/apps_win.c back to apps/openssl.

gmtime_r on mingw64 fails with negative time_t, override

gmtime_s fails all of the time unit tests, override

SHUT_RD/WR are defined in newer mingw64 headers, check before overriding
 2015-10-18 09:28:10 -05:00
Brent Cook
c8918dd0be include warnings about small time_t 2015-10-17 23:32:21 -05:00
Brent Cook
a45e38e962 disable some tests with 32-bit time_t systems 
Also disable use of _mkgmtime, it does not produce correct results.
 2015-10-17 22:57:59 -05:00
Brent Cook
e8c9210073 unconditionally disable pledge for now 
suggested by deraadt@ since there is still more coming
 2015-10-15 19:34:42 -05:00
Brent Cook
dadeeb0a2e check for timegm in cmake builds 2015-10-15 14:32:16 -05:00
Brent Cook
cac089b5d6 make internal functions static 2015-10-15 14:32:02 -05:00
Brent Cook
c02436645d use timegm from musl 2015-10-15 14:26:24 -05:00
Brent Cook
ea4658b46a update man links 2015-10-15 09:16:38 -05:00
Brent Cook
4298ac9305 include timegm fallback 2015-10-15 09:16:38 -05:00
Brent Cook
1dd79f5d8f add limits.h shim for defining PATH_MAX on HP-UX 2015-10-14 23:54:25 -05:00
Jeremy Huddleston Sequoia
448645d479 Use bundled headers instead of installed headers when building 
The build system incorrectly set include directives in AM_CFLAGS which
causes them to be placed after the configured CPPFLAGS.  Thus, if
a user or packaging system sets CPPFLAGS to a location that has
libressl or openssl headers installed, they will be used instead
of the bundled versions.  This corrects that issue by setting up
the variables correctly.

https://github.com/libressl-portable/portable/issues/150

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
 2015-10-14 16:33:39 -05:00
Jeremy Huddleston Sequoia
9afc452761 nc: Use AM_CPPFLAGS, not CPPFLAGS in Makefile.am 
CPPFLAGS should just be set by the user at configure time

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
 2015-10-14 16:33:25 -05:00
Goichi Hirakawa
9dd9d1757e update netcat.c.patch for osx 10.6 or earlier 2015-10-14 15:53:11 +09:00
Brent Cook
ff52e6f4e3 check for pledge(2) 2015-10-12 15:34:03 -05:00
Brent Cook
41cebd325f resolve tame to 0 2015-10-07 10:59:22 -05:00
Brent Cook
442cc6f1b4 add tame(2) check 2015-10-07 08:55:05 -05:00
Brent Cook
a615d3c6d3 rename _mkgmtime as timegm on win32 2015-10-07 08:22:43 -05:00
Brent Cook
047926e06f updates for ASN.1 time handling 2015-10-06 06:21:17 -05:00
Brent Cook
a7f031ba55 add b64_ntop checking and fallback for nc(1) 2015-10-01 07:40:26 -05:00
Brent Cook
497a47c5fc remove incorrect comment 
We actually want to only start extending CFLAGS after calling AC_PROG_CC
so we get the default autoconf value (usually just -O2).
 2015-09-30 08:00:49 -05:00
Brent Cook
53f8663976 add asn1time to cmake tests 2015-09-28 17:49:46 -05:00
Brent Cook
9af6ff9a3a add asn1time test 2015-09-28 17:33:58 -05:00
Brent Cook
09e535e41d update path to openssl(1) in testssl wrapper 2015-09-22 08:56:36 -05:00
Brent Cook
0fa826d34f revise how headers are patched for windows, remove sed scripts 2015-09-21 22:08:12 -05:00
Brent Cook
630e7b6040 visual studio path updates 2015-09-18 08:43:57 -05:00
Brent Cook
a2e532ed01 test cmake builds on osx as well 2015-09-17 05:48:09 -05:00
Brent Cook
4ce5342e86 remove SHA-0 from cmake builds 2015-09-17 05:39:55 -05:00
Brent Cook
f05cb999a6 final bit of SHA-0 removal 2015-09-17 05:30:24 -05:00
Brent Cook
9c55d0b851 remove SHA-0 2015-09-17 05:15:23 -05:00
Brent Cook
53eacb360e extend regression tests 
run distcheck rather than just dist, cmake tests
 2015-09-17 05:05:53 -05:00
kinichiro
9606a6b5e9 add include/compat/readpassphrase.h to Makefile.am 
fix for https://github.com/libressl-portable/portable/issues/138
 2015-09-17 04:41:45 -05:00
Brent Cook
3b82df010a update changelog for SHA-0 removal 2015-09-16 02:21:20 -05:00
Brent Cook
92a04bc1ea SHA-0 is gone, remove test 2015-09-16 02:13:10 -05:00
Brent Cook
3ac78a5573 normalize amd64 to x86_64 
This allows asm to be enabled on platforms that use amd64 in the host
tuple.
 2015-09-16 01:45:42 -05:00
Brent Cook
eae0e9d3a4 Call the correct script for pidwraptest.sh. 
This optional test was not reporting the correct results, noticed
retesting against FreeBSD 11-current.
 2015-09-16 01:43:59 -05:00
Brent Cook
eb604d1d54 update changelog with latest 2015-09-13 19:46:54 -05:00
Brent Cook
c7ae7c0c9d fix a library paths, nc patch 2015-09-13 19:15:34 -05:00
Brent Cook
2cb6d19e10 remove ecdh/ech_ossl.c 2015-09-13 19:08:12 -05:00
Brent Cook
eaa4c1cc8a a few more linux nc build tweaks 2015-09-13 19:06:29 -05:00
Brent Cook
696ba18c6a fixup windows and older linux builds 2015-09-13 18:57:29 -05:00
Brent Cook
8c90be2a29 allow nc to build on linux and os x 2015-09-13 18:42:15 -05:00
Brent Cook
627b0261a8 ignore manpages 2015-09-13 11:33:20 -05:00
Brent Cook
eeb286af5a fix spelling of OPENSSL_cleanse 2015-09-13 09:31:41 -05:00
Brent Cook
cb397a8b28 use CP_LIBC for strtonum 2015-09-13 09:31:41 -05:00
Brent Cook
a896d400a0 move windows file IO mode setup to apps_win.c 2015-09-13 09:31:41 -05:00
Brent Cook
653bbfaabf ding-dong e_os2.h is dead 2015-09-13 09:03:17 -05:00
Brent Cook
4bb70680a0 ech_ossl.h is gone 2015-09-13 09:03:04 -05:00
Brent Cook
02b7539cf5 readd openssl.1, distribute nc.1 2015-09-13 07:23:04 -05:00
Brent Cook
82e96d3565 include new tls headers 2015-09-13 03:48:46 -05:00
Brent Cook
a787f964a1 restrict nc to openbsd builds for now 2015-09-12 10:51:11 -05:00
Brent Cook
dcbaa6b699 correct nc compat path 2015-09-12 10:15:00 -05:00
Brent Cook
a64c42a09d add some backcompat in nc, don't install it 2015-09-12 09:50:44 -05:00
Brent Cook
bcd3b2fde6 more cmake tests 2015-09-12 08:08:25 -05:00
Brent Cook
854f4f69af add 'nc' to the distribution as an example of libtls client and server 2015-09-12 08:08:24 -05:00
Brent Cook
34bfb6ecb5 add new tests 2015-09-12 05:18:47 -05:00
Brent Cook
c84250a4e4 update manpage links, fix typo 2015-09-12 03:17:33 -05:00
Brent Cook
f1b00f4fb8 sudo/doas 2015-09-12 03:17:19 -05:00
Brent Cook
c5eef7f11c remove engine.c from CMake 2015-09-11 18:52:22 -05:00
Brent Cook
b89b470316 remove more deleted files 2015-09-11 18:46:36 -05:00
Brent Cook
105c86f3ed first round of 2.3.0 release notes 2015-09-11 18:18:46 -05:00
Brent Cook
6db3fc7c31 remove engine from openssl(1) 2015-09-11 09:47:40 -05:00
Brent Cook
2af9873259 add -lrt check for linux 2015-09-11 09:11:08 -05:00
Brent Cook
ef01eb71d1 speed up builds without killing os x perhaps 2015-09-11 09:10:57 -05:00
Brent Cook
b5090c5853 add cmake test support 2015-09-11 08:04:28 -05:00
Will Tange
afd031f0ed Small README typo 2015-09-11 03:24:14 -05:00
Brent Cook
384e71614f remove unneeded arc4random patch 2015-09-11 03:20:41 -05:00
Brent Cook
1ea6203cbf add openbsd tag sync script + release verifier 
gen-openbsd-tags.sh synchronizes local tags from the portable tree with
the openbsd git mirror. It does this by matching commit timestamps,
which can handle rehashing due to modifications of the git import scope
if we need it later.

check-release.sh generates a release tarball and compares it to an
actual release. This has shown a few mistakes in past release, but we
can use it to ensure are no issues with future releases.
 2015-09-10 11:50:16 -05:00
Brent Cook
b6aded059f ensure headers are sanitized before release 
When a public header is removed, we need to ensure it gets removed
in the release distribution as well. Also, remove nonexistent *.he
exclude.
 2015-09-10 11:50:03 -05:00
Brent Cook
1c2a3f25e2 Remove cmake tests from travis builds for now. 
This seemed like it should be easy, but apparently there are a lot of
gotchas that need to be ironed out in a branch first.
 2015-09-09 07:45:54 -05:00
Brent Cook
e04dfb2b27 fix a couple of travis build failures 2015-09-09 07:34:37 -05:00
Brent Cook
46c9a8de8b revert some travis shell portability tweaks 2015-09-09 07:13:05 -05:00
Brent Cook
9e090286b5 remove builtin travis cmake because it is too old 2015-09-09 07:01:26 -05:00
Brent Cook
f6999fbe4b try ninja on travis linux again 2015-09-09 07:01:05 -05:00
Brent Cook
c0341ad131 use newer cmake for travis linux builds, revise build script 2015-09-09 06:59:55 -05:00
Brent Cook
2728a86590 travis' cmake does not support ninja, use make 2015-09-09 06:40:05 -05:00
Brent Cook
5de4c4f0eb add travis-ci cmake tests 2015-09-09 06:12:16 -05:00
Brent Cook
5dc6303714 remove support for old MSVC versions, KNF 2015-09-09 06:03:52 -05:00
Brent Cook
adfb2bf722 Do not build lib-objects targets if we are just building static libs. 
This confuses some cmake targets.
 2015-09-09 06:03:52 -05:00
Brent Cook
5f4e95e7c1 updates for MSVC 2015's degenerate headers 
Note that 'perror' moves from stdio.h to stdlib.h, and 'rename' moves
from stdio.h to io.h. Also, standard C includes move from the compiler
to the Windows SDK, which changes the base path for the include files.
 2015-09-09 06:02:28 -05:00
Brent Cook
9903a26661 distribute strcasecmp.c 2015-09-07 01:28:29 -05:00
Brent Cook
ca56c332e3 disable shared CMake builds for OS X / Windows for now 2015-09-07 01:05:33 -05:00
Brent Cook
4078416c36 adjust order for ! .gitignore rule precedence 2015-09-07 00:40:20 -05:00
Brent Cook
122acbd659 update messages about Cygwin support 2015-09-07 00:33:55 -05:00
Brent Cook
5ccdd1380b distribute include and man CMakefiles 2015-09-07 00:31:59 -05:00
kinichiro
3057de0d2b use CP_LIBC for copying tests/memmem.c 2015-09-01 19:23:15 +09:00
Brent Cook
afcfb2d504 add CP_LIBC, fix tls compilation 2015-08-31 07:49:50 -05:00
Brent Cook
444749d1d5 remove s3_meth.c from CMake builds 2015-08-31 02:30:50 -05:00
Brent Cook
dbfba1154f remove DEF_WEAK from libc copies 2015-08-31 02:30:25 -05:00
Brent Cook
058df4a234 Delete s3_meth.c since it was only for SSLv3 support. 2015-08-30 22:26:12 -05:00
Brent Cook
4e2763575f update Changelog for 2.2.3 2015-08-30 22:17:55 -05:00
Brent Cook
cc3c1810e2 replace remaining bash-only features in the update script 
We used to need more features, but as the Makefile.am's
stopped being dynamically generated, there is less need.
 2015-08-28 06:03:33 -05:00
Brent Cook
935d2744aa VERSION is now generated 2015-08-19 19:44:28 -05:00
Brent Cook
3bdb537aae update pc files to use the package version, not library ABI version 2015-08-19 19:18:20 -05:00
Brent Cook
61fe482d46 derive version numbers from VERSION files 2015-08-19 19:18:03 -05:00
Jeff Davey
5461dea7f1 Add install targets and shared libraries to CMake 2015-08-18 13:20:19 -06:00
90 changed files with 7056 additions and 1142 deletions
Expand all files Collapse all files

37
.gitignore vendored
View File

@@ -41,16 +41,22 @@ Makefile.in
*.def
*.pc
# man pages
*.1
*.3
# tests
test-driver
*.log
*.trs
tests/aes_wrap*
tests/arc4random_fork*
tests/asn1time*
tests/cipher*
tests/explicit_bzero*
tests/gost2814789t*
tests/mont*
tests/rfc5280time*
tests/timingsafe*
tests/*test
tests/tests.h
@@ -61,6 +67,7 @@ tests/*.pem
tests/testssl
tests/*.txt
!tests/optionstest.c
!tests/*.test
# ctags stuff
TAGS
@@ -70,8 +77,8 @@ autom4te.cache
# Libtool adds these, at least sometimes
INSTALL
/COPYING
m4/l*
!m4/check*.m4
m4/l*
aclocal.m4
compile
@@ -106,17 +113,20 @@ tls/*.h
include/pqueue.h
include/tls.h
include/openssl/*.h
include/openssl/*.he
/apps/*.h
/apps/*.c
/apps/openssl
/apps/openssl.cnf
!/apps/apps_win.c
!/apps/poll_win.c
!/apps/certhash_disabled.c
/apps/nc/*.h
/apps/nc/*.c
/apps/nc/nc*
!/apps/nc/readpassphrase.c
/apps/openssl/*.h
/apps/openssl/*.c
/apps/openssl/*.cnf
/apps/openssl/*.pem
/apps/openssl/openssl
/apps/openssl/compat/strtonum.c
!/apps/openssl/apps_win.c
!/apps/openssl/certhash_win.c
/crypto
!/crypto/Makefile.am.*
!/crypto/compat/arc4random.h
!/crypto/compat/b_win.c
@@ -124,16 +134,18 @@ include/openssl/*.he
!/crypto/compat/posix_win.c
!/crypto/compat/bsd_asprintf.c
!/crypto/compat/inet_pton.c
!/crypto/compat/timegm.c
!/crypto/compat/ui_openssl_win.c
!/crypto/CMakeLists.txt
/crypto
!/libtls-standalone/compat/Makefile.am
/libtls-standalone/include/*.h
/libtls-standalone/src/*.c
/libtls-standalone/src/*.h
/libtls-standalone/src
/libtls-standalone/tests/test
/libtls-standalone/compat
!/libtls-standalone/compat/Makefile.am
/libtls-standalone/VERSION
/libtls-standalone/m4
/libtls-standalone/man
@@ -141,7 +153,4 @@ include/openssl/*.he
openbsd/
*.tar.gz
apps/*.1*
man/*.3
man/*.1
man/Makefile.am

39
CMakeLists.txt
View File

@@ -1,11 +1,27 @@
cmake_minimum_required (VERSION 2.8)
include(CheckFunctionExists)
include(CheckLibraryExists)
include(CheckIncludeFiles)
project (LibreSSL)
enable_testing()
file(READ ${CMAKE_SOURCE_DIR}/ssl/VERSION SSL_VERSION)
string(STRIP ${SSL_VERSION} SSL_VERSION)
string(REPLACE ":" "." SSL_VERSION ${SSL_VERSION})
string(REGEX REPLACE "\\..*" "" SSL_MAJOR_VERSION ${SSL_VERSION})
file(READ ${CMAKE_SOURCE_DIR}/crypto/VERSION CRYPTO_VERSION)
string(STRIP ${CRYPTO_VERSION} CRYPTO_VERSION)
string(REPLACE ":" "." CRYPTO_VERSION ${CRYPTO_VERSION})
string(REGEX REPLACE "\\..*" "" CRYPTO_MAJOR_VERSION ${CRYPTO_VERSION})
file(READ ${CMAKE_SOURCE_DIR}/tls/VERSION TLS_VERSION)
string(STRIP ${TLS_VERSION} TLS_VERSION)
string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION})
string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})
if(CMAKE_SYSTEM_NAME MATCHES "OpenBSD")
add_definitions(-DHAVE_ATTRIBUTE__BOUNDED__)
endif()
@@ -21,6 +37,8 @@ add_definitions(-DLIBRESSL_INTERNAL)
add_definitions(-DOPENSSL_NO_HW_PADLOCK)
add_definitions(-DOPENSSL_NO_ASM)
set(CMAKE_POSITION_INDEPENDENT_CODE true)
if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
add_definitions(-Wno-pointer-sign)
endif()
@@ -78,7 +96,7 @@ if(HAVE_STRLCAT)
add_definitions(-DHAVE_STRLCAT)
endif()
check_function_exists(strlcat HAVE_STRLCPY)
check_function_exists(strlcpy HAVE_STRLCPY)
if(HAVE_STRLCPY)
add_definitions(-DHAVE_STRLCPY)
endif()
@@ -89,7 +107,7 @@ if(HAVE_STRNDUP)
endif()
if(MSVC)
set(HAVE_STRNLEN)
set(HAVE_STRNLEN true)
add_definitions(-DHAVE_STRNLEN)
else()
check_function_exists(strnlen HAVE_STRNLEN)
@@ -103,6 +121,11 @@ if(HAVE_STRSEP)
add_definitions(-DHAVE_STRSEP)
endif()
check_function_exists(timegm HAVE_TIMEGM)
if(HAVE_TIMEGM)
add_definitions(-DHAVE_TIMEGM)
endif()
check_function_exists(arc4random_buf HAVE_ARC4RANDOM_BUF)
if(HAVE_ARC4RANDOM_BUF)
add_definitions(-DHAVE_ARC4RANDOM_BUF)
@@ -142,11 +165,23 @@ set(OPENSSL_LIBS ssl crypto)
if(CMAKE_HOST_WIN32)
set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "Linux")
check_library_exists(rt clock_gettime "time.h" HAVE_CLOCK_GETTIME)
if (HAVE_CLOCK_GETTIME)
set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
endif()
endif()
if(NOT (CMAKE_SYSTEM_NAME MATCHES "Darwin" OR MSVC))
set(BUILD_SHARED true)
endif()
add_subdirectory(crypto)
add_subdirectory(ssl)
add_subdirectory(apps)
add_subdirectory(tls)
add_subdirectory(include)
if(NOT MSVC)
add_subdirectory(man)
add_subdirectory(tests)
endif()

211
ChangeLog
View File

@@ -28,6 +28,217 @@ history is also available from Git.
LibreSSL Portable Release Notes:
2.3.8 - Security and reliability fixes
* Avoid unbounded memory growth in libssl, which can be triggered by a
TLS client repeatedly renegotiating and sending OCSP Status Request
TLS extensions.
* Avoid falling back to a weak digest for (EC)DH when using SNI with
libssl.
2.3.7 - OCSP fixes
* Fix several issues in the OCSP code that could result in the
incorrect generation and parsing of OCSP requests. This remediates a
lack of error checking on time parsing in these functions, and
ensures that only GENERALIZEDTIME formats are accepted for OCSP, as
per RFC 6960.
Issues reported, and fixes provided by Kazuki Yamaguchi <k@rhe.jp>
and Kinichiro Inoguchi <kinichiro.inoguchi@gmail.com>
2.3.6 - Security fix
* Correct a problem that prevents the DSA signing algorithm from
running in constant time even if the flag BN_FLG_CONSTTIME is set.
This issue was reported by Cesar Pereida (Aalto University), Billy
Brumley (Tampere University of Technology), and Yuval Yarom (The
University of Adelaide and NICTA). The fix was developed by Cesar
Pereida. See OpenBSD 5.9 errata 11, June 6, 2016
2.3.5 - Reliability fix
* Fixed an error in libcrypto when parsing some ASN.1 elements > 16k.
2.3.4 - Security Update
* Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.
From OpenSSL.
* Minor build fixes
2.3.3 - OpenBSD 5.9 release branch tagged
* Reworked build scripts to better sync with OpenNTPD-portable
* Fixed broken manpage links
* Fixed an nginx compatibility issue by adding an 'install_sw' make alias
* Fixed HP-UX builds
* Changed the default configuration directory to c:\LibreSSL\ssl on Windows
binary builds
* cert.pem has been reorganized and synced with Mozilla's certificate store
2.3.2 - Compatibility and Reliability fixes
* Changed format of LIBRESSL_VERSION_NUMBER to match that of
OPENSSL_VERSION_NUMBER, see:
https://wiki.openssl.org/index.php/Manual:OPENSSL_VERSION_NUMBER(3)
* Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
construction introduced in RFC 7539, which is different than that
already used in TLS with EVP_aead_chacha20_poly1305()
* Avoid a potential undefined C99+ behavior due to shift overflow in
AES_decrypt, reported by Pascal Cuoq <cuoq at trust-in-soft.com>
* More man pages converted from pod to mdoc format
* Added COMODO RSA Certification Authority and QuoVadis
root certificates to cert.pem
* Removed Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem
* Added support for building nc(1) on Solaris
* Fixed GCC 5.x+ preprocessor checks, reported by Ruslan Babayev
* Improved console handling with openssl(1) on Windows
* Ensure the network stack is enabled on Windows when running
tls_init()
* Fixed incorrect TLS certificate loading by nc(1)
* Added support for Solaris 11.3's getentropy(2) system call
* Enabled support for using NetBSD 7.0's arc4random(3) implementation
* Deprecated the SSL_OP_SINGLE_DH_USE flag by disabling its effect
* Fixes from OpenSSL 1.0.1q
- CVE-2015-3194 - NULL pointer dereference in client side certificate
validation.
- CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL
* The following OpenSSL CVEs did not apply to LibreSSL
- CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery
squaring procedure.
- CVE-2015-3196 - Double free race condition of the identify hint
data.
See https://marc.info/?l=openbsd-announce&m=144925068504102
2.3.1 - ASN.1 and time handling cleanups
* ASN.1 cleanups and RFC5280 compliance fixes.
* Time representations switched from 'unsigned long' to 'time_t'. LibreSSL
now checks if the host OS supports 64-bit time_t.
* Fixed a leak in SSL_new in the error path.
* Support always extracting the peer cipher and version with libtls.
* Added ability to check certificate validity times with libtls,
tls_peer_cert_notbefore and tls_peer_cert_notafter.
* Changed tls_connect_servername to use the first address that resolves with
getaddrinfo().
* Remove broken conditional EVP_CHECK_DES_KEY code (non-functional since
initial commit in 2004).
* Fixed a memory leak and out-of-bounds access in OBJ_obj2txt, reported
by Qualys Security.
* Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
sizeof(RC4_CHUNK), reported by Pascal Cuoq <cuoq at trust-in-soft.com>.
* Reject too small bits value in BN_generate_prime_ex(), so that it does
not risk becoming negative in probable_prime_dh_safe(), reported by
Franck Denis.
* Enable nc(1) builds on more platforms.
2.3.0 - SSLv3 removed, libtls API changes, portability improvements
* SSLv3 is now permanently removed from the tree.
* The libtls API is changed from the 2.2.x series.
The read/write functions work correctly with external event
libraries. See the tls_init man page for examples of using libtls
correctly in asynchronous mode.
Client-side verification is now supported, with the client supplying
the certificate to the server.
Also, when using tls_connect_fds, tls_connect_socket or
tls_accept_fds, libtls no longer implicitly closes the passed in
sockets. The caller is responsible for closing them in this case.
* When loading a DSA key from an raw (without DH parameters) ASN.1
serialization, perform some consistency checks on its `p' and `q'
values, and return an error if the checks failed.
Thanks for Georgi Guninski (guninski at guninski dot com) for
mentioning the possibility of a weak (non prime) q value and
providing a test case.
See
https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html
for a longer discussion.
* Fixed a bug in ECDH_compute_key that can lead to silent truncation
of the result key without error. A coding error could cause software
to use much shorter keys than intended.
* Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no
longer supported.
* The engine command and parameters are removed from the openssl(1).
Previous releases removed dynamic and builtin engine support
already.
* SHA-0 is removed, which was withdrawn shortly after publication 20
years ago.
* Added Certplus CA root certificate to the default cert.pem file.
* New interface OPENSSL_cpu_caps is provided that does not allow
software to inadvertently modify cpu capability flags.
OPENSSL_ia32cap and OPENSSL_ia32cap_loc are removed.
* The out_len argument of AEAD changed from ssize_t to size_t.
* Deduplicated DTLS code, sharing bugfixes and improvements with
TLS.
* Converted 'nc' to use libtls for client and server operations; it is
included in the libressl-portable distribution as an example of how
to use the library.
2.2.3 - Bug fixes, build enhancements
* LibreSSL 2.2.2 incorrectly handles ClientHello messages that do not
include TLS extensions, resulting in such handshakes being aborted.
This release corrects the handling of such messages. Thanks to
Ligushka from github for reporting the issue.
* Added install target for cmake builds. Thanks to TheNietsnie from
github.
* Updated pkgconfig files to correctly report the release version
number, not the individual library ABI version numbers. Thanks to
Jan Engelhardt for reporting the issue.
2.2.2 - More TLS parser rework, bug fixes, expanded portable build support
* Switched 'openssl dhparam' default from 512 to 2048 bits

3
Makefile.am
View File

@@ -6,3 +6,6 @@ pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc
EXTRA_DIST = README.md README.windows VERSION config scripts
EXTRA_DIST += CMakeLists.txt
.PHONY: install_sw
install_sw: install

4
Makefile.am.common
View File

@@ -1,2 +1,2 @@
AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat
AM_CPPFLAGS = -DLIBRESSL_INTERNAL
AM_CFLAGS =
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL

2
OPENBSD_BRANCH
View File

@@ -1 +1 @@
master
OPENBSD_5_9

4
README.md
View File

@@ -13,7 +13,7 @@ LibreSSL is API compatible with OpenSSL 1.0.1, but does not yet include all
new APIs from OpenSSL 1.0.2 and later. LibreSSL also includes APIs not yet
present in OpenSSL. The current common API subset is OpenSSL 1.0.1.
LibreSSL it is not ABI compatible with any release of OpenSSL, or necessarily
LibreSSL is not ABI compatible with any release of OpenSSL, or necessarily
earlier releases of LibreSSL. You will need to relink your programs to
LibreSSL in order to use it, just as in moving between major versions of OpenSSL.
LibreSSL's installed library version numbers are incremented to account for
@@ -62,7 +62,7 @@ If you have checked this source using Git, follow these initial steps to
prepare the source tree for building:
1. Ensure you have the following packages installed:
automake, autoconf, bash, git, libtool, perl, pod2man
automake, autoconf, git, libtool, perl, pod2man
2. Run './autogen.sh' to prepare the source tree for building or
run './dist.sh' to prepare a tarball.

5
README.windows
View File

@@ -6,9 +6,8 @@ GCC or Clang as the compiler. Contrary to its name, mingw-w64 supports both
then LibreSSL should integrate very nicely. Old versions of the mingw-w64
toolchain, such as the one packaged with Ubuntu 12.04, may have trouble
building LibreSSL. Please try it with a recent toolchain if you encounter
troubles. If you are building under Cygwin, only builds with the mingw-w64
compiler are supported, though you can easily use Cygwin to drive the build
process.
troubles. Cygwin provides an easy method of installing the latest mingw-w64
cross compilers on Windows.
To configure and build LibreSSL for a 32-bit system, use the following
build steps:

2
VERSION
View File

@@ -1,2 +0,0 @@
2.2.2

111
apps/CMakeLists.txt
View File

@@ -6,74 +6,75 @@ include_directories(
set(
OPENSSL_SRC
apps.c
asn1pars.c
ca.c
ciphers.c
cms.c
crl.c
crl2p7.c
dgst.c
dh.c
dhparam.c
dsa.c
dsaparam.c
ec.c
ecparam.c
enc.c
engine.c
errstr.c
gendh.c
gendsa.c
genpkey.c
genrsa.c
nseq.c
ocsp.c
openssl.c
passwd.c
pkcs12.c
pkcs7.c
pkcs8.c
pkey.c
pkeyparam.c
pkeyutl.c
prime.c
rand.c
req.c
rsa.c
rsautl.c
s_cb.c
s_client.c
s_server.c
s_socket.c
s_time.c
sess_id.c
smime.c
speed.c
spkac.c
ts.c
verify.c
version.c
x509.c
openssl/apps.c
openssl/asn1pars.c
openssl/ca.c
openssl/ciphers.c
openssl/cms.c
openssl/crl.c
openssl/crl2p7.c
openssl/dgst.c
openssl/dh.c
openssl/dhparam.c
openssl/dsa.c
openssl/dsaparam.c
openssl/ec.c
openssl/ecparam.c
openssl/enc.c
openssl/errstr.c
openssl/gendh.c
openssl/gendsa.c
openssl/genpkey.c
openssl/genrsa.c
openssl/nseq.c
openssl/ocsp.c
openssl/openssl.c
openssl/passwd.c
openssl/pkcs12.c
openssl/pkcs7.c
openssl/pkcs8.c
openssl/pkey.c
openssl/pkeyparam.c
openssl/pkeyutl.c
openssl/prime.c
openssl/rand.c
openssl/req.c
openssl/rsa.c
openssl/rsautl.c
openssl/s_cb.c
openssl/s_client.c
openssl/s_server.c
openssl/s_socket.c
openssl/s_time.c
openssl/sess_id.c
openssl/smime.c
openssl/speed.c
openssl/spkac.c
openssl/ts.c
openssl/verify.c
openssl/version.c
openssl/x509.c
)
if(CMAKE_HOST_UNIX)
set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c)
set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c)
set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_posix.c)
set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash.c)
endif()
if(CMAKE_HOST_WIN32)
set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} certhash_disabled.c)
set(OPENSSL_SRC ${OPENSSL_SRC} poll_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/poll_win.c)
endif()
check_function_exists(strtonum HAVE_STRTONUM)
if(HAVE_STRTONUM)
add_definitions(-DHAVE_STRTONUM)
else()
set(OPENSSL_SRC ${OPENSSL_SRC} strtonum.c)
set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/strtonum.c)
endif()
add_executable(openssl ${OPENSSL_SRC})
target_link_libraries(openssl ${OPENSSL_LIBS})
install(TARGETS openssl DESTINATION bin)

117
apps/Makefile.am
View File

@@ -1,118 +1,5 @@
include $(top_srcdir)/Makefile.am.common
bin_PROGRAMS = openssl
SUBDIRS = openssl nc
openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
openssl_LDADD += $(top_builddir)/ssl/libssl.la
openssl_LDADD += $(top_builddir)/crypto/libcrypto.la
openssl_SOURCES = apps.c
openssl_SOURCES += asn1pars.c
openssl_SOURCES += ca.c
openssl_SOURCES += ciphers.c
openssl_SOURCES += cms.c
openssl_SOURCES += crl.c
openssl_SOURCES += crl2p7.c
openssl_SOURCES += dgst.c
openssl_SOURCES += dh.c
openssl_SOURCES += dhparam.c
openssl_SOURCES += dsa.c
openssl_SOURCES += dsaparam.c
openssl_SOURCES += ec.c
openssl_SOURCES += ecparam.c
openssl_SOURCES += enc.c
openssl_SOURCES += engine.c
openssl_SOURCES += errstr.c
openssl_SOURCES += gendh.c
openssl_SOURCES += gendsa.c
openssl_SOURCES += genpkey.c
openssl_SOURCES += genrsa.c
openssl_SOURCES += nseq.c
openssl_SOURCES += ocsp.c
openssl_SOURCES += openssl.c
openssl_SOURCES += passwd.c
openssl_SOURCES += pkcs12.c
openssl_SOURCES += pkcs7.c
openssl_SOURCES += pkcs8.c
openssl_SOURCES += pkey.c
openssl_SOURCES += pkeyparam.c
openssl_SOURCES += pkeyutl.c
openssl_SOURCES += prime.c
openssl_SOURCES += rand.c
openssl_SOURCES += req.c
openssl_SOURCES += rsa.c
openssl_SOURCES += rsautl.c
openssl_SOURCES += s_cb.c
openssl_SOURCES += s_client.c
openssl_SOURCES += s_server.c
openssl_SOURCES += s_socket.c
openssl_SOURCES += s_time.c
openssl_SOURCES += sess_id.c
openssl_SOURCES += smime.c
openssl_SOURCES += speed.c
openssl_SOURCES += spkac.c
openssl_SOURCES += ts.c
openssl_SOURCES += verify.c
openssl_SOURCES += version.c
openssl_SOURCES += x509.c
if BUILD_CERTHASH
openssl_SOURCES += certhash.c
else
openssl_SOURCES += certhash_disabled.c
endif
if HOST_WIN
openssl_SOURCES += apps_win.c
else
openssl_SOURCES += apps_posix.c
endif
if !HAVE_POLL
if HOST_WIN
openssl_SOURCES += poll_win.c
endif
endif
if !HAVE_STRTONUM
openssl_SOURCES += strtonum.c
endif
noinst_HEADERS = apps.h
noinst_HEADERS += progs.h
noinst_HEADERS += s_apps.h
noinst_HEADERS += testdsa.h
noinst_HEADERS += testrsa.h
noinst_HEADERS += timeouts.h
EXTRA_DIST = cert.pem
EXTRA_DIST += openssl.cnf
EXTRA_DIST += x509v3.cnf
EXTRA_DIST += CMakeLists.txt
install-exec-hook:
@if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
else \
OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
fi; \
mkdir -p "$$OPENSSLDIR/certs"; \
for i in cert.pem openssl.cnf x509v3.cnf; do \
if [ ! -f "$$OPENSSLDIR/$i" ]; then \
$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
else \
echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
fi \
done
uninstall-local:
@if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
else \
OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
fi; \
for i in cert.pem openssl.cnf x509v3.cnf; do \
if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
rm -f "$$OPENSSLDIR/$$i"; \
fi \
done
EXTRA_DIST = CMakeLists.txt

29
apps/apps_win.c
View File

@@ -1,29 +0,0 @@
/*
* Public domain
*
* Dongsheng Song <dongsheng.song@gmail.com>
* Brent Cook <bcook@openbsd.org>
*/
#include <windows.h>
#include "apps.h"
double
app_tminterval(int stop, int usertime)
{
static unsigned __int64 tmstart;
union {
unsigned __int64 u64;
FILETIME ft;
} ct, et, kt, ut;
GetProcessTimes(GetCurrentProcess(), &ct.ft, &et.ft, &kt.ft, &ut.ft);
if (stop == TM_START) {
tmstart = ut.u64 + kt.u64;
} else {
return (ut.u64 + kt.u64 - tmstart) / (double) 10000000;
}
return 0;
}

49
apps/nc/Makefile.am Normal file
View File

@@ -0,0 +1,49 @@
include $(top_srcdir)/Makefile.am.common
if BUILD_NC
if ENABLE_NC
bin_PROGRAMS = nc
else
noinst_PROGRAMS = nc
endif
EXTRA_DIST = nc.1
nc_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
nc_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
nc_LDADD += $(abs_top_builddir)/ssl/libssl.la
nc_LDADD += $(abs_top_builddir)/tls/libtls.la
AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat
if OPENSSLDIR_DEFINED
AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
else
AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"
endif
nc_SOURCES = atomicio.c
nc_SOURCES += netcat.c
nc_SOURCES += socks.c
noinst_HEADERS = atomicio.h
noinst_HEADERS += compat/sys/socket.h
nc_SOURCES += compat/socket.c
if !HAVE_B64_NTOP
nc_SOURCES += compat/base64.c
endif
if !HAVE_ACCEPT4
nc_SOURCES += compat/accept4.c
endif
if !HAVE_READPASSPHRASE
nc_SOURCES += compat/readpassphrase.c
endif
if !HAVE_STRTONUM
nc_SOURCES += compat/strtonum.c
endif
endif

17
apps/nc/compat/accept4.c Normal file
View File

@@ -0,0 +1,17 @@
#include <sys/socket.h>
#include <fcntl.h>
int
accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags)
{
int rets = accept(s, addr, addrlen);
if (rets == -1)
return s;
if (flags & SOCK_CLOEXEC) {
flags = fcntl(s, F_GETFD);
fcntl(rets, F_SETFD, flags | FD_CLOEXEC);
}
return rets;
}

315
apps/nc/compat/base64.c Normal file
View File

@@ -0,0 +1,315 @@
/* $OpenBSD: base64.c,v 1.8 2015/01/16 16:48:51 deraadt Exp $ */
/*
* Copyright (c) 1996 by Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
/*
* Portions Copyright (c) 1995 by International Business Machines, Inc.
*
* International Business Machines, Inc. (hereinafter called IBM) grants
* permission under its copyrights to use, copy, modify, and distribute this
* Software with or without fee, provided that the above copyright notice and
* all paragraphs of this notice appear in all copies, and that the name of IBM
* not be used in connection with the marketing of any product incorporating
* the Software or modifications thereof, without specific, written prior
* permission.
*
* To the extent it has a right to do so, IBM grants an immunity from suit
* under its patents, if any, for the use, sale or manufacture of products to
* the extent that such products are used for performing Domain Name System
* dynamic updates in TCP/IP networks by means of the Software. No immunity is
* granted for any product per se or for any other function of any product.
*
* THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
* DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
* IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <ctype.h>
#include <resolv.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static const char Base64[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static const char Pad64 = '=';
/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
The following encoding technique is taken from RFC 1521 by Borenstein
and Freed. It is reproduced here in a slightly edited form for
convenience.
A 65-character subset of US-ASCII is used, enabling 6 bits to be
represented per printable character. (The extra 65th character, "=",
is used to signify a special processing function.)
The encoding process represents 24-bit groups of input bits as output
strings of 4 encoded characters. Proceeding from left to right, a
24-bit input group is formed by concatenating 3 8-bit input groups.
These 24 bits are then treated as 4 concatenated 6-bit groups, each
of which is translated into a single digit in the base64 alphabet.
Each 6-bit group is used as an index into an array of 64 printable
characters. The character referenced by the index is placed in the
output string.
Table 1: The Base64 Alphabet
Value Encoding Value Encoding Value Encoding Value Encoding
0 A 17 R 34 i 51 z
1 B 18 S 35 j 52 0
2 C 19 T 36 k 53 1
3 D 20 U 37 l 54 2
4 E 21 V 38 m 55 3
5 F 22 W 39 n 56 4
6 G 23 X 40 o 57 5
7 H 24 Y 41 p 58 6
8 I 25 Z 42 q 59 7
9 J 26 a 43 r 60 8
10 K 27 b 44 s 61 9
11 L 28 c 45 t 62 +
12 M 29 d 46 u 63 /
13 N 30 e 47 v
14 O 31 f 48 w (pad) =
15 P 32 g 49 x
16 Q 33 h 50 y
Special processing is performed if fewer than 24 bits are available
at the end of the data being encoded. A full encoding quantum is
always completed at the end of a quantity. When fewer than 24 input
bits are available in an input group, zero bits are added (on the
right) to form an integral number of 6-bit groups. Padding at the
end of the data is performed using the '=' character.
Since all base64 input is an integral number of octets, only the
-------------------------------------------------
following cases can arise:
(1) the final quantum of encoding input is an integral
multiple of 24 bits; here, the final unit of encoded
output will be an integral multiple of 4 characters
with no "=" padding,
(2) the final quantum of encoding input is exactly 8 bits;
here, the final unit of encoded output will be two
characters followed by two "=" padding characters, or
(3) the final quantum of encoding input is exactly 16 bits;
here, the final unit of encoded output will be three
characters followed by one "=" padding character.
*/
int
b64_ntop(src, srclength, target, targsize)
u_char const *src;
size_t srclength;
char *target;
size_t targsize;
{
size_t datalength = 0;
u_char input[3];
u_char output[4];
int i;
while (2 < srclength) {
input[0] = *src++;
input[1] = *src++;
input[2] = *src++;
srclength -= 3;
output[0] = input[0] >> 2;
output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
output[3] = input[2] & 0x3f;
if (datalength + 4 > targsize)
return (-1);
target[datalength++] = Base64[output[0]];
target[datalength++] = Base64[output[1]];
target[datalength++] = Base64[output[2]];
target[datalength++] = Base64[output[3]];
}
/* Now we worry about padding. */
if (0 != srclength) {
/* Get what's left. */
input[0] = input[1] = input[2] = '\0';
for (i = 0; i < srclength; i++)
input[i] = *src++;
output[0] = input[0] >> 2;
output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
if (datalength + 4 > targsize)
return (-1);
target[datalength++] = Base64[output[0]];
target[datalength++] = Base64[output[1]];
if (srclength == 1)
target[datalength++] = Pad64;
else
target[datalength++] = Base64[output[2]];
target[datalength++] = Pad64;
}
if (datalength >= targsize)
return (-1);
target[datalength] = '\0'; /* Returned value doesn't count \0. */
return (datalength);
}
/* skips all whitespace anywhere.
converts characters, four at a time, starting at (or after)
src from base - 64 numbers into three 8 bit bytes in the target area.
it returns the number of data bytes stored at the target, or -1 on error.
*/
int
b64_pton(src, target, targsize)
char const *src;
u_char *target;
size_t targsize;
{
int tarindex, state, ch;
u_char nextbyte;
char *pos;
state = 0;
tarindex = 0;
while ((ch = (unsigned char)*src++) != '\0') {
if (isspace(ch)) /* Skip whitespace anywhere. */
continue;
if (ch == Pad64)
break;
pos = strchr(Base64, ch);
if (pos == 0) /* A non-base64 character. */
return (-1);
switch (state) {
case 0:
if (target) {
if (tarindex >= targsize)
return (-1);
target[tarindex] = (pos - Base64) << 2;
}
state = 1;
break;
case 1:
if (target) {
if (tarindex >= targsize)
return (-1);
target[tarindex] |= (pos - Base64) >> 4;
nextbyte = ((pos - Base64) & 0x0f) << 4;
if (tarindex + 1 < targsize)
target[tarindex+1] = nextbyte;
else if (nextbyte)
return (-1);
}
tarindex++;
state = 2;
break;
case 2:
if (target) {
if (tarindex >= targsize)
return (-1);
target[tarindex] |= (pos - Base64) >> 2;
nextbyte = ((pos - Base64) & 0x03) << 6;
if (tarindex + 1 < targsize)
target[tarindex+1] = nextbyte;
else if (nextbyte)
return (-1);
}
tarindex++;
state = 3;
break;
case 3:
if (target) {
if (tarindex >= targsize)
return (-1);
target[tarindex] |= (pos - Base64);
}
tarindex++;
state = 0;
break;
}
}
/*
* We are done decoding Base-64 chars. Let's see if we ended
* on a byte boundary, and/or with erroneous trailing characters.
*/
if (ch == Pad64) { /* We got a pad char. */
ch = (unsigned char)*src++; /* Skip it, get next. */
switch (state) {
case 0: /* Invalid = in first position */
case 1: /* Invalid = in second position */
return (-1);
case 2: /* Valid, means one byte of info */
/* Skip any number of spaces. */
for (; ch != '\0'; ch = (unsigned char)*src++)
if (!isspace(ch))
break;
/* Make sure there is another trailing = sign. */
if (ch != Pad64)
return (-1);
ch = (unsigned char)*src++; /* Skip the = */
/* Fall through to "single trailing =" case. */
/* FALLTHROUGH */
case 3: /* Valid, means two bytes of info */
/*
* We know this char is an =. Is there anything but
* whitespace after it?
*/
for (; ch != '\0'; ch = (unsigned char)*src++)
if (!isspace(ch))
return (-1);
/*
* Now make sure for cases 2 and 3 that the "extra"
* bits that slopped past the last full byte were
* zeros. If we don't check them, they become a
* subliminal channel.
*/
if (target && tarindex < targsize &&
target[tarindex] != 0)
return (-1);
}
} else {
/*
* We ended by seeing the end of the string. Make sure we
* have no partial bytes lying around.
*/
if (state != 0)
return (-1);
}
return (tarindex);
}

205
apps/nc/compat/readpassphrase.c Normal file
View File

@@ -0,0 +1,205 @@
/* $OpenBSD: readpassphrase.c,v 1.22 2010/01/13 10:20:54 dtucker Exp $ */
/*
* Copyright (c) 2000-2002, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */
#include <termios.h>
#include <signal.h>
#include <ctype.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <readpassphrase.h>
#ifndef _PATH_TTY
# define _PATH_TTY "/dev/tty"
#endif
#ifdef TCSASOFT
# define _T_FLUSH (TCSAFLUSH|TCSASOFT)
#else
# define _T_FLUSH (TCSAFLUSH)
#endif
/* SunOS 4.x which lacks _POSIX_VDISABLE, but has VDISABLE */
#if !defined(_POSIX_VDISABLE) && defined(VDISABLE)
# define _POSIX_VDISABLE VDISABLE
#endif
#ifndef _NSIG
# ifdef NSIG
# define _NSIG NSIG
# else
# define _NSIG 128
# endif
#endif
static volatile sig_atomic_t signo[_NSIG];
static void handler(int);
char *
readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
{
ssize_t bytes_written = 0;
ssize_t nr;
int input, output, save_errno, i, need_restart;
char ch, *p, *end;
struct termios term, oterm;
struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
struct sigaction savetstp, savettin, savettou, savepipe;
/* I suppose we could alloc on demand in this case (XXX). */
if (bufsiz == 0) {
errno = EINVAL;
return(NULL);
}
restart:
for (i = 0; i < _NSIG; i++)
signo[i] = 0;
nr = -1;
save_errno = 0;
need_restart = 0;
/*
* Read and write to /dev/tty if available. If not, read from
* stdin and write to stderr unless a tty is required.
*/
if ((flags & RPP_STDIN) ||
(input = output = open(_PATH_TTY, O_RDWR)) == -1) {
if (flags & RPP_REQUIRE_TTY) {
errno = ENOTTY;
return(NULL);
}
input = STDIN_FILENO;
output = STDERR_FILENO;
}
/*
* Catch signals that would otherwise cause the user to end
* up with echo turned off in the shell. Don't worry about
* things like SIGXCPU and SIGVTALRM for now.
*/
sigemptyset(&sa.sa_mask);
sa.sa_flags = 0; /* don't restart system calls */
sa.sa_handler = handler;
(void)sigaction(SIGALRM, &sa, &savealrm);
(void)sigaction(SIGHUP, &sa, &savehup);
(void)sigaction(SIGINT, &sa, &saveint);
(void)sigaction(SIGPIPE, &sa, &savepipe);
(void)sigaction(SIGQUIT, &sa, &savequit);
(void)sigaction(SIGTERM, &sa, &saveterm);
(void)sigaction(SIGTSTP, &sa, &savetstp);
(void)sigaction(SIGTTIN, &sa, &savettin);
(void)sigaction(SIGTTOU, &sa, &savettou);
/* Turn off echo if possible. */
if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
memcpy(&term, &oterm, sizeof(term));
if (!(flags & RPP_ECHO_ON))
term.c_lflag &= ~(ECHO | ECHONL);
#ifdef VSTATUS
if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
term.c_cc[VSTATUS] = _POSIX_VDISABLE;
#endif
(void)tcsetattr(input, _T_FLUSH, &term);
} else {
memset(&term, 0, sizeof(term));
term.c_lflag |= ECHO;
memset(&oterm, 0, sizeof(oterm));
oterm.c_lflag |= ECHO;
}
/* No I/O if we are already backgrounded. */
if (signo[SIGTTOU] != 1 && signo[SIGTTIN] != 1) {
if (!(flags & RPP_STDIN))
bytes_written = write(output, prompt, strlen(prompt));
end = buf + bufsiz - 1;
p = buf;
while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
if (p < end) {
if ((flags & RPP_SEVENBIT))
ch &= 0x7f;
if (isalpha((unsigned char)ch)) {
if ((flags & RPP_FORCELOWER))
ch = (char)tolower((unsigned char)ch);
if ((flags & RPP_FORCEUPPER))
ch = (char)toupper((unsigned char)ch);
}
*p++ = ch;
}
}
*p = '\0';
save_errno = errno;
if (!(term.c_lflag & ECHO))
bytes_written = write(output, "\n", 1);
}
(void) bytes_written;
/* Restore old terminal settings and signals. */
if (memcmp(&term, &oterm, sizeof(term)) != 0) {
while (tcsetattr(input, _T_FLUSH, &oterm) == -1 &&
errno == EINTR)
continue;
}
(void)sigaction(SIGALRM, &savealrm, NULL);
(void)sigaction(SIGHUP, &savehup, NULL);
(void)sigaction(SIGINT, &saveint, NULL);
(void)sigaction(SIGQUIT, &savequit, NULL);
(void)sigaction(SIGPIPE, &savepipe, NULL);
(void)sigaction(SIGTERM, &saveterm, NULL);
(void)sigaction(SIGTSTP, &savetstp, NULL);
(void)sigaction(SIGTTIN, &savettin, NULL);
(void)sigaction(SIGTTOU, &savettou, NULL);
if (input != STDIN_FILENO)
(void)close(input);
/*
* If we were interrupted by a signal, resend it to ourselves
* now that we have restored the signal handlers.
*/
for (i = 0; i < _NSIG; i++) {
if (signo[i]) {
kill(getpid(), i);
switch (i) {
case SIGTSTP:
case SIGTTIN:
case SIGTTOU:
need_restart = 1;
}
}
}
if (need_restart)
goto restart;
if (save_errno)
errno = save_errno;
return(nr == -1 ? NULL : buf);
}
static void handler(int s)
{
signo[s] = 1;
}

29
apps/nc/compat/socket.c Normal file
View File

@@ -0,0 +1,29 @@
#define SOCKET_FLAGS_PRIV
#include <sys/socket.h>
#ifdef NEED_SOCKET_FLAGS
#include <fcntl.h>
int
_socket(int domain, int type, int protocol)
{
int s = socket(domain, type & ~(SOCK_CLOEXEC | SOCK_NONBLOCK), protocol);
int flags;
if (s == -1)
return s;
if (type & SOCK_CLOEXEC) {
flags = fcntl(s, F_GETFD);
fcntl(s, F_SETFD, flags | FD_CLOEXEC);
}
if (type & SOCK_NONBLOCK) {
flags = fcntl(s, F_GETFL);
fcntl(s, F_SETFL, flags | O_NONBLOCK);
}
return s;
}
#endif

65
apps/nc/compat/strtonum.c Normal file
View File

@@ -0,0 +1,65 @@
/* $OpenBSD: strtonum.c,v 1.7 2013/04/17 18:40:58 tedu Exp $ */
/*
* Copyright (c) 2004 Ted Unangst and Todd Miller
* All rights reserved.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <errno.h>
#include <limits.h>
#include <stdlib.h>
#define INVALID 1
#define TOOSMALL 2
#define TOOLARGE 3
long long
strtonum(const char *numstr, long long minval, long long maxval,
const char **errstrp)
{
long long ll = 0;
int error = 0;
char *ep;
struct errval {
const char *errstr;
int err;
} ev[4] = {
{ NULL, 0 },
{ "invalid", EINVAL },
{ "too small", ERANGE },
{ "too large", ERANGE },
};
ev[0].err = errno;
errno = 0;
if (minval > maxval) {
error = INVALID;
} else {
ll = strtoll(numstr, &ep, 10);
if (numstr == ep || *ep != '\0')
error = INVALID;
else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval)
error = TOOSMALL;
else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval)
error = TOOLARGE;
}
if (errstrp != NULL)
*errstrp = ev[error].errstr;
errno = ev[error].err;
if (error)
ll = 0;
return (ll);
}

31
apps/nc/compat/sys/socket.h Normal file
View File

@@ -0,0 +1,31 @@
/*
* Public domain
* sys/socket.h compatibility shim
*/
#ifndef _WIN32
#include_next <sys/socket.h>
#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC)
#define NEED_SOCKET_FLAGS
int _socket(int domain, int type, int protocol);
#ifndef SOCKET_FLAGS_PRIV
#define socket(d, t, p) _socket(d, t, p)
#endif
#endif
#ifndef SOCK_NONBLOCK
#define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */
#endif
#ifndef SOCK_CLOEXEC
#define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */
#endif
#ifndef HAVE_ACCEPT4
int accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags);
#endif
#else
#include <win32netcompat.h>
#endif

118
apps/openssl/Makefile.am Normal file
View File

@@ -0,0 +1,118 @@
include $(top_srcdir)/Makefile.am.common
bin_PROGRAMS = openssl
dist_man_MANS = openssl.1
openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
openssl_LDADD += $(abs_top_builddir)/ssl/libssl.la
openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
openssl_SOURCES = apps.c
openssl_SOURCES += asn1pars.c
openssl_SOURCES += ca.c
openssl_SOURCES += ciphers.c
openssl_SOURCES += cms.c
openssl_SOURCES += crl.c
openssl_SOURCES += crl2p7.c
openssl_SOURCES += dgst.c
openssl_SOURCES += dh.c
openssl_SOURCES += dhparam.c
openssl_SOURCES += dsa.c
openssl_SOURCES += dsaparam.c
openssl_SOURCES += ec.c
openssl_SOURCES += ecparam.c
openssl_SOURCES += enc.c
openssl_SOURCES += errstr.c
openssl_SOURCES += gendh.c
openssl_SOURCES += gendsa.c
openssl_SOURCES += genpkey.c
openssl_SOURCES += genrsa.c
openssl_SOURCES += nseq.c
openssl_SOURCES += ocsp.c
openssl_SOURCES += openssl.c
openssl_SOURCES += passwd.c
openssl_SOURCES += pkcs12.c
openssl_SOURCES += pkcs7.c
openssl_SOURCES += pkcs8.c
openssl_SOURCES += pkey.c
openssl_SOURCES += pkeyparam.c
openssl_SOURCES += pkeyutl.c
openssl_SOURCES += prime.c
openssl_SOURCES += rand.c
openssl_SOURCES += req.c
openssl_SOURCES += rsa.c
openssl_SOURCES += rsautl.c
openssl_SOURCES += s_cb.c
openssl_SOURCES += s_client.c
openssl_SOURCES += s_server.c
openssl_SOURCES += s_socket.c
openssl_SOURCES += s_time.c
openssl_SOURCES += sess_id.c
openssl_SOURCES += smime.c
openssl_SOURCES += speed.c
openssl_SOURCES += spkac.c
openssl_SOURCES += ts.c
openssl_SOURCES += verify.c
openssl_SOURCES += version.c
openssl_SOURCES += x509.c
if BUILD_CERTHASH
openssl_SOURCES += certhash.c
else
openssl_SOURCES += certhash_win.c
endif
if HOST_WIN
openssl_SOURCES += apps_win.c
else
openssl_SOURCES += apps_posix.c
endif
if !HAVE_POLL
if HOST_WIN
openssl_SOURCES += compat/poll_win.c
endif
endif
if !HAVE_STRTONUM
openssl_SOURCES += compat/strtonum.c
endif
noinst_HEADERS = apps.h
noinst_HEADERS += progs.h
noinst_HEADERS += s_apps.h
noinst_HEADERS += testdsa.h
noinst_HEADERS += testrsa.h
noinst_HEADERS += timeouts.h
EXTRA_DIST = cert.pem
EXTRA_DIST += openssl.cnf
EXTRA_DIST += x509v3.cnf
install-exec-hook:
@if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
else \
OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
fi; \
mkdir -p "$$OPENSSLDIR/certs"; \
for i in cert.pem openssl.cnf x509v3.cnf; do \
if [ ! -f "$$OPENSSLDIR/$i" ]; then \
$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
else \
echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
fi \
done
uninstall-local:
@if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
else \
OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
fi; \
for i in cert.pem openssl.cnf x509v3.cnf; do \
if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
rm -f "$$OPENSSLDIR/$$i"; \
fi \
done

60
apps/openssl/apps_win.c Normal file
View File

@@ -0,0 +1,60 @@
/*
* Public domain
*
* Dongsheng Song <dongsheng.song@gmail.com>
* Brent Cook <bcook@openbsd.org>
*/
#include <windows.h>
#include <io.h>
#include <fcntl.h>
#include "apps.h"
double
app_tminterval(int stop, int usertime)
{
static unsigned __int64 tmstart;
union {
unsigned __int64 u64;
FILETIME ft;
} ct, et, kt, ut;
GetProcessTimes(GetCurrentProcess(), &ct.ft, &et.ft, &kt.ft, &ut.ft);
if (stop == TM_START) {
tmstart = ut.u64 + kt.u64;
} else {
return (ut.u64 + kt.u64 - tmstart) / (double) 10000000;
}
return 0;
}
int
setup_ui(void)
{
ui_method = UI_create_method("OpenSSL application user interface");
UI_method_set_opener(ui_method, ui_open);
UI_method_set_reader(ui_method, ui_read);
UI_method_set_writer(ui_method, ui_write);
UI_method_set_closer(ui_method, ui_close);
/*
* Set STDIO to binary
*/
_setmode(_fileno(stdin), _O_BINARY);
_setmode(_fileno(stdout), _O_BINARY);
_setmode(_fileno(stderr), _O_BINARY);
return 0;
}
void
destroy_ui(void)
{
if (ui_method) {
UI_destroy_method(ui_method);
ui_method = NULL;
}
}

0
apps/certhash_disabled.c → apps/openssl/certhash_win.c
View File

0
apps/poll_win.c → apps/openssl/compat/poll_win.c
View File

4
autogen.sh
View File

@@ -9,3 +9,7 @@ autoreconf -i -f
sed 's/-fuse-linker-plugin)/-fuse-linker-plugin|-fstack-protector*)/' \
ltmain.sh > ltmain.sh.fixed
mv -f ltmain.sh.fixed ltmain.sh
# Update config scripts and fixup permissions
find . ! -perm -u=w -exec chmod u+w {} \;
cp scripts/config.* .

70
check-release.sh Executable file
View File

@@ -0,0 +1,70 @@
#!/bin/sh
set -e
ver=$1
dir=libressl-$ver
tarball=$dir.tar.gz
tag=v$ver
if [ -z "$LIBRESSL_SSH" ]; then
if ! curl -v 1>/dev/null 2>&1; then
download="curl -O"
elif echo quit | ftp 1>/dev/null 2>&1; then
download=ftp
else
echo "need 'ftp' or 'curl' to verify"
exit
fi
fi
if [ "$ver" = "" ]; then
echo "please specify a version to check, e.g. $0 2.1.2"
exit
fi
if [ ! -e releases/$tarball ]; then
mkdir -p releases
rm -f $tarball
if [ -z "$LIBRESSL_SSH" ]; then
$download http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$tarball releases/
mv $tarball releases
else
scp $LIBRESSL_SSH/$tarball releases
fi
(cd releases; tar zxvf $tarball)
fi
if [ ! -e gen-releases/$tarball ]; then
rm -fr tests man include ssl crypto libtls-standalone/VERSION INSTALL
git checkout OPENBSD_BRANCH update.sh tests man include ssl crypto
git checkout $tag
echo "libressl-$tag" > OPENBSD_BRANCH
sed -i 's/git pull --rebase//' update.sh
./autogen.sh
./configure --enable-libtls
make dist
mkdir -p gen-releases
mv $tarball gen-releases
git checkout OPENBSD_BRANCH update.sh
git checkout master
fi
(cd gen-releases; rm -fr $dir; tar zxf $tarball)
(cd releases; rm -fr $dir; tar zxf $tarball)
echo "differences between release and regenerated release tag:"
diff -urN \
-x *.3 \
-x Makefile.in \
-x aclocal.m4 \
-x compile \
-x config.guess \
-x config.sub \
-x configure \
-x depcomp \
-x install-sh \
-x missing \
-x test-driver \
releases/$dir gen-releases/$dir

23
configure.ac
View File

@@ -49,10 +49,10 @@ AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes])
AC_CHECK_FUNC([funopen])
CHECK_LIBC_COMPAT
CHECK_LIBC_CRYPTO_COMPAT
CHECK_SYSCALL_COMPAT
CHECK_CRYPTO_COMPAT
CHECK_VA_COPY
AC_CHECK_HEADERS([err.h])
CHECK_B64_NTOP
AC_ARG_WITH([openssldir],
AS_HELP_STRING([--with-openssldir],
@@ -86,6 +86,10 @@ case $host_cpu in
AS_IF([test "x$BSWAP4" = "xyes"],,
CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT")
;;
*amd64*)
host_cpu=x86_64
;;
esac
AC_MSG_CHECKING([if .gnu.warning accepts long strings])
@@ -110,6 +114,9 @@ AM_CONDITIONAL([HOST_ASM_ELF_X86_64],
AM_CONDITIONAL([HOST_ASM_MACOSX_X86_64],
[test "x$HOST_ABI" = "xmacosx" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
# Check if time_t is sized correctly
AC_CHECK_SIZEOF([time_t], [time.h])
AC_CONFIG_FILES([
Makefile
include/Makefile
@@ -119,6 +126,8 @@ AC_CONFIG_FILES([
tls/Makefile
tests/Makefile
apps/Makefile
apps/openssl/Makefile
apps/nc/Makefile
man/Makefile
libcrypto.pc
libssl.pc
@@ -126,4 +135,12 @@ AC_CONFIG_FILES([
openssl.pc
])
AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
if test "$ac_cv_sizeof_time_t" = "4"; then
echo " ** Warning, this system is unable to represent times past 2038"
echo " ** It will behave incorrectly when handling valid RFC5280 dates"
fi
AC_REQUIRE_AUX_FILE([tap-driver.sh])
AC_OUTPUT

28
crypto/CMakeLists.txt
View File

@@ -42,7 +42,6 @@ set(
asn1/a_digest.c
asn1/a_dup.c
asn1/a_enum.c
asn1/a_gentm.c
asn1/a_i2d_fp.c
asn1/a_int.c
asn1/a_mbstr.c
@@ -54,8 +53,8 @@ set(
asn1/a_strex.c
asn1/a_strnid.c
asn1/a_time.c
asn1/a_time_tm.c
asn1/a_type.c
asn1/a_utctm.c
asn1/a_utf8.c
asn1/a_verify.c
asn1/ameth_lib.c
@@ -263,7 +262,6 @@ set(
ecdh/ech_err.c
ecdh/ech_key.c
ecdh/ech_lib.c
ecdh/ech_ossl.c
ecdsa/ecs_asn1.c
ecdsa/ecs_err.c
ecdsa/ecs_lib.c
@@ -335,7 +333,6 @@ set(
evp/m_md5.c
evp/m_null.c
evp/m_ripemd.c
evp/m_sha.c
evp/m_sha1.c
evp/m_sigver.c
evp/m_streebog.c
@@ -473,8 +470,6 @@ set(
sha/sha1dgst.c
sha/sha256.c
sha/sha512.c
sha/sha_dgst.c
sha/sha_one.c
stack/stack.c
ts/ts_asn1.c
ts/ts_conf.c
@@ -599,6 +594,10 @@ if(NOT HAVE_STRNDUP)
endif()
endif()
if(NOT HAVE_TIMEGM)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timegm.c)
endif()
if(NOT HAVE_EXPLICIT_BZERO)
if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero_win.c)
@@ -638,4 +637,19 @@ if(NOT HAVE_TIMINGSAFE_MEMCMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c)
endif()
add_library(crypto ${CRYPTO_SRC})
if (BUILD_SHARED)
add_library(crypto-objects OBJECT ${CRYPTO_SRC})
add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>)
add_library(crypto-shared SHARED $<TARGET_OBJECTS:crypto-objects>)
if (MSVC)
target_link_libraries(crypto-shared crypto Ws2_32.lib)
endif()
set_target_properties(crypto-shared PROPERTIES OUTPUT_NAME crypto)
set_target_properties(crypto-shared PROPERTIES VERSION
${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
install(TARGETS crypto crypto-shared DESTINATION lib)
else()
add_library(crypto STATIC ${CRYPTO_SRC})
install(TARGETS crypto DESTINATION lib)
endif()

36
crypto/Makefile.am
View File

@@ -1,17 +1,25 @@
include $(top_srcdir)/Makefile.am.common
AM_CFLAGS += -I$(top_srcdir)/crypto/asn1
AM_CFLAGS += -I$(top_srcdir)/crypto/evp
AM_CFLAGS += -I$(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I$(top_srcdir)/crypto
lib_LTLIBRARIES = libcrypto.la
EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
# needed for a CMake target
EXTRA_DIST += compat/strcasecmp.c
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la
libcrypto_la_CPPFLAGS = -DLIBRESSL_INTERNAL
libcrypto_la_LIBADD = libcompat.la
if !HAVE_EXPLICIT_BZERO
libcrypto_la_LIBADD += libcompatnoopt.la
endif
libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS)
libcrypto_la_CPPFLAGS += -DLIBRESSL_INTERNAL
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_HW_PADLOCK
if OPENSSL_NO_ASM
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_ASM
@@ -27,13 +35,15 @@ else
libcrypto_la_CPPFLAGS += -DOPENSSLDIR=\"$(sysconfdir)/ssl\"
endif
noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
noinst_LTLIBRARIES = libcompat.la
# compatibility functions that need to be built without optimizations
if !HAVE_EXPLICIT_BZERO
noinst_LTLIBRARIES += libcompatnoopt.la
libcompatnoopt_la_CFLAGS = -O0
libcompatnoopt_la_SOURCES =
if !HAVE_EXPLICIT_BZERO
if HOST_WIN
libcompatnoopt_la_SOURCES += compat/explicit_bzero_win.c
else
@@ -69,6 +79,10 @@ if !HAVE_INET_PTON
libcompat_la_SOURCES += compat/inet_pton.c
endif
if !HAVE_TIMEGM
libcompat_la_SOURCES += compat/timegm.c
endif
if !HAVE_REALLOCARRAY
libcompat_la_SOURCES += compat/reallocarray.c
endif
@@ -115,6 +129,7 @@ libcrypto_la_SOURCES += mem_dbg.c
libcrypto_la_SOURCES += o_init.c
libcrypto_la_SOURCES += o_str.c
libcrypto_la_SOURCES += o_time.c
noinst_HEADERS += constant_time_locl.h
noinst_HEADERS += cryptlib.h
noinst_HEADERS += md32_common.h
noinst_HEADERS += o_time.h
@@ -137,7 +152,6 @@ libcrypto_la_SOURCES += asn1/a_d2i_fp.c
libcrypto_la_SOURCES += asn1/a_digest.c
libcrypto_la_SOURCES += asn1/a_dup.c
libcrypto_la_SOURCES += asn1/a_enum.c
libcrypto_la_SOURCES += asn1/a_gentm.c
libcrypto_la_SOURCES += asn1/a_i2d_fp.c
libcrypto_la_SOURCES += asn1/a_int.c
libcrypto_la_SOURCES += asn1/a_mbstr.c
@@ -149,8 +163,8 @@ libcrypto_la_SOURCES += asn1/a_sign.c
libcrypto_la_SOURCES += asn1/a_strex.c
libcrypto_la_SOURCES += asn1/a_strnid.c
libcrypto_la_SOURCES += asn1/a_time.c
libcrypto_la_SOURCES += asn1/a_time_tm.c
libcrypto_la_SOURCES += asn1/a_type.c
libcrypto_la_SOURCES += asn1/a_utctm.c
libcrypto_la_SOURCES += asn1/a_utf8.c
libcrypto_la_SOURCES += asn1/a_verify.c
libcrypto_la_SOURCES += asn1/ameth_lib.c
@@ -416,7 +430,6 @@ noinst_HEADERS += ec/ec_lcl.h
libcrypto_la_SOURCES += ecdh/ech_err.c
libcrypto_la_SOURCES += ecdh/ech_key.c
libcrypto_la_SOURCES += ecdh/ech_lib.c
libcrypto_la_SOURCES += ecdh/ech_ossl.c
noinst_HEADERS += ecdh/ech_locl.h
# ecdsa
@@ -499,7 +512,6 @@ libcrypto_la_SOURCES += evp/m_md4.c
libcrypto_la_SOURCES += evp/m_md5.c
libcrypto_la_SOURCES += evp/m_null.c
libcrypto_la_SOURCES += evp/m_ripemd.c
libcrypto_la_SOURCES += evp/m_sha.c
libcrypto_la_SOURCES += evp/m_sha1.c
libcrypto_la_SOURCES += evp/m_sigver.c
libcrypto_la_SOURCES += evp/m_streebog.c
@@ -693,8 +705,6 @@ libcrypto_la_SOURCES += sha/sha1_one.c
libcrypto_la_SOURCES += sha/sha1dgst.c
libcrypto_la_SOURCES += sha/sha256.c
libcrypto_la_SOURCES += sha/sha512.c
libcrypto_la_SOURCES += sha/sha_dgst.c
libcrypto_la_SOURCES += sha/sha_one.c
noinst_HEADERS += sha/sha_locl.h
# stack

1
crypto/Makefile.am.arc4random
View File

@@ -1,5 +1,6 @@
if !HAVE_ARC4RANDOM_BUF
libcompat_la_SOURCES += compat/arc4random.c
libcompat_la_SOURCES += compat/arc4random_uniform.c
if !HAVE_GETENTROPY
if HOST_AIX

15
crypto/compat/posix_win.c
View File

@@ -12,6 +12,7 @@
#include <ws2tcpip.h>
#include <errno.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -38,6 +39,20 @@ posix_fopen(const char *path, const char *mode)
return fopen(path, mode);
}
char *
posix_fgets(char *s, int size, FILE *stream)
{
char *ret = fgets(s, size, stream);
if (ret != NULL) {
size_t end = strlen(ret);
if (end >= 2 && ret[end - 2] == '\r' && ret[end - 1] == '\n') {
ret[end - 2] = '\n';
ret[end - 1] = '\0';
}
}
return ret;
}
int
posix_rename(const char *oldpath, const char *newpath)
{

220
crypto/compat/timegm.c Normal file
View File

@@ -0,0 +1,220 @@
/*
* ----------------------------------------------------------------------
* Copyright © 2005-2014 Rich Felker, et al.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
* ----------------------------------------------------------------------
*/
#include <errno.h>
#include <limits.h>
#include <time.h>
/* 2000-03-01 (mod 400 year, immediately after feb29 */
#define LEAPOCH (946684800LL + 86400*(31+29))
#define DAYS_PER_400Y (365*400 + 97)
#define DAYS_PER_100Y (365*100 + 24)
#define DAYS_PER_4Y (365*4 + 1)
static int __month_to_secs(int month, int is_leap)
{
static const int secs_through_month[] = {
0, 31*86400, 59*86400, 90*86400,
120*86400, 151*86400, 181*86400, 212*86400,
243*86400, 273*86400, 304*86400, 334*86400 };
int t = secs_through_month[month];
if (is_leap && month >= 2) t+=86400;
return t;
}
static long long __year_to_secs(long long year, int *is_leap)
{
if (year-2ULL <= 136) {
int y = year;
int leaps = (y-68)>>2;
if (!((y-68)&3)) {
leaps--;
if (is_leap) *is_leap = 1;
} else if (is_leap) *is_leap = 0;
return 31536000*(y-70) + 86400*leaps;
}
int cycles, centuries, leaps, rem;
if (!is_leap) is_leap = &(int){0};
cycles = (year-100) / 400;
rem = (year-100) % 400;
if (rem < 0) {
cycles--;
rem += 400;
}
if (!rem) {
*is_leap = 1;
centuries = 0;
leaps = 0;
} else {
if (rem >= 200) {
if (rem >= 300) centuries = 3, rem -= 300;
else centuries = 2, rem -= 200;
} else {
if (rem >= 100) centuries = 1, rem -= 100;
else centuries = 0;
}
if (!rem) {
*is_leap = 0;
leaps = 0;
} else {
leaps = rem / 4U;
rem %= 4U;
*is_leap = !rem;
}
}
leaps += 97*cycles + 24*centuries - *is_leap;
return (year-100) * 31536000LL + leaps * 86400LL + 946684800 + 86400;
}
static long long __tm_to_secs(const struct tm *tm)
{
int is_leap;
long long year = tm->tm_year;
int month = tm->tm_mon;
if (month >= 12 || month < 0) {
int adj = month / 12;
month %= 12;
if (month < 0) {
adj--;
month += 12;
}
year += adj;
}
long long t = __year_to_secs(year, &is_leap);
t += __month_to_secs(month, is_leap);
t += 86400LL * (tm->tm_mday-1);
t += 3600LL * tm->tm_hour;
t += 60LL * tm->tm_min;
t += tm->tm_sec;
return t;
}
static int __secs_to_tm(long long t, struct tm *tm)
{
long long days, secs;
int remdays, remsecs, remyears;
int qc_cycles, c_cycles, q_cycles;
int years, months;
int wday, yday, leap;
static const char days_in_month[] = {31,30,31,30,31,31,30,31,30,31,31,29};
/* Reject time_t values whose year would overflow int */
if (t < INT_MIN * 31622400LL || t > INT_MAX * 31622400LL)
return -1;
secs = t - LEAPOCH;
days = secs / 86400;
remsecs = secs % 86400;
if (remsecs < 0) {
remsecs += 86400;
days--;
}
wday = (3+days)%7;
if (wday < 0) wday += 7;
qc_cycles = days / DAYS_PER_400Y;
remdays = days % DAYS_PER_400Y;
if (remdays < 0) {
remdays += DAYS_PER_400Y;
qc_cycles--;
}
c_cycles = remdays / DAYS_PER_100Y;
if (c_cycles == 4) c_cycles--;
remdays -= c_cycles * DAYS_PER_100Y;
q_cycles = remdays / DAYS_PER_4Y;
if (q_cycles == 25) q_cycles--;
remdays -= q_cycles * DAYS_PER_4Y;
remyears = remdays / 365;
if (remyears == 4) remyears--;
remdays -= remyears * 365;
leap = !remyears && (q_cycles || !c_cycles);
yday = remdays + 31 + 28 + leap;
if (yday >= 365+leap) yday -= 365+leap;
years = remyears + 4*q_cycles + 100*c_cycles + 400*qc_cycles;
for (months=0; days_in_month[months] <= remdays; months++)
remdays -= days_in_month[months];
if (years+100 > INT_MAX || years+100 < INT_MIN)
return -1;
tm->tm_year = years + 100;
tm->tm_mon = months + 2;
if (tm->tm_mon >= 12) {
tm->tm_mon -=12;
tm->tm_year++;
}
tm->tm_mday = remdays + 1;
tm->tm_wday = wday;
tm->tm_yday = yday;
tm->tm_hour = remsecs / 3600;
tm->tm_min = remsecs / 60 % 60;
tm->tm_sec = remsecs % 60;
return 0;
}
#ifdef _WIN32
struct tm *__gmtime_r(const time_t *t, struct tm *tm)
{
if (__secs_to_tm(*t, tm) < 0) {
errno = EOVERFLOW;
return 0;
}
tm->tm_isdst = 0;
return tm;
}
#endif
time_t timegm(struct tm *tm)
{
struct tm new;
long long t = __tm_to_secs(tm);
if (__secs_to_tm(t, &new) < 0) {
errno = EOVERFLOW;
return -1;
}
#if SIZEOF_TIME_T != 8
if (t > (long long)INT_MAX || t < (long long)INT_MIN) {
errno = EOVERFLOW;
return -1;
}
#endif
*tm = new;
tm->tm_isdst = 0;
return t;
}

20
crypto/compat/ui_openssl_win.c
View File

@@ -286,7 +286,7 @@ error:
if (ps >= 1)
popsig();
OPENSSL_cleanse(result, BUFSIZ);
explicit_bzero(result, BUFSIZ);
return ok;
}
@@ -302,8 +302,12 @@ open_console(UI *ui)
tty_out = stderr;
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
if (handle != INVALID_HANDLE_VALUE)
if (handle != NULL && handle != INVALID_HANDLE_VALUE) {
if (GetFileType(handle) == FILE_TYPE_CHAR)
return GetConsoleMode(handle, &console_mode);
else
return 1;
}
return 0;
}
@@ -311,8 +315,12 @@ static int
noecho_console(UI *ui)
{
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
if (handle != INVALID_HANDLE_VALUE)
if (handle != NULL && handle != INVALID_HANDLE_VALUE) {
if (GetFileType(handle) == FILE_TYPE_CHAR)
return SetConsoleMode(handle, console_mode & ~ENABLE_ECHO_INPUT);
else
return 1;
}
return 0;
}
@@ -320,8 +328,12 @@ static int
echo_console(UI *ui)
{
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
if (handle != INVALID_HANDLE_VALUE)
if (handle != NULL && handle != INVALID_HANDLE_VALUE) {
if (GetFileType(handle) == FILE_TYPE_CHAR)
return SetConsoleMode(handle, console_mode);
else
return 1;
}
return 0;
}

13
dist-win.sh
View File

@@ -22,27 +22,18 @@ for ARCH in X86 X64; do
echo Building for $HOST
CC=$HOST-gcc ./configure --host=$HOST
CC=$HOST-gcc ./configure --host=$HOST --with-openssldir=c:/libressl/ssl
make clean
PATH=$PATH:/usr/$HOST/sys-root/mingw/bin \
make -j 4 check
make -j 4 install DESTDIR=`pwd`/stage-$ARCHDIR
mkdir -p $DIST/$ARCHDIR
#cp -a stage-$ARCHDIR/usr/local/lib/* $DIST/$ARCHDIR
if [ ! -e $DIST/include ]; then
cp -a stage-$ARCHDIR/usr/local/include $DIST
sed -i -e 'N;/\n.*__non/s/"\? *\n/ /;P;D' \
$DIST/include/openssl/*.h $DIST/include/*.h
sed -i -e 'N;/\n.*__attr/s/"\? *\n/ /;P;D' \
$DIST/include/openssl/*.h $DIST/include/*.h
sed -i -e "s/__attr.*;/;/" \
-e "s/sys\/time.h/winsock2.h/" \
$DIST/include/openssl/*.h $DIST/include/*.h
cp -r stage-$ARCHDIR/usr/local/include $DIST
fi
cp stage-$ARCHDIR/usr/local/bin/* $DIST/$ARCHDIR
#cp /usr/$HOST/sys-root/mingw/bin/libssp* $DIST/$ARCHDIR
for i in libcrypto libssl libtls; do
DLL=$(basename `ls -1 $DIST/$ARCHDIR/$i*.dll`|cut -d. -f1)

2
dist.sh
View File

@@ -1,7 +1,7 @@
#!/bin/sh
set -e
rm -f man/*.1 man/*.3
rm -f man/*.1 man/*.3 include/openssl/*.h
./autogen.sh
./configure
make distcheck

20
gen-openbsd-tags.sh Executable file
View File

@@ -0,0 +1,20 @@
#!/bin/sh
set -e
for tag in `git tag`; do
branch=master
if [[ $tag = v2.0* ]]; then
branch=OPENBSD_5_6
elif [[ $tag = v2.1* ]]; then
branch=OPENBSD_5_7
elif [[ $tag = v2.2* ]]; then
branch=OPENBSD_5_8
elif [[ $tag = v2.3* ]]; then
branch=OPENBSD_5_9
fi
# adjust for 9 hour timezone delta between trees
release_ts=$((`git show -s --format=%ct $tag|tail -n1` + 32400))
commit=`git -C openbsd rev-list -n 1 --before=$release_ts $branch`
git -C openbsd tag -f libressl-$tag $commit
echo Tagged $tag as $commit in openbsd
done

5
include/CMakeLists.txt Normal file
View File

@@ -0,0 +1,5 @@
install(DIRECTORY .
DESTINATION include
PATTERN "CMakeLists.txt" EXCLUDE
PATTERN "compat" EXCLUDE
PATTERN "Makefile.*" EXCLUDE)

8
include/Makefile.am
View File

@@ -1,13 +1,18 @@
include $(top_srcdir)/Makefile.am.common
EXTRA_DIST = CMakeLists.txt
SUBDIRS = openssl
noinst_HEADERS = pqueue.h
noinst_HEADERS += compat/dirent.h
noinst_HEADERS += compat/dirent_msvc.h
noinst_HEADERS += compat/err.h
noinst_HEADERS += compat/limits.h
noinst_HEADERS += compat/netdb.h
noinst_HEADERS += compat/poll.h
noinst_HEADERS += compat/readpassphrase.h
noinst_HEADERS += compat/resolv.h
noinst_HEADERS += compat/stdio.h
noinst_HEADERS += compat/stdlib.h
noinst_HEADERS += compat/string.h
@@ -21,6 +26,7 @@ noinst_HEADERS += compat/arpa/nameser.h
noinst_HEADERS += compat/machine/endian.h
noinst_HEADERS += compat/netinet/in.h
noinst_HEADERS += compat/netinet/ip.h
noinst_HEADERS += compat/netinet/tcp.h
noinst_HEADERS += compat/sys/cdefs.h
@@ -28,8 +34,8 @@ noinst_HEADERS += compat/sys/ioctl.h
noinst_HEADERS += compat/sys/mman.h
noinst_HEADERS += compat/sys/param.h
noinst_HEADERS += compat/sys/select.h
noinst_HEADERS += compat/sys/stat.h
noinst_HEADERS += compat/sys/socket.h
noinst_HEADERS += compat/sys/stat.h
noinst_HEADERS += compat/sys/time.h
noinst_HEADERS += compat/sys/types.h
noinst_HEADERS += compat/sys/uio.h

291
include/compat/dirent_msvc.h
View File

@@ -29,15 +29,24 @@
#include <windows.h>
#if _MSC_VER >= 1900
#include <../ucrt/stdio.h>
#include <../ucrt/wchar.h>
#include <../ucrt/string.h>
#include <../ucrt/stdlib.h>
#include <../ucrt/sys/types.h>
#include <../ucrt/errno.h>
#else
#include <../include/stdio.h>
#include <../include/stdarg.h>
#include <../include/wchar.h>
#include <../include/string.h>
#include <../include/stdlib.h>
#include <../include/malloc.h>
#include <../include/sys/types.h>
#include <sys/stat.h>
#include <../include/errno.h>
#endif
#include <stdarg.h>
#include <sys/stat.h>
/* Indicates that d_type field is available in dirent structure */
#define _DIRENT_HAVE_D_TYPE
@@ -45,11 +54,6 @@
/* Indicates that d_namlen field is available in dirent structure */
#define _DIRENT_HAVE_D_NAMLEN
/* Entries missing from MSVC 6.0 */
#if !defined(FILE_ATTRIBUTE_DEVICE)
# define FILE_ATTRIBUTE_DEVICE 0x40
#endif
/* Maximum length of file name */
#if !defined(PATH_MAX)
# define PATH_MAX MAX_PATH
@@ -62,16 +66,10 @@
#endif
/* Return the exact length of d_namlen without zero terminator */
#define _D_EXACT_NAMLEN(p) ((p)->d_namlen)
#define _D_EXACT_NAMLEN(p)((p)->d_namlen)
/* Return number of bytes needed to store d_namlen */
#define _D_ALLOC_NAMLEN(p) (PATH_MAX)
#ifdef __cplusplus
extern "C" {
#endif
#define _D_ALLOC_NAMLEN(p)(PATH_MAX)
/* Wide-character version */
struct _wdirent {
@@ -92,20 +90,10 @@ struct _WDIR {
};
typedef struct _WDIR _WDIR;
static _WDIR *_wopendir (const wchar_t *dirname);
static struct _wdirent *_wreaddir (_WDIR *dirp);
static int _wclosedir (_WDIR *dirp);
static void _wrewinddir (_WDIR* dirp);
/* For compatibility with Symbian */
#define wdirent _wdirent
#define WDIR _WDIR
#define wopendir _wopendir
#define wreaddir _wreaddir
#define wclosedir _wclosedir
#define wrewinddir _wrewinddir
static _WDIR *_wopendir(const wchar_t *dirname);
static struct _wdirent *_wreaddir(_WDIR *dirp);
static int _wclosedir(_WDIR *dirp);
static void _wrewinddir(_WDIR* dirp);
/* Multi-byte character versions */
struct dirent {
@@ -123,15 +111,14 @@ struct DIR {
};
typedef struct DIR DIR;
static DIR *opendir (const char *dirname);
static struct dirent *readdir (DIR *dirp);
static int closedir (DIR *dirp);
static void rewinddir (DIR* dirp);
static DIR *opendir(const char *dirname);
static struct dirent *readdir(DIR *dirp);
static int closedir(DIR *dirp);
static void rewinddir(DIR* dirp);
/* Internal utility functions */
static WIN32_FIND_DATAW *dirent_first (_WDIR *dirp);
static WIN32_FIND_DATAW *dirent_next (_WDIR *dirp);
static WIN32_FIND_DATAW *dirent_first(_WDIR *dirp);
static WIN32_FIND_DATAW *dirent_next(_WDIR *dirp);
static int dirent_mbstowcs_s(
size_t *pReturnValue,
@@ -147,28 +134,25 @@ static int dirent_wcstombs_s(
const wchar_t *wcstr,
size_t count);
static void dirent_set_errno (int error);
/*
* Open directory stream DIRNAME for read and return a pointer to the
* internal working area that is used to retrieve individual directory
* entries.
*/
static _WDIR*
_wopendir(
const wchar_t *dirname)
_wopendir(const wchar_t *dirname)
{
_WDIR *dirp = NULL;
int error;
/* Must have directory name */
if (dirname == NULL || dirname[0] == '\0') {
dirent_set_errno (ENOENT);
_set_errno(ENOENT);
return NULL;
}
/* Allocate new _WDIR structure */
dirp = (_WDIR*) malloc (sizeof (struct _WDIR));
dirp =(_WDIR*) malloc(sizeof(struct _WDIR));
if (dirp != NULL) {
DWORD n;
@@ -178,10 +162,10 @@ _wopendir(
dirp->cached = 0;
/* Compute the length of full path plus zero terminator */
n = GetFullPathNameW (dirname, 0, NULL, NULL);
n = GetFullPathNameW(dirname, 0, NULL, NULL);
/* Allocate room for absolute directory name and search pattern */
dirp->patt = (wchar_t*) malloc (sizeof (wchar_t) * n + 16);
dirp->patt =(wchar_t*) malloc(sizeof(wchar_t) * n + 16);
if (dirp->patt) {
/*
@@ -189,14 +173,14 @@ _wopendir(
* allows rewinddir() to function correctly even when current
* working directory is changed between opendir() and rewinddir().
*/
n = GetFullPathNameW (dirname, n, dirp->patt, NULL);
n = GetFullPathNameW(dirname, n, dirp->patt, NULL);
if (n > 0) {
wchar_t *p;
/* Append search pattern \* to the directory name */
p = dirp->patt + n;
if (dirp->patt < p) {
switch (p[-1]) {
switch(p[-1]) {
case '\\':
case '/':
case ':':
@@ -213,18 +197,18 @@ _wopendir(
*p = '\0';
/* Open directory stream and retrieve the first entry */
if (dirent_first (dirp)) {
if (dirent_first(dirp)) {
/* Directory stream opened successfully */
error = 0;
} else {
/* Cannot retrieve first entry */
error = 1;
dirent_set_errno (ENOENT);
_set_errno(ENOENT);
}
} else {
/* Cannot retrieve full path name */
dirent_set_errno (ENOENT);
_set_errno(ENOENT);
error = 1;
}
@@ -240,7 +224,7 @@ _wopendir(
/* Clean up in case of error */
if (error && dirp) {
_wclosedir (dirp);
_wclosedir(dirp);
dirp = NULL;
}
@@ -254,14 +238,13 @@ _wopendir(
* "." and ".." as well as volume labels, hidden files and system files.
*/
static struct _wdirent*
_wreaddir(
_WDIR *dirp)
_wreaddir(_WDIR *dirp)
{
WIN32_FIND_DATAW *datap;
struct _wdirent *entp;
/* Read next directory entry */
datap = dirent_next (dirp);
datap = dirent_next(dirp);
if (datap) {
size_t n;
DWORD attr;
@@ -275,7 +258,7 @@ _wreaddir(
* to PATH_MAX characters and zero-terminate the buffer.
*/
n = 0;
while (n + 1 < PATH_MAX && datap->cFileName[n] != 0) {
while(n + 1 < PATH_MAX && datap->cFileName[n] != 0) {
entp->d_name[n] = datap->cFileName[n];
n++;
}
@@ -296,7 +279,7 @@ _wreaddir(
/* Reset dummy fields */
entp->d_ino = 0;
entp->d_reclen = sizeof (struct _wdirent);
entp->d_reclen = sizeof(struct _wdirent);
} else {
@@ -314,31 +297,30 @@ _wreaddir(
* _wreaddir().
*/
static int
_wclosedir(
_WDIR *dirp)
_wclosedir(_WDIR *dirp)
{
int ok;
if (dirp) {
/* Release search handle */
if (dirp->handle != INVALID_HANDLE_VALUE) {
FindClose (dirp->handle);
FindClose(dirp->handle);
dirp->handle = INVALID_HANDLE_VALUE;
}
/* Release search pattern */
if (dirp->patt) {
free (dirp->patt);
free(dirp->patt);
dirp->patt = NULL;
}
/* Release directory structure */
free (dirp);
free(dirp);
ok = /*success*/0;
} else {
/* Invalid directory stream */
dirent_set_errno (EBADF);
_set_errno(EBADF);
ok = /*failure*/-1;
}
return ok;
@@ -349,29 +331,27 @@ _wclosedir(
* file name again.
*/
static void
_wrewinddir(
_WDIR* dirp)
_wrewinddir(_WDIR* dirp)
{
if (dirp) {
/* Release existing search handle */
if (dirp->handle != INVALID_HANDLE_VALUE) {
FindClose (dirp->handle);
FindClose(dirp->handle);
}
/* Open new search handle */
dirent_first (dirp);
dirent_first(dirp);
}
}
/* Get first directory entry (internal) */
/* Get first directory entry(internal) */
static WIN32_FIND_DATAW*
dirent_first(
_WDIR *dirp)
dirent_first(_WDIR *dirp)
{
WIN32_FIND_DATAW *datap;
/* Open directory and retrieve the first entry */
dirp->handle = FindFirstFileW (dirp->patt, &dirp->data);
dirp->handle = FindFirstFileW(dirp->patt, &dirp->data);
if (dirp->handle != INVALID_HANDLE_VALUE) {
/* a directory entry is now waiting in memory */
@@ -388,10 +368,9 @@ dirent_first(
return datap;
}
/* Get next directory entry (internal) */
/* Get next directory entry(internal) */
static WIN32_FIND_DATAW*
dirent_next(
_WDIR *dirp)
dirent_next(_WDIR *dirp)
{
WIN32_FIND_DATAW *p;
@@ -405,12 +384,12 @@ dirent_next(
} else if (dirp->handle != INVALID_HANDLE_VALUE) {
/* Get the next directory entry from stream */
if (FindNextFileW (dirp->handle, &dirp->data) != FALSE) {
if (FindNextFileW(dirp->handle, &dirp->data) != FALSE) {
/* Got a file */
p = &dirp->data;
} else {
/* The very last entry has been processed or an error occured */
FindClose (dirp->handle);
FindClose(dirp->handle);
dirp->handle = INVALID_HANDLE_VALUE;
p = NULL;
}
@@ -429,30 +408,29 @@ dirent_next(
* Open directory stream using plain old C-string.
*/
static DIR*
opendir(
const char *dirname)
opendir(const char *dirname)
{
struct DIR *dirp;
int error;
/* Must have directory name */
if (dirname == NULL || dirname[0] == '\0') {
dirent_set_errno (ENOENT);
_set_errno(ENOENT);
return NULL;
}
/* Allocate memory for DIR structure */
dirp = (DIR*) malloc (sizeof (struct DIR));
dirp =(DIR*) malloc(sizeof(struct DIR));
if (dirp) {
wchar_t wname[PATH_MAX];
size_t n;
/* Convert directory name to wide-character string */
error = dirent_mbstowcs_s (&n, wname, PATH_MAX, dirname, PATH_MAX);
error = dirent_mbstowcs_s(&n, wname, PATH_MAX, dirname, PATH_MAX);
if (!error) {
/* Open directory stream using wide-character name */
dirp->wdirp = _wopendir (wname);
dirp->wdirp = _wopendir(wname);
if (dirp->wdirp) {
/* Directory stream opened */
error = 0;
@@ -478,7 +456,7 @@ opendir(
/* Clean up in case of error */
if (error && dirp) {
free (dirp);
free(dirp);
dirp = NULL;
}
@@ -492,21 +470,20 @@ opendir(
* readdir() are represented in the default ANSI code page while any output to
* console is typically formatted on another code page. Thus, non-ASCII
* characters in file names will not usually display correctly on console. The
* problem can be fixed in two ways: (1) change the character set of console
* to 1252 using chcp utility and use Lucida Console font, or (2) use
* problem can be fixed in two ways:(1) change the character set of console
* to 1252 using chcp utility and use Lucida Console font, or(2) use
* _cprintf function when writing to console. The _cprinf() will re-encode
* ANSI strings to the console code page so many non-ASCII characters will
* display correcly.
*/
static struct dirent*
readdir(
DIR *dirp)
readdir(DIR *dirp)
{
WIN32_FIND_DATAW *datap;
struct dirent *entp;
/* Read next directory entry */
datap = dirent_next (dirp->wdirp);
datap = dirent_next(dirp->wdirp);
if (datap) {
size_t n;
int error;
@@ -552,7 +529,7 @@ readdir(
/* Reset dummy fields */
entp->d_ino = 0;
entp->d_reclen = sizeof (struct dirent);
entp->d_reclen = sizeof(struct dirent);
} else {
/*
@@ -582,23 +559,22 @@ readdir(
* Close directory stream.
*/
static int
closedir(
DIR *dirp)
closedir(DIR *dirp)
{
int ok;
if (dirp) {
/* Close wide-character directory stream */
ok = _wclosedir (dirp->wdirp);
ok = _wclosedir(dirp->wdirp);
dirp->wdirp = NULL;
/* Release multi-byte character version */
free (dirp);
free(dirp);
} else {
/* Invalid directory stream */
dirent_set_errno (EBADF);
_set_errno(EBADF);
ok = /*failure*/-1;
}
@@ -609,140 +585,27 @@ closedir(
* Rewind directory stream to beginning.
*/
static void
rewinddir(
DIR* dirp)
rewinddir(DIR* dirp)
{
/* Rewind wide-character string directory stream */
_wrewinddir (dirp->wdirp);
_wrewinddir(dirp->wdirp);
}
/* Convert multi-byte string to wide character string */
static int
dirent_mbstowcs_s(
size_t *pReturnValue,
wchar_t *wcstr,
size_t sizeInWords,
const char *mbstr,
size_t count)
dirent_mbstowcs_s(size_t *pReturnValue, wchar_t *wcstr,
size_t sizeInWords, const char *mbstr, size_t count)
{
int error;
#if defined(_MSC_VER) && _MSC_VER >= 1400
/* Microsoft Visual Studio 2005 or later */
error = mbstowcs_s (pReturnValue, wcstr, sizeInWords, mbstr, count);
#else
/* Older Visual Studio or non-Microsoft compiler */
size_t n;
/* Convert to wide-character string (or count characters) */
n = mbstowcs (wcstr, mbstr, sizeInWords);
if (!wcstr || n < count) {
/* Zero-terminate output buffer */
if (wcstr && sizeInWords) {
if (n >= sizeInWords) {
n = sizeInWords - 1;
}
wcstr[n] = 0;
}
/* Length of resuting multi-byte string WITH zero terminator */
if (pReturnValue) {
*pReturnValue = n + 1;
}
/* Success */
error = 0;
} else {
/* Could not convert string */
error = 1;
}
#endif
return error;
return mbstowcs_s(pReturnValue, wcstr, sizeInWords, mbstr, count);
}
/* Convert wide-character string to multi-byte string */
static int
dirent_wcstombs_s(
size_t *pReturnValue,
char *mbstr,
dirent_wcstombs_s(size_t *pReturnValue, char *mbstr,
size_t sizeInBytes, /* max size of mbstr */
const wchar_t *wcstr,
size_t count)
const wchar_t *wcstr, size_t count)
{
int error;
#if defined(_MSC_VER) && _MSC_VER >= 1400
/* Microsoft Visual Studio 2005 or later */
error = wcstombs_s (pReturnValue, mbstr, sizeInBytes, wcstr, count);
#else
/* Older Visual Studio or non-Microsoft compiler */
size_t n;
/* Convert to multi-byte string (or count the number of bytes needed) */
n = wcstombs (mbstr, wcstr, sizeInBytes);
if (!mbstr || n < count) {
/* Zero-terminate output buffer */
if (mbstr && sizeInBytes) {
if (n >= sizeInBytes) {
n = sizeInBytes - 1;
}
mbstr[n] = '\0';
}
/* Lenght of resulting multi-bytes string WITH zero-terminator */
if (pReturnValue) {
*pReturnValue = n + 1;
}
/* Success */
error = 0;
} else {
/* Cannot convert string */
error = 1;
}
#endif
return error;
return wcstombs_s(pReturnValue, mbstr, sizeInBytes, wcstr, count);
}
/* Set errno variable */
static void
dirent_set_errno(
int error)
{
#if defined(_MSC_VER) && _MSC_VER >= 1400
/* Microsoft Visual Studio 2005 and later */
_set_errno (error);
#else
/* Non-Microsoft compiler or older Microsoft compiler */
errno = error;
#endif
}
#ifdef __cplusplus
}
#endif
#endif /*DIRENT_H*/

62
include/compat/err.h
View File

@@ -13,20 +13,66 @@
#define LIBCRYPTOCOMPAT_ERR_H
#include <errno.h>
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#define err(exitcode, format, ...) \
errx(exitcode, format ": %s", ## __VA_ARGS__, strerror(errno))
static inline void
err(int eval, const char *fmt, ...)
{
int sverrno = errno;
va_list ap;
#define errx(exitcode, format, ...) \
do { warnx(format, ## __VA_ARGS__); exit(exitcode); } while (0)
va_start(ap, fmt);
if (fmt != NULL) {
vfprintf(stderr, fmt, ap);
fprintf(stderr, ": ");
}
fprintf(stderr, "%s\n", strerror(sverrno));
exit(eval);
va_end(ap);
}
#define warn(format, ...) \
warnx(format ": %s", ## __VA_ARGS__, strerror(errno))
static inline void
errx(int eval, const char *fmt, ...)
{
va_list ap;
#define warnx(format, ...) \
fprintf(stderr, format "\n", ## __VA_ARGS__)
va_start(ap, fmt);
if (fmt != NULL)
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
exit(eval);
va_end(ap);
}
static inline void
warn(const char *fmt, ...)
{
int sverrno = errno;
va_list ap;
va_start(ap, fmt);
if (fmt != NULL) {
vfprintf(stderr, fmt, ap);
fprintf(stderr, ": ");
}
fprintf(stderr, "%s\n", strerror(sverrno));
va_end(ap);
}
static inline void
warnx(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
if (fmt != NULL)
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
va_end(ap);
}
#endif

17
include/compat/limits.h Normal file
View File

@@ -0,0 +1,17 @@
/*
* Public domain
* limits.h compatibility shim
*/
#ifdef _MSC_VER
#include <../include/limits.h>
#else
#include_next <limits.h>
#endif
#ifdef __hpux
#include <sys/param.h>
#ifndef PATH_MAX
#define PATH_MAX MAXPATHLEN
#endif
#endif

47
include/compat/netinet/ip.h Normal file
View File

@@ -0,0 +1,47 @@
/*
* Public domain
* netinet/ip.h compatibility shim
*/
#if defined(__hpux)
#include <netinet/in_systm.h>
#endif
#ifndef _WIN32
#include_next <netinet/ip.h>
#else
#include <win32netcompat.h>
#endif
/*
* Definitions for DiffServ Codepoints as per RFC2474
*/
#ifndef IPTOS_DSCP_CS0
#define IPTOS_DSCP_CS0 0x00
#define IPTOS_DSCP_CS1 0x20
#define IPTOS_DSCP_CS2 0x40
#define IPTOS_DSCP_CS3 0x60
#define IPTOS_DSCP_CS4 0x80
#define IPTOS_DSCP_CS5 0xa0
#define IPTOS_DSCP_CS6 0xc0
#define IPTOS_DSCP_CS7 0xe0
#endif
#ifndef IPTOS_DSCP_AF11
#define IPTOS_DSCP_AF11 0x28
#define IPTOS_DSCP_AF12 0x30
#define IPTOS_DSCP_AF13 0x38
#define IPTOS_DSCP_AF21 0x48
#define IPTOS_DSCP_AF22 0x50
#define IPTOS_DSCP_AF23 0x58
#define IPTOS_DSCP_AF31 0x68
#define IPTOS_DSCP_AF32 0x70
#define IPTOS_DSCP_AF33 0x78
#define IPTOS_DSCP_AF41 0x88
#define IPTOS_DSCP_AF42 0x90
#define IPTOS_DSCP_AF43 0x98
#endif
#ifndef IPTOS_DSCP_EF
#define IPTOS_DSCP_EF 0xb8
#endif

44
include/compat/readpassphrase.h Normal file
View File

@@ -0,0 +1,44 @@
/* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */
/*
* Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
#ifdef HAVE_READPASSPHRASE_H
#include_next <readpassphrase.h>
#else
#ifndef _READPASSPHRASE_H_
#define _READPASSPHRASE_H_
#define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */
#define RPP_ECHO_ON 0x01 /* Leave echo on. */
#define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */
#define RPP_FORCELOWER 0x04 /* Force input to lower case. */
#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */
#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */
#define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */
char * readpassphrase(const char *, char *, size_t, int);
#endif /* !_READPASSPHRASE_H_ */
#endif

24
include/compat/resolv.h Normal file
View File

@@ -0,0 +1,24 @@
/*
* Public domain
* resolv.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_RESOLV_H
#define LIBCRYPTOCOMPAT_RESOLV_H
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/resolv.h>
#else
#include <../include/resolv.h>
#endif
#else
#include_next <resolv.h>
#endif
#ifndef HAVE_B64_NTOP
int b64_ntop(unsigned char const *, size_t, char *, size_t);
int b64_pton(char const *, unsigned char *, size_t);
#endif
#endif

8
include/compat/stdio.h
View File

@@ -7,7 +7,13 @@
#define LIBCRYPTOCOMPAT_STDIO_H
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/stdlib.h>
#include <../ucrt/corecrt_io.h>
#include <../ucrt/stdio.h>
#else
#include <../include/stdio.h>
#endif
#else
#include_next <stdio.h>
#endif
@@ -22,11 +28,13 @@ int asprintf(char **str, const char *fmt, ...);
void posix_perror(const char *s);
FILE * posix_fopen(const char *path, const char *mode);
char * posix_fgets(char *s, int size, FILE *stream);
int posix_rename(const char *oldpath, const char *newpath);
#ifndef NO_REDEF_POSIX_FUNCTIONS
#define perror(errnum) posix_perror(errnum)
#define fopen(path, mode) posix_fopen(path, mode)
#define fgets(s, size, stream) posix_fgets(s, size, stream)
#define rename(oldpath, newpath) posix_rename(oldpath, newpath)
#endif

5
include/compat/stdlib.h
View File

@@ -4,7 +4,11 @@
*/
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/stdlib.h>
#else
#include <../include/stdlib.h>
#endif
#else
#include_next <stdlib.h>
#endif
@@ -18,6 +22,7 @@
#ifndef HAVE_ARC4RANDOM_BUF
uint32_t arc4random(void);
void arc4random_buf(void *_buf, size_t n);
uint32_t arc4random_uniform(uint32_t upper_bound);
#endif
#ifndef HAVE_REALLOCARRAY

9
include/compat/string.h
View File

@@ -7,16 +7,21 @@
#define LIBCRYPTOCOMPAT_STRING_H
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/string.h>
#else
#include <../include/string.h>
#endif
#else
#include_next <string.h>
#endif
#include <sys/types.h>
#if defined(__sun) || defined(__hpux)
#if defined(__sun) || defined(_AIX) || defined(__hpux)
/* Some functions historically defined in string.h were placed in strings.h by
* SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris and HPUX.
* SUS. Use the same hack as OS X and FreeBSD use to work around on AIX,
* Solaris, and HPUX.
*/
#include <strings.h>
#endif

4
include/compat/sys/stat.h
View File

@@ -11,7 +11,11 @@
#else
#include <windows.h>
#if _MSC_VER >= 1900
#include <../ucrt/sys/stat.h>
#else
#include <../include/sys/stat.h>
#endif
/* File type and permission flags for stat() */
#if !defined(S_IFMT)

4
include/compat/sys/types.h
View File

@@ -4,7 +4,11 @@
*/
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/sys/types.h>
#else
#include <../include/sys/types.h>
#endif
#else
#include_next <sys/types.h>
#endif

14
include/compat/time.h
View File

@@ -4,8 +4,20 @@
*/
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/time.h>
#else
#include <../include/time.h>
#define gmtime_r(tp, tm) ((gmtime_s((tm), (tp)) == 0) ? (tm) : NULL)
#endif
#else
#include_next <time.h>
#endif
#ifdef _WIN32
struct tm *__gmtime_r(const time_t * t, struct tm * tm);
#define gmtime_r(tp, tm) __gmtime_r(tp, tm)
#endif
#ifndef HAVE_TIMEGM
time_t timegm(struct tm *tm);
#endif

9
include/compat/unistd.h
View File

@@ -27,6 +27,15 @@ unsigned int sleep(unsigned int seconds);
#ifndef HAVE_GETENTROPY
int getentropy(void *buf, size_t buflen);
#else
/*
* Solaris 11.3 adds getentropy(2), but defines the function in sys/random.h
*/
#if defined(__sun)
#include <sys/random.h>
#endif
#endif
#define pledge(request, paths) 0
#endif

15
include/compat/win32netcompat.h
View File

@@ -11,14 +11,19 @@
#ifdef _WIN32
#include <ws2tcpip.h>
#define SHUT_RDWR SD_BOTH
#define SHUT_RD SD_RECEIVE
#define SHUT_WR SD_SEND
#include <errno.h>
#include <unistd.h>
#ifndef SHUT_RDWR
#define SHUT_RDWR SD_BOTH
#endif
#ifndef SHUT_RD
#define SHUT_RD SD_RECEIVE
#endif
#ifndef SHUT_WR
#define SHUT_WR SD_SEND
#endif
int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
int posix_close(int fd);

2
libcrypto.pc.in
View File

@@ -7,7 +7,7 @@ includedir=@includedir@
Name: LibreSSL-libssl
Description: Secure Sockets Layer and cryptography libraries
Version: @LIBCRYPTO_VERSION@
Version: @VERSION@
Requires:
Conflicts:
Libs: -L${libdir} -lcrypto

2
libssl.pc.in
View File

@@ -7,7 +7,7 @@ includedir=@includedir@
Name: LibreSSL-libssl
Description: Secure Sockets Layer and cryptography libraries
Version: @LIBSSL_VERSION@
Version: @VERSION@
Requires:
Requires.private: libcrypto
Conflicts:

9
libtls-standalone/include/string.h
View File

@@ -7,16 +7,21 @@
#define LIBCRYPTOCOMPAT_STRING_H
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/string.h>
#else
#include <../include/string.h>
#endif
#else
#include_next <string.h>
#endif
#include <sys/types.h>
#if defined(__sun) || defined(__hpux)
#if defined(__sun) || defined(_AIX) || defined(__hpux)
/* Some functions historically defined in string.h were placed in strings.h by
* SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris and HPUX.
* SUS. Use the same hack as OS X and FreeBSD use to work around on AIX,
* Solaris, and HPUX.
*/
#include <strings.h>
#endif

6
libtls-standalone/tests/test.c
View File

@@ -5,7 +5,7 @@ int main()
{
struct tls *tls;
struct tls_config *tls_config;
size_t written, read;
ssize_t written, read;
char buf[4096];
if (tls_init() != 0) {
@@ -31,10 +31,10 @@ int main()
if (tls_connect(tls, "google.com", "443") != 0)
goto err;
if (tls_write(tls, "GET /\r\n", 7, &written) != 0)
if ((written = tls_write(tls, "GET /\r\n", 7)) < 0)
goto err;
if (tls_read(tls, buf, sizeof(buf), &read) != 0)
if ((read = tls_read(tls, buf, sizeof(buf))) < 0)
goto err;
buf[read - 1] = '\0';

2
libtls.pc.in
View File

@@ -7,7 +7,7 @@ includedir=@includedir@
Name: LibreSSL-libtls
Description: Secure communications using the TLS socket protocol.
Version: @LIBTLS_VERSION@
Version: @VERSION@
Requires:
Requires.private: libcrypto libssl
Conflicts:

52
m4/check-libc.m4
View File

@@ -1,11 +1,14 @@
AC_DEFUN([CHECK_LIBC_COMPAT], [
# Check for libc headers
AC_CHECK_HEADERS([err.h readpassphrase.h])
# Check for general libc functions
AC_CHECK_FUNCS([asprintf inet_pton memmem poll reallocarray])
AC_CHECK_FUNCS([asprintf inet_pton memmem readpassphrase reallocarray])
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
AC_CHECK_FUNCS([timegm _mkgmtime])
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
AM_CONDITIONAL([HAVE_INET_PTON], [test "x$ac_cv_func_inet_pton" = xyes])
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes])
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
@@ -13,13 +16,42 @@ AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
AM_CONDITIONAL([HAVE_TIMEGM], [test "x$ac_cv_func_timegm" = xyes])
])
AC_DEFUN([CHECK_LIBC_CRYPTO_COMPAT], [
# Check crypto-related libc functions
AC_CHECK_FUNCS([arc4random_buf explicit_bzero getauxval getentropy])
AC_DEFUN([CHECK_SYSCALL_COMPAT], [
AC_CHECK_FUNCS([accept4 pledge poll])
AM_CONDITIONAL([HAVE_ACCEPT4], [test "x$ac_cv_func_accept4" = xyes])
AM_CONDITIONAL([HAVE_PLEDGE], [test "x$ac_cv_func_pledge" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
])
AC_DEFUN([CHECK_B64_NTOP], [
AC_SEARCH_LIBS([b64_ntop],[resolv])
AC_SEARCH_LIBS([__b64_ntop],[resolv])
AC_CACHE_CHECK([for b64_ntop], ac_cv_have_b64_ntop_arg, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <resolv.h>
]], [[ b64_ntop(NULL, 0, NULL, 0); ]])],
[ ac_cv_have_b64_ntop_arg="yes" ],
[ ac_cv_have_b64_ntop_arg="no"
])
])
AM_CONDITIONAL([HAVE_B64_NTOP], [test "x$ac_cv_func_b64_ntop_arg" = xyes])
])
AC_DEFUN([CHECK_CRYPTO_COMPAT], [
# Check crypto-related libc functions and syscalls
AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform])
AC_CHECK_FUNCS([explicit_bzero getauxval getentropy])
AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes])
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
AM_CONDITIONAL([HAVE_ARC4RANDOM_UNIFORM], [test "x$ac_cv_func_arc4random_uniform" = xyes])
AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
@@ -27,15 +59,15 @@ AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp"
# Override arc4random_buf implementations with known issues
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
[test "x$HOST_OS" != xdarwin \
-a "x$HOST_OS" != xfreebsd \
-a "x$HOST_OS" != xnetbsd \
[test "x$USE_BUILTIN_ARC4RANDOM" != xyes \
-a "x$ac_cv_func_arc4random_buf" = xyes])
# Check for getentropy fallback dependencies
AC_CHECK_FUNC([getauxval])
AC_CHECK_FUNC([clock_gettime],, [AC_SEARCH_LIBS([clock_gettime],[rt posix4])])
AC_CHECK_FUNC([dl_iterate_phdr],, [AC_SEARCH_LIBS([dl_iterate_phdr],[dl])])
AC_SEARCH_LIBS([clock_gettime],[rt posix4])
AC_CHECK_FUNC([clock_gettime])
AC_SEARCH_LIBS([dl_iterate_phdr],[dl])
AC_CHECK_FUNC([dl_iterate_phdr])
])
AC_DEFUN([CHECK_VA_COPY], [

27
m4/check-os-options.m4
View File

@@ -1,7 +1,7 @@
# This must be called before AC_PROG_CC
AC_DEFUN([CHECK_OS_OPTIONS], [
CFLAGS="$CFLAGS -Wall -std=gnu99 -fno-strict-aliasing"
BUILD_NC=yes
case $host_os in
*aix*)
@@ -17,10 +17,17 @@ case $host_os in
*darwin*)
HOST_OS=darwin
HOST_ABI=macosx
# weak seed on failure to open /dev/random, based on latest
# public source:
# http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c
USE_BUILTIN_ARC4RANDOM=yes
;;
*freebsd*)
HOST_OS=freebsd
HOST_ABI=elf
# fork detection missing, weak seed on failure
# https://svnweb.freebsd.org/base/head/lib/libc/gen/arc4random.c?revision=268642&view=markup
USE_BUILTIN_ARC4RANDOM=yes
AC_SUBST([PROG_LDADD], ['-lthr'])
;;
*hpux*)
@@ -40,14 +47,26 @@ case $host_os in
;;
*netbsd*)
HOST_OS=netbsd
HOST_ABI=elf
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/param.h>
#if __NetBSD_Version__ < 700000001
undefined
#endif
]], [[]])],
[ USE_BUILTIN_ARC4RANDOM=no ],
[ USE_BUILTIN_ARC4RANDOM=yes ]
)
CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
;;
*openbsd* | *bitrig*)
HOST_OS=openbsd
HOST_ABI=elf
AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
;;
*mingw*)
HOST_OS=win
BUILD_NC=no
CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501"
@@ -65,6 +84,11 @@ case $host_os in
*) ;;
esac
AC_ARG_ENABLE([nc],
AS_HELP_STRING([--enable-nc], [Enable installing TLS-enabled nc(1)]))
AM_CONDITIONAL([ENABLE_NC], [test "x$enable_nc" = xyes])
AM_CONDITIONAL([BUILD_NC], [test x$BUILD_NC = xyes -o "x$enable_nc" = xyes])
AM_CONDITIONAL([HOST_AIX], [test x$HOST_OS = xaix])
AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin])
AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin])
@@ -72,6 +96,7 @@ AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
AM_CONDITIONAL([HOST_HPUX], [test x$HOST_OS = xhpux])
AM_CONDITIONAL([HOST_LINUX], [test x$HOST_OS = xlinux])
AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd])
AM_CONDITIONAL([HOST_OPENBSD], [test x$HOST_OS = xopenbsd])
AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
AM_CONDITIONAL([HOST_WIN], [test x$HOST_OS = xwin])
])

9
man/CMakeLists.txt Normal file
View File

@@ -0,0 +1,9 @@
install(DIRECTORY .
DESTINATION share/man/man3
FILES_MATCHING PATTERN "*.3"
)
install(DIRECTORY .
DESTINATION share/man/man1
FILES_MATCHING PATTERN "*.1"
)

222
man/links
View File

@@ -230,6 +230,8 @@ CRYPTO_set_locking_callback.3,CRYPTO_THREADID_current.3
CRYPTO_set_locking_callback.3,CRYPTO_THREADID_get_callback.3
CRYPTO_set_locking_callback.3,CRYPTO_THREADID_hash.3
CRYPTO_set_locking_callback.3,CRYPTO_THREADID_set_callback.3
CRYPTO_set_locking_callback.3,CRYPTO_THREADID_set_numeric.3
CRYPTO_set_locking_callback.3,CRYPTO_THREADID_set_pointer.3
CRYPTO_set_locking_callback.3,CRYPTO_add.3
CRYPTO_set_locking_callback.3,CRYPTO_add_lock.3
CRYPTO_set_locking_callback.3,CRYPTO_destroy_dynlockid.3
@@ -301,6 +303,24 @@ DSA_set_method.3,DSA_set_default_method.3
DSA_set_method.3,DSA_set_default_openssl_method.3
DSA_sign.3,DSA_sign_setup.3
DSA_sign.3,DSA_verify.3
ECDSA_SIG_new.3,ECDSA_OpenSSL.3
ECDSA_SIG_new.3,ECDSA_SIG_free.3
ECDSA_SIG_new.3,ECDSA_do_sign.3
ECDSA_SIG_new.3,ECDSA_do_sign_ex.3
ECDSA_SIG_new.3,ECDSA_do_verify.3
ECDSA_SIG_new.3,ECDSA_get_default_method.3
ECDSA_SIG_new.3,ECDSA_get_ex_data.3
ECDSA_SIG_new.3,ECDSA_get_ex_new_index.3
ECDSA_SIG_new.3,ECDSA_set_default_method.3
ECDSA_SIG_new.3,ECDSA_set_ex_data.3
ECDSA_SIG_new.3,ECDSA_set_method.3
ECDSA_SIG_new.3,ECDSA_sign.3
ECDSA_SIG_new.3,ECDSA_sign_ex.3
ECDSA_SIG_new.3,ECDSA_sign_setup.3
ECDSA_SIG_new.3,ECDSA_size.3
ECDSA_SIG_new.3,ECDSA_verify.3
ECDSA_SIG_new.3,d2i_ECDSA_SIG.3
ECDSA_SIG_new.3,i2d_ECDSA_SIG.3
EC_GFp_simple_method.3,EC_GF2m_simple_method.3
EC_GFp_simple_method.3,EC_GFp_mont_method.3
EC_GFp_simple_method.3,EC_GFp_nist_method.3
@@ -418,6 +438,17 @@ ERR_print_errors.3,ERR_print_errors_fp.3
ERR_put_error.3,ERR_add_error_data.3
ERR_remove_state.3,ERR_remove_thread_state.3
ERR_set_mark.3,ERR_pop_to_mark.3
EVP_AEAD_CTX_init.3,EVP_AEAD_CTX_cleanup.3
EVP_AEAD_CTX_init.3,EVP_AEAD_CTX_open.3
EVP_AEAD_CTX_init.3,EVP_AEAD_CTX_seal.3
EVP_AEAD_CTX_init.3,EVP_AEAD_key_length.3
EVP_AEAD_CTX_init.3,EVP_AEAD_max_overhead.3
EVP_AEAD_CTX_init.3,EVP_AEAD_max_tag_len.3
EVP_AEAD_CTX_init.3,EVP_AEAD_nonce_length.3
EVP_AEAD_CTX_init.3,EVP_aead_aes_128_gcm.3
EVP_AEAD_CTX_init.3,EVP_aead_aes_256_gcm.3
EVP_AEAD_CTX_init.3,EVP_aead_chacha20_poly1305.3
EVP_AEAD_CTX_init.3,EVP_aead_chacha20_poly1305_ietf.3
EVP_DigestInit.3,EVP_DigestFinal.3
EVP_DigestInit.3,EVP_DigestFinal_ex.3
EVP_DigestInit.3,EVP_DigestInit_ex.3
@@ -446,7 +477,6 @@ EVP_DigestInit.3,EVP_md2.3
EVP_DigestInit.3,EVP_md5.3
EVP_DigestInit.3,EVP_md_null.3
EVP_DigestInit.3,EVP_ripemd160.3
EVP_DigestInit.3,EVP_sha.3
EVP_DigestInit.3,EVP_sha1.3
EVP_DigestInit.3,EVP_sha224.3
EVP_DigestInit.3,EVP_sha256.3
@@ -553,7 +583,6 @@ EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_rsa_padding.3
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_rsa_pss_saltlen.3
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_signature_md.3
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_ctrl_str.3
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_get_default_digest_nid.3
EVP_PKEY_CTX_new.3,EVP_PKEY_CTX_dup.3
EVP_PKEY_CTX_new.3,EVP_PKEY_CTX_free.3
@@ -566,7 +595,6 @@ EVP_PKEY_derive.3,EVP_PKEY_derive_init.3
EVP_PKEY_derive.3,EVP_PKEY_derive_set_peer.3
EVP_PKEY_encrypt.3,EVP_PKEY_encrypt_init.3
EVP_PKEY_get_default_digest.3,EVP_PKEY_get_default_digest_nid.3
EVP_PKEY_keygen.3,EVP_PKEVP_PKEY_CTX_set_app_data.3
EVP_PKEY_keygen.3,EVP_PKEY_CTX_get_app_data.3
EVP_PKEY_keygen.3,EVP_PKEY_CTX_get_cb.3
EVP_PKEY_keygen.3,EVP_PKEY_CTX_get_keygen_info.3
@@ -737,7 +765,6 @@ RSA_print.3,DSAparams_print_fp.3
RSA_print.3,RSA_print_fp.3
RSA_private_encrypt.3,RSA_public_decrypt.3
RSA_public_encrypt.3,RSA_private_decrypt.3
RSA_set_method.3,RSA_PKCS1_RSAref.3
RSA_set_method.3,RSA_PKCS1_SSLeay.3
RSA_set_method.3,RSA_flags.3
RSA_set_method.3,RSA_get_default_method.3
@@ -797,7 +824,6 @@ SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_get_get_cb.3
SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_get_new_cb.3
SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_get_remove_cb.3
SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_set_new_cb.3
SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_set_remove.3
SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_set_remove_cb.3
SSL_CTX_sess_set_get_cb.3,get_session_cb.3
SSL_CTX_sess_set_get_cb.3,new_session_cb.3
@@ -823,7 +849,6 @@ SSL_CTX_set_mode.3,SSL_CTX_get_mode.3
SSL_CTX_set_mode.3,SSL_get_mode.3
SSL_CTX_set_mode.3,SSL_set_mode.3
SSL_CTX_set_msg_callback.3,SSL_CTX_set_msg_callback_arg.3
SSL_CTX_set_msg_callback.3,SSL_get_msg_callback_arg.3
SSL_CTX_set_msg_callback.3,SSL_set_msg_callback.3
SSL_CTX_set_msg_callback.3,SSL_set_msg_callback_arg.3
SSL_CTX_set_options.3,SSL_CTX_clear_options.3
@@ -907,7 +932,6 @@ SSL_get_session.3,SSL_get1_session.3
SSL_library_init.3,OpenSSL_add_ssl_algorithms.3
SSL_library_init.3,SSLeay_add_ssl_algorithms.3
SSL_rstate_string.3,SSL_rstate_string_long.3
SSL_set_connect_state.3,SSL_get_accept_state.3
SSL_set_connect_state.3,SSL_set_accept_state.3
SSL_set_fd.3,SSL_set_rfd.3
SSL_set_fd.3,SSL_set_wfd.3
@@ -917,6 +941,30 @@ SSL_want.3,SSL_want_nothing.3
SSL_want.3,SSL_want_read.3
SSL_want.3,SSL_want_write.3
SSL_want.3,SSL_want_x509_lookup.3
UI_new.3,ERR_load_UI_strings.3
UI_new.3,UI_OpenSSL.3
UI_new.3,UI_add_error_string.3
UI_new.3,UI_add_info_string.3
UI_new.3,UI_add_input_boolean.3
UI_new.3,UI_add_input_string.3
UI_new.3,UI_add_user_data.3
UI_new.3,UI_add_verify_string.3
UI_new.3,UI_construct_prompt.3
UI_new.3,UI_ctrl.3
UI_new.3,UI_dup_error_string.3
UI_new.3,UI_dup_info_string.3
UI_new.3,UI_dup_input_boolean.3
UI_new.3,UI_dup_input_string.3
UI_new.3,UI_dup_verify_string.3
UI_new.3,UI_free.3
UI_new.3,UI_get0_result.3
UI_new.3,UI_get0_user_data.3
UI_new.3,UI_get_default_method.3
UI_new.3,UI_get_method.3
UI_new.3,UI_new_method.3
UI_new.3,UI_process.3
UI_new.3,UI_set_default_method.3
UI_new.3,UI_set_method.3
X509_NAME_ENTRY_get_object.3,X509_NAME_ENTRY_create_by_NID.3
X509_NAME_ENTRY_get_object.3,X509_NAME_ENTRY_create_by_OBJ.3
X509_NAME_ENTRY_get_object.3,X509_NAME_ENTRY_create_by_txt.3
@@ -963,38 +1011,37 @@ X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set_purpose.3
X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set_time.3
X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set_trust.3
X509_new.3,X509_free.3
bn_internal.3,bn_add_words.3
bn_internal.3,bn_check_top.3
bn_internal.3,bn_cmp_words.3
bn_internal.3,bn_div_words.3
bn_internal.3,bn_dump.3
bn_internal.3,bn_expand.3
bn_internal.3,bn_expand2.3
bn_internal.3,bn_fix_top.3
bn_internal.3,bn_mul_add_words.3
bn_internal.3,bn_mul_comba4.3
bn_internal.3,bn_mul_comba8.3
bn_internal.3,bn_mul_high.3
bn_internal.3,bn_mul_low_normal.3
bn_internal.3,bn_mul_low_recursive.3
bn_internal.3,bn_mul_normal.3
bn_internal.3,bn_mul_part_recursive.3
bn_internal.3,bn_mul_recursive.3
bn_internal.3,bn_mul_words.3
bn_internal.3,bn_print.3
bn_internal.3,bn_set_high.3
bn_internal.3,bn_set_low.3
bn_internal.3,bn_set_max.3
bn_internal.3,bn_sqr_comba4.3
bn_internal.3,bn_sqr_comba8.3
bn_internal.3,bn_sqr_normal.3
bn_internal.3,bn_sqr_recursive.3
bn_internal.3,bn_sqr_words.3
bn_internal.3,bn_sub_words.3
bn_internal.3,bn_wexpand.3
bn_internal.3,mul.3
bn_internal.3,mul_add.3
bn_internal.3,sqr.3
bn_dump.3,bn_add_words.3
bn_dump.3,bn_check_top.3
bn_dump.3,bn_cmp_words.3
bn_dump.3,bn_div_words.3
bn_dump.3,bn_expand.3
bn_dump.3,bn_expand2.3
bn_dump.3,bn_fix_top.3
bn_dump.3,bn_mul_add_words.3
bn_dump.3,bn_mul_comba4.3
bn_dump.3,bn_mul_comba8.3
bn_dump.3,bn_mul_high.3
bn_dump.3,bn_mul_low_normal.3
bn_dump.3,bn_mul_low_recursive.3
bn_dump.3,bn_mul_normal.3
bn_dump.3,bn_mul_part_recursive.3
bn_dump.3,bn_mul_recursive.3
bn_dump.3,bn_mul_words.3
bn_dump.3,bn_print.3
bn_dump.3,bn_set_high.3
bn_dump.3,bn_set_low.3
bn_dump.3,bn_set_max.3
bn_dump.3,bn_sqr_comba4.3
bn_dump.3,bn_sqr_comba8.3
bn_dump.3,bn_sqr_normal.3
bn_dump.3,bn_sqr_recursive.3
bn_dump.3,bn_sqr_words.3
bn_dump.3,bn_sub_words.3
bn_dump.3,bn_wexpand.3
bn_dump.3,mul.3
bn_dump.3,mul_add.3
bn_dump.3,sqr.3
crypto.3,crypto_dispatch.3
crypto.3,crypto_done.3
crypto.3,crypto_freereq.3
@@ -1022,12 +1069,11 @@ d2i_ECPKParameters.3,d2i_ECPKParameters_fp.3
d2i_ECPKParameters.3,i2d_ECPKParameters.3
d2i_ECPKParameters.3,i2d_ECPKParameters_bio.3
d2i_ECPKParameters.3,i2d_ECPKParameters_fp.3
d2i_PKCS8PrivateKey.3,d2i_PKCS8PrivateKey_bio.3
d2i_PKCS8PrivateKey.3,d2i_PKCS8PrivateKey_fp.3
d2i_PKCS8PrivateKey.3,i2d_PKCS8PrivateKey_bio.3
d2i_PKCS8PrivateKey.3,i2d_PKCS8PrivateKey_fp.3
d2i_PKCS8PrivateKey.3,i2d_PKCS8PrivateKey_nid_bio.3
d2i_PKCS8PrivateKey.3,i2d_PKCS8PrivateKey_nid_fp.3
d2i_PKCS8PrivateKey_bio.3,d2i_PKCS8PrivateKey_fp.3
d2i_PKCS8PrivateKey_bio.3,i2d_PKCS8PrivateKey_bio.3
d2i_PKCS8PrivateKey_bio.3,i2d_PKCS8PrivateKey_fp.3
d2i_PKCS8PrivateKey_bio.3,i2d_PKCS8PrivateKey_nid_bio.3
d2i_PKCS8PrivateKey_bio.3,i2d_PKCS8PrivateKey_nid_fp.3
d2i_RSAPublicKey.3,d2i_Netscape_RSA.3
d2i_RSAPublicKey.3,d2i_RSAPrivateKey.3
d2i_RSAPublicKey.3,d2i_RSA_PUBKEY.3
@@ -1054,25 +1100,9 @@ d2i_X509_REQ.3,i2d_X509_REQ.3
d2i_X509_REQ.3,i2d_X509_REQ_bio.3
d2i_X509_REQ.3,i2d_X509_REQ_fp.3
d2i_X509_SIG.3,i2d_X509_SIG.3
ecdsa.3,ECDSA_OpenSSL.3
ecdsa.3,ECDSA_SIG_free.3
ecdsa.3,ECDSA_SIG_new.3
ecdsa.3,ECDSA_do_sign.3
ecdsa.3,ECDSA_do_sign_ex.3
ecdsa.3,ECDSA_do_verify.3
ecdsa.3,ECDSA_get_default_method.3
ecdsa.3,ECDSA_get_ex_data.3
ecdsa.3,ECDSA_get_ex_new_index.3
ecdsa.3,ECDSA_set_default_method.3
ecdsa.3,ECDSA_set_ex_data.3
ecdsa.3,ECDSA_set_method.3
ecdsa.3,ECDSA_sign.3
ecdsa.3,ECDSA_sign_ex.3
ecdsa.3,ECDSA_sign_setup.3
ecdsa.3,ECDSA_size.3
ecdsa.3,ECDSA_verify.3
ecdsa.3,d2i_ECDSA_SIG.3
ecdsa.3,i2d_ECDSA_SIG.3
des_read_pw.3,des_read_2passwords.3
des_read_pw.3,des_read_password.3
des_read_pw.3,des_read_pw_string.3
engine.3,ENGINE_add.3
engine.3,ENGINE_by_id.3
engine.3,ENGINE_finish.3
@@ -1083,19 +1113,23 @@ engine.3,ENGINE_get_prev.3
engine.3,ENGINE_init.3
engine.3,ENGINE_load_builtin_engines.3
engine.3,ENGINE_remove.3
lh_new.3,DECLARE_LHASH_OF.3
lh_new.3,LHASH_COMP_FN_TYPE.3
lh_new.3,LHASH_DOALL_ARG_FN_TYPE.3
lh_new.3,LHASH_DOALL_FN_TYPE.3
lh_new.3,LHASH_HASH_FN_TYPE.3
lh_new.3,lh_delete.3
lh_new.3,lh_doall.3
lh_new.3,lh_doall_arg.3
lh_new.3,lh_error.3
lh_new.3,lh_free.3
lh_new.3,lh_insert.3
lh_new.3,lh_retrieve.3
lh_stats.3,lh_node_stats.3
lh_stats.3,lh_node_stats_bio.3
lh_stats.3,lh_node_usage_stats.3
lh_stats.3,lh_node_usage_stats_bio.3
lh_stats.3,lh_stats_bio.3
lhash.3,lh_delete.3
lhash.3,lh_doall.3
lhash.3,lh_doall_arg.3
lhash.3,lh_error.3
lhash.3,lh_free.3
lhash.3,lh_insert.3
lhash.3,lh_new.3
lhash.3,lh_retrieve.3
tls_init.3,tls_accept_fds.3
tls_init.3,tls_accept_socket.3
tls_init.3,tls_client.3
@@ -1104,8 +1138,11 @@ tls_init.3,tls_config_clear_keys.3
tls_init.3,tls_config_free.3
tls_init.3,tls_config_insecure_noverifycert.3
tls_init.3,tls_config_insecure_noverifyname.3
tls_init.3,tls_config_insecure_noverifytime.3
tls_init.3,tls_config_new.3
tls_init.3,tls_config_parse_protocols.3
tls_init.3,tls_config_prefer_ciphers_client.3
tls_init.3,tls_config_prefer_ciphers_server.3
tls_init.3,tls_config_set_ca_file.3
tls_init.3,tls_config_set_ca_mem.3
tls_init.3,tls_config_set_ca_path.3
@@ -1119,44 +1156,27 @@ tls_init.3,tls_config_set_key_mem.3
tls_init.3,tls_config_set_protocols.3
tls_init.3,tls_config_set_verify_depth.3
tls_init.3,tls_config_verify.3
tls_init.3,tls_config_verify_client.3
tls_init.3,tls_config_verify_client_optional.3
tls_init.3,tls_configure.3
tls_init.3,tls_conn_cipher.3
tls_init.3,tls_conn_version.3
tls_init.3,tls_connect.3
tls_init.3,tls_connect_fds.3
tls_init.3,tls_connect_servername.3
tls_init.3,tls_connect_socket.3
tls_init.3,tls_error.3
tls_init.3,tls_free.3
tls_init.3,tls_handshake.3
tls_init.3,tls_load_file.3
tls_init.3,tls_peer_cert_contains_name.3
tls_init.3,tls_peer_cert_hash.3
tls_init.3,tls_peer_cert_issuer.3
tls_init.3,tls_peer_cert_notafter.3
tls_init.3,tls_peer_cert_notbefore.3
tls_init.3,tls_peer_cert_provided.3
tls_init.3,tls_peer_cert_subject.3
tls_init.3,tls_read.3
tls_init.3,tls_reset.3
tls_init.3,tls_server.3
tls_init.3,tls_write.3
ui.3,ERR_load_UI_strings.3
ui.3,UI_OpenSSL.3
ui.3,UI_add_error_string.3
ui.3,UI_add_info_string.3
ui.3,UI_add_input_boolean.3
ui.3,UI_add_input_string.3
ui.3,UI_add_user_data.3
ui.3,UI_add_verify_string.3
ui.3,UI_construct_prompt.3
ui.3,UI_ctrl.3
ui.3,UI_dup_error_string.3
ui.3,UI_dup_info_string.3
ui.3,UI_dup_input_boolean.3
ui.3,UI_dup_input_string.3
ui.3,UI_dup_verify_string.3
ui.3,UI_free.3
ui.3,UI_get0_result.3
ui.3,UI_get0_user_data.3
ui.3,UI_get_default_method.3
ui.3,UI_get_method.3
ui.3,UI_new.3
ui.3,UI_new_method.3
ui.3,UI_process.3
ui.3,UI_set_default_method.3
ui.3,UI_set_method.3
ui_compat.3,des_read_2passwords.3
ui_compat.3,des_read_password.3
ui_compat.3,des_read_pw.3
ui_compat.3,des_read_pw_string.3

4
man/update_links.sh
View File

@@ -3,7 +3,7 @@
# Run this periodically to ensure that the manpage links are up to date
echo "# This is an auto-generated file by $0" > links
sudo makewhatis
doas makewhatis
for i in `ls -1 *.3`; do
name=`echo $i|cut -d. -f1`
links=`sqlite3 /usr/share/man/mandoc.db \
@@ -11,7 +11,7 @@ for i in `ls -1 *.3`; do
for j in $links; do
a=`echo "x$j" | tr '[:upper:]' '[:lower:]'`
b=`echo "x$name" | tr '[:upper:]' '[:lower:]'`
if [ $a != $b ]; then
if [[ $a != $b && $a != *"<type>"* ]]; then
echo $name.3,$j.3 >> links
fi
done

15
patches/arc4random.c.patch
View File

@@ -1,15 +0,0 @@
--- crypto/compat/arc4random.c.orig 2015-07-20 07:41:17.000000000 -0600
+++ crypto/compat/arc4random.c 2015-07-20 07:41:58.000000000 -0600
@@ -36,8 +36,11 @@
#define KEYSTREAM_ONLY
#include "chacha_private.h"
+#ifndef min
#define min(a, b) ((a) < (b) ? (a) : (b))
-#ifdef __GNUC__
+#endif
+
+#if defined(__GNUC__) || defined(_MSC_VER)
#define inline __inline
#else /* !__GNUC__ */
#define inline

21
patches/modes_lcl.h Normal file
View File

@@ -0,0 +1,21 @@
--- openbsd/src/lib/libssl/src/crypto/modes/modes_lcl.h Sat Dec 6 17:15:50 2014
+++ crypto/modes/modes_lcl.h Sun Jul 17 17:45:27 2016
@@ -43,14 +43,16 @@
asm ("bswapl %0" \
: "+r"(ret)); ret; })
# elif (defined(__arm__) || defined(__arm)) && !defined(__STRICT_ALIGNMENT)
-# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
+# if (__ARM_ARCH >= 6)
+# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
asm ("rev %0,%0; rev %1,%1" \
: "+r"(hi),"+r"(lo)); \
(u64)hi<<32|lo; })
-# define BSWAP4(x) ({ u32 ret; \
+# define BSWAP4(x) ({ u32 ret; \
asm ("rev %0,%1" \
: "=r"(ret) : "r"((u32)(x))); \
ret; })
+# endif
# endif
#endif
#endif

185
patches/netcat.c.patch Normal file
View File

@@ -0,0 +1,185 @@
--- apps/nc/netcat.c.orig Mon Dec 28 08:46:10 2015
+++ apps/nc/netcat.c Mon Dec 28 08:46:19 2015
@@ -57,6 +57,10 @@
#include <tls.h>
#include "atomicio.h"
+#ifndef IPV6_TCLASS
+#define IPV6_TCLASS -1
+#endif
+
#define PORT_MAX 65535
#define UNIX_DG_TMP_SOCKET_SIZE 19
@@ -65,7 +69,9 @@
#define POLL_NETIN 2
#define POLL_STDOUT 3
#define BUFSIZE 16384
+#ifndef DEFAULT_CA_FILE
#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
+#endif
#define TLS_LEGACY (1 << 1)
#define TLS_NOVERIFY (1 << 2)
@@ -92,9 +98,13 @@
int Dflag; /* sodebug */
int Iflag; /* TCP receive buffer size */
int Oflag; /* TCP send buffer size */
+#ifdef TCP_MD5SIG
int Sflag; /* TCP MD5 signature option */
+#endif
int Tflag = -1; /* IP Type of Service */
+#ifdef SO_RTABLE
int rtableid = -1;
+#endif
int usetls; /* use TLS */
char *Cflag; /* Public cert file */
@@ -150,7 +160,7 @@
struct servent *sv;
socklen_t len;
struct sockaddr_storage cliaddr;
- char *proxy;
+ char *proxy = NULL;
const char *errstr, *proxyhost = "", *proxyport = NULL;
struct addrinfo proxyhints;
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
@@ -251,12 +261,14 @@
case 'u':
uflag = 1;
break;
+#ifdef SO_RTABLE
case 'V':
rtableid = (int)strtonum(optarg, 0,
RT_TABLEID_MAX, &errstr);
if (errstr)
errx(1, "rtable %s: %s", errstr, optarg);
break;
+#endif
case 'v':
vflag = 1;
break;
@@ -289,9 +301,11 @@
errx(1, "TCP send window %s: %s",
errstr, optarg);
break;
+#ifdef TCP_MD5SIG
case 'S':
Sflag = 1;
break;
+#endif
case 'T':
errstr = NULL;
errno = 0;
@@ -315,9 +329,11 @@
argc -= optind;
argv += optind;
+#ifdef SO_RTABLE
if (rtableid >= 0)
if (setrtable(rtableid) == -1)
err(1, "setrtable");
+#endif
if (family == AF_UNIX) {
if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
@@ -460,7 +476,10 @@
errx(1, "-H and -T noverify may not be used"
"together");
tls_config_insecure_noverifycert(tls_cfg);
- }
+ } else {
+ if (Rflag && access(Rflag, R_OK) == -1)
+ errx(1, "unable to find root CA file %s", Rflag);
+ }
}
if (lflag) {
struct tls *tls_cctx = NULL;
@@ -807,7 +826,10 @@
remote_connect(const char *host, const char *port, struct addrinfo hints)
{
struct addrinfo *res, *res0;
- int s, error, on = 1;
+ int s, error;
+#ifdef SO_BINDANY
+ int on = 1;
+#endif
if ((error = getaddrinfo(host, port, &hints, &res)))
errx(1, "getaddrinfo: %s", gai_strerror(error));
@@ -822,8 +844,10 @@
if (sflag || pflag) {
struct addrinfo ahints, *ares;
+#ifdef SO_BINDANY
/* try SO_BINDANY, but don't insist */
setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
+#endif
memset(&ahints, 0, sizeof(struct addrinfo));
ahints.ai_family = res0->ai_family;
ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
@@ -892,7 +916,10 @@
local_listen(char *host, char *port, struct addrinfo hints)
{
struct addrinfo *res, *res0;
- int s, ret, x = 1;
+ int s;
+#ifdef SO_REUSEPORT
+ int ret, x = 1;
+#endif
int error;
/* Allow nodename to be null. */
@@ -914,9 +941,11 @@
res0->ai_protocol)) < 0)
continue;
+#ifdef SO_REUSEPORT
ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
if (ret == -1)
err(1, NULL);
+#endif
set_common_sockopts(s, res0->ai_family);
@@ -1356,11 +1385,13 @@
{
int x = 1;
+#ifdef TCP_MD5SIG
if (Sflag) {
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
&x, sizeof(x)) == -1)
err(1, NULL);
}
+#endif
if (Dflag) {
if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
&x, sizeof(x)) == -1)
@@ -1538,14 +1569,22 @@
\t-P proxyuser\tUsername for proxy authentication\n\
\t-p port\t Specify local port for remote connects\n\
\t-R CAfile CA bundle\n\
- \t-r Randomize remote ports\n\
- \t-S Enable the TCP MD5 signature option\n\
+ \t-r Randomize remote ports\n"
+#ifdef TCP_MD5SIG
+ "\
+ \t-S Enable the TCP MD5 signature option\n"
+#endif
+ "\
\t-s source Local source address\n\
\t-T keyword TOS value or TLS options\n\
\t-t Answer TELNET negotiation\n\
\t-U Use UNIX domain socket\n\
- \t-u UDP mode\n\
- \t-V rtable Specify alternate routing table\n\
+ \t-u UDP mode\n"
+#ifdef SO_RTABLE
+ "\
+ \t-V rtable Specify alternate routing table\n"
+#endif
+ "\
\t-v Verbose\n\
\t-w timeout Timeout for connects and final net reads\n\
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\

36
patches/openssl.c.patch
View File

@@ -1,26 +1,6 @@
--- apps/openssl.c.orig 2015-07-20 02:01:42.000000000 -0600
+++ apps/openssl.c 2015-07-20 02:02:00.000000000 -0600
@@ -130,6 +130,19 @@
#include <openssl/engine.h>
#endif
+#ifdef _WIN32
+#include <io.h>
+#include <fcntl.h>
+static void set_stdio_binary(void)
+{
+ _setmode(_fileno(stdin), _O_BINARY);
+ _setmode(_fileno(stdout), _O_BINARY);
+ _setmode(_fileno(stderr), _O_BINARY);
+}
+#else
+static void set_stdio_binary(void) {};
+#endif
+
#include "progs.h"
#include "s_apps.h"
@@ -204,7 +216,9 @@
--- apps/openssl/openssl.c.orig Sun Sep 13 09:11:31 2015
+++ apps/openssl/openssl.c Sun Sep 13 09:10:02 2015
@@ -399,7 +399,9 @@
static void
openssl_startup(void)
{
@@ -28,13 +8,5 @@
signal(SIGPIPE, SIG_IGN);
+#endif
CRYPTO_malloc_init();
OpenSSL_add_all_algorithms();
@@ -216,6 +230,7 @@
#endif
setup_ui_method();
+ set_stdio_binary();
}
static void
SSL_library_init();

13
patches/opensslconf.h.patch
View File

@@ -1,13 +0,0 @@
--- include/openssl/opensslconf.h.orig 2015-07-19 23:21:47.000000000 -0600
+++ include/openssl/opensslconf.h 2015-07-19 23:21:17.000000000 -0600
@@ -1,6 +1,10 @@
#include <openssl/opensslfeatures.h>
/* crypto/opensslconf.h.in */
+#if defined(_MSC_VER) && !defined(__attribute__)
+#define __attribute__(a)
+#endif
+
/* Generate 80386 code? */
#undef I386_ONLY

25
patches/ossl_typ.h.patch
View File

@@ -1,25 +0,0 @@
--- include/openssl/ossl_typ.h.orig 2015-07-06 13:21:18.788571423 -0700
+++ include/openssl/ossl_typ.h 2015-07-06 13:24:14.906468003 -0700
@@ -100,6 +100,22 @@
typedef struct ASN1_ITEM_st ASN1_ITEM;
typedef struct asn1_pctx_st ASN1_PCTX;
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef X509_NAME
+#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#undef PKCS7_ISSUER_AND_SERIAL
+#endif
+
#ifdef BIGNUM
#undef BIGNUM
#endif

21
patches/pkcs7.h.patch
View File

@@ -1,21 +0,0 @@
--- include/openssl/pkcs7.h.orig 2015-07-06 13:26:27.369203527 -0700
+++ include/openssl/pkcs7.h 2015-07-06 13:27:37.637051967 -0700
@@ -69,6 +69,18 @@
extern "C" {
#endif
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef PKCS7_ISSUER_AND_SERIAL
+#undef PKCS7_SIGNER_INFO
+#endif
+
/*
Encryption_ID DES-CBC
Digest_ID MD5

82
patches/rfc5280.c.patch Normal file
View File

@@ -0,0 +1,82 @@
--- tests/rfc5280time.c.orig Mon Nov 2 20:00:31 2015
+++ tests/rfc5280time.c Mon Nov 2 20:03:12 2015
@@ -91,6 +91,7 @@
.data = "20150923032700Z",
.time = 1442978820,
},
+#if SIZEOF_TIME_T == 8
{
/* (times before 2050 must be UTCTIME) Per RFC 5280 4.1.2.5 */
.str = "00000101000000Z",
@@ -103,6 +104,7 @@
.data = "20491231235959Z",
.time = 2524607999LL,
},
+#endif
{
/* (times before 2050 must be UTCTIME) Per RFC 5280 4.1.2.5 */
.str = "19500101000000Z",
@@ -112,6 +114,7 @@
};
struct rfc5280_time_test rfc5280_gentime_tests[] = {
+#if SIZEOF_TIME_T == 8
{
/* Biggest RFC 5280 time */
.str = "99991231235959Z",
@@ -129,6 +132,7 @@
.data = "20500101000000Z",
.time = 2524608000LL,
},
+#endif
};
struct rfc5280_time_test rfc5280_utctime_tests[] = {
{
@@ -141,11 +145,13 @@
.data = "540226230640Z",
.time = -500000000,
},
+#if SIZEOF_TIME_T == 8
{
.str = "491231235959Z",
.data = "491231235959Z",
.time = 2524607999LL,
},
+#endif
{
.str = "700101000000Z",
.data = "700101000000Z",
@@ -273,14 +279,14 @@
if ((i = X509_cmp_time(gt, &att->time)) != -1) {
fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
- test_no, i, att->time);
+ test_no, i, (long long)att->time);
goto done;
}
att->time--;
if ((i = X509_cmp_time(gt, &att->time)) != 1) {
fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
- test_no, i, att->time);
+ test_no, i, (long long)att->time);
goto done;
}
att->time++;
@@ -325,14 +331,14 @@
if ((i = X509_cmp_time(ut, &att->time)) != -1) {
fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
- test_no, i, att->time);
+ test_no, i, (long long)att->time);
goto done;
}
att->time--;
if ((i = X509_cmp_time(ut, &att->time)) != 1) {
fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
- test_no, i, att->time);
+ test_no, i, (long long)att->time);
goto done;
}
att->time++;

19
patches/ssl_txt.c.patch Normal file
View File

@@ -0,0 +1,19 @@
--- ssl/ssl_txt.orig Sun Jul 17 17:26:59 2016
+++ ssl/ssl_txt.c Sun Jul 17 17:35:44 2016
@@ -82,6 +82,7 @@
* OTHERWISE.
*/
+#include <inttypes.h>
#include <stdio.h>
#include <openssl/buffer.h>
@@ -163,7 +164,7 @@
}
if (x->time != 0) {
- if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
+ if (BIO_printf(bp, "\n Start Time: %"PRId64, (int64_t)x->time) <= 0)
goto err;
}
if (x->timeout != 0L) {

12
patches/tls_internal.h.patch Normal file
View File

@@ -0,0 +1,12 @@
--- ./openbsd/src/lib/libtls/tls_internal.h Thu Oct 15 16:12:24 2015
+++ ./tls/tls_internal.h Sun Dec 6 20:18:17 2015
@@ -24,7 +24,9 @@
#include <openssl/ssl.h>
+#ifndef _PATH_SSL_CA_FILE
#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
+#endif
#define TLS_CIPHERS_COMPAT "ALL:!aNULL:!eNULL"
#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"

100
patches/windows_headers.patch Normal file
View File

@@ -0,0 +1,100 @@
diff -u include/openssl.orig/dtls1.h include/openssl/dtls1.h
--- include/openssl.orig/dtls1.h Mon Dec 7 07:58:32 2015
+++ include/openssl/dtls1.h Mon Dec 7 07:56:14 2015
@@ -60,7 +60,11 @@
#ifndef HEADER_DTLS1_H
#define HEADER_DTLS1_H
+#if defined(_WIN32)
+#include <winsock2.h>
+#else
#include <sys/time.h>
+#endif
#include <stdio.h>
#include <stdlib.h>
diff -u include/openssl.orig/opensslconf.h include/openssl/opensslconf.h
--- include/openssl.orig/opensslconf.h Mon Dec 7 07:58:32 2015
+++ include/openssl/opensslconf.h Mon Dec 7 07:56:14 2015
@@ -1,6 +1,10 @@
#include <openssl/opensslfeatures.h>
/* crypto/opensslconf.h.in */
+#if defined(_MSC_VER) && !defined(__attribute__)
+#define __attribute__(a)
+#endif
+
/* Generate 80386 code? */
#undef I386_ONLY
diff -u include/openssl.orig/ossl_typ.h include/openssl/ossl_typ.h
--- include/openssl.orig/ossl_typ.h Mon Dec 7 07:58:32 2015
+++ include/openssl/ossl_typ.h Mon Dec 7 07:56:14 2015
@@ -80,6 +80,22 @@
typedef struct ASN1_ITEM_st ASN1_ITEM;
typedef struct asn1_pctx_st ASN1_PCTX;
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef X509_NAME
+#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#undef PKCS7_ISSUER_AND_SERIAL
+#endif
+
#ifdef BIGNUM
#undef BIGNUM
#endif
diff -u include/openssl.orig/pkcs7.h include/openssl/pkcs7.h
--- include/openssl.orig/pkcs7.h Mon Dec 7 07:58:32 2015
+++ include/openssl/pkcs7.h Mon Dec 7 07:56:14 2015
@@ -69,6 +69,18 @@
extern "C" {
#endif
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef PKCS7_ISSUER_AND_SERIAL
+#undef PKCS7_SIGNER_INFO
+#endif
+
/*
Encryption_ID DES-CBC
Digest_ID MD5
diff -u include/openssl.orig/x509.h include/openssl/x509.h
--- include/openssl.orig/x509.h Mon Dec 7 07:58:32 2015
+++ include/openssl/x509.h Mon Dec 7 07:56:14 2015
@@ -112,6 +112,19 @@
extern "C" {
#endif
+#if defined(_WIN32)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef X509_NAME
+#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
+#endif
+
#define X509_FILETYPE_PEM 1
#define X509_FILETYPE_ASN1 2
#define X509_FILETYPE_DEFAULT 3

22
patches/x509.h.patch
View File

@@ -1,22 +0,0 @@
--- include/openssl/x509.h.orig 2015-07-06 13:15:15.059306046 -0700
+++ include/openssl/x509.h 2015-07-06 13:16:10.506118278 -0700
@@ -112,6 +112,19 @@
extern "C" {
#endif
+#if defined(_WIN32)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef X509_NAME
+#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
+#endif
+
#define X509_FILETYPE_PEM 1
#define X509_FILETYPE_ASN1 2
#define X509_FILETYPE_DEFAULT 3

1447
scripts/config.guess vendored Normal file
View File

File diff suppressed because it is too large Load Diff

1813
scripts/config.sub vendored Normal file
View File

File diff suppressed because it is too large Load Diff

25
scripts/travis
View File

@@ -4,12 +4,31 @@ set -e
./autogen.sh
if [ "x$ARCH" = "xnative" ]; then
# test autotools
./configure
make -j 4 distcheck
# make distribution
make dist
tar zxvf libressl-*.tar.gz
cd libressl-*
mkdir build
cd build
# test cmake and ninja
if [ `uname` = "Darwin" ]; then
# OS X runs out of resources if we run 'make -j check'
make check
cmake ..
make
make test
else
make -j distcheck
sudo apt-get update
sudo apt-get install -y python-software-properties
sudo apt-add-repository -y ppa:kalakris/cmake
sudo apt-get update
sudo apt-get install -y cmake ninja-build
cmake -GNinja ..
ninja
ninja test
fi
else
CPU=i686

24
ssl/CMakeLists.txt
View File

@@ -4,9 +4,8 @@ include_directories(
../include/compat
)
add_library(
ssl
set(
SSL_SRC
bio_ssl.c
bs_ber.c
bs_cbb.c
@@ -22,15 +21,12 @@ add_library(
pqueue.c
s23_clnt.c
s23_lib.c
s23_meth.c
s23_pkt.c
s23_srvr.c
s3_both.c
s3_cbc.c
s3_clnt.c
s3_enc.c
s3_lib.c
s3_meth.c
s3_pkt.c
s3_srvr.c
ssl_algs.c
@@ -51,3 +47,19 @@ add_library(
t1_reneg.c
t1_srvr.c
)
if (BUILD_SHARED)
add_library(ssl-objects OBJECT ${SSL_SRC})
add_library(ssl STATIC $<TARGET_OBJECTS:ssl-objects>)
add_library(ssl-shared SHARED $<TARGET_OBJECTS:ssl-objects>)
if (MSVC)
target_link_libraries(ssl-shared crypto-shared Ws2_32.lib)
endif()
set_target_properties(ssl-shared PROPERTIES OUTPUT_NAME ssl)
set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION}
SOVERSION ${SSL_MAJOR_VERSION})
install(TARGETS ssl ssl-shared DESTINATION lib)
else()
add_library(ssl STATIC ${SSL_SRC})
install(TARGETS ssl DESTINATION lib)
endif()

5
ssl/Makefile.am
View File

@@ -6,7 +6,7 @@ EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined
libssl_la_LIBADD = ../crypto/libcrypto.la
libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la
libssl_la_SOURCES = bio_ssl.c
libssl_la_SOURCES += bs_ber.c
@@ -23,15 +23,12 @@ libssl_la_SOURCES += d1_srvr.c
libssl_la_SOURCES += pqueue.c
libssl_la_SOURCES += s23_clnt.c
libssl_la_SOURCES += s23_lib.c
libssl_la_SOURCES += s23_meth.c
libssl_la_SOURCES += s23_pkt.c
libssl_la_SOURCES += s23_srvr.c
libssl_la_SOURCES += s3_both.c
libssl_la_SOURCES += s3_cbc.c
libssl_la_SOURCES += s3_clnt.c
libssl_la_SOURCES += s3_enc.c
libssl_la_SOURCES += s3_lib.c
libssl_la_SOURCES += s3_meth.c
libssl_la_SOURCES += s3_pkt.c
libssl_la_SOURCES += s3_srvr.c
libssl_la_SOURCES += ssl_algs.c

651
tap-driver.sh Executable file
View File

@@ -0,0 +1,651 @@
#! /bin/sh
# Copyright (C) 2011-2014 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
scriptversion=2013-12-23.17; # UTC
# Make unconditional expansion of undefined variables an error. This
# helps a lot in preventing typo-related bugs.
set -u
me=tap-driver.sh
fatal ()
{
echo "$me: fatal: $*" >&2
exit 1
}
usage_error ()
{
echo "$me: $*" >&2
print_usage >&2
exit 2
}
print_usage ()
{
cat <<END
Usage:
tap-driver.sh --test-name=NAME --log-file=PATH --trs-file=PATH
[--expect-failure={yes|no}] [--color-tests={yes|no}]
[--enable-hard-errors={yes|no}] [--ignore-exit]
[--diagnostic-string=STRING] [--merge|--no-merge]
[--comments|--no-comments] [--] TEST-COMMAND
The '--test-name', '-log-file' and '--trs-file' options are mandatory.
END
}
# TODO: better error handling in option parsing (in particular, ensure
# TODO: $log_file, $trs_file and $test_name are defined).
test_name= # Used for reporting.
log_file= # Where to save the result and output of the test script.
trs_file= # Where to save the metadata of the test run.
expect_failure=0
color_tests=0
merge=0
ignore_exit=0
comments=0
diag_string='#'
while test $# -gt 0; do
case $1 in
--help) print_usage; exit $?;;
--version) echo "$me $scriptversion"; exit $?;;
--test-name) test_name=$2; shift;;
--log-file) log_file=$2; shift;;
--trs-file) trs_file=$2; shift;;
--color-tests) color_tests=$2; shift;;
--expect-failure) expect_failure=$2; shift;;
--enable-hard-errors) shift;; # No-op.
--merge) merge=1;;
--no-merge) merge=0;;
--ignore-exit) ignore_exit=1;;
--comments) comments=1;;
--no-comments) comments=0;;
--diagnostic-string) diag_string=$2; shift;;
--) shift; break;;
-*) usage_error "invalid option: '$1'";;
esac
shift
done
test $# -gt 0 || usage_error "missing test command"
case $expect_failure in
yes) expect_failure=1;;
*) expect_failure=0;;
esac
if test $color_tests = yes; then
init_colors='
color_map["red"]="" # Red.
color_map["grn"]="" # Green.
color_map["lgn"]="" # Light green.
color_map["blu"]="" # Blue.
color_map["mgn"]="" # Magenta.
color_map["std"]="" # No color.
color_for_result["ERROR"] = "mgn"
color_for_result["PASS"] = "grn"
color_for_result["XPASS"] = "red"
color_for_result["FAIL"] = "red"
color_for_result["XFAIL"] = "lgn"
color_for_result["SKIP"] = "blu"'
else
init_colors=''
fi
# :; is there to work around a bug in bash 3.2 (and earlier) which
# does not always set '$?' properly on redirection failure.
# See the Autoconf manual for more details.
:;{
(
# Ignore common signals (in this subshell only!), to avoid potential
# problems with Korn shells. Some Korn shells are known to propagate
# to themselves signals that have killed a child process they were
# waiting for; this is done at least for SIGINT (and usually only for
# it, in truth). Without the `trap' below, such a behaviour could
# cause a premature exit in the current subshell, e.g., in case the
# test command it runs gets terminated by a SIGINT. Thus, the awk
# script we are piping into would never seen the exit status it
# expects on its last input line (which is displayed below by the
# last `echo $?' statement), and would thus die reporting an internal
# error.
# For more information, see the Autoconf manual and the threads:
# <http://lists.gnu.org/archive/html/bug-autoconf/2011-09/msg00004.html>
# <http://mail.opensolaris.org/pipermail/ksh93-integration-discuss/2009-February/004121.html>
trap : 1 3 2 13 15
if test $merge -gt 0; then
exec 2>&1
else
exec 2>&3
fi
"$@"
echo $?
) | LC_ALL=C ${AM_TAP_AWK-awk} \
-v me="$me" \
-v test_script_name="$test_name" \
-v log_file="$log_file" \
-v trs_file="$trs_file" \
-v expect_failure="$expect_failure" \
-v merge="$merge" \
-v ignore_exit="$ignore_exit" \
-v comments="$comments" \
-v diag_string="$diag_string" \
'
# TODO: the usages of "cat >&3" below could be optimized when using
# GNU awk, and/on on systems that supports /dev/fd/.
# Implementation note: in what follows, `result_obj` will be an
# associative array that (partly) simulates a TAP result object
# from the `TAP::Parser` perl module.
## ----------- ##
## FUNCTIONS ##
## ----------- ##
function fatal(msg)
{
print me ": " msg | "cat >&2"
exit 1
}
function abort(where)
{
fatal("internal error " where)
}
# Convert a boolean to a "yes"/"no" string.
function yn(bool)
{
return bool ? "yes" : "no";
}
function add_test_result(result)
{
if (!test_results_index)
test_results_index = 0
test_results_list[test_results_index] = result
test_results_index += 1
test_results_seen[result] = 1;
}
# Whether the test script should be re-run by "make recheck".
function must_recheck()
{
for (k in test_results_seen)
if (k != "XFAIL" && k != "PASS" && k != "SKIP")
return 1
return 0
}
# Whether the content of the log file associated to this test should
# be copied into the "global" test-suite.log.
function copy_in_global_log()
{
for (k in test_results_seen)
if (k != "PASS")
return 1
return 0
}
function get_global_test_result()
{
if ("ERROR" in test_results_seen)
return "ERROR"
if ("FAIL" in test_results_seen || "XPASS" in test_results_seen)
return "FAIL"
all_skipped = 1
for (k in test_results_seen)
if (k != "SKIP")
all_skipped = 0
if (all_skipped)
return "SKIP"
return "PASS";
}
function stringify_result_obj(result_obj)
{
if (result_obj["is_unplanned"] || result_obj["number"] != testno)
return "ERROR"
if (plan_seen == LATE_PLAN)
return "ERROR"
if (result_obj["directive"] == "TODO")
return result_obj["is_ok"] ? "XPASS" : "XFAIL"
if (result_obj["directive"] == "SKIP")
return result_obj["is_ok"] ? "SKIP" : COOKED_FAIL;
if (length(result_obj["directive"]))
abort("in function stringify_result_obj()")
return result_obj["is_ok"] ? COOKED_PASS : COOKED_FAIL
}
function decorate_result(result)
{
color_name = color_for_result[result]
if (color_name)
return color_map[color_name] "" result "" color_map["std"]
# If we are not using colorized output, or if we do not know how
# to colorize the given result, we should return it unchanged.
return result
}
function report(result, details)
{
if (result ~ /^(X?(PASS|FAIL)|SKIP|ERROR)/)
{
msg = ": " test_script_name
add_test_result(result)
}
else if (result == "#")
{
msg = " " test_script_name ":"
}
else
{
abort("in function report()")
}
if (length(details))
msg = msg " " details
# Output on console might be colorized.
print decorate_result(result) msg
# Log the result in the log file too, to help debugging (this is
# especially true when said result is a TAP error or "Bail out!").
print result msg | "cat >&3";
}
function testsuite_error(error_message)
{
report("ERROR", "- " error_message)
}
function handle_tap_result()
{
details = result_obj["number"];
if (length(result_obj["description"]))
details = details " " result_obj["description"]
if (plan_seen == LATE_PLAN)
{
details = details " # AFTER LATE PLAN";
}
else if (result_obj["is_unplanned"])
{
details = details " # UNPLANNED";
}
else if (result_obj["number"] != testno)
{
details = sprintf("%s # OUT-OF-ORDER (expecting %d)",
details, testno);
}
else if (result_obj["directive"])
{
details = details " # " result_obj["directive"];
if (length(result_obj["explanation"]))
details = details " " result_obj["explanation"]
}
report(stringify_result_obj(result_obj), details)
}
# `skip_reason` should be empty whenever planned > 0.
function handle_tap_plan(planned, skip_reason)
{
planned += 0 # Avoid getting confused if, say, `planned` is "00"
if (length(skip_reason) && planned > 0)
abort("in function handle_tap_plan()")
if (plan_seen)
{
# Error, only one plan per stream is acceptable.
testsuite_error("multiple test plans")
return;
}
planned_tests = planned
# The TAP plan can come before or after *all* the TAP results; we speak
# respectively of an "early" or a "late" plan. If we see the plan line
# after at least one TAP result has been seen, assume we have a late
# plan; in this case, any further test result seen after the plan will
# be flagged as an error.
plan_seen = (testno >= 1 ? LATE_PLAN : EARLY_PLAN)
# If testno > 0, we have an error ("too many tests run") that will be
# automatically dealt with later, so do not worry about it here. If
# $plan_seen is true, we have an error due to a repeated plan, and that
# has already been dealt with above. Otherwise, we have a valid "plan
# with SKIP" specification, and should report it as a particular kind
# of SKIP result.
if (planned == 0 && testno == 0)
{
if (length(skip_reason))
skip_reason = "- " skip_reason;
report("SKIP", skip_reason);
}
}
function extract_tap_comment(line)
{
if (index(line, diag_string) == 1)
{
# Strip leading `diag_string` from `line`.
line = substr(line, length(diag_string) + 1)
# And strip any leading and trailing whitespace left.
sub("^[ \t]*", "", line)
sub("[ \t]*$", "", line)
# Return what is left (if any).
return line;
}
return "";
}
# When this function is called, we know that line is a TAP result line,
# so that it matches the (perl) RE "^(not )?ok\b".
function setup_result_obj(line)
{
# Get the result, and remove it from the line.
result_obj["is_ok"] = (substr(line, 1, 2) == "ok" ? 1 : 0)
sub("^(not )?ok[ \t]*", "", line)
# If the result has an explicit number, get it and strip it; otherwise,
# automatically assing the next progresive number to it.
if (line ~ /^[0-9]+$/ || line ~ /^[0-9]+[^a-zA-Z0-9_]/)
{
match(line, "^[0-9]+")
# The final `+ 0` is to normalize numbers with leading zeros.
result_obj["number"] = substr(line, 1, RLENGTH) + 0
line = substr(line, RLENGTH + 1)
}
else
{
result_obj["number"] = testno
}
if (plan_seen == LATE_PLAN)
# No further test results are acceptable after a "late" TAP plan
# has been seen.
result_obj["is_unplanned"] = 1
else if (plan_seen && testno > planned_tests)
result_obj["is_unplanned"] = 1
else
result_obj["is_unplanned"] = 0
# Strip trailing and leading whitespace.
sub("^[ \t]*", "", line)
sub("[ \t]*$", "", line)
# This will have to be corrected if we have a "TODO"/"SKIP" directive.
result_obj["description"] = line
result_obj["directive"] = ""
result_obj["explanation"] = ""
if (index(line, "#") == 0)
return # No possible directive, nothing more to do.
# Directives are case-insensitive.
rx = "[ \t]*#[ \t]*([tT][oO][dD][oO]|[sS][kK][iI][pP])[ \t]*"
# See whether we have the directive, and if yes, where.
pos = match(line, rx "$")
if (!pos)
pos = match(line, rx "[^a-zA-Z0-9_]")
# If there was no TAP directive, we have nothing more to do.
if (!pos)
return
# Let`s now see if the TAP directive has been escaped. For example:
# escaped: ok \# SKIP
# not escaped: ok \\# SKIP
# escaped: ok \\\\\# SKIP
# not escaped: ok \ # SKIP
if (substr(line, pos, 1) == "#")
{
bslash_count = 0
for (i = pos; i > 1 && substr(line, i - 1, 1) == "\\"; i--)
bslash_count += 1
if (bslash_count % 2)
return # Directive was escaped.
}
# Strip the directive and its explanation (if any) from the test
# description.
result_obj["description"] = substr(line, 1, pos - 1)
# Now remove the test description from the line, that has been dealt
# with already.
line = substr(line, pos)
# Strip the directive, and save its value (normalized to upper case).
sub("^[ \t]*#[ \t]*", "", line)
result_obj["directive"] = toupper(substr(line, 1, 4))
line = substr(line, 5)
# Now get the explanation for the directive (if any), with leading
# and trailing whitespace removed.
sub("^[ \t]*", "", line)
sub("[ \t]*$", "", line)
result_obj["explanation"] = line
}
function get_test_exit_message(status)
{
if (status == 0)
return ""
if (status !~ /^[1-9][0-9]*$/)
abort("getting exit status")
if (status < 127)
exit_details = ""
else if (status == 127)
exit_details = " (command not found?)"
else if (status >= 128 && status <= 255)
exit_details = sprintf(" (terminated by signal %d?)", status - 128)
else if (status > 256 && status <= 384)
# We used to report an "abnormal termination" here, but some Korn
# shells, when a child process die due to signal number n, can leave
# in $? an exit status of 256+n instead of the more standard 128+n.
# Apparently, both behaviours are allowed by POSIX (2008), so be
# prepared to handle them both. See also Austing Group report ID
# 0000051 <http://www.austingroupbugs.net/view.php?id=51>
exit_details = sprintf(" (terminated by signal %d?)", status - 256)
else
# Never seen in practice.
exit_details = " (abnormal termination)"
return sprintf("exited with status %d%s", status, exit_details)
}
function write_test_results()
{
print ":global-test-result: " get_global_test_result() > trs_file
print ":recheck: " yn(must_recheck()) > trs_file
print ":copy-in-global-log: " yn(copy_in_global_log()) > trs_file
for (i = 0; i < test_results_index; i += 1)
print ":test-result: " test_results_list[i] > trs_file
close(trs_file);
}
BEGIN {
## ------- ##
## SETUP ##
## ------- ##
'"$init_colors"'
# Properly initialized once the TAP plan is seen.
planned_tests = 0
COOKED_PASS = expect_failure ? "XPASS": "PASS";
COOKED_FAIL = expect_failure ? "XFAIL": "FAIL";
# Enumeration-like constants to remember which kind of plan (if any)
# has been seen. It is important that NO_PLAN evaluates "false" as
# a boolean.
NO_PLAN = 0
EARLY_PLAN = 1
LATE_PLAN = 2
testno = 0 # Number of test results seen so far.
bailed_out = 0 # Whether a "Bail out!" directive has been seen.
# Whether the TAP plan has been seen or not, and if yes, which kind
# it is ("early" is seen before any test result, "late" otherwise).
plan_seen = NO_PLAN
## --------- ##
## PARSING ##
## --------- ##
is_first_read = 1
while (1)
{
# Involutions required so that we are able to read the exit status
# from the last input line.
st = getline
if (st < 0) # I/O error.
fatal("I/O error while reading from input stream")
else if (st == 0) # End-of-input
{
if (is_first_read)
abort("in input loop: only one input line")
break
}
if (is_first_read)
{
is_first_read = 0
nextline = $0
continue
}
else
{
curline = nextline
nextline = $0
$0 = curline
}
# Copy any input line verbatim into the log file.
print | "cat >&3"
# Parsing of TAP input should stop after a "Bail out!" directive.
if (bailed_out)
continue
# TAP test result.
if ($0 ~ /^(not )?ok$/ || $0 ~ /^(not )?ok[^a-zA-Z0-9_]/)
{
testno += 1
setup_result_obj($0)
handle_tap_result()
}
# TAP plan (normal or "SKIP" without explanation).
else if ($0 ~ /^1\.\.[0-9]+[ \t]*$/)
{
# The next two lines will put the number of planned tests in $0.
sub("^1\\.\\.", "")
sub("[^0-9]*$", "")
handle_tap_plan($0, "")
continue
}
# TAP "SKIP" plan, with an explanation.
else if ($0 ~ /^1\.\.0+[ \t]*#/)
{
# The next lines will put the skip explanation in $0, stripping
# any leading and trailing whitespace. This is a little more
# tricky in truth, since we want to also strip a potential leading
# "SKIP" string from the message.
sub("^[^#]*#[ \t]*(SKIP[: \t][ \t]*)?", "")
sub("[ \t]*$", "");
handle_tap_plan(0, $0)
}
# "Bail out!" magic.
# Older versions of prove and TAP::Harness (e.g., 3.17) did not
# recognize a "Bail out!" directive when preceded by leading
# whitespace, but more modern versions (e.g., 3.23) do. So we
# emulate the latter, "more modern" behaviour.
else if ($0 ~ /^[ \t]*Bail out!/)
{
bailed_out = 1
# Get the bailout message (if any), with leading and trailing
# whitespace stripped. The message remains stored in `$0`.
sub("^[ \t]*Bail out![ \t]*", "");
sub("[ \t]*$", "");
# Format the error message for the
bailout_message = "Bail out!"
if (length($0))
bailout_message = bailout_message " " $0
testsuite_error(bailout_message)
}
# Maybe we have too look for dianogtic comments too.
else if (comments != 0)
{
comment = extract_tap_comment($0);
if (length(comment))
report("#", comment);
}
}
## -------- ##
## FINISH ##
## -------- ##
# A "Bail out!" directive should cause us to ignore any following TAP
# error, as well as a non-zero exit status from the TAP producer.
if (!bailed_out)
{
if (!plan_seen)
{
testsuite_error("missing test plan")
}
else if (planned_tests != testno)
{
bad_amount = testno > planned_tests ? "many" : "few"
testsuite_error(sprintf("too %s tests run (expected %d, got %d)",
bad_amount, planned_tests, testno))
}
if (!ignore_exit)
{
# Fetch exit status from the last line.
exit_message = get_test_exit_message(nextline)
if (exit_message)
testsuite_error(exit_message)
}
}
write_test_results()
exit 0
} # End of "BEGIN" block.
'
# TODO: document that we consume the file descriptor 3 :-(
} 3>"$log_file"
test $? -eq 0 || fatal "I/O or internal error"
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

28
tests/CMakeLists.txt
View File

@@ -5,7 +5,8 @@ include_directories(
../crypto/modes
../crypto/asn1
../ssl
../apps
../apps/openssl
../apps/openssl/compat
)
set(ENV{srcdir} ${CMAKE_CURRENT_SOURCE_DIR})
@@ -35,6 +36,11 @@ add_executable(asn1test asn1test.c)
target_link_libraries(asn1test ${OPENSSL_LIBS})
add_test(asn1test asn1test)
# asn1time
add_executable(asn1time asn1time.c)
target_link_libraries(asn1time ${OPENSSL_LIBS})
add_test(asn1time asn1time)
# base64test
add_executable(base64test base64test.c)
target_link_libraries(base64test ${OPENSSL_LIBS})
@@ -75,6 +81,11 @@ add_executable(cipherstest cipherstest.c)
target_link_libraries(cipherstest ${OPENSSL_LIBS})
add_test(cipherstest cipherstest)
# clienttest
add_executable(clienttest clienttest.c)
target_link_libraries(clienttest ${OPENSSL_LIBS})
add_test(clienttest clienttest)
# cts128test
add_executable(cts128test cts128test.c)
target_link_libraries(cts128test ${OPENSSL_LIBS})
@@ -216,6 +227,11 @@ add_executable(rc4test rc4test.c)
target_link_libraries(rc4test ${OPENSSL_LIBS})
add_test(rc4test rc4test)
# rfc5280time
add_executable(rfc5280time rfc5280time.c)
target_link_libraries(rfc5280time ${OPENSSL_LIBS})
add_test(rfc5280time rfc5280time)
# rmdtest
add_executable(rmdtest rmdtest.c)
target_link_libraries(rmdtest ${OPENSSL_LIBS})
@@ -236,11 +252,6 @@ add_executable(sha512test sha512test.c)
target_link_libraries(sha512test ${OPENSSL_LIBS})
add_test(sha512test sha512test)
# shatest
add_executable(shatest shatest.c)
target_link_libraries(shatest ${OPENSSL_LIBS})
add_test(shatest shatest)
# ssltest
#add_executable(ssltest ssltest.c)
#target_link_libraries(ssltest ${OPENSSL_LIBS})
@@ -264,3 +275,8 @@ add_test(timingsafe timingsafe)
add_executable(utf8test utf8test.c)
target_link_libraries(utf8test ${OPENSSL_LIBS})
add_test(utf8test utf8test)
# verifytest
add_executable(verifytest verifytest.c)
target_link_libraries(verifytest tls ${OPENSSL_LIBS})
add_test(verifytest verifytest)

42
tests/Makefile.am
View File

@@ -3,11 +3,15 @@ include $(top_srcdir)/Makefile.am.common
AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I $(top_srcdir)/ssl
AM_CPPFLAGS += -I $(top_srcdir)/apps
AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl
AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl/compat
LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
LDADD += $(top_builddir)/ssl/libssl.la
LDADD += $(top_builddir)/crypto/libcrypto.la
LDADD += $(abs_top_builddir)/ssl/libssl.la
LDADD += $(abs_top_builddir)/crypto/libcrypto.la
LDADD += $(abs_top_builddir)/tls/libtls.la
TEST_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh
TESTS =
check_PROGRAMS =
@@ -40,6 +44,11 @@ TESTS += asn1test
check_PROGRAMS += asn1test
asn1test_SOURCES = asn1test.c
# asn1time
TESTS += asn1time
check_PROGRAMS += asn1time
asn1time_SOURCES = asn1time.c
# base64test
TESTS += base64test
check_PROGRAMS += base64test
@@ -89,6 +98,11 @@ TESTS += cipherstest
check_PROGRAMS += cipherstest
cipherstest_SOURCES = cipherstest.c
# clienttest
TESTS += clienttest
check_PROGRAMS += clienttest
clienttest_SOURCES = clienttest.c
# cts128test
TESTS += cts128test
check_PROGRAMS += cts128test
@@ -208,10 +222,11 @@ pbkdf2_SOURCES = pbkdf2.c
# pidwraptest relies on an OS-specific way to give out pids and is generally
# awkward on systems with slow fork
if ENABLE_EXTRATESTS
TESTS += pidwraptest
TESTS += pidwraptest.sh
check_PROGRAMS += pidwraptest
pidwraptest_SOURCES = pidwraptest.c
endif
EXTRA_DIST += pidwraptest.sh
# pkcs7test
TESTS += pkcs7test
@@ -245,6 +260,16 @@ TESTS += rc4test
check_PROGRAMS += rc4test
rc4test_SOURCES = rc4test.c
# rfc5280time
check_PROGRAMS += rfc5280time
rfc5280time_SOURCES = rfc5280time.c
if SMALL_TIME_T
TESTS += rfc5280time_small.test
else
TESTS += rfc5280time
endif
EXTRA_DIST += rfc5280time_small.test
# rmdtest
TESTS += rmdtest
check_PROGRAMS += rmdtest
@@ -265,11 +290,6 @@ TESTS += sha512test
check_PROGRAMS += sha512test
sha512test_SOURCES = sha512test.c
# shatest
TESTS += shatest
check_PROGRAMS += shatest
shatest_SOURCES = shatest.c
# ssltest
TESTS += ssltest.sh
check_PROGRAMS += ssltest
@@ -300,3 +320,7 @@ TESTS += utf8test
check_PROGRAMS += utf8test
utf8test_SOURCES = utf8test.c
# verifytest
TESTS += verifytest
check_PROGRAMS += verifytest
verifytest_SOURCES = verifytest.c

10
tests/rfc5280time_small.test Executable file
View File

@@ -0,0 +1,10 @@
#!/bin/sh
set -e
echo 1..2
TEST=./rfc5280time
if [ -e ./rfc5280time.exe ]; then
TEST=./rfc5280time.exe
fi
$TEST
echo "ok 1"
echo "ok 2 - rfc5280time_64-bit # SKIP this system is unable to represent times past 2038"

6
tests/ssltest.sh
View File

@@ -6,9 +6,9 @@ if [ -e ./ssltest.exe ]; then
ssltest_bin=./ssltest.exe
fi
openssl_bin=../apps/openssl
if [ -e ../apps/openssl.exe ]; then
openssl_bin=../apps/openssl.exe
openssl_bin=../apps/openssl/openssl
if [ -e ../apps/openssl/openssl.exe ]; then
openssl_bin=../apps/openssl/openssl.exe
fi
if [ -z $srcdir ]; then

6
tests/testdsa.sh
View File

@@ -4,9 +4,9 @@
#Test DSA certificate generation of openssl
cmd=../apps/openssl
if [ -e ../apps/openssl.exe ]; then
cmd=../apps/openssl.exe
cmd=../apps/openssl/openssl
if [ -e ../apps/openssl/openssl.exe ]; then
cmd=../apps/openssl/openssl.exe
fi
if [ -z $srcdir ]; then

6
tests/testenc.sh
View File

@@ -2,9 +2,9 @@
# $OpenBSD: testenc.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $
test=p
cmd=../apps/openssl
if [ -e ../apps/openssl.exe ]; then
cmd=../apps/openssl.exe
cmd=../apps/openssl/openssl
if [ -e ../apps/openssl/openssl.exe ]; then
cmd=../apps/openssl/openssl.exe
fi
cat openssl.cnf >$test;

6
tests/testrsa.sh
View File

@@ -4,9 +4,9 @@
#Test RSA certificate generation of openssl
cmd=../apps/openssl
if [ -e ../apps/openssl.exe ]; then
cmd=../apps/openssl.exe
cmd=../apps/openssl/openssl
if [ -e ../apps/openssl/openssl.exe ]; then
cmd=../apps/openssl/openssl.exe
fi
if [ -z $srcdir ]; then

19
tls/CMakeLists.txt
View File

@@ -9,7 +9,9 @@ set(
tls.c
tls_client.c
tls_config.c
tls_conninfo.c
tls_server.c
tls_peer.c
tls_util.c
tls_verify.c
)
@@ -19,4 +21,19 @@ if(NOT HAVE_STRCASECMP)
set(TLS_SRC ${TLS_SRC} strsep.c)
endif()
add_library(tls ${TLS_SRC})
if (BUILD_SHARED)
add_library(tls-objects OBJECT ${TLS_SRC})
add_library(tls STATIC $<TARGET_OBJECTS:tls-objects>)
add_library(tls-shared SHARED $<TARGET_OBJECTS:tls-objects>)
if (MSVC)
target_link_libraries(tls-shared ssl-shared crypto-shared Ws2_32.lib)
endif()
set_target_properties(tls-shared PROPERTIES OUTPUT_NAME tls)
set_target_properties(tls-shared PROPERTIES VERSION ${TLS_VERSION}
SOVERSION ${TLS_MAJOR_VERSION})
install(TARGETS tls tls-shared DESTINATION lib)
else()
add_library(tls STATIC ${TLS_SRC})
install(TARGETS tls DESTINATION lib)
endif()

13
tls/Makefile.am
View File

@@ -6,12 +6,23 @@ EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined
libtls_la_LIBADD = ../crypto/libcrypto.la ../ssl/libssl.la $(PLATFORM_LDADD)
libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la
libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la
libtls_la_LIBADD += $(PLATFORM_LDADD)
libtls_la_CPPFLAGS = $(AM_CPPFLAGS)
if OPENSSLDIR_DEFINED
libtls_la_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
else
libtls_la_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"
endif
libtls_la_SOURCES = tls.c
libtls_la_SOURCES += tls_client.c
libtls_la_SOURCES += tls_config.c
libtls_la_SOURCES += tls_conninfo.c
libtls_la_SOURCES += tls_server.c
libtls_la_SOURCES += tls_peer.c
libtls_la_SOURCES += tls_util.c
libtls_la_SOURCES += tls_verify.c
noinst_HEADERS = tls_internal.h

86
update.sh
View File

@@ -1,4 +1,4 @@
#!/usr/bin/env bash
#!/bin/sh
set -e
openbsd_branch=`cat OPENBSD_BRANCH`
@@ -25,20 +25,21 @@ libcrypto_regress=$CWD/openbsd/src/regress/lib/libcrypto
libssl_src=$CWD/openbsd/src/lib/libssl
libssl_regress=$CWD/openbsd/src/regress/lib/libssl
libtls_src=$CWD/openbsd/src/lib/libtls
openssl_app_src=$CWD/openbsd/src/usr.bin/openssl
libtls_regress=$CWD/openbsd/src/regress/lib/libtls
app_src=$CWD/openbsd/src/usr.bin
# load library versions
source $libcrypto_src/crypto/shlib_version
. $libcrypto_src/crypto/shlib_version
libcrypto_version=$major:$minor:0
echo "libcrypto version $libcrypto_version"
echo $libcrypto_version > crypto/VERSION
source $libssl_src/ssl/shlib_version
. $libssl_src/ssl/shlib_version
libssl_version=$major:$minor:0
echo "libssl version $libssl_version"
echo $libssl_version > ssl/VERSION
source $libtls_src/shlib_version
. $libtls_src/shlib_version
libtls_version=$major:$minor:0
echo "libtls version $libtls_version"
echo $libtls_version > tls/VERSION
@@ -52,21 +53,27 @@ do_mv() {
rm -f "$1"
fi
}
CP='cp -p'
MV='do_mv'
do_cp_libc() {
sed "/DEF_WEAK/d" < "$1" > "$2"/`basename "$1"`
}
CP_LIBC='do_cp_libc'
CP='cp -p'
$CP $libssl_src/src/LICENSE COPYING
$CP $libcrypto_src/crypto/arch/amd64/opensslconf.h include/openssl
$CP $libssl_src/src/crypto/opensslfeatures.h include/openssl
$CP $libssl_src/src/e_os2.h include/openssl
$CP $libssl_src/src/ssl/pqueue.h include
$CP $libtls_src/tls.h include
$CP $libtls_src/tls.h libtls-standalone/include
for i in crypto/compat libtls-standalone/compat; do
$CP $libc_src/crypt/arc4random.c \
for j in $libc_src/crypt/arc4random.c \
$libc_src/crypt/arc4random_uniform.c \
$libc_src/crypt/chacha_private.h \
$libc_src/string/explicit_bzero.c \
$libc_src/stdlib/reallocarray.c \
@@ -78,8 +85,9 @@ for i in crypto/compat libtls-standalone/compat; do
$libc_src/string/timingsafe_bcmp.c \
$libc_src/string/timingsafe_memcmp.c \
$libcrypto_src/crypto/getentropy_*.c \
$libcrypto_src/crypto/arc4random_*.h \
$i
$libcrypto_src/crypto/arc4random_*.h; do
$CP_LIBC $j $i
done
done
$CP include/compat/stdlib.h \
@@ -143,7 +151,7 @@ $CP crypto/compat/ui_openssl_win.c crypto/ui
asm_src=$libssl_src/src/crypto
gen_asm_stdout() {
perl $asm_src/$2 $1 > $3.tmp
[[ $1 == "elf" ]] && cat <<-EOF >> $3.tmp
[ $1 = "elf" ] && cat <<-EOF >> $3.tmp
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
@@ -152,7 +160,7 @@ gen_asm_stdout() {
}
gen_asm() {
perl $asm_src/$2 $1 $3.tmp
[[ $1 == "elf" ]] && cat <<-EOF >> $3.tmp
[ $1 = "elf" ] && cat <<-EOF >> $3.tmp
#if defined(HAVE_GNU_STACK)
.section .note.GNU-stack,"",%progbits
#endif
@@ -191,8 +199,10 @@ for i in `awk '/SOURCES|HEADERS/ { print $3 }' tls/Makefile.am` ; do
$CP $libtls_src/$i libtls-standalone/src
fi
done
$CP $libc_src/string/strsep.c tls
$CP $libc_src/string/strsep.c libtls-standalone/compat
$CP_LIBC $libc_src/string/strsep.c tls
$CP_LIBC $libc_src/string/strsep.c libtls-standalone/compat
mkdir -p libtls-standalone/m4
$CP m4/check*.m4 \
m4/disable*.m4 \
@@ -200,15 +210,27 @@ $CP m4/check*.m4 \
sed -e "s/compat\///" crypto/Makefile.am.arc4random > \
libtls-standalone/compat/Makefile.am.arc4random
# copy nc(1) source
echo "copying nc(1) source"
$CP $app_src/nc/nc.1 apps/nc
rm -f apps/nc/*.c apps/nc/*.h
$CP_LIBC $libc_src/stdlib/strtonum.c apps/nc/compat
for i in `awk '/SOURCES|HEADERS|MANS/ { print $3 }' apps/nc/Makefile.am` ; do
if [ -e $app_src/nc/$i ]; then
$CP $app_src/nc/$i apps/nc
fi
done
# copy openssl(1) source
echo "copying openssl(1) source"
$CP $libc_src/stdlib/strtonum.c apps
$CP $libcrypto_src/cert.pem apps
$CP $libcrypto_src/openssl.cnf apps
$CP $libcrypto_src/x509v3.cnf apps
for i in `awk '/SOURCES|HEADERS/ { print $3 }' apps/Makefile.am` ; do
if [ -e $openssl_app_src/$i ]; then
$CP $openssl_app_src/$i apps
$CP $app_src/openssl/openssl.1 apps/openssl
$CP_LIBC $libc_src/stdlib/strtonum.c apps/openssl/compat
$CP $libcrypto_src/cert.pem apps/openssl
$CP $libcrypto_src/openssl.cnf apps/openssl
$CP $libcrypto_src/x509v3.cnf apps/openssl
for i in `awk '/SOURCES|HEADERS|MANS/ { print $3 }' apps/openssl/Makefile.am` ; do
if [ -e $app_src/openssl/$i ]; then
$CP $app_src/openssl/$i apps/openssl
fi
done
@@ -231,7 +253,7 @@ $CP $libcrypto_regress/pqueue/expected.txt tests/pq_expected.txt
# copy libc tests
$CP $libc_regress/arc4random-fork/arc4random-fork.c tests/arc4randomforktest.c
$CP $libc_regress/explicit_bzero/explicit_bzero.c tests
$CP $libc_src/string/memmem.c tests
$CP_LIBC $libc_src/string/memmem.c tests
$CP $libc_regress/timingsafe/timingsafe.c tests
# copy libssl tests
@@ -243,6 +265,11 @@ $CP $libssl_regress/unit/tests.h tests
$CP $libssl_regress/certs/ca.pem tests
$CP $libssl_regress/certs/server.pem tests
# copy libtls tests
for i in `find $libtls_regress -name '*.c'`; do
$CP "$i" tests
done
chmod 755 tests/testssl
# add headers
@@ -273,17 +300,20 @@ add_man_links() {
done
}
# apply local patches (Windows support)
# apply local patches
PATCH=patch
# Prefer gnu patch on AIX systems, if available
if [ -x /opt/freeware/bin/patch ]; then
PATCH=/opt/freeware/bin/patch
fi
for i in patches/*.patch; do
patch -p0 < $i
$PATCH -p0 < $i
done
# copy manpages
echo "copying manpages"
echo dist_man_MANS= > man/Makefile.am
$CP $openssl_app_src/openssl.1 man
echo "dist_man_MANS += openssl.1" >> man/Makefile.am
echo EXTRA_DIST = CMakeLists.txt > man/Makefile.am
echo dist_man_MANS = >> man/Makefile.am
$CP $libtls_src/tls_init.3 man
echo "dist_man_MANS += tls_init.3" >> man/Makefile.am