Compare commits

..

271 Commits

Author SHA1 Message Date
kinichiro
90898c9686 Call va_end soon after using variable length variable
- This fix MSVC compiler warning C4702 "unreachable code".
2018-01-07 16:23:41 -06:00
kinichiro
339074b924 Reconsider MSVC warning list
- Remove C4242 and C4820
- Warning explanation from manual
- Sort by warning code
2018-01-07 16:23:41 -06:00
kinichiro
0a583bd21d Remove unneeded -ULIBRESSL_INTERNAL 2018-01-07 16:23:41 -06:00
Brent Cook
190bd346e7 add release notes 2017-12-11 04:57:42 -06:00
Kyle J. McKay
ac9a73f695 netcat.c.patch: eliminate syntax error from patch
If the target system does not define IPV6_TCLASS, this part of
the patch handles that with an ENOPROTOOPT error rather than
failing to compile.

Unfortunately it's missing a trailing semicolon leading to
a compilation error.

Add the missing semicolon to fix the problem.

Signed-off-by: Kyle J. McKay <mackyle@gmail.com>
2017-12-11 04:32:06 -06:00
Evgen Bodunov
71d9fd9709 Fixed getpagesize detection on Android 2017-11-23 09:38:41 -06:00
Aric Belsito
6cb4aa08ab Create correct directory in CMake install.
Was creating ${CONFDIR}/cert instead of ${CONFDIR}/certs.
2017-11-23 05:42:25 -06:00
Brent Cook
68a99284c3 fetch before update to grab new branches 2017-11-05 17:14:28 -06:00
Brent Cook
fe8a52a0d9 update changelog 2017-11-05 17:13:06 -06:00
Brent Cook
727aeabdd8 make OPENBSD_6_2 branch 2017-11-02 05:59:08 -05:00
Bernard Spil
794f48f1d8 Separate man(5) pages 2017-10-22 16:10:38 +02:00
Brent Cook
cd9f686793 Land #355, update libc checks 2017-09-26 09:21:38 -05:00
kinichiro
9bb3e03722 Fix checking memmem in apps/ocspcheck/CMakeLists.txt
- Issue #352 pointed out by @d3x0r
2017-09-26 22:02:21 +09:00
Brent Cook
07b9f6c371 update release notes 2017-09-25 23:06:21 -05:00
Brent Cook
6054891d43 Land #348, include .5 manpages 2017-09-17 10:08:19 -05:00
Aric Belsito
cbe57bef04 Some CMake Fixes.
pqueue.h was getting installed when it shouldn't.
pkgconfig files were not getting installed or generated.
2017-09-10 11:54:23 -07:00
kinichiro
03502b8d8f Add *.5 manpages in libcrypto/man/ 2017-09-10 12:58:47 +09:00
Brent Cook
8a2a079b6d spelling 2017-09-06 18:37:12 -05:00
Brent Cook
c53c374f83 update VS prerequisites, refer to autogen.sh more 2017-09-04 16:32:43 -05:00
Brent Cook
fa1c469601 Land #344, fix regress tlxexttest for certain C compilers 2017-09-04 16:24:49 -05:00
Brent Cook
7035c7268d be more concise, formatting 2017-09-04 16:24:14 -05:00
Brent Cook
82fda3d410 update changes 2017-09-04 16:18:20 -05:00
Brent Cook
b623db7bfb enhance README warnings, remove pod2man requirement 2017-09-04 16:14:54 -05:00
Brent Cook
3612cbe3a0 update manpage links 2017-09-03 21:52:59 -05:00
Brent Cook
d653deef65 add 2.6.1 changelog 2017-09-03 21:52:18 -05:00
kinichiro
512573f0de Add patch for regress tlsexttest
Some compiler does not support 0 sized array.
This patch changes 0 sized array to have NULL and using variable instead of
sizeof function.
2017-09-03 01:16:36 +09:00
kinichiro
f4d2b810cb Remove rsa/rsa_ssl.c 2017-09-01 23:37:09 +09:00
Brent Cook
7dc68c82bc set SMALL_TIME_T when sizeof time_t == 4 2017-08-14 12:15:00 -05:00
Brent Cook
4916f940c8 use standard initialization for poll loop delay 2017-08-13 16:09:32 -05:00
Brent Cook
9e7fd1fa31 declare struct timezone outside of the function declaration 2017-08-13 16:04:03 -05:00
Brent Cook
e0cffc6b48 disable signed/unsigned mismatch in vs builds 2017-08-13 11:49:04 -05:00
Brent Cook
8f255707f0 Land #338, disable NPN tests 2017-08-13 08:54:38 -05:00
Brent Cook
4c6097c220 bump to latest version of tap driver 2017-08-13 08:54:03 -05:00
kinichiro
23b5d39cfb Remove NPN test coverage for Windows. 2017-08-13 19:10:46 +09:00
Brent Cook
94e4224f5f don't build empty object files 2017-08-12 10:05:30 -05:00
Brent Cook
bdec057318 Land #332, fix shared library dependencies with cmake for libssl/libtls 2017-08-12 09:46:19 -05:00
kinichiro
9be0359cc3 Remove ssl/t1_reneg.c 2017-08-12 01:15:17 +09:00
Masud Rahman
1dd6a52f2d ssl/tls cmake: fix shared library dependencies
Ensure that the 'ssl' depends on 'crypto' and that 'tls' depends on
'ssl' and 'crypto' for all platforms.  Prior to this commit, the
dependency was only specified for the 'WIN32' CMake build.
2017-07-24 15:26:29 -04:00
Brent Cook
5ec2c381e4 rebase patches on latest, remove fuzz 2017-07-17 06:13:21 -05:00
Brent Cook
86434e03e8 update manpage links 2017-07-17 06:06:08 -05:00
Brent Cook
58ba8785fb add tlsext 2017-07-17 05:12:55 -05:00
Brent Cook
e53af8da67 Land #329, modify symbol exports for Darwin with cmake builds 2017-07-17 04:29:39 -05:00
Brent Cook
9887c82768 Land #331, add prototype definitions of asprintf and vasprintf for CYGWIN build 2017-07-17 04:25:21 -05:00
kinichiro
5afc4e3cd8 add prototype definitions of asprintf and vasprintf for CYGWIN build
- define _GNU_SOURCE in case of cygwin

As compilation warning report by @Dravion
2017-07-16 23:59:55 +09:00
kinichiro
f7cf93fd22 Add regression test freenull 2017-07-16 11:49:15 +09:00
Brent Cook
cefd44a86e changelog corrections 2017-07-12 04:08:47 -05:00
Brent Cook
5e6de6ebce remove duplcate changelog entry 2017-07-09 11:00:20 -05:00
Brent Cook
c92119f50a added 2.6.0 Changes 2017-07-09 10:36:22 -05:00
Brent Cook
51e5279c24 Updated changelog 2017-07-09 06:16:59 -05:00
Brent Cook
70ee57c6ad Land #328, generate the crypto export symbol list at build time 2017-07-09 05:12:21 -05:00
Brent Cook
0dbae37735 Land #324, Add option LIBRESSL_SKIP_INSTALL 2017-07-09 05:06:06 -05:00
Brent Cook
e550534203 make it easier to swap grep (Solaris grep doesn't support alpha) 2017-07-08 19:05:35 -05:00
Brent Cook
9b88fa46bb generate the crypto export symbol list at build time
we currently do it at configure time, which makes this a generated
source, but generated sources should be cleaned up, which breaks
'make clean; make'
2017-07-08 17:46:16 -05:00
kinichiro
c18852f650 Set Solaris build default to 64 bit 2017-07-08 01:43:07 +09:00
d3x0r
0e82f22d16 Okay really one more try. 2017-07-07 01:21:16 -07:00
d3x0r
9cad7f785b Okay one more try. 2017-07-07 01:20:21 -07:00
d3x0r
08869b75db use \- to prevent hyphen wrapping 2017-07-07 01:17:48 -07:00
d3x0r
fc4e1b9572 use &#8209; to prevent hyphen wrapping 2017-07-07 01:11:57 -07:00
d3x0r
a8cd9fdbd6 use &#x2011; option hyphen wrapping 2017-07-07 01:07:05 -07:00
d3x0r
3471d20142 Fix formatting for description of openssldir and skip install; add <nobr> to prevent option hyphen wrapping 2017-07-07 01:04:34 -07:00
d3x0r
a61122ef6c Fix formatting for description of openssldir and skip install 2017-07-07 01:01:08 -07:00
d3x0r
360a67cd34 Add documentation about available CMake options. 2017-07-07 00:59:05 -07:00
d3x0r
a4d80ca56a Merge branch 'master' of https://github.com/libressl-portable/portable into SkipInstall
Fix merge conflicts from GNUInstallDirs merge to master.
2017-07-06 23:11:11 -07:00
Brent Cook
334245374a Land #323, use GNUInstallDirs from cmake to specify install paths 2017-07-06 23:58:40 -05:00
Brent Cook
52080abbf7 Land #326, fix tests/tlstest.bat argument order 2017-07-06 23:57:05 -05:00
kinichiro
322b82367d fix tests/tlstest.bat 2017-07-07 01:40:35 +09:00
kinichiro
1f7777169d update netcat patch 2017-07-07 00:46:48 +09:00
d3x0r
2557dd7439 Add option LIBRESSL_SKIP_INSTALL
Internally LIBRESSL_SKIP_INSTALL, if not set becomes ENABLE_LIBRESSL_INSTALL so this by default is enabled.  defining LIBRESSL_SKIP_INSTALL before hand will disable all install() rules.
This is useful if another project includes and links to this statically.
I chose to add a prefix to avoid potential name collision because the options are cached globally.

If the installation is skipped, maybe it should also disable building apps?  I didn't do that.
2017-07-06 02:09:44 -07:00
d3x0r
a2bd5ebaba use GNUInstallDirs from cmake to specify install paths.
Primarily this is to select whether 'lib64' or 'lib' is used on linux type systems.
2017-07-06 01:49:43 -07:00
Brent Cook
728bda1830 Land #318, Fix CMake module include path 2017-07-05 23:17:49 -05:00
Brent Cook
8a658c37b5 Land #316, Remove misleading CFLAGS / LDFLAGS 2017-07-05 23:16:45 -05:00
Masud Rahman
73e51e012f cmake_export_symbol: Darwin compatibility
The Darwin platform prefixes all C symbols with an underscore.  At
link-time of a shared library, libressl generates a list of symbols to
export, but does not prefix each symbol with an underscore.

This commit addresses that issue.
2017-06-25 18:19:20 -04:00
Matt Stancliff
fe79df3c90 Fix CMake module include path
Need to search the current directory, not the overall project root directory
if this is being included as a sub-dependency of another project.
2017-06-15 23:11:13 -04:00
Brent Cook
8b80bcdad8 re-add getpagesize fallback, needed for Android 2017-06-11 11:21:34 -05:00
Paul Graham
b49242fcb0 Remove misleading CFLAGS / LDFLAGS.
These variables were being ignored because libtool doesn't pass -static-libgcc to GCC.
If you want to link libgcc statically, currently the only way to achieve this is to
manually add -static-libgcc to CC variable. See:

http://www.mingw.org/wiki/HOWTO_Sneak_GCC_Switches_Past_Libtool
2017-06-09 13:33:14 +02:00
Brent Cook
0974d6f011 update nc patch 2017-06-03 20:13:25 -05:00
kinichiro
d3f3daec18 defining DEFAULT_CA_FILE only if it is not defined.
indicated by Kyle J. McKay mackyle@gmail.com
2017-06-04 00:56:11 +09:00
Brent Cook
0da71010d6 update tlstest argument ordering 2017-05-18 00:31:20 -05:00
Brent Cook
e7b0c0069b fix hkdftest name 2017-05-18 00:31:07 -05:00
kinichiro
530fbba1ed Add definition of in_addr_t for Windows build 2017-05-14 00:00:10 +09:00
kinichiro
63042e98f8 Add HKDF functionality 2017-05-13 23:59:59 +09:00
Brent Cook
f494c6aaf7 Land #310, make it easier to build from cvs source 2017-05-08 08:32:38 -05:00
kinichiro
6cb87c121a Modify update.sh to change the path of openbsd source tree easily
With this modification, we can build portable with /usr/src easily.
2017-05-07 00:47:32 +09:00
Brent Cook
32ab245f05 remove OPENSSL_ia32cap_P from crypto.sym when generated 2017-05-01 00:20:49 -05:00
Brent Cook
6374bfa401 add 2.5.4 changelog 2017-05-01 00:20:40 -05:00
Brent Cook
7ba183503a include amd64 in the mix 2017-04-29 18:37:18 -05:00
Brent Cook
1f13e7956b only include ia32 syms on i?86/x86_64 targets 2017-04-29 18:36:14 -05:00
Brent Cook
993f5cf6f9 add back copyright notice from OpenBSD malloc.c from which this came. 2017-04-28 00:26:40 -05:00
Brent Cook
53fb56ea87 Land #306, add freezero 2017-04-28 00:22:43 -05:00
kinichiro
048625cf2b Add freezero support 2017-04-22 23:37:20 +09:00
Steven McDonald
7ec0510e33 Fix pkg-config metadata for libcrypto
It looks like this was copied and pasted from libssl.pc.in. This patch
identifies it as libcrypto rather than libssl.
2017-04-18 00:52:32 +10:00
Brent Cook
9d2418ae3a add nc(1) manpage to install if enabled 2017-04-12 08:18:20 -05:00
Brent Cook
922cd9c94e move crypto_portable.sym to builddir 2017-04-10 09:30:29 -05:00
Brent Cook
7ecfed7690 update changelog for stable release 2017-04-06 06:24:12 -05:00
Brent Cook
2c66480f5e tag OpenBSD 6.1 release 2017-04-03 22:55:17 -05:00
Brent Cook
22bda9840b condense and refine changelog a bit 2017-03-25 21:25:58 -05:00
Brent Cook
19cf5c9b01 update changelog for 2.5.2 2017-03-25 17:19:25 -05:00
Brent Cook
570717c488 rebase netcat patch 2017-03-25 12:03:37 -05:00
kinichiro
cb73e4bef6 Add regress tls_prf 2017-03-17 21:33:01 +09:00
kinichiro
350170b6ab Add regress servertest 2017-03-17 21:32:51 +09:00
Brent Cook
ff462f05a2 add getpagesize check for cmake 2017-03-16 20:54:16 -05:00
Brent Cook
764ab1e6a9 remove sysconf fallback for now 2017-03-16 19:25:42 -05:00
Brent Cook
d5b247cc4f Land #297, Add recallocarray 2017-03-16 19:23:36 -05:00
Brent Cook
8f69fe98db Land #287, document steps to enable 64-bit time_t on mingw-w64 toolchain 2017-03-16 18:56:06 -05:00
Brent Cook
8622dc7536 Land #288, update conditions under which getentropy, arc4random* are exported 2017-03-16 18:53:12 -05:00
kinichiro
c61c9821e8 Add support for getpagesize 2017-03-15 22:02:11 +09:00
kinichiro
8877e9bc55 Add recallocarray 2017-03-09 23:00:04 +09:00
kinichiro
27f0879030 Add ssl/t1_hash.c 2017-03-08 00:17:25 +09:00
kinichiro
f2c14deb58 Add crypto/evp/m_md5_sha1.c 2017-03-05 11:17:20 +09:00
kinichiro
5297e9d486 Fix condition of arc4random* and getentropy for Cygwin build
- Fix the condition of exporting getentropy
- Modify the CMake condition of including arc4random_uniform as same as autoconf
2017-02-20 11:50:47 +09:00
Paul Graham
3b4d3d7541 Remove "exit 1" (added by mistake) 2017-02-18 22:17:59 +01:00
Paul Graham
b2b47a7d11 Document 32-bit time_t problem on minw-w64 toolchain and how to avoid it 2017-02-15 23:04:04 +01:00
kinichiro
9d75e5ea97 Add definition of ssize_t to tls.h for Windows 2017-02-13 20:25:49 +09:00
Brent Cook
3ba2699dab ignore mandoc db, compat files 2017-02-07 07:53:52 -06:00
kinichiro
7383bf673b Fix patch for netcat.c 2017-02-07 18:38:03 +09:00
Brent Cook
b67d365454 update Changelog 2017-01-31 20:55:07 -06:00
kinichiro
c957ff63c0 Fix SYSerr and BIOerr in b_win.c 2017-02-01 01:13:09 +09:00
Brent Cook
97fecd593a Land #269, copy more files from libc rather than checking in 2017-01-28 09:31:56 -06:00
kinichiro
58eb645fdb Copy libc compat files rather than adding into the repository
- remove the CP_LIBC files from repo
- move tests/memmem.c to tests/compat/
2017-01-28 03:40:38 +09:00
kinichiro
fb936f89b8 Move S_IRGRP and S_IROTH from fcntl.h to sys/stat.h
- S_IRGRP and S_IROTH should be defined in sys/stat.h rather than fcntl.h
- Old MinGW64 on Ubuntu 14.04 appears not to have S_IRGRP and S_IROTH
- MinGW64 has __WIN32 defined but does not have _MSC_VER defined
2017-01-28 02:49:06 +09:00
Brent Cook
cb57534af8 skip building ocspcheck on MSCV 2017-01-27 07:14:43 -06:00
Brent Cook
b631cafca8 update manpage links 2017-01-27 05:49:17 -06:00
Brent Cook
beffe6b41d update for death of s23* 2017-01-27 05:42:33 -06:00
Brent Cook
63eaeafeec update for improved libtls manpage organization 2017-01-27 05:41:46 -06:00
kinichiro
05cf1ee697 Copy openbsd library file every time rather than statically checking in 2017-01-27 01:21:37 +09:00
kinichiro
f5026b1f3c Add S_IRGRP and S_IROTH to include/compat/fcntl.h for ocspcheck 2017-01-26 17:51:49 +09:00
kinichiro
e57ab149c2 Add STDOUT_FILENO to include/compat/unistd.h 2017-01-26 17:51:49 +09:00
kinichiro
7dd0650d33 Add inet_ntop and memmem for ocspcheck 2017-01-26 17:51:35 +09:00
kinichiro
adb94725ae Add regress rsa_test 2017-01-25 21:31:51 +09:00
kinichiro
91a8bd7914 Move strsep.c to crypto/compat/ and add ocspcheck build to CMake 2017-01-25 21:31:04 +09:00
Brent Cook
93754dc5cf initial ocspcheck integration 2017-01-24 06:06:07 -06:00
Brent Cook
fa149b8c8c updates for new tests and layout 2017-01-22 20:00:52 -06:00
Brent Cook
91f771f981 add missing ecp_nist*.c files 2017-01-18 22:59:09 -06:00
Brent Cook
301d50eaa3 check if EXTRA_EXPORT is set, fix cmake builds on OpenBSD 2017-01-18 22:59:09 -06:00
Brent Cook
e463ba3b22 Land #262, Fix fcntl.h shim for HP-UX 11.31 (ia64) 2017-01-18 21:18:51 -06:00
kinichiro
b249f68e6c Fix fcntl.h shim since HP-UX 11.31 (ia64) does not define O_CLOEXEC 2017-01-19 09:58:21 +09:00
kinichiro
484feaae91 Stop generating .def files by update.sh 2017-01-18 21:05:43 +09:00
kinichiro
3276be122f Add export symbol support to CMake for libcrypto 2017-01-18 21:05:28 +09:00
kinichiro
3b8cf47307 Add export symbol support to CMake 2017-01-18 00:34:20 +09:00
Brent Cook
3b2560feb3 MSVSC fixes 2017-01-16 10:59:24 -06:00
Brent Cook
4cb675e2d9 pass through errors for tlstest and ssltest 2017-01-16 10:59:15 -06:00
Brent Cook
f21bd20c7e add open(2) shim to handle O_BINARY and O_CLOEXEC 2017-01-16 10:59:15 -06:00
Brent Cook
51a53876b6 add fcntl shim 2017-01-16 10:59:15 -06:00
Brent Cook
c53c23c5d8 enable tlstest on win32 2017-01-15 16:00:17 -06:00
Brent Cook
057e7a85b9 add noreturn attribute to compat functions 2017-01-15 16:00:17 -06:00
Brent Cook
69e2a7fb75 handle EBADF, which is returned when a file is passed 2017-01-15 16:00:16 -06:00
Brent Cook
dbd5fb28ec add windows versions of socketpair / pipe 2017-01-15 16:00:16 -06:00
Brent Cook
dfb6b11e5a include pipe2/socketpair compat for macOS 2017-01-15 16:00:16 -06:00
Brent Cook
fa20dae329 start to enable tlstest for portable
Disabled on Windows for now due to pipe2/socketpair support.
2017-01-15 14:52:18 -06:00
kinichiro
1d934cd2d8 Fix to use -export-symbols for libcrypto
- generating platform specific crypto/crypto_portable.sym from crypto.sym
2017-01-15 22:12:39 +09:00
Brent Cook
6db4299941 Land #256, Define CMake library object lists globally 2017-01-13 08:15:26 -06:00
Matt Stancliff
63add73d0b Define CMake library object lists globally
OBJECT collections in CMake don't generate any artifacts so these
are safe to hoist out and define globally.

library OBJECT targets are just a list of filenames.  It can be useful for
other projects to include lists of sources directly regardless of build mode
(shared, static, or library).
2017-01-12 13:46:22 +08:00
Matt Stancliff
5e6c9983dd Use correct CMake base directory offset
CMAKE_SOURCE_DIR is the top-level directory of a project, but if you include
this as a dependency, the file check locations won't exist at the top level
of any parent project.

CMAKE_CURRENT_SOURCE_DIR is the actual directory of the current project()
regardless of compile mode (standalone or included in another project).
2017-01-12 13:46:03 +08:00
Brent Cook
9f9fdc0531 OSCP -> OCSP 2017-01-09 23:09:46 -06:00
Brent Cook
7acb28a3e7 update Changelog 2017-01-09 03:58:26 -06:00
Brent Cook
c691459502 fix static mingw builds, platform LDADD needs to come at the end 2017-01-09 02:22:26 -06:00
Brent Cook
45d35f0dfb update links 2017-01-07 08:36:03 -06:00
kinichiro
5a35108648 Add regression test ssl_versions 2017-01-06 09:05:59 +09:00
Brent Cook
cf056d7d43 update manpage links 2016-12-29 04:03:17 -06:00
Brent Cook
b48d11d8df Land #250, implement support for hiding symbols in libcrypto 2016-12-29 03:51:34 -06:00
kinichiro
7054105fde implement support for hiding symbols in libcrypto
- delete crypto.def and generate it from Symbols.list
- remove BIO_s_log since bss_log.c is not included on Windows
- add Windows specific symbols by crypto/crypto_win.list
2016-12-26 21:53:29 +09:00
Simone Basso
a206997ad9 Sync getentropy() checks with use-builtin-arc4random checks
Without this, we actually fail to build a library that includes the
bultin getentropy when compiling for 10.11 on 10.12.
2016-12-10 20:58:04 +01:00
Simone Basso
6fa2d21ba5 m4/check-libc.m4: improve getentropy check
- according to man.openbsd.org getentropy() is in unistd.h

- according to macOS sierra's man it's in sys/random.h

- since sys/random.h is does not exist for iOS and for linux, do
  not attempt to include it, rather redeclare the prototype

- make sure that `./configure`:

    - uses getentropy() on macOS sierra

    - does not use getentropy() if compiling for 10.11

    - does not use getentropy() if compiling for ios armv7
2016-12-09 14:17:06 +01:00
Simone Basso
f8a9c71e79 configure: fix getentropy() for sierra and ios
This diff changes the logic by which configure detects getentropy() to
ensure that we don't use the system wide getentropy

- with macOS sierra if the deployment target is lower than sierra as
  found by tor developers here

    https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d

- with iOS unconditionally because an app linking libressl compiled with
  system wide getentropy has been rejected by the App store as I have
  documented here

    https://github.com/measurement-kit/measurement-kit/pull/994

I think something similar could also affect clock_gettime judging from
tor's patch, but this diff for now doesn't address that.

I do not have macOS < sierra, so I could only verify that configure was
not picking up system wide getentropy by compiling libressl using

    export CFLAGS="-mmacosx-version-min=10.11"

As regards iOS, removing the check for getentropy and recompiling (thus
using libressl builtin getentropy()) was enough to have another iteration
of the app accepted. Otherwise testing should be possible with:

    export LDFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
    export CPPFLAGS=-arch armv7 -isysroot `xcrun --show-sdk-path --sdk iphoneos`
    export CFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos`

Related ticket: https://github.com/libressl-portable/portable/issues/230
2016-12-09 12:50:56 +01:00
Brent Cook
b5ebbf6b88 adjust mingw package name 2016-11-13 13:10:42 -06:00
Brent Cook
a638d7937d update to trusty distro, remove 3rd-party PPAs for testing 2016-11-13 13:06:28 -06:00
Brent Cook
c4165cc210 fix static test link failures on OS X 2016-11-13 12:57:34 -06:00
Brent Cook
3b0488e870 update manpage links 2016-11-13 12:56:45 -06:00
kinichiro
04150e635c fix cmake to link static crypto library for regression tests 2016-11-07 00:07:51 +09:00
Brent Cook
4e221632b1 link regression tests fully statically 2016-11-06 09:10:25 -06:00
kinichiro
f51c1b3886 Fix for tests on Visual Studio
- always link static ssl library for tests
- copy DLLs for openssl.exe after building tests
- add functions to crypto.def
2016-11-06 22:21:58 +09:00
Brent Cook
7e4ce26c27 use __MINGW_PRINTF_FORMAT for BIO_* print functions if available 2016-11-06 04:32:16 -06:00
Brent Cook
d2f5ab1ee8 prefer builtin arc4random on OS X 10.12+ (using getentropy as the signal) 2016-11-06 03:12:34 -06:00
Brent Cook
d38ab0a39e include vpm_int.h 2016-11-06 02:37:15 -06:00
Brent Cook
f99d89a0fc update patches 2016-11-06 02:27:21 -06:00
kinichiro
5f187770f3 Add curve25519 to portable 2016-11-06 04:57:23 +09:00
Brent Cook
e0a62cf201 remove bad link 2016-11-05 14:00:54 -05:00
Brent Cook
a99a3d7287 add quoting for man links 2016-11-05 12:45:47 -05:00
Brent Cook
42ee57590a update mlinks 2016-11-05 12:31:29 -05:00
Brent Cook
55419a0dde use the new mlinks tool to generate man links 2016-11-05 12:31:29 -05:00
Brent Cook
0241a8d4da update for new manpage layout, pod files are gone 2016-11-05 12:31:29 -05:00
Brent Cook
5842215600 remove duplicate libcrypto static link 2016-11-06 00:24:56 +09:00
Brent Cook
9d14220bdb export ASN1_time_parse 2016-11-06 00:24:47 +09:00
Brent Cook
70805a3e17 remove more KRB5 2016-11-06 00:24:39 +09:00
Brent Cook
c2ec622b89 remove defined symbols 2016-11-06 00:24:30 +09:00
Brent Cook
77a2a9f3ef remove check-in .def and ignore .sym files 2016-11-06 00:24:22 +09:00
Brent Cook
7770e4f2e4 implement support for hiding symbols in libtls / libssl 2016-11-06 00:24:12 +09:00
Brent Cook
348362416d remove krb5 from cmake 2016-11-05 06:24:55 -05:00
Brent Cook
19457d72b0 enable preprocessor on all ASM files with cmake 2016-11-05 06:16:19 -05:00
Brent Cook
03a321e558 disable symbol hiding for now 2016-11-05 06:16:07 -05:00
Brent Cook
659aff9fa7 updates for latest build changes 2016-11-05 19:11:19 +09:00
Brent Cook
a241b876e9 update windows header patches 2016-11-04 11:08:47 -05:00
kinichiro
d3abaf5fe7 Add tls_ocsp.c to Makefile.am and CMakeLists.txt 2016-11-04 22:43:34 +09:00
Brent Cook
cb63e63370 define PATH_MAX in more msvc versions 2016-10-30 23:14:03 -05:00
Brent Cook
2570ad9344 set correct DEFAULT_CA_FILE path 2016-10-30 21:43:28 -05:00
kinichiro
332c2eeaa3 remove unneeded slash after DESTDIR 2016-10-30 21:40:24 -05:00
kinichiro
14905877a0 Enable tests on Visual Studio
- add patch for aeadtest.c to undef IN
- add patch for ocsp_test.c to call BIO_sock_init() before getaddrinfo()
- define STDERR_FILENO in unistd.h to build pkcs7test.c
- add option ENABLE_VSTEST(default OFF) to enable test on Visual Studio
- modify to pass test data file as an argument (aeadtest, evptest)
- add Windows scripts (ocsptest, pq_test, ssltest, testdsa, testenc, testrsa)
- do not build pidwraptest on MSVC
- fix some indentations
2016-10-30 21:40:24 -05:00
kinichiro
b434123987 modify for Intel C++ Compiler
- define _CRT_SUPPRESS_RESTRICT to avoid compilation error
- suppress compilation warnings (suggested by @Johnex)
2016-10-30 21:40:21 -05:00
kinichiro
62f2a73061 export DLLs functions for MSVC with CMake
- Add 3 DEF files to export functions from Windows DLLs
  - Add gettimeofday to crypto/crypto.def (*1)
  - Remove gai_strerrorA from tls/tls.def (*1)
- Fix CMakeLists.txt to use DEF files as PRIVATE
- Change DLL import library file name since it duplicates with static library
- Ignore compiler warning C4267, and Edit CMAKE_C_FLAGS not to overwrite it (*1)
- Add USE_SHARED option to build openssl.exe with shared libraries (*1)

  (*1) recommended by @mcnameej
2016-10-30 21:39:36 -05:00
Brent Cook
e168f3b0bc More changelog updates 2016-09-23 06:21:43 -05:00
Brent Cook
9ba1224ed4 update changelog 2016-09-23 06:13:08 -05:00
Brent Cook
a896814187 Update changelog 2016-09-23 05:41:25 -05:00
Brent Cook
b7ba692f72 ensure that __STRING works 2016-09-14 23:40:31 -05:00
Brent Cook
df20769977 remove cms 2016-09-14 08:49:53 -05:00
Brent Cook
08837a82b6 more cdefs.h removal 2016-09-04 09:04:01 -05:00
Brent Cook
5532f007d3 Land #203, add libtls callback API 2016-09-04 08:58:30 -05:00
Brent Cook
6f24864a73 cdefs.h should not be required anywhere 2016-09-04 07:57:59 -05:00
Brent Cook
6040ff04b0 wire up sys/types.h to pull in sys/cdefs.h 2016-09-04 07:38:16 -05:00
Brent Cook
93be612b5c rebase nc(1) patch 2016-09-04 05:42:23 -05:00
Brent Cook
5bb829d86d Land #219, build Windows DLLs with CMake 2016-09-04 05:00:31 -05:00
Brent Cook
22dcefee4e update for new repository layout 2016-09-02 12:43:30 -05:00
kinichiro
5ea2a55cc7 enable tls_ext_alpn regression test
- add tls_ext_alpn entry for automake and cmake
- add tests/tls_ext_alpn* to .gitignore
2016-08-30 00:57:10 +09:00
Satoshi Yasushima
829b21581f build Windows DLL on CMake
like below.
* libcrypto-38.dll
* libssl-39.dll
* libtls-11.dll
2016-08-25 18:17:27 +09:00
Satoshi Yasushima
971892766d build MinGW on CMake 2016-08-25 18:17:12 +09:00
Brent Cook
8edd509e2c Land #217, Set _PATH_SSL_CA_FILE to the tarball internal path for regression tests 2016-08-13 11:52:06 -05:00
Brent Cook
439de92dc6 Land #216, check for telnet.h before building nc 2016-08-13 11:44:30 -05:00
Brent Cook
fab6e1f251 Land #215, update cmake builds for darwin 2016-08-13 11:43:38 -05:00
Brent Cook
9e25f75800 remove DEFAULT_CA_FILE patch, since libtls handles this by default 2016-08-13 11:42:21 -05:00
kinichiro
fef54aef36 Set _PATH_SSL_CA_FILE to the tarball internal path for regression tests
- let tests to use the cert.pem in the tarball, for both automake and cmake.
- put this definition out of "if(ENABLE_EXTRATESTS)" since this can be shared by all tests.
2016-08-12 16:27:18 +09:00
jacob berkman
83e9741dc6 Disable netcat if arpa/telnet.h is not available (iOS) 2016-08-09 15:04:45 -07:00
Tamer Saadeh
2d987d32e6 compat gentroy() for macs is called gentropy_osx.c 2016-08-07 11:56:14 +02:00
Geoff Beier
36aafbb241 Set _PATH_SSL_CA_FILE to either CMAKE_INSTALL_PREFIX or OPENSSLDIR for the OCSP tests so that OCSP tests can be executed on a system without /etc/ssl/cert.pem 2016-08-01 21:28:53 -04:00
Brent Cook
7a46efa40d update changelog for 2.4.2 2016-07-31 17:56:21 -05:00
Brent Cook
a7f754a663 set link library dependencies with MSVC, fixes #221 2016-07-31 17:11:19 -05:00
Brent Cook
1fde1eaa44 properly enable strnlen checks for MSVC 2016-07-31 17:10:39 -05:00
celan69
1b10e48a1f Fix typo in USE_BUILTIN_ARC4RANDOM check
Solaris 11 recently introduced a builtin arc4random in libc which fails the tests in "make check". Found USE_BUILTIN_ARC4RANDOM, but could not get it to work. Apparently, there is a typo in the configure logic rendering USE_BUILTIN_ARC4RANDOM ineffective.
2016-07-19 12:11:28 +02:00
Brent Cook
a9332ccecf avoid BSWAP assembly for ARM <= v6 2016-07-17 18:12:23 -05:00
Brent Cook
fa435db8df format 64-bit int portably (windows wants %l64d) 2016-07-17 17:37:16 -05:00
Brent Cook
618c32e4a1 don't build nc with MSVC 2016-07-11 03:14:23 -05:00
Brent Cook
b13529f791 Revert "remove DEFAULT_CA_FILE patch, since libtls handles this by default"
This reverts commit 30adf9c06e.
2016-07-09 12:40:22 -05:00
Brent Cook
30adf9c06e remove DEFAULT_CA_FILE patch, since libtls handles this by default 2016-07-07 07:27:39 -05:00
kinichiro
23083e7724 include OCSP test script 2016-07-05 20:33:16 +09:00
Brent Cook
aab671088d add OCSP test 2016-07-04 23:29:39 -05:00
Brent Cook
ccf66c469f update for netcat changes 2016-06-30 20:00:29 -05:00
Brent Cook
ec4c98718d refine netcat patch 2016-06-30 08:18:03 -05:00
Brent Cook
13b7ac8ada update netcat patch 2016-06-30 05:49:38 -05:00
Tobias Pape
a69063be10 Portable code part for callbacks in accept/connect
see https://github.com/libressl-portable/openbsd/pull/64
2016-06-28 03:29:54 +02:00
Brent Cook
ddb22413ed update NetBSD recommendation 2016-06-07 07:10:21 -05:00
Brent Cook
2cbdc049bb Changelog for 2.4.1 2016-06-06 04:57:01 -05:00
Brent Cook
4a9e42808c Land #197, include platform linker flags in the .pc files 2016-06-03 05:14:04 -05:00
Martin Herkt
de4a123930 pc: add platform-specific libs to Libs.private
Fixes compilations including libressl static libraries in MinGW.

Signed-off-by: Ricardo Constantino (:RiCON) <wiiaboo@gmail.com>
2016-05-31 15:24:22 +01:00
Brent Cook
72ce1e1c9f Update changelog 2016-05-30 17:19:22 -05:00
Brent Cook
0c4d1b9cef update changelog 2016-05-30 11:24:10 -05:00
Brent Cook
1f6f1a3527 Update changelog 2016-05-30 11:11:37 -05:00
Brent Cook
7b420734d4 update changelog 2016-05-30 11:11:37 -05:00
Brent Cook
ff021e8abd rebase netcat patch 2016-05-30 11:08:43 -05:00
Brent Cook
40974784c0 add constant_time_locl.h 2016-05-04 08:47:55 -05:00
Brent Cook
552817b77f Land #192, fix fix ld warning "attempted multiple inclusion of file" on Solaris 2016-05-02 02:03:03 -05:00
Brent Cook
5582be55b4 Land #190, Enable cmake on Solaris 2016-05-02 02:00:55 -05:00
Brent Cook
a653a67a1e Land #189, Added extra cmake build options like autotools builds 2016-05-02 01:58:18 -05:00
Brent Cook
466e389d3f check linker flags before checking for functions 2016-04-24 03:29:14 -05:00
kinichiro
02e1cc4df1 fix ld warning "attempted multiple inclusion of file" on Solaris
- To avoid ld warning on Solaris, use abs_top_builddir in Makefile.am
2016-04-21 16:12:47 +09:00
kinichiro
49eabdcb16 organize enabling asm condition in cmake
- add amd64 as same as x86_64
- add solaris(i386)
2016-04-15 14:24:00 +09:00
kinichiro
08089a1b20 fix cmake on Solaris
- add Solaris specific compiler flags and library
- merge message when SMALL_TIME_T is true
- confirmed on SunOS Release 5.11 Version 11.3 64-bit Solaris i386
2016-04-15 01:47:20 +09:00
kinichiro
bda62f7fe4 add cmake build options
- add cmake build options as configure provides
  * -DENABLE_ASM (default ON)
  * -DENABLE_EXTRATESTS (default OFF)
  * -DENABLE_NC (default OFF)
  * -DOPENSSLDIR (default ${CMAKE_INSTALL_PREFIX}/etc/ssl)

- add biotest and pidwraptest if ENABLE_EXTRATESTS is ON

- add compiler flag `-fno-common` if CMAKE_SYSTEM_NAME is Darwin
  to prevent link error Undefined symbols "_OPENSSL_ia32cap_P"
2016-04-14 15:16:52 +09:00
kinichiro
c94670a8cd add cmake uninstall functionality
- add uninstall functionality
  * see https://cmake.org/Wiki/CMake_FAQ#Can_I_do_.22make_uninstall.22_with_CMake.3F
2016-04-09 13:37:09 -05:00
Brent Cook
752ad82d33 Land #188, add ASM support for cmake builds 2016-04-09 12:08:26 -05:00
kinichiro
2510a5e6f9 modify cmake to build nc
- modify structure of CMakeLists.txt under apps/
  * move apps/CMakeLists.txt to apps/openssl/ since this is for openssl build
  * create new apps/nc/CMakeLists.txt for nc build
  * modify apps/CMakeLists.txt just add_subdirectory()

- add checking and compile of arc4random_uniform()

- add installing man files, openssl.1 and nc.1
2016-04-09 12:06:40 -05:00
Brent Cook
9a98de6c34 Land #185, fix MINGW and CYGWIN builds with cmake 2016-04-09 11:50:37 -05:00
Brent Cook
34bf322e6e Land #184, execute tests that require srcdir environment variable with cmake 2016-04-09 11:49:53 -05:00
Brent Cook
d9b0838432 Land #183, fix cmake on HP-UX 2016-04-09 11:49:29 -05:00
kinichiro
e1f8a1e160 modify cmake to build ASM
- add functionality compiling ASM with cmake
- to enable ASM, `cmake -DENABLE_ASM=on ..`
2016-04-08 15:09:07 +09:00
kinichiro
177e13159b add condition for setting BUILD_SHARED (cmake)
- add MINGW and CYGWIN for win build
2016-04-05 15:35:21 +09:00
kinichiro
cf45f2bdfd execute tests that require srcdir environment variable with cmake
- uncomment procedures for aeadtest, evptest, pq_test, ssltest, testdsa and testrsa
- add set_tests_properties() for setting environment variable srcdir
- tweak openssl path in ssltest.sh, testdsa.sh, testenc.sh and testrsa.sh
2016-04-05 10:02:35 +09:00
kinichiro
3207606f11 fix cmake on HP-UX
- CMakeLists.txt
  * add OS specific compiler flags and library
  * add checking size of time_t
  * add checking memmem()

- tests/CMakeLists.txt
  * add if(HAVE_MEMMEM) for explicit_bzero
  * add checking SMALL_TIME_T for rfc5280time

- crypto/CMakeLists.txt
  * add getentropy_hpux.c

- tls/CMakeLists.txt
  * fix checking strsep
2016-04-04 14:27:43 +09:00
kinichiro
2997b8577c set project LANGUAGES to C 2016-03-30 16:10:19 +09:00
kinichiro
02b00b5c07 set cmake_minimum_required to 2.8.8
`OBJECT` library type of add_library was introduced by CMake 2.8.8.
2016-03-30 12:52:16 +09:00
Brent Cook
8131b377bf update changelog 2016-03-21 05:01:12 -05:00
Brent Cook
04ceeb2c75 updated changelog 2016-03-21 04:47:24 -05:00
Brent Cook
9a0f8a424b set windows binary OPENSSLDIR to something plausible 2016-03-21 04:37:01 -05:00
kinichiro
14aa5f73ab modify include/compat/netinet/ip.h
- add including <netinet/in_systm.h> for n_long on HP-UX
2016-03-13 19:17:24 +09:00
96 changed files with 4109 additions and 1293 deletions

19
.gitignore vendored
View File

@@ -39,11 +39,13 @@ Makefile.in
*.la *.la
*.def *.def
*.sym
*.pc *.pc
# man pages # man pages
*.1 *.1
*.3 *.3
*.5
# tests # tests
test-driver test-driver
@@ -54,18 +56,22 @@ tests/arc4random_fork*
tests/asn1time* tests/asn1time*
tests/cipher* tests/cipher*
tests/explicit_bzero* tests/explicit_bzero*
tests/freenull*
tests/gost2814789t* tests/gost2814789t*
tests/mont* tests/mont*
tests/rfc5280time* tests/rfc5280time*
tests/ssl_versions*
tests/timingsafe* tests/timingsafe*
tests/tls_ext_alpn*
tests/tls_prf*
tests/*test tests/*test
tests/tests.h tests/tests.h
tests/*test.c tests/*test.c
tests/memmem.c
tests/pbkdf2* tests/pbkdf2*
tests/*.pem tests/*.pem
tests/testssl tests/testssl
tests/*.txt tests/*.txt
tests/compat/*.c
!tests/optionstest.c !tests/optionstest.c
!tests/*.test !tests/*.test
@@ -114,10 +120,18 @@ include/pqueue.h
include/tls.h include/tls.h
include/openssl/*.h include/openssl/*.h
/apps/ocspcheck/*.h
/apps/ocspcheck/*.c
/apps/ocspcheck/ocspcheck*
/apps/ocspcheck/compat/inet_ntop.c
/apps/ocspcheck/compat/memmem.c
/apps/nc/*.h /apps/nc/*.h
/apps/nc/*.c /apps/nc/*.c
/apps/nc/nc* /apps/nc/nc*
!/apps/nc/readpassphrase.c !/apps/nc/readpassphrase.c
/apps/nc/compat/*.c
/apps/openssl/*.h /apps/openssl/*.h
/apps/openssl/*.c /apps/openssl/*.c
/apps/openssl/*.cnf /apps/openssl/*.cnf
@@ -131,6 +145,8 @@ include/openssl/*.h
!/crypto/compat/arc4random.h !/crypto/compat/arc4random.h
!/crypto/compat/b_win.c !/crypto/compat/b_win.c
!/crypto/compat/explicit_bzero_win.c !/crypto/compat/explicit_bzero_win.c
!/crypto/compat/freezero.c
!/crypto/compat/getpagesize.c
!/crypto/compat/posix_win.c !/crypto/compat/posix_win.c
!/crypto/compat/bsd_asprintf.c !/crypto/compat/bsd_asprintf.c
!/crypto/compat/inet_pton.c !/crypto/compat/inet_pton.c
@@ -154,3 +170,4 @@ openbsd/
*.tar.gz *.tar.gz
man/Makefile.am man/Makefile.am
man/mandoc.db

View File

@@ -10,15 +10,23 @@ matrix:
- compiler: clang - compiler: clang
os: linux os: linux
env: ARCH=native env: ARCH=native
dist: trusty
sudo: required
- compiler: gcc - compiler: gcc
os: linux os: linux
env: ARCH=native env: ARCH=native
dist: trusty
sudo: required
- compiler: gcc - compiler: gcc
os: linux os: linux
env: ARCH=mingw32 env: ARCH=mingw32
dist: trusty
sudo: required
- compiler: gcc - compiler: gcc
os: linux os: linux
env: ARCH=mingw64 env: ARCH=mingw64
dist: trusty
sudo: required
script: script:
"./scripts/travis" "./scripts/travis"

View File

@@ -1,27 +1,50 @@
cmake_minimum_required (VERSION 2.8) cmake_minimum_required (VERSION 2.8.8)
include(CheckFunctionExists) include(CheckFunctionExists)
include(CheckLibraryExists) include(CheckLibraryExists)
include(CheckIncludeFiles) include(CheckIncludeFiles)
include(CheckTypeSize)
project (LibreSSL) set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}" ${CMAKE_MODULE_PATH})
include(cmake_export_symbol)
include(GNUInstallDirs)
project (LibreSSL C)
enable_testing() enable_testing()
file(READ ${CMAKE_SOURCE_DIR}/ssl/VERSION SSL_VERSION) file(READ ${CMAKE_CURRENT_SOURCE_DIR}/ssl/VERSION SSL_VERSION)
string(STRIP ${SSL_VERSION} SSL_VERSION) string(STRIP ${SSL_VERSION} SSL_VERSION)
string(REPLACE ":" "." SSL_VERSION ${SSL_VERSION}) string(REPLACE ":" "." SSL_VERSION ${SSL_VERSION})
string(REGEX REPLACE "\\..*" "" SSL_MAJOR_VERSION ${SSL_VERSION}) string(REGEX REPLACE "\\..*" "" SSL_MAJOR_VERSION ${SSL_VERSION})
file(READ ${CMAKE_SOURCE_DIR}/crypto/VERSION CRYPTO_VERSION) file(READ ${CMAKE_CURRENT_SOURCE_DIR}/crypto/VERSION CRYPTO_VERSION)
string(STRIP ${CRYPTO_VERSION} CRYPTO_VERSION) string(STRIP ${CRYPTO_VERSION} CRYPTO_VERSION)
string(REPLACE ":" "." CRYPTO_VERSION ${CRYPTO_VERSION}) string(REPLACE ":" "." CRYPTO_VERSION ${CRYPTO_VERSION})
string(REGEX REPLACE "\\..*" "" CRYPTO_MAJOR_VERSION ${CRYPTO_VERSION}) string(REGEX REPLACE "\\..*" "" CRYPTO_MAJOR_VERSION ${CRYPTO_VERSION})
file(READ ${CMAKE_SOURCE_DIR}/tls/VERSION TLS_VERSION) file(READ ${CMAKE_CURRENT_SOURCE_DIR}/tls/VERSION TLS_VERSION)
string(STRIP ${TLS_VERSION} TLS_VERSION) string(STRIP ${TLS_VERSION} TLS_VERSION)
string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION}) string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION})
string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION}) string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})
option(LIBRESSL_SKIP_INSTALL "Skip installation" ${LIBRESSL_SKIP_INSTALL})
option(ENABLE_ASM "Enable assembly" ON)
option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
option(ENABLE_VSTEST "Enable test on Visual Studio" OFF)
set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)
if(NOT LIBRESSL_SKIP_INSTALL)
set( ENABLE_LIBRESSL_INSTALL ON )
endif(NOT LIBRESSL_SKIP_INSTALL)
set(BUILD_NC true)
if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
add_definitions(-fno-common)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "OpenBSD") if(CMAKE_SYSTEM_NAME MATCHES "OpenBSD")
add_definitions(-DHAVE_ATTRIBUTE__BOUNDED__) add_definitions(-DHAVE_ATTRIBUTE__BOUNDED__)
endif() endif()
@@ -33,9 +56,36 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
add_definitions(-D_GNU_SOURCE) add_definitions(-D_GNU_SOURCE)
endif() endif()
if(CMAKE_SYSTEM_NAME MATCHES "MINGW")
set(BUILD_NC false)
endif()
if(WIN32)
set(BUILD_NC false)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
if(CMAKE_C_COMPILER MATCHES "gcc")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlp64")
else()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 +DD64 +Otype_safety=off")
endif()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT")
endif()
if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__EXTENSIONS__")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBSD_COMP")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic -m64")
endif()
add_definitions(-DLIBRESSL_INTERNAL) add_definitions(-DLIBRESSL_INTERNAL)
add_definitions(-DOPENSSL_NO_HW_PADLOCK) add_definitions(-DOPENSSL_NO_HW_PADLOCK)
add_definitions(-DOPENSSL_NO_ASM) add_definitions(-D__BEGIN_HIDDEN_DECLS=)
add_definitions(-D__END_HIDDEN_DECLS=)
set(CMAKE_POSITION_INDEPENDENT_CODE true) set(CMAKE_POSITION_INDEPENDENT_CODE true)
@@ -43,32 +93,60 @@ if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
add_definitions(-Wno-pointer-sign) add_definitions(-Wno-pointer-sign)
endif() endif()
if(MSVC) if(WIN32)
add_definitions(-Dinline=__inline)
add_definitions(-Drestrict) add_definitions(-Drestrict)
add_definitions(-D_CRT_SECURE_NO_WARNINGS) add_definitions(-D_CRT_SECURE_NO_WARNINGS)
add_definitions(-D_CRT_DEPRECATED_NO_WARNINGS) add_definitions(-D_CRT_DEPRECATED_NO_WARNINGS)
add_definitions(-D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS) add_definitions(-D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS)
add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501) add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501)
add_definitions(-DCPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG -DNO_CRYPT) add_definitions(-DCPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG -DNO_CRYPT)
endif()
set(MSVC_DISABLED_WARNINGS_LIST if(MSVC)
"C4057" # C4057: 'initializing' : 'unsigned char *' differs in add_definitions(-Dinline=__inline)
# indirection to slightly different base types from 'char [2]' message(STATUS "Using [${CMAKE_C_COMPILER_ID}] compiler")
"C4100" # 'exarg' : unreferenced formal parameter if(CMAKE_C_COMPILER_ID MATCHES "MSVC")
"C4127" # conditional expression is constant set(MSVC_DISABLED_WARNINGS_LIST
"C4242" # 'function' : conversion from 'int' to 'uint8_t', "C4018" # 'expression' : signed/unsigned mismatch
# possible loss of data "C4057" # 'operator' : 'identifier1' indirection to
"C4244" # 'function' : conversion from 'int' to 'uint8_t', # slightly different base types from 'identifier2'
# possible loss of data "C4100" # 'identifier' : unreferenced formal parameter
"C4706" # assignment within conditional expression "C4127" # conditional expression is constant
"C4820" # 'bytes' bytes padding added after construct 'member_name' "C4146" # unary minus operator applied to unsigned type,
"C4996" # 'read': The POSIX name for this item is deprecated. Instead, # result still unsigned
# use the ISO C++ conformant name: _read. "C4244" # 'argument' : conversion from 'type1' to 'type2',
) # possible loss of data
"C4245" # 'conversion' : conversion from 'type1' to 'type2',
# signed/unsigned mismatch
"C4267" # 'var' : conversion from 'size_t' to 'type',
# possible loss of data
"C4389" # 'operator' : signed/unsigned mismatch
"C4706" # assignment within conditional expression
"C4996" # The POSIX name for this item is deprecated.
# Instead, use the ISO C and C++ conformant name
)
elseif(CMAKE_C_COMPILER_ID MATCHES "Intel")
add_definitions(-D_CRT_SUPPRESS_RESTRICT)
set(MSVC_DISABLED_WARNINGS_LIST
"C111" # Unreachable statement
"C128" # Unreachable loop
"C167" # Unexplict casting unsigned to signed
"C186" # Pointless comparison of unsigned int with zero
"C188" # Enumerated type mixed with another type
"C344" # Redeclared type
"C556" # Unexplict casting signed to unsigned
"C869" # Unreferenced parameters
"C1786" # Deprecated functions
"C2545" # Empty else statement
"C2557" # Comparing signed to unsigned
"C2722" # List init syntax is c++11 feature
"C3280" # Declaration hides variable
)
endif()
string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
${MSVC_DISABLED_WARNINGS_LIST}) ${MSVC_DISABLED_WARNINGS_LIST})
set(CMAKE_C_FLAGS "-MP -W4 ${MSVC_DISABLED_WARNINGS_STR}") string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS})
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 ${MSVC_DISABLED_WARNINGS_STR}")
endif() endif()
check_function_exists(asprintf HAVE_ASPRINTF) check_function_exists(asprintf HAVE_ASPRINTF)
@@ -106,8 +184,8 @@ if(HAVE_STRNDUP)
add_definitions(-DHAVE_STRNDUP) add_definitions(-DHAVE_STRNDUP)
endif() endif()
if(MSVC) if(WIN32)
set(HAVE_STRNLEN) set(HAVE_STRNLEN true)
add_definitions(-DHAVE_STRNLEN) add_definitions(-DHAVE_STRNLEN)
else() else()
check_function_exists(strnlen HAVE_STRNLEN) check_function_exists(strnlen HAVE_STRNLEN)
@@ -131,6 +209,11 @@ if(HAVE_ARC4RANDOM_BUF)
add_definitions(-DHAVE_ARC4RANDOM_BUF) add_definitions(-DHAVE_ARC4RANDOM_BUF)
endif() endif()
check_function_exists(arc4random_uniform HAVE_ARC4RANDOM_UNIFORM)
if(HAVE_ARC4RANDOM_UNIFORM)
add_definitions(-DHAVE_ARC4RANDOM_UNIFORM)
endif()
check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO) check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
if(HAVE_EXPLICIT_BZERO) if(HAVE_EXPLICIT_BZERO)
add_definitions(-DHAVE_EXPLICIT_BZERO) add_definitions(-DHAVE_EXPLICIT_BZERO)
@@ -146,6 +229,11 @@ if(HAVE_GETENTROPY)
add_definitions(-DHAVE_GETENTROPY) add_definitions(-DHAVE_GETENTROPY)
endif() endif()
check_function_exists(getpagesize HAVE_GETPAGESIZE)
if(HAVE_GETPAGESIZE)
add_definitions(-DHAVE_GETPAGESIZE)
endif()
check_function_exists(timingsafe_bcmp HAVE_TIMINGSAFE_BCMP) check_function_exists(timingsafe_bcmp HAVE_TIMINGSAFE_BCMP)
if(HAVE_TIMINGSAFE_BCMP) if(HAVE_TIMINGSAFE_BCMP)
add_definitions(-DHAVE_TIMINGSAFE_BCMP) add_definitions(-DHAVE_TIMINGSAFE_BCMP)
@@ -156,12 +244,46 @@ if(HAVE_MEMCMP)
add_definitions(-DHAVE_MEMCMP) add_definitions(-DHAVE_MEMCMP)
endif() endif()
check_function_exists(memmem HAVE_MEMMEM)
if(HAVE_MEMMEM)
add_definitions(-DHAVE_MEMMEM)
endif()
check_include_files(err.h HAVE_ERR_H) check_include_files(err.h HAVE_ERR_H)
if(HAVE_ERR_H) if(HAVE_ERR_H)
add_definitions(-DHAVE_ERR_H) add_definitions(-DHAVE_ERR_H)
endif() endif()
set(OPENSSL_LIBS ssl crypto) if(ENABLE_ASM)
if("${CMAKE_C_COMPILER_ABI}" STREQUAL "ELF")
if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)")
set(HOST_ASM_ELF_X86_64 true)
elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386")
set(HOST_ASM_ELF_X86_64 true)
endif()
elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
set(HOST_ASM_MACOSX_X86_64 true)
endif()
endif()
if(NOT (CMAKE_SYSTEM_NAME MATCHES "(Darwin|CYGWIN)"))
set(BUILD_SHARED true)
endif()
# USE_SHARED builds applications (e.g. openssl) using shared LibreSSL.
# By default, applications use LibreSSL static library to avoid dependencies.
# USE_SHARED isn't set by default; use -DUSE_SHARED=ON with CMake to enable.
# Can be helpful for debugging; don't use for public releases.
if(NOT BUILD_SHARED)
set(USE_SHARED off)
endif()
if(USE_SHARED)
set(OPENSSL_LIBS tls-shared ssl-shared crypto-shared)
else()
set(OPENSSL_LIBS tls ssl crypto)
endif()
if(CMAKE_HOST_WIN32) if(CMAKE_HOST_WIN32)
set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32) set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
endif() endif()
@@ -171,10 +293,21 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
set(OPENSSL_LIBS ${OPENSSL_LIBS} rt) set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
endif() endif()
endif() endif()
if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
if(NOT (CMAKE_SYSTEM_NAME MATCHES "Darwin" OR MSVC)) set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
set(BUILD_SHARED true)
endif() endif()
if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
set(OPENSSL_LIBS ${OPENSSL_LIBS} nsl socket)
endif()
check_type_size(time_t SIZEOF_TIME_T)
if(SIZEOF_TIME_T STREQUAL "4")
set(SMALL_TIME_T true)
add_definitions(-DSMALL_TIME_T)
message(WARNING " ** Warning, this system is unable to represent times past 2038\n"
" ** It will behave incorrectly when handling valid RFC5280 dates")
endif()
add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T})
add_subdirectory(crypto) add_subdirectory(crypto)
add_subdirectory(ssl) add_subdirectory(ssl)
@@ -183,5 +316,32 @@ add_subdirectory(tls)
add_subdirectory(include) add_subdirectory(include)
if(NOT MSVC) if(NOT MSVC)
add_subdirectory(man) add_subdirectory(man)
endif()
if(NOT MSVC OR ENABLE_VSTEST)
add_subdirectory(tests) add_subdirectory(tests)
endif() endif()
if(NOT MSVC)
# Create pkgconfig files.
set(prefix ${CMAKE_INSTALL_PREFIX})
set(exec_prefix \${prefix})
set(libdir \${exec_prefix}/${CMAKE_INSTALL_LIBDIR})
set(includedir \${prefix}/include)
file(STRINGS "VERSION" VERSION LIMIT_COUNT 1)
file(GLOB OPENSSL_PKGCONFIGS "*.pc.in")
foreach(file ${OPENSSL_PKGCONFIGS})
get_filename_component(filename ${file} NAME)
string(REPLACE ".in" "" new_file "${filename}")
configure_file(${filename} pkgconfig/${new_file} @ONLY)
endforeach()
install(DIRECTORY ${CMAKE_CURRENT_BINARY_DIR}/pkgconfig
DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif()
configure_file(
"${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
IMMEDIATE @ONLY)
add_custom_target(uninstall
COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)

434
ChangeLog
View File

@@ -28,6 +28,440 @@ history is also available from Git.
LibreSSL Portable Release Notes: LibreSSL Portable Release Notes:
2.6.4 - Bug fixes
* Make tls_config_parse_protocols() work correctly when passed a NULL
pointer for a protocol string. Issue found by semarie@, who also
provided the diff.
* Correct TLS extensions handling when no extensions are present.
If no TLS extensions are present in a client hello or server hello,
omit the entire extensions block, rather than including it with a
length of zero. Thanks to Eric Elena <eric at voguemerry dot com> for
providing packet captures and testing the fix.
* Fixed portable builds on older Android systems, and systems with out
IPV6_TCLASS support.
2.6.3 - OpenBSD 6.2 Release
* No core changes from LibreSSL 2.6.2
* Minor compatibility fixes in portable version.
2.6.2 - Bug fixes
* Provide a useful error with libtls if there are no OCSP URLs in a
peer certificate.
* Keep track of which keypair is in use by a TLS context, fixing a bug
where a TLS server with SNI would only return the OCSP staple for the
default keypair. Issue reported by William Graeber and confirmed by
Andreas Bartelt.
* Fixed various issues in the OCSP extension parsing code.
The original code incorrectly passes the pointer allocated via
CBS_stow() (using malloc()) to a d2i_*() function and then calls
free() on the now incremented pointer, most likely resulting in a
crash. This issue was reported by Robert Swiecki who found the issue
using honggfuzz.
* If tls_config_parse_protocols() is called with a NULL pointer,
return the default protocols instead of crashing - this makes the
behaviour more useful and mirrors what we already do in
tls_config_set_ciphers() et al.
2.6.1 - Code removal, rewrites
* Added a "-T tlscompat" option to nc(1), which enables the use of all
TLS protocols and "compat" ciphers. This allows for TLS connections
to TLS servers that are using less than ideal cipher suites, without
having to resort to "-T tlsall" which enables all known cipher
suites. Diff from Kyle J. McKay.
* Added a new TLS extension handling framework, somewhat analogous to
BoringSSL, and converted all TLS extensions to use it. Added new TLS
extension regression tests.
* Improved and added many new manpages. Updated *check_private_key
manpages with additional cautions regarding their use.
* Cleaned up the EC key/curve configuration handling.
* Added tls_config_set_ecdhecurves() to libtls, which allows the names
of the eliptical curves that may be used during client and server
key exchange to be specified.
* Converted more code paths to use CBB/CBS.
* Removed support for DSS/DSA, since we removed the cipher suites a
while back.
* Removed NPN support. NPN was never standardised and the last draft
expired in October 2012. ALPN was standardised in July 2014 and has
been supported in LibreSSL since December 2014. NPN has also been
removed from Chromium in May 2016.
* Removed SSL_OP_CRYPTOPRO_TLSEXT_BUG workaround for old/broken
CryptoPro clients.
* Removed support for the TLS padding extension, which was added as a
workaround for an old bug in F5's TLS termination.
* Worked around another bug in F5's TLS termination handling of the
elliptical curves extension. RFC 4492 only defines elliptic_curves
for ClientHello. However, F5 is sending it in ServerHello. We need
to skip over it since our TLS extension parsing code is now more
strict. Thanks to Armin Wolfermann and WJ Liu for reporting.
* Added ability to clamp notafter valies in certificates for systems
with 32-bit time_t. This is necessary to conform to RFC 5280
4.1.2.5.
* Implemented the SSL_CTX_set_min_proto_version(3) API.
* Removed the original (pre-IETF) chacha20-poly1305 cipher suites.
* Reclassified ECDHE-RSA-DES-CBC3-SHA from HIGH to MEDIUM.
2.6.0 - New APIs, bug fixes and improvements
* Added support for providing CRLs to libtls. Once a CRL is provided we
enable CRL checking for the full certificate chain. Based on a diff
from Jack Burton
* Allow non-compliant clients using IP literal addresses with SNI
to connect to a server using libtls.
* Avoid a potential NULL pointer dereference in d2i_ECPrivateKey().
Reported by Robert Swiecki, who found the issue using honggfuzz.
* Added definitions for three OIDs used in EV certificates.
From Kyle J. McKay
* Added tls_peer_cert_chain_pem to libtls, useful in private
certificate validation callbacks such as those in relayd.
* Converted explicit clear/free sequences to use freezero(3).
* Reworked TLS certificate name verification code to more strictly
follow RFC 6125.
* Cleaned up and simplified server key exchange EC point handling.
* Added tls_keypair_clear_key for clearing key material.
* Removed inconsistent IPv6 handling from BIO_get_accept_socket,
simplified BIO_get_host_ip and BIO_accept.
* Fixed the openssl(1) ca command so that is generates certificates
with RFC 5280-conformant time. Problem noticed by Harald Dunkel.
* Added ASN1_TIME_set_tm to set an asn1 from a struct tm *
* Added SSL{,_CTX}_set_{min,max}_proto_version() functions.
* Added HKDF (HMAC Key Derivation Function) from BoringSSL
* Provided a tls_unload_file() function that frees the memory returned
from a tls_load_file() call, ensuring that it the contents become
inaccessible. This is specifically needed on platforms where the
library allocators may be different from the application allocator.
* Perform reference counting for tls_config. This allows
tls_config_free() to be called as soon as it has been passed to the
final tls_configure() call, simplifying lifetime tracking for the
application.
* Moved internal state of SSL and other structures to be opaque.
* Dropped cipher suites with DSS authentication.
* nc(1) improvements, including:
nc -W to terminate nc after receiving a number of packets
nc -Z for saving the peer certificate and chain in a pem file
2.5.5 - Bug fixes
* Distinguish between self-issued certificates and self-signed
certificates. The certificate verification code has special cases
for self-signed certificates and without this change, self-issued
certificates (which it seems are common place with
openvpn/easyrsa) were also being included in this category.
* Added getpagesize fallback, needed for Android bionic libc.
2.5.4 - Security Updates
* Revert a previous change that forced consistency between return
value and error code when specifing a certificate verification
callback, since this breaks the documented API. When a user supplied
callback always returns 1, and later code checks the error code to
potentially abort post verification, this will result in incorrect
successul certificate verification.
* Switched Linux getrandom() usage to non-blocking mode, continuing to
use fallback mechanims if unsuccessful. This works around a design
flaw in Linux getrandom(2) where early boot usage in a library makes
it impossible to recover if getrandom(2) is not yet initialized.
* Fixed a bug caused by the return value being set early to signal
successful DTLS cookie validation. This can mask a later failure and
result in a positive return value being returned from
ssl3_get_client_hello(), when it should return a negative value to
propagate the error.
* Fixed a build error on non-x86/x86_64 systems running Solaris.
2.5.3 - OpenBSD 6.1 Release
* Documentation updates
* Improved ocspcheck(1) error handling
2.5.2 - Security features and bugfixes
* Added the recallocarray(3) memory allocation function, and converted
various places in the library to use it, such as CBB and BUF_MEM_grow.
recallocarray(3) is similar to reallocarray. Newly allocated memory
is cleared similar to calloc(3). Memory that becomes unallocated
while shrinking or moving existing allocations is explicitly
discarded by unmapping or clearing to 0
* Added new root CAs from SECOM Trust Systems / Security Communication
of Japan.
* Added EVP interface for MD5+SHA1 hashes.
* Fixed DTLS client failures when the server sends a certificate
request.
* Correct handling of padding when upgrading an SSLv2 challenge into
an SSLv3/TLS connection.
* Allow protocols and ciphers to be set on a TLS config object in
libtls.
* Improved nc(1) TLS handshake CPU usage and server-side error
reporting.
2.5.1 - Bug and security fixes, new features, documentation updates
* X509_cmp_time() now passes a malformed GeneralizedTime field as an
error. Reported by Theofilos Petsios.
* Detect zero-length encrypted session data early, instead of when
malloc(0) fails or the HMAC check fails. Noted independently by
jsing@ and Kurt Cancemi.
* Check for and handle failure of HMAC_{Update,Final} or
EVP_DecryptUpdate().
* Massive update and normalization of manpages, conversion to
mandoc format. Many pages were rewritten for clarity and accuracy.
Portable doc links are up-to-date with a new conversion tool.
* Curve25519 Key Exchange support.
* Support for alternate chains for certificate verification.
* Code cleanups, CBS conversions, further unification of DTLS/SSL
handshake code, further ASN1 macro expansion and removal.
* Private symbol are now hidden in libssl and libcryto.
* Friendly certificate verification error messages in libtls, peer
verification is now always enabled.
* Added OCSP stapling support to libtls and netcat.
* Added ocspcheck utility to validate a certificate against its OCSP
responder and save the reply for stapling
* Enhanced regression tests and error handling for libtls.
* Added explicit constant and non-constant time BN functions,
defaulting to constant time wherever possible.
* Moved many leaked implementation details in public structs behind
opaque pointers.
* Added ticket support to libtls.
* Added support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
SSL{_CTX}_set1_curves{_list} names. This also changes the default
list of curves to be X25519, P-256 and P-384. All other curves must
be manually enabled.
* Added -groups option to openssl(1) s_client for specifying the curves
to be used in a colon-separated list.
* Merged client/server version negotiation code paths into one,
reducing much duplicate code.
* Removed error function codes from libssl and libcrypto.
* Fixed an issue where a truncated packet could crash via an OOB read.
* Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
client-initiated renegotiation. This is the default for libtls
servers.
* Avoid a side-channel cache-timing attack that can leak the ECDSA
private keys when signing. This is due to BN_mod_inverse() being
used without the constant time flag being set. Reported by Cesar
Pereida Garcia and Billy Brumley (Tampere University of Technology).
The fix was developed by Cesar Pereida Garcia.
* iOS and MacOS compatibility updates from Simone Basso and Jacob
Berkman.
2.5.0 - New APIs, bug fixes and improvements
* libtls now supports ALPN and SNI
* libtls adds a new callback interface for integrating custom IO
functions. Thanks to Tobias Pape.
* libtls now handles 4 cipher suite groups:
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than
having two extremes (an issue raised by Marko Kreen some time ago).
* Tightened error handling for tls_config_set_ciphers().
* libtls now always loads CA, key and certificate files at the time the
configuration function is called. This simplifies code and results in
a single memory based code path being used to provide data to libssl.
* Add support for OCSP intermediate certificates.
* Added functions used by stunnel and exim from BoringSSL - this
brings in X509_check_host, X509_check_email, X509_check_ip, and
X509_check_ip_asc.
* Added initial support for iOS, thanks to Jacob Berkman.
* Improved behavior of arc4random on Windows when using memory leak
analysis software.
* Correctly handle an EOF that occurs prior to the TLS handshake
completing. Reported by Vasily Kolobkov, based on a diff from Marko
Kreen.
* Limit the support of the "backward compatible" ssl2 handshake to
only be used if TLS 1.0 is enabled.
* Fix incorrect results in certain cases on 64-bit systems when
BN_mod_word() can return incorrect results. BN_mod_word() now can
return an error condition. Thanks to Brian Smith.
* Added constant-time updates to address CVE-2016-0702
* Fixed undefined behavior in BN_GF2m_mod_arr()
* Removed unused Cryptographic Message Support (CMS)
* More conversions of long long idioms to time_t
* Improved compatibility by avoiding printing NULL strings with
printf.
* Reverted change that cleans up the EVP cipher context in
EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
previous behaviour.
* Avoid unbounded memory growth in libssl, which can be triggered by a
TLS client repeatedly renegotiating and sending OCSP Status Request
TLS extensions.
* Avoid falling back to a weak digest for (EC)DH when using SNI with
libssl.
2.4.2 - Bug fixes and improvements
* Fixed loading default certificate locations with openssl s_client.
* Ensured OCSP only uses and compares GENERALIZEDTIME values as per
RFC6960. Also added fixes for OCSP to work with intermediate
certificates provided in responses.
* Improved behavior of arc4random on Windows to not appear to leak
memory in debug tools, reduced privileges of allocated memory.
* Fixed incorrect results from BN_mod_word() when the modulus is too
large, thanks to Brian Smith from BoringSSL.
* Correctly handle an EOF prior to completing the TLS handshake in
libtls.
* Improved libtls ceritificate loading and cipher string validation.
* Updated libtls cipher group suites into four categories:
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than
having two extremes.
* Limited support for 'backward compatible' SSLv2 handshake packets to
when TLS 1.0 is enabled, providing more restricted compatibility
with TLS 1.0 clients.
* openssl(1) and other documentation improvements.
* Removed flags for disabling constant-time operations.
This removes support for DSA_FLAG_NO_EXP_CONSTTIME,
DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making
all of these operations unconditionally constant-time.
2.4.1 - Security fix
* Correct a problem that prevents the DSA signing algorithm from
running in constant time even if the flag BN_FLG_CONSTTIME is set.
This issue was reported by Cesar Pereida (Aalto University), Billy
Brumley (Tampere University of Technology), and Yuval Yarom (The
University of Adelaide and NICTA). The fix was developed by Cesar
Pereida.
2.4.0 - Build improvements, new features
* Many improvements to the CMake build infrastructure, including
Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro
Inoguchi for this work.
* Added missing error handling around bn_wexpand() calls.
* Added explicit_bzero calls for freed ASN.1 objects.
* Fixed X509_*set_object functions to return 0 on allocation failure.
* Implemented the IETF ChaCha20-Poly1305 cipher suites.
* Changed default EVP_aead_chacha20_poly1305() implementation to the
IETF version, which is now the default.
* Fixed password prompts from openssl(1) to properly handle ^C.
* Reworked error handling in libtls so that configuration errors are
visible.
* Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
* Manpage fixes and updates
2.3.5 - Reliability fix
* Fixed an error in libcrypto when parsing some ASN.1 elements > 16k.
2.3.4 - Security Update 2.3.4 - Security Update
* Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding. * Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.

View File

@@ -5,7 +5,7 @@ pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc
EXTRA_DIST = README.md README.windows VERSION config scripts EXTRA_DIST = README.md README.windows VERSION config scripts
EXTRA_DIST += CMakeLists.txt EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in
.PHONY: install_sw .PHONY: install_sw
install_sw: install install_sw: install

View File

@@ -1,2 +1,3 @@
AM_CFLAGS = AM_CFLAGS =
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL
AM_CPPFLAGS += -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS=

View File

@@ -1 +1 @@
OPENBSD_5_9 OPENBSD_6_2

View File

@@ -30,7 +30,7 @@ At the time of this writing, LibreSSL is know to build and work on:
* Linux (kernel 3.17 or later recommended) * Linux (kernel 3.17 or later recommended)
* FreeBSD (tested with 9.2 and later) * FreeBSD (tested with 9.2 and later)
* NetBSD (tested with 6.1.5) * NetBSD (7.0 or later recommended)
* HP-UX (11i) * HP-UX (11i)
* Solaris (11 and later preferred) * Solaris (11 and later preferred)
* Mac OS X (tested with 10.8 and later) * Mac OS X (tested with 10.8 and later)
@@ -56,20 +56,25 @@ or to the github
Severe vulnerabilities or bugs requiring coordination with OpenSSL can be Severe vulnerabilities or bugs requiring coordination with OpenSSL can be
sent to the core team at libressl-security@openbsd.org. sent to the core team at libressl-security@openbsd.org.
## Prerequisites when building from git ## # Building LibreSSL #
If you have checked this source using Git, follow these initial steps to ## Prerequisites when building from a Git checkout ##
prepare the source tree for building:
If you have checked this source using Git, or have downloaded a source tarball
from Github, follow these initial steps to prepare the source tree for
building. _Note: Your build will fail if you do not follow these instructions! If you cannot follow these instructions (e.g. Windows system using CMake) or cannot meet these prerequistes, please download an official release distribution from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ instead. Using official releases is strongly advised if you are not a developer._
1. Ensure you have the following packages installed: 1. Ensure you have the following packages installed:
automake, autoconf, git, libtool, perl, pod2man automake, autoconf, git, libtool, perl
2. Run './autogen.sh' to prepare the source tree for building or 2. Run './autogen.sh' to prepare the source tree for building or
run './dist.sh' to prepare a tarball. run './dist.sh' to prepare a tarball.
## Building LibreSSL ## ## Steps that apply to all builds ##
Once you have a source tree from Git or FTP, run these commands to build and Once you have a source tree, either by downloaded using git and having
install the package on most systems: run the autogen.sh script above, or by downloading a release distribution from
an OpenBSD mirror, run these commands to build and install the package on most
systems:
```sh ```sh
./configure # see ./configure --help for configuration options ./configure # see ./configure --help for configuration options
@@ -119,9 +124,9 @@ should work. See README.windows for more information
#### Windows - Visual Studio #### #### Windows - Visual Studio ####
LibreSSL builds using the CMake target "Visual Studio 12 2013", and may build LibreSSL builds using the CMake target "Visual Studio 12 2013" and newer. To
against older/newer targets as well. To generate a Visual Studio project, generate a Visual Studio project, install CMake, enter the LibreSSL source
install CMake, enter the LibreSSL source directory and run: directory and run:
```sh ```sh
mkdir build-vs2013 mkdir build-vs2013
@@ -129,5 +134,18 @@ install CMake, enter the LibreSSL source directory and run:
cmake -G"Visual Studio 12 2013" .. cmake -G"Visual Studio 12 2013" ..
``` ```
This will generate a LibreSSL.sln file that you can incorporate into other Replace "Visual Studion 12 2013" with whatever version of Visual Studio you
projects or build by itself. have installed. This will generate a LibreSSL.sln file that you can incorporate
into other projects or build by itself.
#### Cmake - Additional Options ####
| Option Name | Default | Description
| ------------ | -----: | ------
| LIBRESSL_SKIP_INSTALL | OFF | allows skipping install() rules. Can be specified from command line using <br>```-DLIBRESSL_SKIP_INSTALL=ON``` |
| ENABLE_ASM | ON | builds assembly optimized rules. |
| ENABLE_EXTRATESTS | OFF | Enable extra tests that may be unreliable on some platforms |
| ENABLE_NC | OFF | Enable installing TLS-enabled nc(1) |
| ENABLE_VSTEST | OFF | Enable test on Visual Studio |
| OPENSSLDIR | Blank | Set the default openssl directory. Can be specified from command line using <br>```-DOPENSSLDIR=<dirname>``` |

View File

@@ -12,7 +12,8 @@ cross compilers on Windows.
To configure and build LibreSSL for a 32-bit system, use the following To configure and build LibreSSL for a 32-bit system, use the following
build steps: build steps:
CC=i686-w64-mingw32-gcc ./configure --host=i686-w64-mingw32 CC=i686-w64-mingw32-gcc CPPFLAGS=-D__MINGW_USE_VC2005_COMPAT \
./configure --host=i686-w64-mingw32
make make
make check make check
@@ -22,6 +23,25 @@ For 64-bit builds, use these instead:
make make
make check make check
# Why the -D__MINGW_USE_VC2005_COMPAT flag on 32-bit systems?
An ABI change introduced with Microsoft Visual C++ 2005 (also known as
Visual C++ 8.0) switched time_t from 32-bit to 64-bit. It is important to
build LibreSSL with 64-bit time_t whenever possible, because 32-bit time_t
is unable to represent times past 2038 (this is commonly known as the
Y2K38 problem).
If LibreSSL is built with 32-bit time_t, when verifying a certificate whose
expiry date is set past 19 January 2038, it will be unable to tell if the
certificate has expired or not, and thus take the safe stance and reject it.
In order to avoid this, you need to build LibreSSL (and everything that links
with it) with the -D__MINGW_USE_VC2005_COMPAT flag. This tells mingw-w64 to
use the new ABI.
64-bit systems always have a 64-bit time_t and are not affected by this
problem.
# Using Libressl with Visual Studio # Using Libressl with Visual Studio
A script for generating ready-to-use .DLL and static .LIB files is included in A script for generating ready-to-use .DLL and static .LIB files is included in

View File

@@ -1,80 +1,3 @@
include_directories( add_subdirectory(ocspcheck)
. add_subdirectory(openssl)
../include add_subdirectory(nc)
../include/compat
)
set(
OPENSSL_SRC
openssl/apps.c
openssl/asn1pars.c
openssl/ca.c
openssl/ciphers.c
openssl/cms.c
openssl/crl.c
openssl/crl2p7.c
openssl/dgst.c
openssl/dh.c
openssl/dhparam.c
openssl/dsa.c
openssl/dsaparam.c
openssl/ec.c
openssl/ecparam.c
openssl/enc.c
openssl/errstr.c
openssl/gendh.c
openssl/gendsa.c
openssl/genpkey.c
openssl/genrsa.c
openssl/nseq.c
openssl/ocsp.c
openssl/openssl.c
openssl/passwd.c
openssl/pkcs12.c
openssl/pkcs7.c
openssl/pkcs8.c
openssl/pkey.c
openssl/pkeyparam.c
openssl/pkeyutl.c
openssl/prime.c
openssl/rand.c
openssl/req.c
openssl/rsa.c
openssl/rsautl.c
openssl/s_cb.c
openssl/s_client.c
openssl/s_server.c
openssl/s_socket.c
openssl/s_time.c
openssl/sess_id.c
openssl/smime.c
openssl/speed.c
openssl/spkac.c
openssl/ts.c
openssl/verify.c
openssl/version.c
openssl/x509.c
)
if(CMAKE_HOST_UNIX)
set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_posix.c)
set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash.c)
endif()
if(CMAKE_HOST_WIN32)
set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/poll_win.c)
endif()
check_function_exists(strtonum HAVE_STRTONUM)
if(HAVE_STRTONUM)
add_definitions(-DHAVE_STRTONUM)
else()
set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/strtonum.c)
endif()
add_executable(openssl ${OPENSSL_SRC})
target_link_libraries(openssl ${OPENSSL_LIBS})
install(TARGETS openssl DESTINATION bin)

View File

@@ -1,5 +1,5 @@
include $(top_srcdir)/Makefile.am.common include $(top_srcdir)/Makefile.am.common
SUBDIRS = openssl nc SUBDIRS = ocspcheck openssl nc
EXTRA_DIST = CMakeLists.txt EXTRA_DIST = CMakeLists.txt

62
apps/nc/CMakeLists.txt Normal file
View File

@@ -0,0 +1,62 @@
if(BUILD_NC)
include_directories(
.
./compat
../../include
../../include/compat
)
set(
NC_SRC
atomicio.c
netcat.c
socks.c
compat/socket.c
)
check_function_exists(b64_ntop HAVE_B64_NTOP)
if(HAVE_B64_NTOP)
add_definitions(-DHAVE_B64_NTOP)
else()
set(NC_SRC ${NC_SRC} compat/base64.c)
endif()
check_function_exists(accept4 HAVE_ACCEPT4)
if(HAVE_ACCEPT4)
add_definitions(-DHAVE_ACCEPT4)
else()
set(NC_SRC ${NC_SRC} compat/accept4.c)
endif()
check_function_exists(readpassphrase HAVE_READPASSPHRASE)
if(HAVE_READPASSPHRASE)
add_definitions(-DHAVE_READPASSPHRASE)
else()
set(NC_SRC ${NC_SRC} compat/readpassphrase.c)
endif()
check_function_exists(strtonum HAVE_STRTONUM)
if(HAVE_STRTONUM)
add_definitions(-DHAVE_STRTONUM)
else()
set(NC_SRC ${NC_SRC} compat/strtonum.c)
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
else()
add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif()
add_executable(nc ${NC_SRC})
target_link_libraries(nc tls ${OPENSSL_LIBS})
if(ENABLE_NC)
if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS nc DESTINATION ${CMAKE_INSTALL_BINDIR})
install(FILES nc.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
endif(ENABLE_LIBRESSL_INSTALL)
endif()
endif()

View File

@@ -4,23 +4,20 @@ if BUILD_NC
if ENABLE_NC if ENABLE_NC
bin_PROGRAMS = nc bin_PROGRAMS = nc
dist_man_MANS = nc.1
else else
noinst_PROGRAMS = nc noinst_PROGRAMS = nc
endif endif
EXTRA_DIST = nc.1 EXTRA_DIST = nc.1
EXTRA_DIST += CMakeLists.txt
nc_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) nc_LDADD = $(abs_top_builddir)/crypto/libcrypto.la
nc_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
nc_LDADD += $(abs_top_builddir)/ssl/libssl.la nc_LDADD += $(abs_top_builddir)/ssl/libssl.la
nc_LDADD += $(abs_top_builddir)/tls/libtls.la nc_LDADD += $(abs_top_builddir)/tls/libtls.la
nc_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat
if OPENSSLDIR_DEFINED
AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
else
AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"
endif
nc_SOURCES = atomicio.c nc_SOURCES = atomicio.c
nc_SOURCES += netcat.c nc_SOURCES += netcat.c

View File

@@ -1,315 +0,0 @@
/* $OpenBSD: base64.c,v 1.8 2015/01/16 16:48:51 deraadt Exp $ */
/*
* Copyright (c) 1996 by Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
/*
* Portions Copyright (c) 1995 by International Business Machines, Inc.
*
* International Business Machines, Inc. (hereinafter called IBM) grants
* permission under its copyrights to use, copy, modify, and distribute this
* Software with or without fee, provided that the above copyright notice and
* all paragraphs of this notice appear in all copies, and that the name of IBM
* not be used in connection with the marketing of any product incorporating
* the Software or modifications thereof, without specific, written prior
* permission.
*
* To the extent it has a right to do so, IBM grants an immunity from suit
* under its patents, if any, for the use, sale or manufacture of products to
* the extent that such products are used for performing Domain Name System
* dynamic updates in TCP/IP networks by means of the Software. No immunity is
* granted for any product per se or for any other function of any product.
*
* THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
* INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
* PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
* DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
* OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
* IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <ctype.h>
#include <resolv.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
static const char Base64[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
static const char Pad64 = '=';
/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
The following encoding technique is taken from RFC 1521 by Borenstein
and Freed. It is reproduced here in a slightly edited form for
convenience.
A 65-character subset of US-ASCII is used, enabling 6 bits to be
represented per printable character. (The extra 65th character, "=",
is used to signify a special processing function.)
The encoding process represents 24-bit groups of input bits as output
strings of 4 encoded characters. Proceeding from left to right, a
24-bit input group is formed by concatenating 3 8-bit input groups.
These 24 bits are then treated as 4 concatenated 6-bit groups, each
of which is translated into a single digit in the base64 alphabet.
Each 6-bit group is used as an index into an array of 64 printable
characters. The character referenced by the index is placed in the
output string.
Table 1: The Base64 Alphabet
Value Encoding Value Encoding Value Encoding Value Encoding
0 A 17 R 34 i 51 z
1 B 18 S 35 j 52 0
2 C 19 T 36 k 53 1
3 D 20 U 37 l 54 2
4 E 21 V 38 m 55 3
5 F 22 W 39 n 56 4
6 G 23 X 40 o 57 5
7 H 24 Y 41 p 58 6
8 I 25 Z 42 q 59 7
9 J 26 a 43 r 60 8
10 K 27 b 44 s 61 9
11 L 28 c 45 t 62 +
12 M 29 d 46 u 63 /
13 N 30 e 47 v
14 O 31 f 48 w (pad) =
15 P 32 g 49 x
16 Q 33 h 50 y
Special processing is performed if fewer than 24 bits are available
at the end of the data being encoded. A full encoding quantum is
always completed at the end of a quantity. When fewer than 24 input
bits are available in an input group, zero bits are added (on the
right) to form an integral number of 6-bit groups. Padding at the
end of the data is performed using the '=' character.
Since all base64 input is an integral number of octets, only the
-------------------------------------------------
following cases can arise:
(1) the final quantum of encoding input is an integral
multiple of 24 bits; here, the final unit of encoded
output will be an integral multiple of 4 characters
with no "=" padding,
(2) the final quantum of encoding input is exactly 8 bits;
here, the final unit of encoded output will be two
characters followed by two "=" padding characters, or
(3) the final quantum of encoding input is exactly 16 bits;
here, the final unit of encoded output will be three
characters followed by one "=" padding character.
*/
int
b64_ntop(src, srclength, target, targsize)
u_char const *src;
size_t srclength;
char *target;
size_t targsize;
{
size_t datalength = 0;
u_char input[3];
u_char output[4];
int i;
while (2 < srclength) {
input[0] = *src++;
input[1] = *src++;
input[2] = *src++;
srclength -= 3;
output[0] = input[0] >> 2;
output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
output[3] = input[2] & 0x3f;
if (datalength + 4 > targsize)
return (-1);
target[datalength++] = Base64[output[0]];
target[datalength++] = Base64[output[1]];
target[datalength++] = Base64[output[2]];
target[datalength++] = Base64[output[3]];
}
/* Now we worry about padding. */
if (0 != srclength) {
/* Get what's left. */
input[0] = input[1] = input[2] = '\0';
for (i = 0; i < srclength; i++)
input[i] = *src++;
output[0] = input[0] >> 2;
output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
if (datalength + 4 > targsize)
return (-1);
target[datalength++] = Base64[output[0]];
target[datalength++] = Base64[output[1]];
if (srclength == 1)
target[datalength++] = Pad64;
else
target[datalength++] = Base64[output[2]];
target[datalength++] = Pad64;
}
if (datalength >= targsize)
return (-1);
target[datalength] = '\0'; /* Returned value doesn't count \0. */
return (datalength);
}
/* skips all whitespace anywhere.
converts characters, four at a time, starting at (or after)
src from base - 64 numbers into three 8 bit bytes in the target area.
it returns the number of data bytes stored at the target, or -1 on error.
*/
int
b64_pton(src, target, targsize)
char const *src;
u_char *target;
size_t targsize;
{
int tarindex, state, ch;
u_char nextbyte;
char *pos;
state = 0;
tarindex = 0;
while ((ch = (unsigned char)*src++) != '\0') {
if (isspace(ch)) /* Skip whitespace anywhere. */
continue;
if (ch == Pad64)
break;
pos = strchr(Base64, ch);
if (pos == 0) /* A non-base64 character. */
return (-1);
switch (state) {
case 0:
if (target) {
if (tarindex >= targsize)
return (-1);
target[tarindex] = (pos - Base64) << 2;
}
state = 1;
break;
case 1:
if (target) {
if (tarindex >= targsize)
return (-1);
target[tarindex] |= (pos - Base64) >> 4;
nextbyte = ((pos - Base64) & 0x0f) << 4;
if (tarindex + 1 < targsize)
target[tarindex+1] = nextbyte;
else if (nextbyte)
return (-1);
}
tarindex++;
state = 2;
break;
case 2:
if (target) {
if (tarindex >= targsize)
return (-1);
target[tarindex] |= (pos - Base64) >> 2;
nextbyte = ((pos - Base64) & 0x03) << 6;
if (tarindex + 1 < targsize)
target[tarindex+1] = nextbyte;
else if (nextbyte)
return (-1);
}
tarindex++;
state = 3;
break;
case 3:
if (target) {
if (tarindex >= targsize)
return (-1);
target[tarindex] |= (pos - Base64);
}
tarindex++;
state = 0;
break;
}
}
/*
* We are done decoding Base-64 chars. Let's see if we ended
* on a byte boundary, and/or with erroneous trailing characters.
*/
if (ch == Pad64) { /* We got a pad char. */
ch = (unsigned char)*src++; /* Skip it, get next. */
switch (state) {
case 0: /* Invalid = in first position */
case 1: /* Invalid = in second position */
return (-1);
case 2: /* Valid, means one byte of info */
/* Skip any number of spaces. */
for (; ch != '\0'; ch = (unsigned char)*src++)
if (!isspace(ch))
break;
/* Make sure there is another trailing = sign. */
if (ch != Pad64)
return (-1);
ch = (unsigned char)*src++; /* Skip the = */
/* Fall through to "single trailing =" case. */
/* FALLTHROUGH */
case 3: /* Valid, means two bytes of info */
/*
* We know this char is an =. Is there anything but
* whitespace after it?
*/
for (; ch != '\0'; ch = (unsigned char)*src++)
if (!isspace(ch))
return (-1);
/*
* Now make sure for cases 2 and 3 that the "extra"
* bits that slopped past the last full byte were
* zeros. If we don't check them, they become a
* subliminal channel.
*/
if (target && tarindex < targsize &&
target[tarindex] != 0)
return (-1);
}
} else {
/*
* We ended by seeing the end of the string. Make sure we
* have no partial bytes lying around.
*/
if (state != 0)
return (-1);
}
return (tarindex);
}

View File

@@ -1,65 +0,0 @@
/* $OpenBSD: strtonum.c,v 1.7 2013/04/17 18:40:58 tedu Exp $ */
/*
* Copyright (c) 2004 Ted Unangst and Todd Miller
* All rights reserved.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <errno.h>
#include <limits.h>
#include <stdlib.h>
#define INVALID 1
#define TOOSMALL 2
#define TOOLARGE 3
long long
strtonum(const char *numstr, long long minval, long long maxval,
const char **errstrp)
{
long long ll = 0;
int error = 0;
char *ep;
struct errval {
const char *errstr;
int err;
} ev[4] = {
{ NULL, 0 },
{ "invalid", EINVAL },
{ "too small", ERANGE },
{ "too large", ERANGE },
};
ev[0].err = errno;
errno = 0;
if (minval > maxval) {
error = INVALID;
} else {
ll = strtoll(numstr, &ep, 10);
if (numstr == ep || *ep != '\0')
error = INVALID;
else if ((ll == LLONG_MIN && errno == ERANGE) || ll < minval)
error = TOOSMALL;
else if ((ll == LLONG_MAX && errno == ERANGE) || ll > maxval)
error = TOOLARGE;
}
if (errstrp != NULL)
*errstrp = ev[error].errstr;
errno = ev[error].err;
if (error)
ll = 0;
return (ll);
}

View File

@@ -0,0 +1,45 @@
if(NOT MSVC)
include_directories(
.
./compat
../../include
../../include/compat
)
set(
OCSPCHECK_SRC
http.c
ocspcheck.c
)
check_function_exists(inet_ntop HAVE_INET_NTOP)
if(HAVE_INET_NTOP)
add_definitions(-DHAVE_INET_NTOP)
else()
set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/inet_ntop.c)
endif()
check_function_exists(memmem HAVE_MEMMEM)
if(HAVE_MEMMEM)
add_definitions(-DHAVE_MEMMEM)
else()
set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/memmem.c)
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
else()
add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif()
add_executable(ocspcheck ${OCSPCHECK_SRC})
target_link_libraries(ocspcheck tls ${OPENSSL_LIBS})
if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS ocspcheck DESTINATION ${CMAKE_INSTALL_BINDIR})
install(FILES ocspcheck.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8)
endif(ENABLE_LIBRESSL_INSTALL)
endif()

View File

@@ -0,0 +1,23 @@
include $(top_srcdir)/Makefile.am.common
bin_PROGRAMS = ocspcheck
EXTRA_DIST = ocspcheck.8
EXTRA_DIST += CMakeLists.txt
ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la
ocspcheck_LDADD += $(abs_top_builddir)/ssl/libssl.la
ocspcheck_LDADD += $(abs_top_builddir)/tls/libtls.la
ocspcheck_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
ocspcheck_SOURCES = http.c
ocspcheck_SOURCES += ocspcheck.c
noinst_HEADERS = http.h
if !HAVE_INET_NTOP
ocspcheck_SOURCES += compat/inet_ntop.c
endif
if !HAVE_MEMMEM
ocspcheck_SOURCES += compat/memmem.c
endif

0
apps/ocspcheck/compat/.gitignore vendored Normal file
View File

View File

@@ -0,0 +1,92 @@
include_directories(
.
../../include
../../include/compat
)
set(
OPENSSL_SRC
apps.c
asn1pars.c
ca.c
ciphers.c
crl.c
crl2p7.c
dgst.c
dh.c
dhparam.c
dsa.c
dsaparam.c
ec.c
ecparam.c
enc.c
errstr.c
gendh.c
gendsa.c
genpkey.c
genrsa.c
nseq.c
ocsp.c
openssl.c
passwd.c
pkcs12.c
pkcs7.c
pkcs8.c
pkey.c
pkeyparam.c
pkeyutl.c
prime.c
rand.c
req.c
rsa.c
rsautl.c
s_cb.c
s_client.c
s_server.c
s_socket.c
s_time.c
sess_id.c
smime.c
speed.c
spkac.c
ts.c
verify.c
version.c
x509.c
)
if(CMAKE_HOST_UNIX)
set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c)
set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c)
endif()
if(CMAKE_HOST_WIN32)
set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} certhash_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} compat/poll_win.c)
endif()
check_function_exists(strtonum HAVE_STRTONUM)
if(HAVE_STRTONUM)
add_definitions(-DHAVE_STRTONUM)
else()
set(OPENSSL_SRC ${OPENSSL_SRC} compat/strtonum.c)
endif()
add_executable(openssl ${OPENSSL_SRC})
target_link_libraries(openssl ${OPENSSL_LIBS})
if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR})
install(FILES openssl.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
endif(ENABLE_LIBRESSL_INSTALL)
if(NOT "${OPENSSLDIR}" STREQUAL "")
set(CONF_DIR "${OPENSSLDIR}")
else()
set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
endif()
if(ENABLE_LIBRESSL_INSTALL)
install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
install(DIRECTORY DESTINATION ${CONF_DIR}/certs)
endif(ENABLE_LIBRESSL_INSTALL)

View File

@@ -4,15 +4,14 @@ bin_PROGRAMS = openssl
dist_man_MANS = openssl.1 dist_man_MANS = openssl.1
openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) openssl_LDADD = $(abs_top_builddir)/ssl/libssl.la
openssl_LDADD += $(abs_top_builddir)/ssl/libssl.la
openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
openssl_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
openssl_SOURCES = apps.c openssl_SOURCES = apps.c
openssl_SOURCES += asn1pars.c openssl_SOURCES += asn1pars.c
openssl_SOURCES += ca.c openssl_SOURCES += ca.c
openssl_SOURCES += ciphers.c openssl_SOURCES += ciphers.c
openssl_SOURCES += cms.c
openssl_SOURCES += crl.c openssl_SOURCES += crl.c
openssl_SOURCES += crl2p7.c openssl_SOURCES += crl2p7.c
openssl_SOURCES += dgst.c openssl_SOURCES += dgst.c
@@ -89,12 +88,13 @@ noinst_HEADERS += timeouts.h
EXTRA_DIST = cert.pem EXTRA_DIST = cert.pem
EXTRA_DIST += openssl.cnf EXTRA_DIST += openssl.cnf
EXTRA_DIST += x509v3.cnf EXTRA_DIST += x509v3.cnf
EXTRA_DIST += CMakeLists.txt
install-exec-hook: install-exec-hook:
@if [ "@OPENSSLDIR@x" != "x" ]; then \ @if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \ OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
else \ else \
OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \ OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
fi; \ fi; \
mkdir -p "$$OPENSSLDIR/certs"; \ mkdir -p "$$OPENSSLDIR/certs"; \
for i in cert.pem openssl.cnf x509v3.cnf; do \ for i in cert.pem openssl.cnf x509v3.cnf; do \
@@ -107,9 +107,9 @@ install-exec-hook:
uninstall-local: uninstall-local:
@if [ "@OPENSSLDIR@x" != "x" ]; then \ @if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \ OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
else \ else \
OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \ OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
fi; \ fi; \
for i in cert.pem openssl.cnf x509v3.cnf; do \ for i in cert.pem openssl.cnf x509v3.cnf; do \
if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \ if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \

View File

@@ -253,7 +253,9 @@ poll(struct pollfd *pfds, nfds_t nfds, int timeout_ms)
looptime_ms = timeout_ms > 100 ? 100 : timeout_ms; looptime_ms = timeout_ms > 100 ? 100 : timeout_ms;
do { do {
struct timeval tv = {0, looptime_ms * 1000}; struct timeval tv;
tv.tv_sec = 0;
tv.tv_usec = looptime_ms * 1000;
int handle_signaled = 0; int handle_signaled = 0;
/* /*

View File

@@ -57,6 +57,7 @@ fi
echo "differences between release and regenerated release tag:" echo "differences between release and regenerated release tag:"
diff -urN \ diff -urN \
-x *.3 \ -x *.3 \
-x *.5 \
-x Makefile.in \ -x Makefile.in \
-x aclocal.m4 \ -x aclocal.m4 \
-x compile \ -x compile \

50
cmake_export_symbol.cmake Normal file
View File

@@ -0,0 +1,50 @@
macro(export_symbol TARGET FILENAME)
set(FLAG "")
if(WIN32)
string(REPLACE ".sym" ".def" DEF_FILENAME ${FILENAME})
file(WRITE ${DEF_FILENAME} "EXPORTS\n")
file(READ ${FILENAME} SYMBOLS)
file(APPEND ${DEF_FILENAME} "${SYMBOLS}")
target_sources(${TARGET} PRIVATE ${DEF_FILENAME})
elseif(APPLE)
file(READ ${FILENAME} SYMBOLS)
string(REGEX REPLACE "\n$" "" SYMBOLS ${SYMBOLS})
string(REPLACE "\n" "\n_" SYMBOLS ${SYMBOLS})
string(REGEX REPLACE "(.)$" "\\1\\n" SYMBOLS ${SYMBOLS})
string(REPLACE ".sym" ".exp" EXP_FILENAME ${FILENAME})
file(WRITE ${EXP_FILENAME} "_${SYMBOLS}")
set(FLAG "-exported_symbols_list ${EXP_FILENAME}")
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
file(READ ${FILENAME} SYMBOLS)
string(REGEX REPLACE "\n$" "" SYMBOLS ${SYMBOLS})
string(REPLACE "\n" "\n+e " SYMBOLS ${SYMBOLS})
string(REPLACE ".sym" ".opt" OPT_FILENAME ${FILENAME})
file(WRITE ${OPT_FILENAME} "+e ${SYMBOLS}")
set(FLAG "-Wl,-c,${OPT_FILENAME}")
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS")
file(READ ${FILENAME} SYMBOLS)
string(REPLACE "\n" ";\n" SYMBOLS ${SYMBOLS})
string(REPLACE ".sym" ".ver" VER_FILENAME ${FILENAME})
file(WRITE ${VER_FILENAME}
"{\nglobal:\n${SYMBOLS}\nlocal:\n*;\n};\n")
set(FLAG "-Wl,-M${VER_FILENAME}")
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
elseif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
file(READ ${FILENAME} SYMBOLS)
string(REPLACE "\n" ";\n" SYMBOLS ${SYMBOLS})
string(REPLACE ".sym" ".ver" VER_FILENAME ${FILENAME})
file(WRITE ${VER_FILENAME}
"{\nglobal:\n${SYMBOLS}\nlocal:\n*;\n};\n")
set(FLAG "-Wl,--version-script,\"${VER_FILENAME}\"")
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
endif()
endmacro()

21
cmake_uninstall.cmake.in Normal file
View File

@@ -0,0 +1,21 @@
if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files)
string(REGEX REPLACE "\n" ";" files "${files}")
foreach(file ${files})
message(STATUS "Uninstalling $ENV{DESTDIR}${file}")
if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
exec_program(
"@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\""
OUTPUT_VARIABLE rm_out
RETURN_VALUE rm_retval
)
if(NOT "${rm_retval}" STREQUAL 0)
message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}")
endif(NOT "${rm_retval}" STREQUAL 0)
else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
message(STATUS "File $ENV{DESTDIR}${file} does not exist.")
endif(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
endforeach(file)

View File

@@ -78,19 +78,15 @@ AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"],
BSWAP4=no) BSWAP4=no)
CFLAGS="$old_cflags" CFLAGS="$old_cflags"
case $host_cpu in AS_CASE([$host_cpu],
*sparc*) [*sparc*], [CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT"],
CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT" [*arm*], AS_IF([test "x$BSWAP4" = "xyes"],,
;; CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT"),
*arm*) [*amd64*], [host_cpu=x86_64, HOSTARCH=intel],
AS_IF([test "x$BSWAP4" = "xyes"],, [i?86], [HOSTARCH=intel],
CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT") [x86_64], [HOSTARCH=intel]
;; )
*amd64*) AM_CONDITIONAL([HOST_CPU_IS_INTEL], [test "x$HOSTARCH" = "xintel"])
host_cpu=x86_64
;;
esac
AC_MSG_CHECKING([if .gnu.warning accepts long strings]) AC_MSG_CHECKING([if .gnu.warning accepts long strings])
AC_LINK_IFELSE([AC_LANG_SOURCE([[ AC_LINK_IFELSE([AC_LANG_SOURCE([[
@@ -126,6 +122,7 @@ AC_CONFIG_FILES([
tls/Makefile tls/Makefile
tests/Makefile tests/Makefile
apps/Makefile apps/Makefile
apps/ocspcheck/Makefile
apps/openssl/Makefile apps/openssl/Makefile
apps/nc/Makefile apps/nc/Makefile
man/Makefile man/Makefile
@@ -137,8 +134,15 @@ AC_CONFIG_FILES([
AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"]) AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
if test "$ac_cv_sizeof_time_t" = "4"; then if test "$ac_cv_sizeof_time_t" = "4"; then
AC_DEFINE([SMALL_TIME_T])
echo " ** Warning, this system is unable to represent times past 2038" echo " ** Warning, this system is unable to represent times past 2038"
echo " ** It will behave incorrectly when handling valid RFC5280 dates" echo " ** It will behave incorrectly when handling valid RFC5280 dates"
if test "$host_os" = "mingw32" ; then
echo " **"
echo " ** You can solve this by adjusting the build flags in your"
echo " ** mingw-w64 toolchain. Refer to README.windows for details."
fi
fi fi
AC_REQUIRE_AUX_FILE([tap-driver.sh]) AC_REQUIRE_AUX_FILE([tap-driver.sh])

View File

@@ -3,21 +3,113 @@ include_directories(
../include ../include
../include/compat ../include/compat
asn1 asn1
bn
dsa dsa
evp evp
modes modes
) )
if(HOST_ASM_ELF_X86_64)
set(
ASM_X86_64_ELF_SRC
aes/aes-elf-x86_64.S
aes/bsaes-elf-x86_64.S
aes/vpaes-elf-x86_64.S
aes/aesni-elf-x86_64.S
aes/aesni-sha1-elf-x86_64.S
bn/modexp512-elf-x86_64.S
bn/mont-elf-x86_64.S
bn/mont5-elf-x86_64.S
bn/gf2m-elf-x86_64.S
camellia/cmll-elf-x86_64.S
md5/md5-elf-x86_64.S
modes/ghash-elf-x86_64.S
rc4/rc4-elf-x86_64.S
rc4/rc4-md5-elf-x86_64.S
sha/sha1-elf-x86_64.S
sha/sha256-elf-x86_64.S
sha/sha512-elf-x86_64.S
whrlpool/wp-elf-x86_64.S
cpuid-elf-x86_64.S
)
add_definitions(-DAES_ASM)
add_definitions(-DBSAES_ASM)
add_definitions(-DVPAES_ASM)
add_definitions(-DOPENSSL_IA32_SSE2)
add_definitions(-DOPENSSL_BN_ASM_MONT)
add_definitions(-DOPENSSL_BN_ASM_MONT5)
add_definitions(-DOPENSSL_BN_ASM_GF2m)
add_definitions(-DMD5_ASM)
add_definitions(-DGHASH_ASM)
add_definitions(-DRSA_ASM)
add_definitions(-DSHA1_ASM)
add_definitions(-DSHA256_ASM)
add_definitions(-DSHA512_ASM)
add_definitions(-DWHIRLPOOL_ASM)
add_definitions(-DOPENSSL_CPUID_OBJ)
set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_ELF_SRC})
set_property(SOURCE ${ASM_X86_64_ELF_SRC} PROPERTY LANGUAGE C)
endif()
if(HOST_ASM_MACOSX_X86_64)
set(
ASM_X86_64_MACOSX_SRC
aes/aes-macosx-x86_64.S
aes/bsaes-macosx-x86_64.S
aes/vpaes-macosx-x86_64.S
aes/aesni-macosx-x86_64.S
aes/aesni-sha1-macosx-x86_64.S
bn/modexp512-macosx-x86_64.S
bn/mont-macosx-x86_64.S
bn/mont5-macosx-x86_64.S
bn/gf2m-macosx-x86_64.S
camellia/cmll-macosx-x86_64.S
md5/md5-macosx-x86_64.S
modes/ghash-macosx-x86_64.S
rc4/rc4-macosx-x86_64.S
rc4/rc4-md5-macosx-x86_64.S
sha/sha1-macosx-x86_64.S
sha/sha256-macosx-x86_64.S
sha/sha512-macosx-x86_64.S
whrlpool/wp-macosx-x86_64.S
cpuid-macosx-x86_64.S
)
add_definitions(-DAES_ASM)
add_definitions(-DBSAES_ASM)
add_definitions(-DVPAES_ASM)
add_definitions(-DOPENSSL_IA32_SSE2)
add_definitions(-DOPENSSL_BN_ASM_MONT)
add_definitions(-DOPENSSL_BN_ASM_MONT5)
add_definitions(-DOPENSSL_BN_ASM_GF2m)
add_definitions(-DMD5_ASM)
add_definitions(-DGHASH_ASM)
add_definitions(-DRSA_ASM)
add_definitions(-DSHA1_ASM)
add_definitions(-DSHA256_ASM)
add_definitions(-DSHA512_ASM)
add_definitions(-DWHIRLPOOL_ASM)
add_definitions(-DOPENSSL_CPUID_OBJ)
set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_MACOSX_SRC})
set_property(SOURCE ${ASM_X86_64_MACOSX_SRC} PROPERTY LANGUAGE C)
endif()
if((NOT HOST_ASM_ELF_X86_64) AND (NOT HOST_ASM_MACOSX_X86_64))
set(
CRYPTO_SRC
${CRYPTO_SRC}
aes/aes_cbc.c
aes/aes_core.c
camellia/camellia.c
camellia/cmll_cbc.c
rc4/rc4_enc.c
rc4/rc4_skey.c
whrlpool/wp_block.c
)
endif()
set( set(
CRYPTO_SRC CRYPTO_SRC
${CRYPTO_SRC}
aes/aes_cbc.c
aes/aes_core.c
camellia/camellia.c
camellia/cmll_cbc.c
rc4/rc4_enc.c
rc4/rc4_skey.c
whrlpool/wp_block.c
cpt_err.c cpt_err.c
cryptlib.c cryptlib.c
cversion.c cversion.c
@@ -190,6 +282,8 @@ set(
conf/conf_mall.c conf/conf_mall.c
conf/conf_mod.c conf/conf_mod.c
conf/conf_sap.c conf/conf_sap.c
curve25519/curve25519-generic.c
curve25519/curve25519.c
des/cbc_cksm.c des/cbc_cksm.c
des/cbc_enc.c des/cbc_enc.c
des/cfb64ede.c des/cfb64ede.c
@@ -331,6 +425,7 @@ set(
evp/m_gostr341194.c evp/m_gostr341194.c
evp/m_md4.c evp/m_md4.c
evp/m_md5.c evp/m_md5.c
evp/m_md5_sha1.c
evp/m_null.c evp/m_null.c
evp/m_ripemd.c evp/m_ripemd.c
evp/m_sha1.c evp/m_sha1.c
@@ -364,6 +459,7 @@ set(
gost/gostr341001_pmeth.c gost/gostr341001_pmeth.c
gost/gostr341194.c gost/gostr341194.c
gost/streebog.c gost/streebog.c
hkdf/hkdf.c
hmac/hm_ameth.c hmac/hm_ameth.c
hmac/hm_pmeth.c hmac/hm_pmeth.c
hmac/hmac.c hmac/hmac.c
@@ -372,7 +468,6 @@ set(
idea/i_ecb.c idea/i_ecb.c
idea/i_ofb64.c idea/i_ofb64.c
idea/i_skey.c idea/i_skey.c
krb5/krb5_asn.c
lhash/lh_stats.c lhash/lh_stats.c
lhash/lhash.c lhash/lhash.c
md4/md4_dgst.c md4/md4_dgst.c
@@ -464,7 +559,6 @@ set(
rsa/rsa_pss.c rsa/rsa_pss.c
rsa/rsa_saos.c rsa/rsa_saos.c
rsa/rsa_sign.c rsa/rsa_sign.c
rsa/rsa_ssl.c
rsa/rsa_x931.c rsa/rsa_x931.c
sha/sha1_one.c sha/sha1_one.c
sha/sha1dgst.c sha/sha1dgst.c
@@ -556,46 +650,89 @@ endif()
if(CMAKE_HOST_WIN32) if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_win.c) set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_win.c)
set(CRYPTO_UNEXPORT ${CRYPTO_UNEXPORT} BIO_s_log)
set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl_win.c) set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl_win.c)
endif() endif()
if(CMAKE_HOST_WIN32) if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/posix_win.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/posix_win.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} gettimeofday)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_perror)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_fopen)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_fgets)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_open)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_rename)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_connect)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_close)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_read)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_write)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_getsockopt)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_setsockopt)
set(EXTRA_EXPORT ${EXTRA_EXPORT} sleep)
endif() endif()
if(NOT HAVE_ASPRINTF) if(NOT HAVE_ASPRINTF)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/bsd-asprintf.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/bsd-asprintf.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} asprintf)
set(EXTRA_EXPORT ${EXTRA_EXPORT} vasprintf)
endif()
if(NOT HAVE_FREEZERO)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/freezero.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} freezero)
endif()
if(NOT HAVE_GETPAGESIZE)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getpagesize.c)
endif() endif()
if(NOT HAVE_INET_PTON) if(NOT HAVE_INET_PTON)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/inet_pton.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/inet_pton.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} inet_pton)
endif() endif()
if(NOT HAVE_REALLOCARRAY) if(NOT HAVE_REALLOCARRAY)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/reallocarray.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/reallocarray.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} reallocarray)
endif()
if(NOT HAVE_RECALLOCARRAY)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/recallocarray.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} recallocarray)
endif() endif()
if(NOT HAVE_STRCASECMP) if(NOT HAVE_STRCASECMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strcasecmp.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/strcasecmp.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strcasecmp)
endif() endif()
if(NOT HAVE_STRLCAT) if(NOT HAVE_STRLCAT)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcat.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcat.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strlcat)
endif() endif()
if(NOT HAVE_STRLCPY) if(NOT HAVE_STRLCPY)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcpy.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcpy.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strlcpy)
endif() endif()
if(NOT HAVE_STRNDUP) if(NOT HAVE_STRNDUP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strndup.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/strndup.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strndup)
if(NOT HAVE_STRNLEN) if(NOT HAVE_STRNLEN)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strnlen.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/strnlen.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strnlen)
endif() endif()
endif() endif()
if(NOT HAVE_STRSEP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strsep.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strsep)
endif()
if(NOT HAVE_TIMEGM) if(NOT HAVE_TIMEGM)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timegm.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/timegm.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} timegm)
endif() endif()
if(NOT HAVE_EXPLICIT_BZERO) if(NOT HAVE_EXPLICIT_BZERO)
@@ -605,10 +742,15 @@ if(NOT HAVE_EXPLICIT_BZERO)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero.c)
set_source_files_properties(compat/explicit_bzero.c PROPERTIES COMPILE_FLAGS -O0) set_source_files_properties(compat/explicit_bzero.c PROPERTIES COMPILE_FLAGS -O0)
endif() endif()
set(EXTRA_EXPORT ${EXTRA_EXPORT} explicit_bzero)
endif() endif()
if(NOT HAVE_ARC4RANDOM_BUF) if(NOT HAVE_ARC4RANDOM_BUF)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random.c)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random_uniform.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random)
set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_buf)
set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_uniform)
if(NOT HAVE_GETENTROPY) if(NOT HAVE_GETENTROPY)
if(CMAKE_HOST_WIN32) if(CMAKE_HOST_WIN32)
@@ -617,36 +759,78 @@ if(NOT HAVE_ARC4RANDOM_BUF)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD") elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_hpux.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "Linux") elseif(CMAKE_SYSTEM_NAME MATCHES "Linux")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD") elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_netbsd.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_netbsd.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "Darwin") elseif(CMAKE_SYSTEM_NAME MATCHES "Darwin")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_darwin.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_osx.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS") elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_solaris.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_solaris.c)
endif() endif()
set(EXTRA_EXPORT ${EXTRA_EXPORT} getentropy)
endif() endif()
endif() endif()
if(NOT HAVE_TIMINGSAFE_BCMP) if(NOT HAVE_TIMINGSAFE_BCMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_bcmp)
endif() endif()
if(NOT HAVE_TIMINGSAFE_MEMCMP) if(NOT HAVE_TIMINGSAFE_MEMCMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c) set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_memcmp)
endif() endif()
if(NOT ENABLE_ASM)
add_definitions(-DOPENSSL_NO_ASM)
else()
if(CMAKE_HOST_WIN32)
add_definitions(-DOPENSSL_NO_ASM)
endif()
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
add_definitions(-DOPENSSLDIR=\"${OPENSSLDIR}\")
else()
add_definitions(-DOPENSSLDIR=\"${CMAKE_INSTALL_PREFIX}/etc/ssl\")
endif()
file(READ ${CMAKE_CURRENT_SOURCE_DIR}/crypto.sym SYMS)
foreach(SYM IN LISTS CRYPTO_UNEXPORT)
string(REPLACE "${SYM}\n" "" SYMS ${SYMS})
endforeach()
file(WRITE ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym ${SYMS})
if(EXTRA_EXPORT)
list(SORT EXTRA_EXPORT)
foreach(SYM IN LISTS EXTRA_EXPORT)
file(APPEND ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym "${SYM}\n")
endforeach()
endif()
add_library(crypto-objects OBJECT ${CRYPTO_SRC})
if (BUILD_SHARED) if (BUILD_SHARED)
add_library(crypto-objects OBJECT ${CRYPTO_SRC})
add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>) add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>)
add_library(crypto-shared SHARED $<TARGET_OBJECTS:crypto-objects>) add_library(crypto-shared SHARED $<TARGET_OBJECTS:crypto-objects>)
set_target_properties(crypto-shared PROPERTIES OUTPUT_NAME crypto) export_symbol(crypto-shared ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym)
if (WIN32)
target_link_libraries(crypto-shared Ws2_32.lib)
set(CRYPTO_POSTFIX -${CRYPTO_MAJOR_VERSION})
endif()
set_target_properties(crypto-shared PROPERTIES
OUTPUT_NAME crypto${CRYPTO_POSTFIX}
ARCHIVE_OUTPUT_NAME crypto${CRYPTO_POSTFIX})
set_target_properties(crypto-shared PROPERTIES VERSION set_target_properties(crypto-shared PROPERTIES VERSION
${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION}) ${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
install(TARGETS crypto crypto-shared DESTINATION lib) if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS crypto crypto-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif(ENABLE_LIBRESSL_INSTALL)
else() else()
add_library(crypto STATIC ${CRYPTO_SRC}) add_library(crypto STATIC ${CRYPTO_SRC})
install(TARGETS crypto DESTINATION lib) if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS crypto DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif(ENABLE_LIBRESSL_INSTALL)
endif() endif()

View File

@@ -1,6 +1,7 @@
include $(top_srcdir)/Makefile.am.common include $(top_srcdir)/Makefile.am.common
AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1 AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I$(top_srcdir)/crypto/bn
AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I$(top_srcdir)/crypto AM_CPPFLAGS += -I$(top_srcdir)/crypto
@@ -9,11 +10,89 @@ lib_LTLIBRARIES = libcrypto.la
EXTRA_DIST = VERSION EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt EXTRA_DIST += CMakeLists.txt
EXTRA_DIST += crypto.sym
# needed for a CMake target # needed for a CMake target
EXTRA_DIST += compat/strcasecmp.c EXTRA_DIST += compat/strcasecmp.c
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined BUILT_SOURCES = crypto_portable.sym
CLEANFILES = crypto_portable.sym
crypto_portable.sym:
-echo "generating crypto_portable.sym ..."
-cp $(top_srcdir)/crypto/crypto.sym crypto_portable.sym
-chmod u+w crypto_portable.sym
if !HAVE_ARC4RANDOM_BUF
-echo arc4random >> crypto_portable.sym
-echo arc4random_buf >> crypto_portable.sym
-echo arc4random_uniform >> crypto_portable.sym
if !HAVE_GETENTROPY
-echo getentropy >> crypto_portable.sym
endif
endif
if !HAVE_ASPRINTF
-echo asprintf >> crypto_portable.sym
-echo vasprintf >> crypto_portable.sym
endif
if !HAVE_EXPLICIT_BZERO
-echo explicit_bzero >> crypto_portable.sym
endif
if !HAVE_FREEZERO
-echo freezero >> crypto_portable.sym
endif
if !HAVE_INET_PTON
-echo inet_pton >> crypto_portable.sym
endif
if !HAVE_REALLOCARRAY
-echo reallocarray >> crypto_portable.sym
endif
if !HAVE_RECALLOCARRAY
-echo recallocarray >> crypto_portable.sym
endif
if !HAVE_STRLCAT
-echo strlcat >> crypto_portable.sym
endif
if !HAVE_STRLCPY
-echo strlcpy >> crypto_portable.sym
endif
if !HAVE_STRNDUP
-echo strndup >> crypto_portable.sym
endif
if !HAVE_STRNLEN
-echo strnlen >> crypto_portable.sym
endif
if !HAVE_STRSEP
-echo strsep >> crypto_portable.sym
endif
if !HAVE_TIMEGM
-echo timegm >> crypto_portable.sym
endif
if !HAVE_TIMINGSAFE_BCMP
-echo timingsafe_bcmp >> crypto_portable.sym
endif
if !HAVE_TIMINGSAFE_MEMCMP
-echo timingsafe_memcmp >> crypto_portable.sym
endif
if HOST_CPU_IS_INTEL
-echo OPENSSL_ia32cap_P >> crypto_portable.sym
endif
if HOST_WIN
-echo posix_perror >> crypto_portable.sym
-echo posix_fopen >> crypto_portable.sym
-echo posix_fgets >> crypto_portable.sym
-echo posix_open >> crypto_portable.sym
-echo posix_rename >> crypto_portable.sym
-echo posix_connect >> crypto_portable.sym
-echo posix_close >> crypto_portable.sym
-echo posix_read >> crypto_portable.sym
-echo posix_write >> crypto_portable.sym
-echo posix_getsockopt >> crypto_portable.sym
-echo posix_setsockopt >> crypto_portable.sym
-grep -v BIO_s_log crypto_portable.sym > crypto_portable.sym.tmp
-mv crypto_portable.sym.tmp crypto_portable.sym
endif
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym
libcrypto_la_LIBADD = libcompat.la libcrypto_la_LIBADD = libcompat.la
if !HAVE_EXPLICIT_BZERO if !HAVE_EXPLICIT_BZERO
libcrypto_la_LIBADD += libcompatnoopt.la libcrypto_la_LIBADD += libcompatnoopt.la
@@ -71,10 +150,22 @@ libcompat_la_SOURCES += compat/strnlen.c
endif endif
endif endif
if !HAVE_STRSEP
libcompat_la_SOURCES += compat/strsep.c
endif
if !HAVE_ASPRINTF if !HAVE_ASPRINTF
libcompat_la_SOURCES += compat/bsd-asprintf.c libcompat_la_SOURCES += compat/bsd-asprintf.c
endif endif
if !HAVE_FREEZERO
libcompat_la_SOURCES += compat/freezero.c
endif
if !HAVE_GETPAGESIZE
libcompat_la_SOURCES += compat/getpagesize.c
endif
if !HAVE_INET_PTON if !HAVE_INET_PTON
libcompat_la_SOURCES += compat/inet_pton.c libcompat_la_SOURCES += compat/inet_pton.c
endif endif
@@ -87,6 +178,10 @@ if !HAVE_REALLOCARRAY
libcompat_la_SOURCES += compat/reallocarray.c libcompat_la_SOURCES += compat/reallocarray.c
endif endif
if !HAVE_RECALLOCARRAY
libcompat_la_SOURCES += compat/recallocarray.c
endif
if !HAVE_TIMINGSAFE_MEMCMP if !HAVE_TIMINGSAFE_MEMCMP
libcompat_la_SOURCES += compat/timingsafe_memcmp.c libcompat_la_SOURCES += compat/timingsafe_memcmp.c
endif endif
@@ -133,6 +228,7 @@ noinst_HEADERS += constant_time_locl.h
noinst_HEADERS += cryptlib.h noinst_HEADERS += cryptlib.h
noinst_HEADERS += md32_common.h noinst_HEADERS += md32_common.h
noinst_HEADERS += o_time.h noinst_HEADERS += o_time.h
noinst_HEADERS += x86_arch.h
# aes # aes
libcrypto_la_SOURCES += aes/aes_cfb.c libcrypto_la_SOURCES += aes/aes_cfb.c
@@ -342,6 +438,12 @@ libcrypto_la_SOURCES += conf/conf_mod.c
libcrypto_la_SOURCES += conf/conf_sap.c libcrypto_la_SOURCES += conf/conf_sap.c
noinst_HEADERS += conf/conf_def.h noinst_HEADERS += conf/conf_def.h
# curve25519
libcrypto_la_SOURCES += curve25519/curve25519-generic.c
libcrypto_la_SOURCES += curve25519/curve25519.c
noinst_HEADERS += curve25519/curve25519_internal.h
# des # des
libcrypto_la_SOURCES += des/cbc_cksm.c libcrypto_la_SOURCES += des/cbc_cksm.c
libcrypto_la_SOURCES += des/cbc_enc.c libcrypto_la_SOURCES += des/cbc_enc.c
@@ -510,6 +612,7 @@ libcrypto_la_SOURCES += evp/m_gost2814789.c
libcrypto_la_SOURCES += evp/m_gostr341194.c libcrypto_la_SOURCES += evp/m_gostr341194.c
libcrypto_la_SOURCES += evp/m_md4.c libcrypto_la_SOURCES += evp/m_md4.c
libcrypto_la_SOURCES += evp/m_md5.c libcrypto_la_SOURCES += evp/m_md5.c
libcrypto_la_SOURCES += evp/m_md5_sha1.c
libcrypto_la_SOURCES += evp/m_null.c libcrypto_la_SOURCES += evp/m_null.c
libcrypto_la_SOURCES += evp/m_ripemd.c libcrypto_la_SOURCES += evp/m_ripemd.c
libcrypto_la_SOURCES += evp/m_sha1.c libcrypto_la_SOURCES += evp/m_sha1.c
@@ -550,6 +653,9 @@ noinst_HEADERS += gost/gost.h
noinst_HEADERS += gost/gost_asn1.h noinst_HEADERS += gost/gost_asn1.h
noinst_HEADERS += gost/gost_locl.h noinst_HEADERS += gost/gost_locl.h
# hkdf
libcrypto_la_SOURCES += hkdf/hkdf.c
# hmac # hmac
libcrypto_la_SOURCES += hmac/hm_ameth.c libcrypto_la_SOURCES += hmac/hm_ameth.c
libcrypto_la_SOURCES += hmac/hm_pmeth.c libcrypto_la_SOURCES += hmac/hm_pmeth.c
@@ -563,9 +669,6 @@ libcrypto_la_SOURCES += idea/i_ofb64.c
libcrypto_la_SOURCES += idea/i_skey.c libcrypto_la_SOURCES += idea/i_skey.c
noinst_HEADERS += idea/idea_lcl.h noinst_HEADERS += idea/idea_lcl.h
# krb5
libcrypto_la_SOURCES += krb5/krb5_asn.c
# lhash # lhash
libcrypto_la_SOURCES += lhash/lh_stats.c libcrypto_la_SOURCES += lhash/lh_stats.c
libcrypto_la_SOURCES += lhash/lhash.c libcrypto_la_SOURCES += lhash/lhash.c
@@ -696,7 +799,6 @@ libcrypto_la_SOURCES += rsa/rsa_prn.c
libcrypto_la_SOURCES += rsa/rsa_pss.c libcrypto_la_SOURCES += rsa/rsa_pss.c
libcrypto_la_SOURCES += rsa/rsa_saos.c libcrypto_la_SOURCES += rsa/rsa_saos.c
libcrypto_la_SOURCES += rsa/rsa_sign.c libcrypto_la_SOURCES += rsa/rsa_sign.c
libcrypto_la_SOURCES += rsa/rsa_ssl.c
libcrypto_la_SOURCES += rsa/rsa_x931.c libcrypto_la_SOURCES += rsa/rsa_x931.c
noinst_HEADERS += rsa/rsa_locl.h noinst_HEADERS += rsa/rsa_locl.h
@@ -769,6 +871,7 @@ libcrypto_la_SOURCES += x509/x509spki.c
libcrypto_la_SOURCES += x509/x509type.c libcrypto_la_SOURCES += x509/x509type.c
libcrypto_la_SOURCES += x509/x_all.c libcrypto_la_SOURCES += x509/x_all.c
noinst_HEADERS += x509/x509_lcl.h noinst_HEADERS += x509/x509_lcl.h
noinst_HEADERS += x509/vpm_int.h
# x509v3 # x509v3
libcrypto_la_SOURCES += x509v3/pcy_cache.c libcrypto_la_SOURCES += x509v3/pcy_cache.c

View File

@@ -1,22 +1,22 @@
ASM_X86_64_ELF = aes/aes-elf-x86_64.s ASM_X86_64_ELF = aes/aes-elf-x86_64.S
ASM_X86_64_ELF += aes/bsaes-elf-x86_64.s ASM_X86_64_ELF += aes/bsaes-elf-x86_64.S
ASM_X86_64_ELF += aes/vpaes-elf-x86_64.s ASM_X86_64_ELF += aes/vpaes-elf-x86_64.S
ASM_X86_64_ELF += aes/aesni-elf-x86_64.s ASM_X86_64_ELF += aes/aesni-elf-x86_64.S
ASM_X86_64_ELF += aes/aesni-sha1-elf-x86_64.s ASM_X86_64_ELF += aes/aesni-sha1-elf-x86_64.S
ASM_X86_64_ELF += bn/modexp512-elf-x86_64.s ASM_X86_64_ELF += bn/modexp512-elf-x86_64.S
ASM_X86_64_ELF += bn/mont-elf-x86_64.s ASM_X86_64_ELF += bn/mont-elf-x86_64.S
ASM_X86_64_ELF += bn/mont5-elf-x86_64.s ASM_X86_64_ELF += bn/mont5-elf-x86_64.S
ASM_X86_64_ELF += bn/gf2m-elf-x86_64.s ASM_X86_64_ELF += bn/gf2m-elf-x86_64.S
ASM_X86_64_ELF += camellia/cmll-elf-x86_64.s ASM_X86_64_ELF += camellia/cmll-elf-x86_64.S
ASM_X86_64_ELF += md5/md5-elf-x86_64.s ASM_X86_64_ELF += md5/md5-elf-x86_64.S
ASM_X86_64_ELF += modes/ghash-elf-x86_64.s ASM_X86_64_ELF += modes/ghash-elf-x86_64.S
ASM_X86_64_ELF += rc4/rc4-elf-x86_64.s ASM_X86_64_ELF += rc4/rc4-elf-x86_64.S
ASM_X86_64_ELF += rc4/rc4-md5-elf-x86_64.s ASM_X86_64_ELF += rc4/rc4-md5-elf-x86_64.S
ASM_X86_64_ELF += sha/sha1-elf-x86_64.s ASM_X86_64_ELF += sha/sha1-elf-x86_64.S
ASM_X86_64_ELF += sha/sha256-elf-x86_64.S ASM_X86_64_ELF += sha/sha256-elf-x86_64.S
ASM_X86_64_ELF += sha/sha512-elf-x86_64.S ASM_X86_64_ELF += sha/sha512-elf-x86_64.S
ASM_X86_64_ELF += whrlpool/wp-elf-x86_64.s ASM_X86_64_ELF += whrlpool/wp-elf-x86_64.S
ASM_X86_64_ELF += cpuid-elf-x86_64.S ASM_X86_64_ELF += cpuid-elf-x86_64.S
EXTRA_DIST += $(ASM_X86_64_ELF) EXTRA_DIST += $(ASM_X86_64_ELF)

View File

@@ -1,22 +1,22 @@
ASM_X86_64_MACOSX = aes/aes-macosx-x86_64.s ASM_X86_64_MACOSX = aes/aes-macosx-x86_64.S
ASM_X86_64_MACOSX += aes/bsaes-macosx-x86_64.s ASM_X86_64_MACOSX += aes/bsaes-macosx-x86_64.S
ASM_X86_64_MACOSX += aes/vpaes-macosx-x86_64.s ASM_X86_64_MACOSX += aes/vpaes-macosx-x86_64.S
ASM_X86_64_MACOSX += aes/aesni-macosx-x86_64.s ASM_X86_64_MACOSX += aes/aesni-macosx-x86_64.S
ASM_X86_64_MACOSX += aes/aesni-sha1-macosx-x86_64.s ASM_X86_64_MACOSX += aes/aesni-sha1-macosx-x86_64.S
ASM_X86_64_MACOSX += bn/modexp512-macosx-x86_64.s ASM_X86_64_MACOSX += bn/modexp512-macosx-x86_64.S
ASM_X86_64_MACOSX += bn/mont-macosx-x86_64.s ASM_X86_64_MACOSX += bn/mont-macosx-x86_64.S
ASM_X86_64_MACOSX += bn/mont5-macosx-x86_64.s ASM_X86_64_MACOSX += bn/mont5-macosx-x86_64.S
ASM_X86_64_MACOSX += bn/gf2m-macosx-x86_64.s ASM_X86_64_MACOSX += bn/gf2m-macosx-x86_64.S
ASM_X86_64_MACOSX += camellia/cmll-macosx-x86_64.s ASM_X86_64_MACOSX += camellia/cmll-macosx-x86_64.S
ASM_X86_64_MACOSX += md5/md5-macosx-x86_64.s ASM_X86_64_MACOSX += md5/md5-macosx-x86_64.S
ASM_X86_64_MACOSX += modes/ghash-macosx-x86_64.s ASM_X86_64_MACOSX += modes/ghash-macosx-x86_64.S
ASM_X86_64_MACOSX += rc4/rc4-macosx-x86_64.s ASM_X86_64_MACOSX += rc4/rc4-macosx-x86_64.S
ASM_X86_64_MACOSX += rc4/rc4-md5-macosx-x86_64.s ASM_X86_64_MACOSX += rc4/rc4-md5-macosx-x86_64.S
ASM_X86_64_MACOSX += sha/sha1-macosx-x86_64.s ASM_X86_64_MACOSX += sha/sha1-macosx-x86_64.S
ASM_X86_64_MACOSX += sha/sha256-macosx-x86_64.S ASM_X86_64_MACOSX += sha/sha256-macosx-x86_64.S
ASM_X86_64_MACOSX += sha/sha512-macosx-x86_64.S ASM_X86_64_MACOSX += sha/sha512-macosx-x86_64.S
ASM_X86_64_MACOSX += whrlpool/wp-macosx-x86_64.s ASM_X86_64_MACOSX += whrlpool/wp-macosx-x86_64.S
ASM_X86_64_MACOSX += cpuid-macosx-x86_64.S ASM_X86_64_MACOSX += cpuid-macosx-x86_64.S
EXTRA_DIST += $(ASM_X86_64_MACOSX) EXTRA_DIST += $(ASM_X86_64_MACOSX)

View File

@@ -23,8 +23,8 @@ BIO_sock_init(void)
if (!wsa_init_done) { if (!wsa_init_done) {
if (WSAStartup(version_requested, &wsa_state) != 0) { if (WSAStartup(version_requested, &wsa_state) != 0) {
int err = WSAGetLastError(); int err = WSAGetLastError();
SYSerr(SYS_F_WSASTARTUP, err); SYSerror(err);
BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP); BIOerror(BIO_R_WSASTARTUP);
return (-1); return (-1);
} }
wsa_init_done = 1; wsa_init_done = 1;

32
crypto/compat/freezero.c Normal file
View File

@@ -0,0 +1,32 @@
/*
* Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek <otto@drijf.net>
* Copyright (c) 2012 Matthew Dempsky <matthew@openbsd.org>
* Copyright (c) 2008 Damien Miller <djm@openbsd.org>
* Copyright (c) 2000 Poul-Henning Kamp <phk@FreeBSD.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <string.h>
#include <stdlib.h>
void
freezero(void *ptr, size_t sz)
{
/* This is legal. */
if (ptr == NULL)
return;
explicit_bzero(ptr, sz);
free(ptr);
}

View File

@@ -0,0 +1,18 @@
/* $OpenBSD$ */
#include <unistd.h>
#ifdef _MSC_VER
#include <windows.h>
#endif
int
getpagesize(void) {
#ifdef _MSC_VER
SYSTEM_INFO system_info;
GetSystemInfo(&system_info);
return system_info.dwPageSize;
#else
return sysconf(_SC_PAGESIZE);
#endif
}

View File

@@ -1,212 +0,0 @@
/* $OpenBSD: inet_pton.c,v 1.9 2015/01/16 16:48:51 deraadt Exp $ */
/* Copyright (c) 1996 by Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <string.h>
#include <errno.h>
/*
* WARNING: Don't even consider trying to compile this on a system where
* sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
*/
static int inet_pton4(const char *src, u_char *dst);
static int inet_pton6(const char *src, u_char *dst);
/* int
* inet_pton(af, src, dst)
* convert from presentation format (which usually means ASCII printable)
* to network format (which is usually some kind of binary format).
* return:
* 1 if the address was valid for the specified address family
* 0 if the address wasn't valid (`dst' is untouched in this case)
* -1 if some other error occurred (`dst' is untouched in this case, too)
* author:
* Paul Vixie, 1996.
*/
int
inet_pton(int af, const char *src, void *dst)
{
switch (af) {
case AF_INET:
return (inet_pton4(src, dst));
case AF_INET6:
return (inet_pton6(src, dst));
default:
errno = EAFNOSUPPORT;
return (-1);
}
/* NOTREACHED */
}
/* int
* inet_pton4(src, dst)
* like inet_aton() but without all the hexadecimal and shorthand.
* return:
* 1 if `src' is a valid dotted quad, else 0.
* notice:
* does not touch `dst' unless it's returning 1.
* author:
* Paul Vixie, 1996.
*/
static int
inet_pton4(const char *src, u_char *dst)
{
static const char digits[] = "0123456789";
int saw_digit, octets, ch;
u_char tmp[INADDRSZ], *tp;
saw_digit = 0;
octets = 0;
*(tp = tmp) = 0;
while ((ch = *src++) != '\0') {
const char *pch;
if ((pch = strchr(digits, ch)) != NULL) {
u_int new = *tp * 10 + (pch - digits);
if (new > 255)
return (0);
if (! saw_digit) {
if (++octets > 4)
return (0);
saw_digit = 1;
}
*tp = new;
} else if (ch == '.' && saw_digit) {
if (octets == 4)
return (0);
*++tp = 0;
saw_digit = 0;
} else
return (0);
}
if (octets < 4)
return (0);
memcpy(dst, tmp, INADDRSZ);
return (1);
}
/* int
* inet_pton6(src, dst)
* convert presentation level address to network order binary form.
* return:
* 1 if `src' is a valid [RFC1884 2.2] address, else 0.
* notice:
* does not touch `dst' unless it's returning 1.
* credit:
* inspired by Mark Andrews.
* author:
* Paul Vixie, 1996.
*/
static int
inet_pton6(const char *src, u_char *dst)
{
static const char xdigits_l[] = "0123456789abcdef",
xdigits_u[] = "0123456789ABCDEF";
u_char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
const char *xdigits, *curtok;
int ch, saw_xdigit, count_xdigit;
u_int val;
memset((tp = tmp), '\0', IN6ADDRSZ);
endp = tp + IN6ADDRSZ;
colonp = NULL;
/* Leading :: requires some special handling. */
if (*src == ':')
if (*++src != ':')
return (0);
curtok = src;
saw_xdigit = count_xdigit = 0;
val = 0;
while ((ch = *src++) != '\0') {
const char *pch;
if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
pch = strchr((xdigits = xdigits_u), ch);
if (pch != NULL) {
if (count_xdigit >= 4)
return (0);
val <<= 4;
val |= (pch - xdigits);
if (val > 0xffff)
return (0);
saw_xdigit = 1;
count_xdigit++;
continue;
}
if (ch == ':') {
curtok = src;
if (!saw_xdigit) {
if (colonp)
return (0);
colonp = tp;
continue;
} else if (*src == '\0') {
return (0);
}
if (tp + INT16SZ > endp)
return (0);
*tp++ = (u_char) (val >> 8) & 0xff;
*tp++ = (u_char) val & 0xff;
saw_xdigit = 0;
count_xdigit = 0;
val = 0;
continue;
}
if (ch == '.' && ((tp + INADDRSZ) <= endp) &&
inet_pton4(curtok, tp) > 0) {
tp += INADDRSZ;
saw_xdigit = 0;
count_xdigit = 0;
break; /* '\0' was seen by inet_pton4(). */
}
return (0);
}
if (saw_xdigit) {
if (tp + INT16SZ > endp)
return (0);
*tp++ = (u_char) (val >> 8) & 0xff;
*tp++ = (u_char) val & 0xff;
}
if (colonp != NULL) {
/*
* Since some memmove()'s erroneously fail to handle
* overlapping regions, we'll do the shift by hand.
*/
const int n = tp - colonp;
int i;
if (tp == endp)
return (0);
for (i = 1; i <= n; i++) {
endp[- i] = colonp[n - i];
colonp[n - i] = 0;
}
tp = endp;
}
if (tp != endp)
return (0);
memcpy(dst, tmp, IN6ADDRSZ);
return (1);
}

View File

@@ -12,6 +12,7 @@
#include <ws2tcpip.h> #include <ws2tcpip.h>
#include <errno.h> #include <errno.h>
#include <fcntl.h>
#include <stdint.h> #include <stdint.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@@ -39,6 +40,28 @@ posix_fopen(const char *path, const char *mode)
return fopen(path, mode); return fopen(path, mode);
} }
int
posix_open(const char *path, ...)
{
va_list ap;
int mode = 0;
int flags;
va_start(ap, path);
flags = va_arg(ap, int);
if (flags & O_CREAT)
mode = va_arg(ap, int);
va_end(ap);
flags |= O_BINARY;
if (flags & O_CLOEXEC) {
flags &= ~O_CLOEXEC;
flags |= O_NOINHERIT;
}
flags &= ~O_NONBLOCK;
return open(path, flags, mode);
}
char * char *
posix_fgets(char *s, int size, FILE *stream) posix_fgets(char *s, int size, FILE *stream)
{ {
@@ -109,6 +132,9 @@ wsa_errno(int err)
case WSAEAFNOSUPPORT: case WSAEAFNOSUPPORT:
errno = EAFNOSUPPORT; errno = EAFNOSUPPORT;
break; break;
case WSAEBADF:
errno = EBADF;
break;
case WSAENETRESET: case WSAENETRESET:
case WSAENOTCONN: case WSAENOTCONN:
case WSAECONNABORTED: case WSAECONNABORTED:
@@ -135,7 +161,7 @@ posix_close(int fd)
{ {
if (closesocket(fd) == SOCKET_ERROR) { if (closesocket(fd) == SOCKET_ERROR) {
int err = WSAGetLastError(); int err = WSAGetLastError();
return err == WSAENOTSOCK ? return (err == WSAENOTSOCK || err == WSAEBADF) ?
close(fd) : wsa_errno(err); close(fd) : wsa_errno(err);
} }
return 0; return 0;
@@ -147,7 +173,7 @@ posix_read(int fd, void *buf, size_t count)
ssize_t rc = recv(fd, buf, count, 0); ssize_t rc = recv(fd, buf, count, 0);
if (rc == SOCKET_ERROR) { if (rc == SOCKET_ERROR) {
int err = WSAGetLastError(); int err = WSAGetLastError();
return err == WSAENOTSOCK ? return (err == WSAENOTSOCK || err == WSAEBADF) ?
read(fd, buf, count) : wsa_errno(err); read(fd, buf, count) : wsa_errno(err);
} }
return rc; return rc;
@@ -159,7 +185,7 @@ posix_write(int fd, const void *buf, size_t count)
ssize_t rc = send(fd, buf, count, 0); ssize_t rc = send(fd, buf, count, 0);
if (rc == SOCKET_ERROR) { if (rc == SOCKET_ERROR) {
int err = WSAGetLastError(); int err = WSAGetLastError();
return err == WSAENOTSOCK ? return (err == WSAENOTSOCK || err == WSAEBADF) ?
write(fd, buf, count) : wsa_errno(err); write(fd, buf, count) : wsa_errno(err);
} }
return rc; return rc;
@@ -183,6 +209,7 @@ posix_setsockopt(int sockfd, int level, int optname,
} }
#ifdef _MSC_VER #ifdef _MSC_VER
struct timezone;
int gettimeofday(struct timeval * tp, struct timezone * tzp) int gettimeofday(struct timeval * tp, struct timezone * tzp)
{ {
/* /*

View File

@@ -1,7 +1,7 @@
#!/bin/sh #!/bin/sh
set -e set -e
rm -f man/*.1 man/*.3 include/openssl/*.h rm -f man/*.[35] include/openssl/*.h
./autogen.sh ./autogen.sh
./configure ./configure
make distcheck make -j2 distcheck

View File

@@ -1,5 +1,8 @@
install(DIRECTORY . if(ENABLE_LIBRESSL_INSTALL)
DESTINATION include install(DIRECTORY .
PATTERN "CMakeLists.txt" EXCLUDE DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
PATTERN "compat" EXCLUDE PATTERN "CMakeLists.txt" EXCLUDE
PATTERN "Makefile.*" EXCLUDE) PATTERN "compat" EXCLUDE
PATTERN "pqueue.h" EXCLUDE
PATTERN "Makefile*" EXCLUDE)
endif(ENABLE_LIBRESSL_INSTALL)

View File

@@ -8,6 +8,7 @@ noinst_HEADERS = pqueue.h
noinst_HEADERS += compat/dirent.h noinst_HEADERS += compat/dirent.h
noinst_HEADERS += compat/dirent_msvc.h noinst_HEADERS += compat/dirent_msvc.h
noinst_HEADERS += compat/err.h noinst_HEADERS += compat/err.h
noinst_HEADERS += compat/fcntl.h
noinst_HEADERS += compat/limits.h noinst_HEADERS += compat/limits.h
noinst_HEADERS += compat/netdb.h noinst_HEADERS += compat/netdb.h
noinst_HEADERS += compat/poll.h noinst_HEADERS += compat/poll.h
@@ -29,7 +30,6 @@ noinst_HEADERS += compat/netinet/in.h
noinst_HEADERS += compat/netinet/ip.h noinst_HEADERS += compat/netinet/ip.h
noinst_HEADERS += compat/netinet/tcp.h noinst_HEADERS += compat/netinet/tcp.h
noinst_HEADERS += compat/sys/cdefs.h
noinst_HEADERS += compat/sys/ioctl.h noinst_HEADERS += compat/sys/ioctl.h
noinst_HEADERS += compat/sys/mman.h noinst_HEADERS += compat/sys/mman.h
noinst_HEADERS += compat/sys/param.h noinst_HEADERS += compat/sys/param.h

View File

@@ -14,6 +14,10 @@
#endif #endif
#ifndef HAVE_INET_NTOP
const char * inet_ntop(int af, const void *src, char *dst, socklen_t size);
#endif
#ifndef HAVE_INET_PTON #ifndef HAVE_INET_PTON
int inet_pton(int af, const char * src, void * dst); int inet_pton(int af, const char * src, void * dst);
#endif #endif

View File

@@ -18,6 +18,11 @@
#include <stdio.h> #include <stdio.h>
#include <string.h> #include <string.h>
#if defined(_MSC_VER)
__declspec(noreturn)
#else
__attribute__((noreturn))
#endif
static inline void static inline void
err(int eval, const char *fmt, ...) err(int eval, const char *fmt, ...)
{ {
@@ -29,11 +34,16 @@ err(int eval, const char *fmt, ...)
vfprintf(stderr, fmt, ap); vfprintf(stderr, fmt, ap);
fprintf(stderr, ": "); fprintf(stderr, ": ");
} }
va_end(ap);
fprintf(stderr, "%s\n", strerror(sverrno)); fprintf(stderr, "%s\n", strerror(sverrno));
exit(eval); exit(eval);
va_end(ap);
} }
#if defined(_MSC_VER)
__declspec(noreturn)
#else
__attribute__((noreturn))
#endif
static inline void static inline void
errx(int eval, const char *fmt, ...) errx(int eval, const char *fmt, ...)
{ {
@@ -42,9 +52,9 @@ errx(int eval, const char *fmt, ...)
va_start(ap, fmt); va_start(ap, fmt);
if (fmt != NULL) if (fmt != NULL)
vfprintf(stderr, fmt, ap); vfprintf(stderr, fmt, ap);
va_end(ap);
fprintf(stderr, "\n"); fprintf(stderr, "\n");
exit(eval); exit(eval);
va_end(ap);
} }
static inline void static inline void
@@ -58,8 +68,8 @@ warn(const char *fmt, ...)
vfprintf(stderr, fmt, ap); vfprintf(stderr, fmt, ap);
fprintf(stderr, ": "); fprintf(stderr, ": ");
} }
fprintf(stderr, "%s\n", strerror(sverrno));
va_end(ap); va_end(ap);
fprintf(stderr, "%s\n", strerror(sverrno));
} }
static inline void static inline void
@@ -70,8 +80,8 @@ warnx(const char *fmt, ...)
va_start(ap, fmt); va_start(ap, fmt);
if (fmt != NULL) if (fmt != NULL)
vfprintf(stderr, fmt, ap); vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
va_end(ap); va_end(ap);
fprintf(stderr, "\n");
} }
#endif #endif

32
include/compat/fcntl.h Normal file
View File

@@ -0,0 +1,32 @@
/*
* Public domain
* fcntl.h compatibility shim
*/
#ifndef _WIN32
#include_next <fcntl.h>
#else
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/fcntl.h>
#else
#include <../include/fcntl.h>
#endif
#else
#include_next <fcntl.h>
#endif
#endif
#ifndef O_NONBLOCK
#define O_NONBLOCK 0x100000
#endif
#ifndef O_CLOEXEC
#define O_CLOEXEC 0x200000
#endif
#ifndef FD_CLOEXEC
#define FD_CLOEXEC 1
#endif

View File

@@ -5,6 +5,14 @@
#ifdef _MSC_VER #ifdef _MSC_VER
#include <../include/limits.h> #include <../include/limits.h>
#if _MSC_VER >= 1900
#include <../ucrt/stdlib.h>
#else
#include <../include/stdlib.h>
#endif
#ifndef PATH_MAX
#define PATH_MAX _MAX_PATH
#endif
#else #else
#include_next <limits.h> #include_next <limits.h>
#endif #endif

View File

@@ -26,6 +26,10 @@ int asprintf(char **str, const char *fmt, ...);
#ifdef _WIN32 #ifdef _WIN32
#if defined(_MSC_VER)
#define __func__ __FUNCTION__
#endif
void posix_perror(const char *s); void posix_perror(const char *s);
FILE * posix_fopen(const char *path, const char *mode); FILE * posix_fopen(const char *path, const char *mode);
char * posix_fgets(char *s, int size, FILE *stream); char * posix_fgets(char *s, int size, FILE *stream);

View File

@@ -25,10 +25,18 @@ void arc4random_buf(void *_buf, size_t n);
uint32_t arc4random_uniform(uint32_t upper_bound); uint32_t arc4random_uniform(uint32_t upper_bound);
#endif #endif
#ifndef HAVE_FREEZERO
void freezero(void *ptr, size_t sz);
#endif
#ifndef HAVE_REALLOCARRAY #ifndef HAVE_REALLOCARRAY
void *reallocarray(void *, size_t, size_t); void *reallocarray(void *, size_t, size_t);
#endif #endif
#ifndef HAVE_RECALLOCARRAY
void *recallocarray(void *, size_t, size_t, size_t);
#endif
#ifndef HAVE_STRTONUM #ifndef HAVE_STRTONUM
long long strtonum(const char *nptr, long long minval, long long strtonum(const char *nptr, long long minval,
long long maxval, const char **errstr); long long maxval, const char **errstr);

View File

@@ -1,31 +0,0 @@
/*
* Public domain
* sys/cdefs.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_SYS_CDEFS_H
#define LIBCRYPTOCOMPAT_SYS_CDEFS_H
#ifdef _WIN32
#define __warn_references(sym,msg)
#else
#include_next <sys/cdefs.h>
#ifndef __warn_references
#if defined(__GNUC__) && defined (HAS_GNU_WARNING_LONG)
#define __warn_references(sym,msg) \
__asm__(".section .gnu.warning." __STRING(sym) \
" ; .ascii \"" msg "\" ; .text");
#else
#define __warn_references(sym,msg)
#endif
#endif /* __warn_references */
#endif /* _WIN32 */
#endif /* LIBCRYPTOCOMPAT_SYS_CDEFS_H */

View File

@@ -8,3 +8,10 @@
#else #else
#include <win32netcompat.h> #include <win32netcompat.h>
#endif #endif
#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC)
#define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */
#define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */
int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]);
#define socketpair(d,t,p,sv) bsd_socketpair(d,t,p,sv)
#endif

View File

@@ -8,6 +8,15 @@
#ifndef _MSC_VER #ifndef _MSC_VER
#include_next <sys/stat.h> #include_next <sys/stat.h>
/* for old MinGW */
#ifndef S_IRGRP
#define S_IRGRP 0
#endif
#ifndef S_IROTH
#define S_IROTH 0
#endif
#else #else
#include <windows.h> #include <windows.h>

View File

@@ -20,12 +20,14 @@
#ifdef __MINGW32__ #ifdef __MINGW32__
#include <_bsd_types.h> #include <_bsd_types.h>
typedef uint32_t in_addr_t;
#endif #endif
#ifdef _MSC_VER #ifdef _MSC_VER
typedef unsigned char u_char; typedef unsigned char u_char;
typedef unsigned short u_short; typedef unsigned short u_short;
typedef unsigned int u_int; typedef unsigned int u_int;
typedef uint32_t in_addr_t;
#include <basetsd.h> #include <basetsd.h>
typedef SSIZE_T ssize_t; typedef SSIZE_T ssize_t;
@@ -44,4 +46,25 @@ typedef SSIZE_T ssize_t;
# define __bounded__(x, y, z) # define __bounded__(x, y, z)
#endif #endif
#ifdef _WIN32
#define __warn_references(sym,msg)
#else
#ifndef __warn_references
#ifndef __STRING
#define __STRING(x) #x
#endif
#if defined(__GNUC__) && defined (HAS_GNU_WARNING_LONG)
#define __warn_references(sym,msg) \
__asm__(".section .gnu.warning." __STRING(sym) \
" ; .ascii \"" msg "\" ; .text");
#else
#define __warn_references(sym,msg)
#endif
#endif /* __warn_references */
#endif /* _WIN32 */
#endif #endif

View File

@@ -14,6 +14,9 @@
#include <io.h> #include <io.h>
#include <process.h> #include <process.h>
#define STDOUT_FILENO 1
#define STDERR_FILENO 2
#define R_OK 4 #define R_OK 4
#define W_OK 2 #define W_OK 2
#define X_OK 0 #define X_OK 0
@@ -36,6 +39,14 @@ int getentropy(void *buf, size_t buflen);
#endif #endif
#endif #endif
#ifndef HAVE_GETPAGESIZE
int getpagesize(void);
#endif
#define pledge(request, paths) 0 #define pledge(request, paths) 0
#ifndef HAVE_PIPE2
int pipe2(int fildes[2], int flags);
#endif
#endif #endif

View File

@@ -26,7 +26,10 @@
int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen); int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
int posix_open(const char *path, ...);
int posix_close(int fd); int posix_close(int fd);
ssize_t posix_read(int fd, void *buf, size_t count); ssize_t posix_read(int fd, void *buf, size_t count);
ssize_t posix_write(int fd, const void *buf, size_t count); ssize_t posix_write(int fd, const void *buf, size_t count);
@@ -39,6 +42,7 @@ int posix_setsockopt(int sockfd, int level, int optname,
#ifndef NO_REDEF_POSIX_FUNCTIONS #ifndef NO_REDEF_POSIX_FUNCTIONS
#define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen) #define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen)
#define open(path, ...) posix_open(path, __VA_ARGS__)
#define close(fd) posix_close(fd) #define close(fd) posix_close(fd)
#define read(fd, buf, count) posix_read(fd, buf, count) #define read(fd, buf, count) posix_read(fd, buf, count)
#define write(fd, buf, count) posix_write(fd, buf, count) #define write(fd, buf, count) posix_write(fd, buf, count)

View File

@@ -5,11 +5,11 @@ exec_prefix=@exec_prefix@
libdir=@libdir@ libdir=@libdir@
includedir=@includedir@ includedir=@includedir@
Name: LibreSSL-libssl Name: LibreSSL-libcrypto
Description: Secure Sockets Layer and cryptography libraries Description: LibreSSL cryptography library
Version: @VERSION@ Version: @VERSION@
Requires: Requires:
Conflicts: Conflicts:
Libs: -L${libdir} -lcrypto Libs: -L${libdir} -lcrypto
Libs.private: @LIBS@ Libs.private: @LIBS@ @PLATFORM_LDADD@
Cflags: -I${includedir} Cflags: -I${includedir}

View File

@@ -12,5 +12,5 @@ Requires:
Requires.private: libcrypto Requires.private: libcrypto
Conflicts: Conflicts:
Libs: -L${libdir} -lssl Libs: -L${libdir} -lssl
Libs.private: @LIBS@ -lcrypto Libs.private: @LIBS@ -lcrypto @PLATFORM_LDADD@
Cflags: -I${includedir} Cflags: -I${includedir}

View File

@@ -8,6 +8,7 @@ libtls_la_LIBADD += $(top_builddir)/compat/libcompat.la
libtls_la_LIBADD += $(top_builddir)/compat/libcompatnoopt.la libtls_la_LIBADD += $(top_builddir)/compat/libcompatnoopt.la
libtls_la_SOURCES = tls.c libtls_la_SOURCES = tls.c
libtls_la_SOURCES += tls_bio_cb.c
libtls_la_SOURCES += tls_client.c libtls_la_SOURCES += tls_client.c
libtls_la_SOURCES += tls_config.c libtls_la_SOURCES += tls_config.c
libtls_la_SOURCES += tls_server.c libtls_la_SOURCES += tls_server.c

View File

@@ -12,5 +12,5 @@ Requires:
Requires.private: libcrypto libssl Requires.private: libcrypto libssl
Conflicts: Conflicts:
Libs: -L${libdir} -ltls Libs: -L${libdir} -ltls
Libs.private: @LIBS@ -lcrypto -lssl Libs.private: @LIBS@ -lcrypto -lssl @PLATFORM_LDADD@
Cflags: -I${includedir} Cflags: -I${includedir}

View File

@@ -2,14 +2,32 @@ AC_DEFUN([CHECK_LIBC_COMPAT], [
# Check for libc headers # Check for libc headers
AC_CHECK_HEADERS([err.h readpassphrase.h]) AC_CHECK_HEADERS([err.h readpassphrase.h])
# Check for general libc functions # Check for general libc functions
AC_CHECK_FUNCS([asprintf inet_pton memmem readpassphrase reallocarray]) AC_CHECK_FUNCS([asprintf freezero inet_ntop inet_pton memmem])
AC_CHECK_FUNCS([readpassphrase reallocarray recallocarray])
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum]) AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
AC_CHECK_FUNCS([timegm _mkgmtime]) AC_CHECK_FUNCS([timegm _mkgmtime])
AC_CACHE_CHECK([for getpagesize], ac_cv_func_getpagesize, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
// Since Android NDK v16 getpagesize is defined as inline inside unistd.h
#ifdef __ANDROID__
# include <unistd.h>
#endif
]], [[
getpagesize();
]])],
[ ac_cv_func_getpagesize="yes" ],
[ ac_cv_func_getpagesize="no"
])
])
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes]) AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
AM_CONDITIONAL([HAVE_FREEZERO], [test "x$ac_cv_func_freezero" = xyes])
AM_CONDITIONAL([HAVE_GETPAGESIZE], [test "x$ac_cv_func_getpagesize" = xyes])
AM_CONDITIONAL([HAVE_INET_NTOP], [test "x$ac_cv_func_inet_ntop" = xyes])
AM_CONDITIONAL([HAVE_INET_PTON], [test "x$ac_cv_func_inet_pton" = xyes]) AM_CONDITIONAL([HAVE_INET_PTON], [test "x$ac_cv_func_inet_pton" = xyes])
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes]) AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes]) AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes])
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes]) AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
AM_CONDITIONAL([HAVE_RECALLOCARRAY], [test "x$ac_cv_func_recallocarray" = xyes])
AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes]) AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes]) AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes]) AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
@@ -20,10 +38,12 @@ AM_CONDITIONAL([HAVE_TIMEGM], [test "x$ac_cv_func_timegm" = xyes])
]) ])
AC_DEFUN([CHECK_SYSCALL_COMPAT], [ AC_DEFUN([CHECK_SYSCALL_COMPAT], [
AC_CHECK_FUNCS([accept4 pledge poll]) AC_CHECK_FUNCS([accept4 pipe2 pledge poll socketpair])
AM_CONDITIONAL([HAVE_ACCEPT4], [test "x$ac_cv_func_accept4" = xyes]) AM_CONDITIONAL([HAVE_ACCEPT4], [test "x$ac_cv_func_accept4" = xyes])
AM_CONDITIONAL([HAVE_PIPE2], [test "x$ac_cv_func_pipe2" = xyes])
AM_CONDITIONAL([HAVE_PLEDGE], [test "x$ac_cv_func_pledge" = xyes]) AM_CONDITIONAL([HAVE_PLEDGE], [test "x$ac_cv_func_pledge" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes]) AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
AM_CONDITIONAL([HAVE_SOCKETPAIR], [test "x$ac_cv_func_socketpair" = xyes])
]) ])
AC_DEFUN([CHECK_B64_NTOP], [ AC_DEFUN([CHECK_B64_NTOP], [
@@ -47,7 +67,52 @@ AM_CONDITIONAL([HAVE_B64_NTOP], [test "x$ac_cv_func_b64_ntop_arg" = xyes])
AC_DEFUN([CHECK_CRYPTO_COMPAT], [ AC_DEFUN([CHECK_CRYPTO_COMPAT], [
# Check crypto-related libc functions and syscalls # Check crypto-related libc functions and syscalls
AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform]) AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform])
AC_CHECK_FUNCS([explicit_bzero getauxval getentropy]) AC_CHECK_FUNCS([explicit_bzero getauxval])
AC_CACHE_CHECK([for getentropy], ac_cv_func_getentropy, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <unistd.h>
/*
* Explanation:
*
* - iOS <= 10.1 fails because of missing sys/random.h
*
* - in macOS 10.12 getentropy is not tagged as introduced in
* 10.12 so we cannot use it for target < 10.12
*/
#ifdef __APPLE__
# include <AvailabilityMacros.h>
# include <TargetConditionals.h>
# if (TARGET_OS_IPHONE || TARGET_OS_SIMULATOR)
# include <sys/random.h> /* Not available as of iOS <= 10.1 */
# else
# include <sys/random.h> /* Pre 10.12 systems should die here */
/* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */
# ifndef MAC_OS_X_VERSION_10_12
# define MAC_OS_X_VERSION_10_12 101200 /* Robustness */
# endif
# if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
# if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
# error "Targeting on Mac OSX 10.11 or earlier"
# endif
# endif
# endif
#endif /* __APPLE__ */
]], [[
char buffer;
(void)getentropy(&buffer, sizeof (buffer));
]])],
[ ac_cv_func_getentropy="yes" ],
[ ac_cv_func_getentropy="no"
])
])
AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp]) AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes]) AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes])
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes]) AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
@@ -59,7 +124,7 @@ AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp"
# Override arc4random_buf implementations with known issues # Override arc4random_buf implementations with known issues
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
[test "x$USE_BUILTIN_ARC4RANDOM" != yes \ [test "x$USE_BUILTIN_ARC4RANDOM" != xyes \
-a "x$ac_cv_func_arc4random_buf" = xyes]) -a "x$ac_cv_func_arc4random_buf" = xyes])
# Check for getentropy fallback dependencies # Check for getentropy fallback dependencies

View File

@@ -13,14 +13,50 @@ case $host_os in
;; ;;
*cygwin*) *cygwin*)
HOST_OS=cygwin HOST_OS=cygwin
CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE"
;; ;;
*darwin*) *darwin*)
HOST_OS=darwin HOST_OS=darwin
HOST_ABI=macosx HOST_ABI=macosx
#
# Don't use arc4random on systems before 10.12 because of
# weak seed on failure to open /dev/random, based on latest # weak seed on failure to open /dev/random, based on latest
# public source: # public source:
# http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c # http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c
USE_BUILTIN_ARC4RANDOM=yes #
# We use the presence of getentropy() to detect 10.12. The
# following check take into account that:
#
# - iOS <= 10.1 fails because of missing getentropy and
# hence they miss sys/random.h
#
# - in macOS 10.12 getentropy is not tagged as introduced in
# 10.12 so we cannot use it for target < 10.12
#
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <AvailabilityMacros.h>
#include <unistd.h>
#include <sys/random.h> /* Systems without getentropy() should die here */
/* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */
#ifndef MAC_OS_X_VERSION_10_12
# define MAC_OS_X_VERSION_10_12 101200
#endif
#if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
# if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
# error "Running on Mac OSX 10.11 or earlier"
# endif
#endif
]], [[
char buf[1]; getentropy(buf, 1);
]])],
[ USE_BUILTIN_ARC4RANDOM=no ],
[ USE_BUILTIN_ARC4RANDOM=yes ]
)
AC_MSG_CHECKING([whether to use builtin arc4random])
AC_MSG_RESULT([$USE_BUILTIN_ARC4RANDOM])
# Not available on iOS
AC_CHECK_HEADER([arpa/telnet.h], [], [BUILD_NC=no])
;; ;;
*freebsd*) *freebsd*)
HOST_OS=freebsd HOST_OS=freebsd
@@ -71,13 +107,12 @@ case $host_os in
CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS" CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501" CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501"
CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED" CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED"
CFLAGS="$CFLAGS -static-libgcc"
LDFLAGS="$LDFLAGS -static-libgcc"
AC_SUBST([PLATFORM_LDADD], ['-lws2_32']) AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
;; ;;
*solaris*) *solaris*)
HOST_OS=solaris HOST_OS=solaris
HOST_ABI=elf HOST_ABI=elf
CFLAGS="$CFLAGS -m64"
CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP" CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket']) AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
;; ;;

View File

@@ -1,9 +1,11 @@
install(DIRECTORY . if(ENABLE_LIBRESSL_INSTALL)
DESTINATION share/man/man3 install(DIRECTORY .
FILES_MATCHING PATTERN "*.3" DESTINATION ${CMAKE_INSTALL_MANDIR}/man3
) FILES_MATCHING PATTERN "*.3"
)
install(DIRECTORY . install(DIRECTORY .
DESTINATION share/man/man1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man5
FILES_MATCHING PATTERN "*.1" FILES_MATCHING PATTERN "*.5"
) )
endif(ENABLE_LIBRESSL_INSTALL)

1111
man/links

File diff suppressed because it is too large Load Diff

View File

@@ -1,18 +1,19 @@
#!/bin/sh #!/bin/sh
# Run this periodically to ensure that the manpage links are up to date # Run this periodically to ensure that the manpage links are up to date
(
cd /usr/src/usr.bin/mandoc/
make obj
make cleandir
make depend
make
cd /usr/src/regress/usr.bin/mandoc/db/mlinks/
make obj
make cleandir
make
)
makewhatis -a .
echo "# This is an auto-generated file by $0" > links echo "# This is an auto-generated file by $0" > links
doas makewhatis /usr/src/regress/usr.bin/mandoc/db/mlinks/obj/mlinks mandoc.db | sort >> links
for i in `ls -1 *.3`; do
name=`echo $i|cut -d. -f1`
links=`sqlite3 /usr/share/man/mandoc.db \
"select names.name from mlinks,names where mlinks.name='$name' and mlinks.pageid=names.pageid;"`
for j in $links; do
a=`echo "x$j" | tr '[:upper:]' '[:lower:]'`
b=`echo "x$name" | tr '[:upper:]' '[:lower:]'`
if [[ $a != $b && $a != *"<type>"* ]]; then
echo $name.3,$j.3 >> links
fi
done
done

15
patches/aeadtest.c.patch Normal file
View File

@@ -0,0 +1,15 @@
--- tests/aeadtest.c.orig 2016-10-18 17:03:33.845870889 +0900
+++ tests/aeadtest.c 2016-10-18 17:11:19.880841283 +0900
@@ -75,6 +75,12 @@
#define BUF_MAX 1024
+#ifdef _MSC_VER
+#ifdef IN
+#undef IN
+#endif
+#endif
+
/* These are the different types of line that are found in the input file. */
enum {
AEAD = 0, /* name of the AEAD algorithm. */

36
patches/bio.h.patch Normal file
View File

@@ -0,0 +1,36 @@
--- include/openssl/bio.h.orig Mon Oct 3 06:09:28 2016
+++ include/openssl/bio.h Sun Nov 6 04:24:57 2016
@@ -678,8 +678,24 @@
/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
+#ifdef __MINGW_PRINTF_FORMAT
int
BIO_printf(BIO *bio, const char *format, ...)
+ __attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 3), __nonnull__(2)));
+int
+BIO_vprintf(BIO *bio, const char *format, va_list args)
+ __attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 0), __nonnull__(2)));
+int
+BIO_snprintf(char *buf, size_t n, const char *format, ...)
+ __attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 4),
+ __nonnull__(3)));
+int
+BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+ __attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 0),
+ __nonnull__(3)));
+#else
+int
+BIO_printf(BIO *bio, const char *format, ...)
__attribute__((__format__(__printf__, 2, 3), __nonnull__(2)));
int
BIO_vprintf(BIO *bio, const char *format, va_list args)
@@ -692,6 +708,8 @@
BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
__attribute__((__deprecated__, __format__(__printf__, 3, 0),
__nonnull__(3)));
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes

12
patches/http.c.patch Normal file
View File

@@ -0,0 +1,12 @@
--- apps/ocspcheck/http.c.orig Sun Jun 4 00:45:29 2017
+++ apps/ocspcheck/http.c Sun Jun 4 00:45:57 2017
@@ -35,7 +35,9 @@
#include "http.h"
#include <tls.h>
+#ifndef DEFAULT_CA_FILE
#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
+#endif
/*
* A buffer for transferring HTTP/S data.

21
patches/modes_lcl.h Normal file
View File

@@ -0,0 +1,21 @@
--- openbsd/src/lib/libssl/src/crypto/modes/modes_lcl.h Sat Dec 6 17:15:50 2014
+++ crypto/modes/modes_lcl.h Sun Jul 17 17:45:27 2016
@@ -43,14 +43,16 @@
asm ("bswapl %0" \
: "+r"(ret)); ret; })
# elif (defined(__arm__) || defined(__arm)) && !defined(__STRICT_ALIGNMENT)
-# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
+# if (__ARM_ARCH >= 6)
+# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
asm ("rev %0,%0; rev %1,%1" \
: "+r"(hi),"+r"(lo)); \
(u64)hi<<32|lo; })
-# define BSWAP4(x) ({ u32 ret; \
+# define BSWAP4(x) ({ u32 ret; \
asm ("rev %0,%1" \
: "=r"(ret) : "r"((u32)(x))); \
ret; })
+# endif
# endif
#endif
#endif

View File

@@ -1,27 +1,16 @@
--- apps/nc/netcat.c.orig Mon Dec 28 08:46:10 2015 --- apps/nc/netcat.c.orig Mon Jul 17 06:06:51 2017
+++ apps/nc/netcat.c Mon Dec 28 08:46:19 2015 +++ apps/nc/netcat.c Mon Jul 17 06:11:24 2017
@@ -57,6 +57,10 @@ @@ -66,7 +66,9 @@
#include <tls.h> #define POLL_NETIN 2
#include "atomicio.h" #define POLL_STDOUT 3
#define BUFSIZE 16384
+#ifndef IPV6_TCLASS
+#define IPV6_TCLASS -1
+#endif
+
#define PORT_MAX 65535
#define UNIX_DG_TMP_SOCKET_SIZE 19
@@ -65,7 +69,9 @@
#define POLL_NETIN 2
#define POLL_STDOUT 3
#define BUFSIZE 16384
+#ifndef DEFAULT_CA_FILE +#ifndef DEFAULT_CA_FILE
#define DEFAULT_CA_FILE "/etc/ssl/cert.pem" #define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
+#endif +#endif
#define TLS_LEGACY (1 << 1) #define TLS_ALL (1 << 1)
#define TLS_NOVERIFY (1 << 2) #define TLS_NOVERIFY (1 << 2)
@@ -92,9 +98,13 @@ @@ -95,9 +97,13 @@
int Dflag; /* sodebug */ int Dflag; /* sodebug */
int Iflag; /* TCP receive buffer size */ int Iflag; /* TCP receive buffer size */
int Oflag; /* TCP send buffer size */ int Oflag; /* TCP send buffer size */
@@ -35,16 +24,7 @@
int usetls; /* use TLS */ int usetls; /* use TLS */
char *Cflag; /* Public cert file */ char *Cflag; /* Public cert file */
@@ -150,7 +160,7 @@ @@ -266,12 +272,14 @@
struct servent *sv;
socklen_t len;
struct sockaddr_storage cliaddr;
- char *proxy;
+ char *proxy = NULL;
const char *errstr, *proxyhost = "", *proxyport = NULL;
struct addrinfo proxyhints;
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
@@ -251,12 +261,14 @@
case 'u': case 'u':
uflag = 1; uflag = 1;
break; break;
@@ -59,9 +39,9 @@
case 'v': case 'v':
vflag = 1; vflag = 1;
break; break;
@@ -289,9 +301,11 @@ @@ -318,9 +326,11 @@
errx(1, "TCP send window %s: %s", case 'o':
errstr, optarg); oflag = optarg;
break; break;
+#ifdef TCP_MD5SIG +#ifdef TCP_MD5SIG
case 'S': case 'S':
@@ -71,7 +51,7 @@
case 'T': case 'T':
errstr = NULL; errstr = NULL;
errno = 0; errno = 0;
@@ -315,9 +329,11 @@ @@ -344,9 +354,11 @@
argc -= optind; argc -= optind;
argv += optind; argv += optind;
@@ -83,31 +63,19 @@
if (family == AF_UNIX) { if (family == AF_UNIX) {
if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1) if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
@@ -460,7 +476,10 @@ @@ -892,7 +904,10 @@
errx(1, "-H and -T noverify may not be used"
"together");
tls_config_insecure_noverifycert(tls_cfg);
- }
+ } else {
+ if (Rflag && access(Rflag, R_OK) == -1)
+ errx(1, "unable to find root CA file %s", Rflag);
+ }
}
if (lflag) {
struct tls *tls_cctx = NULL;
@@ -807,7 +826,10 @@
remote_connect(const char *host, const char *port, struct addrinfo hints) remote_connect(const char *host, const char *port, struct addrinfo hints)
{ {
struct addrinfo *res, *res0; struct addrinfo *res, *res0;
- int s, error, on = 1; - int s = -1, error, on = 1, save_errno;
+ int s, error; + int s = -1, error, save_errno;
+#ifdef SO_BINDANY +#ifdef SO_BINDANY
+ int on = 1; + int on = 1;
+#endif +#endif
if ((error = getaddrinfo(host, port, &hints, &res))) if ((error = getaddrinfo(host, port, &hints, &res0)))
errx(1, "getaddrinfo: %s", gai_strerror(error)); errx(1, "getaddrinfo for host \"%s\" port %s: %s", host,
@@ -822,8 +844,10 @@ @@ -907,8 +922,10 @@
if (sflag || pflag) { if (sflag || pflag) {
struct addrinfo ahints, *ares; struct addrinfo ahints, *ares;
@@ -116,22 +84,22 @@
setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on)); setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
+#endif +#endif
memset(&ahints, 0, sizeof(struct addrinfo)); memset(&ahints, 0, sizeof(struct addrinfo));
ahints.ai_family = res0->ai_family; ahints.ai_family = res->ai_family;
ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM; ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
@@ -892,7 +916,10 @@ @@ -979,7 +996,10 @@
local_listen(char *host, char *port, struct addrinfo hints) local_listen(char *host, char *port, struct addrinfo hints)
{ {
struct addrinfo *res, *res0; struct addrinfo *res, *res0;
- int s, ret, x = 1; - int s = -1, ret, x = 1, save_errno;
+ int s; + int s = -1, save_errno;
+#ifdef SO_REUSEPORT +#ifdef SO_REUSEPORT
+ int ret, x = 1; + int ret, x = 1;
+#endif +#endif
int error; int error;
/* Allow nodename to be null. */ /* Allow nodename to be null. */
@@ -914,9 +941,11 @@ @@ -1000,9 +1020,11 @@
res0->ai_protocol)) < 0) res->ai_protocol)) < 0)
continue; continue;
+#ifdef SO_REUSEPORT +#ifdef SO_REUSEPORT
@@ -140,9 +108,9 @@
err(1, NULL); err(1, NULL);
+#endif +#endif
set_common_sockopts(s, res0->ai_family); set_common_sockopts(s, res->ai_family);
@@ -1356,11 +1385,13 @@ @@ -1458,11 +1480,13 @@
{ {
int x = 1; int x = 1;
@@ -156,7 +124,43 @@
if (Dflag) { if (Dflag) {
if (setsockopt(s, SOL_SOCKET, SO_DEBUG, if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
&x, sizeof(x)) == -1) &x, sizeof(x)) == -1)
@@ -1538,14 +1569,22 @@ @@ -1473,9 +1497,16 @@
IP_TOS, &Tflag, sizeof(Tflag)) == -1)
err(1, "set IP ToS");
+#ifdef IPV6_TCLASS
else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1)
err(1, "set IPv6 traffic class");
+#else
+ else if (af == AF_INET6) {
+ errno = ENOPROTOOPT;
+ err(1, "set IPv6 traffic class not supported");
+ }
+#endif
}
if (Iflag) {
if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
@@ -1499,13 +1530,17 @@
}
if (minttl != -1) {
+#ifdef IP_MINTTL
if (af == AF_INET && setsockopt(s, IPPROTO_IP,
IP_MINTTL, &minttl, sizeof(minttl)))
err(1, "set IP min TTL");
+#endif
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+#ifdef IPV6_MINHOPCOUNT
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
err(1, "set IPv6 min hop count");
+#endif
}
}
@@ -1714,14 +1749,22 @@
\t-P proxyuser\tUsername for proxy authentication\n\ \t-P proxyuser\tUsername for proxy authentication\n\
\t-p port\t Specify local port for remote connects\n\ \t-p port\t Specify local port for remote connects\n\
\t-R CAfile CA bundle\n\ \t-R CAfile CA bundle\n\
@@ -164,10 +168,10 @@
- \t-S Enable the TCP MD5 signature option\n\ - \t-S Enable the TCP MD5 signature option\n\
+ \t-r Randomize remote ports\n" + \t-r Randomize remote ports\n"
+#ifdef TCP_MD5SIG +#ifdef TCP_MD5SIG
+ "\ + "\
+ \t-S Enable the TCP MD5 signature option\n" + \t-S Enable the TCP MD5 signature option\n"
+#endif +#endif
+ "\ + "\
\t-s source Local source address\n\ \t-s source Local source address\n\
\t-T keyword TOS value or TLS options\n\ \t-T keyword TOS value or TLS options\n\
\t-t Answer TELNET negotiation\n\ \t-t Answer TELNET negotiation\n\
@@ -176,10 +180,10 @@
- \t-V rtable Specify alternate routing table\n\ - \t-V rtable Specify alternate routing table\n\
+ \t-u UDP mode\n" + \t-u UDP mode\n"
+#ifdef SO_RTABLE +#ifdef SO_RTABLE
+ "\ + "\
+ \t-V rtable Specify alternate routing table\n" + \t-V rtable Specify alternate routing table\n"
+#endif +#endif
+ "\ + "\
\t-v Verbose\n\ \t-v Verbose\n\
\t-W recvlimit Terminate after receiving a number of packets\n\
\t-w timeout Timeout for connects and final net reads\n\ \t-w timeout Timeout for connects and final net reads\n\
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\

14
patches/ocsp_test.c.patch Normal file
View File

@@ -0,0 +1,14 @@
--- tests/ocsp_test.c.orig 2016-10-18 18:12:39.854607509 +0900
+++ tests/ocsp_test.c 2016-10-18 18:14:29.261600559 +0900
@@ -16,6 +16,11 @@
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
+#ifdef _MSC_VER
+ if (BIO_sock_init() != 1)
+ exit(-1);
+#endif
+
error = getaddrinfo(host, port, &hints, &res);
if (error != 0) {
perror("getaddrinfo()");

View File

@@ -1,6 +1,6 @@
--- apps/openssl/openssl.c.orig Sun Sep 13 09:11:31 2015 --- apps/openssl/openssl.c.orig Fri Nov 4 09:33:19 2016
+++ apps/openssl/openssl.c Sun Sep 13 09:10:02 2015 +++ apps/openssl/openssl.c Sat Nov 5 15:28:35 2016
@@ -399,7 +399,9 @@ @@ -396,7 +396,9 @@
static void static void
openssl_startup(void) openssl_startup(void)
{ {

19
patches/ssl_txt.c.patch Normal file
View File

@@ -0,0 +1,19 @@
--- ssl/ssl_txt.orig Sun Jul 17 17:26:59 2016
+++ ssl/ssl_txt.c Sun Jul 17 17:35:44 2016
@@ -82,6 +82,7 @@
* OTHERWISE.
*/
+#include <inttypes.h>
#include <stdio.h>
#include <openssl/buffer.h>
@@ -163,7 +164,7 @@
}
if (x->time != 0) {
- if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
+ if (BIO_printf(bp, "\n Start Time: %"PRId64, (int64_t)x->time) <= 0)
goto err;
}
if (x->timeout != 0L) {

32
patches/tls.h.patch Normal file
View File

@@ -0,0 +1,32 @@
--- include/tls.h.orig 2017-02-13 20:19:55.918636579 +0900
+++ include/tls.h 2017-02-13 20:21:18.313073161 +0900
@@ -22,6 +22,13 @@
extern "C" {
#endif
+#ifdef _MSC_VER
+#ifndef LIBRESSL_INTERNAL
+#include <basetsd.h>
+typedef SSIZE_T ssize_t;
+#endif
+#endif
+
#include <sys/types.h>
#include <stddef.h>
--- libtls-standalone/include/tls.h.orig 2017-02-13 20:21:48.297958529 +0900
+++ libtls-standalone/include/tls.h 2017-02-13 20:21:48.296958502 +0900
@@ -22,6 +22,13 @@
extern "C" {
#endif
+#ifdef _MSC_VER
+#ifndef LIBRESSL_INTERNAL
+#include <basetsd.h>
+typedef SSIZE_T ssize_t;
+#endif
+#endif
+
#include <sys/types.h>
#include <stddef.h>

View File

@@ -1,12 +1,12 @@
--- ./openbsd/src/lib/libtls/tls_internal.h Thu Oct 15 16:12:24 2015 --- tls/tls_internal.h.orig Sun Jul 9 06:16:17 2017
+++ ./tls/tls_internal.h Sun Dec 6 20:18:17 2015 +++ tls/tls_internal.h Mon Jul 17 06:10:01 2017
@@ -24,7 +24,9 @@ @@ -26,7 +26,9 @@
#include <openssl/ssl.h> __BEGIN_HIDDEN_DECLS
+#ifndef _PATH_SSL_CA_FILE +#ifndef _PATH_SSL_CA_FILE
#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem" #define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
+#endif +#endif
#define TLS_CIPHERS_COMPAT "ALL:!aNULL:!eNULL"
#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE" #define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
#define TLS_CIPHERS_COMPAT "HIGH:!aNULL"

View File

@@ -0,0 +1,41 @@
--- tests/tlsexttest.c.orig Sun Sep 3 00:44:51 2017
+++ tests/tlsexttest.c Sun Sep 3 00:47:06 2017
@@ -1676,7 +1676,9 @@ static unsigned char tlsext_sni_clienthello[] = {
};
static unsigned char tlsext_sni_serverhello[] = {
+ 0x00
};
+const size_t sizeof_tlsext_sni_serverhello = 0;
static int
test_tlsext_sni_clienthello(void)
@@ -1839,9 +1841,9 @@ test_tlsext_sni_serverhello(void)
if (!CBB_finish(&cbb, &data, &dlen))
errx(1, "failed to finish CBB");
- if (dlen != sizeof(tlsext_sni_serverhello)) {
+ if (dlen != sizeof_tlsext_sni_serverhello) {
FAIL("got serverhello SNI with length %zu, "
- "want length %zu\n", dlen, sizeof(tlsext_sni_serverhello));
+ "want length %zu\n", dlen, sizeof_tlsext_sni_serverhello);
goto err;
}
@@ -1850,14 +1852,14 @@ test_tlsext_sni_serverhello(void)
fprintf(stderr, "received:\n");
hexdump(data, dlen);
fprintf(stderr, "test data:\n");
- hexdump(tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));
+ hexdump(tlsext_sni_serverhello, sizeof_tlsext_sni_serverhello);
goto err;
}
free(ssl->session->tlsext_hostname);
ssl->session->tlsext_hostname = NULL;
- CBS_init(&cbs, tlsext_sni_serverhello, sizeof(tlsext_sni_serverhello));
+ CBS_init(&cbs, tlsext_sni_serverhello, sizeof_tlsext_sni_serverhello);
if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) {
FAIL("failed to parse serverhello SNI\n");
goto err;

View File

@@ -13,9 +13,8 @@ diff -u include/openssl.orig/dtls1.h include/openssl/dtls1.h
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
diff -u include/openssl.orig/opensslconf.h include/openssl/opensslconf.h --- include/openssl/opensslconf.h.orig Sat Nov 5 08:36:25 2016
--- include/openssl.orig/opensslconf.h Mon Dec 7 07:58:32 2015 +++ include/openssl/opensslconf.h Mon Jul 17 06:06:58 2017
+++ include/openssl/opensslconf.h Mon Dec 7 07:56:14 2015
@@ -1,6 +1,10 @@ @@ -1,6 +1,10 @@
#include <openssl/opensslfeatures.h> #include <openssl/opensslfeatures.h>
/* crypto/opensslconf.h.in */ /* crypto/opensslconf.h.in */
@@ -24,9 +23,9 @@ diff -u include/openssl.orig/opensslconf.h include/openssl/opensslconf.h
+#define __attribute__(a) +#define __attribute__(a)
+#endif +#endif
+ +
/* Generate 80386 code? */ #if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
#undef I386_ONLY #define OPENSSLDIR "/etc/ssl"
#endif
diff -u include/openssl.orig/ossl_typ.h include/openssl/ossl_typ.h diff -u include/openssl.orig/ossl_typ.h include/openssl/ossl_typ.h
--- include/openssl.orig/ossl_typ.h Mon Dec 7 07:58:32 2015 --- include/openssl.orig/ossl_typ.h Mon Dec 7 07:58:32 2015
+++ include/openssl/ossl_typ.h Mon Dec 7 07:56:14 2015 +++ include/openssl/ossl_typ.h Mon Dec 7 07:56:14 2015

View File

@@ -21,9 +21,6 @@ if [ "x$ARCH" = "xnative" ]; then
make make
make test make test
else else
sudo apt-get update
sudo apt-get install -y python-software-properties
sudo apt-add-repository -y ppa:kalakris/cmake
sudo apt-get update sudo apt-get update
sudo apt-get install -y cmake ninja-build sudo apt-get install -y cmake ninja-build
cmake -GNinja .. cmake -GNinja ..
@@ -38,12 +35,8 @@ else
export CC=$CPU-w64-mingw32-gcc export CC=$CPU-w64-mingw32-gcc
if [ -z $(which $CC) ]; then if [ -z $(which $CC) ]; then
# Update Ubuntu 12.04 with current mingw toolchain
sudo apt-get update sudo apt-get update
sudo apt-get install -y python-software-properties sudo apt-get install -y mingw-w64 make
sudo apt-add-repository -y ppa:tobydox/mingw-x-precise
sudo apt-get update
sudo apt-get install -y $ARCH-x-gcc make
export PATH=$PATH:/opt/$ARCH/bin export PATH=$PATH:/opt/$ARCH/bin
fi fi

View File

@@ -19,44 +19,54 @@ set(
d1_srtp.c d1_srtp.c
d1_srvr.c d1_srvr.c
pqueue.c pqueue.c
s23_clnt.c
s23_lib.c
s23_pkt.c
s23_srvr.c
s3_both.c
s3_cbc.c s3_cbc.c
s3_clnt.c
s3_lib.c s3_lib.c
s3_pkt.c
s3_srvr.c
ssl_algs.c ssl_algs.c
ssl_asn1.c ssl_asn1.c
ssl_both.c
ssl_cert.c ssl_cert.c
ssl_ciph.c ssl_ciph.c
ssl_clnt.c
ssl_err.c ssl_err.c
ssl_err2.c
ssl_lib.c ssl_lib.c
ssl_packet.c
ssl_pkt.c
ssl_rsa.c ssl_rsa.c
ssl_sess.c ssl_sess.c
ssl_srvr.c
ssl_stat.c ssl_stat.c
ssl_tlsext.c
ssl_txt.c ssl_txt.c
ssl_versions.c
t1_clnt.c t1_clnt.c
t1_enc.c t1_enc.c
t1_hash.c
t1_lib.c t1_lib.c
t1_meth.c t1_meth.c
t1_reneg.c
t1_srvr.c t1_srvr.c
) )
add_library(ssl-objects OBJECT ${SSL_SRC})
if (BUILD_SHARED) if (BUILD_SHARED)
add_library(ssl-objects OBJECT ${SSL_SRC})
add_library(ssl STATIC $<TARGET_OBJECTS:ssl-objects>) add_library(ssl STATIC $<TARGET_OBJECTS:ssl-objects>)
add_library(ssl-shared SHARED $<TARGET_OBJECTS:ssl-objects>) add_library(ssl-shared SHARED $<TARGET_OBJECTS:ssl-objects>)
set_target_properties(ssl-shared PROPERTIES OUTPUT_NAME ssl) export_symbol(ssl-shared ${CMAKE_CURRENT_SOURCE_DIR}/ssl.sym)
target_link_libraries(ssl-shared crypto-shared)
if (WIN32)
target_link_libraries(ssl-shared Ws2_32.lib)
set(SSL_POSTFIX -${SSL_MAJOR_VERSION})
endif()
set_target_properties(ssl-shared PROPERTIES
OUTPUT_NAME ssl${SSL_POSTFIX}
ARCHIVE_OUTPUT_NAME ssl${SSL_POSTFIX})
set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION} set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION}
SOVERSION ${SSL_MAJOR_VERSION}) SOVERSION ${SSL_MAJOR_VERSION})
install(TARGETS ssl ssl-shared DESTINATION lib) if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS ssl ssl-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif(ENABLE_LIBRESSL_INSTALL)
else() else()
add_library(ssl STATIC ${SSL_SRC}) add_library(ssl STATIC ${SSL_SRC})
install(TARGETS ssl DESTINATION lib) if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS ssl DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif(ENABLE_LIBRESSL_INSTALL)
endif() endif()

View File

@@ -4,8 +4,9 @@ lib_LTLIBRARIES = libssl.la
EXTRA_DIST = VERSION EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt EXTRA_DIST += CMakeLists.txt
EXTRA_DIST += ssl.sym
libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym
libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la
libssl_la_SOURCES = bio_ssl.c libssl_la_SOURCES = bio_ssl.c
@@ -21,34 +22,33 @@ libssl_la_SOURCES += d1_pkt.c
libssl_la_SOURCES += d1_srtp.c libssl_la_SOURCES += d1_srtp.c
libssl_la_SOURCES += d1_srvr.c libssl_la_SOURCES += d1_srvr.c
libssl_la_SOURCES += pqueue.c libssl_la_SOURCES += pqueue.c
libssl_la_SOURCES += s23_clnt.c
libssl_la_SOURCES += s23_lib.c
libssl_la_SOURCES += s23_pkt.c
libssl_la_SOURCES += s23_srvr.c
libssl_la_SOURCES += s3_both.c
libssl_la_SOURCES += s3_cbc.c libssl_la_SOURCES += s3_cbc.c
libssl_la_SOURCES += s3_clnt.c
libssl_la_SOURCES += s3_lib.c libssl_la_SOURCES += s3_lib.c
libssl_la_SOURCES += s3_pkt.c
libssl_la_SOURCES += s3_srvr.c
libssl_la_SOURCES += ssl_algs.c libssl_la_SOURCES += ssl_algs.c
libssl_la_SOURCES += ssl_asn1.c libssl_la_SOURCES += ssl_asn1.c
libssl_la_SOURCES += ssl_both.c
libssl_la_SOURCES += ssl_cert.c libssl_la_SOURCES += ssl_cert.c
libssl_la_SOURCES += ssl_ciph.c libssl_la_SOURCES += ssl_ciph.c
libssl_la_SOURCES += ssl_clnt.c
libssl_la_SOURCES += ssl_err.c libssl_la_SOURCES += ssl_err.c
libssl_la_SOURCES += ssl_err2.c
libssl_la_SOURCES += ssl_lib.c libssl_la_SOURCES += ssl_lib.c
libssl_la_SOURCES += ssl_packet.c
libssl_la_SOURCES += ssl_pkt.c
libssl_la_SOURCES += ssl_rsa.c libssl_la_SOURCES += ssl_rsa.c
libssl_la_SOURCES += ssl_sess.c libssl_la_SOURCES += ssl_sess.c
libssl_la_SOURCES += ssl_srvr.c
libssl_la_SOURCES += ssl_stat.c libssl_la_SOURCES += ssl_stat.c
libssl_la_SOURCES += ssl_tlsext.c
libssl_la_SOURCES += ssl_txt.c libssl_la_SOURCES += ssl_txt.c
libssl_la_SOURCES += ssl_versions.c
libssl_la_SOURCES += t1_clnt.c libssl_la_SOURCES += t1_clnt.c
libssl_la_SOURCES += t1_enc.c libssl_la_SOURCES += t1_enc.c
libssl_la_SOURCES += t1_hash.c
libssl_la_SOURCES += t1_lib.c libssl_la_SOURCES += t1_lib.c
libssl_la_SOURCES += t1_meth.c libssl_la_SOURCES += t1_meth.c
libssl_la_SOURCES += t1_reneg.c
libssl_la_SOURCES += t1_srvr.c libssl_la_SOURCES += t1_srvr.c
noinst_HEADERS = srtp.h noinst_HEADERS = srtp.h
noinst_HEADERS += ssl_locl.h noinst_HEADERS += ssl_locl.h
noinst_HEADERS += ssl_tlsext.h
noinst_HEADERS += bytestring.h noinst_HEADERS += bytestring.h

View File

@@ -1,5 +1,5 @@
#! /bin/sh #! /bin/sh
# Copyright (C) 2011-2014 Free Software Foundation, Inc. # Copyright (C) 2011-2017 Free Software Foundation, Inc.
# #
# This program is free software; you can redistribute it and/or modify # This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by # it under the terms of the GNU General Public License as published by
@@ -646,6 +646,6 @@ test $? -eq 0 || fatal "I/O or internal error"
# eval: (add-hook 'write-file-hooks 'time-stamp) # eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion=" # time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H" # time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC" # time-stamp-time-zone: "UTC0"
# time-stamp-end: "; # UTC" # time-stamp-end: "; # UTC"
# End: # End:

View File

@@ -9,274 +9,423 @@ include_directories(
../apps/openssl/compat ../apps/openssl/compat
) )
set(ENV{srcdir} ${CMAKE_CURRENT_SOURCE_DIR}) add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_CURRENT_SOURCE_DIR}/../apps/openssl/cert.pem\")
foreach(lib IN LISTS OPENSSL_LIBS)
if(${lib} STREQUAL "tls-shared")
set(TESTS_LIBS ${TESTS_LIBS} tls)
elseif(${lib} STREQUAL "ssl-shared")
set(TESTS_LIBS ${TESTS_LIBS} ssl)
elseif(${lib} STREQUAL "crypto-shared")
set(TESTS_LIBS ${TESTS_LIBS} crypto)
else()
set(TESTS_LIBS ${TESTS_LIBS} ${lib})
endif()
endforeach()
# aeadtest # aeadtest
#add_executable(aeadtest aeadtest.c) add_executable(aeadtest aeadtest.c)
#target_link_libraries(aeadtest ${OPENSSL_LIBS}) target_link_libraries(aeadtest ${TESTS_LIBS})
#add_test(aeadtest aeadtest.sh) add_test(aeadtest aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtests.txt)
#configure_file(aeadtests.txt aeadtests.txt COPYONLY)
#configure_file(aeadtest.sh aeadtest.sh COPYONLY)
# aes_wrap # aes_wrap
add_executable(aes_wrap aes_wrap.c) add_executable(aes_wrap aes_wrap.c)
target_link_libraries(aes_wrap ${OPENSSL_LIBS}) target_link_libraries(aes_wrap ${TESTS_LIBS})
add_test(aes_wrap aes_wrap) add_test(aes_wrap aes_wrap)
# arc4randomforktest # arc4randomforktest
# Windows/mingw does not have fork, but Cygwin does. # Windows/mingw does not have fork, but Cygwin does.
if(NOT CMAKE_HOST_WIN32) if(NOT CMAKE_HOST_WIN32 AND NOT CMAKE_SYSTEM_NAME MATCHES "MINGW")
add_executable(arc4randomforktest arc4randomforktest.c) add_executable(arc4randomforktest arc4randomforktest.c)
target_link_libraries(arc4randomforktest ${OPENSSL_LIBS}) target_link_libraries(arc4randomforktest ${TESTS_LIBS})
add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh) add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh)
endif() endif()
# asn1test # asn1test
add_executable(asn1test asn1test.c) add_executable(asn1test asn1test.c)
target_link_libraries(asn1test ${OPENSSL_LIBS}) target_link_libraries(asn1test ${TESTS_LIBS})
add_test(asn1test asn1test) add_test(asn1test asn1test)
# asn1time # asn1time
add_executable(asn1time asn1time.c) add_executable(asn1time asn1time.c)
target_link_libraries(asn1time ${OPENSSL_LIBS}) target_link_libraries(asn1time ${TESTS_LIBS})
add_test(asn1time asn1time) add_test(asn1time asn1time)
# base64test # base64test
add_executable(base64test base64test.c) add_executable(base64test base64test.c)
target_link_libraries(base64test ${OPENSSL_LIBS}) target_link_libraries(base64test ${TESTS_LIBS})
add_test(base64test base64test) add_test(base64test base64test)
# bftest # bftest
add_executable(bftest bftest.c) add_executable(bftest bftest.c)
target_link_libraries(bftest ${OPENSSL_LIBS}) target_link_libraries(bftest ${TESTS_LIBS})
add_test(bftest bftest) add_test(bftest bftest)
# biotest
# the BIO tests rely on resolver results that are OS and environment-specific
if(ENABLE_EXTRATESTS)
add_executable(biotest biotest.c)
target_link_libraries(biotest ${TESTS_LIBS})
add_test(biotest biotest)
endif()
# bntest # bntest
add_executable(bntest bntest.c) add_executable(bntest bntest.c)
target_link_libraries(bntest ${OPENSSL_LIBS}) set_source_files_properties(bntest.c PROPERTIES COMPILE_FLAGS -ULIBRESSL_INTERNAL)
target_link_libraries(bntest ${TESTS_LIBS})
add_test(bntest bntest) add_test(bntest bntest)
# bytestringtest # bytestringtest
add_executable(bytestringtest bytestringtest.c) add_executable(bytestringtest bytestringtest.c)
target_link_libraries(bytestringtest ${OPENSSL_LIBS}) target_link_libraries(bytestringtest ${TESTS_LIBS})
add_test(bytestringtest bytestringtest) add_test(bytestringtest bytestringtest)
# casttest # casttest
add_executable(casttest casttest.c) add_executable(casttest casttest.c)
target_link_libraries(casttest ${OPENSSL_LIBS}) target_link_libraries(casttest ${TESTS_LIBS})
add_test(casttest casttest) add_test(casttest casttest)
# chachatest # chachatest
add_executable(chachatest chachatest.c) add_executable(chachatest chachatest.c)
target_link_libraries(chachatest ${OPENSSL_LIBS}) target_link_libraries(chachatest ${TESTS_LIBS})
add_test(chachatest chachatest) add_test(chachatest chachatest)
# cipher_list # cipher_list
add_executable(cipher_list cipher_list.c) add_executable(cipher_list cipher_list.c)
target_link_libraries(cipher_list ${OPENSSL_LIBS}) target_link_libraries(cipher_list ${TESTS_LIBS})
add_test(cipher_list cipher_list) add_test(cipher_list cipher_list)
# cipherstest # cipherstest
add_executable(cipherstest cipherstest.c) add_executable(cipherstest cipherstest.c)
target_link_libraries(cipherstest ${OPENSSL_LIBS}) target_link_libraries(cipherstest ${TESTS_LIBS})
add_test(cipherstest cipherstest) add_test(cipherstest cipherstest)
# clienttest # clienttest
add_executable(clienttest clienttest.c) add_executable(clienttest clienttest.c)
target_link_libraries(clienttest ${OPENSSL_LIBS}) target_link_libraries(clienttest ${TESTS_LIBS})
add_test(clienttest clienttest) add_test(clienttest clienttest)
# cts128test # cts128test
add_executable(cts128test cts128test.c) add_executable(cts128test cts128test.c)
target_link_libraries(cts128test ${OPENSSL_LIBS}) target_link_libraries(cts128test ${TESTS_LIBS})
add_test(cts128test cts128test) add_test(cts128test cts128test)
# destest # destest
add_executable(destest destest.c) add_executable(destest destest.c)
target_link_libraries(destest ${OPENSSL_LIBS}) target_link_libraries(destest ${TESTS_LIBS})
add_test(destest destest) add_test(destest destest)
# dhtest # dhtest
add_executable(dhtest dhtest.c) add_executable(dhtest dhtest.c)
target_link_libraries(dhtest ${OPENSSL_LIBS}) target_link_libraries(dhtest ${TESTS_LIBS})
add_test(dhtest dhtest) add_test(dhtest dhtest)
# dsatest # dsatest
add_executable(dsatest dsatest.c) add_executable(dsatest dsatest.c)
target_link_libraries(dsatest ${OPENSSL_LIBS}) target_link_libraries(dsatest ${TESTS_LIBS})
add_test(dsatest dsatest) add_test(dsatest dsatest)
# ecdhtest # ecdhtest
add_executable(ecdhtest ecdhtest.c) add_executable(ecdhtest ecdhtest.c)
target_link_libraries(ecdhtest ${OPENSSL_LIBS}) target_link_libraries(ecdhtest ${TESTS_LIBS})
add_test(ecdhtest ecdhtest) add_test(ecdhtest ecdhtest)
# ecdsatest # ecdsatest
add_executable(ecdsatest ecdsatest.c) add_executable(ecdsatest ecdsatest.c)
target_link_libraries(ecdsatest ${OPENSSL_LIBS}) target_link_libraries(ecdsatest ${TESTS_LIBS})
add_test(ecdsatest ecdsatest) add_test(ecdsatest ecdsatest)
# ectest # ectest
add_executable(ectest ectest.c) add_executable(ectest ectest.c)
target_link_libraries(ectest ${OPENSSL_LIBS}) target_link_libraries(ectest ${TESTS_LIBS})
add_test(ectest ectest) add_test(ectest ectest)
# enginetest # enginetest
add_executable(enginetest enginetest.c) add_executable(enginetest enginetest.c)
target_link_libraries(enginetest ${OPENSSL_LIBS}) target_link_libraries(enginetest ${TESTS_LIBS})
add_test(enginetest enginetest) add_test(enginetest enginetest)
# evptest # evptest
#add_executable(evptest evptest.c) add_executable(evptest evptest.c)
#target_link_libraries(evptest ${OPENSSL_LIBS}) target_link_libraries(evptest ${TESTS_LIBS})
#add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh) add_test(evptest evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptests.txt)
# explicit_bzero # explicit_bzero
# explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows # explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
if(NOT CMAKE_HOST_WIN32) if(NOT CMAKE_HOST_WIN32)
add_executable(explicit_bzero explicit_bzero.c) if(HAVE_MEMMEM)
target_link_libraries(explicit_bzero ${OPENSSL_LIBS}) add_executable(explicit_bzero explicit_bzero.c)
add_test(explicit_bzero explicit_bzero) else()
#if !HAVE_MEMMEM add_executable(explicit_bzero explicit_bzero.c compat/memmem.c)
#explicit_bzero_SOURCES += memmem.c endif()
#endif target_link_libraries(explicit_bzero ${TESTS_LIBS})
add_test(explicit_bzero explicit_bzero)
endif() endif()
# exptest # exptest
add_executable(exptest exptest.c) add_executable(exptest exptest.c)
target_link_libraries(exptest ${OPENSSL_LIBS}) set_source_files_properties(exptest.c PROPERTIES COMPILE_FLAGS -ULIBRESSL_INTERNAL)
target_link_libraries(exptest ${TESTS_LIBS})
add_test(exptest exptest) add_test(exptest exptest)
# freenull
add_executable(freenull freenull.c)
target_link_libraries(freenull ${TESTS_LIBS})
add_test(freenull freenull)
# gcm128test # gcm128test
add_executable(gcm128test gcm128test.c) add_executable(gcm128test gcm128test.c)
target_link_libraries(gcm128test ${OPENSSL_LIBS}) target_link_libraries(gcm128test ${TESTS_LIBS})
add_test(gcm128test gcm128test) add_test(gcm128test gcm128test)
# gost2814789t # gost2814789t
add_executable(gost2814789t gost2814789t.c) add_executable(gost2814789t gost2814789t.c)
target_link_libraries(gost2814789t ${OPENSSL_LIBS}) target_link_libraries(gost2814789t ${TESTS_LIBS})
add_test(gost2814789t gost2814789t) add_test(gost2814789t gost2814789t)
# hkdf_test
add_executable(hkdf_test hkdf_test.c)
target_link_libraries(hkdf_test ${TESTS_LIBS})
add_test(hkdf_test hkdf_test)
# hmactest # hmactest
add_executable(hmactest hmactest.c) add_executable(hmactest hmactest.c)
target_link_libraries(hmactest ${OPENSSL_LIBS}) target_link_libraries(hmactest ${TESTS_LIBS})
add_test(hmactest hmactest) add_test(hmactest hmactest)
# ideatest # ideatest
add_executable(ideatest ideatest.c) add_executable(ideatest ideatest.c)
target_link_libraries(ideatest ${OPENSSL_LIBS}) target_link_libraries(ideatest ${TESTS_LIBS})
add_test(ideatest ideatest) add_test(ideatest ideatest)
# igetest # igetest
add_executable(igetest igetest.c) add_executable(igetest igetest.c)
target_link_libraries(igetest ${OPENSSL_LIBS}) target_link_libraries(igetest ${TESTS_LIBS})
add_test(igetest igetest) add_test(igetest igetest)
# md4test # md4test
add_executable(md4test md4test.c) add_executable(md4test md4test.c)
target_link_libraries(md4test ${OPENSSL_LIBS}) target_link_libraries(md4test ${TESTS_LIBS})
add_test(md4test md4test) add_test(md4test md4test)
# md5test # md5test
add_executable(md5test md5test.c) add_executable(md5test md5test.c)
target_link_libraries(md5test ${OPENSSL_LIBS}) target_link_libraries(md5test ${TESTS_LIBS})
add_test(md5test md5test) add_test(md5test md5test)
# mont # mont
add_executable(mont mont.c) add_executable(mont mont.c)
target_link_libraries(mont ${OPENSSL_LIBS}) target_link_libraries(mont ${TESTS_LIBS})
add_test(mont mont) add_test(mont mont)
# ocsp_test
if(ENABLE_EXTRATESTS)
add_executable(ocsp_test ocsp_test.c)
target_link_libraries(ocsp_test ${TESTS_LIBS})
if(NOT MSVC)
add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh)
else()
add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.bat)
endif()
endif()
# optionstest # optionstest
add_executable(optionstest optionstest.c) add_executable(optionstest optionstest.c)
target_link_libraries(optionstest ${OPENSSL_LIBS}) target_link_libraries(optionstest ${TESTS_LIBS})
add_test(optionstest optionstest) add_test(optionstest optionstest)
# pbkdf2 # pbkdf2
add_executable(pbkdf2 pbkdf2.c) add_executable(pbkdf2 pbkdf2.c)
target_link_libraries(pbkdf2 ${OPENSSL_LIBS}) target_link_libraries(pbkdf2 ${TESTS_LIBS})
add_test(pbkdf2 pbkdf2) add_test(pbkdf2 pbkdf2)
# pidwraptest
# pidwraptest relies on an OS-specific way to give out pids and is generally
# awkward on systems with slow fork
if(ENABLE_EXTRATESTS AND NOT MSVC)
add_executable(pidwraptest pidwraptest.c)
target_link_libraries(pidwraptest ${TESTS_LIBS})
add_test(pidwraptest ${CMAKE_CURRENT_SOURCE_DIR}/pidwraptest.sh)
endif()
# pkcs7test # pkcs7test
add_executable(pkcs7test pkcs7test.c) add_executable(pkcs7test pkcs7test.c)
target_link_libraries(pkcs7test ${OPENSSL_LIBS}) target_link_libraries(pkcs7test ${TESTS_LIBS})
add_test(pkcs7test pkcs7test) add_test(pkcs7test pkcs7test)
# poly1305test # poly1305test
add_executable(poly1305test poly1305test.c) add_executable(poly1305test poly1305test.c)
target_link_libraries(poly1305test ${OPENSSL_LIBS}) target_link_libraries(poly1305test ${TESTS_LIBS})
add_test(poly1305test poly1305test) add_test(poly1305test poly1305test)
# pq_test # pq_test
#add_executable(pq_test pq_test.c) add_executable(pq_test pq_test.c)
#target_link_libraries(pq_test ${OPENSSL_LIBS}) target_link_libraries(pq_test ${TESTS_LIBS})
#add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh) if(NOT MSVC)
add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
else()
add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.bat)
endif()
set_tests_properties(pq_test PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
# randtest # randtest
add_executable(randtest randtest.c) add_executable(randtest randtest.c)
target_link_libraries(randtest ${OPENSSL_LIBS}) target_link_libraries(randtest ${TESTS_LIBS})
add_test(randtest randtest) add_test(randtest randtest)
# rc2test # rc2test
add_executable(rc2test rc2test.c) add_executable(rc2test rc2test.c)
target_link_libraries(rc2test ${OPENSSL_LIBS}) target_link_libraries(rc2test ${TESTS_LIBS})
add_test(rc2test rc2test) add_test(rc2test rc2test)
# rc4test # rc4test
add_executable(rc4test rc4test.c) add_executable(rc4test rc4test.c)
target_link_libraries(rc4test ${OPENSSL_LIBS}) target_link_libraries(rc4test ${TESTS_LIBS})
add_test(rc4test rc4test) add_test(rc4test rc4test)
# rfc5280time # rfc5280time
add_executable(rfc5280time rfc5280time.c) add_executable(rfc5280time rfc5280time.c)
target_link_libraries(rfc5280time ${OPENSSL_LIBS}) target_link_libraries(rfc5280time ${TESTS_LIBS})
add_test(rfc5280time rfc5280time) if(SMALL_TIME_T)
add_test(rfc5280time ${CMAKE_CURRENT_SOURCE_DIR}/rfc5280time_small.test)
else()
add_test(rfc5280time rfc5280time)
endif()
# rmdtest # rmdtest
add_executable(rmdtest rmdtest.c) add_executable(rmdtest rmdtest.c)
target_link_libraries(rmdtest ${OPENSSL_LIBS}) target_link_libraries(rmdtest ${TESTS_LIBS})
add_test(rmdtest rmdtest) add_test(rmdtest rmdtest)
# rsa_test
add_executable(rsa_test rsa_test.c)
target_link_libraries(rsa_test ${TESTS_LIBS})
add_test(rsa_test rsa_test)
# servertest
add_executable(servertest servertest.c)
target_link_libraries(servertest ${TESTS_LIBS})
if(NOT MSVC)
add_test(servertest ${CMAKE_CURRENT_SOURCE_DIR}/servertest.sh)
else()
add_test(servertest ${CMAKE_CURRENT_SOURCE_DIR}/servertest.bat)
endif()
set_tests_properties(servertest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
# sha1test # sha1test
add_executable(sha1test sha1test.c) add_executable(sha1test sha1test.c)
target_link_libraries(sha1test ${OPENSSL_LIBS}) target_link_libraries(sha1test ${TESTS_LIBS})
add_test(sha1test sha1test) add_test(sha1test sha1test)
# sha256test # sha256test
add_executable(sha256test sha256test.c) add_executable(sha256test sha256test.c)
target_link_libraries(sha256test ${OPENSSL_LIBS}) target_link_libraries(sha256test ${TESTS_LIBS})
add_test(sha256test sha256test) add_test(sha256test sha256test)
# sha512test # sha512test
add_executable(sha512test sha512test.c) add_executable(sha512test sha512test.c)
target_link_libraries(sha512test ${OPENSSL_LIBS}) target_link_libraries(sha512test ${TESTS_LIBS})
add_test(sha512test sha512test) add_test(sha512test sha512test)
# ssl_versions
add_executable(ssl_versions ssl_versions.c)
target_link_libraries(ssl_versions ${TESTS_LIBS})
add_test(ssl_versions ssl_versions)
# ssltest # ssltest
#add_executable(ssltest ssltest.c) add_executable(ssltest ssltest.c)
#target_link_libraries(ssltest ${OPENSSL_LIBS}) target_link_libraries(ssltest ${TESTS_LIBS})
#add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh) if(NOT MSVC)
add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
else()
add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.bat)
endif()
set_tests_properties(ssltest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
# testdsa # testdsa
#add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh) if(NOT MSVC)
add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
else()
add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.bat)
endif()
set_tests_properties(testdsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
# testenc # testenc
add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh) if(NOT MSVC)
add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh)
else()
add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.bat)
endif()
set_tests_properties(testenc PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
# testrsa # testrsa
#add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh) if(NOT MSVC)
add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
else()
add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.bat)
endif()
set_tests_properties(testrsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
# timingsafe # timingsafe
add_executable(timingsafe timingsafe.c) add_executable(timingsafe timingsafe.c)
target_link_libraries(timingsafe ${OPENSSL_LIBS}) target_link_libraries(timingsafe ${TESTS_LIBS})
add_test(timingsafe timingsafe) add_test(timingsafe timingsafe)
# tlsexttest
add_executable(tlsexttest tlsexttest.c)
target_link_libraries(tlsexttest ${TESTS_LIBS})
add_test(tlsexttest tlsexttest)
# tlstest
set(TLSTEST_SRC tlstest.c)
check_function_exists(pipe2 HAVE_PIPE2)
if(HAVE_PIPE2)
add_definitions(-DHAVE_PIPE2)
else()
set(TLSTEST_SRC ${TLSTEST_SRC} compat/pipe2.c)
endif()
add_executable(tlstest ${TLSTEST_SRC})
target_link_libraries(tlstest ${TESTS_LIBS})
if(NOT MSVC)
add_test(tlstest ${CMAKE_CURRENT_SOURCE_DIR}/tlstest.sh)
else()
add_test(tlstest ${CMAKE_CURRENT_SOURCE_DIR}/tlstest.bat)
endif()
set_tests_properties(tlstest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
# tls_ext_alpn
add_executable(tls_ext_alpn tls_ext_alpn.c)
target_link_libraries(tls_ext_alpn ${TESTS_LIBS})
add_test(tls_ext_alpn tls_ext_alpn)
# tls_prf
add_executable(tls_prf tls_prf.c)
target_link_libraries(tls_prf ${TESTS_LIBS})
add_test(tls_prf tls_prf)
# utf8test # utf8test
add_executable(utf8test utf8test.c) add_executable(utf8test utf8test.c)
target_link_libraries(utf8test ${OPENSSL_LIBS}) target_link_libraries(utf8test ${TESTS_LIBS})
add_test(utf8test utf8test) add_test(utf8test utf8test)
# verifytest # verifytest
add_executable(verifytest verifytest.c) add_executable(verifytest verifytest.c)
target_link_libraries(verifytest tls ${OPENSSL_LIBS}) target_link_libraries(verifytest tls ${TESTS_LIBS})
add_test(verifytest verifytest) add_test(verifytest verifytest)
# x25519test
add_executable(x25519test x25519test.c)
target_link_libraries(x25519test ${TESTS_LIBS})
add_test(x25519test x25519test)
if(ENABLE_VSTEST AND USE_SHARED)
add_custom_command(TARGET x25519test POST_BUILD
COMMAND "${CMAKE_COMMAND}" -E copy
"$<TARGET_FILE:tls-shared>"
"$<TARGET_FILE:ssl-shared>"
"$<TARGET_FILE:crypto-shared>"
"${CMAKE_CURRENT_BINARY_DIR}"
COMMENT "Copying DLLs for regression tests")
endif()

View File

@@ -5,11 +5,15 @@ AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I $(top_srcdir)/ssl AM_CPPFLAGS += -I $(top_srcdir)/ssl
AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl
AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl/compat AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl/compat
AM_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"$(top_srcdir)/apps/openssl/cert.pem\"
LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) LDADD = $(abs_top_builddir)/tls/.libs/libtls.a
LDADD += $(abs_top_builddir)/ssl/libssl.la LDADD += $(abs_top_builddir)/ssl/.libs/libssl.a
LDADD += $(abs_top_builddir)/crypto/libcrypto.la LDADD += $(abs_top_builddir)/crypto/.libs/libcrypto.a
LDADD += $(abs_top_builddir)/tls/libtls.la LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
if HOST_ASM_MACOSX_X86_64
LDADD += $(abs_top_builddir)/crypto/.libs/libcrypto_la-cpuid-macosx-x86_64.o
endif
TEST_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh TEST_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh
@@ -69,6 +73,7 @@ endif
# bntest # bntest
TESTS += bntest TESTS += bntest
bntest_CPPFLAGS = $(AM_CPPFLAGS) -ULIBRESSL_INTERNAL
check_PROGRAMS += bntest check_PROGRAMS += bntest
bntest_SOURCES = bntest.c bntest_SOURCES = bntest.c
@@ -158,7 +163,7 @@ TESTS += explicit_bzero
check_PROGRAMS += explicit_bzero check_PROGRAMS += explicit_bzero
explicit_bzero_SOURCES = explicit_bzero.c explicit_bzero_SOURCES = explicit_bzero.c
if !HAVE_MEMMEM if !HAVE_MEMMEM
explicit_bzero_SOURCES += memmem.c explicit_bzero_SOURCES += compat/memmem.c
endif endif
endif endif
endif endif
@@ -166,8 +171,14 @@ endif
# exptest # exptest
TESTS += exptest TESTS += exptest
check_PROGRAMS += exptest check_PROGRAMS += exptest
exptest_CPPFLAGS = $(AM_CPPFLAGS) -ULIBRESSL_INTERNAL
exptest_SOURCES = exptest.c exptest_SOURCES = exptest.c
# freenull
TESTS += freenull
check_PROGRAMS += freenull
freenull_SOURCES = freenull.c
# gcm128test # gcm128test
TESTS += gcm128test TESTS += gcm128test
check_PROGRAMS += gcm128test check_PROGRAMS += gcm128test
@@ -178,6 +189,11 @@ TESTS += gost2814789t
check_PROGRAMS += gost2814789t check_PROGRAMS += gost2814789t
gost2814789t_SOURCES = gost2814789t.c gost2814789t_SOURCES = gost2814789t.c
# hkdf_test
TESTS += hkdftest
check_PROGRAMS += hkdftest
hkdftest_SOURCES = hkdf_test.c
# hmactest # hmactest
TESTS += hmactest TESTS += hmactest
check_PROGRAMS += hmactest check_PROGRAMS += hmactest
@@ -208,6 +224,14 @@ TESTS += mont
check_PROGRAMS += mont check_PROGRAMS += mont
mont_SOURCES = mont.c mont_SOURCES = mont.c
# ocsp_test
if ENABLE_EXTRATESTS
TESTS += ocsptest.sh
check_PROGRAMS += ocsp_test
ocsp_test_SOURCES = ocsp_test.c
endif
EXTRA_DIST += ocsptest.sh ocsptest.bat
# optionstest # optionstest
TESTS += optionstest TESTS += optionstest
check_PROGRAMS += optionstest check_PROGRAMS += optionstest
@@ -242,7 +266,7 @@ poly1305test_SOURCES = poly1305test.c
TESTS += pq_test.sh TESTS += pq_test.sh
check_PROGRAMS += pq_test check_PROGRAMS += pq_test
pq_test_SOURCES = pq_test.c pq_test_SOURCES = pq_test.c
EXTRA_DIST += pq_test.sh EXTRA_DIST += pq_test.sh pq_test.bat
EXTRA_DIST += pq_expected.txt EXTRA_DIST += pq_expected.txt
# randtest # randtest
@@ -275,6 +299,17 @@ TESTS += rmdtest
check_PROGRAMS += rmdtest check_PROGRAMS += rmdtest
rmdtest_SOURCES = rmdtest.c rmdtest_SOURCES = rmdtest.c
# rsa_test
TESTS += rsa_test
check_PROGRAMS += rsa_test
rsa_test_SOURCES = rsa_test.c
# servertest
TESTS += servertest.sh
check_PROGRAMS += servertest
servertest_SOURCES = servertest.c
EXTRA_DIST += servertest.sh servertest.bat
# sha1test # sha1test
TESTS += sha1test TESTS += sha1test
check_PROGRAMS += sha1test check_PROGRAMS += sha1test
@@ -290,31 +325,60 @@ TESTS += sha512test
check_PROGRAMS += sha512test check_PROGRAMS += sha512test
sha512test_SOURCES = sha512test.c sha512test_SOURCES = sha512test.c
# ssl_versions
TESTS += ssl_versions
check_PROGRAMS += ssl_versions
ssl_versions_SOURCES = ssl_versions.c
# ssltest # ssltest
TESTS += ssltest.sh TESTS += ssltest.sh
check_PROGRAMS += ssltest check_PROGRAMS += ssltest
ssltest_SOURCES = ssltest.c ssltest_SOURCES = ssltest.c
EXTRA_DIST += ssltest.sh EXTRA_DIST += ssltest.sh ssltest.bat
EXTRA_DIST += testssl ca.pem server.pem EXTRA_DIST += testssl testssl.bat ca.pem server.pem
# testdsa # testdsa
TESTS += testdsa.sh TESTS += testdsa.sh
EXTRA_DIST += testdsa.sh EXTRA_DIST += testdsa.sh testdsa.bat
EXTRA_DIST += openssl.cnf EXTRA_DIST += openssl.cnf
# testenc # testenc
TESTS += testenc.sh TESTS += testenc.sh
EXTRA_DIST += testenc.sh EXTRA_DIST += testenc.sh testenc.bat
# testrsa # testrsa
TESTS += testrsa.sh TESTS += testrsa.sh
EXTRA_DIST += testrsa.sh EXTRA_DIST += testrsa.sh testrsa.bat
# timingsafe # timingsafe
TESTS += timingsafe TESTS += timingsafe
check_PROGRAMS += timingsafe check_PROGRAMS += timingsafe
timingsafe_SOURCES = timingsafe.c timingsafe_SOURCES = timingsafe.c
# tlsexttest
TESTS += tlsexttest
check_PROGRAMS += tlsexttest
tlsexttest_SOURCES = tlsexttest.c
# tlstest
TESTS += tlstest.sh
check_PROGRAMS += tlstest
tlstest_SOURCES = tlstest.c
if !HAVE_PIPE2
tlstest_SOURCES += compat/pipe2.c
endif
EXTRA_DIST += tlstest.sh tlstest.bat
# tls_ext_alpn
TESTS += tls_ext_alpn
check_PROGRAMS += tls_ext_alpn
tls_ext_alpn_SOURCES = tls_ext_alpn.c
# tls_prf
TESTS += tls_prf
check_PROGRAMS += tls_prf
tls_prf_SOURCES = tls_prf.c
# utf8test # utf8test
TESTS += utf8test TESTS += utf8test
check_PROGRAMS += utf8test check_PROGRAMS += utf8test
@@ -324,3 +388,8 @@ utf8test_SOURCES = utf8test.c
TESTS += verifytest TESTS += verifytest
check_PROGRAMS += verifytest check_PROGRAMS += verifytest
verifytest_SOURCES = verifytest.c verifytest_SOURCES = verifytest.c
# x25519test
TESTS += x25519test
check_PROGRAMS += x25519test
x25519test_SOURCES = x25519test.c

167
tests/compat/pipe2.c Normal file
View File

@@ -0,0 +1,167 @@
/*
* Public domain
*
* pipe2/pipe/socketpair emulation
* Brent Cook <bcook@openbsd.org>
*/
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/socket.h>
#undef socketpair
#ifdef _WIN32
static int setfd(int fd, int flag)
{
int rc = -1;
if (flag & FD_CLOEXEC) {
HANDLE h = (HANDLE)_get_osfhandle(fd);
if (h != NULL)
rc = SetHandleInformation(h, HANDLE_FLAG_INHERIT, 0) == 0 ? -1 : 0;
}
return rc;
}
static int setfl(int fd, int flag)
{
int rc = -1;
if (flag & O_NONBLOCK) {
long mode = 1;
rc = ioctlsocket(fd, FIONBIO, &mode);
}
return rc;
}
int socketpair(int domain, int type, int protocol, int socket_vector[2])
{
if (domain != AF_UNIX || !(type & SOCK_STREAM) || protocol != PF_UNSPEC)
return -1;
socket_vector[0] = -1;
socket_vector[1] = -1;
int listener = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (listener == -1) {
return -1;
}
struct sockaddr_in addr = {
.sin_family = AF_INET,
.sin_addr.s_addr = htonl(INADDR_LOOPBACK),
.sin_port = 0,
};
int yes = 1, e;
if (setsockopt(listener, SOL_SOCKET, SO_REUSEADDR,
(void *)&yes, sizeof yes) == -1)
goto err;
if (bind(listener, (struct sockaddr *)&addr, sizeof addr) != 0)
goto err;
memset(&addr, 0, sizeof addr);
socklen_t addrlen = sizeof addr;
if (getsockname(listener, (struct sockaddr *)&addr, &addrlen) != 0)
goto err;
addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
addr.sin_family = AF_INET;
if (listen(listener, 1) != 0)
goto err;
socket_vector[0] = WSASocket(AF_INET, SOCK_STREAM, 0, NULL, 0, 0);
if (socket_vector[0] == -1)
goto err;
if (connect(socket_vector[0], (struct sockaddr *)&addr, sizeof addr) != 0)
goto err;
socket_vector[1] = accept(listener, NULL, NULL);
if (socket_vector[1] == -1)
goto err;
closesocket(listener);
return 0;
err:
e = WSAGetLastError();
closesocket(listener);
closesocket(socket_vector[0]);
closesocket(socket_vector[1]);
WSASetLastError(e);
socket_vector[0] = -1;
socket_vector[1] = -1;
return -1;
}
int pipe(int fildes[2])
{
return socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, PF_UNSPEC, fildes);
}
#else
static int setfd(int fd, int flag)
{
int flags = fcntl(fd, F_GETFD);
flags |= flag;
return fcntl(fd, F_SETFD, flags);
}
static int setfl(int fd, int flag)
{
int flags = fcntl(fd, F_GETFL);
flags |= flag;
return fcntl(fd, F_SETFL, flags);
}
#endif
int pipe2(int fildes[2], int flags)
{
int rc = pipe(fildes);
if (rc == 0) {
if (flags & O_NONBLOCK) {
rc |= setfl(fildes[0], O_NONBLOCK);
rc |= setfl(fildes[1], O_NONBLOCK);
}
if (flags & O_CLOEXEC) {
rc |= setfd(fildes[0], FD_CLOEXEC);
rc |= setfd(fildes[1], FD_CLOEXEC);
}
if (rc != 0) {
int e = errno;
close(fildes[0]);
close(fildes[1]);
errno = e;
}
}
return rc;
}
int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2])
{
int flags = type & ~0xf;
type &= 0xf;
int rc = socketpair(domain, type, protocol, socket_vector);
if (rc == 0) {
if (flags & SOCK_NONBLOCK) {
rc |= setfl(socket_vector[0], O_NONBLOCK);
rc |= setfl(socket_vector[1], O_NONBLOCK);
}
if (flags & SOCK_CLOEXEC) {
rc |= setfd(socket_vector[0], FD_CLOEXEC);
rc |= setfd(socket_vector[1], FD_CLOEXEC);
}
if (rc != 0) {
int e = errno;
close(socket_vector[0]);
close(socket_vector[1]);
errno = e;
}
}
return rc;
}

11
tests/ocsptest.bat Normal file
View File

@@ -0,0 +1,11 @@
@echo off
setlocal enabledelayedexpansion
REM ocsptest.bat
set TEST=Debug\ocsp_test.exe
if not exist %TEST% exit /b 1
%TEST% www.amazon.com 443 & if !errorlevel! neq 0 exit /b 1
%TEST% cloudflare.com 443 & if !errorlevel! neq 0 exit /b 1
endlocal

8
tests/ocsptest.sh Executable file
View File

@@ -0,0 +1,8 @@
#!/bin/sh
set -e
TEST=./ocsp_test
if [ -e ./ocsp_test.exe ]; then
TEST=./ocsp_test.exe
fi
$TEST www.amazon.com 443
$TEST cloudflare.com 443

14
tests/pq_test.bat Normal file
View File

@@ -0,0 +1,14 @@
@echo off
setlocal enabledelayedexpansion
REM pq_test.bat
set TEST=Debug\pq_test.exe
if not exist %TEST% exit /b 1
set pq_output=pq_output.txt
if exist %pq_output% del %pq_output%
%TEST% > %pq_output%
fc /b %pq_output% %srcdir%\pq_expected.txt
endlocal

17
tests/servertest.bat Normal file
View File

@@ -0,0 +1,17 @@
@echo off
setlocal enabledelayedexpansion
REM servertest.bat
set servertest_bin=Debug\servertest.exe
if not exist %servertest_bin% exit /b 1
if "%srcdir%"=="" (
set srcdir=.
)
%servertest_bin% %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem
if !errorlevel! neq 0 (
exit /b 1
)
endlocal

13
tests/servertest.sh Executable file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
set -e
servertest_bin=./servertest
if [ -e ./servertest.exe ]; then
servertest_bin=./servertest.exe
fi
if [ -z $srcdir ]; then
srcdir=.
fi
$servertest_bin $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem

21
tests/ssltest.bat Normal file
View File

@@ -0,0 +1,21 @@
@echo off
setlocal enabledelayedexpansion
REM ssltest.bat
set ssltest_bin=Debug\ssltest.exe
if not exist %ssltest_bin% exit /b 1
set openssl_bin=..\apps\openssl\Debug\openssl.exe
if not exist %openssl_bin% exit /b 1
if "%srcdir%"=="" (
set srcdir=.
)
%srcdir%\testssl.bat %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem ^
%ssltest_bin% %openssl_bin%
if !errorlevel! neq 0 (
exit /b 1
)
endlocal

View File

@@ -6,9 +6,16 @@ if [ -e ./ssltest.exe ]; then
ssltest_bin=./ssltest.exe ssltest_bin=./ssltest.exe
fi fi
openssl_bin=../apps/openssl/openssl if [ -d ../apps/openssl ]; then
if [ -e ../apps/openssl/openssl.exe ]; then openssl_bin=../apps/openssl/openssl
openssl_bin=../apps/openssl/openssl.exe if [ -e ../apps/openssl/openssl.exe ]; then
openssl_bin=../apps/openssl/openssl.exe
fi
else
openssl_bin=../apps/openssl
if [ -e ../apps/openssl.exe ]; then
openssl_bin=../apps/openssl.exe
fi
fi fi
if [ -z $srcdir ]; then if [ -z $srcdir ]; then

38
tests/testdsa.bat Normal file
View File

@@ -0,0 +1,38 @@
@echo off
setlocal enabledelayedexpansion
REM testdsa.bat
REM # Test DSA certificate generation of openssl
set cmd=..\apps\openssl\Debug\openssl.exe
if not exist %cmd% exit /b 1
if "%srcdir%"=="" (
set srcdir=.
)
REM # Generate DSA paramter set
%cmd% dsaparam 512 -out dsa512.pem
if !errorlevel! neq 0 (
exit /b 1
)
REM # Generate a DSA certificate
%cmd% req -config %srcdir%\openssl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key
if !errorlevel! neq 0 (
exit /b 1
)
REM # Now check the certificate
%cmd% x509 -text -in testdsa.pem
if !errorlevel! neq 0 (
exit /b 1
)
del testdsa.key dsa512.pem testdsa.pem
exit /b 0
endlocal

View File

@@ -4,9 +4,16 @@
#Test DSA certificate generation of openssl #Test DSA certificate generation of openssl
cmd=../apps/openssl/openssl if [ -d ../apps/openssl ]; then
if [ -e ../apps/openssl/openssl.exe ]; then cmd=../apps/openssl/openssl
cmd=../apps/openssl/openssl.exe if [ -e ../apps/openssl/openssl.exe ]; then
cmd=../apps/openssl/openssl.exe
fi
else
cmd=../apps/openssl
if [ -e ../apps/openssl.exe ]; then
cmd=../apps/openssl.exe
fi
fi fi
if [ -z $srcdir ]; then if [ -z $srcdir ]; then

69
tests/testenc.bat Normal file
View File

@@ -0,0 +1,69 @@
@echo off
setlocal enabledelayedexpansion
REM testenc.bat
set test=p
set cmd=..\apps\openssl\Debug\openssl.exe
if not exist %cmd% exit /b 1
set srcdir=..\..\tests
copy %srcdir%\openssl.cnf %test%
echo cat
%cmd% enc -in %test% -out %test%.cipher
%cmd% enc -in %test%.cipher -out %test%.clear
fc /b %test% %test%.clear
if !errorlevel! neq 0 (
exit /b 1
) else (
del %test%.cipher %test%.clear
)
echo base64
%cmd% enc -a -e -in %test% -out %test%.cipher
%cmd% enc -a -d -in %test%.cipher -out %test%.clear
fc /b %test% %test%.clear
if !errorlevel! neq 0 (
exit /b 1
) else (
del %test%.cipher %test%.clear
)
for %%i in (
aes-128-cbc aes-128-cfb aes-128-cfb1 aes-128-cfb8
aes-128-ecb aes-128-ofb aes-192-cbc aes-192-cfb
aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb
aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8
aes-256-ecb aes-256-ofb
bf-cbc bf-cfb bf-ecb bf-ofb
cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb
des-cbc des-cfb des-cfb8 des-ecb des-ede
des-ede-cbc des-ede-cfb des-ede-ofb des-ede3
des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb desx-cbc
rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb
rc4 rc4-40
) do (
echo %%i
%cmd% %%i -e -k test -in %test% -out %test%.%%i.cipher
%cmd% %%i -d -k test -in %test%.%%i.cipher -out %test%.%%i.clear
fc /b %test% %test%.%%i.clear
if !errorlevel! neq 0 (
exit /b 1
) else (
del %test%.%%i.cipher %test%.%%i.clear
)
echo %%i base64
%cmd% %%i -a -e -k test -in %test% -out %test%.%%i.cipher
%cmd% %%i -a -d -k test -in %test%.%%i.cipher -out %test%.%%i.clear
fc /b %test% %test%.%%i.clear
if !errorlevel! neq 0 (
exit /b 1
) else (
del %test%.%%i.cipher %test%.%%i.clear
)
)
del %test%
endlocal

View File

@@ -2,12 +2,23 @@
# $OpenBSD: testenc.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $ # $OpenBSD: testenc.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $
test=p test=p
cmd=../apps/openssl/openssl if [ -d ../apps/openssl ]; then
if [ -e ../apps/openssl/openssl.exe ]; then cmd=../apps/openssl/openssl
cmd=../apps/openssl/openssl.exe if [ -e ../apps/openssl/openssl.exe ]; then
cmd=../apps/openssl/openssl.exe
fi
else
cmd=../apps/openssl
if [ -e ../apps/openssl.exe ]; then
cmd=../apps/openssl.exe
fi
fi fi
cat openssl.cnf >$test; if [ -z $srcdir ]; then
srcdir=.
fi
cat $srcdir/openssl.cnf >$test;
echo cat echo cat
$cmd enc < $test > $test.cipher $cmd enc < $test > $test.cipher

38
tests/testrsa.bat Normal file
View File

@@ -0,0 +1,38 @@
@echo off
setlocal enabledelayedexpansion
REM testrsa.bat
REM # Test RSA certificate generation of openssl
set cmd=..\apps\openssl\Debug\openssl.exe
if not exist %cmd% exit /b 1
if "%srcdir%"=="" (
set srcdir=.
)
REM # Generate RSA private key
%cmd% genrsa -out rsakey.pem
if !errorlevel! neq 0 (
exit /b 1
)
REM # Generate an RSA certificate
%cmd% req -config %srcdir%\openssl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem
if !errorlevel! neq 0 (
exit /b 1
)
REM # Now check the certificate
%cmd% x509 -text -in rsacert.pem
if !errorlevel! neq 0 (
exit /b 1
)
del rsacert.pem rsakey.pem
exit /b 0
endlocal

View File

@@ -4,9 +4,16 @@
#Test RSA certificate generation of openssl #Test RSA certificate generation of openssl
cmd=../apps/openssl/openssl if [ -d ../apps/openssl ]; then
if [ -e ../apps/openssl/openssl.exe ]; then cmd=../apps/openssl/openssl
cmd=../apps/openssl/openssl.exe if [ -e ../apps/openssl/openssl.exe ]; then
cmd=../apps/openssl/openssl.exe
fi
else
cmd=../apps/openssl
if [ -e ../apps/openssl.exe ]; then
cmd=../apps/openssl.exe
fi
fi fi
if [ -z $srcdir ]; then if [ -z $srcdir ]; then

145
tests/testssl.bat Normal file
View File

@@ -0,0 +1,145 @@
@echo off
setlocal enabledelayedexpansion
REM testssl.bat
set key=%1
set cert=%2
set CA=-CAfile %3
set ssltest=%4 -key %key% -cert %cert% -c_key %key% -c_cert %cert%
set openssl=%5
set extra=%6
%openssl% version & if !errorlevel! neq 0 exit /b 1
for /f "usebackq" %%s in (`%openssl% x509 -in %cert% -text -noout ^| find /c "DSA Public Key"`) do set lines=%%s
if %lines% gtr 0 (
set dsa_cert=YES
) else (
set dsa_cert=NO
)
REM #########################################################################
echo test sslv2/sslv3
%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1
echo test sslv2/sslv3 with server authentication
%ssltest% -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test sslv2/sslv3 with client authentication
%ssltest% -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test sslv2/sslv3 with both client and server authentication
%ssltest% -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test sslv2/sslv3 via BIO pair
%ssltest% %extra% & if !errorlevel! neq 0 exit /b 1
if %dsa_cert%==NO (
echo "test sslv2/sslv3 w/o (EC)DHE via BIO pair"
%ssltest% -bio_pair -no_dhe -no_ecdhe %extra% & if !errorlevel! neq 0 exit /b 1
)
echo test sslv2/sslv3 with 1024bit DHE via BIO pair
%ssltest% -bio_pair -dhe1024dsa -v %extra% & if !errorlevel! neq 0 exit /b 1
echo test sslv2/sslv3 with server authentication
%ssltest% -bio_pair -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test sslv2/sslv3 with client authentication via BIO pair
%ssltest% -bio_pair -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test sslv2/sslv3 with both client and server authentication via BIO pair
%ssltest% -bio_pair -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify
%ssltest% -bio_pair -server_auth -client_auth -app_verify %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo "Testing ciphersuites"
for %%p in ( TLSv1.2 ) do (
echo "Testing ciphersuites for %%p"
for /f "usebackq" %%c in (`%openssl% ciphers -v "%%p+aRSA"`) do (
echo "Testing %%c"
%ssltest% -cipher %%c
if !errorlevel! neq 0 (
echo "Failed %%c"
exit /b 1
)
)
)
REM ##########################################################################
for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
if %nodh%==no-dh (
echo skipping anonymous DH tests
) else (
echo test tls1 with 1024bit anonymous DH, multiple handshakes
%ssltest% -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
)
REM #for /f "usebackq" %%s in (`%openssl% no-rsa`) do set norsa=%%s
REM #if %norsa%==no-rsa (
REM # echo skipping RSA tests
REM #) else (
REM # echo "test tls1 with 1024bit RSA, no (EC)DHE, multiple handshakes"
REM # %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -no_dhe -no_ecdhe -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
REM #
REM # for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
REM # if %nodh%==no-dh (
REM # echo skipping RSA+DHE tests
REM # ) else (
REM # echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes
REM # %ssltest% -v -bio_pair -tls1 -cert ..\apps\server2.pem -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
REM # )
REM #)
REM #
REM # DTLS tests
REM #
echo test dtlsv1
%ssltest% -dtls1 %extra% & if !errorlevel! neq 0 exit /b 1
echo test dtlsv1 with server authentication
%ssltest% -dtls1 -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test dtlsv1 with client authentication
%ssltest% -dtls1 -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test dtlsv1 with both client and server authentication
%ssltest% -dtls1 -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo "Testing DTLS ciphersuites"
for %%p in ( SSLv3 ) do (
echo "Testing ciphersuites for %%p"
for /f "usebackq" %%c in (`%openssl% ciphers -v "RSA+%%p:-RC4"`) do (
echo "Testing %%c"
%ssltest% -cipher %%c -dtls1
if !errorlevel! neq 0 (
echo "Failed %%c"
exit /b 1
)
)
)
REM #
REM # ALPN tests
REM #
echo "Testing ALPN..."
%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server foo ^
-alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo ^
-alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo ^
-alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar ^
-alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo ^
-alpn_expected bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo ^
-alpn_expected bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo & if !errorlevel! neq 0 exit /b 1
endlocal

17
tests/tlstest.bat Normal file
View File

@@ -0,0 +1,17 @@
@echo off
setlocal enabledelayedexpansion
REM tlstest.bat
set tlstest_bin=Debug\tlstest.exe
if not exist %tlstest_bin% exit /b 1
if "%srcdir%"=="" (
set srcdir=.
)
%tlstest_bin% %srcdir%\ca.pem %srcdir%\server.pem %srcdir%\server.pem
if !errorlevel! neq 0 (
exit /b 1
)
endlocal

13
tests/tlstest.sh Executable file
View File

@@ -0,0 +1,13 @@
#!/bin/sh
set -e
tlstest_bin=./tlstest
if [ -e ./tlstest.exe ]; then
tlstest_bin=./tlstest.exe
fi
if [ -z $srcdir ]; then
srcdir=.
fi
$tlstest_bin $srcdir/ca.pem $srcdir/server.pem $srcdir/server.pem

View File

@@ -7,30 +7,46 @@ include_directories(
set( set(
TLS_SRC TLS_SRC
tls.c tls.c
tls_bio_cb.c
tls_client.c tls_client.c
tls_config.c tls_config.c
tls_conninfo.c tls_conninfo.c
tls_server.c tls_server.c
tls_ocsp.c
tls_peer.c tls_peer.c
tls_util.c tls_util.c
tls_verify.c tls_verify.c
) )
if(NOT HAVE_STRCASECMP) if(NOT "${OPENSSLDIR}" STREQUAL "")
set(TLS_SRC ${TLS_SRC} strsep.c) add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
else()
add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif() endif()
add_library(tls-objects OBJECT ${TLS_SRC})
if (BUILD_SHARED) if (BUILD_SHARED)
add_library(tls-objects OBJECT ${TLS_SRC})
add_library(tls STATIC $<TARGET_OBJECTS:tls-objects>) add_library(tls STATIC $<TARGET_OBJECTS:tls-objects>)
add_library(tls-shared SHARED $<TARGET_OBJECTS:tls-objects>) add_library(tls-shared SHARED $<TARGET_OBJECTS:tls-objects>)
set_target_properties(tls-shared PROPERTIES OUTPUT_NAME tls) export_symbol(tls-shared ${CMAKE_CURRENT_SOURCE_DIR}/tls.sym)
target_link_libraries(tls-shared ssl-shared crypto-shared)
if (WIN32)
target_link_libraries(tls-shared Ws2_32.lib)
set(TLS_POSTFIX -${TLS_MAJOR_VERSION})
endif()
set_target_properties(tls-shared PROPERTIES
OUTPUT_NAME tls${TLS_POSTFIX}
ARCHIVE_OUTPUT_NAME tls${TLS_POSTFIX})
set_target_properties(tls-shared PROPERTIES VERSION ${TLS_VERSION} set_target_properties(tls-shared PROPERTIES VERSION ${TLS_VERSION}
SOVERSION ${TLS_MAJOR_VERSION}) SOVERSION ${TLS_MAJOR_VERSION})
install(TARGETS tls tls-shared DESTINATION lib) if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS tls tls-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif(ENABLE_LIBRESSL_INSTALL)
else() else()
add_library(tls STATIC ${TLS_SRC}) add_library(tls STATIC ${TLS_SRC})
install(TARGETS tls DESTINATION lib) if(ENABLE_LIBRESSL_INSTALL)
install(TARGETS tls DESTINATION ${CMAKE_INSTALL_LIBDIR})
endif(ENABLE_LIBRESSL_INSTALL)
endif() endif()

View File

@@ -4,8 +4,9 @@ lib_LTLIBRARIES = libtls.la
EXTRA_DIST = VERSION EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt EXTRA_DIST += CMakeLists.txt
EXTRA_DIST += tls.sym
libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym
libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la
libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la
libtls_la_LIBADD += $(PLATFORM_LDADD) libtls_la_LIBADD += $(PLATFORM_LDADD)
@@ -19,14 +20,12 @@ endif
libtls_la_SOURCES = tls.c libtls_la_SOURCES = tls.c
libtls_la_SOURCES += tls_client.c libtls_la_SOURCES += tls_client.c
libtls_la_SOURCES += tls_bio_cb.c
libtls_la_SOURCES += tls_config.c libtls_la_SOURCES += tls_config.c
libtls_la_SOURCES += tls_conninfo.c libtls_la_SOURCES += tls_conninfo.c
libtls_la_SOURCES += tls_server.c libtls_la_SOURCES += tls_server.c
libtls_la_SOURCES += tls_ocsp.c
libtls_la_SOURCES += tls_peer.c libtls_la_SOURCES += tls_peer.c
libtls_la_SOURCES += tls_util.c libtls_la_SOURCES += tls_util.c
libtls_la_SOURCES += tls_verify.c libtls_la_SOURCES += tls_verify.c
noinst_HEADERS = tls_internal.h noinst_HEADERS = tls_internal.h
if !HAVE_STRSEP
libtls_la_SOURCES += strsep.c
endif

195
update.sh
View File

@@ -13,28 +13,31 @@ if [ ! -d openbsd ]; then
fi fi
fi fi
(cd openbsd (cd openbsd
git fetch
git checkout $openbsd_branch git checkout $openbsd_branch
git pull --rebase) git pull --rebase)
# setup source paths # setup source paths
CWD=`pwd` CWD=`pwd`
libc_src=$CWD/openbsd/src/lib/libc OPENBSD_SRC=$CWD/openbsd/src
libc_regress=$CWD/openbsd/src/regress/lib/libc libc_src=$OPENBSD_SRC/lib/libc
libcrypto_src=$CWD/openbsd/src/lib/libcrypto libc_regress=$OPENBSD_SRC/regress/lib/libc
libcrypto_regress=$CWD/openbsd/src/regress/lib/libcrypto libcrypto_src=$OPENBSD_SRC/lib/libcrypto
libssl_src=$CWD/openbsd/src/lib/libssl libcrypto_regress=$OPENBSD_SRC/regress/lib/libcrypto
libssl_regress=$CWD/openbsd/src/regress/lib/libssl libssl_src=$OPENBSD_SRC/lib/libssl
libtls_src=$CWD/openbsd/src/lib/libtls libssl_regress=$OPENBSD_SRC/regress/lib/libssl
libtls_regress=$CWD/openbsd/src/regress/lib/libtls libtls_src=$OPENBSD_SRC/lib/libtls
app_src=$CWD/openbsd/src/usr.bin libtls_regress=$OPENBSD_SRC/regress/lib/libtls
bin_src=$OPENBSD_SRC/usr.bin
sbin_src=$OPENBSD_SRC/usr.sbin
# load library versions # load library versions
. $libcrypto_src/crypto/shlib_version . $libcrypto_src/shlib_version
libcrypto_version=$major:$minor:0 libcrypto_version=$major:$minor:0
echo "libcrypto version $libcrypto_version" echo "libcrypto version $libcrypto_version"
echo $libcrypto_version > crypto/VERSION echo $libcrypto_version > crypto/VERSION
. $libssl_src/ssl/shlib_version . $libssl_src/shlib_version
libssl_version=$major:$minor:0 libssl_version=$major:$minor:0
echo "libssl version $libssl_version" echo "libssl version $libssl_version"
echo $libssl_version > ssl/VERSION echo $libssl_version > ssl/VERSION
@@ -61,12 +64,16 @@ do_cp_libc() {
CP_LIBC='do_cp_libc' CP_LIBC='do_cp_libc'
CP='cp -p' CP='cp -p'
GREP='grep'
if [ -x /opt/csw/bin/ggrep ]; then
GREP='/opt/csw/bin/ggrep'
fi
$CP $libssl_src/src/LICENSE COPYING $CP $libssl_src/LICENSE COPYING
$CP $libcrypto_src/crypto/arch/amd64/opensslconf.h include/openssl $CP $libcrypto_src/arch/amd64/opensslconf.h include/openssl
$CP $libssl_src/src/crypto/opensslfeatures.h include/openssl $CP $libcrypto_src/opensslfeatures.h include/openssl
$CP $libssl_src/src/ssl/pqueue.h include $CP $libssl_src/pqueue.h include
$CP $libtls_src/tls.h include $CP $libtls_src/tls.h include
$CP $libtls_src/tls.h libtls-standalone/include $CP $libtls_src/tls.h libtls-standalone/include
@@ -75,17 +82,20 @@ for i in crypto/compat libtls-standalone/compat; do
for j in $libc_src/crypt/arc4random.c \ for j in $libc_src/crypt/arc4random.c \
$libc_src/crypt/arc4random_uniform.c \ $libc_src/crypt/arc4random_uniform.c \
$libc_src/crypt/chacha_private.h \ $libc_src/crypt/chacha_private.h \
$libc_src/string/explicit_bzero.c \ $libc_src/net/inet_pton.c \
$libc_src/stdlib/reallocarray.c \ $libc_src/stdlib/reallocarray.c \
$libc_src/stdlib/recallocarray.c \
$libc_src/string/explicit_bzero.c \
$libc_src/string/strcasecmp.c \ $libc_src/string/strcasecmp.c \
$libc_src/string/strlcpy.c \ $libc_src/string/strlcpy.c \
$libc_src/string/strlcat.c \ $libc_src/string/strlcat.c \
$libc_src/string/strndup.c \ $libc_src/string/strndup.c \
$libc_src/string/strnlen.c \ $libc_src/string/strnlen.c \
$libc_src/string/strsep.c \
$libc_src/string/timingsafe_bcmp.c \ $libc_src/string/timingsafe_bcmp.c \
$libc_src/string/timingsafe_memcmp.c \ $libc_src/string/timingsafe_memcmp.c \
$libcrypto_src/crypto/getentropy_*.c \ $libcrypto_src/arc4random/getentropy_*.c \
$libcrypto_src/crypto/arc4random_*.h; do $libcrypto_src/arc4random/arc4random_*.h; do
$CP_LIBC $j $i $CP_LIBC $j $i
done done
done done
@@ -99,36 +109,36 @@ $CP crypto/compat/arc4random*.h \
crypto/compat/bsd-asprintf.c \ crypto/compat/bsd-asprintf.c \
libtls-standalone/compat libtls-standalone/compat
(cd $libssl_src/src/crypto/objects/; (cd $libcrypto_src/objects/;
perl objects.pl objects.txt obj_mac.num obj_mac.h; perl objects.pl objects.txt obj_mac.num obj_mac.h;
perl obj_dat.pl obj_mac.h obj_dat.h ) perl obj_dat.pl obj_mac.h obj_dat.h )
mkdir -p include/openssl crypto/objects mkdir -p include/openssl crypto/objects
$MV $libssl_src/src/crypto/objects/obj_mac.h ./include/openssl/obj_mac.h $MV $libcrypto_src/objects/obj_mac.h ./include/openssl/obj_mac.h
$MV $libssl_src/src/crypto/objects/obj_dat.h ./crypto/objects/obj_dat.h $MV $libcrypto_src/objects/obj_dat.h ./crypto/objects/obj_dat.h
copy_hdrs() { copy_hdrs() {
for file in $2; do for file in $2; do
$CP $libssl_src/src/$1/$file include/openssl $CP $1/$file include/openssl
done done
} }
copy_hdrs crypto "stack/stack.h lhash/lhash.h stack/safestack.h copy_hdrs $libcrypto_src "stack/stack.h lhash/lhash.h stack/safestack.h
ossl_typ.h err/err.h crypto.h comp/comp.h x509/x509.h buffer/buffer.h ossl_typ.h err/err.h crypto.h comp/comp.h x509/x509.h buffer/buffer.h
objects/objects.h asn1/asn1.h bn/bn.h ec/ec.h ecdsa/ecdsa.h objects/objects.h asn1/asn1.h bn/bn.h ec/ec.h ecdsa/ecdsa.h
ecdh/ecdh.h rsa/rsa.h sha/sha.h x509/x509_vfy.h pkcs7/pkcs7.h pem/pem.h ecdh/ecdh.h rsa/rsa.h sha/sha.h x509/x509_vfy.h pkcs7/pkcs7.h pem/pem.h
pem/pem2.h hmac/hmac.h rand/rand.h md5/md5.h pem/pem2.h hkdf/hkdf.h hmac/hmac.h rand/rand.h md5/md5.h
krb5/krb5_asn.h asn1/asn1_mac.h x509v3/x509v3.h conf/conf.h ocsp/ocsp.h asn1/asn1_mac.h x509v3/x509v3.h conf/conf.h ocsp/ocsp.h
aes/aes.h modes/modes.h asn1/asn1t.h dso/dso.h bf/blowfish.h aes/aes.h modes/modes.h asn1/asn1t.h dso/dso.h bf/blowfish.h
bio/bio.h cast/cast.h cmac/cmac.h conf/conf_api.h des/des.h dh/dh.h bio/bio.h cast/cast.h cmac/cmac.h conf/conf_api.h des/des.h dh/dh.h
dsa/dsa.h cms/cms.h engine/engine.h ui/ui.h pkcs12/pkcs12.h ts/ts.h dsa/dsa.h engine/engine.h ui/ui.h pkcs12/pkcs12.h ts/ts.h
md4/md4.h ripemd/ripemd.h whrlpool/whrlpool.h idea/idea.h md4/md4.h ripemd/ripemd.h whrlpool/whrlpool.h idea/idea.h
rc2/rc2.h rc4/rc4.h ui/ui_compat.h txt_db/txt_db.h rc2/rc2.h rc4/rc4.h ui/ui_compat.h txt_db/txt_db.h
chacha/chacha.h evp/evp.h poly1305/poly1305.h camellia/camellia.h chacha/chacha.h evp/evp.h poly1305/poly1305.h camellia/camellia.h
gost/gost.h" gost/gost.h curve25519/curve25519.h"
copy_hdrs ssl "srtp.h ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h" copy_hdrs $libssl_src "srtp.h ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h"
$CP $libssl_src/src/crypto/opensslv.h include/openssl $CP $libcrypto_src/opensslv.h include/openssl
awk '/LIBRESSL_VERSION_TEXT/ {print $4}' < include/openssl/opensslv.h | cut -d\" -f1 > VERSION awk '/LIBRESSL_VERSION_TEXT/ {print $4}' < include/openssl/opensslv.h | cut -d\" -f1 > VERSION
echo "LibreSSL version `cat VERSION`" echo "LibreSSL version `cat VERSION`"
@@ -139,16 +149,18 @@ for i in `awk '/SOURCES|HEADERS/ { print $3 }' crypto/Makefile.am` ; do
dir=`dirname $i` dir=`dirname $i`
mkdir -p crypto/$dir mkdir -p crypto/$dir
if [ $dir != "compat" ]; then if [ $dir != "compat" ]; then
if [ -e $libssl_src/src/crypto/$i ]; then if [ -e $libcrypto_src/$i ]; then
$CP $libssl_src/src/crypto/$i crypto/$i $CP $libcrypto_src/$i crypto/$i
fi fi
fi fi
done done
$CP crypto/compat/b_win.c crypto/bio $CP crypto/compat/b_win.c crypto/bio
$CP crypto/compat/ui_openssl_win.c crypto/ui $CP crypto/compat/ui_openssl_win.c crypto/ui
# add the libcrypto symbol export list
$GREP -v OPENSSL_ia32cap_P $libcrypto_src/Symbols.list | $GREP '^[[:alpha:]]' > crypto/crypto.sym
# generate assembly crypto algorithms # generate assembly crypto algorithms
asm_src=$libssl_src/src/crypto asm_src=$libcrypto_src
gen_asm_stdout() { gen_asm_stdout() {
perl $asm_src/$2 $1 > $3.tmp perl $asm_src/$2 $1 > $3.tmp
[ $1 = "elf" ] && cat <<-EOF >> $3.tmp [ $1 = "elf" ] && cat <<-EOF >> $3.tmp
@@ -169,24 +181,24 @@ gen_asm() {
} }
for abi in elf macosx; do for abi in elf macosx; do
echo generating ASM source for $abi echo generating ASM source for $abi
gen_asm_stdout $abi aes/asm/aes-x86_64.pl crypto/aes/aes-$abi-x86_64.s gen_asm_stdout $abi aes/asm/aes-x86_64.pl crypto/aes/aes-$abi-x86_64.S
gen_asm_stdout $abi aes/asm/vpaes-x86_64.pl crypto/aes/vpaes-$abi-x86_64.s gen_asm_stdout $abi aes/asm/vpaes-x86_64.pl crypto/aes/vpaes-$abi-x86_64.S
gen_asm_stdout $abi aes/asm/bsaes-x86_64.pl crypto/aes/bsaes-$abi-x86_64.s gen_asm_stdout $abi aes/asm/bsaes-x86_64.pl crypto/aes/bsaes-$abi-x86_64.S
gen_asm_stdout $abi aes/asm/aesni-x86_64.pl crypto/aes/aesni-$abi-x86_64.s gen_asm_stdout $abi aes/asm/aesni-x86_64.pl crypto/aes/aesni-$abi-x86_64.S
gen_asm_stdout $abi aes/asm/aesni-sha1-x86_64.pl crypto/aes/aesni-sha1-$abi-x86_64.s gen_asm_stdout $abi aes/asm/aesni-sha1-x86_64.pl crypto/aes/aesni-sha1-$abi-x86_64.S
gen_asm_stdout $abi bn/asm/modexp512-x86_64.pl crypto/bn/modexp512-$abi-x86_64.s gen_asm_stdout $abi bn/asm/modexp512-x86_64.pl crypto/bn/modexp512-$abi-x86_64.S
gen_asm_stdout $abi bn/asm/x86_64-mont.pl crypto/bn/mont-$abi-x86_64.s gen_asm_stdout $abi bn/asm/x86_64-mont.pl crypto/bn/mont-$abi-x86_64.S
gen_asm_stdout $abi bn/asm/x86_64-mont5.pl crypto/bn/mont5-$abi-x86_64.s gen_asm_stdout $abi bn/asm/x86_64-mont5.pl crypto/bn/mont5-$abi-x86_64.S
gen_asm_stdout $abi bn/asm/x86_64-gf2m.pl crypto/bn/gf2m-$abi-x86_64.s gen_asm_stdout $abi bn/asm/x86_64-gf2m.pl crypto/bn/gf2m-$abi-x86_64.S
gen_asm_stdout $abi camellia/asm/cmll-x86_64.pl crypto/camellia/cmll-$abi-x86_64.s gen_asm_stdout $abi camellia/asm/cmll-x86_64.pl crypto/camellia/cmll-$abi-x86_64.S
gen_asm_stdout $abi md5/asm/md5-x86_64.pl crypto/md5/md5-$abi-x86_64.s gen_asm_stdout $abi md5/asm/md5-x86_64.pl crypto/md5/md5-$abi-x86_64.S
gen_asm_stdout $abi modes/asm/ghash-x86_64.pl crypto/modes/ghash-$abi-x86_64.s gen_asm_stdout $abi modes/asm/ghash-x86_64.pl crypto/modes/ghash-$abi-x86_64.S
gen_asm_stdout $abi rc4/asm/rc4-x86_64.pl crypto/rc4/rc4-$abi-x86_64.s gen_asm_stdout $abi rc4/asm/rc4-x86_64.pl crypto/rc4/rc4-$abi-x86_64.S
gen_asm_stdout $abi rc4/asm/rc4-md5-x86_64.pl crypto/rc4/rc4-md5-$abi-x86_64.s gen_asm_stdout $abi rc4/asm/rc4-md5-x86_64.pl crypto/rc4/rc4-md5-$abi-x86_64.S
gen_asm_stdout $abi sha/asm/sha1-x86_64.pl crypto/sha/sha1-$abi-x86_64.s gen_asm_stdout $abi sha/asm/sha1-x86_64.pl crypto/sha/sha1-$abi-x86_64.S
gen_asm $abi sha/asm/sha512-x86_64.pl crypto/sha/sha256-$abi-x86_64.S gen_asm $abi sha/asm/sha512-x86_64.pl crypto/sha/sha256-$abi-x86_64.S
gen_asm $abi sha/asm/sha512-x86_64.pl crypto/sha/sha512-$abi-x86_64.S gen_asm $abi sha/asm/sha512-x86_64.pl crypto/sha/sha512-$abi-x86_64.S
gen_asm_stdout $abi whrlpool/asm/wp-x86_64.pl crypto/whrlpool/wp-$abi-x86_64.s gen_asm_stdout $abi whrlpool/asm/wp-x86_64.pl crypto/whrlpool/wp-$abi-x86_64.S
gen_asm $abi x86_64cpuid.pl crypto/cpuid-$abi-x86_64.S gen_asm $abi x86_64cpuid.pl crypto/cpuid-$abi-x86_64.S
done done
@@ -199,9 +211,8 @@ for i in `awk '/SOURCES|HEADERS/ { print $3 }' tls/Makefile.am` ; do
$CP $libtls_src/$i libtls-standalone/src $CP $libtls_src/$i libtls-standalone/src
fi fi
done done
# add the libtls symbol export list
$CP_LIBC $libc_src/string/strsep.c tls $GREP '^[[:alpha:]]' < $libtls_src/Symbols.list > tls/tls.sym
$CP_LIBC $libc_src/string/strsep.c libtls-standalone/compat
mkdir -p libtls-standalone/m4 mkdir -p libtls-standalone/m4
$CP m4/check*.m4 \ $CP m4/check*.m4 \
@@ -212,25 +223,38 @@ sed -e "s/compat\///" crypto/Makefile.am.arc4random > \
# copy nc(1) source # copy nc(1) source
echo "copying nc(1) source" echo "copying nc(1) source"
$CP $app_src/nc/nc.1 apps/nc $CP $bin_src/nc/nc.1 apps/nc
rm -f apps/nc/*.c apps/nc/*.h rm -f apps/nc/*.c apps/nc/*.h
$CP_LIBC $libc_src/net/base64.c apps/nc/compat
$CP_LIBC $libc_src/stdlib/strtonum.c apps/nc/compat $CP_LIBC $libc_src/stdlib/strtonum.c apps/nc/compat
for i in `awk '/SOURCES|HEADERS|MANS/ { print $3 }' apps/nc/Makefile.am` ; do for i in `awk '/SOURCES|HEADERS|MANS/ { print $3 }' apps/nc/Makefile.am` ; do
if [ -e $app_src/nc/$i ]; then if [ -e $bin_src/nc/$i ]; then
$CP $app_src/nc/$i apps/nc $CP $bin_src/nc/$i apps/nc
fi
done
# copy ocspcheck(1) source
echo "copying ocspcheck(1) source"
$CP $sbin_src/ocspcheck/ocspcheck.8 apps/ocspcheck
rm -f apps/ocspcheck/*.c apps/ocspcheck/*.h
$CP_LIBC $libc_src/net/inet_ntop.c apps/ocspcheck/compat
$CP_LIBC $libc_src/string/memmem.c apps/ocspcheck/compat
for i in `awk '/SOURCES|HEADERS|MANS/ { print $3 }' apps/ocspcheck/Makefile.am` ; do
if [ -e $sbin_src/ocspcheck/$i ]; then
$CP $sbin_src/ocspcheck/$i apps/ocspcheck
fi fi
done done
# copy openssl(1) source # copy openssl(1) source
echo "copying openssl(1) source" echo "copying openssl(1) source"
$CP $app_src/openssl/openssl.1 apps/openssl $CP $bin_src/openssl/openssl.1 apps/openssl
$CP_LIBC $libc_src/stdlib/strtonum.c apps/openssl/compat $CP_LIBC $libc_src/stdlib/strtonum.c apps/openssl/compat
$CP $libcrypto_src/cert.pem apps/openssl $CP $libcrypto_src/cert.pem apps/openssl
$CP $libcrypto_src/openssl.cnf apps/openssl $CP $libcrypto_src/openssl.cnf apps/openssl
$CP $libcrypto_src/x509v3.cnf apps/openssl $CP $libcrypto_src/x509v3.cnf apps/openssl
for i in `awk '/SOURCES|HEADERS|MANS/ { print $3 }' apps/openssl/Makefile.am` ; do for i in `awk '/SOURCES|HEADERS|MANS/ { print $3 }' apps/openssl/Makefile.am` ; do
if [ -e $app_src/openssl/$i ]; then if [ -e $bin_src/openssl/$i ]; then
$CP $app_src/openssl/$i apps/openssl $CP $bin_src/openssl/$i apps/openssl
fi fi
done done
@@ -238,8 +262,10 @@ done
echo "copying libssl source" echo "copying libssl source"
rm -f ssl/*.c ssl/*.h rm -f ssl/*.c ssl/*.h
for i in `awk '/SOURCES|HEADERS/ { print $3 }' ssl/Makefile.am` ; do for i in `awk '/SOURCES|HEADERS/ { print $3 }' ssl/Makefile.am` ; do
$CP $libssl_src/src/ssl/$i ssl $CP $libssl_src/$i ssl
done done
# add the libssl symbol export list
$GREP '^[[:alpha:]]' < $libssl_src/Symbols.list > ssl/ssl.sym
# copy libcrypto tests # copy libcrypto tests
echo "copying tests" echo "copying tests"
@@ -248,12 +274,11 @@ for i in `find $libcrypto_regress -name '*.c'`; do
done done
$CP $libcrypto_regress/evp/evptests.txt tests $CP $libcrypto_regress/evp/evptests.txt tests
$CP $libcrypto_regress/aead/aeadtests.txt tests $CP $libcrypto_regress/aead/aeadtests.txt tests
$CP $libcrypto_regress/pqueue/expected.txt tests/pq_expected.txt
# copy libc tests # copy libc tests
$CP $libc_regress/arc4random-fork/arc4random-fork.c tests/arc4randomforktest.c $CP $libc_regress/arc4random-fork/arc4random-fork.c tests/arc4randomforktest.c
$CP $libc_regress/explicit_bzero/explicit_bzero.c tests $CP $libc_regress/explicit_bzero/explicit_bzero.c tests
$CP_LIBC $libc_src/string/memmem.c tests $CP_LIBC $libc_src/string/memmem.c tests/compat
$CP $libc_regress/timingsafe/timingsafe.c tests $CP $libc_regress/timingsafe/timingsafe.c tests
# copy libssl tests # copy libssl tests
@@ -264,6 +289,7 @@ done
$CP $libssl_regress/unit/tests.h tests $CP $libssl_regress/unit/tests.h tests
$CP $libssl_regress/certs/ca.pem tests $CP $libssl_regress/certs/ca.pem tests
$CP $libssl_regress/certs/server.pem tests $CP $libssl_regress/certs/server.pem tests
$CP $libssl_regress/pqueue/expected.txt tests/pq_expected.txt
# copy libtls tests # copy libtls tests
for i in `find $libtls_regress -name '*.c'`; do for i in `find $libtls_regress -name '*.c'`; do
@@ -284,18 +310,18 @@ add_man_links() {
filter=$1 filter=$1
dest=$2 dest=$2
echo "install-data-hook:" >> $dest echo "install-data-hook:" >> $dest
for i in `grep $filter man/links`; do for i in `$GREP $filter man/links`; do
IFS=","; set $i; unset IFS IFS=","; set $i; unset IFS
if [ "$2" != "" ]; then if [ "$2" != "" ]; then
echo " ln -sf $1 \$(DESTDIR)\$(mandir)/man3/$2" >> $dest echo " ln -sf \"$1\" \"\$(DESTDIR)\$(mandir)/man3/$2\"" >> $dest
fi fi
done done
echo "" >> $dest echo "" >> $dest
echo "uninstall-local:" >> $dest echo "uninstall-local:" >> $dest
for i in `grep $filter man/links`; do for i in `$GREP $filter man/links`; do
IFS=","; set $i; unset IFS IFS=","; set $i; unset IFS
if [ "$2" != "" ]; then if [ "$2" != "" ]; then
echo " -rm -f \$(DESTDIR)\$(mandir)/man3/$2" >> $dest echo " -rm -f \"\$(DESTDIR)\$(mandir)/man3/$2\"" >> $dest
fi fi
done done
} }
@@ -313,43 +339,32 @@ done
# copy manpages # copy manpages
echo "copying manpages" echo "copying manpages"
echo EXTRA_DIST = CMakeLists.txt > man/Makefile.am echo EXTRA_DIST = CMakeLists.txt > man/Makefile.am
echo dist_man_MANS = >> man/Makefile.am echo dist_man3_MANS = >> man/Makefile.am
echo dist_man5_MANS = >> man/Makefile.am
$CP $libtls_src/tls_init.3 man
echo "dist_man_MANS += tls_init.3" >> man/Makefile.am
(cd man (cd man
# update new-style manpages for i in `ls -1 $libssl_src/man/*.3 | sort`; do
for i in `ls -1 $libssl_src/src/doc/ssl/*.3 | sort`; do
NAME=`basename "$i"` NAME=`basename "$i"`
$CP $i . $CP $i .
echo "dist_man_MANS += $NAME" >> Makefile.am echo "dist_man3_MANS += $NAME" >> Makefile.am
done done
for i in `ls -1 $libcrypto_src/man/*.3 | sort`; do for i in `ls -1 $libcrypto_src/man/*.3 | sort`; do
NAME=`basename "$i"` NAME=`basename "$i"`
$CP $i . $CP $i .
echo "dist_man_MANS += $NAME" >> Makefile.am echo "dist_man3_MANS += $NAME" >> Makefile.am
done done
# convert remaining POD manpages for i in `ls -1 $libtls_src/man/*.3 | sort`; do
for i in `ls -1 $libssl_src/src/doc/crypto/*.pod | sort`; do NAME=`basename "$i"`
BASE=`echo $i|sed -e "s/\.pod//"` $CP $i .
NAME=`basename "$BASE"` echo "dist_man3_MANS += $NAME" >> Makefile.am
# reformat file if new done
if [ ! -f $NAME.3 -o $BASE.pod -nt $NAME.3 -o ../include/openssl/opensslv.h -nt $NAME.3 ]; then
echo processing $NAME for i in `ls -1 $libcrypto_src/man/*.5 | sort`; do
pod2man --official --release="LibreSSL $VERSION" --center=LibreSSL \ NAME=`basename "$i"`
--section=3 $POD2MAN --name=$NAME < $BASE.pod > $NAME.3 $CP $i .
fi echo "dist_man5_MANS += $NAME" >> Makefile.am
echo "dist_man_MANS += $NAME.3" >> Makefile.am
done done
) )
add_man_links . man/Makefile.am add_man_links . man/Makefile.am
# standalone libtls manpages
mkdir -p libtls-standalone/man
echo "dist_man_MANS = tls_init.3" > libtls-standalone/man/Makefile.am
$CP $libtls_src/tls_init.3 libtls-standalone/man
add_man_links tls_init libtls-standalone/man/Makefile.am