generic-library/libreSSL
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: generic-library:v2.5.2
Branches Tags
generic-library:main generic-library:OPENBSD_6_2 generic-library:OPENBSD_6_1 generic-library:OPENBSD_6_0 generic-library:OPENBSD_5_9 generic-library:OPENBSD_5_8 generic-library:OPENBSD_5_7 generic-library:OPENBSD_5_6
generic-library:v2.6.4 generic-library:v2.6.3 generic-library:v2.6.2 generic-library:v2.6.1 generic-library:v2.6.0 generic-library:v2.5.5 generic-library:v2.5.4 generic-library:v2.5.3 generic-library:v2.5.2 generic-library:v2.5.1 generic-library:v2.4.5 generic-library:v2.3.10 generic-library:v2.3.9 generic-library:v2.4.4 generic-library:v2.5.0 generic-library:v2.3.8 generic-library:v2.4.3 generic-library:v2.3.7 generic-library:v2.4.2 generic-library:v2.4.1 generic-library:v2.3.6 generic-library:v2.2.9 generic-library:v2.4.0 generic-library:v2.3.5 generic-library:v2.2.8 generic-library:v2.2.7 generic-library:v2.3.4 generic-library:v2.3.3 generic-library:v2.1.10 generic-library:v2.2.6 generic-library:v2.3.2 generic-library:v2.2.5 generic-library:v2.1.9 generic-library:v2.3.1 generic-library:v2.0.6 generic-library:v2.1.8 generic-library:v2.2.4 generic-library:v2.3.0 generic-library:v2.2.3 generic-library:v2.2.2 generic-library:v2.2.1 generic-library:v2.2.0 generic-library:v2.1.7 generic-library:v2.1.6 generic-library:v2.1.5 generic-library:v2.1.4 generic-library:v2.1.3 generic-library:v2.1.2
..
compare: generic-library:OPENBSD_5_8
Branches Tags
generic-library:OPENBSD_6_2 generic-library:main generic-library:OPENBSD_6_1 generic-library:OPENBSD_6_0 generic-library:OPENBSD_5_9 generic-library:OPENBSD_5_8 generic-library:OPENBSD_5_7 generic-library:OPENBSD_5_6
generic-library:v2.6.4 generic-library:v2.6.3 generic-library:v2.6.2 generic-library:v2.6.1 generic-library:v2.6.0 generic-library:v2.5.5 generic-library:v2.5.4 generic-library:v2.5.3 generic-library:v2.5.2 generic-library:v2.5.1 generic-library:v2.4.5 generic-library:v2.3.10 generic-library:v2.3.9 generic-library:v2.4.4 generic-library:v2.5.0 generic-library:v2.3.8 generic-library:v2.4.3 generic-library:v2.3.7 generic-library:v2.4.2 generic-library:v2.4.1 generic-library:v2.3.6 generic-library:v2.2.9 generic-library:v2.4.0 generic-library:v2.3.5 generic-library:v2.2.8 generic-library:v2.2.7 generic-library:v2.3.4 generic-library:v2.3.3 generic-library:v2.1.10 generic-library:v2.2.6 generic-library:v2.3.2 generic-library:v2.2.5 generic-library:v2.1.9 generic-library:v2.3.1 generic-library:v2.0.6 generic-library:v2.1.8 generic-library:v2.2.4 generic-library:v2.3.0 generic-library:v2.2.3 generic-library:v2.2.2 generic-library:v2.2.1 generic-library:v2.2.0 generic-library:v2.1.7 generic-library:v2.1.6 generic-library:v2.1.5 generic-library:v2.1.4 generic-library:v2.1.3 generic-library:v2.1.2

37 Commits
v2.5.2 ... OPENBSD_5_

Author SHA1 Message Date
Brent Cook
9ce9c4d2e8 update changelog to get the right openbsd source tags 2016-06-07 07:03:19 -05:00
Brent Cook
5dacd8e02c update changelog 2016-06-06 05:04:55 -05:00
Brent Cook
c0cb9e9ae1 Update changelog 2016-05-30 09:07:24 -05:00
Brent Cook
17bf566573 set windows binary OPENSSLDIR to something plausible 2016-05-30 09:04:43 -05:00
Brent Cook
fa41ca5182 moved patch upstream 2016-05-03 09:29:38 -05:00
Brent Cook
bb9c1f2838 prefer limits.h over sys/limits.h 2016-05-03 02:38:40 -05:00
Brent Cook
2169962cb4 update Changelog 2016-05-03 02:38:40 -05:00
Brent Cook
9092f35957 add constant_time_locl.h 2016-05-02 22:46:25 -05:00
Brent Cook
92902f7040 update changelog for 2.2.6 2016-01-28 12:17:23 -06:00
Brent Cook
271ad075dd update ChangeLog for 2.2.5 2015-12-05 13:15:46 -06:00
Brent Cook
248af93e3a update changelog for 2.2.4 2015-10-15 16:13:58 -05:00
Jeremy Huddleston Sequoia
97478266ca Use bundled headers instead of installed headers when building 
The build system incorrectly set include directives in AM_CFLAGS which
causes them to be placed after the configured CPPFLAGS.  Thus, if
a user or packaging system sets CPPFLAGS to a location that has
libressl or openssl headers installed, they will be used instead
of the bundled versions.  This corrects that issue by setting up
the variables correctly.

https://github.com/libressl-portable/portable/issues/150

Signed-off-by: Jeremy Huddleston Sequoia <jeremyhu@apple.com>
 2015-10-15 15:23:44 -05:00
Brent Cook
0e7a252d0d update changelog for 2.2.4 2015-09-11 17:11:37 -05:00
Brent Cook
0c125d1ee3 bump version to 2.2.4 2015-09-11 17:10:11 -05:00
Brent Cook
e953fdbb96 add -lrt check for linux 2015-09-11 16:52:03 -05:00
Brent Cook
14fbc41003 speed up builds without killing os x perhaps 2015-09-11 16:52:03 -05:00
Brent Cook
f927fc2a90 add cmake test support 2015-09-11 16:52:03 -05:00
Will Tange
5c164446dd Small README typo 2015-09-11 16:38:14 -05:00
Brent Cook
b8853fd092 ensure headers are sanitized before release 
When a public header is removed, we need to ensure it gets removed
in the release distribution as well. Also, remove nonexistent *.he
exclude.
 2015-09-11 16:37:59 -05:00
Brent Cook
aad86fe1f9 remove support for old MSVC versions, KNF 2015-09-11 16:36:42 -05:00
Brent Cook
72039968e2 Do not build lib-objects targets if we are just building static libs. 
This confuses some cmake targets.
 2015-09-11 16:36:26 -05:00
Brent Cook
9c2f0ef51c updates for MSVC 2015's degenerate headers 
Note that 'perror' moves from stdio.h to stdlib.h, and 'rename' moves
from stdio.h to io.h. Also, standard C includes move from the compiler
to the Windows SDK, which changes the base path for the include files.
 2015-09-11 16:36:18 -05:00
Brent Cook
e13a39a5a7 distribute strcasecmp.c 2015-09-11 16:36:11 -05:00
Brent Cook
9c9a9858e8 disable shared CMake builds for OS X / Windows for now 2015-09-11 16:36:03 -05:00
Brent Cook
90f851568a adjust order for ! .gitignore rule precedence 2015-09-11 16:35:55 -05:00
Brent Cook
6f7ad9c6d6 update messages about Cygwin support 2015-09-11 16:35:48 -05:00
Brent Cook
52582562d8 distribute include and man CMakefiles 2015-09-11 16:35:38 -05:00
Brent Cook
da424147c9 clarify reporters 2015-08-28 23:24:28 -05:00
Brent Cook
61ad89df15 update contributor attributions 2015-08-28 22:30:57 -05:00
Brent Cook
b5002ca5ac update summary 2015-08-28 13:45:03 -05:00
Brent Cook
332b03c8b7 update Changelog for 2.2.3 2015-08-28 13:42:01 -05:00
Brent Cook
83e3f22710 replace remaining bash-only features in the update script 
We used to need more features, but as the Makefile.am's
stopped being dynamically generated, there is less need.
 2015-08-28 13:17:13 -05:00
Brent Cook
b3f22d85e5 VERSION is now generated 2015-08-28 13:17:13 -05:00
Brent Cook
ab1de85a42 update pc files to use the package version, not library ABI version 2015-08-28 13:17:13 -05:00
Brent Cook
cd16a21cab derive version numbers from VERSION files 2015-08-28 13:17:12 -05:00
Jeff Davey
9caf754a59 Add install targets and shared libraries to CMake 2015-08-28 13:17:12 -05:00
Brent Cook
2f2f08e60c update to pull from OPENBSD_5_8 2015-08-19 20:01:42 -05:00
118 changed files with 1215 additions and 9289 deletions
Expand all files Collapse all files

49
.gitignore vendored
View File

@@ -39,39 +39,28 @@ Makefile.in
*.la
*.def
*.sym
*.pc
# man pages
*.1
*.3
# tests
test-driver
*.log
*.trs
!tests/optionstest.c
tests/aes_wrap*
tests/arc4random_fork*
tests/asn1time*
tests/cipher*
tests/explicit_bzero*
tests/gost2814789t*
tests/mont*
tests/rfc5280time*
tests/ssl_versions*
tests/timingsafe*
tests/tls_ext_alpn*
tests/tls_prf*
tests/*test
tests/tests.h
tests/*test.c
tests/memmem.c
tests/pbkdf2*
tests/*.pem
tests/testssl
tests/*.txt
tests/compat/*.c
!tests/optionstest.c
!tests/*.test
# ctags stuff
TAGS
@@ -118,36 +107,22 @@ include/pqueue.h
include/tls.h
include/openssl/*.h
/apps/ocspcheck/*.h
/apps/ocspcheck/*.c
/apps/ocspcheck/ocspcheck*
/apps/ocspcheck/compat/inet_ntop.c
/apps/ocspcheck/compat/memmem.c
/apps/nc/*.h
/apps/nc/*.c
/apps/nc/nc*
!/apps/nc/readpassphrase.c
/apps/nc/compat/*.c
/apps/openssl/*.h
/apps/openssl/*.c
/apps/openssl/*.cnf
/apps/openssl/*.pem
/apps/openssl/openssl
/apps/openssl/compat/strtonum.c
!/apps/openssl/apps_win.c
!/apps/openssl/certhash_win.c
!/apps/apps_win.c
!/apps/poll_win.c
!/apps/certhash_disabled.c
/apps/*.h
/apps/*.c
/apps/*.cnf
/apps/*.pem
/apps/openssl
!/crypto/Makefile.am.*
!/crypto/compat/arc4random.h
!/crypto/compat/b_win.c
!/crypto/compat/explicit_bzero_win.c
!/crypto/compat/getpagesize.c
!/crypto/compat/posix_win.c
!/crypto/compat/bsd_asprintf.c
!/crypto/compat/inet_pton.c
!/crypto/compat/timegm.c
!/crypto/compat/ui_openssl_win.c
!/crypto/CMakeLists.txt
/crypto
@@ -166,5 +141,7 @@ include/openssl/*.h
openbsd/
*.tar.gz
apps/*.1*
man/*.3
man/*.1
man/Makefile.am
man/mandoc.db

8
.travis.yml
View File

@@ -10,23 +10,15 @@ matrix:
- compiler: clang
os: linux
env: ARCH=native
dist: trusty
sudo: required
- compiler: gcc
os: linux
env: ARCH=native
dist: trusty
sudo: required
- compiler: gcc
os: linux
env: ARCH=mingw32
dist: trusty
sudo: required
- compiler: gcc
os: linux
env: ARCH=mingw64
dist: trusty
sudo: required
script:
"./scripts/travis"

167
CMakeLists.txt
View File

@@ -1,43 +1,27 @@
cmake_minimum_required (VERSION 2.8.8)
cmake_minimum_required (VERSION 2.8)
include(CheckFunctionExists)
include(CheckLibraryExists)
include(CheckIncludeFiles)
include(CheckTypeSize)
set(CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}" ${CMAKE_MODULE_PATH})
include(cmake_export_symbol)
project (LibreSSL C)
project (LibreSSL)
enable_testing()
file(READ ${CMAKE_CURRENT_SOURCE_DIR}/ssl/VERSION SSL_VERSION)
file(READ ${CMAKE_SOURCE_DIR}/ssl/VERSION SSL_VERSION)
string(STRIP ${SSL_VERSION} SSL_VERSION)
string(REPLACE ":" "." SSL_VERSION ${SSL_VERSION})
string(REGEX REPLACE "\\..*" "" SSL_MAJOR_VERSION ${SSL_VERSION})
file(READ ${CMAKE_CURRENT_SOURCE_DIR}/crypto/VERSION CRYPTO_VERSION)
file(READ ${CMAKE_SOURCE_DIR}/crypto/VERSION CRYPTO_VERSION)
string(STRIP ${CRYPTO_VERSION} CRYPTO_VERSION)
string(REPLACE ":" "." CRYPTO_VERSION ${CRYPTO_VERSION})
string(REGEX REPLACE "\\..*" "" CRYPTO_MAJOR_VERSION ${CRYPTO_VERSION})
file(READ ${CMAKE_CURRENT_SOURCE_DIR}/tls/VERSION TLS_VERSION)
file(READ ${CMAKE_SOURCE_DIR}/tls/VERSION TLS_VERSION)
string(STRIP ${TLS_VERSION} TLS_VERSION)
string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION})
string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})
option(ENABLE_ASM "Enable assembly" ON)
option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
option(ENABLE_VSTEST "Enable test on Visual Studio" OFF)
set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)
set(BUILD_NC true)
if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
add_definitions(-fno-common)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "OpenBSD")
add_definitions(-DHAVE_ATTRIBUTE__BOUNDED__)
endif()
@@ -49,36 +33,9 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
add_definitions(-D_GNU_SOURCE)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "MINGW")
set(BUILD_NC false)
endif()
if(WIN32)
set(BUILD_NC false)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
if(CMAKE_C_COMPILER MATCHES "gcc")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlp64")
else()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 +DD64 +Otype_safety=off")
endif()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT")
endif()
if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__EXTENSIONS__")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBSD_COMP")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic -m64")
endif()
add_definitions(-DLIBRESSL_INTERNAL)
add_definitions(-DOPENSSL_NO_HW_PADLOCK)
add_definitions(-D__BEGIN_HIDDEN_DECLS=)
add_definitions(-D__END_HIDDEN_DECLS=)
add_definitions(-DOPENSSL_NO_ASM)
set(CMAKE_POSITION_INDEPENDENT_CODE true)
@@ -86,19 +43,15 @@ if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
add_definitions(-Wno-pointer-sign)
endif()
if(WIN32)
if(MSVC)
add_definitions(-Dinline=__inline)
add_definitions(-Drestrict)
add_definitions(-D_CRT_SECURE_NO_WARNINGS)
add_definitions(-D_CRT_DEPRECATED_NO_WARNINGS)
add_definitions(-D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS)
add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501)
add_definitions(-DCPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG -DNO_CRYPT)
endif()
if(MSVC)
add_definitions(-Dinline=__inline)
message(STATUS "Using [${CMAKE_C_COMPILER_ID}] compiler")
if(CMAKE_C_COMPILER_ID MATCHES "MSVC")
set(MSVC_DISABLED_WARNINGS_LIST
"C4057" # C4057: 'initializing' : 'unsigned char *' differs in
# indirection to slightly different base types from 'char [2]'
@@ -108,35 +61,14 @@ if(MSVC)
# possible loss of data
"C4244" # 'function' : conversion from 'int' to 'uint8_t',
# possible loss of data
"C4267" # conversion from 'size_t' to 'some type that is almost
# certainly safe to convert a size_t to'.
"C4706" # assignment within conditional expression
"C4820" # 'bytes' bytes padding added after construct 'member_name'
"C4996" # 'read': The POSIX name for this item is deprecated. Instead,
# use the ISO C++ conformant name: _read.
)
elseif(CMAKE_C_COMPILER_ID MATCHES "Intel")
add_definitions(-D_CRT_SUPPRESS_RESTRICT)
set(MSVC_DISABLED_WARNINGS_LIST
"C111" # Unreachable statement
"C128" # Unreachable loop
"C167" # Unexplict casting unsigned to signed
"C186" # Pointless comparison of unsigned int with zero
"C188" # Enumerated type mixed with another type
"C344" # Redeclared type
"C556" # Unexplict casting signed to unsigned
"C869" # Unreferenced parameters
"C1786" # Deprecated functions
"C2545" # Empty else statement
"C2557" # Comparing signed to unsigned
"C2722" # List init syntax is c++11 feature
"C3280" # Declaration hides variable
)
endif()
string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
${MSVC_DISABLED_WARNINGS_LIST})
string(REGEX REPLACE "[/-]W[1234][ ]?" "" CMAKE_C_FLAGS ${CMAKE_C_FLAGS})
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -MP -W4 ${MSVC_DISABLED_WARNINGS_STR}")
set(CMAKE_C_FLAGS "-MP -W4 ${MSVC_DISABLED_WARNINGS_STR}")
endif()
check_function_exists(asprintf HAVE_ASPRINTF)
@@ -164,7 +96,7 @@ if(HAVE_STRLCAT)
add_definitions(-DHAVE_STRLCAT)
endif()
check_function_exists(strlcpy HAVE_STRLCPY)
check_function_exists(strlcat HAVE_STRLCPY)
if(HAVE_STRLCPY)
add_definitions(-DHAVE_STRLCPY)
endif()
@@ -174,8 +106,8 @@ if(HAVE_STRNDUP)
add_definitions(-DHAVE_STRNDUP)
endif()
if(WIN32)
set(HAVE_STRNLEN true)
if(MSVC)
set(HAVE_STRNLEN)
add_definitions(-DHAVE_STRNLEN)
else()
check_function_exists(strnlen HAVE_STRNLEN)
@@ -189,21 +121,11 @@ if(HAVE_STRSEP)
add_definitions(-DHAVE_STRSEP)
endif()
check_function_exists(timegm HAVE_TIMEGM)
if(HAVE_TIMEGM)
add_definitions(-DHAVE_TIMEGM)
endif()
check_function_exists(arc4random_buf HAVE_ARC4RANDOM_BUF)
if(HAVE_ARC4RANDOM_BUF)
add_definitions(-DHAVE_ARC4RANDOM_BUF)
endif()
check_function_exists(arc4random_uniform HAVE_ARC4RANDOM_UNIFORM)
if(HAVE_ARC4RANDOM_UNIFORM)
add_definitions(-DHAVE_ARC4RANDOM_UNIFORM)
endif()
check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
if(HAVE_EXPLICIT_BZERO)
add_definitions(-DHAVE_EXPLICIT_BZERO)
@@ -219,11 +141,6 @@ if(HAVE_GETENTROPY)
add_definitions(-DHAVE_GETENTROPY)
endif()
check_function_exists(getpagesize HAVE_GETPAGESIZE)
if(HAVE_GETPAGESIZE)
add_definitions(-DHAVE_GETPAGESIZE)
endif()
check_function_exists(timingsafe_bcmp HAVE_TIMINGSAFE_BCMP)
if(HAVE_TIMINGSAFE_BCMP)
add_definitions(-DHAVE_TIMINGSAFE_BCMP)
@@ -234,46 +151,12 @@ if(HAVE_MEMCMP)
add_definitions(-DHAVE_MEMCMP)
endif()
check_function_exists(memmem HAVE_MEMMEM)
if(HAVE_MEMMEM)
add_definitions(-DHAVE_MEMMEM)
endif()
check_include_files(err.h HAVE_ERR_H)
if(HAVE_ERR_H)
add_definitions(-DHAVE_ERR_H)
endif()
if(ENABLE_ASM)
if("${CMAKE_C_COMPILER_ABI}" STREQUAL "ELF")
if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)")
set(HOST_ASM_ELF_X86_64 true)
elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386")
set(HOST_ASM_ELF_X86_64 true)
endif()
elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
set(HOST_ASM_MACOSX_X86_64 true)
endif()
endif()
if(NOT (CMAKE_SYSTEM_NAME MATCHES "(Darwin|CYGWIN)"))
set(BUILD_SHARED true)
endif()
# USE_SHARED builds applications (e.g. openssl) using shared LibreSSL.
# By default, applications use LibreSSL static library to avoid dependencies.
# USE_SHARED isn't set by default; use -DUSE_SHARED=ON with CMake to enable.
# Can be helpful for debugging; don't use for public releases.
if(NOT BUILD_SHARED)
set(USE_SHARED off)
endif()
if(USE_SHARED)
set(OPENSSL_LIBS tls-shared ssl-shared crypto-shared)
else()
set(OPENSSL_LIBS tls ssl crypto)
endif()
set(OPENSSL_LIBS ssl crypto)
if(CMAKE_HOST_WIN32)
set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
endif()
@@ -283,20 +166,10 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
endif()
endif()
if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
endif()
if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
set(OPENSSL_LIBS ${OPENSSL_LIBS} nsl socket)
endif()
check_type_size(time_t SIZEOF_TIME_T)
if(SIZEOF_TIME_T STREQUAL "4")
set(SMALL_TIME_T true)
message(WARNING " ** Warning, this system is unable to represent times past 2038\n"
" ** It will behave incorrectly when handling valid RFC5280 dates")
if(NOT (CMAKE_SYSTEM_NAME MATCHES "Darwin" OR MSVC))
set(BUILD_SHARED true)
endif()
add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T})
add_subdirectory(crypto)
add_subdirectory(ssl)
@@ -305,15 +178,5 @@ add_subdirectory(tls)
add_subdirectory(include)
if(NOT MSVC)
add_subdirectory(man)
endif()
if(NOT MSVC OR ENABLE_VSTEST)
add_subdirectory(tests)
endif()
configure_file(
"${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
IMMEDIATE @ONLY)
add_custom_target(uninstall
COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)

387
ChangeLog
View File

@@ -28,309 +28,29 @@ history is also available from Git.
LibreSSL Portable Release Notes:
2.5.2 - Security features and bugfixes
* Added the recallocarray(3) memory allocation function, and converted
various places in the library to use it, such as CBB and BUF_MEM_grow.
recallocarray(3) is similar to reallocarray. Newly allocated memory
is cleared similar to calloc(3). Memory that becomes unallocated
while shrinking or moving existing allocations is explicitly
discarded by unmapping or clearing to 0
* Added new root CAs from SECOM Trust Systems / Security Communication
of Japan.
* Added EVP interface for MD5+SHA1 hashes.
* Fixed DTLS client failures when the server sends a certificate
request.
* Correct handling of padding when upgrading an SSLv2 challenge into
an SSLv3/TLS connection.
* Allow protocols and ciphers to be set on a TLS config object in
libtls.
* Improved nc(1) TLS handshake CPU usage and server-side error
reporting.
2.5.1 - Bug and security fixes, new features, documentation updates
* X509_cmp_time() now passes a malformed GeneralizedTime field as an
error. Reported by Theofilos Petsios.
* Detect zero-length encrypted session data early, instead of when
malloc(0) fails or the HMAC check fails. Noted independently by
jsing@ and Kurt Cancemi.
* Check for and handle failure of HMAC_{Update,Final} or
EVP_DecryptUpdate().
* Massive update and normalization of manpages, conversion to
mandoc format. Many pages were rewritten for clarity and accuracy.
Portable doc links are up-to-date with a new conversion tool.
* Curve25519 Key Exchange support.
* Support for alternate chains for certificate verification.
* Code cleanups, CBS conversions, further unification of DTLS/SSL
handshake code, further ASN1 macro expansion and removal.
* Private symbol are now hidden in libssl and libcryto.
* Friendly certificate verification error messages in libtls, peer
verification is now always enabled.
* Added OCSP stapling support to libtls and netcat.
* Added ocspcheck utility to validate a certificate against its OCSP
responder and save the reply for stapling
* Enhanced regression tests and error handling for libtls.
* Added explicit constant and non-constant time BN functions,
defaulting to constant time wherever possible.
* Moved many leaked implementation details in public structs behind
opaque pointers.
* Added ticket support to libtls.
* Added support for setting the supported EC curves via
SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
SSL{_CTX}_set1_curves{_list} names. This also changes the default
list of curves to be X25519, P-256 and P-384. All other curves must
be manually enabled.
* Added -groups option to openssl(1) s_client for specifying the curves
to be used in a colon-separated list.
* Merged client/server version negotiation code paths into one,
reducing much duplicate code.
* Removed error function codes from libssl and libcrypto.
* Fixed an issue where a truncated packet could crash via an OOB read.
* Added SSL_OP_NO_CLIENT_RENEGOTIATION option that disallows
client-initiated renegotiation. This is the default for libtls
servers.
* Avoid a side-channel cache-timing attack that can leak the ECDSA
private keys when signing. This is due to BN_mod_inverse() being
used without the constant time flag being set. Reported by Cesar
Pereida Garcia and Billy Brumley (Tampere University of Technology).
The fix was developed by Cesar Pereida Garcia.
* iOS and MacOS compatibility updates from Simone Basso and Jacob
Berkman.
2.5.0 - New APIs, bug fixes and improvements
* libtls now supports ALPN and SNI
* libtls adds a new callback interface for integrating custom IO
functions. Thanks to Tobias Pape.
* libtls now handles 4 cipher suite groups:
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than
having two extremes (an issue raised by Marko Kreen some time ago).
* Tightened error handling for tls_config_set_ciphers().
* libtls now always loads CA, key and certificate files at the time the
configuration function is called. This simplifies code and results in
a single memory based code path being used to provide data to libssl.
* Add support for OCSP intermediate certificates.
* Added functions used by stunnel and exim from BoringSSL - this
brings in X509_check_host, X509_check_email, X509_check_ip, and
X509_check_ip_asc.
* Added initial support for iOS, thanks to Jacob Berkman.
* Improved behavior of arc4random on Windows when using memory leak
analysis software.
* Correctly handle an EOF that occurs prior to the TLS handshake
completing. Reported by Vasily Kolobkov, based on a diff from Marko
Kreen.
* Limit the support of the "backward compatible" ssl2 handshake to
only be used if TLS 1.0 is enabled.
* Fix incorrect results in certain cases on 64-bit systems when
BN_mod_word() can return incorrect results. BN_mod_word() now can
return an error condition. Thanks to Brian Smith.
* Added constant-time updates to address CVE-2016-0702
* Fixed undefined behavior in BN_GF2m_mod_arr()
* Removed unused Cryptographic Message Support (CMS)
* More conversions of long long idioms to time_t
* Improved compatibility by avoiding printing NULL strings with
printf.
* Reverted change that cleans up the EVP cipher context in
EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
previous behaviour.
* Avoid unbounded memory growth in libssl, which can be triggered by a
TLS client repeatedly renegotiating and sending OCSP Status Request
TLS extensions.
* Avoid falling back to a weak digest for (EC)DH when using SNI with
libssl.
2.4.2 - Bug fixes and improvements
* Fixed loading default certificate locations with openssl s_client.
* Ensured OCSP only uses and compares GENERALIZEDTIME values as per
RFC6960. Also added fixes for OCSP to work with intermediate
certificates provided in responses.
* Improved behavior of arc4random on Windows to not appear to leak
memory in debug tools, reduced privileges of allocated memory.
* Fixed incorrect results from BN_mod_word() when the modulus is too
large, thanks to Brian Smith from BoringSSL.
* Correctly handle an EOF prior to completing the TLS handshake in
libtls.
* Improved libtls ceritificate loading and cipher string validation.
* Updated libtls cipher group suites into four categories:
"secure" (TLSv1.2+AEAD+PFS)
"compat" (HIGH:!aNULL)
"legacy" (HIGH:MEDIUM:!aNULL)
"insecure" (ALL:!aNULL:!eNULL)
This allows for flexibility and finer grained control, rather than
having two extremes.
* Limited support for 'backward compatible' SSLv2 handshake packets to
when TLS 1.0 is enabled, providing more restricted compatibility
with TLS 1.0 clients.
* openssl(1) and other documentation improvements.
* Removed flags for disabling constant-time operations.
This removes support for DSA_FLAG_NO_EXP_CONSTTIME,
DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making
all of these operations unconditionally constant-time.
2.4.1 - Security fix
2.2.9 - Security fix
* Correct a problem that prevents the DSA signing algorithm from
running in constant time even if the flag BN_FLG_CONSTTIME is set.
This issue was reported by Cesar Pereida (Aalto University), Billy
Brumley (Tampere University of Technology), and Yuval Yarom (The
University of Adelaide and NICTA). The fix was developed by Cesar
Pereida.
Pereida. See OpenBSD 5.8 errata 17, June 6, 2016
2.4.0 - Build improvements, new features
* Many improvements to the CMake build infrastructure, including
Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro
Inoguchi for this work.
* Added missing error handling around bn_wexpand() calls.
* Added explicit_bzero calls for freed ASN.1 objects.
* Fixed X509_*set_object functions to return 0 on allocation failure.
* Implemented the IETF ChaCha20-Poly1305 cipher suites.
* Changed default EVP_aead_chacha20_poly1305() implementation to the
IETF version, which is now the default.
* Fixed password prompts from openssl(1) to properly handle ^C.
* Reworked error handling in libtls so that configuration errors are
visible.
* Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
* Manpage fixes and updates
2.3.5 - Reliability fix
2.2.8 - Reliability fix
* Fixed an error in libcrypto when parsing some ASN.1 elements > 16k.
2.3.4 - Security Update
2.2.7 - Security Update
* Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.
From OpenSSL.
* Minor build fixes
2.2.6 - Security Update
2.3.3 - OpenBSD 5.9 release branch tagged
* Deprecated the SSL_OP_SINGLE_DH_USE flag.
* Reworked build scripts to better sync with OpenNTPD-portable
* Fixed broken manpage links
* Fixed an nginx compatibility issue by adding an 'install_sw' make alias
* Fixed HP-UX builds
* Changed the default configuration directory to c:\LibreSSL\ssl on Windows
binary builds
* cert.pem has been reorganized and synced with Mozilla's certificate store
2.3.2 - Compatibility and Reliability fixes
* Changed format of LIBRESSL_VERSION_NUMBER to match that of
OPENSSL_VERSION_NUMBER, see:
https://wiki.openssl.org/index.php/Manual:OPENSSL_VERSION_NUMBER(3)
* Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
construction introduced in RFC 7539, which is different than that
already used in TLS with EVP_aead_chacha20_poly1305()
* Avoid a potential undefined C99+ behavior due to shift overflow in
AES_decrypt, reported by Pascal Cuoq <cuoq at trust-in-soft.com>
* More man pages converted from pod to mdoc format
* Added COMODO RSA Certification Authority and QuoVadis
root certificates to cert.pem
* Removed Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
certificate from cert.pem
* Added support for building nc(1) on Solaris
* Fixed GCC 5.x+ preprocessor checks, reported by Ruslan Babayev
* Improved console handling with openssl(1) on Windows
* Ensure the network stack is enabled on Windows when running
tls_init()
* Fixed incorrect TLS certificate loading by nc(1)
* Added support for Solaris 11.3's getentropy(2) system call
* Enabled support for using NetBSD 7.0's arc4random(3) implementation
* Deprecated the SSL_OP_SINGLE_DH_USE flag by disabling its effect
2.2.5 - Reliability Update
* Fixes from OpenSSL 1.0.1q
- CVE-2015-3194 - NULL pointer dereference in client side certificate
@@ -345,95 +65,16 @@ LibreSSL Portable Release Notes:
See https://marc.info/?l=openbsd-announce&m=144925068504102
2.3.1 - ASN.1 and time handling cleanups
2.2.4 - Build and bug fixes
* ASN.1 cleanups and RFC5280 compliance fixes.
* Backported build fixes for CMake on Windows, OSX and Linux
* Time representations switched from 'unsigned long' to 'time_t'. LibreSSL
now checks if the host OS supports 64-bit time_t.
* Fixes for a memory leak and out-of-bounds access in OBJ_obj2txt
reported by Qualys Security.
- CVE-2015-5333 - memory leak in OBJ_obj2txt
- CVE-2015-5334 - 1-byte buffer overflow in OBJ_obj2txt
* Fixed a leak in SSL_new in the error path.
* Support always extracting the peer cipher and version with libtls.
* Added ability to check certificate validity times with libtls,
tls_peer_cert_notbefore and tls_peer_cert_notafter.
* Changed tls_connect_servername to use the first address that resolves with
getaddrinfo().
* Remove broken conditional EVP_CHECK_DES_KEY code (non-functional since
initial commit in 2004).
* Fixed a memory leak and out-of-bounds access in OBJ_obj2txt, reported
by Qualys Security.
* Fixed an up-to 7 byte overflow in RC4 when len is not a multiple of
sizeof(RC4_CHUNK), reported by Pascal Cuoq <cuoq at trust-in-soft.com>.
* Reject too small bits value in BN_generate_prime_ex(), so that it does
not risk becoming negative in probable_prime_dh_safe(), reported by
Franck Denis.
* Enable nc(1) builds on more platforms.
2.3.0 - SSLv3 removed, libtls API changes, portability improvements
* SSLv3 is now permanently removed from the tree.
* The libtls API is changed from the 2.2.x series.
The read/write functions work correctly with external event
libraries. See the tls_init man page for examples of using libtls
correctly in asynchronous mode.
Client-side verification is now supported, with the client supplying
the certificate to the server.
Also, when using tls_connect_fds, tls_connect_socket or
tls_accept_fds, libtls no longer implicitly closes the passed in
sockets. The caller is responsible for closing them in this case.
* When loading a DSA key from an raw (without DH parameters) ASN.1
serialization, perform some consistency checks on its `p' and `q'
values, and return an error if the checks failed.
Thanks for Georgi Guninski (guninski at guninski dot com) for
mentioning the possibility of a weak (non prime) q value and
providing a test case.
See
https://cpunks.org/pipermail/cypherpunks/2015-September/009007.html
for a longer discussion.
* Fixed a bug in ECDH_compute_key that can lead to silent truncation
of the result key without error. A coding error could cause software
to use much shorter keys than intended.
* Removed support for DTLS_BAD_VER. Pre-DTLSv1 implementations are no
longer supported.
* The engine command and parameters are removed from the openssl(1).
Previous releases removed dynamic and builtin engine support
already.
* SHA-0 is removed, which was withdrawn shortly after publication 20
years ago.
* Added Certplus CA root certificate to the default cert.pem file.
* New interface OPENSSL_cpu_caps is provided that does not allow
software to inadvertently modify cpu capability flags.
OPENSSL_ia32cap and OPENSSL_ia32cap_loc are removed.
* The out_len argument of AEAD changed from ssize_t to size_t.
* Deduplicated DTLS code, sharing bugfixes and improvements with
TLS.
* Converted 'nc' to use libtls for client and server operations; it is
included in the libressl-portable distribution as an example of how
to use the library.
See http://www.openwall.com/lists/oss-security/2015/10/16/1
2.2.3 - Bug fixes, build enhancements

5
Makefile.am
View File

@@ -5,7 +5,4 @@ pkgconfigdir = $(libdir)/pkgconfig
pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc
EXTRA_DIST = README.md README.windows VERSION config scripts
EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in
.PHONY: install_sw
install_sw: install
EXTRA_DIST += CMakeLists.txt

1
Makefile.am.common
View File

@@ -1,3 +1,2 @@
AM_CFLAGS =
AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL
AM_CPPFLAGS += -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS=

2
OPENBSD_BRANCH
View File

@@ -1 +1 @@
master
OPENBSD_5_8

2
README.md
View File

@@ -30,7 +30,7 @@ At the time of this writing, LibreSSL is know to build and work on:
* Linux (kernel 3.17 or later recommended)
* FreeBSD (tested with 9.2 and later)
* NetBSD (7.0 or later recommended)
* NetBSD (tested with 6.1.5)
* HP-UX (11i)
* Solaris (11 and later preferred)
* Mac OS X (tested with 10.8 and later)

22
README.windows
View File

@@ -12,8 +12,7 @@ cross compilers on Windows.
To configure and build LibreSSL for a 32-bit system, use the following
build steps:
CC=i686-w64-mingw32-gcc CPPFLAGS=-D__MINGW_USE_VC2005_COMPAT \
./configure --host=i686-w64-mingw32
CC=i686-w64-mingw32-gcc ./configure --host=i686-w64-mingw32
make
make check
@@ -23,25 +22,6 @@ For 64-bit builds, use these instead:
make
make check
# Why the -D__MINGW_USE_VC2005_COMPAT flag on 32-bit systems?
An ABI change introduced with Microsoft Visual C++ 2005 (also known as
Visual C++ 8.0) switched time_t from 32-bit to 64-bit. It is important to
build LibreSSL with 64-bit time_t whenever possible, because 32-bit time_t
is unable to represent times past 2038 (this is commonly known as the
Y2K38 problem).
If LibreSSL is built with 32-bit time_t, when verifying a certificate whose
expiry date is set past 19 January 2038, it will be unable to tell if the
certificate has expired or not, and thus take the safe stance and reject it.
In order to avoid this, you need to build LibreSSL (and everything that links
with it) with the -D__MINGW_USE_VC2005_COMPAT flag. This tells mingw-w64 to
use the new ABI.
64-bit systems always have a 64-bit time_t and are not affected by this
problem.
# Using Libressl with Visual Studio
A script for generating ready-to-use .DLL and static .LIB files is included in

84
apps/CMakeLists.txt
View File

@@ -1,3 +1,81 @@
add_subdirectory(ocspcheck)
add_subdirectory(openssl)
add_subdirectory(nc)
include_directories(
.
../include
../include/compat
)
set(
OPENSSL_SRC
apps.c
asn1pars.c
ca.c
ciphers.c
cms.c
crl.c
crl2p7.c
dgst.c
dh.c
dhparam.c
dsa.c
dsaparam.c
ec.c
ecparam.c
enc.c
engine.c
errstr.c
gendh.c
gendsa.c
genpkey.c
genrsa.c
nseq.c
ocsp.c
openssl.c
passwd.c
pkcs12.c
pkcs7.c
pkcs8.c
pkey.c
pkeyparam.c
pkeyutl.c
prime.c
rand.c
req.c
rsa.c
rsautl.c
s_cb.c
s_client.c
s_server.c
s_socket.c
s_time.c
sess_id.c
smime.c
speed.c
spkac.c
ts.c
verify.c
version.c
x509.c
)
if(CMAKE_HOST_UNIX)
set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c)
set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c)
endif()
if(CMAKE_HOST_WIN32)
set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} certhash_disabled.c)
set(OPENSSL_SRC ${OPENSSL_SRC} poll_win.c)
endif()
check_function_exists(strtonum HAVE_STRTONUM)
if(HAVE_STRTONUM)
add_definitions(-DHAVE_STRTONUM)
else()
set(OPENSSL_SRC ${OPENSSL_SRC} strtonum.c)
endif()
add_executable(openssl ${OPENSSL_SRC})
target_link_libraries(openssl ${OPENSSL_LIBS})
install(TARGETS openssl DESTINATION bin)

117
apps/Makefile.am
View File

@@ -1,5 +1,118 @@
include $(top_srcdir)/Makefile.am.common
SUBDIRS = ocspcheck openssl nc
bin_PROGRAMS = openssl
EXTRA_DIST = CMakeLists.txt
openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
openssl_LDADD += $(top_builddir)/ssl/libssl.la
openssl_LDADD += $(top_builddir)/crypto/libcrypto.la
openssl_SOURCES = apps.c
openssl_SOURCES += asn1pars.c
openssl_SOURCES += ca.c
openssl_SOURCES += ciphers.c
openssl_SOURCES += cms.c
openssl_SOURCES += crl.c
openssl_SOURCES += crl2p7.c
openssl_SOURCES += dgst.c
openssl_SOURCES += dh.c
openssl_SOURCES += dhparam.c
openssl_SOURCES += dsa.c
openssl_SOURCES += dsaparam.c
openssl_SOURCES += ec.c
openssl_SOURCES += ecparam.c
openssl_SOURCES += enc.c
openssl_SOURCES += engine.c
openssl_SOURCES += errstr.c
openssl_SOURCES += gendh.c
openssl_SOURCES += gendsa.c
openssl_SOURCES += genpkey.c
openssl_SOURCES += genrsa.c
openssl_SOURCES += nseq.c
openssl_SOURCES += ocsp.c
openssl_SOURCES += openssl.c
openssl_SOURCES += passwd.c
openssl_SOURCES += pkcs12.c
openssl_SOURCES += pkcs7.c
openssl_SOURCES += pkcs8.c
openssl_SOURCES += pkey.c
openssl_SOURCES += pkeyparam.c
openssl_SOURCES += pkeyutl.c
openssl_SOURCES += prime.c
openssl_SOURCES += rand.c
openssl_SOURCES += req.c
openssl_SOURCES += rsa.c
openssl_SOURCES += rsautl.c
openssl_SOURCES += s_cb.c
openssl_SOURCES += s_client.c
openssl_SOURCES += s_server.c
openssl_SOURCES += s_socket.c
openssl_SOURCES += s_time.c
openssl_SOURCES += sess_id.c
openssl_SOURCES += smime.c
openssl_SOURCES += speed.c
openssl_SOURCES += spkac.c
openssl_SOURCES += ts.c
openssl_SOURCES += verify.c
openssl_SOURCES += version.c
openssl_SOURCES += x509.c
if BUILD_CERTHASH
openssl_SOURCES += certhash.c
else
openssl_SOURCES += certhash_disabled.c
endif
if HOST_WIN
openssl_SOURCES += apps_win.c
else
openssl_SOURCES += apps_posix.c
endif
if !HAVE_POLL
if HOST_WIN
openssl_SOURCES += poll_win.c
endif
endif
if !HAVE_STRTONUM
openssl_SOURCES += strtonum.c
endif
noinst_HEADERS = apps.h
noinst_HEADERS += progs.h
noinst_HEADERS += s_apps.h
noinst_HEADERS += testdsa.h
noinst_HEADERS += testrsa.h
noinst_HEADERS += timeouts.h
EXTRA_DIST = cert.pem
EXTRA_DIST += openssl.cnf
EXTRA_DIST += x509v3.cnf
EXTRA_DIST += CMakeLists.txt
install-exec-hook:
@if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
else \
OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
fi; \
mkdir -p "$$OPENSSLDIR/certs"; \
for i in cert.pem openssl.cnf x509v3.cnf; do \
if [ ! -f "$$OPENSSLDIR/$i" ]; then \
$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
else \
echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
fi \
done
uninstall-local:
@if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
else \
OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
fi; \
for i in cert.pem openssl.cnf x509v3.cnf; do \
if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
rm -f "$$OPENSSLDIR/$$i"; \
fi \
done

29
apps/apps_win.c Normal file
View File

@@ -0,0 +1,29 @@
/*
* Public domain
*
* Dongsheng Song <dongsheng.song@gmail.com>
* Brent Cook <bcook@openbsd.org>
*/
#include <windows.h>
#include "apps.h"
double
app_tminterval(int stop, int usertime)
{
static unsigned __int64 tmstart;
union {
unsigned __int64 u64;
FILETIME ft;
} ct, et, kt, ut;
GetProcessTimes(GetCurrentProcess(), &ct.ft, &et.ft, &kt.ft, &ut.ft);
if (stop == TM_START) {
tmstart = ut.u64 + kt.u64;
} else {
return (ut.u64 + kt.u64 - tmstart) / (double) 10000000;
}
return 0;
}

0
apps/openssl/certhash_win.c → apps/certhash_disabled.c
View File

60
apps/nc/CMakeLists.txt
View File

@@ -1,60 +0,0 @@
if(BUILD_NC)
include_directories(
.
./compat
../../include
../../include/compat
)
set(
NC_SRC
atomicio.c
netcat.c
socks.c
compat/socket.c
)
check_function_exists(b64_ntop HAVE_B64_NTOP)
if(HAVE_B64_NTOP)
add_definitions(-DHAVE_B64_NTOP)
else()
set(NC_SRC ${NC_SRC} compat/base64.c)
endif()
check_function_exists(accept4 HAVE_ACCEPT4)
if(HAVE_ACCEPT4)
add_definitions(-DHAVE_ACCEPT4)
else()
set(NC_SRC ${NC_SRC} compat/accept4.c)
endif()
check_function_exists(readpassphrase HAVE_READPASSPHRASE)
if(HAVE_READPASSPHRASE)
add_definitions(-DHAVE_READPASSPHRASE)
else()
set(NC_SRC ${NC_SRC} compat/readpassphrase.c)
endif()
check_function_exists(strtonum HAVE_STRTONUM)
if(HAVE_STRTONUM)
add_definitions(-DHAVE_STRTONUM)
else()
set(NC_SRC ${NC_SRC} compat/strtonum.c)
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
else()
add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif()
add_executable(nc ${NC_SRC})
target_link_libraries(nc tls ${OPENSSL_LIBS})
if(ENABLE_NC)
install(TARGETS nc DESTINATION bin)
install(FILES nc.1 DESTINATION share/man/man1)
endif()
endif()

45
apps/nc/Makefile.am
View File

@@ -1,45 +0,0 @@
include $(top_srcdir)/Makefile.am.common
if BUILD_NC
if ENABLE_NC
bin_PROGRAMS = nc
else
noinst_PROGRAMS = nc
endif
EXTRA_DIST = nc.1
EXTRA_DIST += CMakeLists.txt
nc_LDADD = $(abs_top_builddir)/crypto/libcrypto.la
nc_LDADD += $(abs_top_builddir)/ssl/libssl.la
nc_LDADD += $(abs_top_builddir)/tls/libtls.la
nc_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat
nc_SOURCES = atomicio.c
nc_SOURCES += netcat.c
nc_SOURCES += socks.c
noinst_HEADERS = atomicio.h
noinst_HEADERS += compat/sys/socket.h
nc_SOURCES += compat/socket.c
if !HAVE_B64_NTOP
nc_SOURCES += compat/base64.c
endif
if !HAVE_ACCEPT4
nc_SOURCES += compat/accept4.c
endif
if !HAVE_READPASSPHRASE
nc_SOURCES += compat/readpassphrase.c
endif
if !HAVE_STRTONUM
nc_SOURCES += compat/strtonum.c
endif
endif

17
apps/nc/compat/accept4.c
View File

@@ -1,17 +0,0 @@
#include <sys/socket.h>
#include <fcntl.h>
int
accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags)
{
int rets = accept(s, addr, addrlen);
if (rets == -1)
return s;
if (flags & SOCK_CLOEXEC) {
flags = fcntl(s, F_GETFD);
fcntl(rets, F_SETFD, flags | FD_CLOEXEC);
}
return rets;
}

205
apps/nc/compat/readpassphrase.c
View File

@@ -1,205 +0,0 @@
/* $OpenBSD: readpassphrase.c,v 1.22 2010/01/13 10:20:54 dtucker Exp $ */
/*
* Copyright (c) 2000-2002, 2007 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
/* OPENBSD ORIGINAL: lib/libc/gen/readpassphrase.c */
#include <termios.h>
#include <signal.h>
#include <ctype.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>
#include <unistd.h>
#include <readpassphrase.h>
#ifndef _PATH_TTY
# define _PATH_TTY "/dev/tty"
#endif
#ifdef TCSASOFT
# define _T_FLUSH (TCSAFLUSH|TCSASOFT)
#else
# define _T_FLUSH (TCSAFLUSH)
#endif
/* SunOS 4.x which lacks _POSIX_VDISABLE, but has VDISABLE */
#if !defined(_POSIX_VDISABLE) && defined(VDISABLE)
# define _POSIX_VDISABLE VDISABLE
#endif
#ifndef _NSIG
# ifdef NSIG
# define _NSIG NSIG
# else
# define _NSIG 128
# endif
#endif
static volatile sig_atomic_t signo[_NSIG];
static void handler(int);
char *
readpassphrase(const char *prompt, char *buf, size_t bufsiz, int flags)
{
ssize_t bytes_written = 0;
ssize_t nr;
int input, output, save_errno, i, need_restart;
char ch, *p, *end;
struct termios term, oterm;
struct sigaction sa, savealrm, saveint, savehup, savequit, saveterm;
struct sigaction savetstp, savettin, savettou, savepipe;
/* I suppose we could alloc on demand in this case (XXX). */
if (bufsiz == 0) {
errno = EINVAL;
return(NULL);
}
restart:
for (i = 0; i < _NSIG; i++)
signo[i] = 0;
nr = -1;
save_errno = 0;
need_restart = 0;
/*
* Read and write to /dev/tty if available. If not, read from
* stdin and write to stderr unless a tty is required.
*/
if ((flags & RPP_STDIN) ||
(input = output = open(_PATH_TTY, O_RDWR)) == -1) {
if (flags & RPP_REQUIRE_TTY) {
errno = ENOTTY;
return(NULL);
}
input = STDIN_FILENO;
output = STDERR_FILENO;
}
/*
* Catch signals that would otherwise cause the user to end
* up with echo turned off in the shell. Don't worry about
* things like SIGXCPU and SIGVTALRM for now.
*/
sigemptyset(&sa.sa_mask);
sa.sa_flags = 0; /* don't restart system calls */
sa.sa_handler = handler;
(void)sigaction(SIGALRM, &sa, &savealrm);
(void)sigaction(SIGHUP, &sa, &savehup);
(void)sigaction(SIGINT, &sa, &saveint);
(void)sigaction(SIGPIPE, &sa, &savepipe);
(void)sigaction(SIGQUIT, &sa, &savequit);
(void)sigaction(SIGTERM, &sa, &saveterm);
(void)sigaction(SIGTSTP, &sa, &savetstp);
(void)sigaction(SIGTTIN, &sa, &savettin);
(void)sigaction(SIGTTOU, &sa, &savettou);
/* Turn off echo if possible. */
if (input != STDIN_FILENO && tcgetattr(input, &oterm) == 0) {
memcpy(&term, &oterm, sizeof(term));
if (!(flags & RPP_ECHO_ON))
term.c_lflag &= ~(ECHO | ECHONL);
#ifdef VSTATUS
if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
term.c_cc[VSTATUS] = _POSIX_VDISABLE;
#endif
(void)tcsetattr(input, _T_FLUSH, &term);
} else {
memset(&term, 0, sizeof(term));
term.c_lflag |= ECHO;
memset(&oterm, 0, sizeof(oterm));
oterm.c_lflag |= ECHO;
}
/* No I/O if we are already backgrounded. */
if (signo[SIGTTOU] != 1 && signo[SIGTTIN] != 1) {
if (!(flags & RPP_STDIN))
bytes_written = write(output, prompt, strlen(prompt));
end = buf + bufsiz - 1;
p = buf;
while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
if (p < end) {
if ((flags & RPP_SEVENBIT))
ch &= 0x7f;
if (isalpha((unsigned char)ch)) {
if ((flags & RPP_FORCELOWER))
ch = (char)tolower((unsigned char)ch);
if ((flags & RPP_FORCEUPPER))
ch = (char)toupper((unsigned char)ch);
}
*p++ = ch;
}
}
*p = '\0';
save_errno = errno;
if (!(term.c_lflag & ECHO))
bytes_written = write(output, "\n", 1);
}
(void) bytes_written;
/* Restore old terminal settings and signals. */
if (memcmp(&term, &oterm, sizeof(term)) != 0) {
while (tcsetattr(input, _T_FLUSH, &oterm) == -1 &&
errno == EINTR)
continue;
}
(void)sigaction(SIGALRM, &savealrm, NULL);
(void)sigaction(SIGHUP, &savehup, NULL);
(void)sigaction(SIGINT, &saveint, NULL);
(void)sigaction(SIGQUIT, &savequit, NULL);
(void)sigaction(SIGPIPE, &savepipe, NULL);
(void)sigaction(SIGTERM, &saveterm, NULL);
(void)sigaction(SIGTSTP, &savetstp, NULL);
(void)sigaction(SIGTTIN, &savettin, NULL);
(void)sigaction(SIGTTOU, &savettou, NULL);
if (input != STDIN_FILENO)
(void)close(input);
/*
* If we were interrupted by a signal, resend it to ourselves
* now that we have restored the signal handlers.
*/
for (i = 0; i < _NSIG; i++) {
if (signo[i]) {
kill(getpid(), i);
switch (i) {
case SIGTSTP:
case SIGTTIN:
case SIGTTOU:
need_restart = 1;
}
}
}
if (need_restart)
goto restart;
if (save_errno)
errno = save_errno;
return(nr == -1 ? NULL : buf);
}
static void handler(int s)
{
signo[s] = 1;
}

29
apps/nc/compat/socket.c
View File

@@ -1,29 +0,0 @@
#define SOCKET_FLAGS_PRIV
#include <sys/socket.h>
#ifdef NEED_SOCKET_FLAGS
#include <fcntl.h>
int
_socket(int domain, int type, int protocol)
{
int s = socket(domain, type & ~(SOCK_CLOEXEC | SOCK_NONBLOCK), protocol);
int flags;
if (s == -1)
return s;
if (type & SOCK_CLOEXEC) {
flags = fcntl(s, F_GETFD);
fcntl(s, F_SETFD, flags | FD_CLOEXEC);
}
if (type & SOCK_NONBLOCK) {
flags = fcntl(s, F_GETFL);
fcntl(s, F_SETFL, flags | O_NONBLOCK);
}
return s;
}
#endif

31
apps/nc/compat/sys/socket.h
View File

@@ -1,31 +0,0 @@
/*
* Public domain
* sys/socket.h compatibility shim
*/
#ifndef _WIN32
#include_next <sys/socket.h>
#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC)
#define NEED_SOCKET_FLAGS
int _socket(int domain, int type, int protocol);
#ifndef SOCKET_FLAGS_PRIV
#define socket(d, t, p) _socket(d, t, p)
#endif
#endif
#ifndef SOCK_NONBLOCK
#define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */
#endif
#ifndef SOCK_CLOEXEC
#define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */
#endif
#ifndef HAVE_ACCEPT4
int accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags);
#endif
#else
#include <win32netcompat.h>
#endif

42
apps/ocspcheck/CMakeLists.txt
View File

@@ -1,42 +0,0 @@
if(NOT MSVC)
include_directories(
.
./compat
../../include
../../include/compat
)
set(
OCSPCHECK_SRC
http.c
ocspcheck.c
)
check_function_exists(inet_ntop HAVE_INET_NTOP)
if(HAVE_INET_NTOP)
add_definitions(-DHAVE_INET_NTOP)
else()
set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/inet_ntop.c)
endif()
check_function_exists(inet_ntop HAVE_MEMMEM)
if(HAVE_MEMMEM)
add_definitions(-DHAVE_MEMMEM)
else()
set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/memmem.c)
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
else()
add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
endif()
add_executable(ocspcheck ${OCSPCHECK_SRC})
target_link_libraries(ocspcheck tls ${OPENSSL_LIBS})
install(TARGETS ocspcheck DESTINATION bin)
install(FILES ocspcheck.8 DESTINATION share/man/man8)
endif()

23
apps/ocspcheck/Makefile.am
View File

@@ -1,23 +0,0 @@
include $(top_srcdir)/Makefile.am.common
bin_PROGRAMS = ocspcheck
EXTRA_DIST = ocspcheck.8
EXTRA_DIST += CMakeLists.txt
ocspcheck_LDADD = $(abs_top_builddir)/crypto/libcrypto.la
ocspcheck_LDADD += $(abs_top_builddir)/ssl/libssl.la
ocspcheck_LDADD += $(abs_top_builddir)/tls/libtls.la
ocspcheck_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
ocspcheck_SOURCES = http.c
ocspcheck_SOURCES += ocspcheck.c
noinst_HEADERS = http.h
if !HAVE_INET_NTOP
ocspcheck_SOURCES += compat/inet_ntop.c
endif
if !HAVE_MEMMEM
ocspcheck_SOURCES += compat/memmem.c
endif

0
apps/ocspcheck/compat/.gitignore vendored
View File

88
apps/openssl/CMakeLists.txt
View File

@@ -1,88 +0,0 @@
include_directories(
.
../../include
../../include/compat
)
set(
OPENSSL_SRC
apps.c
asn1pars.c
ca.c
ciphers.c
crl.c
crl2p7.c
dgst.c
dh.c
dhparam.c
dsa.c
dsaparam.c
ec.c
ecparam.c
enc.c
errstr.c
gendh.c
gendsa.c
genpkey.c
genrsa.c
nseq.c
ocsp.c
openssl.c
passwd.c
pkcs12.c
pkcs7.c
pkcs8.c
pkey.c
pkeyparam.c
pkeyutl.c
prime.c
rand.c
req.c
rsa.c
rsautl.c
s_cb.c
s_client.c
s_server.c
s_socket.c
s_time.c
sess_id.c
smime.c
speed.c
spkac.c
ts.c
verify.c
version.c
x509.c
)
if(CMAKE_HOST_UNIX)
set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c)
set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c)
endif()
if(CMAKE_HOST_WIN32)
set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} certhash_win.c)
set(OPENSSL_SRC ${OPENSSL_SRC} compat/poll_win.c)
endif()
check_function_exists(strtonum HAVE_STRTONUM)
if(HAVE_STRTONUM)
add_definitions(-DHAVE_STRTONUM)
else()
set(OPENSSL_SRC ${OPENSSL_SRC} compat/strtonum.c)
endif()
add_executable(openssl ${OPENSSL_SRC})
target_link_libraries(openssl ${OPENSSL_LIBS})
install(TARGETS openssl DESTINATION bin)
install(FILES openssl.1 DESTINATION share/man/man1)
if(NOT "${OPENSSLDIR}" STREQUAL "")
set(CONF_DIR "${OPENSSLDIR}")
else()
set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
endif()
install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
install(DIRECTORY DESTINATION ${CONF_DIR}/cert)

118
apps/openssl/Makefile.am
View File

@@ -1,118 +0,0 @@
include $(top_srcdir)/Makefile.am.common
bin_PROGRAMS = openssl
dist_man_MANS = openssl.1
openssl_LDADD = $(abs_top_builddir)/ssl/libssl.la
openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
openssl_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
openssl_SOURCES = apps.c
openssl_SOURCES += asn1pars.c
openssl_SOURCES += ca.c
openssl_SOURCES += ciphers.c
openssl_SOURCES += crl.c
openssl_SOURCES += crl2p7.c
openssl_SOURCES += dgst.c
openssl_SOURCES += dh.c
openssl_SOURCES += dhparam.c
openssl_SOURCES += dsa.c
openssl_SOURCES += dsaparam.c
openssl_SOURCES += ec.c
openssl_SOURCES += ecparam.c
openssl_SOURCES += enc.c
openssl_SOURCES += errstr.c
openssl_SOURCES += gendh.c
openssl_SOURCES += gendsa.c
openssl_SOURCES += genpkey.c
openssl_SOURCES += genrsa.c
openssl_SOURCES += nseq.c
openssl_SOURCES += ocsp.c
openssl_SOURCES += openssl.c
openssl_SOURCES += passwd.c
openssl_SOURCES += pkcs12.c
openssl_SOURCES += pkcs7.c
openssl_SOURCES += pkcs8.c
openssl_SOURCES += pkey.c
openssl_SOURCES += pkeyparam.c
openssl_SOURCES += pkeyutl.c
openssl_SOURCES += prime.c
openssl_SOURCES += rand.c
openssl_SOURCES += req.c
openssl_SOURCES += rsa.c
openssl_SOURCES += rsautl.c
openssl_SOURCES += s_cb.c
openssl_SOURCES += s_client.c
openssl_SOURCES += s_server.c
openssl_SOURCES += s_socket.c
openssl_SOURCES += s_time.c
openssl_SOURCES += sess_id.c
openssl_SOURCES += smime.c
openssl_SOURCES += speed.c
openssl_SOURCES += spkac.c
openssl_SOURCES += ts.c
openssl_SOURCES += verify.c
openssl_SOURCES += version.c
openssl_SOURCES += x509.c
if BUILD_CERTHASH
openssl_SOURCES += certhash.c
else
openssl_SOURCES += certhash_win.c
endif
if HOST_WIN
openssl_SOURCES += apps_win.c
else
openssl_SOURCES += apps_posix.c
endif
if !HAVE_POLL
if HOST_WIN
openssl_SOURCES += compat/poll_win.c
endif
endif
if !HAVE_STRTONUM
openssl_SOURCES += compat/strtonum.c
endif
noinst_HEADERS = apps.h
noinst_HEADERS += progs.h
noinst_HEADERS += s_apps.h
noinst_HEADERS += testdsa.h
noinst_HEADERS += testrsa.h
noinst_HEADERS += timeouts.h
EXTRA_DIST = cert.pem
EXTRA_DIST += openssl.cnf
EXTRA_DIST += x509v3.cnf
EXTRA_DIST += CMakeLists.txt
install-exec-hook:
@if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
else \
OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
fi; \
mkdir -p "$$OPENSSLDIR/certs"; \
for i in cert.pem openssl.cnf x509v3.cnf; do \
if [ ! -f "$$OPENSSLDIR/$i" ]; then \
$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
else \
echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
fi \
done
uninstall-local:
@if [ "@OPENSSLDIR@x" != "x" ]; then \
OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \
else \
OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \
fi; \
for i in cert.pem openssl.cnf x509v3.cnf; do \
if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
rm -f "$$OPENSSLDIR/$$i"; \
fi \
done

60
apps/openssl/apps_win.c
View File

@@ -1,60 +0,0 @@
/*
* Public domain
*
* Dongsheng Song <dongsheng.song@gmail.com>
* Brent Cook <bcook@openbsd.org>
*/
#include <windows.h>
#include <io.h>
#include <fcntl.h>
#include "apps.h"
double
app_tminterval(int stop, int usertime)
{
static unsigned __int64 tmstart;
union {
unsigned __int64 u64;
FILETIME ft;
} ct, et, kt, ut;
GetProcessTimes(GetCurrentProcess(), &ct.ft, &et.ft, &kt.ft, &ut.ft);
if (stop == TM_START) {
tmstart = ut.u64 + kt.u64;
} else {
return (ut.u64 + kt.u64 - tmstart) / (double) 10000000;
}
return 0;
}
int
setup_ui(void)
{
ui_method = UI_create_method("OpenSSL application user interface");
UI_method_set_opener(ui_method, ui_open);
UI_method_set_reader(ui_method, ui_read);
UI_method_set_writer(ui_method, ui_write);
UI_method_set_closer(ui_method, ui_close);
/*
* Set STDIO to binary
*/
_setmode(_fileno(stdin), _O_BINARY);
_setmode(_fileno(stdout), _O_BINARY);
_setmode(_fileno(stderr), _O_BINARY);
return 0;
}
void
destroy_ui(void)
{
if (ui_method) {
UI_destroy_method(ui_method);
ui_method = NULL;
}
}

0
apps/openssl/compat/poll_win.c → apps/poll_win.c
View File

4
autogen.sh
View File

@@ -9,7 +9,3 @@ autoreconf -i -f
sed 's/-fuse-linker-plugin)/-fuse-linker-plugin|-fstack-protector*)/' \
ltmain.sh > ltmain.sh.fixed
mv -f ltmain.sh.fixed ltmain.sh
# Update config scripts and fixup permissions
find . ! -perm -u=w -exec chmod u+w {} \;
cp scripts/config.* .

70
check-release.sh
View File

@@ -1,70 +0,0 @@
#!/bin/sh
set -e
ver=$1
dir=libressl-$ver
tarball=$dir.tar.gz
tag=v$ver
if [ -z "$LIBRESSL_SSH" ]; then
if ! curl -v 1>/dev/null 2>&1; then
download="curl -O"
elif echo quit | ftp 1>/dev/null 2>&1; then
download=ftp
else
echo "need 'ftp' or 'curl' to verify"
exit
fi
fi
if [ "$ver" = "" ]; then
echo "please specify a version to check, e.g. $0 2.1.2"
exit
fi
if [ ! -e releases/$tarball ]; then
mkdir -p releases
rm -f $tarball
if [ -z "$LIBRESSL_SSH" ]; then
$download http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$tarball releases/
mv $tarball releases
else
scp $LIBRESSL_SSH/$tarball releases
fi
(cd releases; tar zxvf $tarball)
fi
if [ ! -e gen-releases/$tarball ]; then
rm -fr tests man include ssl crypto libtls-standalone/VERSION INSTALL
git checkout OPENBSD_BRANCH update.sh tests man include ssl crypto
git checkout $tag
echo "libressl-$tag" > OPENBSD_BRANCH
sed -i 's/git pull --rebase//' update.sh
./autogen.sh
./configure --enable-libtls
make dist
mkdir -p gen-releases
mv $tarball gen-releases
git checkout OPENBSD_BRANCH update.sh
git checkout master
fi
(cd gen-releases; rm -fr $dir; tar zxf $tarball)
(cd releases; rm -fr $dir; tar zxf $tarball)
echo "differences between release and regenerated release tag:"
diff -urN \
-x *.3 \
-x Makefile.in \
-x aclocal.m4 \
-x compile \
-x config.guess \
-x config.sub \
-x configure \
-x depcomp \
-x install-sh \
-x missing \
-x test-driver \
releases/$dir gen-releases/$dir

44
cmake_export_symbol.cmake
View File

@@ -1,44 +0,0 @@
macro(export_symbol TARGET FILENAME)
set(FLAG "")
if(WIN32)
string(REPLACE ".sym" ".def" DEF_FILENAME ${FILENAME})
file(WRITE ${DEF_FILENAME} "EXPORTS\n")
file(READ ${FILENAME} SYMBOLS)
file(APPEND ${DEF_FILENAME} "${SYMBOLS}")
target_sources(${TARGET} PRIVATE ${DEF_FILENAME})
elseif(APPLE)
set(FLAG "-exported_symbols_list ${FILENAME}")
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
file(READ ${FILENAME} SYMBOLS)
string(REGEX REPLACE "\n$" "" SYMBOLS ${SYMBOLS})
string(REPLACE "\n" "\n+e " SYMBOLS ${SYMBOLS})
string(REPLACE ".sym" ".opt" OPT_FILENAME ${FILENAME})
file(WRITE ${OPT_FILENAME} "+e ${SYMBOLS}")
set(FLAG "-Wl,-c,${OPT_FILENAME}")
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS")
file(READ ${FILENAME} SYMBOLS)
string(REPLACE "\n" ";\n" SYMBOLS ${SYMBOLS})
string(REPLACE ".sym" ".ver" VER_FILENAME ${FILENAME})
file(WRITE ${VER_FILENAME}
"{\nglobal:\n${SYMBOLS}\nlocal:\n*;\n};\n")
set(FLAG "-Wl,-M${VER_FILENAME}")
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
elseif(CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
file(READ ${FILENAME} SYMBOLS)
string(REPLACE "\n" ";\n" SYMBOLS ${SYMBOLS})
string(REPLACE ".sym" ".ver" VER_FILENAME ${FILENAME})
file(WRITE ${VER_FILENAME}
"{\nglobal:\n${SYMBOLS}\nlocal:\n*;\n};\n")
set(FLAG "-Wl,--version-script,\"${VER_FILENAME}\"")
set_target_properties(${TARGET} PROPERTIES LINK_FLAGS ${FLAG})
endif()
endmacro()

21
cmake_uninstall.cmake.in
View File

@@ -1,21 +0,0 @@
if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files)
string(REGEX REPLACE "\n" ";" files "${files}")
foreach(file ${files})
message(STATUS "Uninstalling $ENV{DESTDIR}${file}")
if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
exec_program(
"@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\""
OUTPUT_VARIABLE rm_out
RETURN_VALUE rm_retval
)
if(NOT "${rm_retval}" STREQUAL 0)
message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}")
endif(NOT "${rm_retval}" STREQUAL 0)
else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
message(STATUS "File $ENV{DESTDIR}${file} does not exist.")
endif(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
endforeach(file)

30
configure.ac
View File

@@ -49,12 +49,10 @@ AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes])
AC_CHECK_FUNC([funopen])
CHECK_LIBC_COMPAT
CHECK_SYSCALL_COMPAT
CHECK_CRYPTO_COMPAT
CHECK_LIBC_CRYPTO_COMPAT
CHECK_VA_COPY
CHECK_B64_NTOP
GENERATE_CRYPTO_PORTABLE_SYM
AC_CHECK_HEADERS([err.h])
AC_ARG_WITH([openssldir],
AS_HELP_STRING([--with-openssldir],
@@ -88,10 +86,6 @@ case $host_cpu in
AS_IF([test "x$BSWAP4" = "xyes"],,
CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT")
;;
*amd64*)
host_cpu=x86_64
;;
esac
AC_MSG_CHECKING([if .gnu.warning accepts long strings])
@@ -116,9 +110,6 @@ AM_CONDITIONAL([HOST_ASM_ELF_X86_64],
AM_CONDITIONAL([HOST_ASM_MACOSX_X86_64],
[test "x$HOST_ABI" = "xmacosx" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
# Check if time_t is sized correctly
AC_CHECK_SIZEOF([time_t], [time.h])
AC_CONFIG_FILES([
Makefile
include/Makefile
@@ -128,9 +119,6 @@ AC_CONFIG_FILES([
tls/Makefile
tests/Makefile
apps/Makefile
apps/ocspcheck/Makefile
apps/openssl/Makefile
apps/nc/Makefile
man/Makefile
libcrypto.pc
libssl.pc
@@ -138,18 +126,4 @@ AC_CONFIG_FILES([
openssl.pc
])
AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
if test "$ac_cv_sizeof_time_t" = "4"; then
echo " ** Warning, this system is unable to represent times past 2038"
echo " ** It will behave incorrectly when handling valid RFC5280 dates"
if test "$host_os" = "mingw32" ; then
echo " **"
echo " ** You can solve this by adjusting the build flags in your"
echo " ** mingw-w64 toolchain. Refer to README.windows for details."
fi
fi
AC_REQUIRE_AUX_FILE([tap-driver.sh])
AC_OUTPUT

200
crypto/CMakeLists.txt
View File

@@ -3,100 +3,14 @@ include_directories(
../include
../include/compat
asn1
bn
dsa
evp
modes
)
if(HOST_ASM_ELF_X86_64)
set(
ASM_X86_64_ELF_SRC
aes/aes-elf-x86_64.S
aes/bsaes-elf-x86_64.S
aes/vpaes-elf-x86_64.S
aes/aesni-elf-x86_64.S
aes/aesni-sha1-elf-x86_64.S
bn/modexp512-elf-x86_64.S
bn/mont-elf-x86_64.S
bn/mont5-elf-x86_64.S
bn/gf2m-elf-x86_64.S
camellia/cmll-elf-x86_64.S
md5/md5-elf-x86_64.S
modes/ghash-elf-x86_64.S
rc4/rc4-elf-x86_64.S
rc4/rc4-md5-elf-x86_64.S
sha/sha1-elf-x86_64.S
sha/sha256-elf-x86_64.S
sha/sha512-elf-x86_64.S
whrlpool/wp-elf-x86_64.S
cpuid-elf-x86_64.S
)
add_definitions(-DAES_ASM)
add_definitions(-DBSAES_ASM)
add_definitions(-DVPAES_ASM)
add_definitions(-DOPENSSL_IA32_SSE2)
add_definitions(-DOPENSSL_BN_ASM_MONT)
add_definitions(-DOPENSSL_BN_ASM_MONT5)
add_definitions(-DOPENSSL_BN_ASM_GF2m)
add_definitions(-DMD5_ASM)
add_definitions(-DGHASH_ASM)
add_definitions(-DRSA_ASM)
add_definitions(-DSHA1_ASM)
add_definitions(-DSHA256_ASM)
add_definitions(-DSHA512_ASM)
add_definitions(-DWHIRLPOOL_ASM)
add_definitions(-DOPENSSL_CPUID_OBJ)
set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_ELF_SRC})
set_property(SOURCE ${ASM_X86_64_ELF_SRC} PROPERTY LANGUAGE C)
endif()
if(HOST_ASM_MACOSX_X86_64)
set(
ASM_X86_64_MACOSX_SRC
aes/aes-macosx-x86_64.S
aes/bsaes-macosx-x86_64.S
aes/vpaes-macosx-x86_64.S
aes/aesni-macosx-x86_64.S
aes/aesni-sha1-macosx-x86_64.S
bn/modexp512-macosx-x86_64.S
bn/mont-macosx-x86_64.S
bn/mont5-macosx-x86_64.S
bn/gf2m-macosx-x86_64.S
camellia/cmll-macosx-x86_64.S
md5/md5-macosx-x86_64.S
modes/ghash-macosx-x86_64.S
rc4/rc4-macosx-x86_64.S
rc4/rc4-md5-macosx-x86_64.S
sha/sha1-macosx-x86_64.S
sha/sha256-macosx-x86_64.S
sha/sha512-macosx-x86_64.S
whrlpool/wp-macosx-x86_64.S
cpuid-macosx-x86_64.S
)
add_definitions(-DAES_ASM)
add_definitions(-DBSAES_ASM)
add_definitions(-DVPAES_ASM)
add_definitions(-DOPENSSL_IA32_SSE2)
add_definitions(-DOPENSSL_BN_ASM_MONT)
add_definitions(-DOPENSSL_BN_ASM_MONT5)
add_definitions(-DOPENSSL_BN_ASM_GF2m)
add_definitions(-DMD5_ASM)
add_definitions(-DGHASH_ASM)
add_definitions(-DRSA_ASM)
add_definitions(-DSHA1_ASM)
add_definitions(-DSHA256_ASM)
add_definitions(-DSHA512_ASM)
add_definitions(-DWHIRLPOOL_ASM)
add_definitions(-DOPENSSL_CPUID_OBJ)
set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_MACOSX_SRC})
set_property(SOURCE ${ASM_X86_64_MACOSX_SRC} PROPERTY LANGUAGE C)
endif()
if((NOT HOST_ASM_ELF_X86_64) AND (NOT HOST_ASM_MACOSX_X86_64))
set(
CRYPTO_SRC
${CRYPTO_SRC}
aes/aes_cbc.c
aes/aes_core.c
camellia/camellia.c
@@ -104,12 +18,6 @@ if((NOT HOST_ASM_ELF_X86_64) AND (NOT HOST_ASM_MACOSX_X86_64))
rc4/rc4_enc.c
rc4/rc4_skey.c
whrlpool/wp_block.c
)
endif()
set(
CRYPTO_SRC
${CRYPTO_SRC}
cpt_err.c
cryptlib.c
cversion.c
@@ -134,6 +42,7 @@ set(
asn1/a_digest.c
asn1/a_dup.c
asn1/a_enum.c
asn1/a_gentm.c
asn1/a_i2d_fp.c
asn1/a_int.c
asn1/a_mbstr.c
@@ -145,8 +54,8 @@ set(
asn1/a_strex.c
asn1/a_strnid.c
asn1/a_time.c
asn1/a_time_tm.c
asn1/a_type.c
asn1/a_utctm.c
asn1/a_utf8.c
asn1/a_verify.c
asn1/ameth_lib.c
@@ -282,8 +191,6 @@ set(
conf/conf_mall.c
conf/conf_mod.c
conf/conf_sap.c
curve25519/curve25519-generic.c
curve25519/curve25519.c
des/cbc_cksm.c
des/cbc_enc.c
des/cfb64ede.c
@@ -352,14 +259,11 @@ set(
ec/ecp_mont.c
ec/ecp_nist.c
ec/ecp_oct.c
ec/ecp_nistp224.c
ec/ecp_nistp256.c
ec/ecp_nistp521.c
ec/ecp_nistputil.c
ec/ecp_smpl.c
ecdh/ech_err.c
ecdh/ech_key.c
ecdh/ech_lib.c
ecdh/ech_ossl.c
ecdsa/ecs_asn1.c
ecdsa/ecs_err.c
ecdsa/ecs_lib.c
@@ -429,9 +333,9 @@ set(
evp/m_gostr341194.c
evp/m_md4.c
evp/m_md5.c
evp/m_md5_sha1.c
evp/m_null.c
evp/m_ripemd.c
evp/m_sha.c
evp/m_sha1.c
evp/m_sigver.c
evp/m_streebog.c
@@ -471,6 +375,7 @@ set(
idea/i_ecb.c
idea/i_ofb64.c
idea/i_skey.c
krb5/krb5_asn.c
lhash/lh_stats.c
lhash/lhash.c
md4/md4_dgst.c
@@ -568,6 +473,8 @@ set(
sha/sha1dgst.c
sha/sha256.c
sha/sha512.c
sha/sha_dgst.c
sha/sha_one.c
stack/stack.c
ts/ts_asn1.c
ts/ts_conf.c
@@ -654,86 +561,44 @@ endif()
if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_win.c)
set(CRYPTO_UNEXPORT ${CRYPTO_UNEXPORT} BIO_s_log)
set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl_win.c)
endif()
if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/posix_win.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} gettimeofday)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_perror)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_fopen)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_fgets)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_open)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_rename)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_connect)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_close)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_read)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_write)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_getsockopt)
set(EXTRA_EXPORT ${EXTRA_EXPORT} posix_setsockopt)
set(EXTRA_EXPORT ${EXTRA_EXPORT} sleep)
endif()
if(NOT HAVE_ASPRINTF)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/bsd-asprintf.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} asprintf)
set(EXTRA_EXPORT ${EXTRA_EXPORT} vasprintf)
endif()
if(NOT HAVE_GETPAGESIZE)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getpagesize.c)
endif()
if(NOT HAVE_INET_PTON)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/inet_pton.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} inet_pton)
endif()
if(NOT HAVE_REALLOCARRAY)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/reallocarray.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} reallocarray)
endif()
if(NOT HAVE_RECALLOCARRAY)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/recallocarray.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} recallocarray)
endif()
if(NOT HAVE_STRCASECMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strcasecmp.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strcasecmp)
endif()
if(NOT HAVE_STRLCAT)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcat.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strlcat)
endif()
if(NOT HAVE_STRLCPY)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcpy.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strlcpy)
endif()
if(NOT HAVE_STRNDUP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strndup.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strndup)
if(NOT HAVE_STRNLEN)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strnlen.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strnlen)
endif()
endif()
if(NOT HAVE_STRSEP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/strsep.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} strsep)
endif()
if(NOT HAVE_TIMEGM)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timegm.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} timegm)
endif()
if(NOT HAVE_EXPLICIT_BZERO)
if(CMAKE_HOST_WIN32)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero_win.c)
@@ -741,15 +606,10 @@ if(NOT HAVE_EXPLICIT_BZERO)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero.c)
set_source_files_properties(compat/explicit_bzero.c PROPERTIES COMPILE_FLAGS -O0)
endif()
set(EXTRA_EXPORT ${EXTRA_EXPORT} explicit_bzero)
endif()
if(NOT HAVE_ARC4RANDOM_BUF)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random.c)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random_uniform.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random)
set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_buf)
set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_uniform)
if(NOT HAVE_GETENTROPY)
if(CMAKE_HOST_WIN32)
@@ -758,69 +618,31 @@ if(NOT HAVE_ARC4RANDOM_BUF)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_hpux.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "Linux")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_netbsd.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "Darwin")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_osx.c)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_darwin.c)
elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS")
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_solaris.c)
endif()
set(EXTRA_EXPORT ${EXTRA_EXPORT} getentropy)
endif()
endif()
if(NOT HAVE_TIMINGSAFE_BCMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_bcmp)
endif()
if(NOT HAVE_TIMINGSAFE_MEMCMP)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_memcmp)
endif()
if(NOT ENABLE_ASM)
add_definitions(-DOPENSSL_NO_ASM)
else()
if(CMAKE_HOST_WIN32)
add_definitions(-DOPENSSL_NO_ASM)
endif()
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
add_definitions(-DOPENSSLDIR=\"${OPENSSLDIR}\")
else()
add_definitions(-DOPENSSLDIR=\"${CMAKE_INSTALL_PREFIX}/etc/ssl\")
endif()
file(READ ${CMAKE_CURRENT_SOURCE_DIR}/crypto.sym SYMS)
foreach(SYM IN LISTS CRYPTO_UNEXPORT)
string(REPLACE "${SYM}\n" "" SYMS ${SYMS})
endforeach()
file(WRITE ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym ${SYMS})
if(EXTRA_EXPORT)
list(SORT EXTRA_EXPORT)
foreach(SYM IN LISTS EXTRA_EXPORT)
file(APPEND ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym "${SYM}\n")
endforeach()
endif()
add_library(crypto-objects OBJECT ${CRYPTO_SRC})
if (BUILD_SHARED)
add_library(crypto-objects OBJECT ${CRYPTO_SRC})
add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>)
add_library(crypto-shared SHARED $<TARGET_OBJECTS:crypto-objects>)
export_symbol(crypto-shared ${CMAKE_CURRENT_SOURCE_DIR}/crypto_p.sym)
if (WIN32)
target_link_libraries(crypto-shared Ws2_32.lib)
set(CRYPTO_POSTFIX -${CRYPTO_MAJOR_VERSION})
endif()
set_target_properties(crypto-shared PROPERTIES
OUTPUT_NAME crypto${CRYPTO_POSTFIX}
ARCHIVE_OUTPUT_NAME crypto${CRYPTO_POSTFIX})
set_target_properties(crypto-shared PROPERTIES OUTPUT_NAME crypto)
set_target_properties(crypto-shared PROPERTIES VERSION
${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
install(TARGETS crypto crypto-shared DESTINATION lib)

54
crypto/Makefile.am
View File

@@ -1,7 +1,6 @@
include $(top_srcdir)/Makefile.am.common
AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I$(top_srcdir)/crypto/bn
AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I$(top_srcdir)/crypto
@@ -10,16 +9,12 @@ lib_LTLIBRARIES = libcrypto.la
EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
EXTRA_DIST += crypto.sym
# needed for a CMake target
EXTRA_DIST += compat/strcasecmp.c
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols $(top_srcdir)/crypto/crypto_portable.sym
libcrypto_la_LIBADD = libcompat.la
if !HAVE_EXPLICIT_BZERO
libcrypto_la_LIBADD += libcompatnoopt.la
endif
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la
libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS)
libcrypto_la_CPPFLAGS += -DLIBRESSL_INTERNAL
libcrypto_la_CPPFLAGS += -DOPENSSL_NO_HW_PADLOCK
@@ -37,15 +32,13 @@ else
libcrypto_la_CPPFLAGS += -DOPENSSLDIR=\"$(sysconfdir)/ssl\"
endif
noinst_LTLIBRARIES = libcompat.la
noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
# compatibility functions that need to be built without optimizations
if !HAVE_EXPLICIT_BZERO
noinst_LTLIBRARIES += libcompatnoopt.la
libcompatnoopt_la_CFLAGS = -O0
libcompatnoopt_la_SOURCES =
if !HAVE_EXPLICIT_BZERO
if HOST_WIN
libcompatnoopt_la_SOURCES += compat/explicit_bzero_win.c
else
@@ -73,34 +66,18 @@ libcompat_la_SOURCES += compat/strnlen.c
endif
endif
if !HAVE_STRSEP
libcompat_la_SOURCES += compat/strsep.c
endif
if !HAVE_ASPRINTF
libcompat_la_SOURCES += compat/bsd-asprintf.c
endif
if !HAVE_GETPAGESIZE
libcompat_la_SOURCES += compat/getpagesize.c
endif
if !HAVE_INET_PTON
libcompat_la_SOURCES += compat/inet_pton.c
endif
if !HAVE_TIMEGM
libcompat_la_SOURCES += compat/timegm.c
endif
if !HAVE_REALLOCARRAY
libcompat_la_SOURCES += compat/reallocarray.c
endif
if !HAVE_RECALLOCARRAY
libcompat_la_SOURCES += compat/recallocarray.c
endif
if !HAVE_TIMINGSAFE_MEMCMP
libcompat_la_SOURCES += compat/timingsafe_memcmp.c
endif
@@ -147,7 +124,6 @@ noinst_HEADERS += constant_time_locl.h
noinst_HEADERS += cryptlib.h
noinst_HEADERS += md32_common.h
noinst_HEADERS += o_time.h
noinst_HEADERS += x86_arch.h
# aes
libcrypto_la_SOURCES += aes/aes_cfb.c
@@ -167,6 +143,7 @@ libcrypto_la_SOURCES += asn1/a_d2i_fp.c
libcrypto_la_SOURCES += asn1/a_digest.c
libcrypto_la_SOURCES += asn1/a_dup.c
libcrypto_la_SOURCES += asn1/a_enum.c
libcrypto_la_SOURCES += asn1/a_gentm.c
libcrypto_la_SOURCES += asn1/a_i2d_fp.c
libcrypto_la_SOURCES += asn1/a_int.c
libcrypto_la_SOURCES += asn1/a_mbstr.c
@@ -178,8 +155,8 @@ libcrypto_la_SOURCES += asn1/a_sign.c
libcrypto_la_SOURCES += asn1/a_strex.c
libcrypto_la_SOURCES += asn1/a_strnid.c
libcrypto_la_SOURCES += asn1/a_time.c
libcrypto_la_SOURCES += asn1/a_time_tm.c
libcrypto_la_SOURCES += asn1/a_type.c
libcrypto_la_SOURCES += asn1/a_utctm.c
libcrypto_la_SOURCES += asn1/a_utf8.c
libcrypto_la_SOURCES += asn1/a_verify.c
libcrypto_la_SOURCES += asn1/ameth_lib.c
@@ -357,12 +334,6 @@ libcrypto_la_SOURCES += conf/conf_mod.c
libcrypto_la_SOURCES += conf/conf_sap.c
noinst_HEADERS += conf/conf_def.h
# curve25519
libcrypto_la_SOURCES += curve25519/curve25519-generic.c
libcrypto_la_SOURCES += curve25519/curve25519.c
noinst_HEADERS += curve25519/curve25519_internal.h
# des
libcrypto_la_SOURCES += des/cbc_cksm.c
libcrypto_la_SOURCES += des/cbc_enc.c
@@ -443,10 +414,6 @@ libcrypto_la_SOURCES += ec/ec_print.c
libcrypto_la_SOURCES += ec/eck_prn.c
libcrypto_la_SOURCES += ec/ecp_mont.c
libcrypto_la_SOURCES += ec/ecp_nist.c
libcrypto_la_SOURCES += ec/ecp_nistp224.c
libcrypto_la_SOURCES += ec/ecp_nistp256.c
libcrypto_la_SOURCES += ec/ecp_nistp521.c
libcrypto_la_SOURCES += ec/ecp_nistputil.c
libcrypto_la_SOURCES += ec/ecp_oct.c
libcrypto_la_SOURCES += ec/ecp_smpl.c
noinst_HEADERS += ec/ec_lcl.h
@@ -455,6 +422,7 @@ noinst_HEADERS += ec/ec_lcl.h
libcrypto_la_SOURCES += ecdh/ech_err.c
libcrypto_la_SOURCES += ecdh/ech_key.c
libcrypto_la_SOURCES += ecdh/ech_lib.c
libcrypto_la_SOURCES += ecdh/ech_ossl.c
noinst_HEADERS += ecdh/ech_locl.h
# ecdsa
@@ -535,9 +503,9 @@ libcrypto_la_SOURCES += evp/m_gost2814789.c
libcrypto_la_SOURCES += evp/m_gostr341194.c
libcrypto_la_SOURCES += evp/m_md4.c
libcrypto_la_SOURCES += evp/m_md5.c
libcrypto_la_SOURCES += evp/m_md5_sha1.c
libcrypto_la_SOURCES += evp/m_null.c
libcrypto_la_SOURCES += evp/m_ripemd.c
libcrypto_la_SOURCES += evp/m_sha.c
libcrypto_la_SOURCES += evp/m_sha1.c
libcrypto_la_SOURCES += evp/m_sigver.c
libcrypto_la_SOURCES += evp/m_streebog.c
@@ -589,6 +557,9 @@ libcrypto_la_SOURCES += idea/i_ofb64.c
libcrypto_la_SOURCES += idea/i_skey.c
noinst_HEADERS += idea/idea_lcl.h
# krb5
libcrypto_la_SOURCES += krb5/krb5_asn.c
# lhash
libcrypto_la_SOURCES += lhash/lh_stats.c
libcrypto_la_SOURCES += lhash/lhash.c
@@ -728,6 +699,8 @@ libcrypto_la_SOURCES += sha/sha1_one.c
libcrypto_la_SOURCES += sha/sha1dgst.c
libcrypto_la_SOURCES += sha/sha256.c
libcrypto_la_SOURCES += sha/sha512.c
libcrypto_la_SOURCES += sha/sha_dgst.c
libcrypto_la_SOURCES += sha/sha_one.c
noinst_HEADERS += sha/sha_locl.h
# stack
@@ -792,7 +765,6 @@ libcrypto_la_SOURCES += x509/x509spki.c
libcrypto_la_SOURCES += x509/x509type.c
libcrypto_la_SOURCES += x509/x_all.c
noinst_HEADERS += x509/x509_lcl.h
noinst_HEADERS += x509/vpm_int.h
# x509v3
libcrypto_la_SOURCES += x509v3/pcy_cache.c

1
crypto/Makefile.am.arc4random
View File

@@ -1,6 +1,5 @@
if !HAVE_ARC4RANDOM_BUF
libcompat_la_SOURCES += compat/arc4random.c
libcompat_la_SOURCES += compat/arc4random_uniform.c
if !HAVE_GETENTROPY
if HOST_AIX

32
crypto/Makefile.am.elf-x86_64
View File

@@ -1,22 +1,22 @@
ASM_X86_64_ELF = aes/aes-elf-x86_64.S
ASM_X86_64_ELF += aes/bsaes-elf-x86_64.S
ASM_X86_64_ELF += aes/vpaes-elf-x86_64.S
ASM_X86_64_ELF += aes/aesni-elf-x86_64.S
ASM_X86_64_ELF += aes/aesni-sha1-elf-x86_64.S
ASM_X86_64_ELF += bn/modexp512-elf-x86_64.S
ASM_X86_64_ELF += bn/mont-elf-x86_64.S
ASM_X86_64_ELF += bn/mont5-elf-x86_64.S
ASM_X86_64_ELF += bn/gf2m-elf-x86_64.S
ASM_X86_64_ELF += camellia/cmll-elf-x86_64.S
ASM_X86_64_ELF += md5/md5-elf-x86_64.S
ASM_X86_64_ELF += modes/ghash-elf-x86_64.S
ASM_X86_64_ELF += rc4/rc4-elf-x86_64.S
ASM_X86_64_ELF += rc4/rc4-md5-elf-x86_64.S
ASM_X86_64_ELF += sha/sha1-elf-x86_64.S
ASM_X86_64_ELF = aes/aes-elf-x86_64.s
ASM_X86_64_ELF += aes/bsaes-elf-x86_64.s
ASM_X86_64_ELF += aes/vpaes-elf-x86_64.s
ASM_X86_64_ELF += aes/aesni-elf-x86_64.s
ASM_X86_64_ELF += aes/aesni-sha1-elf-x86_64.s
ASM_X86_64_ELF += bn/modexp512-elf-x86_64.s
ASM_X86_64_ELF += bn/mont-elf-x86_64.s
ASM_X86_64_ELF += bn/mont5-elf-x86_64.s
ASM_X86_64_ELF += bn/gf2m-elf-x86_64.s
ASM_X86_64_ELF += camellia/cmll-elf-x86_64.s
ASM_X86_64_ELF += md5/md5-elf-x86_64.s
ASM_X86_64_ELF += modes/ghash-elf-x86_64.s
ASM_X86_64_ELF += rc4/rc4-elf-x86_64.s
ASM_X86_64_ELF += rc4/rc4-md5-elf-x86_64.s
ASM_X86_64_ELF += sha/sha1-elf-x86_64.s
ASM_X86_64_ELF += sha/sha256-elf-x86_64.S
ASM_X86_64_ELF += sha/sha512-elf-x86_64.S
ASM_X86_64_ELF += whrlpool/wp-elf-x86_64.S
ASM_X86_64_ELF += whrlpool/wp-elf-x86_64.s
ASM_X86_64_ELF += cpuid-elf-x86_64.S
EXTRA_DIST += $(ASM_X86_64_ELF)

32
crypto/Makefile.am.macosx-x86_64
View File

@@ -1,22 +1,22 @@
ASM_X86_64_MACOSX = aes/aes-macosx-x86_64.S
ASM_X86_64_MACOSX += aes/bsaes-macosx-x86_64.S
ASM_X86_64_MACOSX += aes/vpaes-macosx-x86_64.S
ASM_X86_64_MACOSX += aes/aesni-macosx-x86_64.S
ASM_X86_64_MACOSX += aes/aesni-sha1-macosx-x86_64.S
ASM_X86_64_MACOSX += bn/modexp512-macosx-x86_64.S
ASM_X86_64_MACOSX += bn/mont-macosx-x86_64.S
ASM_X86_64_MACOSX += bn/mont5-macosx-x86_64.S
ASM_X86_64_MACOSX += bn/gf2m-macosx-x86_64.S
ASM_X86_64_MACOSX += camellia/cmll-macosx-x86_64.S
ASM_X86_64_MACOSX += md5/md5-macosx-x86_64.S
ASM_X86_64_MACOSX += modes/ghash-macosx-x86_64.S
ASM_X86_64_MACOSX += rc4/rc4-macosx-x86_64.S
ASM_X86_64_MACOSX += rc4/rc4-md5-macosx-x86_64.S
ASM_X86_64_MACOSX += sha/sha1-macosx-x86_64.S
ASM_X86_64_MACOSX = aes/aes-macosx-x86_64.s
ASM_X86_64_MACOSX += aes/bsaes-macosx-x86_64.s
ASM_X86_64_MACOSX += aes/vpaes-macosx-x86_64.s
ASM_X86_64_MACOSX += aes/aesni-macosx-x86_64.s
ASM_X86_64_MACOSX += aes/aesni-sha1-macosx-x86_64.s
ASM_X86_64_MACOSX += bn/modexp512-macosx-x86_64.s
ASM_X86_64_MACOSX += bn/mont-macosx-x86_64.s
ASM_X86_64_MACOSX += bn/mont5-macosx-x86_64.s
ASM_X86_64_MACOSX += bn/gf2m-macosx-x86_64.s
ASM_X86_64_MACOSX += camellia/cmll-macosx-x86_64.s
ASM_X86_64_MACOSX += md5/md5-macosx-x86_64.s
ASM_X86_64_MACOSX += modes/ghash-macosx-x86_64.s
ASM_X86_64_MACOSX += rc4/rc4-macosx-x86_64.s
ASM_X86_64_MACOSX += rc4/rc4-md5-macosx-x86_64.s
ASM_X86_64_MACOSX += sha/sha1-macosx-x86_64.s
ASM_X86_64_MACOSX += sha/sha256-macosx-x86_64.S
ASM_X86_64_MACOSX += sha/sha512-macosx-x86_64.S
ASM_X86_64_MACOSX += whrlpool/wp-macosx-x86_64.S
ASM_X86_64_MACOSX += whrlpool/wp-macosx-x86_64.s
ASM_X86_64_MACOSX += cpuid-macosx-x86_64.S
EXTRA_DIST += $(ASM_X86_64_MACOSX)

4
crypto/compat/b_win.c
View File

@@ -23,8 +23,8 @@ BIO_sock_init(void)
if (!wsa_init_done) {
if (WSAStartup(version_requested, &wsa_state) != 0) {
int err = WSAGetLastError();
SYSerror(err);
BIOerror(BIO_R_WSASTARTUP);
SYSerr(SYS_F_WSASTARTUP, err);
BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP);
return (-1);
}
wsa_init_done = 1;

12
crypto/compat/getpagesize.c
View File

@@ -1,12 +0,0 @@
/* $OpenBSD$ */
#include <unistd.h>
#include <windows.h>
int
getpagesize(void)
{
SYSTEM_INFO system_info;
GetSystemInfo(&system_info);
return system_info.dwPageSize;
}

212
crypto/compat/inet_pton.c Normal file
View File

@@ -0,0 +1,212 @@
/* $OpenBSD: inet_pton.c,v 1.9 2015/01/16 16:48:51 deraadt Exp $ */
/* Copyright (c) 1996 by Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <arpa/nameser.h>
#include <string.h>
#include <errno.h>
/*
* WARNING: Don't even consider trying to compile this on a system where
* sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX.
*/
static int inet_pton4(const char *src, u_char *dst);
static int inet_pton6(const char *src, u_char *dst);
/* int
* inet_pton(af, src, dst)
* convert from presentation format (which usually means ASCII printable)
* to network format (which is usually some kind of binary format).
* return:
* 1 if the address was valid for the specified address family
* 0 if the address wasn't valid (`dst' is untouched in this case)
* -1 if some other error occurred (`dst' is untouched in this case, too)
* author:
* Paul Vixie, 1996.
*/
int
inet_pton(int af, const char *src, void *dst)
{
switch (af) {
case AF_INET:
return (inet_pton4(src, dst));
case AF_INET6:
return (inet_pton6(src, dst));
default:
errno = EAFNOSUPPORT;
return (-1);
}
/* NOTREACHED */
}
/* int
* inet_pton4(src, dst)
* like inet_aton() but without all the hexadecimal and shorthand.
* return:
* 1 if `src' is a valid dotted quad, else 0.
* notice:
* does not touch `dst' unless it's returning 1.
* author:
* Paul Vixie, 1996.
*/
static int
inet_pton4(const char *src, u_char *dst)
{
static const char digits[] = "0123456789";
int saw_digit, octets, ch;
u_char tmp[INADDRSZ], *tp;
saw_digit = 0;
octets = 0;
*(tp = tmp) = 0;
while ((ch = *src++) != '\0') {
const char *pch;
if ((pch = strchr(digits, ch)) != NULL) {
u_int new = *tp * 10 + (pch - digits);
if (new > 255)
return (0);
if (! saw_digit) {
if (++octets > 4)
return (0);
saw_digit = 1;
}
*tp = new;
} else if (ch == '.' && saw_digit) {
if (octets == 4)
return (0);
*++tp = 0;
saw_digit = 0;
} else
return (0);
}
if (octets < 4)
return (0);
memcpy(dst, tmp, INADDRSZ);
return (1);
}
/* int
* inet_pton6(src, dst)
* convert presentation level address to network order binary form.
* return:
* 1 if `src' is a valid [RFC1884 2.2] address, else 0.
* notice:
* does not touch `dst' unless it's returning 1.
* credit:
* inspired by Mark Andrews.
* author:
* Paul Vixie, 1996.
*/
static int
inet_pton6(const char *src, u_char *dst)
{
static const char xdigits_l[] = "0123456789abcdef",
xdigits_u[] = "0123456789ABCDEF";
u_char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
const char *xdigits, *curtok;
int ch, saw_xdigit, count_xdigit;
u_int val;
memset((tp = tmp), '\0', IN6ADDRSZ);
endp = tp + IN6ADDRSZ;
colonp = NULL;
/* Leading :: requires some special handling. */
if (*src == ':')
if (*++src != ':')
return (0);
curtok = src;
saw_xdigit = count_xdigit = 0;
val = 0;
while ((ch = *src++) != '\0') {
const char *pch;
if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
pch = strchr((xdigits = xdigits_u), ch);
if (pch != NULL) {
if (count_xdigit >= 4)
return (0);
val <<= 4;
val |= (pch - xdigits);
if (val > 0xffff)
return (0);
saw_xdigit = 1;
count_xdigit++;
continue;
}
if (ch == ':') {
curtok = src;
if (!saw_xdigit) {
if (colonp)
return (0);
colonp = tp;
continue;
} else if (*src == '\0') {
return (0);
}
if (tp + INT16SZ > endp)
return (0);
*tp++ = (u_char) (val >> 8) & 0xff;
*tp++ = (u_char) val & 0xff;
saw_xdigit = 0;
count_xdigit = 0;
val = 0;
continue;
}
if (ch == '.' && ((tp + INADDRSZ) <= endp) &&
inet_pton4(curtok, tp) > 0) {
tp += INADDRSZ;
saw_xdigit = 0;
count_xdigit = 0;
break; /* '\0' was seen by inet_pton4(). */
}
return (0);
}
if (saw_xdigit) {
if (tp + INT16SZ > endp)
return (0);
*tp++ = (u_char) (val >> 8) & 0xff;
*tp++ = (u_char) val & 0xff;
}
if (colonp != NULL) {
/*
* Since some memmove()'s erroneously fail to handle
* overlapping regions, we'll do the shift by hand.
*/
const int n = tp - colonp;
int i;
if (tp == endp)
return (0);
for (i = 1; i <= n; i++) {
endp[- i] = colonp[n - i];
colonp[n - i] = 0;
}
tp = endp;
}
if (tp != endp)
return (0);
memcpy(dst, tmp, IN6ADDRSZ);
return (1);
}

47
crypto/compat/posix_win.c
View File

@@ -12,8 +12,6 @@
#include <ws2tcpip.h>
#include <errno.h>
#include <fcntl.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@@ -40,42 +38,6 @@ posix_fopen(const char *path, const char *mode)
return fopen(path, mode);
}
int
posix_open(const char *path, ...)
{
va_list ap;
int mode = 0;
int flags;
va_start(ap, path);
flags = va_arg(ap, int);
if (flags & O_CREAT)
mode = va_arg(ap, int);
va_end(ap);
flags |= O_BINARY;
if (flags & O_CLOEXEC) {
flags &= ~O_CLOEXEC;
flags |= O_NOINHERIT;
}
flags &= ~O_NONBLOCK;
return open(path, flags, mode);
}
char *
posix_fgets(char *s, int size, FILE *stream)
{
char *ret = fgets(s, size, stream);
if (ret != NULL) {
size_t end = strlen(ret);
if (end >= 2 && ret[end - 2] == '\r' && ret[end - 1] == '\n') {
ret[end - 2] = '\n';
ret[end - 1] = '\0';
}
}
return ret;
}
int
posix_rename(const char *oldpath, const char *newpath)
{
@@ -132,9 +94,6 @@ wsa_errno(int err)
case WSAEAFNOSUPPORT:
errno = EAFNOSUPPORT;
break;
case WSAEBADF:
errno = EBADF;
break;
case WSAENETRESET:
case WSAENOTCONN:
case WSAECONNABORTED:
@@ -161,7 +120,7 @@ posix_close(int fd)
{
if (closesocket(fd) == SOCKET_ERROR) {
int err = WSAGetLastError();
return (err == WSAENOTSOCK || err == WSAEBADF) ?
return err == WSAENOTSOCK ?
close(fd) : wsa_errno(err);
}
return 0;
@@ -173,7 +132,7 @@ posix_read(int fd, void *buf, size_t count)
ssize_t rc = recv(fd, buf, count, 0);
if (rc == SOCKET_ERROR) {
int err = WSAGetLastError();
return (err == WSAENOTSOCK || err == WSAEBADF) ?
return err == WSAENOTSOCK ?
read(fd, buf, count) : wsa_errno(err);
}
return rc;
@@ -185,7 +144,7 @@ posix_write(int fd, const void *buf, size_t count)
ssize_t rc = send(fd, buf, count, 0);
if (rc == SOCKET_ERROR) {
int err = WSAGetLastError();
return (err == WSAENOTSOCK || err == WSAEBADF) ?
return err == WSAENOTSOCK ?
write(fd, buf, count) : wsa_errno(err);
}
return rc;

220
crypto/compat/timegm.c
View File

@@ -1,220 +0,0 @@
/*
* ----------------------------------------------------------------------
* Copyright © 2005-2014 Rich Felker, et al.
*
* Permission is hereby granted, free of charge, to any person obtaining
* a copy of this software and associated documentation files (the
* "Software"), to deal in the Software without restriction, including
* without limitation the rights to use, copy, modify, merge, publish,
* distribute, sublicense, and/or sell copies of the Software, and to
* permit persons to whom the Software is furnished to do so, subject to
* the following conditions:
*
* The above copyright notice and this permission notice shall be
* included in all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
* IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
* CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
* TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
* SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
* ----------------------------------------------------------------------
*/
#include <errno.h>
#include <limits.h>
#include <time.h>
/* 2000-03-01 (mod 400 year, immediately after feb29 */
#define LEAPOCH (946684800LL + 86400*(31+29))
#define DAYS_PER_400Y (365*400 + 97)
#define DAYS_PER_100Y (365*100 + 24)
#define DAYS_PER_4Y (365*4 + 1)
static int __month_to_secs(int month, int is_leap)
{
static const int secs_through_month[] = {
0, 31*86400, 59*86400, 90*86400,
120*86400, 151*86400, 181*86400, 212*86400,
243*86400, 273*86400, 304*86400, 334*86400 };
int t = secs_through_month[month];
if (is_leap && month >= 2) t+=86400;
return t;
}
static long long __year_to_secs(long long year, int *is_leap)
{
if (year-2ULL <= 136) {
int y = year;
int leaps = (y-68)>>2;
if (!((y-68)&3)) {
leaps--;
if (is_leap) *is_leap = 1;
} else if (is_leap) *is_leap = 0;
return 31536000*(y-70) + 86400*leaps;
}
int cycles, centuries, leaps, rem;
if (!is_leap) is_leap = &(int){0};
cycles = (year-100) / 400;
rem = (year-100) % 400;
if (rem < 0) {
cycles--;
rem += 400;
}
if (!rem) {
*is_leap = 1;
centuries = 0;
leaps = 0;
} else {
if (rem >= 200) {
if (rem >= 300) centuries = 3, rem -= 300;
else centuries = 2, rem -= 200;
} else {
if (rem >= 100) centuries = 1, rem -= 100;
else centuries = 0;
}
if (!rem) {
*is_leap = 0;
leaps = 0;
} else {
leaps = rem / 4U;
rem %= 4U;
*is_leap = !rem;
}
}
leaps += 97*cycles + 24*centuries - *is_leap;
return (year-100) * 31536000LL + leaps * 86400LL + 946684800 + 86400;
}
static long long __tm_to_secs(const struct tm *tm)
{
int is_leap;
long long year = tm->tm_year;
int month = tm->tm_mon;
if (month >= 12 || month < 0) {
int adj = month / 12;
month %= 12;
if (month < 0) {
adj--;
month += 12;
}
year += adj;
}
long long t = __year_to_secs(year, &is_leap);
t += __month_to_secs(month, is_leap);
t += 86400LL * (tm->tm_mday-1);
t += 3600LL * tm->tm_hour;
t += 60LL * tm->tm_min;
t += tm->tm_sec;
return t;
}
static int __secs_to_tm(long long t, struct tm *tm)
{
long long days, secs;
int remdays, remsecs, remyears;
int qc_cycles, c_cycles, q_cycles;
int years, months;
int wday, yday, leap;
static const char days_in_month[] = {31,30,31,30,31,31,30,31,30,31,31,29};
/* Reject time_t values whose year would overflow int */
if (t < INT_MIN * 31622400LL || t > INT_MAX * 31622400LL)
return -1;
secs = t - LEAPOCH;
days = secs / 86400;
remsecs = secs % 86400;
if (remsecs < 0) {
remsecs += 86400;
days--;
}
wday = (3+days)%7;
if (wday < 0) wday += 7;
qc_cycles = days / DAYS_PER_400Y;
remdays = days % DAYS_PER_400Y;
if (remdays < 0) {
remdays += DAYS_PER_400Y;
qc_cycles--;
}
c_cycles = remdays / DAYS_PER_100Y;
if (c_cycles == 4) c_cycles--;
remdays -= c_cycles * DAYS_PER_100Y;
q_cycles = remdays / DAYS_PER_4Y;
if (q_cycles == 25) q_cycles--;
remdays -= q_cycles * DAYS_PER_4Y;
remyears = remdays / 365;
if (remyears == 4) remyears--;
remdays -= remyears * 365;
leap = !remyears && (q_cycles || !c_cycles);
yday = remdays + 31 + 28 + leap;
if (yday >= 365+leap) yday -= 365+leap;
years = remyears + 4*q_cycles + 100*c_cycles + 400*qc_cycles;
for (months=0; days_in_month[months] <= remdays; months++)
remdays -= days_in_month[months];
if (years+100 > INT_MAX || years+100 < INT_MIN)
return -1;
tm->tm_year = years + 100;
tm->tm_mon = months + 2;
if (tm->tm_mon >= 12) {
tm->tm_mon -=12;
tm->tm_year++;
}
tm->tm_mday = remdays + 1;
tm->tm_wday = wday;
tm->tm_yday = yday;
tm->tm_hour = remsecs / 3600;
tm->tm_min = remsecs / 60 % 60;
tm->tm_sec = remsecs % 60;
return 0;
}
#ifdef _WIN32
struct tm *__gmtime_r(const time_t *t, struct tm *tm)
{
if (__secs_to_tm(*t, tm) < 0) {
errno = EOVERFLOW;
return 0;
}
tm->tm_isdst = 0;
return tm;
}
#endif
time_t timegm(struct tm *tm)
{
struct tm new;
long long t = __tm_to_secs(tm);
if (__secs_to_tm(t, &new) < 0) {
errno = EOVERFLOW;
return -1;
}
#if SIZEOF_TIME_T != 8
if (t > (long long)INT_MAX || t < (long long)INT_MIN) {
errno = EOVERFLOW;
return -1;
}
#endif
*tm = new;
tm->tm_isdst = 0;
return t;
}

20
crypto/compat/ui_openssl_win.c
View File

@@ -286,7 +286,7 @@ error:
if (ps >= 1)
popsig();
explicit_bzero(result, BUFSIZ);
OPENSSL_cleanse(result, BUFSIZ);
return ok;
}
@@ -302,12 +302,8 @@ open_console(UI *ui)
tty_out = stderr;
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
if (handle != NULL && handle != INVALID_HANDLE_VALUE) {
if (GetFileType(handle) == FILE_TYPE_CHAR)
if (handle != INVALID_HANDLE_VALUE)
return GetConsoleMode(handle, &console_mode);
else
return 1;
}
return 0;
}
@@ -315,12 +311,8 @@ static int
noecho_console(UI *ui)
{
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
if (handle != NULL && handle != INVALID_HANDLE_VALUE) {
if (GetFileType(handle) == FILE_TYPE_CHAR)
if (handle != INVALID_HANDLE_VALUE)
return SetConsoleMode(handle, console_mode & ~ENABLE_ECHO_INPUT);
else
return 1;
}
return 0;
}
@@ -328,12 +320,8 @@ static int
echo_console(UI *ui)
{
HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
if (handle != NULL && handle != INVALID_HANDLE_VALUE) {
if (GetFileType(handle) == FILE_TYPE_CHAR)
if (handle != INVALID_HANDLE_VALUE)
return SetConsoleMode(handle, console_mode);
else
return 1;
}
return 0;
}

11
dist-win.sh
View File

@@ -29,11 +29,20 @@ for ARCH in X86 X64; do
make -j 4 install DESTDIR=`pwd`/stage-$ARCHDIR
mkdir -p $DIST/$ARCHDIR
#cp -a stage-$ARCHDIR/usr/local/lib/* $DIST/$ARCHDIR
if [ ! -e $DIST/include ]; then
cp -r stage-$ARCHDIR/usr/local/include $DIST
cp -a stage-$ARCHDIR/usr/local/include $DIST
sed -i -e 'N;/\n.*__non/s/"\? *\n/ /;P;D' \
$DIST/include/openssl/*.h $DIST/include/*.h
sed -i -e 'N;/\n.*__attr/s/"\? *\n/ /;P;D' \
$DIST/include/openssl/*.h $DIST/include/*.h
sed -i -e "s/__attr.*;/;/" \
-e "s/sys\/time.h/winsock2.h/" \
$DIST/include/openssl/*.h $DIST/include/*.h
fi
cp stage-$ARCHDIR/usr/local/bin/* $DIST/$ARCHDIR
#cp /usr/$HOST/sys-root/mingw/bin/libssp* $DIST/$ARCHDIR
for i in libcrypto libssl libtls; do
DLL=$(basename `ls -1 $DIST/$ARCHDIR/$i*.dll`|cut -d. -f1)

20
gen-openbsd-tags.sh
View File

@@ -1,20 +0,0 @@
#!/bin/sh
set -e
for tag in `git tag`; do
branch=master
if [[ $tag = v2.0* ]]; then
branch=OPENBSD_5_6
elif [[ $tag = v2.1* ]]; then
branch=OPENBSD_5_7
elif [[ $tag = v2.2* ]]; then
branch=OPENBSD_5_8
elif [[ $tag = v2.3* ]]; then
branch=OPENBSD_5_9
fi
# adjust for 9 hour timezone delta between trees
release_ts=$((`git show -s --format=%ct $tag|tail -n1` + 32400))
commit=`git -C openbsd rev-list -n 1 --before=$release_ts $branch`
git -C openbsd tag -f libressl-$tag $commit
echo Tagged $tag as $commit in openbsd
done

2
include/CMakeLists.txt
View File

@@ -2,4 +2,4 @@ install(DIRECTORY .
DESTINATION include
PATTERN "CMakeLists.txt" EXCLUDE
PATTERN "compat" EXCLUDE
PATTERN "Makefile*" EXCLUDE)
PATTERN "Makefile.*" EXCLUDE)

8
include/Makefile.am
View File

@@ -8,12 +8,8 @@ noinst_HEADERS = pqueue.h
noinst_HEADERS += compat/dirent.h
noinst_HEADERS += compat/dirent_msvc.h
noinst_HEADERS += compat/err.h
noinst_HEADERS += compat/fcntl.h
noinst_HEADERS += compat/limits.h
noinst_HEADERS += compat/netdb.h
noinst_HEADERS += compat/poll.h
noinst_HEADERS += compat/readpassphrase.h
noinst_HEADERS += compat/resolv.h
noinst_HEADERS += compat/stdio.h
noinst_HEADERS += compat/stdlib.h
noinst_HEADERS += compat/string.h
@@ -27,15 +23,15 @@ noinst_HEADERS += compat/arpa/nameser.h
noinst_HEADERS += compat/machine/endian.h
noinst_HEADERS += compat/netinet/in.h
noinst_HEADERS += compat/netinet/ip.h
noinst_HEADERS += compat/netinet/tcp.h
noinst_HEADERS += compat/sys/cdefs.h
noinst_HEADERS += compat/sys/ioctl.h
noinst_HEADERS += compat/sys/mman.h
noinst_HEADERS += compat/sys/param.h
noinst_HEADERS += compat/sys/select.h
noinst_HEADERS += compat/sys/socket.h
noinst_HEADERS += compat/sys/stat.h
noinst_HEADERS += compat/sys/socket.h
noinst_HEADERS += compat/sys/time.h
noinst_HEADERS += compat/sys/types.h
noinst_HEADERS += compat/sys/uio.h

4
include/compat/arpa/inet.h
View File

@@ -14,10 +14,6 @@
#endif
#ifndef HAVE_INET_NTOP
const char * inet_ntop(int af, const void *src, char *dst, socklen_t size);
#endif
#ifndef HAVE_INET_PTON
int inet_pton(int af, const char * src, void * dst);
#endif

72
include/compat/err.h
View File

@@ -13,76 +13,20 @@
#define LIBCRYPTOCOMPAT_ERR_H
#include <errno.h>
#include <stdarg.h>
#include <stdlib.h>
#include <stdio.h>
#include <string.h>
#if defined(_MSC_VER)
__declspec(noreturn)
#else
__attribute__((noreturn))
#endif
static inline void
err(int eval, const char *fmt, ...)
{
int sverrno = errno;
va_list ap;
#define err(exitcode, format, ...) \
errx(exitcode, format ": %s", ## __VA_ARGS__, strerror(errno))
va_start(ap, fmt);
if (fmt != NULL) {
vfprintf(stderr, fmt, ap);
fprintf(stderr, ": ");
}
fprintf(stderr, "%s\n", strerror(sverrno));
exit(eval);
va_end(ap);
}
#define errx(exitcode, format, ...) \
do { warnx(format, ## __VA_ARGS__); exit(exitcode); } while (0)
#if defined(_MSC_VER)
__declspec(noreturn)
#else
__attribute__((noreturn))
#endif
static inline void
errx(int eval, const char *fmt, ...)
{
va_list ap;
#define warn(format, ...) \
warnx(format ": %s", ## __VA_ARGS__, strerror(errno))
va_start(ap, fmt);
if (fmt != NULL)
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
exit(eval);
va_end(ap);
}
static inline void
warn(const char *fmt, ...)
{
int sverrno = errno;
va_list ap;
va_start(ap, fmt);
if (fmt != NULL) {
vfprintf(stderr, fmt, ap);
fprintf(stderr, ": ");
}
fprintf(stderr, "%s\n", strerror(sverrno));
va_end(ap);
}
static inline void
warnx(const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
if (fmt != NULL)
vfprintf(stderr, fmt, ap);
fprintf(stderr, "\n");
va_end(ap);
}
#define warnx(format, ...) \
fprintf(stderr, format "\n", ## __VA_ARGS__)
#endif

32
include/compat/fcntl.h
View File

@@ -1,32 +0,0 @@
/*
* Public domain
* fcntl.h compatibility shim
*/
#ifndef _WIN32
#include_next <fcntl.h>
#else
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/fcntl.h>
#else
#include <../include/fcntl.h>
#endif
#else
#include_next <fcntl.h>
#endif
#endif
#ifndef O_NONBLOCK
#define O_NONBLOCK 0x100000
#endif
#ifndef O_CLOEXEC
#define O_CLOEXEC 0x200000
#endif
#ifndef FD_CLOEXEC
#define FD_CLOEXEC 1
#endif

25
include/compat/limits.h
View File

@@ -1,25 +0,0 @@
/*
* Public domain
* limits.h compatibility shim
*/
#ifdef _MSC_VER
#include <../include/limits.h>
#if _MSC_VER >= 1900
#include <../ucrt/stdlib.h>
#else
#include <../include/stdlib.h>
#endif
#ifndef PATH_MAX
#define PATH_MAX _MAX_PATH
#endif
#else
#include_next <limits.h>
#endif
#ifdef __hpux
#include <sys/param.h>
#ifndef PATH_MAX
#define PATH_MAX MAXPATHLEN
#endif
#endif

47
include/compat/netinet/ip.h
View File

@@ -1,47 +0,0 @@
/*
* Public domain
* netinet/ip.h compatibility shim
*/
#if defined(__hpux)
#include <netinet/in_systm.h>
#endif
#ifndef _WIN32
#include_next <netinet/ip.h>
#else
#include <win32netcompat.h>
#endif
/*
* Definitions for DiffServ Codepoints as per RFC2474
*/
#ifndef IPTOS_DSCP_CS0
#define IPTOS_DSCP_CS0 0x00
#define IPTOS_DSCP_CS1 0x20
#define IPTOS_DSCP_CS2 0x40
#define IPTOS_DSCP_CS3 0x60
#define IPTOS_DSCP_CS4 0x80
#define IPTOS_DSCP_CS5 0xa0
#define IPTOS_DSCP_CS6 0xc0
#define IPTOS_DSCP_CS7 0xe0
#endif
#ifndef IPTOS_DSCP_AF11
#define IPTOS_DSCP_AF11 0x28
#define IPTOS_DSCP_AF12 0x30
#define IPTOS_DSCP_AF13 0x38
#define IPTOS_DSCP_AF21 0x48
#define IPTOS_DSCP_AF22 0x50
#define IPTOS_DSCP_AF23 0x58
#define IPTOS_DSCP_AF31 0x68
#define IPTOS_DSCP_AF32 0x70
#define IPTOS_DSCP_AF33 0x78
#define IPTOS_DSCP_AF41 0x88
#define IPTOS_DSCP_AF42 0x90
#define IPTOS_DSCP_AF43 0x98
#endif
#ifndef IPTOS_DSCP_EF
#define IPTOS_DSCP_EF 0xb8
#endif

44
include/compat/readpassphrase.h
View File

@@ -1,44 +0,0 @@
/* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */
/*
* Copyright (c) 2000, 2002 Todd C. Miller <Todd.Miller@courtesan.com>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
#ifdef HAVE_READPASSPHRASE_H
#include_next <readpassphrase.h>
#else
#ifndef _READPASSPHRASE_H_
#define _READPASSPHRASE_H_
#define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */
#define RPP_ECHO_ON 0x01 /* Leave echo on. */
#define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */
#define RPP_FORCELOWER 0x04 /* Force input to lower case. */
#define RPP_FORCEUPPER 0x08 /* Force input to upper case. */
#define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */
#define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */
char * readpassphrase(const char *, char *, size_t, int);
#endif /* !_READPASSPHRASE_H_ */
#endif

24
include/compat/resolv.h
View File

@@ -1,24 +0,0 @@
/*
* Public domain
* resolv.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_RESOLV_H
#define LIBCRYPTOCOMPAT_RESOLV_H
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/resolv.h>
#else
#include <../include/resolv.h>
#endif
#else
#include_next <resolv.h>
#endif
#ifndef HAVE_B64_NTOP
int b64_ntop(unsigned char const *, size_t, char *, size_t);
int b64_pton(char const *, unsigned char *, size_t);
#endif
#endif

6
include/compat/stdio.h
View File

@@ -26,19 +26,13 @@ int asprintf(char **str, const char *fmt, ...);
#ifdef _WIN32
#if defined(_MSC_VER)
#define __func__ __FUNCTION__
#endif
void posix_perror(const char *s);
FILE * posix_fopen(const char *path, const char *mode);
char * posix_fgets(char *s, int size, FILE *stream);
int posix_rename(const char *oldpath, const char *newpath);
#ifndef NO_REDEF_POSIX_FUNCTIONS
#define perror(errnum) posix_perror(errnum)
#define fopen(path, mode) posix_fopen(path, mode)
#define fgets(s, size, stream) posix_fgets(s, size, stream)
#define rename(oldpath, newpath) posix_rename(oldpath, newpath)
#endif

5
include/compat/stdlib.h
View File

@@ -22,17 +22,12 @@
#ifndef HAVE_ARC4RANDOM_BUF
uint32_t arc4random(void);
void arc4random_buf(void *_buf, size_t n);
uint32_t arc4random_uniform(uint32_t upper_bound);
#endif
#ifndef HAVE_REALLOCARRAY
void *reallocarray(void *, size_t, size_t);
#endif
#ifndef HAVE_RECALLOCARRAY
void *recallocarray(void *, size_t, size_t, size_t);
#endif
#ifndef HAVE_STRTONUM
long long strtonum(const char *nptr, long long minval,
long long maxval, const char **errstr);

5
include/compat/string.h
View File

@@ -18,10 +18,9 @@
#include <sys/types.h>
#if defined(__sun) || defined(_AIX) || defined(__hpux)
#if defined(__sun) || defined(__hpux)
/* Some functions historically defined in string.h were placed in strings.h by
* SUS. Use the same hack as OS X and FreeBSD use to work around on AIX,
* Solaris, and HPUX.
* SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris and HPUX.
*/
#include <strings.h>
#endif

31
include/compat/sys/cdefs.h Normal file
View File

@@ -0,0 +1,31 @@
/*
* Public domain
* sys/cdefs.h compatibility shim
*/
#ifndef LIBCRYPTOCOMPAT_SYS_CDEFS_H
#define LIBCRYPTOCOMPAT_SYS_CDEFS_H
#ifdef _WIN32
#define __warn_references(sym,msg)
#else
#include_next <sys/cdefs.h>
#ifndef __warn_references
#if defined(__GNUC__) && defined (HAS_GNU_WARNING_LONG)
#define __warn_references(sym,msg) \
__asm__(".section .gnu.warning." __STRING(sym) \
" ; .ascii \"" msg "\" ; .text");
#else
#define __warn_references(sym,msg)
#endif
#endif /* __warn_references */
#endif /* _WIN32 */
#endif /* LIBCRYPTOCOMPAT_SYS_CDEFS_H */

7
include/compat/sys/socket.h
View File

@@ -8,10 +8,3 @@
#else
#include <win32netcompat.h>
#endif
#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC)
#define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */
#define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */
int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]);
#define socketpair(d,t,p,sv) bsd_socketpair(d,t,p,sv)
#endif

9
include/compat/sys/stat.h
View File

@@ -8,15 +8,6 @@
#ifndef _MSC_VER
#include_next <sys/stat.h>
/* for old MinGW */
#ifndef S_IRGRP
#define S_IRGRP 0
#endif
#ifndef S_IROTH
#define S_IROTH 0
#endif
#else
#include <windows.h>

21
include/compat/sys/types.h
View File

@@ -44,25 +44,4 @@ typedef SSIZE_T ssize_t;
# define __bounded__(x, y, z)
#endif
#ifdef _WIN32
#define __warn_references(sym,msg)
#else
#ifndef __warn_references
#ifndef __STRING
#define __STRING(x) #x
#endif
#if defined(__GNUC__) && defined (HAS_GNU_WARNING_LONG)
#define __warn_references(sym,msg) \
__asm__(".section .gnu.warning." __STRING(sym) \
" ; .ascii \"" msg "\" ; .text");
#else
#define __warn_references(sym,msg)
#endif
#endif /* __warn_references */
#endif /* _WIN32 */
#endif

10
include/compat/time.h
View File

@@ -9,15 +9,7 @@
#else
#include <../include/time.h>
#endif
#define gmtime_r(tp, tm) ((gmtime_s((tm), (tp)) == 0) ? (tm) : NULL)
#else
#include_next <time.h>
#endif
#ifdef _WIN32
struct tm *__gmtime_r(const time_t * t, struct tm * tm);
#define gmtime_r(tp, tm) __gmtime_r(tp, tm)
#endif
#ifndef HAVE_TIMEGM
time_t timegm(struct tm *tm);
#endif

20
include/compat/unistd.h
View File

@@ -14,9 +14,6 @@
#include <io.h>
#include <process.h>
#define STDOUT_FILENO 1
#define STDERR_FILENO 2
#define R_OK 4
#define W_OK 2
#define X_OK 0
@@ -30,23 +27,6 @@ unsigned int sleep(unsigned int seconds);
#ifndef HAVE_GETENTROPY
int getentropy(void *buf, size_t buflen);
#else
/*
* Solaris 11.3 adds getentropy(2), but defines the function in sys/random.h
*/
#if defined(__sun)
#include <sys/random.h>
#endif
#endif
#ifndef HAVE_GETPAGESIZE
int getpagesize(void);
#endif
#define pledge(request, paths) 0
#ifndef HAVE_PIPE2
int pipe2(int fildes[2], int flags);
#endif
#endif

19
include/compat/win32netcompat.h
View File

@@ -11,25 +11,17 @@
#ifdef _WIN32
#include <ws2tcpip.h>
#define SHUT_RDWR SD_BOTH
#define SHUT_RD SD_RECEIVE
#define SHUT_WR SD_SEND
#include <errno.h>
#include <unistd.h>
#ifndef SHUT_RDWR
#define SHUT_RDWR SD_BOTH
#endif
#ifndef SHUT_RD
#define SHUT_RD SD_RECEIVE
#endif
#ifndef SHUT_WR
#define SHUT_WR SD_SEND
#endif
int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
int posix_open(const char *path, ...);
int posix_close(int fd);
ssize_t posix_read(int fd, void *buf, size_t count);
ssize_t posix_write(int fd, const void *buf, size_t count);
@@ -42,7 +34,6 @@ int posix_setsockopt(int sockfd, int level, int optname,
#ifndef NO_REDEF_POSIX_FUNCTIONS
#define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen)
#define open(path, ...) posix_open(path, __VA_ARGS__)
#define close(fd) posix_close(fd)
#define read(fd, buf, count) posix_read(fd, buf, count)
#define write(fd, buf, count) posix_write(fd, buf, count)

2
libcrypto.pc.in
View File

@@ -11,5 +11,5 @@ Version: @VERSION@
Requires:
Conflicts:
Libs: -L${libdir} -lcrypto
Libs.private: @LIBS@ @PLATFORM_LDADD@
Libs.private: @LIBS@
Cflags: -I${includedir}

2
libssl.pc.in
View File

@@ -12,5 +12,5 @@ Requires:
Requires.private: libcrypto
Conflicts:
Libs: -L${libdir} -lssl
Libs.private: @LIBS@ -lcrypto @PLATFORM_LDADD@
Libs.private: @LIBS@ -lcrypto
Cflags: -I${includedir}

5
libtls-standalone/include/string.h
View File

@@ -18,10 +18,9 @@
#include <sys/types.h>
#if defined(__sun) || defined(_AIX) || defined(__hpux)
#if defined(__sun) || defined(__hpux)
/* Some functions historically defined in string.h were placed in strings.h by
* SUS. Use the same hack as OS X and FreeBSD use to work around on AIX,
* Solaris, and HPUX.
* SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris and HPUX.
*/
#include <strings.h>
#endif

1
libtls-standalone/src/Makefile.am
View File

@@ -8,7 +8,6 @@ libtls_la_LIBADD += $(top_builddir)/compat/libcompat.la
libtls_la_LIBADD += $(top_builddir)/compat/libcompatnoopt.la
libtls_la_SOURCES = tls.c
libtls_la_SOURCES += tls_bio_cb.c
libtls_la_SOURCES += tls_client.c
libtls_la_SOURCES += tls_config.c
libtls_la_SOURCES += tls_server.c

6
libtls-standalone/tests/test.c
View File

@@ -5,7 +5,7 @@ int main()
{
struct tls *tls;
struct tls_config *tls_config;
ssize_t written, read;
size_t written, read;
char buf[4096];
if (tls_init() != 0) {
@@ -31,10 +31,10 @@ int main()
if (tls_connect(tls, "google.com", "443") != 0)
goto err;
if ((written = tls_write(tls, "GET /\r\n", 7)) < 0)
if (tls_write(tls, "GET /\r\n", 7, &written) != 0)
goto err;
if ((read = tls_read(tls, buf, sizeof(buf))) < 0)
if (tls_read(tls, buf, sizeof(buf), &read) != 0)
goto err;
buf[read - 1] = '\0';

2
libtls.pc.in
View File

@@ -12,5 +12,5 @@ Requires:
Requires.private: libcrypto libssl
Conflicts:
Libs: -L${libdir} -ltls
Libs.private: @LIBS@ -lcrypto -lssl @PLATFORM_LDADD@
Libs.private: @LIBS@ -lcrypto -lssl
Cflags: -I${includedir}

176
m4/check-libc.m4
View File

@@ -1,108 +1,25 @@
AC_DEFUN([CHECK_LIBC_COMPAT], [
# Check for libc headers
AC_CHECK_HEADERS([err.h readpassphrase.h])
# Check for general libc functions
AC_CHECK_FUNCS([asprintf getpagesize inet_ntop inet_pton memmem readpassphrase])
AC_CHECK_FUNCS([reallocarray recallocarray])
AC_CHECK_FUNCS([asprintf inet_pton memmem poll reallocarray])
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
AC_CHECK_FUNCS([timegm _mkgmtime])
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
AM_CONDITIONAL([HAVE_GETPAGESIZE], [test "x$ac_cv_func_getpagesize" = xyes])
AM_CONDITIONAL([HAVE_INET_NTOP], [test "x$ac_cv_func_inet_ntop" = xyes])
AM_CONDITIONAL([HAVE_INET_PTON], [test "x$ac_cv_func_inet_pton" = xyes])
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
AM_CONDITIONAL([HAVE_RECALLOCARRAY], [test "x$ac_cv_func_recallocarray" = xyes])
AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
AM_CONDITIONAL([HAVE_TIMEGM], [test "x$ac_cv_func_timegm" = xyes])
])
AC_DEFUN([CHECK_SYSCALL_COMPAT], [
AC_CHECK_FUNCS([accept4 pipe2 pledge poll socketpair])
AM_CONDITIONAL([HAVE_ACCEPT4], [test "x$ac_cv_func_accept4" = xyes])
AM_CONDITIONAL([HAVE_PIPE2], [test "x$ac_cv_func_pipe2" = xyes])
AM_CONDITIONAL([HAVE_PLEDGE], [test "x$ac_cv_func_pledge" = xyes])
AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
AM_CONDITIONAL([HAVE_SOCKETPAIR], [test "x$ac_cv_func_socketpair" = xyes])
])
AC_DEFUN([CHECK_B64_NTOP], [
AC_SEARCH_LIBS([b64_ntop],[resolv])
AC_SEARCH_LIBS([__b64_ntop],[resolv])
AC_CACHE_CHECK([for b64_ntop], ac_cv_have_b64_ntop_arg, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <resolv.h>
]], [[ b64_ntop(NULL, 0, NULL, 0); ]])],
[ ac_cv_have_b64_ntop_arg="yes" ],
[ ac_cv_have_b64_ntop_arg="no"
])
])
AM_CONDITIONAL([HAVE_B64_NTOP], [test "x$ac_cv_func_b64_ntop_arg" = xyes])
])
AC_DEFUN([CHECK_CRYPTO_COMPAT], [
# Check crypto-related libc functions and syscalls
AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform])
AC_CHECK_FUNCS([explicit_bzero getauxval])
AC_CACHE_CHECK([for getentropy], ac_cv_func_getentropy, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <sys/types.h>
#include <unistd.h>
/*
* Explanation:
*
* - iOS <= 10.1 fails because of missing sys/random.h
*
* - in macOS 10.12 getentropy is not tagged as introduced in
* 10.12 so we cannot use it for target < 10.12
*/
#ifdef __APPLE__
# include <AvailabilityMacros.h>
# include <TargetConditionals.h>
# if (TARGET_OS_IPHONE || TARGET_OS_SIMULATOR)
# include <sys/random.h> /* Not available as of iOS <= 10.1 */
# else
# include <sys/random.h> /* Pre 10.12 systems should die here */
/* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */
# ifndef MAC_OS_X_VERSION_10_12
# define MAC_OS_X_VERSION_10_12 101200 /* Robustness */
# endif
# if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
# if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
# error "Targeting on Mac OSX 10.11 or earlier"
# endif
# endif
# endif
#endif /* __APPLE__ */
]], [[
char buffer;
(void)getentropy(&buffer, sizeof (buffer));
]])],
[ ac_cv_func_getentropy="yes" ],
[ ac_cv_func_getentropy="no"
])
])
AC_DEFUN([CHECK_LIBC_CRYPTO_COMPAT], [
# Check crypto-related libc functions
AC_CHECK_FUNCS([arc4random_buf explicit_bzero getauxval getentropy])
AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes])
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
AM_CONDITIONAL([HAVE_ARC4RANDOM_UNIFORM], [test "x$ac_cv_func_arc4random_uniform" = xyes])
AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
@@ -110,15 +27,15 @@ AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp"
# Override arc4random_buf implementations with known issues
AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
[test "x$USE_BUILTIN_ARC4RANDOM" != xyes \
[test "x$HOST_OS" != xdarwin \
-a "x$HOST_OS" != xfreebsd \
-a "x$HOST_OS" != xnetbsd \
-a "x$ac_cv_func_arc4random_buf" = xyes])
# Check for getentropy fallback dependencies
AC_CHECK_FUNC([getauxval])
AC_SEARCH_LIBS([clock_gettime],[rt posix4])
AC_CHECK_FUNC([clock_gettime])
AC_SEARCH_LIBS([dl_iterate_phdr],[dl])
AC_CHECK_FUNC([dl_iterate_phdr])
AC_CHECK_FUNC([clock_gettime],, [AC_SEARCH_LIBS([clock_gettime],[rt posix4])])
AC_CHECK_FUNC([dl_iterate_phdr],, [AC_SEARCH_LIBS([dl_iterate_phdr],[dl])])
])
AC_DEFUN([CHECK_VA_COPY], [
@@ -147,76 +64,3 @@ if test "x$ac_cv_have___va_copy" = "xyes" ; then
AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
fi
])
AC_DEFUN([GENERATE_CRYPTO_PORTABLE_SYM], [
crypto_sym=$srcdir/crypto/crypto.sym
crypto_p_sym=$srcdir/crypto/crypto_portable.sym
echo "generating $crypto_p_sym ..."
chmod u+w $srcdir/crypto
cp $crypto_sym $crypto_p_sym
chmod u+w $crypto_p_sym
if test "x$ac_cv_func_arc4random_buf" = "xno" ; then
echo arc4random >> $crypto_p_sym
echo arc4random_buf >> $crypto_p_sym
echo arc4random_uniform >> $crypto_p_sym
if test "x$ac_cv_func_getentropy" = "xno" ; then
echo getentropy >> $crypto_p_sym
fi
fi
if test "x$ac_cv_func_asprintf" = "xno" ; then
echo asprintf >> $crypto_p_sym
echo vasprintf >> $crypto_p_sym
fi
if test "x$ac_cv_func_explicit_bzero" = "xno" ; then
echo explicit_bzero >> $crypto_p_sym
fi
if test "x$ac_cv_func_inet_pton" = "xno" ; then
echo inet_pton >> $crypto_p_sym
fi
if test "x$ac_cv_func_reallocarray" = "xno" ; then
echo reallocarray >> $crypto_p_sym
fi
if test "x$ac_cv_func_recallocarray" = "xno" ; then
echo recallocarray >> $crypto_p_sym
fi
if test "x$ac_cv_func_strlcat" = "xno" ; then
echo strlcat >> $crypto_p_sym
fi
if test "x$ac_cv_func_strlcpy" = "xno" ; then
echo strlcpy >> $crypto_p_sym
fi
if test "x$ac_cv_func_strndup" = "xno" ; then
echo strndup >> $crypto_p_sym
fi
if test "x$ac_cv_func_strnlen" = "xno" ; then
echo strnlen >> $crypto_p_sym
fi
if test "x$ac_cv_func_strsep" = "xno" ; then
echo strsep >> $crypto_p_sym
fi
if test "x$ac_cv_func_timegm" = "xno" ; then
echo timegm >> $crypto_p_sym
fi
if test "x$ac_cv_func_timingsafe_bcmp" = "xno" ; then
echo timingsafe_bcmp >> $crypto_p_sym
fi
if test "x$ac_cv_func_timingsafe_memcmp" = "xno" ; then
echo timingsafe_memcmp >> $crypto_p_sym
fi
if test "x$HOST_OS" = "xwin" ; then
echo posix_perror >> $crypto_p_sym
echo posix_fopen >> $crypto_p_sym
echo posix_fgets >> $crypto_p_sym
echo posix_open >> $crypto_p_sym
echo posix_rename >> $crypto_p_sym
echo posix_connect >> $crypto_p_sym
echo posix_close >> $crypto_p_sym
echo posix_read >> $crypto_p_sym
echo posix_write >> $crypto_p_sym
echo posix_getsockopt >> $crypto_p_sym
echo posix_setsockopt >> $crypto_p_sym
grep -v BIO_s_log $crypto_p_sym > $crypto_p_sym.tmp
mv $crypto_p_sym.tmp $crypto_p_sym
fi
])

62
m4/check-os-options.m4
View File

@@ -1,7 +1,7 @@
# This must be called before AC_PROG_CC
AC_DEFUN([CHECK_OS_OPTIONS], [
CFLAGS="$CFLAGS -Wall -std=gnu99 -fno-strict-aliasing"
BUILD_NC=yes
case $host_os in
*aix*)
@@ -17,52 +17,10 @@ case $host_os in
*darwin*)
HOST_OS=darwin
HOST_ABI=macosx
#
# Don't use arc4random on systems before 10.12 because of
# weak seed on failure to open /dev/random, based on latest
# public source:
# http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c
#
# We use the presence of getentropy() to detect 10.12. The
# following check take into account that:
#
# - iOS <= 10.1 fails because of missing getentropy and
# hence they miss sys/random.h
#
# - in macOS 10.12 getentropy is not tagged as introduced in
# 10.12 so we cannot use it for target < 10.12
#
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <AvailabilityMacros.h>
#include <unistd.h>
#include <sys/random.h> /* Systems without getentropy() should die here */
/* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */
#ifndef MAC_OS_X_VERSION_10_12
# define MAC_OS_X_VERSION_10_12 101200
#endif
#if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
# if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
# error "Running on Mac OSX 10.11 or earlier"
# endif
#endif
]], [[
char buf[1]; getentropy(buf, 1);
]])],
[ USE_BUILTIN_ARC4RANDOM=no ],
[ USE_BUILTIN_ARC4RANDOM=yes ]
)
AC_MSG_CHECKING([whether to use builtin arc4random])
AC_MSG_RESULT([$USE_BUILTIN_ARC4RANDOM])
# Not available on iOS
AC_CHECK_HEADER([arpa/telnet.h], [], [BUILD_NC=no])
;;
*freebsd*)
HOST_OS=freebsd
HOST_ABI=elf
# fork detection missing, weak seed on failure
# https://svnweb.freebsd.org/base/head/lib/libc/gen/arc4random.c?revision=268642&view=markup
USE_BUILTIN_ARC4RANDOM=yes
AC_SUBST([PROG_LDADD], ['-lthr'])
;;
*hpux*)
@@ -82,26 +40,14 @@ char buf[1]; getentropy(buf, 1);
;;
*netbsd*)
HOST_OS=netbsd
HOST_ABI=elf
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/param.h>
#if __NetBSD_Version__ < 700000001
undefined
#endif
]], [[]])],
[ USE_BUILTIN_ARC4RANDOM=no ],
[ USE_BUILTIN_ARC4RANDOM=yes ]
)
CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
;;
*openbsd* | *bitrig*)
HOST_OS=openbsd
HOST_ABI=elf
AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
;;
*mingw*)
HOST_OS=win
BUILD_NC=no
CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501"
@@ -119,11 +65,6 @@ char buf[1]; getentropy(buf, 1);
*) ;;
esac
AC_ARG_ENABLE([nc],
AS_HELP_STRING([--enable-nc], [Enable installing TLS-enabled nc(1)]))
AM_CONDITIONAL([ENABLE_NC], [test "x$enable_nc" = xyes])
AM_CONDITIONAL([BUILD_NC], [test x$BUILD_NC = xyes -o "x$enable_nc" = xyes])
AM_CONDITIONAL([HOST_AIX], [test x$HOST_OS = xaix])
AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin])
AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin])
@@ -131,7 +72,6 @@ AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
AM_CONDITIONAL([HOST_HPUX], [test x$HOST_OS = xhpux])
AM_CONDITIONAL([HOST_LINUX], [test x$HOST_OS = xlinux])
AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd])
AM_CONDITIONAL([HOST_OPENBSD], [test x$HOST_OS = xopenbsd])
AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
AM_CONDITIONAL([HOST_WIN], [test x$HOST_OS = xwin])
])

1192
man/links
View File

File diff suppressed because it is too large Load Diff

27
man/update_links.sh
View File

@@ -1,19 +1,18 @@
#!/bin/sh
# Run this periodically to ensure that the manpage links are up to date
(
cd /usr/src/usr.bin/mandoc/
make obj
make cleandir
make depend
make
cd /usr/src/regress/usr.bin/mandoc/db/mlinks/
make obj
make cleandir
make
)
makewhatis -a .
echo "# This is an auto-generated file by $0" > links
/usr/src/regress/usr.bin/mandoc/db/mlinks/obj/mlinks mandoc.db | sort >> links
sudo makewhatis
for i in `ls -1 *.3`; do
name=`echo $i|cut -d. -f1`
links=`sqlite3 /usr/share/man/mandoc.db \
"select names.name from mlinks,names where mlinks.name='$name' and mlinks.pageid=names.pageid;"`
for j in $links; do
a=`echo "x$j" | tr '[:upper:]' '[:lower:]'`
b=`echo "x$name" | tr '[:upper:]' '[:lower:]'`
if [ $a != $b ]; then
echo $name.3,$j.3 >> links
fi
done
done

15
patches/aeadtest.c.patch
View File

@@ -1,15 +0,0 @@
--- tests/aeadtest.c.orig 2016-10-18 17:03:33.845870889 +0900
+++ tests/aeadtest.c 2016-10-18 17:11:19.880841283 +0900
@@ -75,6 +75,12 @@
#define BUF_MAX 1024
+#ifdef _MSC_VER
+#ifdef IN
+#undef IN
+#endif
+#endif
+
/* These are the different types of line that are found in the input file. */
enum {
AEAD = 0, /* name of the AEAD algorithm. */

15
patches/arc4random.c.patch Normal file
View File

@@ -0,0 +1,15 @@
--- crypto/compat/arc4random.c.orig 2015-07-20 07:41:17.000000000 -0600
+++ crypto/compat/arc4random.c 2015-07-20 07:41:58.000000000 -0600
@@ -36,8 +36,11 @@
#define KEYSTREAM_ONLY
#include "chacha_private.h"
+#ifndef min
#define min(a, b) ((a) < (b) ? (a) : (b))
-#ifdef __GNUC__
+#endif
+
+#if defined(__GNUC__) || defined(_MSC_VER)
#define inline __inline
#else /* !__GNUC__ */
#define inline

36
patches/bio.h.patch
View File

@@ -1,36 +0,0 @@
--- include/openssl/bio.h.orig Mon Oct 3 06:09:28 2016
+++ include/openssl/bio.h Sun Nov 6 04:24:57 2016
@@ -678,8 +678,24 @@
/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
+#ifdef __MINGW_PRINTF_FORMAT
int
BIO_printf(BIO *bio, const char *format, ...)
+ __attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 3), __nonnull__(2)));
+int
+BIO_vprintf(BIO *bio, const char *format, va_list args)
+ __attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 0), __nonnull__(2)));
+int
+BIO_snprintf(char *buf, size_t n, const char *format, ...)
+ __attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 4),
+ __nonnull__(3)));
+int
+BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+ __attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 0),
+ __nonnull__(3)));
+#else
+int
+BIO_printf(BIO *bio, const char *format, ...)
__attribute__((__format__(__printf__, 2, 3), __nonnull__(2)));
int
BIO_vprintf(BIO *bio, const char *format, va_list args)
@@ -692,6 +708,8 @@
BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
__attribute__((__deprecated__, __format__(__printf__, 3, 0),
__nonnull__(3)));
+#endif
+
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes

21
patches/modes_lcl.h
View File

@@ -1,21 +0,0 @@
--- openbsd/src/lib/libssl/src/crypto/modes/modes_lcl.h Sat Dec 6 17:15:50 2014
+++ crypto/modes/modes_lcl.h Sun Jul 17 17:45:27 2016
@@ -43,14 +43,16 @@
asm ("bswapl %0" \
: "+r"(ret)); ret; })
# elif (defined(__arm__) || defined(__arm)) && !defined(__STRICT_ALIGNMENT)
-# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
+# if (__ARM_ARCH >= 6)
+# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
asm ("rev %0,%0; rev %1,%1" \
: "+r"(hi),"+r"(lo)); \
(u64)hi<<32|lo; })
-# define BSWAP4(x) ({ u32 ret; \
+# define BSWAP4(x) ({ u32 ret; \
asm ("rev %0,%1" \
: "=r"(ret) : "r"((u32)(x))); \
ret; })
+# endif
# endif
#endif
#endif

181
patches/netcat.c.patch
View File

@@ -1,181 +0,0 @@
--- apps/nc/netcat.c.orig Thu Mar 16 19:26:06 2017
+++ apps/nc/netcat.c Sat Mar 25 11:17:36 2017
@@ -65,7 +65,9 @@
#define POLL_NETIN 2
#define POLL_STDOUT 3
#define BUFSIZE 16384
+#ifndef DEFAULT_CA_FILE
#define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
+#endif
#define TLS_ALL (1 << 1)
#define TLS_NOVERIFY (1 << 2)
@@ -93,9 +95,13 @@
int Dflag; /* sodebug */
int Iflag; /* TCP receive buffer size */
int Oflag; /* TCP send buffer size */
+#ifdef TCP_MD5SIG
int Sflag; /* TCP MD5 signature option */
+#endif
int Tflag = -1; /* IP Type of Service */
+#ifdef SO_RTABLE
int rtableid = -1;
+#endif
int usetls; /* use TLS */
char *Cflag; /* Public cert file */
@@ -149,7 +155,7 @@
struct servent *sv;
socklen_t len;
struct sockaddr_storage cliaddr;
- char *proxy, *proxyport = NULL;
+ char *proxy = NULL, *proxyport = NULL;
const char *errstr;
struct addrinfo proxyhints;
char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
@@ -259,12 +265,14 @@
case 'u':
uflag = 1;
break;
+#ifdef SO_RTABLE
case 'V':
rtableid = (int)strtonum(optarg, 0,
RT_TABLEID_MAX, &errstr);
if (errstr)
errx(1, "rtable %s: %s", errstr, optarg);
break;
+#endif
case 'v':
vflag = 1;
break;
@@ -300,9 +308,11 @@
case 'o':
oflag = optarg;
break;
+#ifdef TCP_MD5SIG
case 'S':
Sflag = 1;
break;
+#endif
case 'T':
errstr = NULL;
errno = 0;
@@ -326,9 +336,11 @@
argc -= optind;
argv += optind;
+#ifdef SO_RTABLE
if (rtableid >= 0)
if (setrtable(rtableid) == -1)
err(1, "setrtable");
+#endif
if (family == AF_UNIX) {
if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
@@ -865,7 +877,10 @@
remote_connect(const char *host, const char *port, struct addrinfo hints)
{
struct addrinfo *res, *res0;
- int s = -1, error, on = 1, save_errno;
+ int s = -1, error, save_errno;
+#ifdef SO_BINDANY
+ int on = 1;
+#endif
if ((error = getaddrinfo(host, port, &hints, &res0)))
errx(1, "getaddrinfo for host \"%s\" port %s: %s", host,
@@ -880,8 +895,10 @@
if (sflag || pflag) {
struct addrinfo ahints, *ares;
+#ifdef SO_BINDANY
/* try SO_BINDANY, but don't insist */
setsockopt(s, SOL_SOCKET, SO_BINDANY, &on, sizeof(on));
+#endif
memset(&ahints, 0, sizeof(struct addrinfo));
ahints.ai_family = res->ai_family;
ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
@@ -952,7 +969,10 @@
local_listen(char *host, char *port, struct addrinfo hints)
{
struct addrinfo *res, *res0;
- int s = -1, ret, x = 1, save_errno;
+ int s = -1, save_errno;
+#ifdef SO_REUSEPORT
+ int ret, x = 1;
+#endif
int error;
/* Allow nodename to be null. */
@@ -973,9 +993,11 @@
res->ai_protocol)) < 0)
continue;
+#ifdef SO_REUSEPORT
ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
if (ret == -1)
err(1, NULL);
+#endif
set_common_sockopts(s, res->ai_family);
@@ -1425,11 +1447,13 @@
{
int x = 1;
+#ifdef TCP_MD5SIG
if (Sflag) {
if (setsockopt(s, IPPROTO_TCP, TCP_MD5SIG,
&x, sizeof(x)) == -1)
err(1, NULL);
}
+#endif
if (Dflag) {
if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
&x, sizeof(x)) == -1)
@@ -1466,13 +1490,17 @@
}
if (minttl != -1) {
+#ifdef IP_MINTTL
if (af == AF_INET && setsockopt(s, IPPROTO_IP,
IP_MINTTL, &minttl, sizeof(minttl)))
err(1, "set IP min TTL");
+#endif
- else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
+#ifdef IPV6_MINHOPCOUNT
+ if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
err(1, "set IPv6 min hop count");
+#endif
}
}
@@ -1666,14 +1694,22 @@
\t-P proxyuser\tUsername for proxy authentication\n\
\t-p port\t Specify local port for remote connects\n\
\t-R CAfile CA bundle\n\
- \t-r Randomize remote ports\n\
- \t-S Enable the TCP MD5 signature option\n\
+ \t-r Randomize remote ports\n"
+#ifdef TCP_MD5SIG
+ "\
+ \t-S Enable the TCP MD5 signature option\n"
+#endif
+ "\
\t-s source Local source address\n\
\t-T keyword TOS value or TLS options\n\
\t-t Answer TELNET negotiation\n\
\t-U Use UNIX domain socket\n\
- \t-u UDP mode\n\
- \t-V rtable Specify alternate routing table\n\
+ \t-u UDP mode\n"
+#ifdef SO_RTABLE
+ "\
+ \t-V rtable Specify alternate routing table\n"
+#endif
+ "\
\t-v Verbose\n\
\t-w timeout Timeout for connects and final net reads\n\
\t-X proto Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\

14
patches/ocsp_test.c.patch
View File

@@ -1,14 +0,0 @@
--- tests/ocsp_test.c.orig 2016-10-18 18:12:39.854607509 +0900
+++ tests/ocsp_test.c 2016-10-18 18:14:29.261600559 +0900
@@ -16,6 +16,11 @@
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
+#ifdef _MSC_VER
+ if (BIO_sock_init() != 1)
+ exit(-1);
+#endif
+
error = getaddrinfo(host, port, &hints, &res);
if (error != 0) {
perror("getaddrinfo()");

36
patches/openssl.c.patch
View File

@@ -1,6 +1,26 @@
--- apps/openssl/openssl.c.orig Fri Nov 4 09:33:19 2016
+++ apps/openssl/openssl.c Sat Nov 5 15:28:35 2016
@@ -396,7 +396,9 @@
--- apps/openssl.c.orig 2015-07-20 02:01:42.000000000 -0600
+++ apps/openssl.c 2015-07-20 02:02:00.000000000 -0600
@@ -130,6 +130,19 @@
#include <openssl/engine.h>
#endif
+#ifdef _WIN32
+#include <io.h>
+#include <fcntl.h>
+static void set_stdio_binary(void)
+{
+ _setmode(_fileno(stdin), _O_BINARY);
+ _setmode(_fileno(stdout), _O_BINARY);
+ _setmode(_fileno(stderr), _O_BINARY);
+}
+#else
+static void set_stdio_binary(void) {};
+#endif
+
#include "progs.h"
#include "s_apps.h"
@@ -204,7 +216,9 @@
static void
openssl_startup(void)
{
@@ -8,5 +28,13 @@
signal(SIGPIPE, SIG_IGN);
+#endif
CRYPTO_malloc_init();
OpenSSL_add_all_algorithms();
SSL_library_init();
@@ -216,6 +230,7 @@
#endif
setup_ui_method();
+ set_stdio_binary();
}
static void

13
patches/opensslconf.h.patch Normal file
View File

@@ -0,0 +1,13 @@
--- include/openssl/opensslconf.h.orig 2015-07-19 23:21:47.000000000 -0600
+++ include/openssl/opensslconf.h 2015-07-19 23:21:17.000000000 -0600
@@ -1,6 +1,10 @@
#include <openssl/opensslfeatures.h>
/* crypto/opensslconf.h.in */
+#if defined(_MSC_VER) && !defined(__attribute__)
+#define __attribute__(a)
+#endif
+
/* Generate 80386 code? */
#undef I386_ONLY

25
patches/ossl_typ.h.patch Normal file
View File

@@ -0,0 +1,25 @@
--- include/openssl/ossl_typ.h.orig 2015-07-06 13:21:18.788571423 -0700
+++ include/openssl/ossl_typ.h 2015-07-06 13:24:14.906468003 -0700
@@ -100,6 +100,22 @@
typedef struct ASN1_ITEM_st ASN1_ITEM;
typedef struct asn1_pctx_st ASN1_PCTX;
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef X509_NAME
+#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#undef PKCS7_ISSUER_AND_SERIAL
+#endif
+
#ifdef BIGNUM
#undef BIGNUM
#endif

21
patches/pkcs7.h.patch Normal file
View File

@@ -0,0 +1,21 @@
--- include/openssl/pkcs7.h.orig 2015-07-06 13:26:27.369203527 -0700
+++ include/openssl/pkcs7.h 2015-07-06 13:27:37.637051967 -0700
@@ -69,6 +69,18 @@
extern "C" {
#endif
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef PKCS7_ISSUER_AND_SERIAL
+#undef PKCS7_SIGNER_INFO
+#endif
+
/*
Encryption_ID DES-CBC
Digest_ID MD5

82
patches/rfc5280.c.patch
View File

@@ -1,82 +0,0 @@
--- tests/rfc5280time.c.orig Mon Nov 2 20:00:31 2015
+++ tests/rfc5280time.c Mon Nov 2 20:03:12 2015
@@ -91,6 +91,7 @@
.data = "20150923032700Z",
.time = 1442978820,
},
+#if SIZEOF_TIME_T == 8
{
/* (times before 2050 must be UTCTIME) Per RFC 5280 4.1.2.5 */
.str = "00000101000000Z",
@@ -103,6 +104,7 @@
.data = "20491231235959Z",
.time = 2524607999LL,
},
+#endif
{
/* (times before 2050 must be UTCTIME) Per RFC 5280 4.1.2.5 */
.str = "19500101000000Z",
@@ -112,6 +114,7 @@
};
struct rfc5280_time_test rfc5280_gentime_tests[] = {
+#if SIZEOF_TIME_T == 8
{
/* Biggest RFC 5280 time */
.str = "99991231235959Z",
@@ -129,6 +132,7 @@
.data = "20500101000000Z",
.time = 2524608000LL,
},
+#endif
};
struct rfc5280_time_test rfc5280_utctime_tests[] = {
{
@@ -141,11 +145,13 @@
.data = "540226230640Z",
.time = -500000000,
},
+#if SIZEOF_TIME_T == 8
{
.str = "491231235959Z",
.data = "491231235959Z",
.time = 2524607999LL,
},
+#endif
{
.str = "700101000000Z",
.data = "700101000000Z",
@@ -273,14 +279,14 @@
if ((i = X509_cmp_time(gt, &att->time)) != -1) {
fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
- test_no, i, att->time);
+ test_no, i, (long long)att->time);
goto done;
}
att->time--;
if ((i = X509_cmp_time(gt, &att->time)) != 1) {
fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
- test_no, i, att->time);
+ test_no, i, (long long)att->time);
goto done;
}
att->time++;
@@ -325,14 +331,14 @@
if ((i = X509_cmp_time(ut, &att->time)) != -1) {
fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
- test_no, i, att->time);
+ test_no, i, (long long)att->time);
goto done;
}
att->time--;
if ((i = X509_cmp_time(ut, &att->time)) != 1) {
fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
- test_no, i, att->time);
+ test_no, i, (long long)att->time);
goto done;
}
att->time++;

19
patches/ssl_txt.c.patch
View File

@@ -1,19 +0,0 @@
--- ssl/ssl_txt.orig Sun Jul 17 17:26:59 2016
+++ ssl/ssl_txt.c Sun Jul 17 17:35:44 2016
@@ -82,6 +82,7 @@
* OTHERWISE.
*/
+#include <inttypes.h>
#include <stdio.h>
#include <openssl/buffer.h>
@@ -163,7 +164,7 @@
}
if (x->time != 0) {
- if (BIO_printf(bp, "\n Start Time: %lld", (long long)x->time) <= 0)
+ if (BIO_printf(bp, "\n Start Time: %"PRId64, (int64_t)x->time) <= 0)
goto err;
}
if (x->timeout != 0L) {

32
patches/tls.h.patch
View File

@@ -1,32 +0,0 @@
--- include/tls.h.orig 2017-02-13 20:19:55.918636579 +0900
+++ include/tls.h 2017-02-13 20:21:18.313073161 +0900
@@ -22,6 +22,13 @@
extern "C" {
#endif
+#ifdef _MSC_VER
+#ifndef LIBRESSL_INTERNAL
+#include <basetsd.h>
+typedef SSIZE_T ssize_t;
+#endif
+#endif
+
#include <sys/types.h>
#include <stddef.h>
--- libtls-standalone/include/tls.h.orig 2017-02-13 20:21:48.297958529 +0900
+++ libtls-standalone/include/tls.h 2017-02-13 20:21:48.296958502 +0900
@@ -22,6 +22,13 @@
extern "C" {
#endif
+#ifdef _MSC_VER
+#ifndef LIBRESSL_INTERNAL
+#include <basetsd.h>
+typedef SSIZE_T ssize_t;
+#endif
+#endif
+
#include <sys/types.h>
#include <stddef.h>

12
patches/tls_internal.h.patch
View File

@@ -1,12 +0,0 @@
--- ./openbsd/src/lib/libtls/tls_internal.h Thu Oct 15 16:12:24 2015
+++ ./tls/tls_internal.h Sun Dec 6 20:18:17 2015
@@ -24,7 +24,9 @@
#include <openssl/ssl.h>
+#ifndef _PATH_SSL_CA_FILE
#define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
+#endif
#define TLS_CIPHERS_COMPAT "ALL:!aNULL:!eNULL"
#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"

100
patches/windows_headers.patch
View File

@@ -1,100 +0,0 @@
diff -u include/openssl.orig/dtls1.h include/openssl/dtls1.h
--- include/openssl.orig/dtls1.h Mon Dec 7 07:58:32 2015
+++ include/openssl/dtls1.h Mon Dec 7 07:56:14 2015
@@ -60,7 +60,11 @@
#ifndef HEADER_DTLS1_H
#define HEADER_DTLS1_H
+#if defined(_WIN32)
+#include <winsock2.h>
+#else
#include <sys/time.h>
+#endif
#include <stdio.h>
#include <stdlib.h>
diff -u include/openssl.orig/opensslconf.h include/openssl/opensslconf.h
--- include/openssl.orig/opensslconf.h Mon Dec 7 07:58:32 2015
+++ include/openssl/opensslconf.h Mon Dec 7 07:56:14 2015
@@ -1,6 +1,10 @@
#include <openssl/opensslfeatures.h>
/* crypto/opensslconf.h.in */
+#if defined(_MSC_VER) && !defined(__attribute__)
+#define __attribute__(a)
+#endif
+
#if defined(HEADER_CRYPTLIB_H) && !defined(OPENSSLDIR)
#define OPENSSLDIR "/etc/ssl"
diff -u include/openssl.orig/ossl_typ.h include/openssl/ossl_typ.h
--- include/openssl.orig/ossl_typ.h Mon Dec 7 07:58:32 2015
+++ include/openssl/ossl_typ.h Mon Dec 7 07:56:14 2015
@@ -80,6 +80,22 @@
typedef struct ASN1_ITEM_st ASN1_ITEM;
typedef struct asn1_pctx_st ASN1_PCTX;
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef X509_NAME
+#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
+#undef OCSP_REQUEST
+#undef OCSP_RESPONSE
+#undef PKCS7_ISSUER_AND_SERIAL
+#endif
+
#ifdef BIGNUM
#undef BIGNUM
#endif
diff -u include/openssl.orig/pkcs7.h include/openssl/pkcs7.h
--- include/openssl.orig/pkcs7.h Mon Dec 7 07:58:32 2015
+++ include/openssl/pkcs7.h Mon Dec 7 07:56:14 2015
@@ -69,6 +69,18 @@
extern "C" {
#endif
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef PKCS7_ISSUER_AND_SERIAL
+#undef PKCS7_SIGNER_INFO
+#endif
+
/*
Encryption_ID DES-CBC
Digest_ID MD5
diff -u include/openssl.orig/x509.h include/openssl/x509.h
--- include/openssl.orig/x509.h Mon Dec 7 07:58:32 2015
+++ include/openssl/x509.h Mon Dec 7 07:56:14 2015
@@ -112,6 +112,19 @@
extern "C" {
#endif
+#if defined(_WIN32)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef X509_NAME
+#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
+#endif
+
#define X509_FILETYPE_PEM 1
#define X509_FILETYPE_ASN1 2
#define X509_FILETYPE_DEFAULT 3

22
patches/x509.h.patch Normal file
View File

@@ -0,0 +1,22 @@
--- include/openssl/x509.h.orig 2015-07-06 13:15:15.059306046 -0700
+++ include/openssl/x509.h 2015-07-06 13:16:10.506118278 -0700
@@ -112,6 +112,19 @@
extern "C" {
#endif
+#if defined(_WIN32)
+#ifndef LIBRESSL_INTERNAL
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
+#warning overriding WinCrypt defines
+#endif
+#endif
+#undef X509_NAME
+#undef X509_CERT_PAIR
+#undef X509_EXTENSIONS
+#endif
+
#define X509_FILETYPE_PEM 1
#define X509_FILETYPE_ASN1 2
#define X509_FILETYPE_DEFAULT 3

1447
scripts/config.guess vendored
View File

File diff suppressed because it is too large Load Diff

1813
scripts/config.sub vendored
View File

File diff suppressed because it is too large Load Diff

13
scripts/travis
View File

@@ -6,7 +6,7 @@ set -e
if [ "x$ARCH" = "xnative" ]; then
# test autotools
./configure
make -j 4 distcheck
make -j 4 check
# make distribution
make dist
@@ -19,13 +19,14 @@ if [ "x$ARCH" = "xnative" ]; then
if [ `uname` = "Darwin" ]; then
cmake ..
make
make test
else
sudo apt-get update
sudo apt-get install -y python-software-properties
sudo apt-add-repository -y ppa:kalakris/cmake
sudo apt-get update
sudo apt-get install -y cmake ninja-build
cmake -GNinja ..
ninja
ninja test
fi
else
CPU=i686
@@ -35,8 +36,12 @@ else
export CC=$CPU-w64-mingw32-gcc
if [ -z $(which $CC) ]; then
# Update Ubuntu 12.04 with current mingw toolchain
sudo apt-get update
sudo apt-get install -y mingw-w64 make
sudo apt-get install -y python-software-properties
sudo apt-add-repository -y ppa:tobydox/mingw-x-precise
sudo apt-get update
sudo apt-get install -y $ARCH-x-gcc make
export PATH=$PATH:/opt/$ARCH/bin
fi

30
ssl/CMakeLists.txt
View File

@@ -19,45 +19,43 @@ set(
d1_srtp.c
d1_srvr.c
pqueue.c
s23_clnt.c
s23_lib.c
s23_meth.c
s23_pkt.c
s23_srvr.c
s3_both.c
s3_cbc.c
s3_clnt.c
s3_enc.c
s3_lib.c
s3_meth.c
s3_pkt.c
s3_srvr.c
ssl_algs.c
ssl_asn1.c
ssl_both.c
ssl_cert.c
ssl_ciph.c
ssl_clnt.c
ssl_err.c
ssl_err2.c
ssl_lib.c
ssl_packet.c
ssl_pkt.c
ssl_rsa.c
ssl_sess.c
ssl_srvr.c
ssl_stat.c
ssl_txt.c
ssl_versions.c
t1_clnt.c
t1_enc.c
t1_hash.c
t1_lib.c
t1_meth.c
t1_reneg.c
t1_srvr.c
)
add_library(ssl-objects OBJECT ${SSL_SRC})
if (BUILD_SHARED)
add_library(ssl-objects OBJECT ${SSL_SRC})
add_library(ssl STATIC $<TARGET_OBJECTS:ssl-objects>)
add_library(ssl-shared SHARED $<TARGET_OBJECTS:ssl-objects>)
export_symbol(ssl-shared ${CMAKE_CURRENT_SOURCE_DIR}/ssl.sym)
if (WIN32)
target_link_libraries(ssl-shared crypto-shared Ws2_32.lib)
set(SSL_POSTFIX -${SSL_MAJOR_VERSION})
endif()
set_target_properties(ssl-shared PROPERTIES
OUTPUT_NAME ssl${SSL_POSTFIX}
ARCHIVE_OUTPUT_NAME ssl${SSL_POSTFIX})
set_target_properties(ssl-shared PROPERTIES OUTPUT_NAME ssl)
set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION}
SOVERSION ${SSL_MAJOR_VERSION})
install(TARGETS ssl ssl-shared DESTINATION lib)

24
ssl/Makefile.am
View File

@@ -4,10 +4,9 @@ lib_LTLIBRARIES = libssl.la
EXTRA_DIST = VERSION
EXTRA_DIST += CMakeLists.txt
EXTRA_DIST += ssl.sym
libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined -export-symbols $(top_srcdir)/ssl/ssl.sym
libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la
libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined
libssl_la_LIBADD = ../crypto/libcrypto.la
libssl_la_SOURCES = bio_ssl.c
libssl_la_SOURCES += bs_ber.c
@@ -22,27 +21,32 @@ libssl_la_SOURCES += d1_pkt.c
libssl_la_SOURCES += d1_srtp.c
libssl_la_SOURCES += d1_srvr.c
libssl_la_SOURCES += pqueue.c
libssl_la_SOURCES += s23_clnt.c
libssl_la_SOURCES += s23_lib.c
libssl_la_SOURCES += s23_meth.c
libssl_la_SOURCES += s23_pkt.c
libssl_la_SOURCES += s23_srvr.c
libssl_la_SOURCES += s3_both.c
libssl_la_SOURCES += s3_cbc.c
libssl_la_SOURCES += s3_clnt.c
libssl_la_SOURCES += s3_enc.c
libssl_la_SOURCES += s3_lib.c
libssl_la_SOURCES += s3_meth.c
libssl_la_SOURCES += s3_pkt.c
libssl_la_SOURCES += s3_srvr.c
libssl_la_SOURCES += ssl_algs.c
libssl_la_SOURCES += ssl_asn1.c
libssl_la_SOURCES += ssl_both.c
libssl_la_SOURCES += ssl_cert.c
libssl_la_SOURCES += ssl_ciph.c
libssl_la_SOURCES += ssl_clnt.c
libssl_la_SOURCES += ssl_err.c
libssl_la_SOURCES += ssl_err2.c
libssl_la_SOURCES += ssl_lib.c
libssl_la_SOURCES += ssl_packet.c
libssl_la_SOURCES += ssl_pkt.c
libssl_la_SOURCES += ssl_rsa.c
libssl_la_SOURCES += ssl_sess.c
libssl_la_SOURCES += ssl_srvr.c
libssl_la_SOURCES += ssl_stat.c
libssl_la_SOURCES += ssl_txt.c
libssl_la_SOURCES += ssl_versions.c
libssl_la_SOURCES += t1_clnt.c
libssl_la_SOURCES += t1_enc.c
libssl_la_SOURCES += t1_hash.c
libssl_la_SOURCES += t1_lib.c
libssl_la_SOURCES += t1_meth.c
libssl_la_SOURCES += t1_reneg.c

651
tap-driver.sh
View File

@@ -1,651 +0,0 @@
#! /bin/sh
# Copyright (C) 2011-2014 Free Software Foundation, Inc.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
scriptversion=2013-12-23.17; # UTC
# Make unconditional expansion of undefined variables an error. This
# helps a lot in preventing typo-related bugs.
set -u
me=tap-driver.sh
fatal ()
{
echo "$me: fatal: $*" >&2
exit 1
}
usage_error ()
{
echo "$me: $*" >&2
print_usage >&2
exit 2
}
print_usage ()
{
cat <<END
Usage:
tap-driver.sh --test-name=NAME --log-file=PATH --trs-file=PATH
[--expect-failure={yes|no}] [--color-tests={yes|no}]
[--enable-hard-errors={yes|no}] [--ignore-exit]
[--diagnostic-string=STRING] [--merge|--no-merge]
[--comments|--no-comments] [--] TEST-COMMAND
The '--test-name', '-log-file' and '--trs-file' options are mandatory.
END
}
# TODO: better error handling in option parsing (in particular, ensure
# TODO: $log_file, $trs_file and $test_name are defined).
test_name= # Used for reporting.
log_file= # Where to save the result and output of the test script.
trs_file= # Where to save the metadata of the test run.
expect_failure=0
color_tests=0
merge=0
ignore_exit=0
comments=0
diag_string='#'
while test $# -gt 0; do
case $1 in
--help) print_usage; exit $?;;
--version) echo "$me $scriptversion"; exit $?;;
--test-name) test_name=$2; shift;;
--log-file) log_file=$2; shift;;
--trs-file) trs_file=$2; shift;;
--color-tests) color_tests=$2; shift;;
--expect-failure) expect_failure=$2; shift;;
--enable-hard-errors) shift;; # No-op.
--merge) merge=1;;
--no-merge) merge=0;;
--ignore-exit) ignore_exit=1;;
--comments) comments=1;;
--no-comments) comments=0;;
--diagnostic-string) diag_string=$2; shift;;
--) shift; break;;
-*) usage_error "invalid option: '$1'";;
esac
shift
done
test $# -gt 0 || usage_error "missing test command"
case $expect_failure in
yes) expect_failure=1;;
*) expect_failure=0;;
esac
if test $color_tests = yes; then
init_colors='
color_map["red"]="" # Red.
color_map["grn"]="" # Green.
color_map["lgn"]="" # Light green.
color_map["blu"]="" # Blue.
color_map["mgn"]="" # Magenta.
color_map["std"]="" # No color.
color_for_result["ERROR"] = "mgn"
color_for_result["PASS"] = "grn"
color_for_result["XPASS"] = "red"
color_for_result["FAIL"] = "red"
color_for_result["XFAIL"] = "lgn"
color_for_result["SKIP"] = "blu"'
else
init_colors=''
fi
# :; is there to work around a bug in bash 3.2 (and earlier) which
# does not always set '$?' properly on redirection failure.
# See the Autoconf manual for more details.
:;{
(
# Ignore common signals (in this subshell only!), to avoid potential
# problems with Korn shells. Some Korn shells are known to propagate
# to themselves signals that have killed a child process they were
# waiting for; this is done at least for SIGINT (and usually only for
# it, in truth). Without the `trap' below, such a behaviour could
# cause a premature exit in the current subshell, e.g., in case the
# test command it runs gets terminated by a SIGINT. Thus, the awk
# script we are piping into would never seen the exit status it
# expects on its last input line (which is displayed below by the
# last `echo $?' statement), and would thus die reporting an internal
# error.
# For more information, see the Autoconf manual and the threads:
# <http://lists.gnu.org/archive/html/bug-autoconf/2011-09/msg00004.html>
# <http://mail.opensolaris.org/pipermail/ksh93-integration-discuss/2009-February/004121.html>
trap : 1 3 2 13 15
if test $merge -gt 0; then
exec 2>&1
else
exec 2>&3
fi
"$@"
echo $?
) | LC_ALL=C ${AM_TAP_AWK-awk} \
-v me="$me" \
-v test_script_name="$test_name" \
-v log_file="$log_file" \
-v trs_file="$trs_file" \
-v expect_failure="$expect_failure" \
-v merge="$merge" \
-v ignore_exit="$ignore_exit" \
-v comments="$comments" \
-v diag_string="$diag_string" \
'
# TODO: the usages of "cat >&3" below could be optimized when using
# GNU awk, and/on on systems that supports /dev/fd/.
# Implementation note: in what follows, `result_obj` will be an
# associative array that (partly) simulates a TAP result object
# from the `TAP::Parser` perl module.
## ----------- ##
## FUNCTIONS ##
## ----------- ##
function fatal(msg)
{
print me ": " msg | "cat >&2"
exit 1
}
function abort(where)
{
fatal("internal error " where)
}
# Convert a boolean to a "yes"/"no" string.
function yn(bool)
{
return bool ? "yes" : "no";
}
function add_test_result(result)
{
if (!test_results_index)
test_results_index = 0
test_results_list[test_results_index] = result
test_results_index += 1
test_results_seen[result] = 1;
}
# Whether the test script should be re-run by "make recheck".
function must_recheck()
{
for (k in test_results_seen)
if (k != "XFAIL" && k != "PASS" && k != "SKIP")
return 1
return 0
}
# Whether the content of the log file associated to this test should
# be copied into the "global" test-suite.log.
function copy_in_global_log()
{
for (k in test_results_seen)
if (k != "PASS")
return 1
return 0
}
function get_global_test_result()
{
if ("ERROR" in test_results_seen)
return "ERROR"
if ("FAIL" in test_results_seen || "XPASS" in test_results_seen)
return "FAIL"
all_skipped = 1
for (k in test_results_seen)
if (k != "SKIP")
all_skipped = 0
if (all_skipped)
return "SKIP"
return "PASS";
}
function stringify_result_obj(result_obj)
{
if (result_obj["is_unplanned"] || result_obj["number"] != testno)
return "ERROR"
if (plan_seen == LATE_PLAN)
return "ERROR"
if (result_obj["directive"] == "TODO")
return result_obj["is_ok"] ? "XPASS" : "XFAIL"
if (result_obj["directive"] == "SKIP")
return result_obj["is_ok"] ? "SKIP" : COOKED_FAIL;
if (length(result_obj["directive"]))
abort("in function stringify_result_obj()")
return result_obj["is_ok"] ? COOKED_PASS : COOKED_FAIL
}
function decorate_result(result)
{
color_name = color_for_result[result]
if (color_name)
return color_map[color_name] "" result "" color_map["std"]
# If we are not using colorized output, or if we do not know how
# to colorize the given result, we should return it unchanged.
return result
}
function report(result, details)
{
if (result ~ /^(X?(PASS|FAIL)|SKIP|ERROR)/)
{
msg = ": " test_script_name
add_test_result(result)
}
else if (result == "#")
{
msg = " " test_script_name ":"
}
else
{
abort("in function report()")
}
if (length(details))
msg = msg " " details
# Output on console might be colorized.
print decorate_result(result) msg
# Log the result in the log file too, to help debugging (this is
# especially true when said result is a TAP error or "Bail out!").
print result msg | "cat >&3";
}
function testsuite_error(error_message)
{
report("ERROR", "- " error_message)
}
function handle_tap_result()
{
details = result_obj["number"];
if (length(result_obj["description"]))
details = details " " result_obj["description"]
if (plan_seen == LATE_PLAN)
{
details = details " # AFTER LATE PLAN";
}
else if (result_obj["is_unplanned"])
{
details = details " # UNPLANNED";
}
else if (result_obj["number"] != testno)
{
details = sprintf("%s # OUT-OF-ORDER (expecting %d)",
details, testno);
}
else if (result_obj["directive"])
{
details = details " # " result_obj["directive"];
if (length(result_obj["explanation"]))
details = details " " result_obj["explanation"]
}
report(stringify_result_obj(result_obj), details)
}
# `skip_reason` should be empty whenever planned > 0.
function handle_tap_plan(planned, skip_reason)
{
planned += 0 # Avoid getting confused if, say, `planned` is "00"
if (length(skip_reason) && planned > 0)
abort("in function handle_tap_plan()")
if (plan_seen)
{
# Error, only one plan per stream is acceptable.
testsuite_error("multiple test plans")
return;
}
planned_tests = planned
# The TAP plan can come before or after *all* the TAP results; we speak
# respectively of an "early" or a "late" plan. If we see the plan line
# after at least one TAP result has been seen, assume we have a late
# plan; in this case, any further test result seen after the plan will
# be flagged as an error.
plan_seen = (testno >= 1 ? LATE_PLAN : EARLY_PLAN)
# If testno > 0, we have an error ("too many tests run") that will be
# automatically dealt with later, so do not worry about it here. If
# $plan_seen is true, we have an error due to a repeated plan, and that
# has already been dealt with above. Otherwise, we have a valid "plan
# with SKIP" specification, and should report it as a particular kind
# of SKIP result.
if (planned == 0 && testno == 0)
{
if (length(skip_reason))
skip_reason = "- " skip_reason;
report("SKIP", skip_reason);
}
}
function extract_tap_comment(line)
{
if (index(line, diag_string) == 1)
{
# Strip leading `diag_string` from `line`.
line = substr(line, length(diag_string) + 1)
# And strip any leading and trailing whitespace left.
sub("^[ \t]*", "", line)
sub("[ \t]*$", "", line)
# Return what is left (if any).
return line;
}
return "";
}
# When this function is called, we know that line is a TAP result line,
# so that it matches the (perl) RE "^(not )?ok\b".
function setup_result_obj(line)
{
# Get the result, and remove it from the line.
result_obj["is_ok"] = (substr(line, 1, 2) == "ok" ? 1 : 0)
sub("^(not )?ok[ \t]*", "", line)
# If the result has an explicit number, get it and strip it; otherwise,
# automatically assing the next progresive number to it.
if (line ~ /^[0-9]+$/ || line ~ /^[0-9]+[^a-zA-Z0-9_]/)
{
match(line, "^[0-9]+")
# The final `+ 0` is to normalize numbers with leading zeros.
result_obj["number"] = substr(line, 1, RLENGTH) + 0
line = substr(line, RLENGTH + 1)
}
else
{
result_obj["number"] = testno
}
if (plan_seen == LATE_PLAN)
# No further test results are acceptable after a "late" TAP plan
# has been seen.
result_obj["is_unplanned"] = 1
else if (plan_seen && testno > planned_tests)
result_obj["is_unplanned"] = 1
else
result_obj["is_unplanned"] = 0
# Strip trailing and leading whitespace.
sub("^[ \t]*", "", line)
sub("[ \t]*$", "", line)
# This will have to be corrected if we have a "TODO"/"SKIP" directive.
result_obj["description"] = line
result_obj["directive"] = ""
result_obj["explanation"] = ""
if (index(line, "#") == 0)
return # No possible directive, nothing more to do.
# Directives are case-insensitive.
rx = "[ \t]*#[ \t]*([tT][oO][dD][oO]|[sS][kK][iI][pP])[ \t]*"
# See whether we have the directive, and if yes, where.
pos = match(line, rx "$")
if (!pos)
pos = match(line, rx "[^a-zA-Z0-9_]")
# If there was no TAP directive, we have nothing more to do.
if (!pos)
return
# Let`s now see if the TAP directive has been escaped. For example:
# escaped: ok \# SKIP
# not escaped: ok \\# SKIP
# escaped: ok \\\\\# SKIP
# not escaped: ok \ # SKIP
if (substr(line, pos, 1) == "#")
{
bslash_count = 0
for (i = pos; i > 1 && substr(line, i - 1, 1) == "\\"; i--)
bslash_count += 1
if (bslash_count % 2)
return # Directive was escaped.
}
# Strip the directive and its explanation (if any) from the test
# description.
result_obj["description"] = substr(line, 1, pos - 1)
# Now remove the test description from the line, that has been dealt
# with already.
line = substr(line, pos)
# Strip the directive, and save its value (normalized to upper case).
sub("^[ \t]*#[ \t]*", "", line)
result_obj["directive"] = toupper(substr(line, 1, 4))
line = substr(line, 5)
# Now get the explanation for the directive (if any), with leading
# and trailing whitespace removed.
sub("^[ \t]*", "", line)
sub("[ \t]*$", "", line)
result_obj["explanation"] = line
}
function get_test_exit_message(status)
{
if (status == 0)
return ""
if (status !~ /^[1-9][0-9]*$/)
abort("getting exit status")
if (status < 127)
exit_details = ""
else if (status == 127)
exit_details = " (command not found?)"
else if (status >= 128 && status <= 255)
exit_details = sprintf(" (terminated by signal %d?)", status - 128)
else if (status > 256 && status <= 384)
# We used to report an "abnormal termination" here, but some Korn
# shells, when a child process die due to signal number n, can leave
# in $? an exit status of 256+n instead of the more standard 128+n.
# Apparently, both behaviours are allowed by POSIX (2008), so be
# prepared to handle them both. See also Austing Group report ID
# 0000051 <http://www.austingroupbugs.net/view.php?id=51>
exit_details = sprintf(" (terminated by signal %d?)", status - 256)
else
# Never seen in practice.
exit_details = " (abnormal termination)"
return sprintf("exited with status %d%s", status, exit_details)
}
function write_test_results()
{
print ":global-test-result: " get_global_test_result() > trs_file
print ":recheck: " yn(must_recheck()) > trs_file
print ":copy-in-global-log: " yn(copy_in_global_log()) > trs_file
for (i = 0; i < test_results_index; i += 1)
print ":test-result: " test_results_list[i] > trs_file
close(trs_file);
}
BEGIN {
## ------- ##
## SETUP ##
## ------- ##
'"$init_colors"'
# Properly initialized once the TAP plan is seen.
planned_tests = 0
COOKED_PASS = expect_failure ? "XPASS": "PASS";
COOKED_FAIL = expect_failure ? "XFAIL": "FAIL";
# Enumeration-like constants to remember which kind of plan (if any)
# has been seen. It is important that NO_PLAN evaluates "false" as
# a boolean.
NO_PLAN = 0
EARLY_PLAN = 1
LATE_PLAN = 2
testno = 0 # Number of test results seen so far.
bailed_out = 0 # Whether a "Bail out!" directive has been seen.
# Whether the TAP plan has been seen or not, and if yes, which kind
# it is ("early" is seen before any test result, "late" otherwise).
plan_seen = NO_PLAN
## --------- ##
## PARSING ##
## --------- ##
is_first_read = 1
while (1)
{
# Involutions required so that we are able to read the exit status
# from the last input line.
st = getline
if (st < 0) # I/O error.
fatal("I/O error while reading from input stream")
else if (st == 0) # End-of-input
{
if (is_first_read)
abort("in input loop: only one input line")
break
}
if (is_first_read)
{
is_first_read = 0
nextline = $0
continue
}
else
{
curline = nextline
nextline = $0
$0 = curline
}
# Copy any input line verbatim into the log file.
print | "cat >&3"
# Parsing of TAP input should stop after a "Bail out!" directive.
if (bailed_out)
continue
# TAP test result.
if ($0 ~ /^(not )?ok$/ || $0 ~ /^(not )?ok[^a-zA-Z0-9_]/)
{
testno += 1
setup_result_obj($0)
handle_tap_result()
}
# TAP plan (normal or "SKIP" without explanation).
else if ($0 ~ /^1\.\.[0-9]+[ \t]*$/)
{
# The next two lines will put the number of planned tests in $0.
sub("^1\\.\\.", "")
sub("[^0-9]*$", "")
handle_tap_plan($0, "")
continue
}
# TAP "SKIP" plan, with an explanation.
else if ($0 ~ /^1\.\.0+[ \t]*#/)
{
# The next lines will put the skip explanation in $0, stripping
# any leading and trailing whitespace. This is a little more
# tricky in truth, since we want to also strip a potential leading
# "SKIP" string from the message.
sub("^[^#]*#[ \t]*(SKIP[: \t][ \t]*)?", "")
sub("[ \t]*$", "");
handle_tap_plan(0, $0)
}
# "Bail out!" magic.
# Older versions of prove and TAP::Harness (e.g., 3.17) did not
# recognize a "Bail out!" directive when preceded by leading
# whitespace, but more modern versions (e.g., 3.23) do. So we
# emulate the latter, "more modern" behaviour.
else if ($0 ~ /^[ \t]*Bail out!/)
{
bailed_out = 1
# Get the bailout message (if any), with leading and trailing
# whitespace stripped. The message remains stored in `$0`.
sub("^[ \t]*Bail out![ \t]*", "");
sub("[ \t]*$", "");
# Format the error message for the
bailout_message = "Bail out!"
if (length($0))
bailout_message = bailout_message " " $0
testsuite_error(bailout_message)
}
# Maybe we have too look for dianogtic comments too.
else if (comments != 0)
{
comment = extract_tap_comment($0);
if (length(comment))
report("#", comment);
}
}
## -------- ##
## FINISH ##
## -------- ##
# A "Bail out!" directive should cause us to ignore any following TAP
# error, as well as a non-zero exit status from the TAP producer.
if (!bailed_out)
{
if (!plan_seen)
{
testsuite_error("missing test plan")
}
else if (planned_tests != testno)
{
bad_amount = testno > planned_tests ? "many" : "few"
testsuite_error(sprintf("too %s tests run (expected %d, got %d)",
bad_amount, planned_tests, testno))
}
if (!ignore_exit)
{
# Fetch exit status from the last line.
exit_message = get_test_exit_message(nextline)
if (exit_message)
testsuite_error(exit_message)
}
}
write_test_results()
exit 0
} # End of "BEGIN" block.
'
# TODO: document that we consume the file descriptor 3 :-(
} 3>"$log_file"
test $? -eq 0 || fatal "I/O or internal error"
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:

286
tests/CMakeLists.txt
View File

@@ -5,412 +5,262 @@ include_directories(
../crypto/modes
../crypto/asn1
../ssl
../apps/openssl
../apps/openssl/compat
../apps
)
add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_CURRENT_SOURCE_DIR}/../apps/openssl/cert.pem\")
foreach(lib IN LISTS OPENSSL_LIBS)
if(${lib} STREQUAL "tls-shared")
set(TESTS_LIBS ${TESTS_LIBS} tls)
elseif(${lib} STREQUAL "ssl-shared")
set(TESTS_LIBS ${TESTS_LIBS} ssl)
elseif(${lib} STREQUAL "crypto-shared")
set(TESTS_LIBS ${TESTS_LIBS} crypto)
else()
set(TESTS_LIBS ${TESTS_LIBS} ${lib})
endif()
endforeach()
set(ENV{srcdir} ${CMAKE_CURRENT_SOURCE_DIR})
# aeadtest
add_executable(aeadtest aeadtest.c)
target_link_libraries(aeadtest ${TESTS_LIBS})
add_test(aeadtest aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtests.txt)
#add_executable(aeadtest aeadtest.c)
#target_link_libraries(aeadtest ${OPENSSL_LIBS})
#add_test(aeadtest aeadtest.sh)
#configure_file(aeadtests.txt aeadtests.txt COPYONLY)
#configure_file(aeadtest.sh aeadtest.sh COPYONLY)
# aes_wrap
add_executable(aes_wrap aes_wrap.c)
target_link_libraries(aes_wrap ${TESTS_LIBS})
target_link_libraries(aes_wrap ${OPENSSL_LIBS})
add_test(aes_wrap aes_wrap)
# arc4randomforktest
# Windows/mingw does not have fork, but Cygwin does.
if(NOT CMAKE_HOST_WIN32 AND NOT CMAKE_SYSTEM_NAME MATCHES "MINGW")
if(NOT CMAKE_HOST_WIN32)
add_executable(arc4randomforktest arc4randomforktest.c)
target_link_libraries(arc4randomforktest ${TESTS_LIBS})
target_link_libraries(arc4randomforktest ${OPENSSL_LIBS})
add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh)
endif()
# asn1test
add_executable(asn1test asn1test.c)
target_link_libraries(asn1test ${TESTS_LIBS})
target_link_libraries(asn1test ${OPENSSL_LIBS})
add_test(asn1test asn1test)
# asn1time
add_executable(asn1time asn1time.c)
target_link_libraries(asn1time ${TESTS_LIBS})
add_test(asn1time asn1time)
# base64test
add_executable(base64test base64test.c)
target_link_libraries(base64test ${TESTS_LIBS})
target_link_libraries(base64test ${OPENSSL_LIBS})
add_test(base64test base64test)
# bftest
add_executable(bftest bftest.c)
target_link_libraries(bftest ${TESTS_LIBS})
target_link_libraries(bftest ${OPENSSL_LIBS})
add_test(bftest bftest)
# biotest
# the BIO tests rely on resolver results that are OS and environment-specific
if(ENABLE_EXTRATESTS)
add_executable(biotest biotest.c)
target_link_libraries(biotest ${TESTS_LIBS})
add_test(biotest biotest)
endif()
# bntest
add_executable(bntest bntest.c)
set_source_files_properties(bntest.c PROPERTIES COMPILE_FLAGS -ULIBRESSL_INTERNAL)
target_link_libraries(bntest ${TESTS_LIBS})
target_link_libraries(bntest ${OPENSSL_LIBS})
add_test(bntest bntest)
# bytestringtest
add_executable(bytestringtest bytestringtest.c)
target_link_libraries(bytestringtest ${TESTS_LIBS})
target_link_libraries(bytestringtest ${OPENSSL_LIBS})
add_test(bytestringtest bytestringtest)
# casttest
add_executable(casttest casttest.c)
target_link_libraries(casttest ${TESTS_LIBS})
target_link_libraries(casttest ${OPENSSL_LIBS})
add_test(casttest casttest)
# chachatest
add_executable(chachatest chachatest.c)
target_link_libraries(chachatest ${TESTS_LIBS})
target_link_libraries(chachatest ${OPENSSL_LIBS})
add_test(chachatest chachatest)
# cipher_list
add_executable(cipher_list cipher_list.c)
target_link_libraries(cipher_list ${TESTS_LIBS})
target_link_libraries(cipher_list ${OPENSSL_LIBS})
add_test(cipher_list cipher_list)
# cipherstest
add_executable(cipherstest cipherstest.c)
target_link_libraries(cipherstest ${TESTS_LIBS})
target_link_libraries(cipherstest ${OPENSSL_LIBS})
add_test(cipherstest cipherstest)
# clienttest
add_executable(clienttest clienttest.c)
target_link_libraries(clienttest ${TESTS_LIBS})
add_test(clienttest clienttest)
# cts128test
add_executable(cts128test cts128test.c)
target_link_libraries(cts128test ${TESTS_LIBS})
target_link_libraries(cts128test ${OPENSSL_LIBS})
add_test(cts128test cts128test)
# destest
add_executable(destest destest.c)
target_link_libraries(destest ${TESTS_LIBS})
target_link_libraries(destest ${OPENSSL_LIBS})
add_test(destest destest)
# dhtest
add_executable(dhtest dhtest.c)
target_link_libraries(dhtest ${TESTS_LIBS})
target_link_libraries(dhtest ${OPENSSL_LIBS})
add_test(dhtest dhtest)
# dsatest
add_executable(dsatest dsatest.c)
target_link_libraries(dsatest ${TESTS_LIBS})
target_link_libraries(dsatest ${OPENSSL_LIBS})
add_test(dsatest dsatest)
# ecdhtest
add_executable(ecdhtest ecdhtest.c)
target_link_libraries(ecdhtest ${TESTS_LIBS})
target_link_libraries(ecdhtest ${OPENSSL_LIBS})
add_test(ecdhtest ecdhtest)
# ecdsatest
add_executable(ecdsatest ecdsatest.c)
target_link_libraries(ecdsatest ${TESTS_LIBS})
target_link_libraries(ecdsatest ${OPENSSL_LIBS})
add_test(ecdsatest ecdsatest)
# ectest
add_executable(ectest ectest.c)
target_link_libraries(ectest ${TESTS_LIBS})
target_link_libraries(ectest ${OPENSSL_LIBS})
add_test(ectest ectest)
# enginetest
add_executable(enginetest enginetest.c)
target_link_libraries(enginetest ${TESTS_LIBS})
target_link_libraries(enginetest ${OPENSSL_LIBS})
add_test(enginetest enginetest)
# evptest
add_executable(evptest evptest.c)
target_link_libraries(evptest ${TESTS_LIBS})
add_test(evptest evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptests.txt)
#add_executable(evptest evptest.c)
#target_link_libraries(evptest ${OPENSSL_LIBS})
#add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh)
# explicit_bzero
# explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
if(NOT CMAKE_HOST_WIN32)
if(HAVE_MEMMEM)
add_executable(explicit_bzero explicit_bzero.c)
else()
add_executable(explicit_bzero explicit_bzero.c compat/memmem.c)
endif()
target_link_libraries(explicit_bzero ${TESTS_LIBS})
target_link_libraries(explicit_bzero ${OPENSSL_LIBS})
add_test(explicit_bzero explicit_bzero)
#if !HAVE_MEMMEM
#explicit_bzero_SOURCES += memmem.c
#endif
endif()
# exptest
add_executable(exptest exptest.c)
set_source_files_properties(exptest.c PROPERTIES COMPILE_FLAGS -ULIBRESSL_INTERNAL)
target_link_libraries(exptest ${TESTS_LIBS})
target_link_libraries(exptest ${OPENSSL_LIBS})
add_test(exptest exptest)
# gcm128test
add_executable(gcm128test gcm128test.c)
target_link_libraries(gcm128test ${TESTS_LIBS})
target_link_libraries(gcm128test ${OPENSSL_LIBS})
add_test(gcm128test gcm128test)
# gost2814789t
add_executable(gost2814789t gost2814789t.c)
target_link_libraries(gost2814789t ${TESTS_LIBS})
target_link_libraries(gost2814789t ${OPENSSL_LIBS})
add_test(gost2814789t gost2814789t)
# hmactest
add_executable(hmactest hmactest.c)
target_link_libraries(hmactest ${TESTS_LIBS})
target_link_libraries(hmactest ${OPENSSL_LIBS})
add_test(hmactest hmactest)
# ideatest
add_executable(ideatest ideatest.c)
target_link_libraries(ideatest ${TESTS_LIBS})
target_link_libraries(ideatest ${OPENSSL_LIBS})
add_test(ideatest ideatest)
# igetest
add_executable(igetest igetest.c)
target_link_libraries(igetest ${TESTS_LIBS})
target_link_libraries(igetest ${OPENSSL_LIBS})
add_test(igetest igetest)
# md4test
add_executable(md4test md4test.c)
target_link_libraries(md4test ${TESTS_LIBS})
target_link_libraries(md4test ${OPENSSL_LIBS})
add_test(md4test md4test)
# md5test
add_executable(md5test md5test.c)
target_link_libraries(md5test ${TESTS_LIBS})
target_link_libraries(md5test ${OPENSSL_LIBS})
add_test(md5test md5test)
# mont
add_executable(mont mont.c)
target_link_libraries(mont ${TESTS_LIBS})
target_link_libraries(mont ${OPENSSL_LIBS})
add_test(mont mont)
# ocsp_test
if(ENABLE_EXTRATESTS)
add_executable(ocsp_test ocsp_test.c)
target_link_libraries(ocsp_test ${TESTS_LIBS})
if(NOT MSVC)
add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh)
else()
add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.bat)
endif()
endif()
# optionstest
add_executable(optionstest optionstest.c)
target_link_libraries(optionstest ${TESTS_LIBS})
target_link_libraries(optionstest ${OPENSSL_LIBS})
add_test(optionstest optionstest)
# pbkdf2
add_executable(pbkdf2 pbkdf2.c)
target_link_libraries(pbkdf2 ${TESTS_LIBS})
target_link_libraries(pbkdf2 ${OPENSSL_LIBS})
add_test(pbkdf2 pbkdf2)
# pidwraptest
# pidwraptest relies on an OS-specific way to give out pids and is generally
# awkward on systems with slow fork
if(ENABLE_EXTRATESTS AND NOT MSVC)
add_executable(pidwraptest pidwraptest.c)
target_link_libraries(pidwraptest ${TESTS_LIBS})
add_test(pidwraptest ${CMAKE_CURRENT_SOURCE_DIR}/pidwraptest.sh)
endif()
# pkcs7test
add_executable(pkcs7test pkcs7test.c)
target_link_libraries(pkcs7test ${TESTS_LIBS})
target_link_libraries(pkcs7test ${OPENSSL_LIBS})
add_test(pkcs7test pkcs7test)
# poly1305test
add_executable(poly1305test poly1305test.c)
target_link_libraries(poly1305test ${TESTS_LIBS})
target_link_libraries(poly1305test ${OPENSSL_LIBS})
add_test(poly1305test poly1305test)
# pq_test
add_executable(pq_test pq_test.c)
target_link_libraries(pq_test ${TESTS_LIBS})
if(NOT MSVC)
add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
else()
add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.bat)
endif()
set_tests_properties(pq_test PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
#add_executable(pq_test pq_test.c)
#target_link_libraries(pq_test ${OPENSSL_LIBS})
#add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
# randtest
add_executable(randtest randtest.c)
target_link_libraries(randtest ${TESTS_LIBS})
target_link_libraries(randtest ${OPENSSL_LIBS})
add_test(randtest randtest)
# rc2test
add_executable(rc2test rc2test.c)
target_link_libraries(rc2test ${TESTS_LIBS})
target_link_libraries(rc2test ${OPENSSL_LIBS})
add_test(rc2test rc2test)
# rc4test
add_executable(rc4test rc4test.c)
target_link_libraries(rc4test ${TESTS_LIBS})
target_link_libraries(rc4test ${OPENSSL_LIBS})
add_test(rc4test rc4test)
# rfc5280time
add_executable(rfc5280time rfc5280time.c)
target_link_libraries(rfc5280time ${TESTS_LIBS})
if(SMALL_TIME_T)
add_test(rfc5280time ${CMAKE_CURRENT_SOURCE_DIR}/rfc5280time_small.test)
else()
add_test(rfc5280time rfc5280time)
endif()
# rmdtest
add_executable(rmdtest rmdtest.c)
target_link_libraries(rmdtest ${TESTS_LIBS})
target_link_libraries(rmdtest ${OPENSSL_LIBS})
add_test(rmdtest rmdtest)
# rsa_test
add_executable(rsa_test rsa_test.c)
target_link_libraries(rsa_test ${TESTS_LIBS})
add_test(rsa_test rsa_test)
# servertest
add_executable(servertest servertest.c)
target_link_libraries(servertest ${TESTS_LIBS})
if(NOT MSVC)
add_test(servertest ${CMAKE_CURRENT_SOURCE_DIR}/servertest.sh)
else()
add_test(servertest ${CMAKE_CURRENT_SOURCE_DIR}/servertest.bat)
endif()
set_tests_properties(servertest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
# sha1test
add_executable(sha1test sha1test.c)
target_link_libraries(sha1test ${TESTS_LIBS})
target_link_libraries(sha1test ${OPENSSL_LIBS})
add_test(sha1test sha1test)
# sha256test
add_executable(sha256test sha256test.c)
target_link_libraries(sha256test ${TESTS_LIBS})
target_link_libraries(sha256test ${OPENSSL_LIBS})
add_test(sha256test sha256test)
# sha512test
add_executable(sha512test sha512test.c)
target_link_libraries(sha512test ${TESTS_LIBS})
target_link_libraries(sha512test ${OPENSSL_LIBS})
add_test(sha512test sha512test)
# ssl_versions
add_executable(ssl_versions ssl_versions.c)
target_link_libraries(ssl_versions ${TESTS_LIBS})
add_test(ssl_versions ssl_versions)
# shatest
add_executable(shatest shatest.c)
target_link_libraries(shatest ${OPENSSL_LIBS})
add_test(shatest shatest)
# ssltest
add_executable(ssltest ssltest.c)
target_link_libraries(ssltest ${TESTS_LIBS})
if(NOT MSVC)
add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
else()
add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.bat)
endif()
set_tests_properties(ssltest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
#add_executable(ssltest ssltest.c)
#target_link_libraries(ssltest ${OPENSSL_LIBS})
#add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
# testdsa
if(NOT MSVC)
add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
else()
add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.bat)
endif()
set_tests_properties(testdsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
#add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
# testenc
if(NOT MSVC)
add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh)
else()
add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.bat)
endif()
set_tests_properties(testenc PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
# testrsa
if(NOT MSVC)
add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
else()
add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.bat)
endif()
set_tests_properties(testrsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
#add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
# timingsafe
add_executable(timingsafe timingsafe.c)
target_link_libraries(timingsafe ${TESTS_LIBS})
target_link_libraries(timingsafe ${OPENSSL_LIBS})
add_test(timingsafe timingsafe)
# tlstest
set(TLSTEST_SRC tlstest.c)
check_function_exists(pipe2 HAVE_PIPE2)
if(HAVE_PIPE2)
add_definitions(-DHAVE_PIPE2)
else()
set(TLSTEST_SRC ${TLSTEST_SRC} compat/pipe2.c)
endif()
add_executable(tlstest ${TLSTEST_SRC})
target_link_libraries(tlstest ${TESTS_LIBS})
if(NOT MSVC)
add_test(tlstest ${CMAKE_CURRENT_SOURCE_DIR}/tlstest.sh)
else()
add_test(tlstest ${CMAKE_CURRENT_SOURCE_DIR}/tlstest.bat)
endif()
set_tests_properties(tlstest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
# tls_ext_alpn
add_executable(tls_ext_alpn tls_ext_alpn.c)
target_link_libraries(tls_ext_alpn ${TESTS_LIBS})
add_test(tls_ext_alpn tls_ext_alpn)
# tls_prf
add_executable(tls_prf tls_prf.c)
target_link_libraries(tls_prf ${TESTS_LIBS})
add_test(tls_prf tls_prf)
# utf8test
add_executable(utf8test utf8test.c)
target_link_libraries(utf8test ${TESTS_LIBS})
target_link_libraries(utf8test ${OPENSSL_LIBS})
add_test(utf8test utf8test)
# verifytest
add_executable(verifytest verifytest.c)
target_link_libraries(verifytest tls ${TESTS_LIBS})
add_test(verifytest verifytest)
# x25519test
add_executable(x25519test x25519test.c)
target_link_libraries(x25519test ${TESTS_LIBS})
add_test(x25519test x25519test)
if(ENABLE_VSTEST AND USE_SHARED)
add_custom_command(TARGET x25519test POST_BUILD
COMMAND "${CMAKE_COMMAND}" -E copy
"$<TARGET_FILE:tls-shared>"
"$<TARGET_FILE:ssl-shared>"
"$<TARGET_FILE:crypto-shared>"
"${CMAKE_CURRENT_BINARY_DIR}"
COMMENT "Copying DLLs for regression tests")
endif()

110
tests/Makefile.am
View File

@@ -3,19 +3,11 @@ include $(top_srcdir)/Makefile.am.common
AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes
AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1
AM_CPPFLAGS += -I $(top_srcdir)/ssl
AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl
AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl/compat
AM_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"$(top_srcdir)/apps/openssl/cert.pem\"
AM_CPPFLAGS += -I $(top_srcdir)/apps
LDADD = $(abs_top_builddir)/tls/.libs/libtls.a
LDADD += $(abs_top_builddir)/ssl/.libs/libssl.a
LDADD += $(abs_top_builddir)/crypto/.libs/libcrypto.a
LDADD += $(PLATFORM_LDADD) $(PROG_LDADD)
if HOST_ASM_MACOSX_X86_64
LDADD += $(abs_top_builddir)/crypto/.libs/libcrypto_la-cpuid-macosx-x86_64.o
endif
TEST_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh
LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
LDADD += $(top_builddir)/ssl/libssl.la
LDADD += $(top_builddir)/crypto/libcrypto.la
TESTS =
check_PROGRAMS =
@@ -48,11 +40,6 @@ TESTS += asn1test
check_PROGRAMS += asn1test
asn1test_SOURCES = asn1test.c
# asn1time
TESTS += asn1time
check_PROGRAMS += asn1time
asn1time_SOURCES = asn1time.c
# base64test
TESTS += base64test
check_PROGRAMS += base64test
@@ -73,7 +60,6 @@ endif
# bntest
TESTS += bntest
bntest_CPPFLAGS = $(AM_CPPFLAGS) -ULIBRESSL_INTERNAL
check_PROGRAMS += bntest
bntest_SOURCES = bntest.c
@@ -103,11 +89,6 @@ TESTS += cipherstest
check_PROGRAMS += cipherstest
cipherstest_SOURCES = cipherstest.c
# clienttest
TESTS += clienttest
check_PROGRAMS += clienttest
clienttest_SOURCES = clienttest.c
# cts128test
TESTS += cts128test
check_PROGRAMS += cts128test
@@ -163,7 +144,7 @@ TESTS += explicit_bzero
check_PROGRAMS += explicit_bzero
explicit_bzero_SOURCES = explicit_bzero.c
if !HAVE_MEMMEM
explicit_bzero_SOURCES += compat/memmem.c
explicit_bzero_SOURCES += memmem.c
endif
endif
endif
@@ -171,7 +152,6 @@ endif
# exptest
TESTS += exptest
check_PROGRAMS += exptest
exptest_CPPFLAGS = $(AM_CPPFLAGS) -ULIBRESSL_INTERNAL
exptest_SOURCES = exptest.c
# gcm128test
@@ -214,14 +194,6 @@ TESTS += mont
check_PROGRAMS += mont
mont_SOURCES = mont.c
# ocsp_test
if ENABLE_EXTRATESTS
TESTS += ocsptest.sh
check_PROGRAMS += ocsp_test
ocsp_test_SOURCES = ocsp_test.c
endif
EXTRA_DIST += ocsptest.sh ocsptest.bat
# optionstest
TESTS += optionstest
check_PROGRAMS += optionstest
@@ -236,11 +208,10 @@ pbkdf2_SOURCES = pbkdf2.c
# pidwraptest relies on an OS-specific way to give out pids and is generally
# awkward on systems with slow fork
if ENABLE_EXTRATESTS
TESTS += pidwraptest.sh
TESTS += pidwraptest
check_PROGRAMS += pidwraptest
pidwraptest_SOURCES = pidwraptest.c
endif
EXTRA_DIST += pidwraptest.sh
# pkcs7test
TESTS += pkcs7test
@@ -256,7 +227,7 @@ poly1305test_SOURCES = poly1305test.c
TESTS += pq_test.sh
check_PROGRAMS += pq_test
pq_test_SOURCES = pq_test.c
EXTRA_DIST += pq_test.sh pq_test.bat
EXTRA_DIST += pq_test.sh
EXTRA_DIST += pq_expected.txt
# randtest
@@ -274,32 +245,11 @@ TESTS += rc4test
check_PROGRAMS += rc4test
rc4test_SOURCES = rc4test.c
# rfc5280time
check_PROGRAMS += rfc5280time
rfc5280time_SOURCES = rfc5280time.c
if SMALL_TIME_T
TESTS += rfc5280time_small.test
else
TESTS += rfc5280time
endif
EXTRA_DIST += rfc5280time_small.test
# rmdtest
TESTS += rmdtest
check_PROGRAMS += rmdtest
rmdtest_SOURCES = rmdtest.c
# rsa_test
TESTS += rsa_test
check_PROGRAMS += rsa_test
rsa_test_SOURCES = rsa_test.c
# servertest
TESTS += servertest.sh
check_PROGRAMS += servertest
servertest_SOURCES = servertest.c
EXTRA_DIST += servertest.sh servertest.bat
# sha1test
TESTS += sha1test
check_PROGRAMS += sha1test
@@ -315,66 +265,38 @@ TESTS += sha512test
check_PROGRAMS += sha512test
sha512test_SOURCES = sha512test.c
# ssl_versions
TESTS += ssl_versions
check_PROGRAMS += ssl_versions
ssl_versions_SOURCES = ssl_versions.c
# shatest
TESTS += shatest
check_PROGRAMS += shatest
shatest_SOURCES = shatest.c
# ssltest
TESTS += ssltest.sh
check_PROGRAMS += ssltest
ssltest_SOURCES = ssltest.c
EXTRA_DIST += ssltest.sh ssltest.bat
EXTRA_DIST += testssl testssl.bat ca.pem server.pem
EXTRA_DIST += ssltest.sh
EXTRA_DIST += testssl ca.pem server.pem
# testdsa
TESTS += testdsa.sh
EXTRA_DIST += testdsa.sh testdsa.bat
EXTRA_DIST += testdsa.sh
EXTRA_DIST += openssl.cnf
# testenc
TESTS += testenc.sh
EXTRA_DIST += testenc.sh testenc.bat
EXTRA_DIST += testenc.sh
# testrsa
TESTS += testrsa.sh
EXTRA_DIST += testrsa.sh testrsa.bat
EXTRA_DIST += testrsa.sh
# timingsafe
TESTS += timingsafe
check_PROGRAMS += timingsafe
timingsafe_SOURCES = timingsafe.c
# tlstest
TESTS += tlstest.sh
check_PROGRAMS += tlstest
tlstest_SOURCES = tlstest.c
if !HAVE_PIPE2
tlstest_SOURCES += compat/pipe2.c
endif
EXTRA_DIST += tlstest.sh tlstest.bat
# tls_ext_alpn
TESTS += tls_ext_alpn
check_PROGRAMS += tls_ext_alpn
tls_ext_alpn_SOURCES = tls_ext_alpn.c
# tls_prf
TESTS += tls_prf
check_PROGRAMS += tls_prf
tls_prf_SOURCES = tls_prf.c
# utf8test
TESTS += utf8test
check_PROGRAMS += utf8test
utf8test_SOURCES = utf8test.c
# verifytest
TESTS += verifytest
check_PROGRAMS += verifytest
verifytest_SOURCES = verifytest.c
# x25519test
TESTS += x25519test
check_PROGRAMS += x25519test
x25519test_SOURCES = x25519test.c

167
tests/compat/pipe2.c
View File

@@ -1,167 +0,0 @@
/*
* Public domain
*
* pipe2/pipe/socketpair emulation
* Brent Cook <bcook@openbsd.org>
*/
#include <errno.h>
#include <fcntl.h>
#include <unistd.h>
#include <sys/socket.h>
#undef socketpair
#ifdef _WIN32
static int setfd(int fd, int flag)
{
int rc = -1;
if (flag & FD_CLOEXEC) {
HANDLE h = (HANDLE)_get_osfhandle(fd);
if (h != NULL)
rc = SetHandleInformation(h, HANDLE_FLAG_INHERIT, 0) == 0 ? -1 : 0;
}
return rc;
}
static int setfl(int fd, int flag)
{
int rc = -1;
if (flag & O_NONBLOCK) {
long mode = 1;
rc = ioctlsocket(fd, FIONBIO, &mode);
}
return rc;
}
int socketpair(int domain, int type, int protocol, int socket_vector[2])
{
if (domain != AF_UNIX || !(type & SOCK_STREAM) || protocol != PF_UNSPEC)
return -1;
socket_vector[0] = -1;
socket_vector[1] = -1;
int listener = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if (listener == -1) {
return -1;
}
struct sockaddr_in addr = {
.sin_family = AF_INET,
.sin_addr.s_addr = htonl(INADDR_LOOPBACK),
.sin_port = 0,
};
int yes = 1, e;
if (setsockopt(listener, SOL_SOCKET, SO_REUSEADDR,
(void *)&yes, sizeof yes) == -1)
goto err;
if (bind(listener, (struct sockaddr *)&addr, sizeof addr) != 0)
goto err;
memset(&addr, 0, sizeof addr);
socklen_t addrlen = sizeof addr;
if (getsockname(listener, (struct sockaddr *)&addr, &addrlen) != 0)
goto err;
addr.sin_addr.s_addr = htonl(INADDR_LOOPBACK);
addr.sin_family = AF_INET;
if (listen(listener, 1) != 0)
goto err;
socket_vector[0] = WSASocket(AF_INET, SOCK_STREAM, 0, NULL, 0, 0);
if (socket_vector[0] == -1)
goto err;
if (connect(socket_vector[0], (struct sockaddr *)&addr, sizeof addr) != 0)
goto err;
socket_vector[1] = accept(listener, NULL, NULL);
if (socket_vector[1] == -1)
goto err;
closesocket(listener);
return 0;
err:
e = WSAGetLastError();
closesocket(listener);
closesocket(socket_vector[0]);
closesocket(socket_vector[1]);
WSASetLastError(e);
socket_vector[0] = -1;
socket_vector[1] = -1;
return -1;
}
int pipe(int fildes[2])
{
return socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, PF_UNSPEC, fildes);
}
#else
static int setfd(int fd, int flag)
{
int flags = fcntl(fd, F_GETFD);
flags |= flag;
return fcntl(fd, F_SETFD, flags);
}
static int setfl(int fd, int flag)
{
int flags = fcntl(fd, F_GETFL);
flags |= flag;
return fcntl(fd, F_SETFL, flags);
}
#endif
int pipe2(int fildes[2], int flags)
{
int rc = pipe(fildes);
if (rc == 0) {
if (flags & O_NONBLOCK) {
rc |= setfl(fildes[0], O_NONBLOCK);
rc |= setfl(fildes[1], O_NONBLOCK);
}
if (flags & O_CLOEXEC) {
rc |= setfd(fildes[0], FD_CLOEXEC);
rc |= setfd(fildes[1], FD_CLOEXEC);
}
if (rc != 0) {
int e = errno;
close(fildes[0]);
close(fildes[1]);
errno = e;
}
}
return rc;
}
int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2])
{
int flags = type & ~0xf;
type &= 0xf;
int rc = socketpair(domain, type, protocol, socket_vector);
if (rc == 0) {
if (flags & SOCK_NONBLOCK) {
rc |= setfl(socket_vector[0], O_NONBLOCK);
rc |= setfl(socket_vector[1], O_NONBLOCK);
}
if (flags & SOCK_CLOEXEC) {
rc |= setfd(socket_vector[0], FD_CLOEXEC);
rc |= setfd(socket_vector[1], FD_CLOEXEC);
}
if (rc != 0) {
int e = errno;
close(socket_vector[0]);
close(socket_vector[1]);
errno = e;
}
}
return rc;
}

11
tests/ocsptest.bat
View File

@@ -1,11 +0,0 @@
@echo off
setlocal enabledelayedexpansion
REM ocsptest.bat
set TEST=Debug\ocsp_test.exe
if not exist %TEST% exit /b 1
%TEST% www.amazon.com 443 & if !errorlevel! neq 0 exit /b 1
%TEST% cloudflare.com 443 & if !errorlevel! neq 0 exit /b 1
endlocal

8
tests/ocsptest.sh
View File

@@ -1,8 +0,0 @@
#!/bin/sh
set -e
TEST=./ocsp_test
if [ -e ./ocsp_test.exe ]; then
TEST=./ocsp_test.exe
fi
$TEST www.amazon.com 443
$TEST cloudflare.com 443

Some files were not shown because too many files have changed in this diff Show More