Compare commits
13 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9a1e5a561c | ||
|
|
79f5ca9b69 | ||
|
|
de9ea11a07 | ||
|
|
3cf0bc1226 | ||
|
|
f3e7ad5b06 | ||
|
|
da995141dc | ||
|
|
9834f621fa | ||
|
|
b09eba6ae2 | ||
|
|
c402f3877d | ||
|
|
6a1cc14967 | ||
|
|
fe69b6b418 | ||
|
|
df4451aeec | ||
|
|
58e4acdb19 |
@@ -4,8 +4,9 @@ include(CheckLibraryExists)
|
||||
include(CheckIncludeFiles)
|
||||
include(CheckTypeSize)
|
||||
|
||||
set(CMAKE_MODULE_PATH "${CMAKE_SOURCE_DIR}" ${CMAKE_MODULE_PATH})
|
||||
set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}" ${CMAKE_MODULE_PATH})
|
||||
include(cmake_export_symbol)
|
||||
include(GNUInstallDirs)
|
||||
|
||||
project (LibreSSL C)
|
||||
|
||||
|
||||
32
ChangeLog
32
ChangeLog
@@ -28,6 +28,38 @@ history is also available from Git.
|
||||
|
||||
LibreSSL Portable Release Notes:
|
||||
|
||||
2.5.5 - Bug fixes
|
||||
|
||||
* Distinguish between self-issued certificates and self-signed
|
||||
certificates. The certificate verification code has special cases
|
||||
for self-signed certificates and without this change, self-issued
|
||||
certificates (which it seems are common place with
|
||||
openvpn/easyrsa) were also being included in this category.
|
||||
|
||||
* Added getpagesize fallback, needed for Android bionic libc.
|
||||
|
||||
2.5.4 - Security Updates
|
||||
|
||||
* Revert a previous change that forced consistency between return
|
||||
value and error code when specifing a certificate verification
|
||||
callback, since this breaks the documented API. When a user supplied
|
||||
callback always returns 1, and later code checks the error code to
|
||||
potentially abort post verification, this will result in incorrect
|
||||
successul certificate verification.
|
||||
|
||||
* Switched Linux getrandom() usage to non-blocking mode, continuing to
|
||||
use fallback mechanims if unsuccessful. This works around a design
|
||||
flaw in Linux getrandom(2) where early boot usage in a library makes
|
||||
it impossible to recover if getrandom(2) is not yet initialized.
|
||||
|
||||
* Fixed a bug caused by the return value being set early to signal
|
||||
successful DTLS cookie validation. This can mask a later failure and
|
||||
result in a positive return value being returned from
|
||||
ssl3_get_client_hello(), when it should return a negative value to
|
||||
propagate the error.
|
||||
|
||||
* Fixed a build error on non-x86/x86_64 systems running Solaris.
|
||||
|
||||
2.5.3 - OpenBSD 6.1 Release
|
||||
|
||||
* Documentation updates
|
||||
|
||||
@@ -53,8 +53,8 @@ add_executable(nc ${NC_SRC})
|
||||
target_link_libraries(nc tls ${OPENSSL_LIBS})
|
||||
|
||||
if(ENABLE_NC)
|
||||
install(TARGETS nc DESTINATION bin)
|
||||
install(FILES nc.1 DESTINATION share/man/man1)
|
||||
install(TARGETS nc DESTINATION ${CMAKE_INSTALL_BINDIR})
|
||||
install(FILES nc.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
|
||||
endif()
|
||||
|
||||
endif()
|
||||
|
||||
@@ -4,6 +4,7 @@ if BUILD_NC
|
||||
|
||||
if ENABLE_NC
|
||||
bin_PROGRAMS = nc
|
||||
dist_man_MANS = nc.1
|
||||
else
|
||||
noinst_PROGRAMS = nc
|
||||
endif
|
||||
|
||||
@@ -36,7 +36,7 @@ endif()
|
||||
add_executable(ocspcheck ${OCSPCHECK_SRC})
|
||||
target_link_libraries(ocspcheck tls ${OPENSSL_LIBS})
|
||||
|
||||
install(TARGETS ocspcheck DESTINATION bin)
|
||||
install(FILES ocspcheck.8 DESTINATION share/man/man8)
|
||||
install(TARGETS ocspcheck DESTINATION ${CMAKE_INSTALL_BINDIR})
|
||||
install(FILES ocspcheck.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8)
|
||||
|
||||
endif()
|
||||
|
||||
@@ -76,8 +76,8 @@ endif()
|
||||
add_executable(openssl ${OPENSSL_SRC})
|
||||
target_link_libraries(openssl ${OPENSSL_LIBS})
|
||||
|
||||
install(TARGETS openssl DESTINATION bin)
|
||||
install(FILES openssl.1 DESTINATION share/man/man1)
|
||||
install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR})
|
||||
install(FILES openssl.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1)
|
||||
|
||||
if(NOT "${OPENSSLDIR}" STREQUAL "")
|
||||
set(CONF_DIR "${OPENSSLDIR}")
|
||||
|
||||
@@ -823,9 +823,9 @@ if (BUILD_SHARED)
|
||||
ARCHIVE_OUTPUT_NAME crypto${CRYPTO_POSTFIX})
|
||||
set_target_properties(crypto-shared PROPERTIES VERSION
|
||||
${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
|
||||
install(TARGETS crypto crypto-shared DESTINATION lib)
|
||||
install(TARGETS crypto crypto-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
else()
|
||||
add_library(crypto STATIC ${CRYPTO_SRC})
|
||||
install(TARGETS crypto DESTINATION lib)
|
||||
install(TARGETS crypto DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
endif()
|
||||
|
||||
|
||||
@@ -15,7 +15,10 @@ EXTRA_DIST += crypto.sym
|
||||
# needed for a CMake target
|
||||
EXTRA_DIST += compat/strcasecmp.c
|
||||
|
||||
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols $(top_srcdir)/crypto/crypto_portable.sym
|
||||
BUILT_SOURCES = crypto_portable.sym
|
||||
CLEANFILES = crypto_portable.sym
|
||||
|
||||
libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym
|
||||
libcrypto_la_LIBADD = libcompat.la
|
||||
if !HAVE_EXPLICIT_BZERO
|
||||
libcrypto_la_LIBADD += libcompatnoopt.la
|
||||
|
||||
@@ -1,12 +1,18 @@
|
||||
/* $OpenBSD$ */
|
||||
|
||||
#include <unistd.h>
|
||||
|
||||
#ifdef _MSC_VER
|
||||
#include <windows.h>
|
||||
#endif
|
||||
|
||||
int
|
||||
getpagesize(void)
|
||||
{
|
||||
getpagesize(void) {
|
||||
#ifdef _MSC_VER
|
||||
SYSTEM_INFO system_info;
|
||||
GetSystemInfo(&system_info);
|
||||
return system_info.dwPageSize;
|
||||
#else
|
||||
return sysconf(_SC_PAGESIZE);
|
||||
#endif
|
||||
}
|
||||
|
||||
2
dist.sh
2
dist.sh
@@ -4,4 +4,4 @@ set -e
|
||||
rm -f man/*.1 man/*.3 include/openssl/*.h
|
||||
./autogen.sh
|
||||
./configure
|
||||
make distcheck
|
||||
make -j2 distcheck
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
install(DIRECTORY .
|
||||
DESTINATION include
|
||||
DESTINATION ${CMAKE_INSTALL_INCLUDEDIR}
|
||||
PATTERN "CMakeLists.txt" EXCLUDE
|
||||
PATTERN "compat" EXCLUDE
|
||||
PATTERN "Makefile*" EXCLUDE)
|
||||
|
||||
@@ -5,8 +5,8 @@ exec_prefix=@exec_prefix@
|
||||
libdir=@libdir@
|
||||
includedir=@includedir@
|
||||
|
||||
Name: LibreSSL-libssl
|
||||
Description: Secure Sockets Layer and cryptography libraries
|
||||
Name: LibreSSL-libcrypto
|
||||
Description: LibreSSL cryptography library
|
||||
Version: @VERSION@
|
||||
Requires:
|
||||
Conflicts:
|
||||
|
||||
@@ -149,10 +149,16 @@ fi
|
||||
])
|
||||
|
||||
AC_DEFUN([GENERATE_CRYPTO_PORTABLE_SYM], [
|
||||
AS_CASE([$host_cpu],
|
||||
[i?86], [HOSTARCH=intel],
|
||||
[x86_64], [HOSTARCH=intel],
|
||||
[amd64], [HOSTARCH=intel],
|
||||
)
|
||||
AC_SUBST([HOSTARCH])
|
||||
crypto_sym=$srcdir/crypto/crypto.sym
|
||||
crypto_p_sym=$srcdir/crypto/crypto_portable.sym
|
||||
crypto_p_sym=./crypto/crypto_portable.sym
|
||||
echo "generating $crypto_p_sym ..."
|
||||
chmod u+w $srcdir/crypto
|
||||
mkdir -p ./crypto
|
||||
cp $crypto_sym $crypto_p_sym
|
||||
chmod u+w $crypto_p_sym
|
||||
if test "x$ac_cv_func_arc4random_buf" = "xno" ; then
|
||||
@@ -203,6 +209,9 @@ fi
|
||||
if test "x$ac_cv_func_timingsafe_memcmp" = "xno" ; then
|
||||
echo timingsafe_memcmp >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$HOSTARCH" = "xintel" ; then
|
||||
echo OPENSSL_ia32cap_P >> $crypto_p_sym
|
||||
fi
|
||||
if test "x$HOST_OS" = "xwin" ; then
|
||||
echo posix_perror >> $crypto_p_sym
|
||||
echo posix_fopen >> $crypto_p_sym
|
||||
|
||||
@@ -106,8 +106,6 @@ char buf[1]; getentropy(buf, 1);
|
||||
CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
|
||||
CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501"
|
||||
CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED"
|
||||
CFLAGS="$CFLAGS -static-libgcc"
|
||||
LDFLAGS="$LDFLAGS -static-libgcc"
|
||||
AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
|
||||
;;
|
||||
*solaris*)
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
install(DIRECTORY .
|
||||
DESTINATION share/man/man3
|
||||
DESTINATION ${CMAKE_INSTALL_MANDIR}/man3
|
||||
FILES_MATCHING PATTERN "*.3"
|
||||
)
|
||||
|
||||
install(DIRECTORY .
|
||||
DESTINATION share/man/man1
|
||||
DESTINATION ${CMAKE_INSTALL_MANDIR}/man1
|
||||
FILES_MATCHING PATTERN "*.1"
|
||||
)
|
||||
|
||||
@@ -60,8 +60,8 @@ if (BUILD_SHARED)
|
||||
ARCHIVE_OUTPUT_NAME ssl${SSL_POSTFIX})
|
||||
set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION}
|
||||
SOVERSION ${SSL_MAJOR_VERSION})
|
||||
install(TARGETS ssl ssl-shared DESTINATION lib)
|
||||
install(TARGETS ssl ssl-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
else()
|
||||
add_library(ssl STATIC ${SSL_SRC})
|
||||
install(TARGETS ssl DESTINATION lib)
|
||||
install(TARGETS ssl DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
endif()
|
||||
|
||||
@@ -39,9 +39,9 @@ if (BUILD_SHARED)
|
||||
ARCHIVE_OUTPUT_NAME tls${TLS_POSTFIX})
|
||||
set_target_properties(tls-shared PROPERTIES VERSION ${TLS_VERSION}
|
||||
SOVERSION ${TLS_MAJOR_VERSION})
|
||||
install(TARGETS tls tls-shared DESTINATION lib)
|
||||
install(TARGETS tls tls-shared DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
else()
|
||||
add_library(tls STATIC ${TLS_SRC})
|
||||
install(TARGETS tls DESTINATION lib)
|
||||
install(TARGETS tls DESTINATION ${CMAKE_INSTALL_LIBDIR})
|
||||
endif()
|
||||
|
||||
|
||||
@@ -151,7 +151,7 @@ done
|
||||
$CP crypto/compat/b_win.c crypto/bio
|
||||
$CP crypto/compat/ui_openssl_win.c crypto/ui
|
||||
# add the libcrypto symbol export list
|
||||
grep '^[[:alpha:]]' < $libcrypto_src/Symbols.list > crypto/crypto.sym
|
||||
grep -v OPENSSL_ia32cap_P $libcrypto_src/Symbols.list | grep '^[[:alpha:]]' > crypto/crypto.sym
|
||||
|
||||
# generate assembly crypto algorithms
|
||||
asm_src=$libcrypto_src
|
||||
|
||||
Reference in New Issue
Block a user