From 854f4f69af9003c0c29d3838001f549beaf36936 Mon Sep 17 00:00:00 2001 From: Brent Cook Date: Sat, 12 Sep 2015 07:48:06 -0500 Subject: [PATCH] add 'nc' to the distribution as an example of libtls client and server --- .gitignore | 17 +-- ChangeLog | 2 +- apps/CMakeLists.txt | 108 ++++++++-------- apps/Makefile.am | 116 +----------------- apps/nc/Makefile.am | 11 ++ apps/openssl/Makefile.am | 116 ++++++++++++++++++ apps/{ => openssl/compat}/apps_win.c | 0 .../compat/certhash_win.c} | 0 apps/{ => openssl/compat}/poll_win.c | 0 configure.ac | 2 + patches/openssl.c.patch | 4 +- tests/Makefile.am | 3 +- tests/testdsa.sh | 6 +- tests/testenc.sh | 6 +- tests/testrsa.sh | 6 +- tls/Makefile.am | 1 + update.sh | 29 +++-- 17 files changed, 227 insertions(+), 200 deletions(-) create mode 100644 apps/nc/Makefile.am create mode 100644 apps/openssl/Makefile.am rename apps/{ => openssl/compat}/apps_win.c (100%) rename apps/{certhash_disabled.c => openssl/compat/certhash_win.c} (100%) rename apps/{ => openssl/compat}/poll_win.c (100%) diff --git a/.gitignore b/.gitignore index 9af1054..019fc05 100644 --- a/.gitignore +++ b/.gitignore @@ -107,14 +107,15 @@ include/pqueue.h include/tls.h include/openssl/*.h -!/apps/apps_win.c -!/apps/poll_win.c -!/apps/certhash_disabled.c -/apps/*.h -/apps/*.c -/apps/*.cnf -/apps/*.pem -/apps/openssl +/apps/nc/*.h +/apps/nc/*.c +/apps/nc/nc* +/apps/openssl/*.h +/apps/openssl/*.c +/apps/openssl/*.cnf +/apps/openssl/*.pem +/apps/openssl/openssl +/apps/openssl/compat/strtonum.c !/crypto/Makefile.am.* !/crypto/compat/arc4random.h diff --git a/ChangeLog b/ChangeLog index 3ad826c..d9897f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -29,7 +29,7 @@ history is also available from Git. LibreSSL Portable Release Notes: 2.3.0 - SSLv3 removed, libtls API changes, portability improvements -e + * SSLv3 is now permanently removed from the tree. * The libtls API is changed from the 2.2.x series. diff --git a/apps/CMakeLists.txt b/apps/CMakeLists.txt index ee1880d..8c49c9b 100644 --- a/apps/CMakeLists.txt +++ b/apps/CMakeLists.txt @@ -6,72 +6,72 @@ include_directories( set( OPENSSL_SRC - apps.c - asn1pars.c - ca.c - ciphers.c - cms.c - crl.c - crl2p7.c - dgst.c - dh.c - dhparam.c - dsa.c - dsaparam.c - ec.c - ecparam.c - enc.c - errstr.c - gendh.c - gendsa.c - genpkey.c - genrsa.c - nseq.c - ocsp.c - openssl.c - passwd.c - pkcs12.c - pkcs7.c - pkcs8.c - pkey.c - pkeyparam.c - pkeyutl.c - prime.c - rand.c - req.c - rsa.c - rsautl.c - s_cb.c - s_client.c - s_server.c - s_socket.c - s_time.c - sess_id.c - smime.c - speed.c - spkac.c - ts.c - verify.c - version.c - x509.c + openssl/apps.c + openssl/asn1pars.c + openssl/ca.c + openssl/ciphers.c + openssl/cms.c + openssl/crl.c + openssl/crl2p7.c + openssl/dgst.c + openssl/dh.c + openssl/dhparam.c + openssl/dsa.c + openssl/dsaparam.c + openssl/ec.c + openssl/ecparam.c + openssl/enc.c + openssl/errstr.c + openssl/gendh.c + openssl/gendsa.c + openssl/genpkey.c + openssl/genrsa.c + openssl/nseq.c + openssl/ocsp.c + openssl/openssl.c + openssl/passwd.c + openssl/pkcs12.c + openssl/pkcs7.c + openssl/pkcs8.c + openssl/pkey.c + openssl/pkeyparam.c + openssl/pkeyutl.c + openssl/prime.c + openssl/rand.c + openssl/req.c + openssl/rsa.c + openssl/rsautl.c + openssl/s_cb.c + openssl/s_client.c + openssl/s_server.c + openssl/s_socket.c + openssl/s_time.c + openssl/sess_id.c + openssl/smime.c + openssl/speed.c + openssl/spkac.c + openssl/ts.c + openssl/verify.c + openssl/version.c + openssl/x509.c ) if(CMAKE_HOST_UNIX) - set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c) - set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c) + set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_posix.c) + set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash.c) endif() if(CMAKE_HOST_WIN32) - set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c) - set(OPENSSL_SRC ${OPENSSL_SRC} certhash_disabled.c) - set(OPENSSL_SRC ${OPENSSL_SRC} poll_win.c) + set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/apps_win.c) + set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/hash_win.c) + set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/poll_win.c) endif() check_function_exists(strtonum HAVE_STRTONUM) if(HAVE_STRTONUM) add_definitions(-DHAVE_STRTONUM) else() - set(OPENSSL_SRC ${OPENSSL_SRC} strtonum.c) + set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/strtonum.c) endif() add_executable(openssl ${OPENSSL_SRC}) diff --git a/apps/Makefile.am b/apps/Makefile.am index 20cf586..60d0c60 100644 --- a/apps/Makefile.am +++ b/apps/Makefile.am @@ -1,117 +1,5 @@ include $(top_srcdir)/Makefile.am.common -bin_PROGRAMS = openssl +SUBDIRS = openssl nc -openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) -openssl_LDADD += $(top_builddir)/ssl/libssl.la -openssl_LDADD += $(top_builddir)/crypto/libcrypto.la - -openssl_SOURCES = apps.c -openssl_SOURCES += asn1pars.c -openssl_SOURCES += ca.c -openssl_SOURCES += ciphers.c -openssl_SOURCES += cms.c -openssl_SOURCES += crl.c -openssl_SOURCES += crl2p7.c -openssl_SOURCES += dgst.c -openssl_SOURCES += dh.c -openssl_SOURCES += dhparam.c -openssl_SOURCES += dsa.c -openssl_SOURCES += dsaparam.c -openssl_SOURCES += ec.c -openssl_SOURCES += ecparam.c -openssl_SOURCES += enc.c -openssl_SOURCES += errstr.c -openssl_SOURCES += gendh.c -openssl_SOURCES += gendsa.c -openssl_SOURCES += genpkey.c -openssl_SOURCES += genrsa.c -openssl_SOURCES += nseq.c -openssl_SOURCES += ocsp.c -openssl_SOURCES += openssl.c -openssl_SOURCES += passwd.c -openssl_SOURCES += pkcs12.c -openssl_SOURCES += pkcs7.c -openssl_SOURCES += pkcs8.c -openssl_SOURCES += pkey.c -openssl_SOURCES += pkeyparam.c -openssl_SOURCES += pkeyutl.c -openssl_SOURCES += prime.c -openssl_SOURCES += rand.c -openssl_SOURCES += req.c -openssl_SOURCES += rsa.c -openssl_SOURCES += rsautl.c -openssl_SOURCES += s_cb.c -openssl_SOURCES += s_client.c -openssl_SOURCES += s_server.c -openssl_SOURCES += s_socket.c -openssl_SOURCES += s_time.c -openssl_SOURCES += sess_id.c -openssl_SOURCES += smime.c -openssl_SOURCES += speed.c -openssl_SOURCES += spkac.c -openssl_SOURCES += ts.c -openssl_SOURCES += verify.c -openssl_SOURCES += version.c -openssl_SOURCES += x509.c - -if BUILD_CERTHASH -openssl_SOURCES += certhash.c -else -openssl_SOURCES += certhash_disabled.c -endif - -if HOST_WIN -openssl_SOURCES += apps_win.c -else -openssl_SOURCES += apps_posix.c -endif - -if !HAVE_POLL -if HOST_WIN -openssl_SOURCES += poll_win.c -endif -endif - -if !HAVE_STRTONUM -openssl_SOURCES += strtonum.c -endif - -noinst_HEADERS = apps.h -noinst_HEADERS += progs.h -noinst_HEADERS += s_apps.h -noinst_HEADERS += testdsa.h -noinst_HEADERS += testrsa.h -noinst_HEADERS += timeouts.h - -EXTRA_DIST = cert.pem -EXTRA_DIST += openssl.cnf -EXTRA_DIST += x509v3.cnf -EXTRA_DIST += CMakeLists.txt - -install-exec-hook: - @if [ "@OPENSSLDIR@x" != "x" ]; then \ - OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \ - else \ - OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \ - fi; \ - mkdir -p "$$OPENSSLDIR/certs"; \ - for i in cert.pem openssl.cnf x509v3.cnf; do \ - if [ ! -f "$$OPENSSLDIR/$i" ]; then \ - $(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \ - else \ - echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \ - fi \ - done - -uninstall-local: - @if [ "@OPENSSLDIR@x" != "x" ]; then \ - OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \ - else \ - OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \ - fi; \ - for i in cert.pem openssl.cnf x509v3.cnf; do \ - if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \ - rm -f "$$OPENSSLDIR/$$i"; \ - fi \ - done +EXTRA_DIST = CMakeLists.txt diff --git a/apps/nc/Makefile.am b/apps/nc/Makefile.am new file mode 100644 index 0000000..ccb770a --- /dev/null +++ b/apps/nc/Makefile.am @@ -0,0 +1,11 @@ +include $(top_srcdir)/Makefile.am.common + +bin_PROGRAMS = nc + +nc_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) +nc_LDADD += $(top_builddir)/tls/libtls.la + +nc_SOURCES = atomicio.c +nc_SOURCES += netcat.c +nc_SOURCES += socks.c +noinst_HEADERS = atomicio.h diff --git a/apps/openssl/Makefile.am b/apps/openssl/Makefile.am new file mode 100644 index 0000000..9c763e1 --- /dev/null +++ b/apps/openssl/Makefile.am @@ -0,0 +1,116 @@ +include $(top_srcdir)/Makefile.am.common + +bin_PROGRAMS = openssl + +openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) +openssl_LDADD += $(top_builddir)/ssl/libssl.la +openssl_LDADD += $(top_builddir)/crypto/libcrypto.la + +openssl_SOURCES = apps.c +openssl_SOURCES += asn1pars.c +openssl_SOURCES += ca.c +openssl_SOURCES += ciphers.c +openssl_SOURCES += cms.c +openssl_SOURCES += crl.c +openssl_SOURCES += crl2p7.c +openssl_SOURCES += dgst.c +openssl_SOURCES += dh.c +openssl_SOURCES += dhparam.c +openssl_SOURCES += dsa.c +openssl_SOURCES += dsaparam.c +openssl_SOURCES += ec.c +openssl_SOURCES += ecparam.c +openssl_SOURCES += enc.c +openssl_SOURCES += errstr.c +openssl_SOURCES += gendh.c +openssl_SOURCES += gendsa.c +openssl_SOURCES += genpkey.c +openssl_SOURCES += genrsa.c +openssl_SOURCES += nseq.c +openssl_SOURCES += ocsp.c +openssl_SOURCES += openssl.c +openssl_SOURCES += passwd.c +openssl_SOURCES += pkcs12.c +openssl_SOURCES += pkcs7.c +openssl_SOURCES += pkcs8.c +openssl_SOURCES += pkey.c +openssl_SOURCES += pkeyparam.c +openssl_SOURCES += pkeyutl.c +openssl_SOURCES += prime.c +openssl_SOURCES += rand.c +openssl_SOURCES += req.c +openssl_SOURCES += rsa.c +openssl_SOURCES += rsautl.c +openssl_SOURCES += s_cb.c +openssl_SOURCES += s_client.c +openssl_SOURCES += s_server.c +openssl_SOURCES += s_socket.c +openssl_SOURCES += s_time.c +openssl_SOURCES += sess_id.c +openssl_SOURCES += smime.c +openssl_SOURCES += speed.c +openssl_SOURCES += spkac.c +openssl_SOURCES += ts.c +openssl_SOURCES += verify.c +openssl_SOURCES += version.c +openssl_SOURCES += x509.c + +if BUILD_CERTHASH +openssl_SOURCES += certhash.c +else +openssl_SOURCES += compat/certhash_win.c +endif + +if HOST_WIN +openssl_SOURCES += compat/apps_win.c +else +openssl_SOURCES += apps_posix.c +endif + +if !HAVE_POLL +if HOST_WIN +openssl_SOURCES += compat/poll_win.c +endif +endif + +if !HAVE_STRTONUM +openssl_SOURCES += compat/strtonum.c +endif + +noinst_HEADERS = apps.h +noinst_HEADERS += progs.h +noinst_HEADERS += s_apps.h +noinst_HEADERS += testdsa.h +noinst_HEADERS += testrsa.h +noinst_HEADERS += timeouts.h + +EXTRA_DIST = cert.pem +EXTRA_DIST += openssl.cnf +EXTRA_DIST += x509v3.cnf + +install-exec-hook: + @if [ "@OPENSSLDIR@x" != "x" ]; then \ + OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \ + else \ + OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \ + fi; \ + mkdir -p "$$OPENSSLDIR/certs"; \ + for i in cert.pem openssl.cnf x509v3.cnf; do \ + if [ ! -f "$$OPENSSLDIR/$i" ]; then \ + $(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \ + else \ + echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \ + fi \ + done + +uninstall-local: + @if [ "@OPENSSLDIR@x" != "x" ]; then \ + OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \ + else \ + OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \ + fi; \ + for i in cert.pem openssl.cnf x509v3.cnf; do \ + if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \ + rm -f "$$OPENSSLDIR/$$i"; \ + fi \ + done diff --git a/apps/apps_win.c b/apps/openssl/compat/apps_win.c similarity index 100% rename from apps/apps_win.c rename to apps/openssl/compat/apps_win.c diff --git a/apps/certhash_disabled.c b/apps/openssl/compat/certhash_win.c similarity index 100% rename from apps/certhash_disabled.c rename to apps/openssl/compat/certhash_win.c diff --git a/apps/poll_win.c b/apps/openssl/compat/poll_win.c similarity index 100% rename from apps/poll_win.c rename to apps/openssl/compat/poll_win.c diff --git a/configure.ac b/configure.ac index 91ae7ce..09bc9f1 100644 --- a/configure.ac +++ b/configure.ac @@ -119,6 +119,8 @@ AC_CONFIG_FILES([ tls/Makefile tests/Makefile apps/Makefile + apps/openssl/Makefile + apps/nc/Makefile man/Makefile libcrypto.pc libssl.pc diff --git a/patches/openssl.c.patch b/patches/openssl.c.patch index 275e9ea..ba3ac36 100644 --- a/patches/openssl.c.patch +++ b/patches/openssl.c.patch @@ -1,5 +1,5 @@ ---- apps/openssl.c.orig 2015-07-20 02:01:42.000000000 -0600 -+++ apps/openssl.c 2015-07-20 02:02:00.000000000 -0600 +--- apps/openssl/openssl.c.orig 2015-07-20 02:01:42.000000000 -0600 ++++ apps/openssl/openssl.c 2015-07-20 02:02:00.000000000 -0600 @@ -130,6 +130,19 @@ #include #endif diff --git a/tests/Makefile.am b/tests/Makefile.am index fe3bece..b114042 100644 --- a/tests/Makefile.am +++ b/tests/Makefile.am @@ -3,7 +3,8 @@ include $(top_srcdir)/Makefile.am.common AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1 AM_CPPFLAGS += -I $(top_srcdir)/ssl -AM_CPPFLAGS += -I $(top_srcdir)/apps +AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl +AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl/compat LDADD = $(PLATFORM_LDADD) $(PROG_LDADD) LDADD += $(top_builddir)/ssl/libssl.la diff --git a/tests/testdsa.sh b/tests/testdsa.sh index 22de755..ed681e7 100755 --- a/tests/testdsa.sh +++ b/tests/testdsa.sh @@ -4,9 +4,9 @@ #Test DSA certificate generation of openssl -cmd=../apps/openssl -if [ -e ../apps/openssl.exe ]; then - cmd=../apps/openssl.exe +cmd=../apps/openssl/openssl +if [ -e ../apps/openssl/openssl.exe ]; then + cmd=../apps/openssl/openssl.exe fi if [ -z $srcdir ]; then diff --git a/tests/testenc.sh b/tests/testenc.sh index 9973c1c..4e488ad 100755 --- a/tests/testenc.sh +++ b/tests/testenc.sh @@ -2,9 +2,9 @@ # $OpenBSD: testenc.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $ test=p -cmd=../apps/openssl -if [ -e ../apps/openssl.exe ]; then - cmd=../apps/openssl.exe +cmd=../apps/openssl/openssl +if [ -e ../apps/openssl/openssl.exe ]; then + cmd=../apps/openssl/openssl.exe fi cat openssl.cnf >$test; diff --git a/tests/testrsa.sh b/tests/testrsa.sh index b72e760..c2c7c4c 100755 --- a/tests/testrsa.sh +++ b/tests/testrsa.sh @@ -4,9 +4,9 @@ #Test RSA certificate generation of openssl -cmd=../apps/openssl -if [ -e ../apps/openssl.exe ]; then - cmd=../apps/openssl.exe +cmd=../apps/openssl/openssl +if [ -e ../apps/openssl/openssl.exe ]; then + cmd=../apps/openssl/openssl.exe fi if [ -z $srcdir ]; then diff --git a/tls/Makefile.am b/tls/Makefile.am index 82ec211..ed3f3c3 100644 --- a/tls/Makefile.am +++ b/tls/Makefile.am @@ -12,6 +12,7 @@ libtls_la_SOURCES = tls.c libtls_la_SOURCES += tls_client.c libtls_la_SOURCES += tls_config.c libtls_la_SOURCES += tls_server.c +libtls_la_SOURCES += tls_peer.c libtls_la_SOURCES += tls_util.c libtls_la_SOURCES += tls_verify.c noinst_HEADERS = tls_internal.h diff --git a/update.sh b/update.sh index e4d74fb..842ecd2 100755 --- a/update.sh +++ b/update.sh @@ -26,7 +26,7 @@ libssl_src=$CWD/openbsd/src/lib/libssl libssl_regress=$CWD/openbsd/src/regress/lib/libssl libtls_src=$CWD/openbsd/src/lib/libtls libtls_regress=$CWD/openbsd/src/regress/lib/libtls -openssl_app_src=$CWD/openbsd/src/usr.bin/openssl +app_src=$CWD/openbsd/src/usr.bin # load library versions . $libcrypto_src/crypto/shlib_version @@ -210,15 +210,25 @@ $CP m4/check*.m4 \ sed -e "s/compat\///" crypto/Makefile.am.arc4random > \ libtls-standalone/compat/Makefile.am.arc4random +# copy nc(1) source +echo "copying nc(1) source" +rm -f apps/nc/*.c apps/nc/*.h +for i in `awk '/SOURCES|HEADERS|MANS/ { print $3 }' apps/nc/Makefile.am` ; do + if [ -e $app_src/nc/$i ]; then + $CP $app_src/nc/$i apps/nc + fi +done + # copy openssl(1) source echo "copying openssl(1) source" -$CP $libc_src/stdlib/strtonum.c apps -$CP $libcrypto_src/cert.pem apps -$CP $libcrypto_src/openssl.cnf apps -$CP $libcrypto_src/x509v3.cnf apps -for i in `awk '/SOURCES|HEADERS/ { print $3 }' apps/Makefile.am` ; do - if [ -e $openssl_app_src/$i ]; then - $CP $openssl_app_src/$i apps +rm -f apps/openssl/*.c apps/openssl/*.h +$CP $libc_src/stdlib/strtonum.c apps/openssl/compat +$CP $libcrypto_src/cert.pem apps/openssl +$CP $libcrypto_src/openssl.cnf apps/openssl +$CP $libcrypto_src/x509v3.cnf apps/openssl +for i in `awk '/SOURCES|HEADERS|MANS/ { print $3 }' apps/openssl/Makefile.am` ; do + if [ -e $app_src/openssl/$i ]; then + $CP $app_src/openssl/$i apps/openssl fi done @@ -298,9 +308,6 @@ echo "copying manpages" echo EXTRA_DIST = CMakeLists.txt > man/Makefile.am echo dist_man_MANS = >> man/Makefile.am -$CP $openssl_app_src/openssl.1 man -echo "dist_man_MANS += openssl.1" >> man/Makefile.am - $CP $libtls_src/tls_init.3 man echo "dist_man_MANS += tls_init.3" >> man/Makefile.am