factotum/libressl-portable
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: factotum:zig-3.8.0
Branches Tags
factotum:zig-build factotum:zig-3.8.2 factotum:zig-3.8.0 factotum:zig-3.8.1
...
pull from: factotum:zig-build
Branches Tags
factotum:zig-build factotum:zig-3.8.2 factotum:zig-3.8.0 factotum:zig-3.8.1

214 Commits
zig-3.8.0 ... zig-build

Author SHA1 Message Date
torque
0e1bc3a222 build: out-kludge the installed header include kludge 
This is a, erm, beautiful(?) mess. I feel like there probably ought to
be a better way to handle this use case, but the way that the includes
are handled in this specific codebase are extremely weird (how many
times have you actually seen #include_next get used?). It may be worth
making this a more natural path to take, though.
 2024-06-18 20:41:00 -07:00
torque
bb0e7bc98c build: update for zig-0.13.0 release 
Deprecated LazyPath fields were removed. This would have been the
correct non-lazy (irony intended?) way of updating for zig 0.12 as
well, and indeed this build works with zig-0.12.1.
 2024-06-17 23:16:44 -07:00
torque
a2e9a8301d build: update for zig-0.12.0 release 
Minor fixes for the header installation.
 2024-05-12 23:42:59 -07:00
torque
9679f074d2 build: update for zig-0.12.0-dev.2208+4debd4338 
Incorporate various build API changes. Hopefully there won't be any
other major API changes before the 0.12.0 release.
 2024-01-15 15:38:06 -08:00
torque
c673c25fc9 readme: update 2024-01-15 15:38:06 -08:00
torque
7940593eb8 build: remove unused code 2024-01-15 15:30:20 -08:00
torque
e68d5f484b build: handle architecture include more gracefully 
The "openssl/opensslconf.h" header is copied from an
architecture-specific source file, which means that specific path is
not valid within the source tree. I previously hacked around this by
copying the file within the source tree, but that had the major
downside of invalidating various cache layers after the copy was
performed.

Since we install this header with the right name, a slightly better
solution, hopefully, is to add the header install path as an include
directory. In theory, this will not invalidate any caching and improve
the build process slightly.
 2024-01-15 15:28:44 -08:00
torque
e2db88c634 build.zig: update for 3.8.2 
I had a big thing written here about how including opensslconf.h broke
but then I found out I had accidentally committed an arch-specific
opensslconf in the source tree somehow in the other branches. Whoops.
Anyway, the build system copies this around now so it should work even
better (???).
 2023-11-06 23:58:01 -08:00
torque
c06f268a16 build.zig: fix copy-paste error in header search logic 
This didn't cause problems because the only file excluded this way has
its full name provided, so it matches either way.
 2023-11-06 22:36:24 -08:00
torque
9f96f4f711 build.zig: update for v3.8.1 2023-11-06 22:36:24 -08:00
torque
e85e51738d add build.zig 2023-11-06 22:36:24 -08:00
torque
bbf2737c2b move upstream readme 2023-11-06 22:36:24 -08:00
Brent Cook
2553853c96 changelog revisions 2023-11-02 04:41:13 -05:00
Brent Cook
79fe4adf48 Revert "Link x509_algor test to build" 
This reverts commit 04fa997f54.
 2023-11-01 21:33:40 -05:00
Brent Cook
f075fe34bf update 3.8.2 changelog 2023-11-01 21:17:55 -05:00
Brent Cook
2652fb2f1e Land #924, Allow disabling warning about WINCRYPT overrides 2023-11-01 20:51:11 -05:00
Brent Cook
ef83583d88 Land #923, enable system arc4random on FreeBSD 12+ 2023-11-01 20:50:51 -05:00
Brent Cook
1a5be425a9 Land #922, build fixes for various platforms 2023-11-01 20:50:15 -05:00
Brent Cook
18f5064a9d Land #913, CMake build fixes 2023-11-01 20:49:49 -05:00
Pierre Wendling
f06374e731 MSVC: Enable building ocspcheck. 
- Add `STDIN_FILENO` to compat unistd header.
- Use quotes to include compat getopt header in the compat unistd.
- Export additional symbols needed by ocspcheck (optarg, optind,
  ftruncate)
 2023-11-01 20:49:34 -05:00
Brent Cook
60f4156d76 Land #909, Fix processor detection with Cmake 2023-11-01 20:48:51 -05:00
Theo Buehler
eed367e19c Allow disabling warning about WINCRYPT overrides 
Fixes #919
 2023-11-01 13:21:25 +01:00
Brent Cook
124e0192c8 enable system arc4random on FreeBSD 12+ 2023-11-01 06:43:41 -05:00
Brent Cook
548b3d0485 restrict patches to windows / macos platforms 2023-10-31 09:25:23 -05:00
Brent Cook
9bca15bad5 reenable assembly for MSVC 2023-10-30 22:57:33 -05:00
Brent Cook
dd1d96f643 fix cross-compilation on Windows 11 Arm64 
signal.h is less populated in this environment, remove stub signal
handlers
 2023-10-30 22:57:33 -05:00
Brent Cook
98a5122bc6 portable asm generator patches for portable 
This reverses changes from the 3.8.x upstream that are causing issues on
a few different platforms, including macOS x64, Windows, and older
Linux/FreeBSD.
 2023-10-30 22:55:29 -05:00
Brent Cook
1fd73818df adjust how sizeof time_t is set, the current way causes issues with MSVC 2022's preprocessor 2023-10-29 16:52:28 -05:00
Brent Cook
ce79c96489 Land #913, CMake build fixes 2023-10-29 12:34:01 -05:00
Pierre Wendling
c4bb6b79ea MSVC: Enable building ocspcheck. 
- Add `STDIN_FILENO` to compat unistd header.
- Use quotes to include compat getopt header in the compat unistd.
- Export additional symbols needed by ocspcheck (optarg, optind,
  ftruncate)
 2023-10-29 12:28:44 -05:00
Brent Cook
8048941622 Land #909, Fix processor detection with Cmake 2023-10-29 12:01:49 -05:00
Brent Cook
321fa56d9a disable MSVC x64 asm 2023-10-29 11:20:18 -05:00
Brent Cook
01e3b10f50 remove conflicting align directives for MASM 2023-10-29 11:18:52 -05:00
Brent Cook
fca20b23d6 remove unneeded switch for MSVC, cleanup comment alignment 2023-10-29 11:17:00 -05:00
Theo Buehler
fe731f3db0 Update ChangeLog 2023-10-19 06:01:07 -06:00
Brent Cook
5319ff3b17 create OpenBSD 7.4 branch 2023-10-18 04:08:21 -05:00
Theo Buehler
04fa997f54 Link x509_algor test to build 2023-10-11 09:56:40 -06:00
Theo Buehler
b112e37275 Update ChangeLog 2023-10-03 10:46:50 -06:00
Theo Buehler
8e4af3b18b Update ChangeLog 2023-10-02 06:39:11 -06:00
Brent Cook
1defa3baa5 package getopt compat files 2023-10-01 21:11:11 -05:00
Theo Buehler
c923880fb9 Update ChangeLog 2023-10-01 17:24:14 -06:00
Theo Buehler
e56ec2ae95 Update man links 2023-09-29 10:57:53 -06:00
Theo Buehler
70db97f5a6 ChangeLog 2023-09-29 10:23:51 -06:00
Theo Buehler
f3c946b03f Update man links 2023-09-28 07:52:48 -06:00
Theo Buehler
dbf729b46e Update changelog 2023-09-28 07:50:19 -06:00
Theo Buehler
9e5971d828 Update ChangeLog 2023-09-24 14:26:34 -06:00
Theo Buehler
ef5867b4e6 Update man links 2023-09-18 13:03:12 -06:00
Marc Aldorasi
c90e80d21e Properly check components 2023-09-12 15:08:44 -04:00
Marc Aldorasi
4663543082 Consistently use CMAKE_CURRENT_BINARY_DIR 2023-09-12 15:07:51 -04:00
Theo Buehler
ccaec87950 update man links 2023-09-10 13:30:20 -06:00
Theo Buehler
34f45b6cd7 Update man links 2023-09-07 11:51:21 -06:00
Jiajie Chen
70688874f8 Fix processor detection in CMakeLists.txt 2023-09-04 09:34:44 +08:00
Theo Buehler
a6bd25d3bd Rebase rust-openssl patch 2023-09-02 04:02:03 -06:00
Theo Buehler
8fa9337f65 Prepare 3.8.2 ChangeLog 2023-08-31 10:13:29 -06:00
Theo Buehler
fbb21ed921 End all ChangeLog entries with a period 2023-08-30 04:34:15 -06:00
Theo Buehler
8c6d8ec351 Update man links 2023-08-29 19:46:21 -06:00
Brent Cook
0784b3ade7 remove unneeded release change for tests 2023-08-29 00:28:53 -05:00
Brent Cook
f4059e4775 enable asserts regardless of build type 2023-08-29 00:28:53 -05:00
Brent Cook
e5f1938cc6 Fix build flags for tests 
The default C flags for all build types other than 'Debug' sets -DNDEBUG
which disables assert(), and breaks tests. This switches tests to use
'Debug' instead, reenabling asserts.
 2023-08-29 00:28:53 -05:00
Theo Buehler
4c1f595d98 Update man links 2023-08-27 10:13:42 -06:00
Theo Buehler
27478182e6 Update man links 2023-08-26 03:07:41 -06:00
Theo Buehler
d95ec322ae Update man links 2023-08-25 02:50:57 -06:00
Pierre Wendling
86a6826fef Move LibreSSL/ to LIBRESSL_INSTALL_CMAKEDIR. 
This allows users to install the CMake configs without forcing a
`LibreSSL` directory after `LIBRESSL_INSTALL_CMAKEDIR`.
 2023-08-19 12:16:16 -04:00
Pierre Wendling
3139173568 CI: Test consuming the exported CMake configs. 2023-08-19 12:16:15 -04:00
Pierre Wendling
a89cd65980 CMake: Export and install library targets. 
The configs can be consumed by setting LibreSSL_DIR to the build
directory, or after installation using CMAKE_PREFIX_PATH/LibreSSL_DIR.

For compatibility, the EXPORT_NAME of targets and the LIBRESSL_*
variables are set to match the names used in FindLibreSSL.
 2023-08-19 12:16:15 -04:00
Pierre Wendling
5432e22b25 CMake: Copy public headers to the build directory. 2023-08-19 12:16:15 -04:00
Theo Buehler
31458956a9 Land #902 2023-08-18 20:01:07 +02:00
Ilya Shipitsin
30188c46f5 CI: fedora rawhide follow up 2023-08-18 19:00:45 +02:00
Brent Cook
c62972a3f4 compat changes 2023-08-18 04:49:19 -05:00
Theo Buehler
cd0387be7a Land #901 2023-08-17 23:25:27 +02:00
Ilya Shipitsin
30e43e7ab5 CI: add scheduled Fedora Rawhide builds 
Fedora Rawhide is shipped with the most recent gcc/clang, it is nice
to test build on them from time to time
 2023-08-17 23:11:26 +02:00
Theo Buehler
06e6faf6f2 Land #900 2023-08-17 22:39:40 +02:00
Ilya Shipitsin
afcdc1aefe CI: Solaris: display tests/test-suite.log in case of failure 2023-08-17 22:33:40 +02:00
Theo Buehler
d4add02c7f Land #899 2023-08-17 21:39:34 +02:00
Theo Buehler
ebc38481f0 Simplify and fix solaris endian.h macros 
Fixes #898
 2023-08-17 21:15:41 +02:00
Brent Cook
29159e34e3 add htole32/le32toh for Solaris 2023-08-16 05:20:48 -05:00
Theo Buehler
3c49cfb344 Add htole32 and le32toh for macos and windows 
Windows assumes little endian for now...
 2023-08-16 00:03:48 +02:00
Theo Buehler
caa119b418 Update man links 2023-08-15 15:22:46 -06:00
Theo Buehler
bc03c7c898 Regen netcat patch 2023-08-15 15:22:42 -06:00
Theo Buehler
585a4c8c61 Update ChangeLog 2023-08-14 02:56:54 -06:00
Brent Cook
ca8ea65259 Land #894, fix to enable ASM support in MinGW builds 2023-08-13 23:23:23 -05:00
Brent Cook
7e59829f18 version is breaking things 2023-08-13 23:03:38 -05:00
Brent Cook
125c54cdd7 set default build type to 'Release' 2023-08-13 21:01:49 -05:00
Theo Buehler
2d7042d9e4 Land #897 2023-08-12 22:44:10 +02:00
Ilya Shipitsin
93da767676 CI: fix coverity task 2023-08-12 22:38:27 +02:00
Theo Buehler
761c90d45b Update ChangeLog 2023-08-11 17:18:24 -06:00
Theo Buehler
3b0e389fc3 Update ChangeLog 2023-08-11 17:03:11 -06:00
Theo Buehler
752eb8a4e9 Update man links 2023-08-11 17:01:46 -06:00
Viktor Szakats
e0fd031f30 cmake: fix to not force-disable ASM for MinGW builds 2023-08-10 23:01:37 +00:00
Viktor Szakats
5c63ba9761 cmake: fix to use MINGW variable to detect MinGW 2023-08-10 23:01:37 +00:00
Theo Buehler
6650dcecc6 rmdconst.h was removed 2023-08-10 05:09:06 -06:00
Joshua Sing
cfe98db7ad Land #896 2023-08-10 18:10:05 +10:00
Theo Buehler
61025c5a5e Remove bn_blind.c, rsa_crpt.c; add rsa_blinding.c 2023-08-09 05:45:10 -06:00
Ilya Shipitsin
30c240160d CI: get rid of travis-ci coverity wrapper 2023-08-08 08:11:40 +02:00
Theo Buehler
500c57ae6d Update ChangeLog 2023-08-07 06:17:07 -06:00
Theo Buehler
f543d27f22 Rebase rust-openssl patch 2023-08-06 08:32:06 -06:00
Theo Buehler
89aca6d003 Update x509.h patch 2023-08-03 13:39:56 -06:00
Theo Buehler
dd37b95775 Retire the bn_rand_interval test 2023-08-03 13:00:06 -06:00
Theo Buehler
aab9622a3f Fix typo in README.md 2023-07-31 03:05:39 -06:00
Theo Buehler
d7cc3e9695 Update man links 2023-07-28 06:16:14 -06:00
Theo Buehler
5b5f96b0fb Regen patches 2023-07-28 06:16:14 -06:00
Theo Buehler
85a0a1ae3f Adjust for file removal and renaming 2023-07-28 06:06:26 -06:00
Theo Buehler
a7bf3b95a5 Update ChangeLog 2023-07-28 06:01:19 -06:00
Theo Buehler
75f90d9557 Update ChangeLog 2023-07-26 09:00:47 -06:00
Brent Cook
e2a869ae55 add solaris badge 2023-07-23 17:08:18 -05:00
Brent Cook
6472f2881f switch solaris to a daily test 2023-07-23 17:06:55 -05:00
Theo Buehler
479e85d1fb Update man links 2023-07-22 13:26:13 -06:00
Theo Buehler
cbde559cc3 Update ChangeLog 2023-07-22 13:26:13 -06:00
Theo Buehler
89de230099 obj_xref.h was removed 2023-07-22 13:26:13 -06:00
Theo Buehler
e51077f12c Update ChangeLog 2023-07-21 05:06:01 -06:00
Theo Buehler
41a9d8fd04 Update man links 2023-07-21 04:10:36 -06:00
Theo Buehler
3afb61ff80 Link engine_stubs.c to build 2023-07-21 03:41:12 -06:00
Theo Buehler
ed94460b6a Update ChangeLog 2023-07-19 14:06:33 -06:00
Theo Buehler
d499ec2b77 update gitignore 2023-07-16 01:58:35 -06:00
Theo Buehler
5d6a7305fc link ecc_cdh test 2023-07-16 01:56:50 -06:00
Theo Buehler
8450ca8c07 Reenable clienttest and servertest 2023-07-11 13:42:59 -06:00
Theo Buehler
d36f70674f Rebase modes_local.h patch over KNF rampage 2023-07-08 14:20:25 -06:00
Theo Buehler
4aa2efb54d Add hidden srtp.h and tls1.h 2023-07-08 10:41:10 -06:00
Theo Buehler
fbe39d0157 Add hidden dh.h 2023-07-08 09:28:08 -06:00
Theo Buehler
2c8e1eb716 Add hidden curve25519.h 2023-07-08 09:15:02 -06:00
Theo Buehler
0761bd33f2 Add hidden modes.h 2023-07-08 08:54:23 -06:00
Theo Buehler
5696d1ac30 Add hidden cmac.h, dsa.h, gost.h 2023-07-08 08:24:54 -06:00
Theo Buehler
bedbbe39ce sort hidden headers 2023-07-08 08:23:38 -06:00
Theo Buehler
a6c28611a7 Add hidden objects.h, rsa.h, sha.h 2023-07-08 06:20:34 -06:00
Theo Buehler
22e7b97c8a Add hidden bn.h 2023-07-08 05:40:49 -06:00
Theo Buehler
4a3af592b2 Add hidden txt_cb.h 2023-07-08 05:27:37 -06:00
Theo Buehler
11cdcdd595 Add hidden cast.h idea.h md4.h md5.h ocsp.h 2023-07-08 04:52:03 -06:00
Theo Buehler
bf99e422ce Add hidden crypto.h 2023-07-08 04:43:47 -06:00
Theo Buehler
977bd49c5b Add hidden buffer.h, cms.h, comp.h, conf_api.h 2023-07-08 04:42:45 -06:00
Theo Buehler
fb2b33289c Add hidden ct.h and dso.h 2023-07-08 04:36:30 -06:00
Theo Buehler
bad876da8c Remove sm3_local.h 2023-07-08 04:36:30 -06:00
Theo Buehler
a471f2e054 Add hidden ecdh.h, sm3.h 2023-07-08 04:36:30 -06:00
Theo Buehler
eae1263233 Remove hidden sm3.h and evp.h again 2023-07-08 04:36:30 -06:00
Brent Cook
64c55e2708 upstreamed ocsp_test 2023-07-07 14:55:15 -05:00
Brent Cook
00fc21e8a7 Remove hard-coded optimization level in CMake builds 
Fixes #683. These are not compiler-agnostic, and can interfere with user
overrides as well. The defaults in Cmake are reasonable.
 2023-07-07 18:38:57 +03:00
Brent Cook
56b283e27f remove Windows lld workaround 2023-07-07 18:19:10 +03:00
Theo Buehler
f555467a6f Add hidden ec.h, ecdh.h, err.h, evp.h hkdf.h 2023-07-07 08:39:25 -06:00
Theo Buehler
e2714304ed Add hidden rc2.h, pem.h, lhash.h 2023-07-07 08:37:43 -06:00
Theo Buehler
45b1b1db94 Add hidden poly1305.h rand.h sm3.h sm4.h 2023-07-07 08:37:43 -06:00
Brent Cook
8de5d47868 tweak Windows README 2023-07-07 15:25:50 +03:00
Brent Cook
081cee6207 fixes #681, allow override of library POSTFIX for nested builds 2023-07-07 15:02:16 +03:00
Brent Cook
de9c24a025 rename regress to rust regress 2023-07-07 04:34:46 -05:00
Brent Cook
51368394eb Land #886, add compat getopt implementation 2023-07-07 04:32:20 -05:00
Brent Cook
2354879274 Land #883, improve socket / file descriptor checks on Windows 2023-07-07 04:31:00 -05:00
Brent Cook
4070587a02 Land #884, add Solaris test workflow 2023-07-07 04:28:25 -05:00
Brent Cook
adca8a2f0a Land #885, change the trigger for running fuzzer tests 2023-07-07 04:22:35 -05:00
Brent Cook
6000f4de8f remove aeadtest patch upstreamed 2023-07-07 04:21:56 -05:00
Brent Cook
7463f87cf1 add compat getopt implementation, remove patches 
This adds a getopt implementation for compatibility where it is not
available, removing a couple of regress patches.

Note, this is a slightly modified copy from OpenBSD libc that doesn't
expose getopt_long, which has dependency conflicts with Windows system
headers and isn't needed anyway.
 2023-07-07 12:11:20 +03:00
Theo Buehler
e06ce19f95 hook bn_print to build 2023-07-07 02:37:45 -06:00
Theo Buehler
990fd347ee Add hidden ts.h 2023-07-07 02:37:42 -06:00
Brent Cook
e1d6f78296 change the trigger for running fuzzer tests 
Since fuzzers benefit more from being run regularly on the openbsd tree,
and they take a long time, does it make more sense that the trigger is a
cron like the Coverity job? They sometimes don't work in branches anyway,
since the fuzz builds rely on external code being updated to match
the master branch.
 2023-07-07 08:34:16 +03:00
Brent Cook
f331e071bb initial solaris test workflow 
This adds a builder for Solaris 11.4 based on https://github.com/vmactions/solaris-vm
 2023-07-06 23:47:57 +03:00
Brent Cook
c9b18cb296 fix get/setsockopt reversed logic 2023-07-06 22:05:06 +03:00
Brent Cook
f75c00226c remove unneeded extern since we're not trying to hack this into mingw-w64 2023-07-06 20:53:12 +03:00
Brent Cook
afcd4be8a7 change socket / file descriptor checks on windows 
based on discussion in https://github.com/libressl/portable/issues/266
and https://bugs.python.org/issue23524 adjust the compat layer for
Windows to use _get_osfhandle in combination with
_set_thread_local_invalid_parameter_handler if applicable to more
reliably determine if a handle is a socket, file, or closed socket.

This prevents assertions when calling tls_close on an already-closed
socket.
 2023-07-06 20:32:34 +03:00
Brent Cook
4aa7642130 update endian compatibility shim 
Prefer function-like macros where possible, some style tweaks, and add
Solaris support.
 2023-07-06 11:07:42 +03:00
Brent Cook
09418fe29e make update.sh compatible with Solaris 11 tail behavior 2023-07-06 11:07:42 +03:00
Brent Cook
691814aaac see #353, do not support Solaris 10 2023-07-06 11:07:42 +03:00
Theo Buehler
546a622bcd Add hidden asn1.h, asn1t.h, bio.h to build 2023-07-05 15:38:50 -06:00
Theo Buehler
a47e39014e Remove patches merged into upstream 2023-07-05 15:38:45 -06:00
Theo Buehler
b2b1923600 Add hidden/openssl/chacha.h 2023-07-05 13:46:42 -06:00
Theo Buehler
ed4831099a Remove patch that was merged upstream 2023-07-05 13:25:58 -06:00
Theo Buehler
9a00e9e1ce Remove patch that was merged into upstream 2023-07-05 11:32:18 -06:00
Theo Buehler
186134f7c5 Some ECDH and ECDSA files were (re)moved 2023-07-05 07:08:24 -06:00
Brent Cook
0c3849a055 Land #880, move function attribute shims 2023-07-05 08:00:57 -05:00
Brent Cook
3a757272d0 move attribute shims 
There's not a great place for these, but since they are internal, we can
just move them to the most common header.
 2023-07-05 07:08:32 -05:00
Brent Cook
642ead359b only link libtls statically to libssl/libcrypto when building standalone 2023-07-05 14:27:23 +03:00
Brent Cook
74be614b0c add Windows builder test actions 2023-07-05 11:29:13 +03:00
Brent Cook
3601512b61 update testssl.bat for TLS 1.0 removal 2023-07-05 11:28:18 +03:00
Brent Cook
d238b6d3a1 label individual macos build arches 2023-07-05 00:28:56 +03:00
Brent Cook
77ce9713e4 Land #874, reenable ssltest 2023-07-04 06:52:41 -05:00
Brent Cook
15d076b475 add ventura and arm64 test targets, remove big sur 
This reworks the macOS github actions to target Apple silicon for tests.
To simplify the test matrix, removing big sur and adding ventura.
Also some cleanups to the test script. We really don't need the 'x'
workaround for non-POSIX shells, and it got confusing writing "xx86_64".
 2023-07-04 13:09:31 +03:00
Brent Cook
2203c13d25 make cross compilation possible on macOS with CMake 
Sync CMAKE_SYSTEM_PROCESSOR to CMAKE_OSX_ARCHITECTURES. This doesn't
support universal binaries, but does allow cross-compiling for a single
architecture by setting -DCMAKE_OSX_ARCHITECTURES=(arm64|x86_64)
 2023-07-04 12:36:57 +03:00
Brent Cook
71ce0b8c3e generate opensslconf.h in build dir for cmake 2023-07-04 10:37:24 +03:00
Brent Cook
23718ad134 reenable ssltest 
failure was unrelated to tls 1.0/1.1 changes
 2023-07-04 01:52:46 -05:00
Brent Cook
b16ad4dbd4 disable client / server tests for now 
These were broken with the removal of TLS 1.0/1.1 support due to
static checks in packet structure.
 2023-07-04 03:29:19 +03:00
Brent Cook
2722f95501 Land #843, add signertest to build 2023-07-03 11:19:38 -05:00
Brent Cook
7d0b106805 Land #872, implement endbr64 workaround on macOS in preprocessor 2023-07-03 11:05:09 -05:00
Brent Cook
7179a01c45 flip logic around 2023-07-03 19:00:12 +03:00
Brent Cook
b328be457a third try's a charm 2023-07-03 18:40:00 +03:00
Brent Cook
cdb7ad4753 define endbr64 as nop 2023-07-03 16:50:10 +03:00
Theo Buehler
33b2c49c9b link signertest to build 2023-07-03 16:45:02 +03:00
Brent Cook
11dfc90f83 move endbr64 removal to preprocessor 2023-07-03 16:34:38 +03:00
Bob Beck
4ccf125f88 legacy disabling 2023-07-02 11:29:34 -06:00
Theo Buehler
2493c4737b Update ChangeLog 2023-07-02 11:21:27 -06:00
Theo Buehler
559f40996a Update ChangeLog 2023-06-28 14:27:10 -06:00
Theo Buehler
3bfd835ae3 Update ChangeLog 2023-06-26 03:31:01 -06:00
Theo Buehler
7204769b60 ech_local.h was removed 2023-06-25 14:06:59 -06:00
Theo Buehler
1276956834 Update ChangeLog 2023-06-25 07:57:17 -06:00
Theo Buehler
c6fcebf9e3 Update ChangeLog 2023-06-24 14:31:19 -06:00
Theo Buehler
2a9096debe Add bn_convert test to build 2023-06-24 04:51:01 -06:00
Theo Buehler
3e7f4d0aba Regen patches 2023-06-24 04:47:27 -06:00
Theo Buehler
bc2f9954b5 Update ChangeLog 2023-06-21 02:39:32 -06:00
Theo Buehler
ee0a1048b8 Link bn_primitives.c to the build 2023-06-21 02:31:32 -06:00
Theo Buehler
d5204e5fe6 Update ChangeLog 2023-06-18 08:10:53 -06:00
Theo Buehler
8c792f98f1 Update ChangeLog 2023-06-17 13:09:58 -06:00
Theo Buehler
4e2abbea66 Update ChangeLog 2023-06-15 13:30:23 -06:00
Theo Buehler
d7096cc3e1 Tweak ChangeLog 2023-06-12 13:37:35 -06:00
Theo Buehler
0aa471fe68 ChangeLog: small wording tweak 2023-06-11 13:16:01 -06:00
Theo Buehler
ba4fc35fb9 Update ChangeLog 2023-06-11 00:12:12 -06:00
Theo Buehler
afeeb17fb9 Remove cms_cd.c 2023-06-11 00:09:55 -06:00
Theo Buehler
0d7ffa5260 Update ChangeLog 2023-06-09 07:23:10 -06:00
Theo Buehler
309455efe7 Update ChangeLog 2023-06-06 11:17:16 -06:00
Theo Buehler
d5547e52cc Link BN_mod_inverse test to build 2023-06-03 15:53:31 -06:00
Theo Buehler
6b935ac1c0 Update ChangeLog 2023-06-03 15:49:08 -06:00
Theo Buehler
341e0bf1c3 Update ChangeLog 2023-06-01 09:43:42 -06:00
Theo Buehler
4f93524b64 Update patch for rust-openssl version check 2023-05-27 23:49:56 -06:00
Theo Buehler
3e78c18646 Update man links 2023-05-27 08:03:15 -06:00
Theo Buehler
7e69c3a6af Update ChangeLog 2023-05-27 07:52:27 -06:00
Brent Cook
01217160b5 Land #808, internally link dependencies statically 2023-05-27 08:05:34 -05:00
Brent Cook
f261e8c46e unexport internal compat symbols from libcrypto 2023-02-28 08:41:51 -06:00
Brent Cook
47aeda0fb2 make it simpler to test on a non-Linux system 2023-02-28 08:41:51 -06:00
Brent Cook
cfbdf67f59 link internal apps statically 2023-02-28 06:56:49 -06:00
Brent Cook
b38f5a8904 fix dangling whitespace when building object list 
breaks latest macOS linker to have a directory in the object list
 2023-02-28 06:56:49 -06:00
70 changed files with 4857 additions and 1133 deletions
Expand all files Collapse all files

12
.github/rust-openssl.patch vendored
View File

@@ -1,13 +1,13 @@
diff --git a/openssl-sys/build/main.rs b/openssl-sys/build/main.rs
index ba149c17..5274dc44 100644
index 82013b6c..2974abed 100644
--- a/openssl-sys/build/main.rs
+++ b/openssl-sys/build/main.rs
@@ -285,7 +285,7 @@ See rust-openssl documentation for more information:
(3, 7, 0) => ('3', '7', '0'),
@@ -273,7 +273,7 @@ See rust-openssl documentation for more information:
(3, 7, 1) => ('3', '7', '1'),
(3, 7, _) => ('3', '7', 'x'),
- _ => version_error(),
+ _ => ('3', '7', 'x'),
(3, 8, 0) => ('3', '8', '0'),
- (3, 8, 1) => ('3', '8', '1'),
+ (3, 8, _) => ('3', '8', 'x'),
_ => version_error(),
};
println!("cargo:libressl=true");

7
.github/workflows/cifuzz.yml vendored
View File

@@ -1,5 +1,10 @@
name: CIFuzz
on: [pull_request]
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
jobs:
Fuzzing:
runs-on: ubuntu-latest

85
.github/workflows/cmake_config.yml vendored Normal file
View File

@@ -0,0 +1,85 @@
name: cmake_config
on: [push, pull_request]
jobs:
cmake-check:
defaults:
run:
shell: bash
strategy:
matrix:
os: [windows-latest, macos-latest, ubuntu-latest]
runs-on: ${{ matrix.os }}
continue-on-error: false
name: ${{ matrix.os }}
steps:
- name: Setup Windows dependencies
if: runner.os == 'Windows'
uses: msys2/setup-msys2@v2
with:
update: true
install: >-
autoconf
automake
diffutils
libtool
gcc
git
patch
perl
- name: Setup macOS dependencies
if: runner.os == 'macOS'
run: brew install automake
- uses: actions/checkout@main
- name: Prepare source tree for build (Windows)
if: runner.os == 'Windows'
run: ./autogen.sh
shell: msys2 {0}
- name: Prepare source tree for build (Unix)
if: runner.os != 'Windows'
run: ./autogen.sh
- name: Configure
run: |
cmake -S . \
-B build \
-D CMAKE_BUILD_TYPE=Release \
-D CMAKE_INSTALL_PREFIX=$GITHUB_WORKSPACE/../local
- name: Build
run: cmake --build build --config Release --verbose
- name: Install
run: cmake --install build --config Release
- name: Consume from the build directory - Configure
run: |
cmake -S tests/cmake \
-B consumer-build \
-D CMAKE_BUILD_TYPE=Release \
-D LibreSSL_DIR=$GITHUB_WORKSPACE/build
- name: Consume from the build directory - Build
run: cmake --build consumer-build --config Release --verbose
- name: Consume from the install directory (CMAKE_PREFIX_PATH) - Configure
run: |
cmake -S tests/cmake \
-B consumer-install-prefix \
-D CMAKE_BUILD_TYPE=Release \
-D CMAKE_PREFIX_PATH=$GITHUB_WORKSPACE/../local
- name: Consume from the install directory (CMAKE_PREFIX_PATH) - Build
run: cmake --build consumer-install-prefix --config Release --verbose
- name: Consume from the install directory (LibreSSL_DIR) - Configure
run: |
cmake -S tests/cmake \
-B consumer-install-dir \
-D CMAKE_BUILD_TYPE=Release \
-D LibreSSL_DIR=$GITHUB_WORKSPACE/../local/lib/cmake/LibreSSL
- name: Consume from the install directory (LibreSSL_DIR) - Build
run: cmake --build consumer-install-dir --config Release --verbose

40
.github/workflows/coverity.yml vendored
View File

@@ -9,20 +9,40 @@ jobs:
scan:
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'libressl' }}
env:
COVERITY_SCAN_PROJECT_NAME: 'libressl-portable/portable'
COVERITY_SCAN_BRANCH_PATTERN: '*'
COVERITY_SCAN_NOTIFICATION_EMAIL: 'libressl-security@openbsd.org'
COVERITY_SCAN_BUILD_COMMAND_PREPEND: "./autogen.sh && ./configure && make dist && tar zxf libressl-*.tar.gz && rm libressl-*.tar.gz && cd libressl-* && mkdir build-static && mkdir build-shared && cmake -GNinja -DBUILD_SHARED_LIBS=ON .."
COVERITY_SCAN_BUILD_COMMAND: "ninja"
steps:
- uses: actions/checkout@main
- name: Install apt dependencies
run: |
sudo apt-get update
sudo apt-get install -y cmake ninja-build
- name: Run Coverity Scan
env:
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
- name: Download Coverity build tool
run: |
curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true
wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=libressl-portable%2Fportable" -O coverity_tool.tar.gz
mkdir coverity_tool
tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
- name: Configure
run: |
./autogen.sh
./configure
make dist
tar zxf libressl-*.tar.gz
rm libressl-*.tar.gz
cd libressl-*
mkdir build-static
mkdir build-shared
cmake -GNinja -DBUILD_SHARED_LIBS=ON ..
- name: Build with Coverity build tool
run: |
export PATH=`pwd`/coverity_tool/bin:$PATH
cd libressl-*
cov-build --dir cov-int ninja
- name: Submit build result to Coverity Scan
run: |
cd libressl-*
tar czvf cov.tar.gz cov-int
curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
--form email=libressl-security@openbsd.org \
--form file=@cov.tar.gz \
--form version="Commit $GITHUB_SHA" \
--form description="Build submitted via CI" \
https://scan.coverity.com/builds?project=libressl-portable%2Fportable

34
.github/workflows/fedora-rawhide.yml vendored Normal file
View File

@@ -0,0 +1,34 @@
name: Fedora/Rawhide
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
permissions:
contents: read
jobs:
build_and_test:
strategy:
matrix:
cc: [ gcc, clang ]
name: ${{ matrix.cc }}
runs-on: ubuntu-latest
container:
image: fedora:rawhide
steps:
- uses: actions/checkout@v3
- name: Install dependencies
run: |
dnf -y install git make clang cmake ninja-build autoconf automake libtool diffutils patch
- name: Pull upstream source
run: |
./update.sh
- name: Build
run: |
CC=${{ matrix.cc }} cmake -GNinja -DBUILD_SHARED_LIBS=ON .
ninja
- name: Test
run: |
ninja test

9
.github/workflows/macos_test.yml vendored
View File

@@ -6,14 +6,13 @@ jobs:
build-native:
strategy:
matrix:
os: [macos-12, macos-11]
compiler: [clang, gcc]
os: [macos-13, macos-12]
arch: [arm64, x86_64]
runs-on: ${{ matrix.os }}
continue-on-error: false
env:
CC: ${{ matrix.compiler }}
ARCH: native
name: ${{ matrix.compiler }} - ${{ matrix.os }}
ARCH: ${{ matrix.arch }}
name: ${{ matrix.os }} - ${{ matrix.arch }}
steps:
- name: Install packages for macos
run: brew install automake

2
.github/workflows/regress.yml → .github/workflows/rust_regress.yml vendored
View File

@@ -1,4 +1,4 @@
name: regress testing
name: rust regress tests
on:
schedule:

30
.github/workflows/solaris_test.yml vendored Normal file
View File

@@ -0,0 +1,30 @@
name: solaris_ci
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
jobs:
build-native:
strategy:
matrix:
release: [11.4]
runs-on: macos-12
continue-on-error: false
name: Solaris ${{ matrix.release }}
steps:
- name: Checkout source
uses: actions/checkout@main
- name: Configure source
run: |
brew install automake autoconf libtool
./autogen.sh
- name: Build on VM
uses: vmactions/solaris-vm@v0
with:
prepare: |
pkg install gcc make
run: |
MAKE=gmake ./configure
gmake -j2 check || (cat tests/test-suite.log && exit 1)

45
.github/workflows/windows_test.yml vendored Normal file
View File

@@ -0,0 +1,45 @@
name: windows_ci
on: [push, pull_request]
jobs:
build-native:
strategy:
matrix:
os: [windows-2019, windows-2022]
arch: [Win32, x64, ARM64]
include:
- generator: "Visual Studio 16 2019"
os: windows-2019
- generator: "Visual Studio 17 2022"
os: windows-2022
runs-on: ${{ matrix.os }}
continue-on-error: false
name: ${{ matrix.os }} - ${{ matrix.arch }}
steps:
- uses: msys2/setup-msys2@v2
with:
update: true
install: >-
autoconf
automake
diffutils
libtool
gcc
git
patch
perl
- uses: actions/checkout@main
- shell: msys2 {0}
run: ./autogen.sh
- shell: cmd
run: cmake -Bbuild -G "${{ matrix.generator }}" -A ${{ matrix.arch }} -DCMAKE_INSTALL_PREFIX=../local
- shell: cmd
run: cmake --build build --config Release
- shell: cmd
if: ${{ matrix.arch != 'ARM64' }}
run: ctest --test-dir build -C Release --output-on-failure
- uses: actions/upload-artifact@v3
with:
name: windows-build-results-${{ matrix.os }}-${{ matrix.arch }}
path: build

4
.gitignore vendored
View File

@@ -82,14 +82,17 @@ tests/bio_mem*
tests/bnaddsub*
tests/bn_add_sub*
tests/bn_cmp*
tests/bn_convert*
tests/bn_gcd*
tests/bn_isqrt*
tests/bn_mod_exp*
tests/bn_mod_exp_zero*
tests/bn_mod_exp2_mont*
tests/bn_mod_inverse*
tests/bn_mod_sqrt*
tests/bn_mont*
tests/bn_primes*
tests/bn_print*
tests/bn_rand_interval*
tests/bn_shift*
tests/bn_to_string*
@@ -101,6 +104,7 @@ tests/constraints*
tests/ctlog.conf
tests/*.crt
tests/ec_point_conversion*
tests/ecc_cdh*
tests/evp_pkey_check*
tests/evp_pkey_cleanup*
tests/explicit_bzero*

91
CMakeLists.txt
View File

@@ -1,8 +1,6 @@
cmake_minimum_required (VERSION 3.16.4)
if(MSVC)
cmake_minimum_required (VERSION 3.16.4)
cmake_policy(SET CMP0091 NEW)
else()
cmake_minimum_required (VERSION 3.0)
endif()
project (LibreSSL C ASM)
@@ -41,6 +39,7 @@ option(ENABLE_ASM "Enable assembly" ON)
option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)
set(LIBRESSL_INSTALL_CMAKEDIR "${CMAKE_INSTALL_LIBDIR}/cmake/LibreSSL" CACHE STRING "Installation directory for the CMake targets")
option(USE_STATIC_MSVC_RUNTIMES "Use /MT instead of /MD in MSVC" OFF)
if(USE_STATIC_MSVC_RUNTIMES)
@@ -51,6 +50,20 @@ if(NOT LIBRESSL_SKIP_INSTALL)
set( ENABLE_LIBRESSL_INSTALL ON )
endif(NOT LIBRESSL_SKIP_INSTALL)
# Set a default build type if none was specified
set(default_build_type "Release")
if(NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CONFIGURATION_TYPES)
message(STATUS "Setting build type to '${default_build_type}' as none was specified.")
set(CMAKE_BUILD_TYPE "${default_build_type}" CACHE
STRING "Choose the type of build." FORCE)
# Set the possible values of build type for cmake-gui
set_property(CACHE CMAKE_BUILD_TYPE PROPERTY
STRINGS "Debug" "Release" "MinSizeRel" "RelWithDebInfo")
endif()
# Enable asserts regardless of build type
add_definitions(-UNDEBUG)
set(BUILD_NC true)
@@ -79,7 +92,7 @@ if(WIN32 OR (CMAKE_SYSTEM_NAME MATCHES "MINGW"))
add_definitions(-D__USE_MINGW_ANSI_STDIO)
endif()
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -O2 -Wall")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall")
if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
if(CMAKE_C_COMPILER MATCHES "gcc")
@@ -121,7 +134,7 @@ if(WIN32)
if(NOT CMAKE_SYSTEM_NAME MATCHES "WindowsStore")
add_definitions(-D_WIN32_WINNT=0x0600)
endif()
set(PLATFORM_LIBS ${PLATFORM_LIBS} ws2_32 bcrypt)
set(PLATFORM_LIBS ${PLATFORM_LIBS} ws2_32 ntdll bcrypt)
endif()
if(MSVC)
@@ -176,6 +189,11 @@ if(HAVE_ASPRINTF)
add_definitions(-DHAVE_ASPRINTF)
endif()
check_function_exists(getopt HAVE_GETOPT)
if(HAVE_GETOPT)
add_definitions(-DHAVE_GETOPT)
endif()
check_function_exists(reallocarray HAVE_REALLOCARRAY)
if(HAVE_REALLOCARRAY)
add_definitions(-DHAVE_REALLOCARRAY)
@@ -306,28 +324,37 @@ if(HAVE_NETINET_IP_H)
add_definitions(-DHAVE_NETINET_IP_H)
endif()
if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(aarch64|arm64)")
# This isn't ready for universal binaries yet, since we do conditional
# compilation based on the architecture, but this makes cross compiling for a
# single architecture work on macOS at least.
#
# Don't set CMAKE_OSX_ARCHITECTURES to more than a single value for now.
if(APPLE AND (NOT CMAKE_OSX_ARCHITECTURES STREQUAL ""))
set(CMAKE_SYSTEM_PROCESSOR "${CMAKE_OSX_ARCHITECTURES}")
endif()
if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(aarch64|arm64|ARM64)")
set(HOST_AARCH64 true)
elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "arm")
set(HOST_ARM true)
elseif("${CMAKE_SYSTEM_NAME}" STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386")
set(HOST_X86_64 true)
elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)")
elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64|AMD64)")
set(HOST_X86_64 true)
elseif("${CMAKE_SYSTEM_NAME}" MATCHES "[i?86|x86]")
elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(i[3-6]86|[xX]86)")
set(ENABLE_ASM false)
set(HOST_I386 true)
elseif("${CMAKE_SYSTEM_NAME}" MATCHES "mips64")
elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "mips64")
set(HOST_MIPS64 true)
elseif("${CMAKE_SYSTEM_NAME}" MATCHES "mips")
elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "mips")
set(HOST_MIPS true)
elseif("${CMAKE_SYSTEM_NAME}" MATCHES "powerpc")
elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "powerpc")
set(HOST_POWERPC true)
elseif("${CMAKE_SYSTEM_NAME}" MATCHES "ppc64")
elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "ppc64")
set(HOST_PPC64 true)
elseif("${CMAKE_SYSTEM_NAME}" MATCHES "riscv64")
elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "riscv64")
set(HOST_RISCV64 true)
elseif("${CMAKE_SYSTEM_NAME}" MATCHES "sparc64")
elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "sparc64")
set(HOST_SPARC64 true)
else()
set(ENABLE_ASM false)
@@ -348,7 +375,7 @@ if(ENABLE_ASM)
elseif(MSVC AND ("${CMAKE_GENERATOR}" MATCHES "Win64" OR "${CMAKE_GENERATOR_PLATFORM}" STREQUAL "x64"))
set(HOST_ASM_MASM_X86_64 true)
ENABLE_LANGUAGE(ASM_MASM)
elseif(CMAKE_SYSTEM_NAME MATCHES "MINGW" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
elseif(MINGW AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
set(HOST_ASM_MINGW64_X86_64 true)
endif()
endif()
@@ -374,7 +401,6 @@ if(SIZEOF_TIME_T STREQUAL "4")
message(WARNING " ** Warning, this system is unable to represent times past 2038\n"
" ** It will behave incorrectly when handling valid RFC5280 dates")
endif()
add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T})
set(OPENSSL_LIBS ssl crypto ${PLATFORM_LIBS})
set(LIBTLS_LIBS tls ${PLATFORM_LIBS})
@@ -416,6 +442,38 @@ if (BUILD_APPLE_XCFRAMEWORK)
endif(ENABLE_LIBRESSL_INSTALL)
endif(BUILD_APPLE_XCFRAMEWORK)
file(STRINGS "VERSION" VERSION LIMIT_COUNT 1)
include(CMakePackageConfigHelpers)
write_basic_package_version_file(
"LibreSSLConfigVersion.cmake"
VERSION "${VERSION}"
COMPATIBILITY SameMajorVersion
)
set(INCLUDE_DIRECTORY "${CMAKE_BINARY_DIR}/include")
configure_package_config_file(
"${CMAKE_CURRENT_LIST_DIR}/LibreSSLConfig.cmake.in"
"${CMAKE_CURRENT_BINARY_DIR}/LibreSSLConfig.cmake"
PATH_VARS INCLUDE_DIRECTORY
INSTALL_DESTINATION "${CMAKE_CURRENT_BINARY_DIR}"
INSTALL_PREFIX "${CMAKE_CURRENT_BINARY_DIR}"
)
if(ENABLE_LIBRESSL_INSTALL)
set(INCLUDE_DIRECTORY "${CMAKE_INSTALL_INCLUDEDIR}")
configure_package_config_file(
"${CMAKE_CURRENT_LIST_DIR}/LibreSSLConfig.cmake.in"
"${CMAKE_CURRENT_BINARY_DIR}/install-config/LibreSSLConfig.cmake"
PATH_VARS INCLUDE_DIRECTORY
INSTALL_DESTINATION "${LIBRESSL_INSTALL_CMAKEDIR}"
)
install(FILES
"${CMAKE_CURRENT_BINARY_DIR}/install-config/LibreSSLConfig.cmake"
"${CMAKE_CURRENT_BINARY_DIR}/LibreSSLConfigVersion.cmake"
DESTINATION "${LIBRESSL_INSTALL_CMAKEDIR}"
)
endif()
if(ENABLE_LIBRESSL_INSTALL)
if(NOT MSVC)
# Create pkgconfig files.
@@ -426,7 +484,6 @@ if(ENABLE_LIBRESSL_INSTALL)
if(PLATFORM_LIBS)
string(REGEX REPLACE ";" " -l" PLATFORM_LDADD ";${PLATFORM_LIBS}")
endif()
file(STRINGS "VERSION" VERSION LIMIT_COUNT 1)
file(GLOB OPENSSL_PKGCONFIGS "*.pc.in")
foreach(file ${OPENSSL_PKGCONFIGS})
get_filename_component(filename ${file} NAME)

155
ChangeLog
View File

@@ -28,11 +28,144 @@ history is also available from Git.
LibreSSL Portable Release Notes:
3.9.0 - In development
* Portable changes
* Internal improvements
* Documentation improvements
* Testing and proactive security
* Bug fixes
- Fixed aliasing issues in BN_mod_exp_simple() and BN_mod_exp_recp()
3.8.2 - Stable release
* Portable changes
- Fixed processor detection for CMake targets.
Thanks to @jiegec from github.
- Enabled building oscpcheck with MSVC.
Thanks to @FtZPetruska from github.
- Improve CMake package detection and installation.
Thanks to @mark-groundctl from github.
- Fixed assembly optimizations on x64 Windows targets.
- Allow disabling warnings about WINCRYPT overrides.
- Use system arc4random on FreeBSD 12 and newer.
* Documentation improvements
- Documented the RFC 3779 API.
* Compatibility changes
- Restrict the RFC 3779 code to IPv4 and IPv6. It was not written
to be able to deal with anything else.
- Fixed EVP_CIPHER_CTX_iv_length() to return what was set with
EVP_CTRL_AEAD_SET_IVLEN or one of its aliases.
* Bug fixes
- Fixed EVP_PKEY_get{0,1}_RSA for RSA-PSS.
- Plug a potential memory leak in ASN1_TIME_normalize().
- Avoid memory leak in EVP_CipherInit().
- Redirect EVP_PKEY_get1_* through their get0 siblings.
- Fixed a use of uninitialized in i2r_IPAddrBlocks().
- Rewrote CMS_SignerInfo_{sign,verify}().
- Further cleanup and refactoring in the EC code.
- Allow IP addresses to be specified in a URI.
- Fixed a copy-paste error in ASN1_TIME_compare() that could lead
to two UTCTimes or two GeneralizedTimes incorrectly being compared
as equal.
3.8.1 - Development release
* Portable changes
- Applications bundled as part of the LibreSSL package internally,
nc(1) and openssl(1), now are linked statically if static libraries
are built.
- Internal compatibility function symbols are no longer exported from
libcrypto. Instead, the libcompat library is linked to libcrypto,
libssl, and libtls separately. This increases size a little, but
ensures that the libraries are not exporting symbols to programs
unintentionally.
- Selective removal of CET implementation on platforms where it is
not supported (macOS).
- Integrated four more tests.
- Added Windows ARM64 architecture to tested platforms.
- Removed Solaris 10 support, fixed Solaris 11.
- libtls no longer links statically to libcrypto / libssl unless
'--enable-libtls-only' is specified at configure time.
- Improved Windows compatibility library, namely handling of files vs
sockets, correcting an exception when operating on a closed socket.
- CMake builds no longer hardcode '-O2' into the compiler flags, instead
using flags from the CMake build type instead.
- Set the CMake default build type to 'Release'. This can be overridden
during configuration.
- Fixed broken ASM support with MinGW builds.
* Internal improvements
- Fixed alignment handling in SHA-512.
- Moved the verified_chain to the correct internal struct.
- Improved checks for commonName in libtls.
- Fixed error check for X509_get_ext_d2i() failure in libtls.
- Improved BIGNUM internals and performance.
- Significantly improved Montgomery multiplication performance.
- Initial cleanup passes for SHA-256 internals.
- Converted more libcrypto internals API using CBB and CBS.
- Removed code guarded by #ifdef ZLIB.
- Changed ASN1_item_sign_ctx() and ASN1_item_verify() to work with
Ed25519 and fixed a few bugs in there.
- Fixed various issues with EVP_PKEY_CTX_{new,dup}().
- Improved X.509 certificate version checks.
- Cleaned up handling of elliptic curve cofactors.
- Made BN_num_bits() independent of bn->top.
- Rewrote and simplified bn_sqr().
- Removed EC_GROUP precomp machinery.
- Ensure no X.509v3 extensions appear more than once in certificates.
- Cleaned up various ECDH, ECDSA and EC internals.
- Replaced ASN1_bn_print with a cleaner internal implementation.
- Simplified ASN1_item_sign_ctx().
- Rewrote OBJ_find_sigid_algs() and OBJ_find_sigid_by_algs().
- Various improvements in the 'simple' EC code.
- Fix OPENSSL_cpuid_setup() invocations on arm/aarch64.
- Reduced the dependency of hash implementations on many layers of
macros. This results in significant speedups since modern compilers
are now less confused.
- Significantly simplified the BN_BLINDING internals used in RSA.
* New features
* Compatibility changes
- X509_NAME_get_text_by_{NID,OBJ}() now only succeed if they contain
valid UTF-8 without embedded NUL.
- Moved libtls from ECDSA_METHOD to EC_KEY_METHOD.
- Removed support for ECDH_METHOD and ECDSA_METHOD.
- BN_is_prime{,_fasttest}_ex() refuse to check numbers larger than
32 kbits for primality. This mitigates various DoS vectors.
- Comp was removed.
- Dynamic loading of conf modules is no longer supported.
- DSO was removed and OPENSSL_NO_DSO is defined.
- ENGINE support was removed and OPENSSL_NO_ENGINE is set. In spite
of this, some stub functions are provided to avoid patching some
applications that do not honor OPENSSL_NO_ENGINE.
- It is no longer possible to make the library use your own error
stack or ex_data implementation.
* Bug fixes
- Fixed aliasing issue in BN_mod_inverse().
- Made CRYPTO_get_ex_new_index() not return 0 to allow applications
to use *_{get,set}_app_data() and *_{get,set}_ex_data() alongside
each other.
- Made EVP_PKEY_set1_hkdf_key() fail on a NULL key.
- Plugged leaks in BIO_chain_dup().
- Fixed numerous leaks and other minor bugs in RSA, DH, DSA and EC
ASN.1 methods. Unified the coding style.
- On socket errors in the poll loop, netcat could issue system calls
on invalidated file descriptors.
* Documentation improvements
- Made it very explicit that the verify callback should not be used.
- Called out that the CRL lastUpdate is standardized as thisUpdate.
* Testing and Proactive Security
- As always, new test coverage is added as bugs are fixed and subsystems
are cleaned up.
* Security fixes
- Disabled TLSv1.0 and TLSv1.1 in libssl so that they may no longer
be selected for use.
3.8.0 - Development release
* Portable changes
- Extended the endian.h compat header with hto* and *toh macros.
- Adapted more tests to the portable framework.
- Internal tools are now statically linked.
* Internal improvements
- Improved sieve of Eratosthenes script used for generating a table
of small primes.
@@ -95,6 +228,14 @@ LibreSSL Portable Release Notes:
- As always, new test coverage is added as bugs are fixed and subsystems
are cleaned up.
3.7.3 - Bug and reliability fixes
* Bug fix
- Hostflags in the verify parameters would not propagate from an
SSL_CTX to newly created SSL.
* Reliability fix
- A double free or use after free could occur after SSL_clear(3).
3.7.2 - Stable release
* Portable changes
@@ -209,6 +350,20 @@ LibreSSL Portable Release Notes:
support for EVP_PKEY_ED25519, EVP_PKEY_HMAC and EVP_PKEY_X25519.
Poly1305 is not currently supported via this interface.
3.6.3 - Bug and reliability fixes
* Bug fix
- Hostflags in the verify parameters would not propagate from an
SSL_CTX to newly created SSL.
* Reliability fix
- A double free or use after free could occur after SSL_clear(3).
3.6.2 - Security release
* Security fix
- A malicious certificate revocation list or timestamp response token
would allow an attacker to read arbitrary memory.
3.6.1 - Stable release
* Bug fixes

36
LibreSSLConfig.cmake.in Normal file
View File

@@ -0,0 +1,36 @@
@PACKAGE_INIT@
set(LIBRESSL_VERSION @VERSION@)
set_and_check(LIBRESSL_INCLUDE_DIR @PACKAGE_INCLUDE_DIRECTORY@)
if(EXISTS "${CMAKE_CURRENT_LIST_DIR}/LibreSSL-Crypto.cmake")
include("${CMAKE_CURRENT_LIST_DIR}/LibreSSL-Crypto.cmake")
set(LIBRESSL_CRYPTO_LIBRARY LibreSSL::Crypto)
set(LibreSSL_Crypto_FOUND TRUE)
endif()
if(EXISTS "${CMAKE_CURRENT_LIST_DIR}/LibreSSL-SSL.cmake")
include("${CMAKE_CURRENT_LIST_DIR}/LibreSSL-SSL.cmake")
set(LIBRESSL_SSL_LIBRARY LibreSSL::SSL)
set(LibreSSL_SSL_FOUND TRUE)
endif()
if(EXISTS "${CMAKE_CURRENT_LIST_DIR}/LibreSSL-TLS.cmake")
include("${CMAKE_CURRENT_LIST_DIR}/LibreSSL-TLS.cmake")
set(LIBRESSL_TLS_LIBRARY LibreSSL::TLS)
set(LibreSSL_TLS_FOUND TRUE)
endif()
set(LIBRESSL_LIBRARIES
${LIBRESSL_CRYPTO_LIBRARY}
${LIBRESSL_SSL_LIBRARY}
${LIBRESSL_TLS_LIBRARY}
)
check_required_components(LibreSSL)
if(DEFINED LibreSSL_FOUND)
set(LIBRESSL_FOUND ${LibreSSL_FOUND})
else()
set(LIBRESSL_FOUND TRUE)
endif()

2
Makefile.am
View File

@@ -11,7 +11,7 @@ pkgconfig_DATA += libcrypto.pc libssl.pc openssl.pc
endif
EXTRA_DIST = README.md README.windows VERSION config scripts
EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in FindLibreSSL.cmake
EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in FindLibreSSL.cmake LibreSSLConfig.cmake.in
EXTRA_DIST += cert.pem openssl.cnf x509v3.cnf
.PHONY: install_sw

2
OPENBSD_BRANCH
View File

@@ -1 +1 @@
master
OPENBSD_7_4

212
README.md
View File

@@ -1,212 +1,16 @@
![LibreSSL image](https://www.libressl.org/images/libressl.jpg)
## Official portable version of [LibreSSL](https://www.libressl.org) ##
### LibreSSL with a Zig build system
[![Linux Build Status](https://github.com/libressl/portable/actions/workflows/linux_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/linux_test.yml)
[![macOS Build Status](https://github.com/libressl/portable/actions/workflows/macos_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/macos_test.yml)
[![Android_Build Status](https://github.com/libressl/portable/actions/workflows/android_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/android_test.yml)
[![Cross_Build Status](https://github.com/libressl/portable/actions/workflows/cross_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/cross_test.yml)
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/libressl.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libressl)
[![ASan Status](https://github.com/libressl/portable/actions/workflows/linux_test_asan.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/linux_test_asan.yml)
This is a somewhat hacky port of the LibreSSL build system to Zig. It builds LibreSSL exclusively as static libraries. It does not (currently) build the LibreSSL command-line executables, like `openssl`.
LibreSSL is a fork of [OpenSSL](https://www.openssl.org) 1.0.1g developed by the
[OpenBSD](https://www.openbsd.org) project. Our goal is to modernize the codebase,
improve security, and apply best practice development processes from OpenBSD.
Notes:
## Compatibility with OpenSSL: ##
1. In order for this to work, `.\update.sh` must have first been run to bring in the LibreSSL OpenBSD sources. (Or, if you trust me, you may use the `zig-3.8.2` branch which has the upstream sources committed to the repository, for ease of use with the Zig package manager).
LibreSSL provides much of the OpenSSL 1.1 API. The OpenSSL 3 API is not currently
supported. Incompatibilities between the projects exist and are unavoidable since
both evolve with different goals and priorities. Important incompatibilities will
be addressed if possible and as long as they are not too detrimental to LibreSSL's
goals of simplicity, security and sanity. We do not add new features, ciphers and
API without a solid reason and require that new code be clean and of high quality.
2. I don't know if this causes LibreSSL to be compiled in a way that Compromises Its Cryptographic Integrity. Hopefully it is not even possible to do such a thing in the first place. But I am not an expert, and I ain't looking to port the tests.
LibreSSL is not ABI compatible with any release of OpenSSL, or necessarily
earlier releases of LibreSSL. You will need to relink your programs to
LibreSSL in order to use it, just as in moving between major versions of OpenSSL.
LibreSSL's installed library version numbers are incremented to account for
ABI and API changes.
3. This does not (currently) compile the assembly routines, only the C versions, which may cause reduced performance on some platforms.
## Compatibility with other operating systems: ##
4. Only the "big 3" platforms are supported (namely: macOS, Linux, and Windows). Native and cross-compilation appears to work on modern versions of all three, but this has not been exhaustively tested.
While primarily developed on and taking advantage of APIs available on OpenBSD,
the LibreSSL portable project attempts to provide working alternatives for
other operating systems, and assists with improving OS-native implementations
where possible.
5. Why LibreSSL? It has a CMake-based build system rather than the insane hand-rolled perl mess that OpenSSL does, so it was very straightforward to follow the build process for the purposes of porting it. In theory, its OpenSSL compatibility layer makes it possible to use with a variety of other programs that want to link OpenSSL.
At the time of this writing, LibreSSL is known to build and work on:
* Linux (kernel 3.17 or later recommended)
* FreeBSD (tested with 9.2 and later)
* NetBSD (7.0 or later recommended)
* HP-UX (11i)
* Solaris (11 and later preferred)
* Mac OS X (tested with 10.8 and later)
* AIX (5.3 and later)
LibreSSL also supports the following Windows environments:
* Microsoft Windows (Windows 7 / Windows Server 2008r2 or later, x86 and x64)
* Wine (32-bit and 64-bit)
* Mingw-w64, Cygwin, and Visual Studio
Official release tarballs are available at your friendly neighborhood
OpenBSD mirror in directory
[LibreSSL](https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/),
although we suggest that you use a [mirror](https://www.openbsd.org/ftp.html).
The LibreSSL portable build framework is also
[mirrored](https://github.com/libressl/portable) on GitHub.
Please report bugs either to the public libressl@openbsd.org mailing list,
or to the GitHub
[issue tracker](https://github.com/libressl/portable/issues)
Severe vulnerabilities or bugs requiring coordination with OpenSSL can be
sent to the core team at libressl-security@openbsd.org.
# Building LibreSSL #
## Prerequisites when building from a Git checkout ##
If you have checked this source using Git, or have downloaded a source tarball
from Github, follow these initial steps to prepare the source tree for
building. _Note: Your build will fail if you do not follow these instructions! If you cannot follow these instructions (e.g. Windows system using CMake) or cannot meet these prerequistes, please download an official release distribution from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ instead. Using official releases is strongly advised if you are not a developer._
1. Ensure you have the following packages installed:
automake, autoconf, git, libtool, perl
2. Run `./autogen.sh` to prepare the source tree for building or
run `./dist.sh` to prepare a tarball.
## Steps that apply to all builds ##
Once you have a source tree, either by downloaded using git and having
run the `autogen.sh` script above, or by downloading a release distribution from
an OpenBSD mirror, run these commands to build and install the package on most
systems:
```sh
./configure # see ./configure --help for configuration options
make check # runs builtin unit tests
make install # set DESTDIR= to install to an alternate location
```
If you wish to use the CMake build system, use these commands:
```sh
mkdir build
cd build
cmake ..
make
make test
```
For faster builds, you can use Ninja as well:
```sh
mkdir build-ninja
cd build-ninja
cmake -G"Ninja" ..
ninja
ninja test
```
### OS specific build information: ###
#### HP-UX (11i) ####
Set the UNIX_STD environment variable to `2003` before running `configure`
in order to build with the HP C/aC++ compiler. See the "standards(5)" man
page for more details.
```sh
export UNIX_STD=2003
./configure
make
```
#### Windows - Mingw-w64 ####
LibreSSL builds against relatively recent versions of Mingw-w64, not to be
confused with the original mingw.org project. Mingw-w64 3.2 or later
should work. See README.windows for more information
#### Windows - Visual Studio ####
LibreSSL builds using the CMake target "Visual Studio 12 2013" and newer. To
generate a Visual Studio project, install CMake, enter the LibreSSL source
directory and run:
```sh
mkdir build-vs2013
cd build-vs2013
cmake -G"Visual Studio 12 2013" ..
```
Replace "Visual Studio 12 2013" with whatever version of Visual Studio you
have installed. This will generate a LibreSSL.sln file that you can incorporate
into other projects or build by itself.
#### Cmake - Additional Options ####
| Option Name | Default | Description
| ------------ | -----: | ------
| LIBRESSL_SKIP_INSTALL | OFF | allows skipping install() rules. Can be specified from command line using <br>```-DLIBRESSL_SKIP_INSTALL=ON``` |
| LIBRESSL_APPS | ON | allows skipping application builds. Apps are required to run tests |
| LIBRESSL_TESTS | ON | allows skipping of tests. Tests are only available in static builds |
| BUILD_SHARED_LIBS | OFF | CMake option for building shared libraries. |
| ENABLE_ASM | ON | builds assembly optimized rules. |
| ENABLE_EXTRATESTS | OFF | Enable extra tests that may be unreliable on some platforms |
| ENABLE_NC | OFF | Enable installing TLS-enabled nc(1) |
| OPENSSLDIR | Blank | Set the default openssl directory. Can be specified from command line using <br>```-DOPENSSLDIR=<dirname>``` |
# Using LibreSSL #
## CMake ##
Make a new folder in your project root (where your main CMakeLists.txt file is located) called CMake. Copy the FindLibreSSL.cmake file to that folder, and add the following line to your main CMakeLists.txt:
```cmake
set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}")
```
After your **add_executable** or **add_library** line in your CMakeLists.txt file add the following:
```cmake
find_package(LibreSSL REQUIRED)
```
It will tell CMake to find LibreSSL and if found will let you use the following 3 interfaces in your CMakeLists.txt file:
* LibreSSL::Crypto
* LibreSSL::SSL
* LibreSSL::TLS
If you for example want to use the LibreSSL TLS library in your test program, include it like so (SSL and Cryto are required by TLS and included automatically too):
```cmake
target_link_libraries(test LibreSSL::TLS)
```
Full example:
```cmake
cmake_minimum_required(VERSION 3.10.0)
set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}")
project(test)
add_executable(test Main.cpp)
find_package(LibreSSL REQUIRED)
target_link_libraries(test LibreSSL::TLS)
```
#### Linux ####
Following the guide in the sections above to compile LibreSSL using make and running "sudo make install" will install LibreSSL to the /usr/local/ folder, and will found automatically by find_package. If your system installs it to another location or you have placed them yourself in a different location, you can set the CMake variable LIBRESSL_ROOT_DIR to the correct path, to help CMake find the library.
#### Windows ####
Placing the library files in C:/Program Files/LibreSSL/lib and the include files in C:/Program Files/LibreSSL/include should let CMake find them automatically, but it is recommended that you use CMake-GUI to set the paths. It is more convenient as you can have the files in any folder you choose.

212
README.upstream.md Normal file
View File

@@ -0,0 +1,212 @@
![LibreSSL image](https://www.libressl.org/images/libressl.jpg)
## Official portable version of [LibreSSL](https://www.libressl.org) ##
[![Linux Build Status](https://github.com/libressl/portable/actions/workflows/linux_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/linux_test.yml)
[![macOS Build Status](https://github.com/libressl/portable/actions/workflows/macos_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/macos_test.yml)
[![Android_Build Status](https://github.com/libressl/portable/actions/workflows/android_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/android_test.yml)
[![Cross_Build Status](https://github.com/libressl/portable/actions/workflows/cross_test.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/cross_test.yml)
[![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/libressl.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:libressl)
[![ASan Status](https://github.com/libressl/portable/actions/workflows/linux_test_asan.yml/badge.svg)](https://github.com/libressl/portable/actions/workflows/linux_test_asan.yml)
LibreSSL is a fork of [OpenSSL](https://www.openssl.org) 1.0.1g developed by the
[OpenBSD](https://www.openbsd.org) project. Our goal is to modernize the codebase,
improve security, and apply best practice development processes from OpenBSD.
## Compatibility with OpenSSL: ##
LibreSSL provides much of the OpenSSL 1.1 API. The OpenSSL 3 API is not currently
supported. Incompatibilities between the projects exist and are unavoidable since
both evolve with different goals and priorities. Important incompatibilities will
be addressed if possible and as long as they are not too detrimental to LibreSSL's
goals of simplicity, security and sanity. We do not add new features, ciphers and
API without a solid reason and require that new code be clean and of high quality.
LibreSSL is not ABI compatible with any release of OpenSSL, or necessarily
earlier releases of LibreSSL. You will need to relink your programs to
LibreSSL in order to use it, just as in moving between major versions of OpenSSL.
LibreSSL's installed library version numbers are incremented to account for
ABI and API changes.
## Compatibility with other operating systems: ##
While primarily developed on and taking advantage of APIs available on OpenBSD,
the LibreSSL portable project attempts to provide working alternatives for
other operating systems, and assists with improving OS-native implementations
where possible.
At the time of this writing, LibreSSL is known to build and work on:
* Linux (kernel 3.17 or later recommended)
* FreeBSD (tested with 9.2 and later)
* NetBSD (7.0 or later recommended)
* HP-UX (11i)
* Solaris (11 and later preferred)
* Mac OS X (tested with 10.8 and later)
* AIX (5.3 and later)
LibreSSL also supports the following Windows environments:
* Microsoft Windows (Windows 7 / Windows Server 2008r2 or later, x86 and x64)
* Wine (32-bit and 64-bit)
* Mingw-w64, Cygwin, and Visual Studio
Official release tarballs are available at your friendly neighborhood
OpenBSD mirror in directory
[LibreSSL](https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/),
although we suggest that you use a [mirror](https://www.openbsd.org/ftp.html).
The LibreSSL portable build framework is also
[mirrored](https://github.com/libressl/portable) on GitHub.
Please report bugs either to the public libressl@openbsd.org mailing list,
or to the GitHub
[issue tracker](https://github.com/libressl/portable/issues)
Severe vulnerabilities or bugs requiring coordination with OpenSSL can be
sent to the core team at libressl-security@openbsd.org.
# Building LibreSSL #
## Prerequisites when building from a Git checkout ##
If you have checked this source using Git, or have downloaded a source tarball
from Github, follow these initial steps to prepare the source tree for
building. _Note: Your build will fail if you do not follow these instructions! If you cannot follow these instructions (e.g. Windows system using CMake) or cannot meet these prerequistes, please download an official release distribution from https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/ instead. Using official releases is strongly advised if you are not a developer._
1. Ensure you have the following packages installed:
automake, autoconf, git, libtool, perl
2. Run `./autogen.sh` to prepare the source tree for building or
run `./dist.sh` to prepare a tarball.
## Steps that apply to all builds ##
Once you have a source tree, either by downloaded using git and having
run the `autogen.sh` script above, or by downloading a release distribution from
an OpenBSD mirror, run these commands to build and install the package on most
systems:
```sh
./configure # see ./configure --help for configuration options
make check # runs builtin unit tests
make install # set DESTDIR= to install to an alternate location
```
If you wish to use the CMake build system, use these commands:
```sh
mkdir build
cd build
cmake ..
make
make test
```
For faster builds, you can use Ninja as well:
```sh
mkdir build-ninja
cd build-ninja
cmake -G"Ninja" ..
ninja
ninja test
```
### OS specific build information: ###
#### HP-UX (11i) ####
Set the UNIX_STD environment variable to `2003` before running `configure`
in order to build with the HP C/aC++ compiler. See the "standards(5)" man
page for more details.
```sh
export UNIX_STD=2003
./configure
make
```
#### Windows - Mingw-w64 ####
LibreSSL builds against relatively recent versions of Mingw-w64, not to be
confused with the original mingw.org project. Mingw-w64 3.2 or later
should work. See README.windows for more information
#### Windows - Visual Studio ####
LibreSSL builds using the CMake target "Visual Studio 12 2013" and newer. To
generate a Visual Studio project, install CMake, enter the LibreSSL source
directory and run:
```sh
mkdir build-vs2013
cd build-vs2013
cmake -G"Visual Studio 12 2013" ..
```
Replace "Visual Studio 12 2013" with whatever version of Visual Studio you
have installed. This will generate a LibreSSL.sln file that you can incorporate
into other projects or build by itself.
#### Cmake - Additional Options ####
| Option Name | Default | Description
| ------------ | -----: | ------
| LIBRESSL_SKIP_INSTALL | OFF | allows skipping install() rules. Can be specified from command line using <br>```-DLIBRESSL_SKIP_INSTALL=ON``` |
| LIBRESSL_APPS | ON | allows skipping application builds. Apps are required to run tests |
| LIBRESSL_TESTS | ON | allows skipping of tests. Tests are only available in static builds |
| BUILD_SHARED_LIBS | OFF | CMake option for building shared libraries. |
| ENABLE_ASM | ON | builds assembly optimized rules. |
| ENABLE_EXTRATESTS | OFF | Enable extra tests that may be unreliable on some platforms |
| ENABLE_NC | OFF | Enable installing TLS-enabled nc(1) |
| OPENSSLDIR | Blank | Set the default openssl directory. Can be specified from command line using <br>```-DOPENSSLDIR=<dirname>``` |
# Using LibreSSL #
## CMake ##
Make a new folder in your project root (where your main CMakeLists.txt file is located) called CMake. Copy the FindLibreSSL.cmake file to that folder, and add the following line to your main CMakeLists.txt:
```cmake
set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}")
```
After your **add_executable** or **add_library** line in your CMakeLists.txt file add the following:
```cmake
find_package(LibreSSL REQUIRED)
```
It will tell CMake to find LibreSSL and if found will let you use the following 3 interfaces in your CMakeLists.txt file:
* LibreSSL::Crypto
* LibreSSL::SSL
* LibreSSL::TLS
If you for example want to use the LibreSSL TLS library in your test program, include it like so (SSL and Cryto are required by TLS and included automatically too):
```cmake
target_link_libraries(test LibreSSL::TLS)
```
Full example:
```cmake
cmake_minimum_required(VERSION 3.10.0)
set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/CMake;${CMAKE_MODULE_PATH}")
project(test)
add_executable(test Main.cpp)
find_package(LibreSSL REQUIRED)
target_link_libraries(test LibreSSL::TLS)
```
#### Linux ####
Following the guide in the sections above to compile LibreSSL using make and running "sudo make install" will install LibreSSL to the /usr/local/ folder, and will found automatically by find_package. If your system installs it to another location or you have placed them yourself in a different location, you can set the CMake variable LIBRESSL_ROOT_DIR to the correct path, to help CMake find the library.
#### Windows ####
Placing the library files in C:/Program Files/LibreSSL/lib and the include files in C:/Program Files/LibreSSL/include should let CMake find them automatically, but it is recommended that you use CMake-GUI to set the paths. It is more convenient as you can have the files in any folder you choose.

14
README.windows
View File

@@ -55,11 +55,11 @@ cv2pdb to generate Visual Studio and windbg compatible debug files. cv2pdb is a
tool developed for the D language and can be found here:
https://github.com/rainers/cv2pdb
Pre-built Windows binaries are available with LibreSSL releases if you do not
have a mingw-w64 build environment. Mingw-w64 code is largely, but not 100%,
compatible with code built from Visual Studio. Notably, FILE * pointers cannot
be shared between code built for Mingw-w64 and Visual Studio.
The mingw-w64 code is largely, but not 100%, compatible with code built from
Visual Studio. Notably, FILE * pointers cannot be shared between code built for
Mingw-w64 and Visual Studio.
As of LibreSSL 2.2.2, Visual Studio Native builds can be produced using CMake.
This produces ABI-compatible libraries for linking with native code generated
by Visual Studio.
As of LibreSSL 2.2.2, Visual Studio Native builds can also be produced using
CMake. This produces ABI-compatible libraries for linking with native code
generated by Visual Studio. Currently tested versions are VS 2019 and 2022,
though earlier versions may work as well.

10
apps/nc/CMakeLists.txt
View File

@@ -36,8 +36,14 @@ else()
endif()
add_executable(nc ${NC_SRC})
target_include_directories(nc PUBLIC ../../include)
target_include_directories(nc PRIVATE . ./compat ../../include/compat)
target_include_directories(nc
PRIVATE
.
./compat
../../include/compat
PUBLIC
../../include
${CMAKE_BINARY_DIR}/include)
target_link_libraries(nc ${LIBTLS_LIBS})
if(ENABLE_NC)

12
apps/ocspcheck/CMakeLists.txt
View File

@@ -1,5 +1,3 @@
if(NOT MSVC)
set(
OCSPCHECK_SRC
http.c
@@ -20,8 +18,12 @@ else()
endif()
add_executable(ocspcheck ${OCSPCHECK_SRC})
target_include_directories(ocspcheck PUBLIC ../../include)
target_include_directories(ocspcheck PRIVATE . ./compat ../../include/compat)
target_include_directories(ocspcheck
PRIVATE
../../include/compat
PUBLIC
../../include
${CMAKE_BINARY_DIR}/include)
target_link_libraries(ocspcheck tls ${OPENSSL_LIBS})
if(ENABLE_LIBRESSL_INSTALL)
@@ -29,5 +31,3 @@ if(ENABLE_LIBRESSL_INSTALL)
install(FILES ocspcheck.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8)
endif(ENABLE_LIBRESSL_INSTALL)
endif()

9
apps/openssl/CMakeLists.txt
View File

@@ -68,8 +68,13 @@ if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
endif()
add_executable(openssl ${OPENSSL_SRC})
target_include_directories(openssl PUBLIC ../../include)
target_include_directories(openssl PRIVATE . ../../include/compat)
target_include_directories(openssl
PRIVATE
.
../../include/compat
PUBLIC
../../include
${CMAKE_BINARY_DIR}/include)
target_link_libraries(openssl ${OPENSSL_LIBS})
if(ENABLE_LIBRESSL_INSTALL)

1041
build.zig Normal file
View File

File diff suppressed because it is too large Load Diff

110
crypto/CMakeLists.txt
View File

@@ -152,6 +152,7 @@ if(HOST_ASM_MASM_X86_64)
whrlpool/wp-masm-x86_64.S
cpuid-masm-x86_64.S
)
add_definitions(-Dendbr64=)
add_definitions(-DAES_ASM)
add_definitions(-DBSAES_ASM)
add_definitions(-DVPAES_ASM)
@@ -192,6 +193,7 @@ if(HOST_ASM_MINGW64_X86_64)
whrlpool/wp-mingw64-x86_64.S
cpuid-mingw64-x86_64.S
)
add_definitions(-Dendbr64=)
add_definitions(-DAES_ASM)
add_definitions(-DBSAES_ASM)
add_definitions(-DVPAES_ASM)
@@ -256,7 +258,6 @@ set(
aes/aes_ctr.c
aes/aes_ecb.c
aes/aes_ige.c
aes/aes_misc.c
aes/aes_ofb.c
aes/aes_wrap.c
asn1/a_bitstr.c
@@ -293,7 +294,6 @@ set(
asn1/p5_pbev2.c
asn1/p8_pkey.c
asn1/t_crl.c
asn1/t_pkey.c
asn1/t_req.c
asn1/t_spki.c
asn1/t_x509.c
@@ -346,7 +346,6 @@ set(
bio/bss_null.c
bio/bss_sock.c
bn/bn_add.c
bn/bn_blind.c
bn/bn_bpsw.c
bn/bn_const.c
bn/bn_convert.c
@@ -363,6 +362,8 @@ set(
bn/bn_mont.c
bn/bn_mul.c
bn/bn_prime.c
bn/bn_primitives.c
bn/bn_print.c
bn/bn_rand.c
bn/bn_recp.c
bn/bn_shift.c
@@ -370,7 +371,6 @@ set(
bn/bn_sqr.c
bn/bn_word.c
buffer/buf_err.c
buffer/buf_str.c
buffer/buffer.c
bytestring/bs_ber.c
bytestring/bs_cbb.c
@@ -391,7 +391,6 @@ set(
cmac/cmac.c
cms/cms_asn1.c
cms/cms_att.c
cms/cms_cd.c
cms/cms_dd.c
cms/cms_enc.c
cms/cms_env.c
@@ -403,10 +402,6 @@ set(
cms/cms_pwri.c
cms/cms_sd.c
cms/cms_smime.c
comp/c_rle.c
comp/c_zlib.c
comp/comp_err.c
comp/comp_lib.c
conf/conf_api.c
conf/conf_def.c
conf/conf_err.c
@@ -466,11 +461,6 @@ set(
dsa/dsa_ossl.c
dsa/dsa_pmeth.c
dsa/dsa_prn.c
dso/dso_dlfcn.c
dso/dso_err.c
dso/dso_lib.c
dso/dso_null.c
dso/dso_openssl.c
ec/ec_ameth.c
ec/ec_asn1.c
ec/ec_check.c
@@ -489,38 +479,9 @@ set(
ec/ecp_oct.c
ec/ecp_smpl.c
ec/ecx_methods.c
ecdh/ecdh_kdf.c
ecdh/ech_err.c
ecdh/ech_key.c
ecdh/ech_lib.c
ecdsa/ecs_asn1.c
ecdsa/ecs_err.c
ecdsa/ecs_lib.c
ecdsa/ecs_ossl.c
engine/eng_all.c
engine/eng_cnf.c
engine/eng_ctrl.c
engine/eng_dyn.c
engine/eng_err.c
engine/eng_fat.c
engine/eng_init.c
engine/eng_lib.c
engine/eng_list.c
engine/eng_openssl.c
engine/eng_pkey.c
engine/eng_table.c
engine/tb_asnmth.c
engine/tb_cipher.c
engine/tb_dh.c
engine/tb_digest.c
engine/tb_dsa.c
engine/tb_ecdh.c
engine/tb_ecdsa.c
engine/tb_eckey.c
engine/tb_pkmeth.c
engine/tb_rand.c
engine/tb_rsa.c
engine/tb_store.c
ecdh/ecdh.c
ecdsa/ecdsa.c
engine/engine_stubs.c
err/err.c
err/err_all.c
err/err_prn.c
@@ -608,10 +569,8 @@ set(
kdf/kdf_err.c
lhash/lh_stats.c
lhash/lhash.c
md4/md4_dgst.c
md4/md4_one.c
md5/md5_dgst.c
md5/md5_one.c
md4/md4.c
md5/md5.c
modes/cbc128.c
modes/ccm128.c
modes/cfb128.c
@@ -676,12 +635,11 @@ set(
rc2/rc2_skey.c
rc2/rc2cfb64.c
rc2/rc2ofb64.c
ripemd/rmd_dgst.c
ripemd/rmd_one.c
ripemd/ripemd.c
rsa/rsa_ameth.c
rsa/rsa_asn1.c
rsa/rsa_blinding.c
rsa/rsa_chk.c
rsa/rsa_crpt.c
rsa/rsa_eay.c
rsa/rsa_err.c
rsa/rsa_gen.c
@@ -818,6 +776,13 @@ if(NOT HAVE_FREEZERO)
set(EXTRA_EXPORT ${EXTRA_EXPORT} freezero)
endif()
if(NOT HAVE_GETOPT)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getopt_long.c)
set(EXTRA_EXPORT ${EXTRA_EXPORT} getopt)
set(EXTRA_EXPORT ${EXTRA_EXPORT} optarg)
set(EXTRA_EXPORT ${EXTRA_EXPORT} optind)
endif()
if(NOT HAVE_GETPAGESIZE)
set(CRYPTO_SRC ${CRYPTO_SRC} compat/getpagesize.c)
endif()
@@ -942,7 +907,7 @@ else()
(NOT "${CMAKE_GENERATOR_PLATFORM}" STREQUAL "x64"))
add_definitions(-DOPENSSL_NO_ASM)
endif()
elseif(WIN32)
elseif(WIN32 AND NOT MINGW)
add_definitions(-DOPENSSL_NO_ASM)
endif()
endif()
@@ -996,7 +961,8 @@ target_include_directories(crypto_obj
x509
../include/compat
PUBLIC
../include)
../include
${CMAKE_BINARY_DIR}/include)
if(HOST_AARCH64)
target_include_directories(crypto_obj PRIVATE bn/arch/aarch64/)
@@ -1023,13 +989,33 @@ add_library(crypto $<TARGET_OBJECTS:crypto_obj> empty.c)
export_symbol(crypto ${CMAKE_CURRENT_BINARY_DIR}/crypto_p.sym)
target_link_libraries(crypto ${PLATFORM_LIBS})
if (WIN32)
set(CRYPTO_POSTFIX -${CRYPTO_MAJOR_VERSION})
set(CRYPTO_POSTFIX -${CRYPTO_MAJOR_VERSION} PARENT_SCOPE)
endif()
set_target_properties(crypto PROPERTIES
OUTPUT_NAME crypto${CRYPTO_POSTFIX}
ARCHIVE_OUTPUT_NAME crypto${CRYPTO_POSTFIX})
set_target_properties(crypto PROPERTIES VERSION
${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
ARCHIVE_OUTPUT_NAME crypto${CRYPTO_POSTFIX}
EXPORT_NAME Crypto
VERSION ${CRYPTO_VERSION}
SOVERSION ${CRYPTO_MAJOR_VERSION}
)
target_include_directories(
crypto
PUBLIC
$<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/include>
$<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>
)
install(
TARGETS crypto
EXPORT Crypto-target
)
export(
EXPORT Crypto-target
FILE "${LibreSSL_BINARY_DIR}/LibreSSL-Crypto.cmake"
NAMESPACE LibreSSL::
)
if(ENABLE_LIBRESSL_INSTALL)
install(
@@ -1038,6 +1024,12 @@ if(ENABLE_LIBRESSL_INSTALL)
LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
)
install(
EXPORT Crypto-target
FILE "LibreSSL-Crypto.cmake"
NAMESPACE LibreSSL::
DESTINATION "${LIBRESSL_INSTALL_CMAKEDIR}"
)
endif(ENABLE_LIBRESSL_INSTALL)
# build static library for regression test

114
crypto/Makefile.am
View File

@@ -36,6 +36,7 @@ EXTRA_DIST += empty.c
# needed for a CMake target
EXTRA_DIST += compat/strcasecmp.c
EXTRA_DIST += compat/getopt_long.c
BUILT_SOURCES = crypto_portable.sym
CLEANFILES = crypto_portable.sym
@@ -236,7 +237,6 @@ libcrypto_la_SOURCES += aes/aes_cfb.c
libcrypto_la_SOURCES += aes/aes_ctr.c
libcrypto_la_SOURCES += aes/aes_ecb.c
libcrypto_la_SOURCES += aes/aes_ige.c
libcrypto_la_SOURCES += aes/aes_misc.c
libcrypto_la_SOURCES += aes/aes_ofb.c
libcrypto_la_SOURCES += aes/aes_wrap.c
noinst_HEADERS += aes/aes_local.h
@@ -276,7 +276,6 @@ libcrypto_la_SOURCES += asn1/p5_pbe.c
libcrypto_la_SOURCES += asn1/p5_pbev2.c
libcrypto_la_SOURCES += asn1/p8_pkey.c
libcrypto_la_SOURCES += asn1/t_crl.c
libcrypto_la_SOURCES += asn1/t_pkey.c
libcrypto_la_SOURCES += asn1/t_req.c
libcrypto_la_SOURCES += asn1/t_spki.c
libcrypto_la_SOURCES += asn1/t_x509.c
@@ -348,7 +347,6 @@ noinst_HEADERS += bio/bio_local.h
# bn
libcrypto_la_SOURCES += bn/bn_add.c
libcrypto_la_SOURCES += bn/bn_blind.c
libcrypto_la_SOURCES += bn/bn_bpsw.c
libcrypto_la_SOURCES += bn/bn_const.c
libcrypto_la_SOURCES += bn/bn_convert.c
@@ -365,6 +363,8 @@ libcrypto_la_SOURCES += bn/bn_mod_sqrt.c
libcrypto_la_SOURCES += bn/bn_mont.c
libcrypto_la_SOURCES += bn/bn_mul.c
libcrypto_la_SOURCES += bn/bn_prime.c
libcrypto_la_SOURCES += bn/bn_primitives.c
libcrypto_la_SOURCES += bn/bn_print.c
libcrypto_la_SOURCES += bn/bn_rand.c
libcrypto_la_SOURCES += bn/bn_recp.c
libcrypto_la_SOURCES += bn/bn_shift.c
@@ -430,7 +430,6 @@ noinst_HEADERS += bn/arch/amd64/bn_arch.h
# buffer
libcrypto_la_SOURCES += buffer/buf_err.c
libcrypto_la_SOURCES += buffer/buf_str.c
libcrypto_la_SOURCES += buffer/buffer.c
noinst_HEADERS += bytestring/bytestring.h
@@ -469,7 +468,6 @@ libcrypto_la_SOURCES += cmac/cmac.c
# cms
libcrypto_la_SOURCES += cms/cms_asn1.c
libcrypto_la_SOURCES += cms/cms_att.c
libcrypto_la_SOURCES += cms/cms_cd.c
libcrypto_la_SOURCES += cms/cms_dd.c
libcrypto_la_SOURCES += cms/cms_enc.c
libcrypto_la_SOURCES += cms/cms_env.c
@@ -483,13 +481,6 @@ libcrypto_la_SOURCES += cms/cms_sd.c
libcrypto_la_SOURCES += cms/cms_smime.c
noinst_HEADERS += cms/cms_local.h
# comp
libcrypto_la_SOURCES += comp/c_rle.c
libcrypto_la_SOURCES += comp/c_zlib.c
libcrypto_la_SOURCES += comp/comp_err.c
libcrypto_la_SOURCES += comp/comp_lib.c
noinst_HEADERS += comp/comp_local.h
# conf
libcrypto_la_SOURCES += conf/conf_api.c
libcrypto_la_SOURCES += conf/conf_def.c
@@ -570,13 +561,6 @@ libcrypto_la_SOURCES += dsa/dsa_pmeth.c
libcrypto_la_SOURCES += dsa/dsa_prn.c
noinst_HEADERS += dsa/dsa_local.h
# dso
libcrypto_la_SOURCES += dso/dso_dlfcn.c
libcrypto_la_SOURCES += dso/dso_err.c
libcrypto_la_SOURCES += dso/dso_lib.c
libcrypto_la_SOURCES += dso/dso_null.c
libcrypto_la_SOURCES += dso/dso_openssl.c
# ec
libcrypto_la_SOURCES += ec/ec_ameth.c
libcrypto_la_SOURCES += ec/ec_asn1.c
@@ -599,45 +583,14 @@ libcrypto_la_SOURCES += ec/ecx_methods.c
noinst_HEADERS += ec/ec_local.h
# ecdh
libcrypto_la_SOURCES += ecdh/ecdh_kdf.c
libcrypto_la_SOURCES += ecdh/ech_err.c
libcrypto_la_SOURCES += ecdh/ech_key.c
libcrypto_la_SOURCES += ecdh/ech_lib.c
noinst_HEADERS += ecdh/ech_local.h
libcrypto_la_SOURCES += ecdh/ecdh.c
# ecdsa
libcrypto_la_SOURCES += ecdsa/ecs_asn1.c
libcrypto_la_SOURCES += ecdsa/ecs_err.c
libcrypto_la_SOURCES += ecdsa/ecs_lib.c
libcrypto_la_SOURCES += ecdsa/ecs_ossl.c
noinst_HEADERS += ecdsa/ecs_local.h
libcrypto_la_SOURCES += ecdsa/ecdsa.c
noinst_HEADERS += ecdsa/ecdsa_local.h
# engine
libcrypto_la_SOURCES += engine/eng_all.c
libcrypto_la_SOURCES += engine/eng_cnf.c
libcrypto_la_SOURCES += engine/eng_ctrl.c
libcrypto_la_SOURCES += engine/eng_dyn.c
libcrypto_la_SOURCES += engine/eng_err.c
libcrypto_la_SOURCES += engine/eng_fat.c
libcrypto_la_SOURCES += engine/eng_init.c
libcrypto_la_SOURCES += engine/eng_lib.c
libcrypto_la_SOURCES += engine/eng_list.c
libcrypto_la_SOURCES += engine/eng_openssl.c
libcrypto_la_SOURCES += engine/eng_pkey.c
libcrypto_la_SOURCES += engine/eng_table.c
libcrypto_la_SOURCES += engine/tb_asnmth.c
libcrypto_la_SOURCES += engine/tb_cipher.c
libcrypto_la_SOURCES += engine/tb_dh.c
libcrypto_la_SOURCES += engine/tb_digest.c
libcrypto_la_SOURCES += engine/tb_dsa.c
libcrypto_la_SOURCES += engine/tb_ecdh.c
libcrypto_la_SOURCES += engine/tb_ecdsa.c
libcrypto_la_SOURCES += engine/tb_eckey.c
libcrypto_la_SOURCES += engine/tb_pkmeth.c
libcrypto_la_SOURCES += engine/tb_rand.c
libcrypto_la_SOURCES += engine/tb_rsa.c
libcrypto_la_SOURCES += engine/tb_store.c
noinst_HEADERS += engine/eng_int.h
libcrypto_la_SOURCES += engine/engine_stubs.c
# err
libcrypto_la_SOURCES += err/err.c
@@ -724,10 +677,46 @@ noinst_HEADERS += gost/gost_local.h
# hidden
noinst_HEADERS += hidden/crypto_namespace.h
noinst_HEADERS += hidden/openssl/asn1.h
noinst_HEADERS += hidden/openssl/asn1t.h
noinst_HEADERS += hidden/openssl/bio.h
noinst_HEADERS += hidden/openssl/bn.h
noinst_HEADERS += hidden/openssl/buffer.h
noinst_HEADERS += hidden/openssl/cast.h
noinst_HEADERS += hidden/openssl/chacha.h
noinst_HEADERS += hidden/openssl/cmac.h
noinst_HEADERS += hidden/openssl/cms.h
noinst_HEADERS += hidden/openssl/conf_api.h
noinst_HEADERS += hidden/openssl/crypto.h
noinst_HEADERS += hidden/openssl/ct.h
noinst_HEADERS += hidden/openssl/curve25519.h
noinst_HEADERS += hidden/openssl/dh.h
noinst_HEADERS += hidden/openssl/dsa.h
noinst_HEADERS += hidden/openssl/ec.h
noinst_HEADERS += hidden/openssl/err.h
noinst_HEADERS += hidden/openssl/gost.h
noinst_HEADERS += hidden/openssl/hkdf.h
noinst_HEADERS += hidden/openssl/hmac.h
noinst_HEADERS += hidden/openssl/idea.h
noinst_HEADERS += hidden/openssl/lhash.h
noinst_HEADERS += hidden/openssl/md4.h
noinst_HEADERS += hidden/openssl/md5.h
noinst_HEADERS += hidden/openssl/modes.h
noinst_HEADERS += hidden/openssl/objects.h
noinst_HEADERS += hidden/openssl/ocsp.h
noinst_HEADERS += hidden/openssl/pem.h
noinst_HEADERS += hidden/openssl/pkcs12.h
noinst_HEADERS += hidden/openssl/pkcs7.h
noinst_HEADERS += hidden/openssl/poly1305.h
noinst_HEADERS += hidden/openssl/rand.h
noinst_HEADERS += hidden/openssl/rc2.h
noinst_HEADERS += hidden/openssl/rsa.h
noinst_HEADERS += hidden/openssl/sha.h
noinst_HEADERS += hidden/openssl/sm3.h
noinst_HEADERS += hidden/openssl/sm4.h
noinst_HEADERS += hidden/openssl/stack.h
noinst_HEADERS += hidden/openssl/ts.h
noinst_HEADERS += hidden/openssl/txt_db.h
noinst_HEADERS += hidden/openssl/ui.h
noinst_HEADERS += hidden/openssl/x509.h
noinst_HEADERS += hidden/openssl/x509_vfy.h
@@ -759,14 +748,10 @@ libcrypto_la_SOURCES += lhash/lh_stats.c
libcrypto_la_SOURCES += lhash/lhash.c
# md4
libcrypto_la_SOURCES += md4/md4_dgst.c
libcrypto_la_SOURCES += md4/md4_one.c
noinst_HEADERS += md4/md4_local.h
libcrypto_la_SOURCES += md4/md4.c
# md5
libcrypto_la_SOURCES += md5/md5_dgst.c
libcrypto_la_SOURCES += md5/md5_one.c
noinst_HEADERS += md5/md5_local.h
libcrypto_la_SOURCES += md5/md5.c
# modes
libcrypto_la_SOURCES += modes/cbc128.c
@@ -785,7 +770,6 @@ libcrypto_la_SOURCES += objects/obj_err.c
libcrypto_la_SOURCES += objects/obj_lib.c
libcrypto_la_SOURCES += objects/obj_xref.c
noinst_HEADERS += objects/obj_dat.h
noinst_HEADERS += objects/obj_xref.h
# ocsp
libcrypto_la_SOURCES += ocsp/ocsp_asn.c
@@ -861,16 +845,13 @@ noinst_HEADERS += rc2/rc2_local.h
noinst_HEADERS += rc4/rc4_local.h
# ripemd
libcrypto_la_SOURCES += ripemd/rmd_dgst.c
libcrypto_la_SOURCES += ripemd/rmd_one.c
noinst_HEADERS += ripemd/rmd_local.h
noinst_HEADERS += ripemd/rmdconst.h
libcrypto_la_SOURCES += ripemd/ripemd.c
# rsa
libcrypto_la_SOURCES += rsa/rsa_ameth.c
libcrypto_la_SOURCES += rsa/rsa_asn1.c
libcrypto_la_SOURCES += rsa/rsa_blinding.c
libcrypto_la_SOURCES += rsa/rsa_chk.c
libcrypto_la_SOURCES += rsa/rsa_crpt.c
libcrypto_la_SOURCES += rsa/rsa_eay.c
libcrypto_la_SOURCES += rsa/rsa_err.c
libcrypto_la_SOURCES += rsa/rsa_gen.c
@@ -897,7 +878,6 @@ noinst_HEADERS += sha/sha3_internal.h
# sm3
libcrypto_la_SOURCES += sm3/sm3.c
noinst_HEADERS += sm3/sm3_local.h
# sm4
libcrypto_la_SOURCES += sm4/sm4.c

528
crypto/compat/getopt_long.c Normal file
View File

@@ -0,0 +1,528 @@
/* $OpenBSD: getopt_long.c,v 1.32 2020/05/27 22:25:09 schwarze Exp $ */
/* $NetBSD: getopt_long.c,v 1.15 2002/01/31 22:43:40 tv Exp $ */
/*
* Copyright (c) 2002 Todd C. Miller <millert@openbsd.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*
* Sponsored in part by the Defense Advanced Research Projects
* Agency (DARPA) and Air Force Research Laboratory, Air Force
* Materiel Command, USAF, under agreement number F39502-99-1-0512.
*/
/*-
* Copyright (c) 2000 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
* by Dieter Baron and Thomas Klausner.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#include <err.h>
#include <errno.h>
#include <getopt.h>
#include <stdlib.h>
#include <string.h>
#define no_argument 0
#define required_argument 1
#define optional_argument 2
struct option {
/* name of long option */
const char *name;
/*
* one of no_argument, required_argument, and optional_argument:
* whether option takes an argument
*/
int has_arg;
/* if not NULL, set *flag to val when option found */
int *flag;
/* if flag not NULL, value to set *flag to; else return value */
int val;
};
int opterr = 1; /* if error message should be printed */
int optind = 1; /* index into parent argv vector */
int optopt = '?'; /* character checked for validity */
int optreset; /* reset getopt */
char *optarg; /* argument associated with option */
#if 0
/* DEF_* only work on initialized (non-COMMON) variables */
#endif
#define PRINT_ERROR ((opterr) && (*options != ':'))
#define FLAG_PERMUTE 0x01 /* permute non-options to the end of argv */
#define FLAG_ALLARGS 0x02 /* treat non-options as args to option "-1" */
#define FLAG_LONGONLY 0x04 /* operate as getopt_long_only */
/* return values */
#define BADCH (int)'?'
#define BADARG ((*options == ':') ? (int)':' : (int)'?')
#define INORDER (int)1
#define EMSG ""
static int getopt_internal(int, char * const *, const char *,
const struct option *, int *, int);
static int parse_long_options(char * const *, const char *,
const struct option *, int *, int, int);
static int gcd(int, int);
static void permute_args(int, int, int, char * const *);
static char *place = EMSG; /* option letter processing */
/* XXX: set optreset to 1 rather than these two */
static int nonopt_start = -1; /* first non option argument (for permute) */
static int nonopt_end = -1; /* first option after non options (for permute) */
/* Error messages */
static const char recargchar[] = "option requires an argument -- %c";
static const char recargstring[] = "option requires an argument -- %s";
static const char ambig[] = "ambiguous option -- %.*s";
static const char noarg[] = "option doesn't take an argument -- %.*s";
static const char illoptchar[] = "unknown option -- %c";
static const char illoptstring[] = "unknown option -- %s";
/*
* Compute the greatest common divisor of a and b.
*/
static int
gcd(int a, int b)
{
int c;
c = a % b;
while (c != 0) {
a = b;
b = c;
c = a % b;
}
return (b);
}
/*
* Exchange the block from nonopt_start to nonopt_end with the block
* from nonopt_end to opt_end (keeping the same order of arguments
* in each block).
*/
static void
permute_args(int panonopt_start, int panonopt_end, int opt_end,
char * const *nargv)
{
int cstart, cyclelen, i, j, ncycle, nnonopts, nopts, pos;
char *swap;
/*
* compute lengths of blocks and number and size of cycles
*/
nnonopts = panonopt_end - panonopt_start;
nopts = opt_end - panonopt_end;
ncycle = gcd(nnonopts, nopts);
cyclelen = (opt_end - panonopt_start) / ncycle;
for (i = 0; i < ncycle; i++) {
cstart = panonopt_end+i;
pos = cstart;
for (j = 0; j < cyclelen; j++) {
if (pos >= panonopt_end)
pos -= nnonopts;
else
pos += nopts;
swap = nargv[pos];
((char **)nargv)[pos] = nargv[cstart];
((char **)nargv)[cstart] = swap;
}
}
}
/*
* parse_long_options --
* Parse long options in argc/argv argument vector.
* Returns -1 if short_too is set and the option does not match long_options.
*/
static int
parse_long_options(char * const *nargv, const char *options,
const struct option *long_options, int *idx, int short_too, int flags)
{
char *current_argv, *has_equal;
size_t current_argv_len;
int i, match, exact_match, second_partial_match;
current_argv = place;
match = -1;
exact_match = 0;
second_partial_match = 0;
optind++;
if ((has_equal = strchr(current_argv, '=')) != NULL) {
/* argument found (--option=arg) */
current_argv_len = has_equal - current_argv;
has_equal++;
} else
current_argv_len = strlen(current_argv);
for (i = 0; long_options[i].name; i++) {
/* find matching long option */
if (strncmp(current_argv, long_options[i].name,
current_argv_len))
continue;
if (strlen(long_options[i].name) == current_argv_len) {
/* exact match */
match = i;
exact_match = 1;
break;
}
/*
* If this is a known short option, don't allow
* a partial match of a single character.
*/
if (short_too && current_argv_len == 1)
continue;
if (match == -1) /* first partial match */
match = i;
else if ((flags & FLAG_LONGONLY) ||
long_options[i].has_arg != long_options[match].has_arg ||
long_options[i].flag != long_options[match].flag ||
long_options[i].val != long_options[match].val)
second_partial_match = 1;
}
if (!exact_match && second_partial_match) {
/* ambiguous abbreviation */
if (PRINT_ERROR)
warnx(ambig, (int)current_argv_len, current_argv);
optopt = 0;
return (BADCH);
}
if (match != -1) { /* option found */
if (long_options[match].has_arg == no_argument
&& has_equal) {
if (PRINT_ERROR)
warnx(noarg, (int)current_argv_len,
current_argv);
/*
* XXX: GNU sets optopt to val regardless of flag
*/
if (long_options[match].flag == NULL)
optopt = long_options[match].val;
else
optopt = 0;
return (BADARG);
}
if (long_options[match].has_arg == required_argument ||
long_options[match].has_arg == optional_argument) {
if (has_equal)
optarg = has_equal;
else if (long_options[match].has_arg ==
required_argument) {
/*
* optional argument doesn't use next nargv
*/
optarg = nargv[optind++];
}
}
if ((long_options[match].has_arg == required_argument)
&& (optarg == NULL)) {
/*
* Missing argument; leading ':' indicates no error
* should be generated.
*/
if (PRINT_ERROR)
warnx(recargstring,
current_argv);
/*
* XXX: GNU sets optopt to val regardless of flag
*/
if (long_options[match].flag == NULL)
optopt = long_options[match].val;
else
optopt = 0;
--optind;
return (BADARG);
}
} else { /* unknown option */
if (short_too) {
--optind;
return (-1);
}
if (PRINT_ERROR)
warnx(illoptstring, current_argv);
optopt = 0;
return (BADCH);
}
if (idx)
*idx = match;
if (long_options[match].flag) {
*long_options[match].flag = long_options[match].val;
return (0);
} else
return (long_options[match].val);
}
/*
* getopt_internal --
* Parse argc/argv argument vector. Called by user level routines.
*/
static int
getopt_internal(int nargc, char * const *nargv, const char *options,
const struct option *long_options, int *idx, int flags)
{
char *oli; /* option letter list index */
int optchar, short_too;
static int posixly_correct = -1;
if (options == NULL)
return (-1);
/*
* XXX Some GNU programs (like cvs) set optind to 0 instead of
* XXX using optreset. Work around this braindamage.
*/
if (optind == 0)
optind = optreset = 1;
/*
* Disable GNU extensions if POSIXLY_CORRECT is set or options
* string begins with a '+'.
*/
if (posixly_correct == -1 || optreset)
posixly_correct = (getenv("POSIXLY_CORRECT") != NULL);
if (*options == '-')
flags |= FLAG_ALLARGS;
else if (posixly_correct || *options == '+')
flags &= ~FLAG_PERMUTE;
if (*options == '+' || *options == '-')
options++;
optarg = NULL;
if (optreset)
nonopt_start = nonopt_end = -1;
start:
if (optreset || !*place) { /* update scanning pointer */
optreset = 0;
if (optind >= nargc) { /* end of argument vector */
place = EMSG;
if (nonopt_end != -1) {
/* do permutation, if we have to */
permute_args(nonopt_start, nonopt_end,
optind, nargv);
optind -= nonopt_end - nonopt_start;
}
else if (nonopt_start != -1) {
/*
* If we skipped non-options, set optind
* to the first of them.
*/
optind = nonopt_start;
}
nonopt_start = nonopt_end = -1;
return (-1);
}
if (*(place = nargv[optind]) != '-' ||
(place[1] == '\0' && strchr(options, '-') == NULL)) {
place = EMSG; /* found non-option */
if (flags & FLAG_ALLARGS) {
/*
* GNU extension:
* return non-option as argument to option 1
*/
optarg = nargv[optind++];
return (INORDER);
}
if (!(flags & FLAG_PERMUTE)) {
/*
* If no permutation wanted, stop parsing
* at first non-option.
*/
return (-1);
}
/* do permutation */
if (nonopt_start == -1)
nonopt_start = optind;
else if (nonopt_end != -1) {
permute_args(nonopt_start, nonopt_end,
optind, nargv);
nonopt_start = optind -
(nonopt_end - nonopt_start);
nonopt_end = -1;
}
optind++;
/* process next argument */
goto start;
}
if (nonopt_start != -1 && nonopt_end == -1)
nonopt_end = optind;
/*
* If we have "-" do nothing, if "--" we are done.
*/
if (place[1] != '\0' && *++place == '-' && place[1] == '\0') {
optind++;
place = EMSG;
/*
* We found an option (--), so if we skipped
* non-options, we have to permute.
*/
if (nonopt_end != -1) {
permute_args(nonopt_start, nonopt_end,
optind, nargv);
optind -= nonopt_end - nonopt_start;
}
nonopt_start = nonopt_end = -1;
return (-1);
}
}
/*
* Check long options if:
* 1) we were passed some
* 2) the arg is not just "-"
* 3) either the arg starts with -- we are getopt_long_only()
*/
if (long_options != NULL && place != nargv[optind] &&
(*place == '-' || (flags & FLAG_LONGONLY))) {
short_too = 0;
if (*place == '-')
place++; /* --foo long option */
else if (*place != ':' && strchr(options, *place) != NULL)
short_too = 1; /* could be short option too */
optchar = parse_long_options(nargv, options, long_options,
idx, short_too, flags);
if (optchar != -1) {
place = EMSG;
return (optchar);
}
}
if ((optchar = (int)*place++) == (int)':' ||
(oli = strchr(options, optchar)) == NULL) {
if (!*place)
++optind;
if (PRINT_ERROR)
warnx(illoptchar, optchar);
optopt = optchar;
return (BADCH);
}
if (long_options != NULL && optchar == 'W' && oli[1] == ';') {
/* -W long-option */
if (*place) /* no space */
/* NOTHING */;
else if (++optind >= nargc) { /* no arg */
place = EMSG;
if (PRINT_ERROR)
warnx(recargchar, optchar);
optopt = optchar;
return (BADARG);
} else /* white space */
place = nargv[optind];
optchar = parse_long_options(nargv, options, long_options,
idx, 0, flags);
place = EMSG;
return (optchar);
}
if (*++oli != ':') { /* doesn't take argument */
if (!*place)
++optind;
} else { /* takes (optional) argument */
optarg = NULL;
if (*place) /* no white space */
optarg = place;
else if (oli[1] != ':') { /* arg not optional */
if (++optind >= nargc) { /* no arg */
place = EMSG;
if (PRINT_ERROR)
warnx(recargchar, optchar);
optopt = optchar;
return (BADARG);
} else
optarg = nargv[optind];
}
place = EMSG;
++optind;
}
/* dump back option letter */
return (optchar);
}
/*
* getopt --
* Parse argc/argv argument vector.
*/
int
getopt(int nargc, char * const *nargv, const char *options)
{
/*
* We don't pass FLAG_PERMUTE to getopt_internal() since
* the BSD getopt(3) (unlike GNU) has never done this.
*
* Furthermore, since many privileged programs call getopt()
* before dropping privileges it makes sense to keep things
* as simple (and bug-free) as possible.
*/
return (getopt_internal(nargc, nargv, options, NULL, NULL, 0));
}
/*
* getopt_long --
* Parse argc/argv argument vector.
*/
int
getopt_long(int nargc, char * const *nargv, const char *options,
const struct option *long_options, int *idx)
{
return (getopt_internal(nargc, nargv, options, long_options, idx,
FLAG_PERMUTE));
}
/*
* getopt_long_only --
* Parse argc/argv argument vector.
*/
int
getopt_long_only(int nargc, char * const *nargv, const char *options,
const struct option *long_options, int *idx)
{
return (getopt_internal(nargc, nargv, options, long_options, idx,
FLAG_PERMUTE|FLAG_LONGONLY));
}

109
crypto/compat/posix_win.c
View File

@@ -148,6 +148,49 @@ wsa_errno(int err)
return -1;
}
/*
* Employ a similar trick to cpython (pycore_fileutils.h) where the CRT report
* handler is disabled while checking if a descriptor is a socket or a file
*/
#if defined _MSC_VER && _MSC_VER >= 1900
#include <crtdbg.h>
#include <stdlib.h>
static void noop_handler(const wchar_t *expression, const wchar_t *function,
const wchar_t *file, unsigned int line, uintptr_t pReserved)
{
return;
}
#define BEGIN_SUPPRESS_IPH \
_invalid_parameter_handler old_handler = _set_thread_local_invalid_parameter_handler(noop_handler)
#define END_SUPPRESS_IPH \
_set_thread_local_invalid_parameter_handler(old_handler)
#else
#define BEGIN_SUPPRESS_IPH
#define END_SUPPRESS_IPH
#endif
static int
is_socket(int fd)
{
intptr_t hd;
BEGIN_SUPPRESS_IPH;
hd = _get_osfhandle(fd);
END_SUPPRESS_IPH;
if (hd == (intptr_t)INVALID_HANDLE_VALUE) {
return 1; /* fd is not file descriptor */
}
return 0;
}
int
posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
{
@@ -160,24 +203,31 @@ posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
int
posix_close(int fd)
{
if (closesocket(fd) == SOCKET_ERROR) {
int rc;
if (is_socket(fd)) {
if ((rc = closesocket(fd)) == SOCKET_ERROR) {
int err = WSAGetLastError();
return (err == WSAENOTSOCK || err == WSAEBADF ||
err == WSANOTINITIALISED) ?
close(fd) : wsa_errno(err);
rc = wsa_errno(err);
}
return 0;
} else {
rc = close(fd);
}
return rc;
}
ssize_t
posix_read(int fd, void *buf, size_t count)
{
ssize_t rc = recv(fd, buf, count, 0);
if (rc == SOCKET_ERROR) {
ssize_t rc;
if (is_socket(fd)) {
if ((rc = recv(fd, buf, count, 0)) == SOCKET_ERROR) {
int err = WSAGetLastError();
return (err == WSAENOTSOCK || err == WSAEBADF ||
err == WSANOTINITIALISED) ?
read(fd, buf, count) : wsa_errno(err);
rc = wsa_errno(err);
}
} else {
rc = read(fd, buf, count);
}
return rc;
}
@@ -185,12 +235,13 @@ posix_read(int fd, void *buf, size_t count)
ssize_t
posix_write(int fd, const void *buf, size_t count)
{
ssize_t rc = send(fd, buf, count, 0);
if (rc == SOCKET_ERROR) {
int err = WSAGetLastError();
return (err == WSAENOTSOCK || err == WSAEBADF ||
err == WSANOTINITIALISED) ?
write(fd, buf, count) : wsa_errno(err);
ssize_t rc;
if (is_socket(fd)) {
if ((rc = send(fd, buf, count, 0)) == SOCKET_ERROR) {
rc = wsa_errno(WSAGetLastError());
}
} else {
rc = write(fd, buf, count);
}
return rc;
}
@@ -199,17 +250,32 @@ int
posix_getsockopt(int sockfd, int level, int optname,
void *optval, socklen_t *optlen)
{
int rc = getsockopt(sockfd, level, optname, (char *)optval, optlen);
return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
int rc;
if (is_socket(sockfd)) {
rc = getsockopt(sockfd, level, optname, (char *)optval, optlen);
if (rc != 0) {
rc = wsa_errno(WSAGetLastError());
}
} else {
rc = -1;
}
return rc;
}
int
posix_setsockopt(int sockfd, int level, int optname,
const void *optval, socklen_t optlen)
{
int rc = setsockopt(sockfd, level, optname, (char *)optval, optlen);
return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
int rc;
if (is_socket(sockfd)) {
rc = setsockopt(sockfd, level, optname, (char *)optval, optlen);
if (rc != 0) {
rc = wsa_errno(WSAGetLastError());
}
} else {
rc = -1;
}
return rc;
}
uid_t getuid(void)
@@ -241,5 +307,4 @@ int gettimeofday(struct timeval * tp, struct timezone * tzp)
tp->tv_usec = (long)(system_time.wMilliseconds * 1000);
return 0;
}
#endif

42
crypto/compat/ui_openssl_win.c
View File

@@ -139,9 +139,6 @@ static int is_a_tty;
/* Declare static functions */
static int read_till_nl(FILE *);
static void recsig(int);
static void pushsig(void);
static void popsig(void);
static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
static int read_string(UI *ui, UI_STRING *uis);
@@ -236,8 +233,6 @@ read_till_nl(FILE *in)
return 1;
}
static volatile sig_atomic_t intr_signal;
static int
read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
{
@@ -247,12 +242,9 @@ read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
int maxsize = BUFSIZ - 1;
char *p;
intr_signal = 0;
ok = 0;
ps = 0;
pushsig();
ps = 1;
if (!echo && !noecho_console(ui))
@@ -276,16 +268,11 @@ read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
ok = 1;
error:
if (intr_signal == SIGINT)
ok = -1;
if (!echo)
fprintf(tty_out, "\n");
if (ps >= 2 && !echo && !echo_console(ui))
ok = 0;
if (ps >= 1)
popsig();
explicit_bzero(result, BUFSIZ);
return ok;
}
@@ -348,32 +335,3 @@ close_console(UI *ui)
return 1;
}
/* Internal functions to handle signals and act on them */
static void
pushsig(void)
{
savsig[SIGABRT] = signal(SIGABRT, recsig);
savsig[SIGFPE] = signal(SIGFPE, recsig);
savsig[SIGILL] = signal(SIGILL, recsig);
savsig[SIGINT] = signal(SIGINT, recsig);
savsig[SIGSEGV] = signal(SIGSEGV, recsig);
savsig[SIGTERM] = signal(SIGTERM, recsig);
}
static void
popsig(void)
{
signal(SIGABRT, savsig[SIGABRT]);
signal(SIGFPE, savsig[SIGFPE]);
signal(SIGILL, savsig[SIGILL]);
signal(SIGINT, savsig[SIGINT]);
signal(SIGSEGV, savsig[SIGSEGV]);
signal(SIGTERM, savsig[SIGTERM]);
}
static void
recsig(int i)
{
intr_signal = i;
}

15
include/CMakeLists.txt
View File

@@ -4,9 +4,20 @@ if(ENABLE_LIBRESSL_INSTALL)
PATTERN "CMakeLists.txt" EXCLUDE
PATTERN "compat" EXCLUDE
PATTERN "pqueue.h" EXCLUDE
PATTERN "Makefile*" EXCLUDE)
PATTERN "Makefile*" EXCLUDE
PATTERN "arch" EXCLUDE)
install(FILES ${CMAKE_BINARY_DIR}/include/openssl/opensslconf.h
DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/openssl")
endif(ENABLE_LIBRESSL_INSTALL)
file(COPY .
DESTINATION "${CMAKE_BINARY_DIR}/include"
PATTERN "CMakeLists.txt" EXCLUDE
PATTERN "compat" EXCLUDE
PATTERN "pqueue.h" EXCLUDE
PATTERN "Makefile*" EXCLUDE
PATTERN "arch" EXCLUDE)
if(HOST_AARCH64)
file(READ arch/aarch64/opensslconf.h OPENSSLCONF)
elseif(HOST_ARM)
@@ -28,4 +39,4 @@ elseif(HOST_SPARC64)
elseif(HOST_X86_64)
file(READ arch/amd64/opensslconf.h OPENSSLCONF)
endif()
file(WRITE openssl/opensslconf.h "${OPENSSLCONF}")
file(WRITE ${CMAKE_BINARY_DIR}/include/openssl/opensslconf.h "${OPENSSLCONF}")

1
include/Makefile.am
View File

@@ -10,6 +10,7 @@ noinst_HEADERS += compat/dirent_msvc.h
noinst_HEADERS += compat/endian.h
noinst_HEADERS += compat/err.h
noinst_HEADERS += compat/fcntl.h
noinst_HEADERS += compat/getopt.h
noinst_HEADERS += compat/limits.h
noinst_HEADERS += compat/netdb.h
noinst_HEADERS += compat/poll.h

51
include/compat/endian.h
View File

@@ -28,8 +28,8 @@
#include_next <machine/endian.h>
#elif defined(__sun) || defined(_AIX) || defined(__hpux)
#include <sys/types.h>
#include <arpa/nameser_compat.h>
#include <sys/types.h>
#elif defined(__sgi)
#include <standards.h>
@@ -39,9 +39,8 @@
#ifndef __STRICT_ALIGNMENT
#define __STRICT_ALIGNMENT
#if defined(__i386) || defined(__i386__) || \
defined(__x86_64) || defined(__x86_64__) || \
defined(__s390__) || defined(__s390x__) || \
#if defined(__i386) || defined(__i386__) || defined(__x86_64) || \
defined(__x86_64__) || defined(__s390__) || defined(__s390x__) || \
defined(__aarch64__) || \
((defined(__arm__) || defined(__arm)) && __ARM_ARCH >= 6)
#undef __STRICT_ALIGNMENT
@@ -52,7 +51,9 @@
#include <libkern/OSByteOrder.h>
#define be16toh(x) OSSwapBigToHostInt16((x))
#define htobe16(x) OSSwapHostToBigInt16((x))
#define le32toh(x) OSSwapLittleToHostInt32((x))
#define be32toh(x) OSSwapBigToHostInt32((x))
#define htole32(x) OSSwapHostToLittleInt32(x)
#define htobe32(x) OSSwapHostToBigInt32(x)
#define htole64(x) OSSwapHostToLittleInt64(x)
#define htobe64(x) OSSwapHostToBigInt64(x)
@@ -65,15 +66,23 @@
#define be16toh(x) ntohs((x))
#define htobe16(x) htons((x))
#define le32toh(x) (x)
#define be32toh(x) ntohl((x))
#define htole32(x) (x)
#define htobe32(x) ntohl((x))
#define be64toh(x) ntohll((x))
#if !defined(ntohll)
#define ntohll(x) ((1==htonl(1)) ? (x) : ((uint64_t)ntohl((x) & 0xFFFFFFFF) << 32) | ntohl((x) >> 32))
#define ntohll(x) \
((1 == htonl(1)) \
? (x) \
: ((uint64_t)ntohl((x)&0xFFFFFFFF) << 32) | ntohl((x) >> 32))
#endif
#if !defined(htonll)
#define htonll(x) ((1==ntohl(1)) ? (x) : ((uint64_t)htonl((x) & 0xFFFFFFFF) << 32) | htonl((x) >> 32))
#define htonll(x) \
((1 == ntohl(1)) \
? (x) \
: ((uint64_t)htonl((x)&0xFFFFFFFF) << 32) | htonl((x) >> 32))
#endif
#define htobe64(x) ntohll((x))
@@ -81,13 +90,13 @@
#ifdef __linux__
#if !defined(betoh16)
#define betoh16 be16toh
#define betoh16(x) be16toh(x)
#endif
#if !defined(betoh32)
#define betoh32 be32toh
#define betoh32(x) be32toh(x)
#endif
#if !defined(betoh64)
#define betoh64 be64toh
#define betoh64(x) be64toh(x)
#endif
#endif /* __linux__ */
@@ -96,26 +105,38 @@
#include <sys/endian.h>
#endif
#if !defined(betoh16)
#define betoh16 be16toh
#define betoh16(x) be16toh(x)
#endif
#if !defined(betoh32)
#define betoh32 be32toh
#define betoh32(x) be32toh(x)
#endif
#if !defined(betoh64)
#define betoh64 be64toh
#define betoh64(x) be64toh(x)
#endif
#endif
#if defined(__NetBSD__)
#if !defined(betoh16)
#define betoh16 be16toh
#define betoh16(x) be16toh(x)
#endif
#if !defined(betoh32)
#define betoh32 be32toh
#define betoh32(x) be32toh(x)
#endif
#if !defined(betoh64)
#define betoh64 be64toh
#define betoh64(x) be64toh(x)
#endif
#endif
#if defined(__sun)
#include <sys/byteorder.h>
#define be16toh(x) BE_16(x)
#define htobe16(x) BE_16(x)
#define le32toh(x) LE_32(x)
#define be32toh(x) BE_32(x)
#define htole32(x) LE_32(x)
#define htobe32(x) BE_32(x)
#define be64toh(x) BE_64(x)
#define htobe64(x) BE_64(x)
#endif
#endif

50
include/compat/getopt.h Normal file
View File

@@ -0,0 +1,50 @@
/* $OpenBSD: getopt.h,v 1.3 2013/11/22 21:32:49 millert Exp $ */
/* $NetBSD: getopt.h,v 1.4 2000/07/07 10:43:54 ad Exp $ */
/*-
* Copyright (c) 2000 The NetBSD Foundation, Inc.
* All rights reserved.
*
* This code is derived from software contributed to The NetBSD Foundation
* by Dieter Baron and Thomas Klausner.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
#ifdef HAVE_GETOPT
#include_next <getopt.h>
#else
#ifndef _GETOPT_DEFINED_
#define _GETOPT_DEFINED_
int getopt(int, char * const *, const char *);
extern char *optarg; /* getopt(3) external variables */
extern int opterr;
extern int optind;
extern int optopt;
extern int optreset;
#endif
#endif /* HAVE_GETOPT */

12
include/compat/stdint.h
View File

@@ -16,4 +16,16 @@
#include <limits.h>
#endif
#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
# define __bounded__(x, y, z)
#endif
#if !defined(HAVE_ATTRIBUTE__DEAD) && !defined(__dead)
#ifdef _MSC_VER
#define __dead __declspec(noreturn)
#else
#define __dead __attribute__((__noreturn__))
#endif
#endif
#endif

12
include/compat/sys/types.h
View File

@@ -45,18 +45,6 @@ typedef SSIZE_T ssize_t;
#endif
#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
# define __bounded__(x, y, z)
#endif
#if !defined(HAVE_ATTRIBUTE__DEAD) && !defined(__dead)
#ifdef _MSC_VER
#define __dead __declspec(noreturn)
#else
#define __dead __attribute__((__noreturn__))
#endif
#endif
#ifdef _WIN32
#define __warn_references(sym,msg)
#else

8
include/compat/time.h
View File

@@ -3,6 +3,14 @@
* sys/time.h compatibility shim
*/
#ifndef SIZEOF_TIME_T
#ifdef SMALL_TIME_T
#define SIZEOF_TIME_T 4
#else
#define SIZEOF_TIME_T 8
#endif
#endif
#ifdef _MSC_VER
#if _MSC_VER >= 1900
#include <../ucrt/time.h>

5
include/compat/unistd.h
View File

@@ -23,6 +23,7 @@ ssize_t pwrite(int d, const void *buf, size_t nbytes, off_t offset);
#include <io.h>
#include <process.h>
#define STDIN_FILENO 0
#define STDOUT_FILENO 1
#define STDERR_FILENO 2
@@ -64,6 +65,10 @@ int getentropy(void *buf, size_t buflen);
#endif
#endif
#ifndef HAVE_GETOPT
#include "getopt.h"
#endif
#ifndef HAVE_GETPAGESIZE
int getpagesize(void);
#endif

3
m4/check-libc.m4
View File

@@ -11,7 +11,7 @@ AC_CHECK_FUNCS([asprintf freezero memmem])
AC_CHECK_FUNCS([readpassphrase reallocarray recallocarray])
AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
AC_CHECK_FUNCS([timegm _mkgmtime timespecsub])
AC_CHECK_FUNCS([getprogname syslog syslog_r])
AC_CHECK_FUNCS([getopt getprogname syslog syslog_r])
AC_CACHE_CHECK([for getpagesize], ac_cv_func_getpagesize, [
AC_LINK_IFELSE([AC_LANG_PROGRAM([[
#include <unistd.h>
@@ -25,6 +25,7 @@ AC_CACHE_CHECK([for getpagesize], ac_cv_func_getpagesize, [
AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
AM_CONDITIONAL([HAVE_FREEZERO], [test "x$ac_cv_func_freezero" = xyes])
AM_CONDITIONAL([HAVE_GETPAGESIZE], [test "x$ac_cv_func_getpagesize" = xyes])
AM_CONDITIONAL([HAVE_GETOPT], [test "x$ac_cv_func_getopt" = xyes])
AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes])
AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])

12
m4/check-os-options.m4
View File

@@ -61,9 +61,15 @@ char buf[1]; getentropy(buf, 1);
*freebsd*)
HOST_OS=freebsd
HOST_ABI=elf
# fork detection missing, weak seed on failure
# https://svnweb.freebsd.org/base/head/lib/libc/gen/arc4random.c?revision=268642&view=markup
USE_BUILTIN_ARC4RANDOM=yes
AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
#include <sys/param.h>
#if __FreeBSD_version < 1200000
undefined
#endif
]], [[]])],
[ USE_BUILTIN_ARC4RANDOM=no ],
[ USE_BUILTIN_ARC4RANDOM=yes ]
)
AC_SUBST([PROG_LDADD], ['-lthr'])
;;
*hpux*)

302
man/links
View File

@@ -6,9 +6,9 @@ AES_encrypt.3,AES_cbc_encrypt.3
AES_encrypt.3,AES_decrypt.3
AES_encrypt.3,AES_set_decrypt_key.3
AES_encrypt.3,AES_set_encrypt_key.3
ASN1_BIT_STRING_num_asc.3,ASN1_BIT_STRING_name_print.3
ASN1_BIT_STRING_num_asc.3,ASN1_BIT_STRING_set_asc.3
ASN1_BIT_STRING_set.3,ASN1_BIT_STRING_check.3
ASIdentifiers_new.3,ASIdentifiers_free.3
ASIdentifiers_new.3,d2i_ASIdentifiers.3
ASIdentifiers_new.3,i2d_ASIdentifiers.3
ASN1_BIT_STRING_set.3,ASN1_BIT_STRING_get_bit.3
ASN1_BIT_STRING_set.3,ASN1_BIT_STRING_set_bit.3
ASN1_INTEGER_get.3,ASN1_ENUMERATED_get.3
@@ -140,6 +140,17 @@ ASN1_put_object.3,ASN1_object_size.3
ASN1_put_object.3,ASN1_put_eoc.3
ASN1_time_parse.3,ASN1_TIME_set_tm.3
ASN1_time_parse.3,ASN1_time_tm_cmp.3
ASRange_new.3,ASIdOrRange_free.3
ASRange_new.3,ASIdOrRange_new.3
ASRange_new.3,ASIdentifierChoice_free.3
ASRange_new.3,ASIdentifierChoice_new.3
ASRange_new.3,ASRange_free.3
ASRange_new.3,d2i_ASIdOrRange.3
ASRange_new.3,d2i_ASIdentifierChoice.3
ASRange_new.3,d2i_ASRange.3
ASRange_new.3,i2d_ASIdOrRange.3
ASRange_new.3,i2d_ASIdentifierChoice.3
ASRange_new.3,i2d_ASRange.3
AUTHORITY_KEYID_new.3,AUTHORITY_KEYID_free.3
BASIC_CONSTRAINTS_new.3,BASIC_CONSTRAINTS_free.3
BF_set_key.3,BF_cbc_encrypt.3
@@ -148,7 +159,6 @@ BF_set_key.3,BF_decrypt.3
BF_set_key.3,BF_ecb_encrypt.3
BF_set_key.3,BF_encrypt.3
BF_set_key.3,BF_ofb64_encrypt.3
BF_set_key.3,BF_options.3
BIO_accept.3,BIO_get_accept_socket.3
BIO_accept.3,BIO_get_host_ip.3
BIO_accept.3,BIO_get_port.3
@@ -179,11 +189,6 @@ BIO_dump.3,BIO_dump_fp.3
BIO_dump.3,BIO_dump_indent.3
BIO_dump.3,BIO_dump_indent_fp.3
BIO_dup_chain.3,BIO_dup_state.3
BIO_f_asn1.3,BIO_asn1_get_prefix.3
BIO_f_asn1.3,BIO_asn1_get_suffix.3
BIO_f_asn1.3,BIO_asn1_set_prefix.3
BIO_f_asn1.3,BIO_asn1_set_suffix.3
BIO_f_asn1.3,asn1_ps_func.3
BIO_f_buffer.3,BIO_get_buffer_num_lines.3
BIO_f_buffer.3,BIO_set_buffer_read_data.3
BIO_f_buffer.3,BIO_set_buffer_size.3
@@ -230,12 +235,6 @@ BIO_get_ex_new_index.3,BIO_get_app_data.3
BIO_get_ex_new_index.3,BIO_get_ex_data.3
BIO_get_ex_new_index.3,BIO_set_app_data.3
BIO_get_ex_new_index.3,BIO_set_ex_data.3
BIO_get_ex_new_index.3,ECDH_get_ex_data.3
BIO_get_ex_new_index.3,ECDH_get_ex_new_index.3
BIO_get_ex_new_index.3,ECDH_set_ex_data.3
BIO_get_ex_new_index.3,ECDSA_get_ex_data.3
BIO_get_ex_new_index.3,ECDSA_get_ex_new_index.3
BIO_get_ex_new_index.3,ECDSA_set_ex_data.3
BIO_get_ex_new_index.3,EC_KEY_get_ex_data.3
BIO_get_ex_new_index.3,EC_KEY_get_ex_new_index.3
BIO_get_ex_new_index.3,EC_KEY_set_ex_data.3
@@ -359,39 +358,9 @@ BIO_should_retry.3,BIO_set_retry_reason.3
BIO_should_retry.3,BIO_should_io_special.3
BIO_should_retry.3,BIO_should_read.3
BIO_should_retry.3,BIO_should_write.3
BN_BLINDING_new.3,BN_BLINDING_convert.3
BN_BLINDING_new.3,BN_BLINDING_convert_ex.3
BN_BLINDING_new.3,BN_BLINDING_create_param.3
BN_BLINDING_new.3,BN_BLINDING_free.3
BN_BLINDING_new.3,BN_BLINDING_get_flags.3
BN_BLINDING_new.3,BN_BLINDING_invert.3
BN_BLINDING_new.3,BN_BLINDING_invert_ex.3
BN_BLINDING_new.3,BN_BLINDING_set_flags.3
BN_BLINDING_new.3,BN_BLINDING_thread_id.3
BN_BLINDING_new.3,BN_BLINDING_update.3
BN_CTX_new.3,BN_CTX_free.3
BN_CTX_start.3,BN_CTX_end.3
BN_CTX_start.3,BN_CTX_get.3
BN_GF2m_add.3,BN_GF2m_arr2poly.3
BN_GF2m_add.3,BN_GF2m_cmp.3
BN_GF2m_add.3,BN_GF2m_mod.3
BN_GF2m_add.3,BN_GF2m_mod_arr.3
BN_GF2m_add.3,BN_GF2m_mod_div.3
BN_GF2m_add.3,BN_GF2m_mod_div_arr.3
BN_GF2m_add.3,BN_GF2m_mod_exp.3
BN_GF2m_add.3,BN_GF2m_mod_exp_arr.3
BN_GF2m_add.3,BN_GF2m_mod_inv.3
BN_GF2m_add.3,BN_GF2m_mod_inv_arr.3
BN_GF2m_add.3,BN_GF2m_mod_mul.3
BN_GF2m_add.3,BN_GF2m_mod_mul_arr.3
BN_GF2m_add.3,BN_GF2m_mod_solve_quad.3
BN_GF2m_add.3,BN_GF2m_mod_solve_quad_arr.3
BN_GF2m_add.3,BN_GF2m_mod_sqr.3
BN_GF2m_add.3,BN_GF2m_mod_sqr_arr.3
BN_GF2m_add.3,BN_GF2m_mod_sqrt.3
BN_GF2m_add.3,BN_GF2m_mod_sqrt_arr.3
BN_GF2m_add.3,BN_GF2m_poly2arr.3
BN_GF2m_add.3,BN_GF2m_sub.3
BN_add.3,BN_div.3
BN_add.3,BN_exp.3
BN_add.3,BN_gcd.3
@@ -447,10 +416,13 @@ BN_generate_prime.3,BN_GENCB_set_old.3
BN_generate_prime.3,BN_generate_prime_ex.3
BN_generate_prime.3,BN_is_prime_ex.3
BN_generate_prime.3,BN_is_prime_fasttest_ex.3
BN_get0_nist_prime_521.3,BN_get0_nist_prime_192.3
BN_get0_nist_prime_521.3,BN_get0_nist_prime_224.3
BN_get0_nist_prime_521.3,BN_get0_nist_prime_256.3
BN_get0_nist_prime_521.3,BN_get0_nist_prime_384.3
BN_get_rfc3526_prime_8192.3,BN_get_rfc2409_prime_1024.3
BN_get_rfc3526_prime_8192.3,BN_get_rfc2409_prime_768.3
BN_get_rfc3526_prime_8192.3,BN_get_rfc3526_prime_1536.3
BN_get_rfc3526_prime_8192.3,BN_get_rfc3526_prime_2048.3
BN_get_rfc3526_prime_8192.3,BN_get_rfc3526_prime_3072.3
BN_get_rfc3526_prime_8192.3,BN_get_rfc3526_prime_4096.3
BN_get_rfc3526_prime_8192.3,BN_get_rfc3526_prime_6144.3
BN_mod_mul_montgomery.3,BN_MONT_CTX_copy.3
BN_mod_mul_montgomery.3,BN_MONT_CTX_free.3
BN_mod_mul_montgomery.3,BN_MONT_CTX_new.3
@@ -458,19 +430,9 @@ BN_mod_mul_montgomery.3,BN_MONT_CTX_set.3
BN_mod_mul_montgomery.3,BN_MONT_CTX_set_locked.3
BN_mod_mul_montgomery.3,BN_from_montgomery.3
BN_mod_mul_montgomery.3,BN_to_montgomery.3
BN_mod_mul_reciprocal.3,BN_RECP_CTX_free.3
BN_mod_mul_reciprocal.3,BN_RECP_CTX_init.3
BN_mod_mul_reciprocal.3,BN_RECP_CTX_new.3
BN_mod_mul_reciprocal.3,BN_RECP_CTX_set.3
BN_mod_mul_reciprocal.3,BN_div_recp.3
BN_mod_mul_reciprocal.3,BN_reciprocal.3
BN_new.3,BN_clear.3
BN_new.3,BN_clear_free.3
BN_new.3,BN_free.3
BN_nist_mod_521.3,BN_nist_mod_192.3
BN_nist_mod_521.3,BN_nist_mod_224.3
BN_nist_mod_521.3,BN_nist_mod_256.3
BN_nist_mod_521.3,BN_nist_mod_384.3
BN_num_bytes.3,BN_num_bits.3
BN_num_bytes.3,BN_num_bits_word.3
BN_rand.3,BN_pseudo_rand.3
@@ -493,8 +455,6 @@ BN_zero.3,BN_value_one.3
BUF_MEM_new.3,BUF_MEM_free.3
BUF_MEM_new.3,BUF_MEM_grow.3
BUF_MEM_new.3,BUF_MEM_grow_clean.3
BUF_MEM_new.3,BUF_reverse.3
BUF_MEM_new.3,BUF_strdup.3
CMAC_Init.3,CMAC_CTX_cleanup.3
CMAC_Init.3,CMAC_CTX_copy.3
CMAC_Init.3,CMAC_CTX_free.3
@@ -528,9 +488,11 @@ CMS_get0_RecipientInfos.3,CMS_RecipientInfo_type.3
CMS_get0_SignerInfos.3,CMS_SignerInfo_cert_cmp.3
CMS_get0_SignerInfos.3,CMS_SignerInfo_get0_signature.3
CMS_get0_SignerInfos.3,CMS_SignerInfo_get0_signer_id.3
CMS_get0_SignerInfos.3,CMS_SignerInfo_get_version.3
CMS_get0_SignerInfos.3,CMS_SignerInfo_set1_signer_cert.3
CMS_get0_type.3,CMS_get0_content.3
CMS_get0_type.3,CMS_get0_eContentType.3
CMS_get0_type.3,CMS_get_version.3
CMS_get0_type.3,CMS_set1_eContentType.3
CMS_get1_ReceiptRequest.3,CMS_ReceiptRequest_create0.3
CMS_get1_ReceiptRequest.3,CMS_ReceiptRequest_get0_values.3
@@ -666,21 +628,14 @@ DSA_sign.3,DSA_sign_setup.3
DSA_sign.3,DSA_verify.3
DSA_size.3,DSA_bits.3
ECDH_compute_key.3,ECDH_size.3
ECDSA_SIG_new.3,ECDSA_OpenSSL.3
ECDSA_SIG_new.3,ECDSA_SIG_free.3
ECDSA_SIG_new.3,ECDSA_SIG_get0.3
ECDSA_SIG_new.3,ECDSA_SIG_get0_r.3
ECDSA_SIG_new.3,ECDSA_SIG_get0_s.3
ECDSA_SIG_new.3,ECDSA_SIG_set0.3
ECDSA_SIG_new.3,ECDSA_do_sign.3
ECDSA_SIG_new.3,ECDSA_do_sign_ex.3
ECDSA_SIG_new.3,ECDSA_do_verify.3
ECDSA_SIG_new.3,ECDSA_get_default_method.3
ECDSA_SIG_new.3,ECDSA_set_default_method.3
ECDSA_SIG_new.3,ECDSA_set_method.3
ECDSA_SIG_new.3,ECDSA_sign.3
ECDSA_SIG_new.3,ECDSA_sign_ex.3
ECDSA_SIG_new.3,ECDSA_sign_setup.3
ECDSA_SIG_new.3,ECDSA_size.3
ECDSA_SIG_new.3,ECDSA_verify.3
ECDSA_SIG_new.3,d2i_ECDSA_SIG.3
@@ -699,10 +654,8 @@ EC_GROUP_copy.3,EC_GROUP_get_cofactor.3
EC_GROUP_copy.3,EC_GROUP_get_curve_name.3
EC_GROUP_copy.3,EC_GROUP_get_degree.3
EC_GROUP_copy.3,EC_GROUP_get_order.3
EC_GROUP_copy.3,EC_GROUP_get_pentanomial_basis.3
EC_GROUP_copy.3,EC_GROUP_get_point_conversion_form.3
EC_GROUP_copy.3,EC_GROUP_get_seed_len.3
EC_GROUP_copy.3,EC_GROUP_get_trinomial_basis.3
EC_GROUP_copy.3,EC_GROUP_method_of.3
EC_GROUP_copy.3,EC_GROUP_order_bits.3
EC_GROUP_copy.3,EC_GROUP_set_asn1_flag.3
@@ -814,8 +767,7 @@ ENGINE_ctrl.3,ENGINE_set_ctrl_function.3
ENGINE_get_default_RSA.3,ENGINE_get_cipher_engine.3
ENGINE_get_default_RSA.3,ENGINE_get_default_DH.3
ENGINE_get_default_RSA.3,ENGINE_get_default_DSA.3
ENGINE_get_default_RSA.3,ENGINE_get_default_ECDH.3
ENGINE_get_default_RSA.3,ENGINE_get_default_ECDSA.3
ENGINE_get_default_RSA.3,ENGINE_get_default_EC.3
ENGINE_get_default_RSA.3,ENGINE_get_default_RAND.3
ENGINE_get_default_RSA.3,ENGINE_get_digest_engine.3
ENGINE_get_default_RSA.3,ENGINE_get_table_flags.3
@@ -855,8 +807,7 @@ ENGINE_set_RSA.3,ENGINE_CIPHERS_PTR.3
ENGINE_set_RSA.3,ENGINE_DIGESTS_PTR.3
ENGINE_set_RSA.3,ENGINE_get_DH.3
ENGINE_set_RSA.3,ENGINE_get_DSA.3
ENGINE_set_RSA.3,ENGINE_get_ECDH.3
ENGINE_set_RSA.3,ENGINE_get_ECDSA.3
ENGINE_set_RSA.3,ENGINE_get_EC.3
ENGINE_set_RSA.3,ENGINE_get_RAND.3
ENGINE_set_RSA.3,ENGINE_get_RSA.3
ENGINE_set_RSA.3,ENGINE_get_STORE.3
@@ -866,8 +817,7 @@ ENGINE_set_RSA.3,ENGINE_get_digest.3
ENGINE_set_RSA.3,ENGINE_get_digests.3
ENGINE_set_RSA.3,ENGINE_set_DH.3
ENGINE_set_RSA.3,ENGINE_set_DSA.3
ENGINE_set_RSA.3,ENGINE_set_ECDH.3
ENGINE_set_RSA.3,ENGINE_set_ECDSA.3
ENGINE_set_RSA.3,ENGINE_set_EC.3
ENGINE_set_RSA.3,ENGINE_set_RAND.3
ENGINE_set_RSA.3,ENGINE_set_STORE.3
ENGINE_set_RSA.3,ENGINE_set_ciphers.3
@@ -933,6 +883,26 @@ EVP_AEAD_CTX_init.3,EVP_aead_aes_128_gcm.3
EVP_AEAD_CTX_init.3,EVP_aead_aes_256_gcm.3
EVP_AEAD_CTX_init.3,EVP_aead_chacha20_poly1305.3
EVP_AEAD_CTX_init.3,EVP_aead_xchacha20_poly1305.3
EVP_CIPHER_CTX_ctrl.3,EVP_CIPHER_CTX_get_iv.3
EVP_CIPHER_CTX_ctrl.3,EVP_CIPHER_CTX_iv_length.3
EVP_CIPHER_CTX_ctrl.3,EVP_CIPHER_CTX_key_length.3
EVP_CIPHER_CTX_ctrl.3,EVP_CIPHER_CTX_set_iv.3
EVP_CIPHER_CTX_ctrl.3,EVP_CIPHER_CTX_set_key_length.3
EVP_CIPHER_CTX_ctrl.3,EVP_CIPHER_CTX_set_padding.3
EVP_CIPHER_CTX_ctrl.3,EVP_CIPHER_iv_length.3
EVP_CIPHER_CTX_ctrl.3,EVP_CIPHER_key_length.3
EVP_CIPHER_CTX_get_cipher_data.3,EVP_CIPHER_CTX_buf_noconst.3
EVP_CIPHER_CTX_get_cipher_data.3,EVP_CIPHER_CTX_set_cipher_data.3
EVP_CIPHER_CTX_set_flags.3,EVP_CIPHER_CTX_clear_flags.3
EVP_CIPHER_CTX_set_flags.3,EVP_CIPHER_CTX_get_app_data.3
EVP_CIPHER_CTX_set_flags.3,EVP_CIPHER_CTX_rand_key.3
EVP_CIPHER_CTX_set_flags.3,EVP_CIPHER_CTX_set_app_data.3
EVP_CIPHER_CTX_set_flags.3,EVP_CIPHER_CTX_test_flags.3
EVP_CIPHER_CTX_set_flags.3,EVP_CIPHER_asn1_to_param.3
EVP_CIPHER_CTX_set_flags.3,EVP_CIPHER_param_to_asn1.3
EVP_CIPHER_do_all.3,EVP_CIPHER_do_all_sorted.3
EVP_CIPHER_do_all.3,EVP_MD_do_all.3
EVP_CIPHER_do_all.3,EVP_MD_do_all_sorted.3
EVP_CIPHER_meth_new.3,EVP_CIPHER_meth_dup.3
EVP_CIPHER_meth_new.3,EVP_CIPHER_meth_free.3
EVP_CIPHER_meth_new.3,EVP_CIPHER_meth_set_cleanup.3
@@ -944,38 +914,36 @@ EVP_CIPHER_meth_new.3,EVP_CIPHER_meth_set_impl_ctx_size.3
EVP_CIPHER_meth_new.3,EVP_CIPHER_meth_set_init.3
EVP_CIPHER_meth_new.3,EVP_CIPHER_meth_set_iv_length.3
EVP_CIPHER_meth_new.3,EVP_CIPHER_meth_set_set_asn1_params.3
EVP_CIPHER_nid.3,EVP_CIPHER_CTX_block_size.3
EVP_CIPHER_nid.3,EVP_CIPHER_CTX_flags.3
EVP_CIPHER_nid.3,EVP_CIPHER_CTX_mode.3
EVP_CIPHER_nid.3,EVP_CIPHER_CTX_nid.3
EVP_CIPHER_nid.3,EVP_CIPHER_CTX_type.3
EVP_CIPHER_nid.3,EVP_CIPHER_block_size.3
EVP_CIPHER_nid.3,EVP_CIPHER_flags.3
EVP_CIPHER_nid.3,EVP_CIPHER_mode.3
EVP_CIPHER_nid.3,EVP_CIPHER_name.3
EVP_CIPHER_nid.3,EVP_CIPHER_type.3
EVP_DigestInit.3,EVP_Digest.3
EVP_DigestInit.3,EVP_DigestFinal.3
EVP_DigestInit.3,EVP_DigestFinal_ex.3
EVP_DigestInit.3,EVP_DigestInit_ex.3
EVP_DigestInit.3,EVP_DigestUpdate.3
EVP_DigestInit.3,EVP_MAX_MD_SIZE.3
EVP_DigestInit.3,EVP_MD_CTX_block_size.3
EVP_DigestInit.3,EVP_MD_CTX_cleanup.3
EVP_DigestInit.3,EVP_MD_CTX_copy.3
EVP_DigestInit.3,EVP_MD_CTX_copy_ex.3
EVP_DigestInit.3,EVP_MD_CTX_create.3
EVP_DigestInit.3,EVP_MD_CTX_ctrl.3
EVP_DigestInit.3,EVP_MD_CTX_destroy.3
EVP_DigestInit.3,EVP_MD_CTX_free.3
EVP_DigestInit.3,EVP_MD_CTX_init.3
EVP_DigestInit.3,EVP_MD_CTX_md.3
EVP_DigestInit.3,EVP_MD_CTX_new.3
EVP_DigestInit.3,EVP_MD_CTX_reset.3
EVP_DigestInit.3,EVP_MD_CTX_size.3
EVP_DigestInit.3,EVP_MD_CTX_type.3
EVP_DigestInit.3,EVP_MD_block_size.3
EVP_DigestInit.3,EVP_MD_pkey_type.3
EVP_DigestInit.3,EVP_MD_size.3
EVP_DigestInit.3,EVP_MD_type.3
EVP_DigestInit.3,EVP_get_digestbyname.3
EVP_DigestInit.3,EVP_get_digestbynid.3
EVP_DigestInit.3,EVP_get_digestbyobj.3
EVP_DigestInit.3,EVP_md5.3
EVP_DigestInit.3,EVP_md5_sha1.3
EVP_DigestInit.3,EVP_md_null.3
EVP_DigestInit.3,EVP_ripemd160.3
EVP_DigestInit.3,EVP_sha1.3
EVP_DigestInit.3,EVP_sha224.3
EVP_DigestInit.3,EVP_sha256.3
EVP_DigestInit.3,EVP_sha384.3
@@ -997,39 +965,14 @@ EVP_EncodeInit.3,EVP_ENCODE_CTX_new.3
EVP_EncodeInit.3,EVP_EncodeBlock.3
EVP_EncodeInit.3,EVP_EncodeFinal.3
EVP_EncodeInit.3,EVP_EncodeUpdate.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_block_size.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_cipher.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_cleanup.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_clear_flags.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_ctrl.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_flags.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_copy.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_encrypting.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_free.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_get_app_data.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_get_iv.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_init.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_iv_length.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_key_length.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_mode.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_new.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_nid.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_rand_key.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_reset.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_set_app_data.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_set_flags.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_set_iv.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_set_key_length.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_set_padding.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_test_flags.3
EVP_EncryptInit.3,EVP_CIPHER_CTX_type.3
EVP_EncryptInit.3,EVP_CIPHER_asn1_to_param.3
EVP_EncryptInit.3,EVP_CIPHER_block_size.3
EVP_EncryptInit.3,EVP_CIPHER_flags.3
EVP_EncryptInit.3,EVP_CIPHER_iv_length.3
EVP_EncryptInit.3,EVP_CIPHER_key_length.3
EVP_EncryptInit.3,EVP_CIPHER_mode.3
EVP_EncryptInit.3,EVP_CIPHER_nid.3
EVP_EncryptInit.3,EVP_CIPHER_param_to_asn1.3
EVP_EncryptInit.3,EVP_CIPHER_type.3
EVP_EncryptInit.3,EVP_Cipher.3
EVP_EncryptInit.3,EVP_CipherFinal.3
EVP_EncryptInit.3,EVP_CipherFinal_ex.3
@@ -1055,7 +998,6 @@ EVP_EncryptInit.3,EVP_cast5_cfb.3
EVP_EncryptInit.3,EVP_cast5_cfb64.3
EVP_EncryptInit.3,EVP_cast5_ecb.3
EVP_EncryptInit.3,EVP_cast5_ofb.3
EVP_EncryptInit.3,EVP_chacha20.3
EVP_EncryptInit.3,EVP_enc_null.3
EVP_EncryptInit.3,EVP_get_cipherbyname.3
EVP_EncryptInit.3,EVP_get_cipherbynid.3
@@ -1072,6 +1014,33 @@ EVP_EncryptInit.3,EVP_rc2_cfb.3
EVP_EncryptInit.3,EVP_rc2_cfb64.3
EVP_EncryptInit.3,EVP_rc2_ecb.3
EVP_EncryptInit.3,EVP_rc2_ofb.3
EVP_MD_CTX_ctrl.3,EVP_MD_CTX_clear_flags.3
EVP_MD_CTX_ctrl.3,EVP_MD_CTX_md_data.3
EVP_MD_CTX_ctrl.3,EVP_MD_CTX_pkey_ctx.3
EVP_MD_CTX_ctrl.3,EVP_MD_CTX_set_flags.3
EVP_MD_CTX_ctrl.3,EVP_MD_CTX_set_pkey_ctx.3
EVP_MD_CTX_ctrl.3,EVP_MD_CTX_test_flags.3
EVP_MD_meth_new.3,EVP_MD_meth_dup.3
EVP_MD_meth_new.3,EVP_MD_meth_free.3
EVP_MD_meth_new.3,EVP_MD_meth_set_app_datasize.3
EVP_MD_meth_new.3,EVP_MD_meth_set_cleanup.3
EVP_MD_meth_new.3,EVP_MD_meth_set_copy.3
EVP_MD_meth_new.3,EVP_MD_meth_set_ctrl.3
EVP_MD_meth_new.3,EVP_MD_meth_set_final.3
EVP_MD_meth_new.3,EVP_MD_meth_set_flags.3
EVP_MD_meth_new.3,EVP_MD_meth_set_init.3
EVP_MD_meth_new.3,EVP_MD_meth_set_input_blocksize.3
EVP_MD_meth_new.3,EVP_MD_meth_set_result_size.3
EVP_MD_meth_new.3,EVP_MD_meth_set_update.3
EVP_MD_nid.3,EVP_MD_CTX_block_size.3
EVP_MD_nid.3,EVP_MD_CTX_size.3
EVP_MD_nid.3,EVP_MD_CTX_type.3
EVP_MD_nid.3,EVP_MD_block_size.3
EVP_MD_nid.3,EVP_MD_flags.3
EVP_MD_nid.3,EVP_MD_name.3
EVP_MD_nid.3,EVP_MD_pkey_type.3
EVP_MD_nid.3,EVP_MD_size.3
EVP_MD_nid.3,EVP_MD_type.3
EVP_OpenInit.3,EVP_OpenFinal.3
EVP_OpenInit.3,EVP_OpenUpdate.3
EVP_PKCS82PKEY.3,EVP_PKEY2PKCS8.3
@@ -1096,6 +1065,7 @@ EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_ecdh_kdf_md.3
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_ecdh_kdf_outlen.3
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_ecdh_kdf_type.3
EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_signature_md.3
EVP_PKEY_CTX_get_operation.3,EVP_PKEY_CTX_get0_pkey.3
EVP_PKEY_CTX_new.3,EVP_PKEY_CTX_dup.3
EVP_PKEY_CTX_new.3,EVP_PKEY_CTX_free.3
EVP_PKEY_CTX_new.3,EVP_PKEY_CTX_new_id.3
@@ -1135,18 +1105,22 @@ EVP_PKEY_cmp.3,EVP_PKEY_cmp_parameters.3
EVP_PKEY_cmp.3,EVP_PKEY_copy_parameters.3
EVP_PKEY_cmp.3,EVP_PKEY_missing_parameters.3
EVP_PKEY_decrypt.3,EVP_PKEY_decrypt_init.3
EVP_PKEY_derive.3,EVP_PKEY_CTX_get0_peerkey.3
EVP_PKEY_derive.3,EVP_PKEY_derive_init.3
EVP_PKEY_derive.3,EVP_PKEY_derive_set_peer.3
EVP_PKEY_encrypt.3,EVP_PKEY_encrypt_init.3
EVP_PKEY_keygen.3,EVP_PKEY_CTX_get_app_data.3
EVP_PKEY_keygen.3,EVP_PKEY_CTX_get_cb.3
EVP_PKEY_keygen.3,EVP_PKEY_CTX_get_keygen_info.3
EVP_PKEY_keygen.3,EVP_PKEY_CTX_set0_keygen_info.3
EVP_PKEY_keygen.3,EVP_PKEY_CTX_set_app_data.3
EVP_PKEY_keygen.3,EVP_PKEY_CTX_set_cb.3
EVP_PKEY_keygen.3,EVP_PKEY_gen_cb.3
EVP_PKEY_keygen.3,EVP_PKEY_keygen_init.3
EVP_PKEY_keygen.3,EVP_PKEY_paramgen.3
EVP_PKEY_keygen.3,EVP_PKEY_paramgen_init.3
EVP_PKEY_meth_new.3,EVP_PKEY_CTX_get_data.3
EVP_PKEY_meth_new.3,EVP_PKEY_CTX_set_data.3
EVP_PKEY_meth_new.3,EVP_PKEY_meth_add0.3
EVP_PKEY_meth_new.3,EVP_PKEY_meth_copy.3
EVP_PKEY_meth_new.3,EVP_PKEY_meth_find.3
@@ -1200,6 +1174,7 @@ EVP_PKEY_set1_RSA.3,EVP_PKEY_set1_DH.3
EVP_PKEY_set1_RSA.3,EVP_PKEY_set1_DSA.3
EVP_PKEY_set1_RSA.3,EVP_PKEY_set1_EC_KEY.3
EVP_PKEY_set1_RSA.3,EVP_PKEY_set_type.3
EVP_PKEY_set1_RSA.3,EVP_PKEY_set_type_str.3
EVP_PKEY_set1_RSA.3,EVP_PKEY_type.3
EVP_PKEY_sign.3,EVP_PKEY_sign_init.3
EVP_PKEY_size.3,EVP_PKEY_bits.3
@@ -1214,6 +1189,11 @@ EVP_SignInit.3,EVP_SignUpdate.3
EVP_VerifyInit.3,EVP_VerifyFinal.3
EVP_VerifyInit.3,EVP_VerifyInit_ex.3
EVP_VerifyInit.3,EVP_VerifyUpdate.3
EVP_add_cipher.3,EVP_add_cipher_alias.3
EVP_add_cipher.3,EVP_add_digest.3
EVP_add_cipher.3,EVP_add_digest_alias.3
EVP_add_cipher.3,EVP_delete_cipher_alias.3
EVP_add_cipher.3,EVP_delete_digest_alias.3
EVP_aes_128_cbc.3,EVP_aes_128_cbc_hmac_sha1.3
EVP_aes_128_cbc.3,EVP_aes_128_ccm.3
EVP_aes_128_cbc.3,EVP_aes_128_cfb.3
@@ -1270,6 +1250,7 @@ EVP_camellia_128_cbc.3,EVP_camellia_256_cfb128.3
EVP_camellia_128_cbc.3,EVP_camellia_256_cfb8.3
EVP_camellia_128_cbc.3,EVP_camellia_256_ecb.3
EVP_camellia_128_cbc.3,EVP_camellia_256_ofb.3
EVP_chacha20.3,EVP_chacha20_poly1305.3
EVP_des_cbc.3,EVP_des_cfb.3
EVP_des_cbc.3,EVP_des_cfb1.3
EVP_des_cbc.3,EVP_des_cfb64.3
@@ -1293,6 +1274,12 @@ EVP_des_cbc.3,EVP_des_ofb.3
EVP_des_cbc.3,EVP_desx_cbc.3
EVP_rc4.3,EVP_rc4_40.3
EVP_rc4.3,EVP_rc4_hmac_md5.3
EVP_sha1.3,EVP_md4.3
EVP_sha1.3,EVP_md5.3
EVP_sha1.3,EVP_md5_sha1.3
EVP_sha3_224.3,EVP_sha3_256.3
EVP_sha3_224.3,EVP_sha3_384.3
EVP_sha3_224.3,EVP_sha3_512.3
EVP_sm4_cbc.3,EVP_sm4_cfb.3
EVP_sm4_cbc.3,EVP_sm4_cfb128.3
EVP_sm4_cbc.3,EVP_sm4_ctr.3
@@ -1317,6 +1304,21 @@ HMAC.3,HMAC_Init.3
HMAC.3,HMAC_Init_ex.3
HMAC.3,HMAC_Update.3
HMAC.3,HMAC_size.3
IPAddressRange_new.3,IPAddressChoice_free.3
IPAddressRange_new.3,IPAddressChoice_new.3
IPAddressRange_new.3,IPAddressFamily_free.3
IPAddressRange_new.3,IPAddressFamily_new.3
IPAddressRange_new.3,IPAddressOrRange_free.3
IPAddressRange_new.3,IPAddressOrRange_new.3
IPAddressRange_new.3,IPAddressRange_free.3
IPAddressRange_new.3,d2i_IPAddressChoice.3
IPAddressRange_new.3,d2i_IPAddressFamily.3
IPAddressRange_new.3,d2i_IPAddressOrRange.3
IPAddressRange_new.3,d2i_IPAddressRange.3
IPAddressRange_new.3,i2d_IPAddressChoice.3
IPAddressRange_new.3,i2d_IPAddressFamily.3
IPAddressRange_new.3,i2d_IPAddressOrRange.3
IPAddressRange_new.3,i2d_IPAddressRange.3
MD5.3,MD4.3
MD5.3,MD4_Final.3
MD5.3,MD4_Init.3
@@ -1334,15 +1336,13 @@ OBJ_NAME_add.3,OBJ_NAME_get.3
OBJ_NAME_add.3,OBJ_NAME_init.3
OBJ_NAME_add.3,OBJ_NAME_new_index.3
OBJ_NAME_add.3,OBJ_NAME_remove.3
OBJ_add_sigid.3,OBJ_find_sigid_algs.3
OBJ_add_sigid.3,OBJ_find_sigid_by_algs.3
OBJ_add_sigid.3,OBJ_sigid_free.3
OBJ_create.3,OBJ_add_object.3
OBJ_create.3,OBJ_cleanup.3
OBJ_create.3,OBJ_create_objects.3
OBJ_create.3,OBJ_new_nid.3
OBJ_create.3,check_defer.3
OBJ_create.3,obj_cleanup_defer.3
OBJ_find_sigid_algs.3,OBJ_find_sigid_by_algs.3
OBJ_nid2obj.3,OBJ_cmp.3
OBJ_nid2obj.3,OBJ_dup.3
OBJ_nid2obj.3,OBJ_ln2nid.3
@@ -1455,6 +1455,7 @@ OPENSSL_sk_new.3,sk_zero.3
OpenSSL_add_all_algorithms.3,EVP_cleanup.3
OpenSSL_add_all_algorithms.3,OpenSSL_add_all_ciphers.3
OpenSSL_add_all_algorithms.3,OpenSSL_add_all_digests.3
OpenSSL_add_all_algorithms.3,SSLeay_add_all_algorithms.3
PEM_ASN1_read.3,PEM_ASN1_read_bio.3
PEM_ASN1_read.3,d2i_of_void.3
PEM_X509_INFO_read.3,PEM_X509_INFO_read_bio.3
@@ -1609,9 +1610,6 @@ POLICYINFO_new.3,POLICY_MAPPING_free.3
POLICYINFO_new.3,POLICY_MAPPING_new.3
POLICYINFO_new.3,USERNOTICE_free.3
POLICYINFO_new.3,USERNOTICE_new.3
PROXY_POLICY_new.3,PROXY_CERT_INFO_EXTENSION_free.3
PROXY_POLICY_new.3,PROXY_CERT_INFO_EXTENSION_new.3
PROXY_POLICY_new.3,PROXY_POLICY_free.3
RAND_add.3,RAND_cleanup.3
RAND_add.3,RAND_poll.3
RAND_add.3,RAND_seed.3
@@ -1644,9 +1642,6 @@ RSA_get0_key.3,RSA_set0_factors.3
RSA_get0_key.3,RSA_set0_key.3
RSA_get0_key.3,RSA_set_flags.3
RSA_get0_key.3,RSA_test_flags.3
RSA_get_ex_new_index.3,CRYPTO_EX_dup.3
RSA_get_ex_new_index.3,CRYPTO_EX_free.3
RSA_get_ex_new_index.3,CRYPTO_EX_new.3
RSA_get_ex_new_index.3,RSA_get_ex_data.3
RSA_get_ex_new_index.3,RSA_set_ex_data.3
RSA_meth_new.3,RSA_meth_dup.3
@@ -1713,6 +1708,8 @@ RSA_print.3,DSAparams_print.3
RSA_print.3,DSAparams_print_fp.3
RSA_print.3,RSA_print_fp.3
RSA_private_encrypt.3,RSA_public_decrypt.3
RSA_public_encrypt.3,EVP_PKEY_decrypt_old.3
RSA_public_encrypt.3,EVP_PKEY_encrypt_old.3
RSA_public_encrypt.3,RSA_private_decrypt.3
RSA_security_bits.3,BN_security_bits.3
RSA_security_bits.3,DH_security_bits.3
@@ -1848,7 +1845,6 @@ SSL_CTX_set_client_cert_cb.3,client_cert_cb.3
SSL_CTX_set_default_passwd_cb.3,SSL_CTX_get_default_passwd_cb.3
SSL_CTX_set_default_passwd_cb.3,SSL_CTX_get_default_passwd_cb_userdata.3
SSL_CTX_set_default_passwd_cb.3,SSL_CTX_set_default_passwd_cb_userdata.3
SSL_CTX_set_default_passwd_cb.3,pem_password_cb.3
SSL_CTX_set_generate_session_id.3,GEN_SESSION_CB.3
SSL_CTX_set_generate_session_id.3,SSL_has_matching_session_id.3
SSL_CTX_set_generate_session_id.3,SSL_set_generate_session_id.3
@@ -2037,13 +2033,6 @@ SSL_want.3,SSL_want_read.3
SSL_want.3,SSL_want_write.3
SSL_want.3,SSL_want_x509_lookup.3
SSL_write.3,SSL_write_ex.3
SXNET_new.3,SXNETID_free.3
SXNET_new.3,SXNETID_new.3
SXNET_new.3,SXNET_free.3
SXNET_new.3,d2i_SXNET.3
SXNET_new.3,d2i_SXNETID.3
SXNET_new.3,i2d_SXNET.3
SXNET_new.3,i2d_SXNETID.3
TS_REQ_new.3,TS_ACCURACY_free.3
TS_REQ_new.3,TS_ACCURACY_new.3
TS_REQ_new.3,TS_MSG_IMPRINT_free.3
@@ -2319,6 +2308,8 @@ X509_STORE_CTX_set_verify.3,X509_STORE_set_verify.3
X509_STORE_CTX_set_verify.3,X509_STORE_set_verify_func.3
X509_STORE_CTX_set_verify_cb.3,X509_STORE_CTX_get_verify_cb.3
X509_STORE_CTX_set_verify_cb.3,X509_STORE_CTX_verify_cb.3
X509_STORE_get_by_subject.3,X509_STORE_CTX_get1_certs.3
X509_STORE_get_by_subject.3,X509_STORE_CTX_get1_crls.3
X509_STORE_get_by_subject.3,X509_STORE_CTX_get1_issuer.3
X509_STORE_get_by_subject.3,X509_STORE_CTX_get_by_subject.3
X509_STORE_get_by_subject.3,X509_STORE_CTX_get_obj_by_subject.3
@@ -2464,14 +2455,6 @@ X509_new.3,X509_chain_up_ref.3
X509_new.3,X509_dup.3
X509_new.3,X509_free.3
X509_new.3,X509_up_ref.3
X509_policy_check.3,X509_policy_tree_free.3
X509_policy_tree_get0_policies.3,X509_policy_tree_get0_user_policies.3
X509_policy_tree_level_count.3,X509_policy_level_get0_node.3
X509_policy_tree_level_count.3,X509_policy_level_node_count.3
X509_policy_tree_level_count.3,X509_policy_node_get0_parent.3
X509_policy_tree_level_count.3,X509_policy_node_get0_policy.3
X509_policy_tree_level_count.3,X509_policy_node_get0_qualifiers.3
X509_policy_tree_level_count.3,X509_policy_tree_get0_level.3
X509_print_ex.3,X509_CERT_AUX_print.3
X509_print_ex.3,X509_print.3
X509_print_ex.3,X509_print_ex_fp.3
@@ -2493,6 +2476,19 @@ X509at_get_attr.3,X509at_get0_data_by_OBJ.3
X509at_get_attr.3,X509at_get_attr_by_NID.3
X509at_get_attr.3,X509at_get_attr_by_OBJ.3
X509at_get_attr.3,X509at_get_attr_count.3
X509v3_addr_add_inherit.3,X509v3_addr_add_prefix.3
X509v3_addr_add_inherit.3,X509v3_addr_add_range.3
X509v3_addr_add_inherit.3,X509v3_addr_canonize.3
X509v3_addr_add_inherit.3,X509v3_addr_is_canonical.3
X509v3_addr_get_range.3,X509v3_addr_get_afi.3
X509v3_addr_inherits.3,X509v3_asid_inherits.3
X509v3_addr_subset.3,X509v3_asid_subset.3
X509v3_addr_validate_path.3,X509v3_addr_validate_resource_set.3
X509v3_addr_validate_path.3,X509v3_asid_validate_path.3
X509v3_addr_validate_path.3,X509v3_asid_validate_resource_set.3
X509v3_asid_add_id_or_range.3,X509v3_asid_add_inherit.3
X509v3_asid_add_id_or_range.3,X509v3_asid_canonize.3
X509v3_asid_add_id_or_range.3,X509v3_asid_is_canonical.3
X509v3_get_ext_by_NID.3,X509_CRL_add_ext.3
X509v3_get_ext_by_NID.3,X509_CRL_delete_ext.3
X509v3_get_ext_by_NID.3,X509_CRL_get_ext.3
@@ -2548,6 +2544,8 @@ bn_dump.3,mul.3
bn_dump.3,mul_add.3
bn_dump.3,sqr.3
d2i_ASN1_NULL.3,i2d_ASN1_NULL.3
d2i_ASN1_OBJECT.3,OBJ_get0_data.3
d2i_ASN1_OBJECT.3,OBJ_length.3
d2i_ASN1_OBJECT.3,i2d_ASN1_OBJECT.3
d2i_ASN1_OCTET_STRING.3,d2i_ASN1_BIT_STRING.3
d2i_ASN1_OCTET_STRING.3,d2i_ASN1_BMPSTRING.3
@@ -2751,9 +2749,6 @@ d2i_POLICYINFO.3,i2d_NOTICEREF.3
d2i_POLICYINFO.3,i2d_POLICYINFO.3
d2i_POLICYINFO.3,i2d_POLICYQUALINFO.3
d2i_POLICYINFO.3,i2d_USERNOTICE.3
d2i_PROXY_POLICY.3,d2i_PROXY_CERT_INFO_EXTENSION.3
d2i_PROXY_POLICY.3,i2d_PROXY_CERT_INFO_EXTENSION.3
d2i_PROXY_POLICY.3,i2d_PROXY_POLICY.3
d2i_PrivateKey.3,d2i_AutoPrivateKey.3
d2i_PrivateKey.3,d2i_PrivateKey_bio.3
d2i_PrivateKey.3,d2i_PrivateKey_fp.3
@@ -2864,24 +2859,10 @@ d2i_X509_SIG.3,d2i_PKCS8_fp.3
d2i_X509_SIG.3,i2d_PKCS8_bio.3
d2i_X509_SIG.3,i2d_PKCS8_fp.3
d2i_X509_SIG.3,i2d_X509_SIG.3
des_read_pw.3,EVP_get_pw_prompt.3
des_read_pw.3,EVP_read_pw_string.3
des_read_pw.3,EVP_read_pw_string_min.3
des_read_pw.3,des_read_pw_string.3
get_rfc3526_prime_8192.3,BN_get_rfc2409_prime_1024.3
get_rfc3526_prime_8192.3,BN_get_rfc2409_prime_768.3
get_rfc3526_prime_8192.3,BN_get_rfc3526_prime_1536.3
get_rfc3526_prime_8192.3,BN_get_rfc3526_prime_2048.3
get_rfc3526_prime_8192.3,BN_get_rfc3526_prime_3072.3
get_rfc3526_prime_8192.3,BN_get_rfc3526_prime_4096.3
get_rfc3526_prime_8192.3,BN_get_rfc3526_prime_6144.3
get_rfc3526_prime_8192.3,BN_get_rfc3526_prime_8192.3
get_rfc3526_prime_8192.3,get_rfc2409_prime_1024.3
get_rfc3526_prime_8192.3,get_rfc2409_prime_768.3
get_rfc3526_prime_8192.3,get_rfc3526_prime_1536.3
get_rfc3526_prime_8192.3,get_rfc3526_prime_2048.3
get_rfc3526_prime_8192.3,get_rfc3526_prime_3072.3
get_rfc3526_prime_8192.3,get_rfc3526_prime_4096.3
get_rfc3526_prime_8192.3,get_rfc3526_prime_6144.3
des_read_pw.3,EVP_set_pw_prompt.3
i2a_ASN1_STRING.3,a2i_ASN1_ENUMERATED.3
i2a_ASN1_STRING.3,a2i_ASN1_INTEGER.3
i2a_ASN1_STRING.3,a2i_ASN1_STRING.3
@@ -2985,7 +2966,6 @@ tls_ocsp_process_response.3,tls_peer_ocsp_url.3
tls_read.3,tls_close.3
tls_read.3,tls_error.3
tls_read.3,tls_handshake.3
tls_read.3,tls_reset.3
tls_read.3,tls_write.3
x509_verify.3,x509_verify_ctx_chain.3
x509_verify.3,x509_verify_ctx_error_depth.3

15
patches/aeadtest.c.patch
View File

@@ -1,15 +0,0 @@
--- tests/aeadtest.c.orig Mon Sep 5 22:30:33 2022
+++ tests/aeadtest.c Mon Sep 5 23:51:27 2022
@@ -48,6 +48,12 @@
#define BUF_MAX 1024
+#ifdef _MSC_VER
+#ifdef IN
+#undef IN
+#endif
+#endif
+
/* These are the different types of line that are found in the input file. */
enum {
AEAD = 0, /* name of the AEAD algorithm. */

1055
patches/asm/0001-Revert-Add-endbr64-where-needed-by-inspection.-Passe.patch Normal file
View File

File diff suppressed because it is too large Load Diff

162
patches/asm/0002-Revert-Use-explicit-.text-instead-of-.previous-to-pl.patch Normal file
View File

@@ -0,0 +1,162 @@
From 8861777e025998cc80bb9e39e88a332e8aec2f26 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Mon, 30 Oct 2023 22:00:12 -0500
Subject: [PATCH 2/4] Revert "Use explicit .text instead of .previous to please
Windows/MinGW on amd64"
This reverts commit e8192f57c4e5910ce7badced4a24c8827810d567.
---
src/lib/libcrypto/aes/asm/aes-x86_64.pl | 2 +-
src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl | 2 +-
src/lib/libcrypto/aes/asm/aesni-x86_64.pl | 2 +-
src/lib/libcrypto/aes/asm/bsaes-x86_64.pl | 2 +-
src/lib/libcrypto/aes/asm/vpaes-x86_64.pl | 2 +-
src/lib/libcrypto/bn/asm/x86_64-mont5.pl | 2 +-
src/lib/libcrypto/camellia/asm/cmll-x86_64.pl | 2 +-
src/lib/libcrypto/modes/asm/ghash-x86_64.pl | 2 +-
src/lib/libcrypto/sha/asm/sha1-x86_64.pl | 2 +-
src/lib/libcrypto/sha/asm/sha512-x86_64.pl | 4 ++--
10 files changed, 11 insertions(+), 11 deletions(-)
diff --git a/src/lib/libcrypto/aes/asm/aes-x86_64.pl b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
index b7399b552..2986a9fcc 100755
--- a/src/lib/libcrypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
@@ -2535,7 +2535,7 @@ $code.=<<___;
.long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
.align 64
-.text
+.previous
___
# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
diff --git a/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl b/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
index bafa906a0..8a428c9b1 100644
--- a/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
@@ -1084,7 +1084,7 @@ K_XX_XX:
.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
.long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask
.align 64
-.text
+.previous
___
# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
diff --git a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
index e662fbc7c..09612b1f8 100644
--- a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
@@ -2732,7 +2732,7 @@ $code.=<<___;
.Lxts_magic:
.long 0x87,0,1,0
.align 64
-.text
+.previous
___
# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
diff --git a/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl b/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl
index 20e9e1f71..347f4c302 100644
--- a/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl
@@ -2937,7 +2937,7 @@ _bsaes_const:
.quad 0x6363636363636363, 0x6363636363636363
.align 64
.size _bsaes_const,.-_bsaes_const
-.text
+.previous
___
# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
diff --git a/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl b/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl
index 3ffb1a303..ad5fa7522 100644
--- a/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl
@@ -1063,7 +1063,7 @@ _vpaes_consts:
.quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C
.align 64
.size _vpaes_consts,.-_vpaes_consts
-.text
+.previous
___
if ($win64) {
diff --git a/src/lib/libcrypto/bn/asm/x86_64-mont5.pl b/src/lib/libcrypto/bn/asm/x86_64-mont5.pl
index 7b9c6df27..1c8aa255c 100755
--- a/src/lib/libcrypto/bn/asm/x86_64-mont5.pl
+++ b/src/lib/libcrypto/bn/asm/x86_64-mont5.pl
@@ -1037,7 +1037,7 @@ $code.=<<___;
.Linc:
.long 0,0, 1,1
.long 2,2, 2,2
-.text
+.previous
___
# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
diff --git a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
index 586e5d6e9..c16725f5c 100644
--- a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
+++ b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
@@ -625,7 +625,7 @@ $_ivp="40(%rsp)";
$_rsp="48(%rsp)";
$code.=<<___;
-.text
+.previous
.globl Camellia_cbc_encrypt
.type Camellia_cbc_encrypt,\@function,6
.align 16
diff --git a/src/lib/libcrypto/modes/asm/ghash-x86_64.pl b/src/lib/libcrypto/modes/asm/ghash-x86_64.pl
index 71d0822ac..bce62947f 100644
--- a/src/lib/libcrypto/modes/asm/ghash-x86_64.pl
+++ b/src/lib/libcrypto/modes/asm/ghash-x86_64.pl
@@ -670,7 +670,7 @@ $code.=<<___;
.value 0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
.value 0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE
.align 64
-.text
+.previous
___
# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
diff --git a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
index 43eee73c4..1ec7f609a 100755
--- a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
@@ -1079,7 +1079,7 @@ K_XX_XX:
.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
.long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask
-.text
+.previous
___
}}}
$code.=<<___;
diff --git a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
index 0517eab66..1a7d9bf2d 100755
--- a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
+++ b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
@@ -289,7 +289,7 @@ $TABLE:
.long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
.long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
.long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-.text
+.previous
___
} else {
$code.=<<___;
@@ -337,7 +337,7 @@ $TABLE:
.quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
.quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a
.quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817
-.text
+.previous
___
}
--
2.42.0

203
patches/asm/0003-Revert-Use-.section-.rodata-instead-of-a-plain-.roda.patch Normal file
View File

@@ -0,0 +1,203 @@
From 1407448470aff891f9a9eff550ecda06202ffd29 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Mon, 30 Oct 2023 22:00:49 -0500
Subject: [PATCH 3/4] Revert "Use .section .rodata instead of a plain .rodata"
This reverts commit 67afc07de0ed3a0ccc272df42853ba565a8277c6.
---
src/lib/libcrypto/aes/asm/aes-x86_64.pl | 2 +-
src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl | 2 +-
src/lib/libcrypto/aes/asm/aesni-x86_64.pl | 2 +-
src/lib/libcrypto/aes/asm/bsaes-x86_64.pl | 2 +-
src/lib/libcrypto/aes/asm/vpaes-x86_64.pl | 2 +-
src/lib/libcrypto/bn/asm/x86_64-mont5.pl | 2 +-
src/lib/libcrypto/camellia/asm/cmll-x86_64.pl | 2 +-
src/lib/libcrypto/modes/asm/ghash-x86_64.pl | 2 +-
src/lib/libcrypto/perlasm/x86gas.pl | 2 +-
src/lib/libcrypto/sha/asm/sha1-x86_64.pl | 2 +-
src/lib/libcrypto/sha/asm/sha512-ppc.pl | 2 +-
src/lib/libcrypto/sha/asm/sha512-x86_64.pl | 4 ++--
src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl | 2 +-
13 files changed, 14 insertions(+), 14 deletions(-)
diff --git a/src/lib/libcrypto/aes/asm/aes-x86_64.pl b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
index 2986a9fcc..d9f501b25 100755
--- a/src/lib/libcrypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
@@ -2113,7 +2113,7 @@ ___
}
$code.=<<___;
-.section .rodata
+.rodata
.align 64
.LAES_Te:
___
diff --git a/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl b/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
index 8a428c9b1..4e83b6ba4 100644
--- a/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
@@ -1075,7 +1075,7 @@ $code.=<<___;
___
}
$code.=<<___;
-.section .rodata
+.rodata
.align 64
K_XX_XX:
.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
diff --git a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
index 09612b1f8..2ab7106c0 100644
--- a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
@@ -2721,7 +2721,7 @@ ___
}
$code.=<<___;
-.section .rodata
+.rodata
.align 64
.Lbswap_mask:
.byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
diff --git a/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl b/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl
index 347f4c302..a40f83601 100644
--- a/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl
@@ -2882,7 +2882,7 @@ $code.=<<___;
___
}
$code.=<<___;
-.section .rodata
+.rodata
.type _bsaes_const,\@object
.align 64
_bsaes_const:
diff --git a/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl b/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl
index ad5fa7522..63af96c1d 100644
--- a/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl
@@ -964,7 +964,7 @@ _vpaes_preheat:
## Constants ##
## ##
########################################################
-.section .rodata
+.rodata
.type _vpaes_consts,\@object
.align 64
_vpaes_consts:
diff --git a/src/lib/libcrypto/bn/asm/x86_64-mont5.pl b/src/lib/libcrypto/bn/asm/x86_64-mont5.pl
index 1c8aa255c..5d30f210c 100755
--- a/src/lib/libcrypto/bn/asm/x86_64-mont5.pl
+++ b/src/lib/libcrypto/bn/asm/x86_64-mont5.pl
@@ -1032,7 +1032,7 @@ $code.=<<___;
___
}
$code.=<<___;
-.section .rodata
+.rodata
.align 64
.Linc:
.long 0,0, 1,1
diff --git a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
index c16725f5c..90c56d9e5 100644
--- a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
+++ b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
@@ -599,7 +599,7 @@ sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; $i=$i<<16|$i<<8|$i
sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; $i=$i<<24|$i<<8|$i; sprintf("0x%08x",$i); }
$code.=<<___;
-.section .rodata
+.rodata
.align 64
.LCamellia_SIGMA:
.long 0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
diff --git a/src/lib/libcrypto/modes/asm/ghash-x86_64.pl b/src/lib/libcrypto/modes/asm/ghash-x86_64.pl
index bce62947f..3ae8629cb 100644
--- a/src/lib/libcrypto/modes/asm/ghash-x86_64.pl
+++ b/src/lib/libcrypto/modes/asm/ghash-x86_64.pl
@@ -622,7 +622,7 @@ ___
}
$code.=<<___;
-.section .rodata
+.rodata
.align 64
.Lbswap_mask:
.byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
diff --git a/src/lib/libcrypto/perlasm/x86gas.pl b/src/lib/libcrypto/perlasm/x86gas.pl
index b84e28be9..f28a59054 100644
--- a/src/lib/libcrypto/perlasm/x86gas.pl
+++ b/src/lib/libcrypto/perlasm/x86gas.pl
@@ -307,7 +307,7 @@ sub ::dataseg
{ push(@out,".data\n"); }
sub ::rodataseg
-{ push(@out,".section .rodata\n"); }
+{ push(@out,".rodata\n"); }
sub ::previous
{ push(@out,".previous\n"); }
diff --git a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
index 1ec7f609a..0abbbab6b 100755
--- a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
@@ -1071,7 +1071,7 @@ $code.=<<___;
___
}
$code.=<<___;
-.section .rodata
+.rodata
.align 64
K_XX_XX:
.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
diff --git a/src/lib/libcrypto/sha/asm/sha512-ppc.pl b/src/lib/libcrypto/sha/asm/sha512-ppc.pl
index 28bd997cf..1f02cfdd5 100755
--- a/src/lib/libcrypto/sha/asm/sha512-ppc.pl
+++ b/src/lib/libcrypto/sha/asm/sha512-ppc.pl
@@ -375,7 +375,7 @@ $code.=<<___;
$ST $H,`7*$SZ`($ctx)
bne Lsha2_block_private
blr
- .section .rodata
+ .rodata
Ltable:
___
$code.=<<___ if ($SZ==8);
diff --git a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
index 1a7d9bf2d..6698b1d40 100755
--- a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
+++ b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
@@ -269,7 +269,7 @@ ___
if ($SZ==4) {
$code.=<<___;
-.section .rodata
+.rodata
.align 64
.type $TABLE,\@object
$TABLE:
@@ -293,7 +293,7 @@ $TABLE:
___
} else {
$code.=<<___;
-.section .rodata
+.rodata
.align 64
.type $TABLE,\@object
$TABLE:
diff --git a/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl b/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
index de5d3acfb..510a74b91 100644
--- a/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
+++ b/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
@@ -204,7 +204,7 @@ $code.=<<___;
ret
.size $func,.-$func
-.section .rodata
+.rodata
.align 64
.type $table,\@object
$table:
--
2.42.0

292
patches/asm/0004-Revert-Move-constants-out-of-text-segment-into-rodat.patch Normal file
View File

@@ -0,0 +1,292 @@
From 87b24a6d5a932061cc88b84a856663b328d1c166 Mon Sep 17 00:00:00 2001
From: Brent Cook <busterb@gmail.com>
Date: Mon, 30 Oct 2023 22:01:49 -0500
Subject: [PATCH 4/4] Revert "Move constants out of text segment into rodata to
prepare for xonly support"
This reverts commit b5834617204e7520b0209bcff7f1c4a559e05422.
---
src/lib/libcrypto/aes/asm/aes-x86_64.pl | 3 +--
src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl | 4 ++--
src/lib/libcrypto/aes/asm/aesni-x86_64.pl | 4 ++--
src/lib/libcrypto/aes/asm/bsaes-x86_64.pl | 3 +--
src/lib/libcrypto/aes/asm/vpaes-x86_64.pl | 3 +--
src/lib/libcrypto/bn/asm/x86_64-mont.pl | 4 ++++
src/lib/libcrypto/bn/asm/x86_64-mont5.pl | 3 +--
src/lib/libcrypto/camellia/asm/cmll-x86_64.pl | 4 ++--
src/lib/libcrypto/modes/asm/ghash-x86_64.pl | 4 ++--
src/lib/libcrypto/sha/asm/sha1-x86_64.pl | 3 +--
src/lib/libcrypto/sha/asm/sha512-x86_64.pl | 4 ----
src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl | 1 -
12 files changed, 17 insertions(+), 23 deletions(-)
diff --git a/src/lib/libcrypto/aes/asm/aes-x86_64.pl b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
index d9f501b25..9072f603a 100755
--- a/src/lib/libcrypto/aes/asm/aes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aes-x86_64.pl
@@ -2113,7 +2113,6 @@ ___
}
$code.=<<___;
-.rodata
.align 64
.LAES_Te:
___
@@ -2534,8 +2533,8 @@ ___
$code.=<<___;
.long 0x80808080, 0x80808080, 0xfefefefe, 0xfefefefe
.long 0x1b1b1b1b, 0x1b1b1b1b, 0, 0
+.asciz "AES for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
.align 64
-.previous
___
# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
diff --git a/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl b/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
index 4e83b6ba4..880bcc2d5 100644
--- a/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aesni-sha1-x86_64.pl
@@ -1075,7 +1075,6 @@ $code.=<<___;
___
}
$code.=<<___;
-.rodata
.align 64
K_XX_XX:
.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
@@ -1083,8 +1082,9 @@ K_XX_XX:
.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
.long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask
+
+.asciz "AESNI-CBC+SHA1 stitch for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
.align 64
-.previous
___
# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
diff --git a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
index 2ab7106c0..96978bd35 100644
--- a/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/aesni-x86_64.pl
@@ -2721,7 +2721,6 @@ ___
}
$code.=<<___;
-.rodata
.align 64
.Lbswap_mask:
.byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
@@ -2731,8 +2730,9 @@ $code.=<<___;
.long 1,0,0,0
.Lxts_magic:
.long 0x87,0,1,0
+
+.asciz "AES for Intel AES-NI, CRYPTOGAMS by <appro\@openssl.org>"
.align 64
-.previous
___
# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
diff --git a/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl b/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl
index a40f83601..14dc2c02e 100644
--- a/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/bsaes-x86_64.pl
@@ -2882,7 +2882,6 @@ $code.=<<___;
___
}
$code.=<<___;
-.rodata
.type _bsaes_const,\@object
.align 64
_bsaes_const:
@@ -2935,9 +2934,9 @@ _bsaes_const:
.quad 0x02060a0e03070b0f, 0x0004080c0105090d
.L63:
.quad 0x6363636363636363, 0x6363636363636363
+.asciz "Bit-sliced AES for x86_64/SSSE3, Emilia Käsper, Peter Schwabe, Andy Polyakov"
.align 64
.size _bsaes_const,.-_bsaes_const
-.previous
___
# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
diff --git a/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl b/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl
index 63af96c1d..bd7f45b85 100644
--- a/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl
+++ b/src/lib/libcrypto/aes/asm/vpaes-x86_64.pl
@@ -964,7 +964,6 @@ _vpaes_preheat:
## Constants ##
## ##
########################################################
-.rodata
.type _vpaes_consts,\@object
.align 64
_vpaes_consts:
@@ -1061,9 +1060,9 @@ _vpaes_consts:
.Lk_dsbo: # decryption sbox final output
.quad 0x1387EA537EF94000, 0xC7AA6DB9D4943E2D
.quad 0x12D7560F93441D00, 0xCA4B8159D8C58E9C
+.asciz "Vector Permutation AES for x86_64/SSSE3, Mike Hamburg (Stanford University)"
.align 64
.size _vpaes_consts,.-_vpaes_consts
-.previous
___
if ($win64) {
diff --git a/src/lib/libcrypto/bn/asm/x86_64-mont.pl b/src/lib/libcrypto/bn/asm/x86_64-mont.pl
index cae7309d5..c35493e80 100755
--- a/src/lib/libcrypto/bn/asm/x86_64-mont.pl
+++ b/src/lib/libcrypto/bn/asm/x86_64-mont.pl
@@ -1495,6 +1495,10 @@ $code.=<<___;
.size bn_sqr4x_mont,.-bn_sqr4x_mont
___
}}}
+$code.=<<___;
+.asciz "Montgomery Multiplication for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
+.align 16
+___
print $code;
close STDOUT;
diff --git a/src/lib/libcrypto/bn/asm/x86_64-mont5.pl b/src/lib/libcrypto/bn/asm/x86_64-mont5.pl
index 5d30f210c..bb7ad4c4b 100755
--- a/src/lib/libcrypto/bn/asm/x86_64-mont5.pl
+++ b/src/lib/libcrypto/bn/asm/x86_64-mont5.pl
@@ -1032,12 +1032,11 @@ $code.=<<___;
___
}
$code.=<<___;
-.rodata
.align 64
.Linc:
.long 0,0, 1,1
.long 2,2, 2,2
-.previous
+.asciz "Montgomery Multiplication with scatter/gather for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
___
# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
diff --git a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
index 90c56d9e5..df6bf11a2 100644
--- a/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
+++ b/src/lib/libcrypto/camellia/asm/cmll-x86_64.pl
@@ -599,7 +599,6 @@ sub S0222 { my $i=shift; $i=@SBOX[$i]; $i=($i<<1|$i>>7)&0xff; $i=$i<<16|$i<<8|$i
sub S3033 { my $i=shift; $i=@SBOX[$i]; $i=($i>>1|$i<<7)&0xff; $i=$i<<24|$i<<8|$i; sprintf("0x%08x",$i); }
$code.=<<___;
-.rodata
.align 64
.LCamellia_SIGMA:
.long 0x3bcc908b, 0xa09e667f, 0x4caa73b2, 0xb67ae858
@@ -625,7 +624,6 @@ $_ivp="40(%rsp)";
$_rsp="48(%rsp)";
$code.=<<___;
-.previous
.globl Camellia_cbc_encrypt
.type Camellia_cbc_encrypt,\@function,6
.align 16
@@ -859,6 +857,8 @@ Camellia_cbc_encrypt:
.Lcbc_abort:
ret
.size Camellia_cbc_encrypt,.-Camellia_cbc_encrypt
+
+.asciz "Camellia for x86_64 by <appro\@openssl.org>"
___
}
diff --git a/src/lib/libcrypto/modes/asm/ghash-x86_64.pl b/src/lib/libcrypto/modes/asm/ghash-x86_64.pl
index 3ae8629cb..38d779edb 100644
--- a/src/lib/libcrypto/modes/asm/ghash-x86_64.pl
+++ b/src/lib/libcrypto/modes/asm/ghash-x86_64.pl
@@ -622,7 +622,6 @@ ___
}
$code.=<<___;
-.rodata
.align 64
.Lbswap_mask:
.byte 15,14,13,12,11,10,9,8,7,6,5,4,3,2,1,0
@@ -669,8 +668,9 @@ $code.=<<___;
.value 0xA7D0,0xA612,0xA454,0xA596,0xA0D8,0xA11A,0xA35C,0xA29E
.value 0xB5E0,0xB422,0xB664,0xB7A6,0xB2E8,0xB32A,0xB16C,0xB0AE
.value 0xBBF0,0xBA32,0xB874,0xB9B6,0xBCF8,0xBD3A,0xBF7C,0xBEBE
+
+.asciz "GHASH for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
.align 64
-.previous
___
# EXCEPTION_DISPOSITION handler (EXCEPTION_RECORD *rec,ULONG64 frame,
diff --git a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
index 0abbbab6b..cc8ef5337 100755
--- a/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
+++ b/src/lib/libcrypto/sha/asm/sha1-x86_64.pl
@@ -1071,7 +1071,6 @@ $code.=<<___;
___
}
$code.=<<___;
-.rodata
.align 64
K_XX_XX:
.long 0x5a827999,0x5a827999,0x5a827999,0x5a827999 # K_00_19
@@ -1079,10 +1078,10 @@ K_XX_XX:
.long 0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc,0x8f1bbcdc # K_40_59
.long 0xca62c1d6,0xca62c1d6,0xca62c1d6,0xca62c1d6 # K_60_79
.long 0x00010203,0x04050607,0x08090a0b,0x0c0d0e0f # pbswap mask
-.previous
___
}}}
$code.=<<___;
+.asciz "SHA1 block transform for x86_64, CRYPTOGAMS by <appro\@openssl.org>"
.align 64
___
diff --git a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
index 6698b1d40..bc4b2e748 100755
--- a/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
+++ b/src/lib/libcrypto/sha/asm/sha512-x86_64.pl
@@ -269,7 +269,6 @@ ___
if ($SZ==4) {
$code.=<<___;
-.rodata
.align 64
.type $TABLE,\@object
$TABLE:
@@ -289,11 +288,9 @@ $TABLE:
.long 0x391c0cb3,0x4ed8aa4a,0x5b9cca4f,0x682e6ff3
.long 0x748f82ee,0x78a5636f,0x84c87814,0x8cc70208
.long 0x90befffa,0xa4506ceb,0xbef9a3f7,0xc67178f2
-.previous
___
} else {
$code.=<<___;
-.rodata
.align 64
.type $TABLE,\@object
$TABLE:
@@ -337,7 +334,6 @@ $TABLE:
.quad 0x3c9ebe0a15c9bebc,0x431d67c49c100d4c
.quad 0x4cc5d4becb3e42b6,0x597f299cfc657e2a
.quad 0x5fcb6fab3ad6faec,0x6c44198c4a475817
-.previous
___
}
diff --git a/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl b/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
index 510a74b91..afadd5d2f 100644
--- a/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
+++ b/src/lib/libcrypto/whrlpool/asm/wp-x86_64.pl
@@ -204,7 +204,6 @@ $code.=<<___;
ret
.size $func,.-$func
-.rodata
.align 64
.type $table,\@object
$table:
--
2.42.0

35
patches/bio.h.patch
View File

@@ -1,35 +0,0 @@
--- include/openssl/bio.h.orig Tue Nov 22 21:08:27 2022
+++ include/openssl/bio.h Tue Nov 22 21:08:48 2022
@@ -667,8 +667,24 @@ void BIO_copy_next_retry(BIO *b);
/*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
+#ifdef __MINGW_PRINTF_FORMAT
int
BIO_printf(BIO *bio, const char *format, ...)
+ __attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 3), __nonnull__(2)));
+int
+BIO_vprintf(BIO *bio, const char *format, va_list args)
+ __attribute__((__format__(__MINGW_PRINTF_FORMAT, 2, 0), __nonnull__(2)));
+int
+BIO_snprintf(char *buf, size_t n, const char *format, ...)
+ __attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 4),
+ __nonnull__(3)));
+int
+BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
+ __attribute__((__deprecated__, __format__(__MINGW_PRINTF_FORMAT, 3, 0),
+ __nonnull__(3)));
+#else
+int
+BIO_printf(BIO *bio, const char *format, ...)
__attribute__((__format__(__printf__, 2, 3), __nonnull__(2)));
int
BIO_vprintf(BIO *bio, const char *format, va_list args)
@@ -681,6 +697,7 @@ int
BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
__attribute__((__deprecated__, __format__(__printf__, 3, 0),
__nonnull__(3)));
+#endif
void ERR_load_BIO_strings(void);

18
patches/bn_isqrt.c.patch
View File

@@ -1,18 +0,0 @@
--- tests/bn_isqrt.c.orig Fri Dec 9 11:05:26 2022
+++ tests/bn_isqrt.c Fri Dec 9 11:12:37 2022
@@ -306,6 +306,7 @@ main(int argc, char *argv[])
int ch;
int failed = 0, print = 0;
+#ifndef _MSC_VER
while ((ch = getopt(argc, argv, "C")) != -1) {
switch (ch) {
case 'C':
@@ -316,6 +317,7 @@ main(int argc, char *argv[])
break;
}
}
+#endif
if (print)
return check_tables(1);

18
patches/handshake_table.c.patch
View File

@@ -1,18 +0,0 @@
--- tests/handshake_table.c.orig Tue Mar 15 11:37:03 2022
+++ tests/handshake_table.c Mon Mar 21 05:26:15 2022
@@ -518,6 +518,7 @@
unsigned int depth = 0;
int ch, graphviz = 0, print = 0;
+#ifndef _MSC_VER
while ((ch = getopt(argc, argv, "Cg")) != -1) {
switch (ch) {
case 'C':
@@ -535,6 +536,7 @@
if (argc != 0)
usage();
+#endif
if (graphviz && print)
usage();

120
patches/libcrypto.hidden.patch
View File

@@ -1,120 +0,0 @@
diff -u openbsd/src/lib/libcrypto/hidden/openssl/hmac.h crypto/hidden/openssl/hmac.h
--- openbsd/src/lib/libcrypto/hidden/openssl/hmac.h 2023-03-15 11:41:37.632580800 -0600
+++ crypto/hidden/openssl/hmac.h 2023-03-15 16:49:29.144080400 -0600
@@ -18,7 +18,11 @@
#ifndef _LIBCRYPTO_HMAC_H_
#define _LIBCRYPTO_HMAC_H_
+#ifdef _MSC_VER
+#include <../include/openssl/hmac.h>
+#else
#include_next <openssl/hmac.h>
+#endif
#include "crypto_namespace.h"
LCRYPTO_USED(HMAC_CTX_new);
diff -u openbsd/src/lib/libcrypto/hidden/openssl/pkcs12.h crypto/hidden/openssl/pkcs12.h
--- openbsd/src/lib/libcrypto/hidden/openssl/pkcs12.h 2023-03-15 11:41:37.648024900 -0600
+++ crypto/hidden/openssl/pkcs12.h 2023-03-15 17:15:36.015981800 -0600
@@ -18,7 +18,11 @@
#ifndef _LIBCRYPTO_PKCS12_H
#define _LIBCRYPTO_PKCS12_H
+#ifdef _MSC_VER
+#include <../include/openssl/pkcs12.h>
+#else
#include_next <openssl/pkcs12.h>
+#endif
#include "crypto_namespace.h"
LCRYPTO_USED(PKCS12_SAFEBAG_get0_attr);
diff -u openbsd/src/lib/libcrypto/hidden/openssl/pkcs7.h crypto/hidden/openssl/pkcs7.h
--- openbsd/src/lib/libcrypto/hidden/openssl/pkcs7.h 2023-03-15 11:41:37.663599200 -0600
+++ crypto/hidden/openssl/pkcs7.h 2023-03-15 16:53:43.232866600 -0600
@@ -18,7 +18,11 @@
#ifndef _LIBCRYPTO_PKCS7_H
#define _LIBCRYPTO_PKCS7_H
+#ifdef _MSC_VER
+#include <../include/openssl/pkcs7.h>
+#else
#include_next <openssl/pkcs7.h>
+#endif
#include "crypto_namespace.h"
LCRYPTO_USED(PKCS7_ISSUER_AND_SERIAL_new);
diff -u openbsd/src/lib/libcrypto/hidden/openssl/stack.h crypto/hidden/openssl/stack.h
--- openbsd/src/lib/libcrypto/hidden/openssl/stack.h 2023-03-15 11:41:37.680453800 -0600
+++ crypto/hidden/openssl/stack.h 2023-03-15 16:49:29.200142600 -0600
@@ -18,7 +18,11 @@
#ifndef _LIBCRYPTO_STACK_H
#define _LIBCRYPTO_STACK_H
+#ifdef _MSC_VER
+#include <../include/openssl/stack.h>
+#else
#include_next <openssl/stack.h>
+#endif
#include "crypto_namespace.h"
LCRYPTO_USED(sk_num);
diff -u openbsd/src/lib/libcrypto/hidden/openssl/ui.h crypto/hidden/openssl/ui.h
--- openbsd/src/lib/libcrypto/hidden/openssl/ui.h 2023-03-15 11:41:37.696291800 -0600
+++ crypto/hidden/openssl/ui.h 2023-03-15 16:49:29.222310800 -0600
@@ -18,7 +18,11 @@
#ifndef _LIBCRYPTO_UI_H
#define _LIBCRYPTO_UI_H
+#ifdef _MSC_VER
+#include <../include/openssl/ui.h>
+#else
#include_next <openssl/ui.h>
+#endif
#include "crypto_namespace.h"
LCRYPTO_USED(UI_new);
diff -u openbsd/src/lib/libcrypto/hidden/openssl/x509.h crypto/hidden/openssl/x509.h
--- openbsd/src/lib/libcrypto/hidden/openssl/x509.h 2023-03-15 11:41:37.713302600 -0600
+++ crypto/hidden/openssl/x509.h 2023-03-15 16:49:29.238904200 -0600
@@ -18,7 +18,11 @@
#ifndef _LIBCRYPTO_X509_H
#define _LIBCRYPTO_X509_H
+#ifdef _MSC_VER
+#include <../include/openssl/x509.h>
+#else
#include_next <openssl/x509.h>
+#endif
#include "crypto_namespace.h"
LCRYPTO_USED(X509_CRL_up_ref);
diff -u openbsd/src/lib/libcrypto/hidden/openssl/x509v3.h crypto/hidden/openssl/x509v3.h
--- openbsd/src/lib/libcrypto/hidden/openssl/x509v3.h 2023-03-15 11:41:37.756379100 -0600
+++ crypto/hidden/openssl/x509v3.h 2023-03-15 16:49:29.264482800 -0600
@@ -18,7 +18,11 @@
#ifndef _LIBCRYPTO_X509V3_H
#define _LIBCRYPTO_X509V3_H
+#ifdef _MSC_VER
+#include <../include/openssl/x509v3.h>
+#else
#include_next <openssl/x509v3.h>
+#endif
#include "crypto_namespace.h"
LCRYPTO_USED(PROXY_POLICY_new);
diff -u openbsd/src/lib/libcrypto/hidden/openssl/x509_vfy.h crypto/hidden/openssl/x509_vfy.h
--- openbsd/src/lib/libcrypto/hidden/openssl/x509_vfy.h 2023-03-15 11:41:37.735995100 -0600
+++ crypto/hidden/openssl/x509_vfy.h 2023-03-15 16:49:29.300450300 -0600
@@ -18,7 +18,11 @@
#ifndef _LIBCRYPTO_X509_VFY_H
#define _LIBCRYPTO_X509_VFY_H
+#ifdef _MSC_VER
+#include <../include/openssl/x509_vfy.h>
+#else
#include_next <openssl/x509_vfy.h>
+#endif
#include "crypto_namespace.h"
LCRYPTO_USED(X509_STORE_set_depth);

15
patches/libssl.hidden.patch
View File

@@ -1,15 +0,0 @@
diff -u openbsd/src/lib/libssl/hidden/openssl/ssl.h ssl/hidden/openssl/ssl.h
--- openbsd/src/lib/libssl/hidden/openssl/ssl.h 2023-03-15 11:41:52.466146400 -0600
+++ ssl/hidden/openssl/ssl.h 2023-03-15 16:49:29.358377300 -0600
@@ -18,7 +18,11 @@
#ifndef _LIBSSL_SSL_H_
#define _LIBSSL_SSL_H_
+#ifdef _MSC_VER
+#include <../include/openssl/ssl.h>
+#else
#include_next <openssl/ssl.h>
+#endif
#include "ssl_namespace.h"
LSSL_USED(BIO_f_ssl);

13
patches/modes_local.h.patch
View File

@@ -1,17 +1,14 @@
--- crypto/modes/modes_local.h.orig Tue Nov 14 10:25:15 2017
+++ crypto/modes/modes_local.h Sat Jan 19 22:19:23 2019
@@ -45,14 +45,16 @@
--- crypto/modes/modes_local.h.orig Sat Jul 8 14:03:53 2023
+++ crypto/modes/modes_local.h Sat Jul 8 14:10:56 2023
@@ -45,6 +45,7 @@
asm ("bswapl %0" \
: "+r"(ret)); ret; })
# elif (defined(__arm__) || defined(__arm)) && !defined(__STRICT_ALIGNMENT)
-# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
+# if (__ARM_ARCH >= 6)
+# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
# define BSWAP8(x) ({ u32 lo=(u64)(x)>>32,hi=(x); \
asm ("rev %0,%0; rev %1,%1" \
: "+r"(hi),"+r"(lo)); \
(u64)hi<<32|lo; })
-# define BSWAP4(x) ({ u32 ret; \
+# define BSWAP4(x) ({ u32 ret; \
@@ -53,6 +54,7 @@
asm ("rev %0,%1" \
: "=r"(ret) : "r"((u32)(x))); \
ret; })

12
patches/netcat.c.patch
View File

@@ -1,5 +1,5 @@
--- apps/nc/netcat.c.orig Thu Feb 9 18:42:55 2023
+++ apps/nc/netcat.c Thu Feb 9 18:43:08 2023
--- apps/nc/netcat.c.orig Tue Aug 15 15:17:28 2023
+++ apps/nc/netcat.c Tue Aug 15 15:17:54 2023
@@ -93,9 +93,13 @@ int zflag; /* Port Scan Flag */
int Dflag; /* sodebug */
int Iflag; /* TCP receive buffer size */
@@ -100,7 +100,7 @@
set_common_sockopts(s, res->ai_family);
@@ -1557,11 +1577,13 @@ set_common_sockopts(int s, int af)
@@ -1563,11 +1583,13 @@ set_common_sockopts(int s, int af)
{
int x = 1;
@@ -114,7 +114,7 @@
if (Dflag) {
if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
&x, sizeof(x)) == -1)
@@ -1572,9 +1594,16 @@ set_common_sockopts(int s, int af)
@@ -1578,9 +1600,16 @@ set_common_sockopts(int s, int af)
IP_TOS, &Tflag, sizeof(Tflag)) == -1)
err(1, "set IP ToS");
@@ -131,7 +131,7 @@
}
if (Iflag) {
if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
@@ -1598,13 +1627,17 @@ set_common_sockopts(int s, int af)
@@ -1604,13 +1633,17 @@ set_common_sockopts(int s, int af)
}
if (minttl != -1) {
@@ -150,7 +150,7 @@
}
}
@@ -1829,15 +1862,19 @@ help(void)
@@ -1835,15 +1868,19 @@ help(void)
\t-P proxyuser\tUsername for proxy authentication\n\
\t-p port\t Specify local port for remote connects\n\
\t-R CAfile CA bundle\n\

14
patches/ocsp_test.c.patch
View File

@@ -1,14 +0,0 @@
--- tests/ocsp_test.c.orig 2018-07-24 21:59:17.000000000 -0500
+++ tests/ocsp_test.c 2018-11-07 18:44:43.000000000 -0600
@@ -35,6 +35,11 @@
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
+#ifdef _MSC_VER
+ if (BIO_sock_init() != 1)
+ exit(-1);
+#endif
+
error = getaddrinfo(host, port, &hints, &res);
if (error != 0) {
perror("getaddrinfo()");

6
patches/openssl.c.patch
View File

@@ -1,6 +1,6 @@
--- apps/openssl/openssl.c.orig Tue Apr 25 16:50:41 2023
+++ apps/openssl/openssl.c Tue Apr 25 16:51:01 2023
@@ -358,7 +358,9 @@
--- apps/openssl/openssl.c.orig Sat Jun 17 13:06:00 2023
+++ apps/openssl/openssl.c Sat Jun 24 04:44:55 2023
@@ -354,7 +354,9 @@
static void
openssl_startup(void)
{

6
patches/opensslfeatures.h.patch
View File

@@ -1,6 +1,6 @@
--- openbsd/src/lib/libcrypto/opensslfeatures.h 2023-03-15 11:41:47.301015100 -0600
+++ include/openssl/opensslfeatures.h 2023-03-15 18:27:57.740024800 -0600
@@ -7,6 +7,13 @@
--- include/openssl/opensslfeatures.h.orig Fri Jul 28 06:04:42 2023
+++ include/openssl/opensslfeatures.h Fri Jul 28 06:09:00 2023
@@ -8,6 +8,13 @@
#define LIBRESSL_HAS_TLS1_3
#define LIBRESSL_HAS_DTLS1_2

8
patches/speed.c.patch
View File

@@ -1,5 +1,5 @@
--- apps/openssl/speed.c.orig Sun May 21 12:13:46 2023
+++ apps/openssl/speed.c Sun May 21 12:31:50 2023
--- apps/openssl/speed.c.orig Fri Jul 28 06:04:45 2023
+++ apps/openssl/speed.c Fri Jul 28 06:09:00 2023
@@ -161,7 +161,16 @@ static void
pkey_print_message(const char *str, const char *str2,
long num, int bits, int sec);
@@ -74,7 +74,7 @@
if (!mr) {
fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_VERSION));
fprintf(stdout, "%s\n", SSLeay_version(SSLEAY_BUILT_ON));
@@ -1915,11 +1934,15 @@ pkey_print_message(const char *str, const char *str2,
@@ -1898,11 +1917,15 @@ pkey_print_message(const char *str, const char *str2,
static void
print_result(int alg, int run_no, int count, double time_used)
{
@@ -90,7 +90,7 @@
static char *
sstrsep(char **string, const char *delim)
{
@@ -2126,4 +2149,5 @@ do_multi(int multi)
@@ -2109,4 +2132,5 @@ do_multi(int multi)
free(fds);
return 1;
}

21
patches/ssl_txt.c.patch
View File

@@ -1,21 +0,0 @@
--- ssl/ssl_txt.c.orig Wed Jun 22 11:37:59 2022
+++ ssl/ssl_txt.c Wed Jun 22 11:37:59 2022
@@ -82,6 +82,7 @@
* OTHERWISE.
*/
+#include <inttypes.h>
#include <stdio.h>
#include <openssl/buffer.h>
@@ -174,8 +174,8 @@
}
if (x->time != 0) {
- if (BIO_printf(bp, "\n Start Time: %lld",
- (long long)x->time) <= 0)
+ if (BIO_printf(bp, "\n Start Time: %"PRId64,
+ (int64_t)x->time) <= 0)
goto err;
}

76
patches/tlsexttest.c.patch
View File

@@ -1,76 +0,0 @@
--- tests/tlsexttest.c.orig Fri Apr 28 11:42:38 2023
+++ tests/tlsexttest.c Fri Apr 28 11:55:27 2023
@@ -1775,7 +1775,9 @@
};
static const unsigned char tlsext_sni_server[] = {
+ 0x00
};
+const size_t sizeof_tlsext_sni_server = 0;
static int
test_tlsext_sni_client(void)
@@ -1973,9 +1975,9 @@
if (!CBB_finish(&cbb, &data, &dlen))
errx(1, "failed to finish CBB");
- if (dlen != sizeof(tlsext_sni_server)) {
+ if (dlen != sizeof_tlsext_sni_server) {
FAIL("got server SNI with length %zu, "
- "want length %zu\n", dlen, sizeof(tlsext_sni_server));
+ "want length %zu\n", dlen, sizeof_tlsext_sni_server);
goto err;
}
@@ -1984,14 +1986,14 @@
fprintf(stderr, "received:\n");
hexdump(data, dlen);
fprintf(stderr, "test data:\n");
- hexdump(tlsext_sni_server, sizeof(tlsext_sni_server));
+ hexdump(tlsext_sni_server, sizeof_tlsext_sni_server);
goto err;
}
free(ssl->session->tlsext_hostname);
ssl->session->tlsext_hostname = NULL;
- CBS_init(&cbs, tlsext_sni_server, sizeof(tlsext_sni_server));
+ CBS_init(&cbs, tlsext_sni_server, sizeof_tlsext_sni_server);
if (!client_funcs->parse(ssl, SSL_TLSEXT_MSG_SH, &cbs, &alert)) {
FAIL("failed to parse server SNI\n");
goto err;
@@ -3196,7 +3198,10 @@
0x04, 0x03, 0x02, 0x01, 0x02, 0x03,
};
-unsigned char tlsext_clienthello_disabled[] = {};
+unsigned char tlsext_clienthello_disabled[] = {
+ 0x00
+};
+const size_t sizeof_tlsext_clienthello_disabled = 0;
static int
test_tlsext_clienthello_build(void)
@@ -3287,18 +3292,18 @@
goto err;
}
- if (dlen != sizeof(tlsext_clienthello_disabled)) {
+ if (dlen != sizeof_tlsext_clienthello_disabled) {
FAIL("got clienthello extensions with length %zu, "
"want length %zu\n", dlen,
- sizeof(tlsext_clienthello_disabled));
+ sizeof_tlsext_clienthello_disabled);
compare_data(data, dlen, tlsext_clienthello_disabled,
- sizeof(tlsext_clienthello_disabled));
+ sizeof_tlsext_clienthello_disabled);
goto err;
}
if (memcmp(data, tlsext_clienthello_disabled, dlen) != 0) {
FAIL("clienthello extensions differs:\n");
compare_data(data, dlen, tlsext_clienthello_disabled,
- sizeof(tlsext_clienthello_disabled));
+ sizeof_tlsext_clienthello_disabled);
goto err;
}

29
patches/windows_headers.patch
View File

@@ -1,6 +1,5 @@
diff -u include/openssl.orig/dtls1.h include/openssl/dtls1.h
--- include/openssl.orig/dtls1.h Mon Dec 7 07:58:32 2015
+++ include/openssl/dtls1.h Mon Dec 7 07:56:14 2015
--- include/openssl/dtls1.h.orig Wed Nov 1 13:15:36 2023
+++ include/openssl/dtls1.h Wed Nov 1 13:15:54 2023
@@ -60,7 +60,11 @@
#ifndef HEADER_DTLS1_H
#define HEADER_DTLS1_H
@@ -13,14 +12,14 @@ diff -u include/openssl.orig/dtls1.h include/openssl/dtls1.h
#include <stdio.h>
#include <stdlib.h>
--- include/openssl/ossl_typ.h.orig Fri Feb 18 16:30:39 2022
+++ include/openssl/ossl_typ.h Mon Feb 21 05:39:35 2022
@@ -82,6 +82,22 @@
--- include/openssl/ossl_typ.h.orig Wed Nov 1 13:15:36 2023
+++ include/openssl/ossl_typ.h Wed Nov 1 13:18:23 2023
@@ -82,6 +82,22 @@ typedef struct asn1_object_st ASN1_OBJECT;
typedef struct ASN1_ITEM_st ASN1_ITEM;
typedef struct asn1_pctx_st ASN1_PCTX;
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#if !defined(LIBRESSL_INTERNAL) && !defined(LIBRESSL_DISABLE_OVERRIDE_WINCRYPT_DEFINES_WARNING)
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
@@ -38,15 +37,14 @@ diff -u include/openssl.orig/dtls1.h include/openssl/dtls1.h
#ifdef BIGNUM
#undef BIGNUM
#endif
diff -u include/openssl.orig/pkcs7.h include/openssl/pkcs7.h
--- include/openssl.orig/pkcs7.h Mon Dec 7 07:58:32 2015
+++ include/openssl/pkcs7.h Mon Dec 7 07:56:14 2015
--- include/openssl/pkcs7.h.orig Wed Nov 1 13:15:36 2023
+++ include/openssl/pkcs7.h Wed Nov 1 13:17:58 2023
@@ -69,6 +69,18 @@
extern "C" {
#endif
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#if !defined(LIBRESSL_INTERNAL) && !defined(LIBRESSL_DISABLE_OVERRIDE_WINCRYPT_DEFINES_WARNING)
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else
@@ -60,15 +58,14 @@ diff -u include/openssl.orig/pkcs7.h include/openssl/pkcs7.h
/*
Encryption_ID DES-CBC
Digest_ID MD5
diff -u include/openssl.orig/x509.h include/openssl/x509.h
--- include/openssl.orig/x509.h Tue Apr 18 03:26:56 2023
+++ include/openssl/x509.h Tue Apr 18 03:27:14 2023
@@ -106,6 +106,19 @@
--- include/openssl/x509.h.orig Wed Nov 1 13:15:36 2023
+++ include/openssl/x509.h Wed Nov 1 13:18:44 2023
@@ -100,6 +100,19 @@
extern "C" {
#endif
+#if defined(_WIN32) && defined(__WINCRYPT_H__)
+#ifndef LIBRESSL_INTERNAL
+#if !defined(LIBRESSL_INTERNAL) && !defined(LIBRESSL_DISABLE_OVERRIDE_WINCRYPT_DEFINES_WARNING)
+#ifdef _MSC_VER
+#pragma message("Warning, overriding WinCrypt defines")
+#else

83
scripts/test
View File

@@ -10,46 +10,77 @@ if type apt-get >/dev/null 2>&1; then
sudo apt-get install -y cmake ninja-build
fi
# generate source tree
./autogen.sh
if [ "x$ARCH" = "xnative" ]; then
if [ "$ARCH" = "" ]; then
ARCH=`uname -m`
fi
# test macOS
if [ `uname` = "Darwin" ]; then
# test autotools
./configure
make -j 4 distcheck
# make distribution
make dist
make -j 4 distcheck
# test cmake
tar zxvf libressl-*.tar.gz
cd libressl-*
mkdir build-static
mkdir build-shared
(
mkdir build-static
cd build-static
cmake -DCMAKE_OSX_ARCHITECTURES=$ARCH ..
make -j 4
if [ "$ARCH" = "x86_64" ]; then
make test
fi
)
(
mkdir build-shared
cd build-shared
cmake -DBUILD_SHARED_LIBS=ON -DCMAKE_OSX_ARCHITECTURES=$ARCH ..
make -j 4
if [ "$ARCH" = "x86_64" ]; then
make test
fi
)
# assuming Linux below
elif [ "$ARCH" = "native" ]; then
# test autotools
./configure
# make distribution
make -j 4 distcheck
tar zxvf libressl-*.tar.gz
cd libressl-*
# test cmake and ninja
if [ `uname` = "Darwin" ]; then
cmake -DENABLE_ASM=${ENABLE_ASM} ..
make -j 4
make test
cd ../build-shared
cmake -DBUILD_SHARED_LIBS=ON -DENABLE_ASM=${ENABLE_ASM} ..
make -j 4
make test
else
(
mkdir build-static
cd build-static
cmake -GNinja -DENABLE_ASM=${ENABLE_ASM} ..
ninja -j 4
ninja
ninja test
)
cd ../build-shared
(
mkdir build-shared
cd build-shared
cmake -GNinja -DBUILD_SHARED_LIBS=ON -DENABLE_ASM=${ENABLE_ASM} ..
ninja -j 4
ninja
ninja test
fi
)
elif [ "x$ARCH" = "xmingw32" -o "x$ARCH" = "xmingw64" ]; then
elif [ "$ARCH" = "mingw32" -o "$ARCH" = "mingw64" ]; then
CPU=i686
if [ "x$ARCH" = "xmingw64" ]; then
if [ "$ARCH" = "mingw64" ]; then
CPU=x86_64
fi
@@ -75,10 +106,10 @@ elif [ "x$ARCH" = "xmingw32" -o "x$ARCH" = "xmingw64" ]; then
ninja -j 4
)
elif [ "x$ARCH" = "xarm32" -o "x$ARCH" = "xarm64" ]; then
elif [ "$ARCH" = "arm32" -o "$ARCH" = "arm64" ]; then
sudo apt-get install -y qemu-user-static binfmt-support
if [ "x$ARCH" = "xarm32" ]; then
if [ "$ARCH" = "arm32" ]; then
sudo apt-get install -y g++-arm-linux-gnueabihf
sudo ln -sf /usr/arm-linux-gnueabihf/lib/ld-linux-armhf.so.3 /lib/
./configure --host=arm-linux-gnueabihf
@@ -92,10 +123,10 @@ elif [ "x$ARCH" = "xarm32" -o "x$ARCH" = "xarm64" ]; then
file apps/openssl/.libs/openssl
elif [ "x$ARCH" = "xmips32" -o "x$ARCH" = "xmips64" ]; then
elif [ "$ARCH" = "mips32" -o "$ARCH" = "mips64" ]; then
sudo apt-get install -y qemu-user-static binfmt-support
if [ "x$ARCH" = "xmips32" ]; then
if [ "$ARCH" = "mips32" ]; then
sudo apt-get install -y g++-mips-linux-gnu
sudo ln -sf /usr/mipsel-linux-gnu/lib/ld.so.1 /lib/
./configure --host=mipsel-linux-gnu
@@ -109,7 +140,7 @@ elif [ "x$ARCH" = "xmips32" -o "x$ARCH" = "xmips64" ]; then
file apps/openssl/.libs/openssl
elif [ "x$ARCH" = "xandroid" ]; then
elif [ "$ARCH" = "android" ]; then
export TC_FILE=$ANDROID_NDK_HOME/build/cmake/android.toolchain.cmake
# set target API level and architecture

37
ssl/CMakeLists.txt
View File

@@ -69,7 +69,8 @@ target_include_directories(ssl_obj
../crypto/bio
../include/compat
PUBLIC
../include)
../include
${CMAKE_BINARY_DIR}/include)
add_library(bs_obj OBJECT ${BS_SRC})
target_include_directories(bs_obj
@@ -86,13 +87,33 @@ endif()
export_symbol(ssl ${CMAKE_CURRENT_SOURCE_DIR}/ssl.sym)
target_link_libraries(ssl crypto ${PLATFORM_LIBS})
if (WIN32)
set(SSL_POSTFIX -${SSL_MAJOR_VERSION})
set(SSL_POSTFIX -${SSL_MAJOR_VERSION} PARENT_SCOPE)
endif()
set_target_properties(ssl PROPERTIES
OUTPUT_NAME ssl${SSL_POSTFIX}
ARCHIVE_OUTPUT_NAME ssl${SSL_POSTFIX})
set_target_properties(ssl PROPERTIES VERSION ${SSL_VERSION}
SOVERSION ${SSL_MAJOR_VERSION})
ARCHIVE_OUTPUT_NAME ssl${SSL_POSTFIX}
EXPORT_NAME SSL
VERSION ${SSL_VERSION}
SOVERSION ${SSL_MAJOR_VERSION}
)
target_include_directories(
ssl
PUBLIC
$<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/include>
$<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>
)
install(
TARGETS ssl
EXPORT SSL-target
)
export(
EXPORT SSL-target
FILE "${LibreSSL_BINARY_DIR}/LibreSSL-SSL.cmake"
NAMESPACE LibreSSL::
)
if(ENABLE_LIBRESSL_INSTALL)
install(
@@ -101,6 +122,12 @@ if(ENABLE_LIBRESSL_INSTALL)
LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
)
install(
EXPORT SSL-target
FILE "LibreSSL-SSL.cmake"
NAMESPACE LibreSSL::
DESTINATION "${LIBRESSL_INSTALL_CMAKEDIR}"
)
endif(ENABLE_LIBRESSL_INSTALL)
# build static library for regression test

2
ssl/Makefile.am
View File

@@ -46,6 +46,8 @@ libbs_la_SOURCES += bs_cbs.c
noinst_HEADERS = bytestring.h
noinst_HEADERS += hidden/ssl_namespace.h
noinst_HEADERS += hidden/openssl/srtp.h
noinst_HEADERS += hidden/openssl/tls1.h
noinst_HEADERS += hidden/openssl/ssl.h
libssl_la_SOURCES = bio_ssl.c

47
tests/CMakeLists.txt
View File

@@ -13,6 +13,7 @@ include_directories(
../apps/openssl
../apps/openssl/compat
../include
${CMAKE_BINARY_DIR}/include
../include/compat
)
@@ -153,6 +154,11 @@ add_executable(bn_cmp bn_cmp.c)
target_link_libraries(bn_cmp ${OPENSSL_TEST_LIBS})
add_test(bn_cmp bn_cmp)
# bn_convert
add_executable(bn_convert bn_convert.c)
target_link_libraries(bn_convert ${OPENSSL_TEST_LIBS})
add_test(bn_convert bn_convert)
# bn_gcd
add_executable(bn_gcd bn_cmp.c)
target_link_libraries(bn_gcd ${OPENSSL_TEST_LIBS})
@@ -172,6 +178,11 @@ set_source_files_properties(bn_mod_exp.c PROPERTIES COMPILE_FLAGS
target_link_libraries(bn_mod_exp ${OPENSSL_TEST_LIBS})
add_test(bn_mod_exp bn_mod_exp)
# bn_mod_inverse
add_executable(bn_mod_inverse bn_mod_inverse.c)
target_link_libraries(bn_mod_inverse ${OPENSSL_TEST_LIBS})
add_test(bn_mod_inverse bn_mod_inverse)
# bn_mod_sqrt
add_executable(bn_mod_sqrt bn_mod_sqrt.c)
target_link_libraries(bn_mod_sqrt ${OPENSSL_TEST_LIBS})
@@ -187,10 +198,10 @@ add_executable(bn_primes bn_primes.c)
target_link_libraries(bn_primes ${OPENSSL_TEST_LIBS})
add_test(bn_primes bn_primes)
# bn_rand_interval
add_executable(bn_rand_interval bn_rand_interval.c)
target_link_libraries(bn_rand_interval ${OPENSSL_TEST_LIBS})
add_test(bn_rand_interval bn_rand_interval)
# bn_print
add_executable(bn_print bn_print.c)
target_link_libraries(bn_print ${OPENSSL_TEST_LIBS})
add_test(bn_print bn_print)
# bn_shift
add_executable(bn_shift bn_shift.c)
@@ -303,6 +314,11 @@ add_test(dsatest dsatest)
# set_tests_properties(dtlstest PROPERTIES ENVIRONMENT "srcdir=${TEST_SOURCE_DIR}")
# endif()
# ecc_cdh
add_executable(ecc_cdh ecc_cdh.c)
target_link_libraries(ecc_cdh ${OPENSSL_TEST_LIBS})
add_test(ecc_cdh ecc_cdh)
# ec_asn1_test
add_executable(ec_asn1_test ec_asn1_test.c)
target_link_libraries(ec_asn1_test ${OPENSSL_TEST_LIBS})
@@ -585,14 +601,23 @@ add_executable(sha_test sha_test.c)
target_link_libraries(sha_test ${OPENSSL_TEST_LIBS})
add_test(sha_test sha_test)
# XXX HAVE_SOCKETPAIR
# signertest
# add_executable(signertest signertest.c)
# target_link_libraries(signertest ${LIBTLS_TEST_LIBS})
# target_include_directories(signertest BEFORE PUBLIC ../tls)
# set_source_files_properties(signertest.c PROPERTIES COMPILE_FLAGS
# -DCERTSDIR=\\"${CMAKE_CURRENT_SOURCE_DIR}\\")
# add_test(signertest signertest)
if(NOT CMAKE_SYSTEM_NAME MATCHES "WindowsStore")
set(SIGNERTEST_SRC signertest.c)
check_function_exists(pipe2 HAVE_PIPE2)
if(HAVE_PIPE2)
add_definitions(-DHAVE_PIPE2)
else()
set(SIGNERTEST_SRC ${SIGNERTEST_SRC} compat/pipe2.c)
endif()
set_source_files_properties(signertest.c PROPERTIES COMPILE_FLAGS
-DCERTSDIR=\\"${CMAKE_CURRENT_SOURCE_DIR}\\")
add_executable(signertest ${SIGNERTEST_SRC})
target_link_libraries(signertest ${LIBTLS_TEST_LIBS})
target_include_directories(signertest BEFORE PUBLIC ../tls)
add_test(signertest signertest)
endif()
# sm2crypttest
# sm2evptest

36
tests/Makefile.am
View File

@@ -170,6 +170,11 @@ TESTS += bn_cmp
check_PROGRAMS += bn_cmp
bn_cmp_SOURCES = bn_cmp.c
# bn_convert
TESTS += bn_convert
check_PROGRAMS += bn_convert
bn_convert_SOURCES = bn_convert.c
# bn_gcd
TESTS += bn_gcd
check_PROGRAMS += bn_gcd
@@ -188,6 +193,11 @@ check_PROGRAMS += bn_mod_exp
bn_mod_exp_CPPFLAGS = $(AM_CPPFLAGS) -ULIBRESSL_INTERNAL
bn_mod_exp_SOURCES = bn_mod_exp.c
# bn_mod_inverse
TESTS += bn_mod_inverse
check_PROGRAMS += bn_mod_inverse
bn_mod_inverse_SOURCES = bn_mod_inverse.c
# bn_mod_sqrt
TESTS += bn_mod_sqrt
check_PROGRAMS += bn_mod_sqrt
@@ -203,10 +213,10 @@ TESTS += bn_primes
check_PROGRAMS += bn_primes
bn_primes_SOURCES = bn_primes.c
# bn_rand_interval
TESTS += bn_rand_interval
check_PROGRAMS += bn_rand_interval
bn_rand_interval_SOURCES = bn_rand_interval.c
# bn_print
TESTS += bn_print
check_PROGRAMS += bn_print
bn_print_SOURCES = bn_print.c
# bn_shift
TESTS += bn_shift
@@ -321,6 +331,11 @@ dsatest_SOURCES = dsatest.c
#endif
#EXTRA_DIST += dtlstest.sh
# ecc_cdh
TESTS += ecc_cdh
check_PROGRAMS += ecc_cdh
ecc_cdh_SOURCES = ecc_cdh.c
# ec_asn1_test
TESTS += ec_asn1_test
check_PROGRAMS += ec_asn1_test
@@ -616,12 +631,14 @@ TESTS += sha_test
check_PROGRAMS += sha_test
sha_test_SOURCES = sha_test.c
# XXX HAVE_SOCKETPAIR
# signertest
# TESTS += signertest
# check_PROGRAMS += signertest
# signertest_CPPFLAGS = -I $(top_srcdir)/tls $(AM_CPPFLAGS) -DCERTSDIR=\"$(srcdir)\"
# signertest_SOURCES = signertest.c
TESTS += signertest
check_PROGRAMS += signertest
signertest_CPPFLAGS = -I $(top_srcdir)/tls $(AM_CPPFLAGS) -DCERTSDIR=\"$(srcdir)\"
signertest_SOURCES = signertest.c
if !HAVE_PIPE2
signertest_SOURCES += compat/pipe2.c
endif
# sm2crypttest
# sm2evptest
@@ -681,7 +698,6 @@ EXTRA_DIST += server2-ecdsa.pem server2-rsa-chain.pem server2-rsa.pem
EXTRA_DIST += server3-ecdsa-chain.pem server3-ecdsa.pem server3-rsa-chain.pem
EXTRA_DIST += server3-rsa.pem
# string_table
TESTS += string_table
check_PROGRAMS += string_table

37
tests/cmake/CMakeLists.txt Normal file
View File

@@ -0,0 +1,37 @@
cmake_minimum_required(VERSION 3.5)
project(LibreSSL_Consumer LANGUAGES C)
find_package(
LibreSSL
CONFIG
REQUIRED
COMPONENTS Crypto SSL TLS
)
set(RESULTS_TO_CHECK
"LIBRESSL_VERSION"
"LIBRESSL_FOUND"
"LIBRESSL_INCLUDE_DIR"
"LIBRESSL_LIBRARIES"
"LIBRESSL_CRYPTO_LIBRARY"
"LIBRESSL_SSL_LIBRARY"
"LIBRESSL_TLS_LIBRARY"
)
foreach(RESULT_VAR IN LISTS RESULTS_TO_CHECK)
if(${RESULT_VAR})
message(STATUS "${RESULT_VAR}: ${${RESULT_VAR}}")
else()
message(FATAL_ERROR "${RESULT_VAR} was not set by the package.")
endif()
endforeach()
add_executable(crypto crypto.c)
target_link_libraries(crypto PRIVATE LibreSSL::Crypto)
add_executable(ssl ssl.c)
target_link_libraries(ssl PRIVATE LibreSSL::SSL)
add_executable(tls tls.c)
target_link_libraries(tls PRIVATE LibreSSL::TLS)

7
tests/cmake/crypto.c Normal file
View File

@@ -0,0 +1,7 @@
#include <openssl/crypto.h>
int main(void) {
OPENSSL_init_crypto(0, NULL);
OPENSSL_cleanup();
return 0;
}

6
tests/cmake/ssl.c Normal file
View File

@@ -0,0 +1,6 @@
#include <openssl/ssl.h>
int main(void) {
SSL_library_init();
return 0;
}

6
tests/cmake/tls.c Normal file
View File

@@ -0,0 +1,6 @@
#include <tls.h>
int main(void) {
tls_init();
return 0;
}

39
tests/testssl.bat
View File

@@ -1,4 +1,4 @@
@echo off
@echo on
setlocal enabledelayedexpansion
REM testssl.bat
@@ -88,8 +88,7 @@ for /f "usebackq" %%s in (`%openssl% no-dh`) do set nodh=%%s
if %nodh%==no-dh (
echo skipping anonymous DH tests
) else (
echo test tls1 with 1024bit anonymous DH, multiple handshakes
%ssltest% -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time %extra% & if !errorlevel! neq 0 exit /b 1
echo skipping tls1 tests.
)
REM #for /f "usebackq" %%s in (`%openssl% no-rsa`) do set norsa=%%s
@@ -112,24 +111,24 @@ REM #
REM # DTLS tests
REM #
echo test dtlsv1
%ssltest% -dtls1 %extra% & if !errorlevel! neq 0 exit /b 1
echo test dtlsv1_2
%ssltest% -dtls1_2 %extra% & if !errorlevel! neq 0 exit /b 1
echo test dtlsv1 with server authentication
%ssltest% -dtls1 -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test dtlsv1_2 with server authentication
%ssltest% -dtls1_2 -server_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test dtlsv1 with client authentication
%ssltest% -dtls1 -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test dtlsv1_2 with client authentication
%ssltest% -dtls1_2 -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test dtlsv1 with both client and server authentication
%ssltest% -dtls1 -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo test dtlsv1_2 with both client and server authentication
%ssltest% -dtls1_2 -server_auth -client_auth %CA% %extra% & if !errorlevel! neq 0 exit /b 1
echo "Testing DTLS ciphersuites"
for %%p in ( SSLv3 ) do (
echo "Testing ciphersuites for %%p"
for /f "usebackq" %%c in (`%openssl% ciphers -v "RSA+%%p:-RC4" ^| find "%%p"`) do (
echo "Testing %%c"
%ssltest% -cipher %%c -dtls1
%ssltest% -cipher %%c -dtls1_2
if !errorlevel! neq 0 (
echo "Failed %%c"
exit /b 1
@@ -141,19 +140,19 @@ REM #
REM # ALPN tests
REM #
echo "Testing ALPN..."
%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client foo -alpn_server foo ^
%ssltest% -bio_pair -alpn_client foo -alpn_server bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -alpn_client foo -alpn_server foo ^
-alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server foo ^
%ssltest% -bio_pair -alpn_client foo,bar -alpn_server foo ^
-alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo ^
%ssltest% -bio_pair -alpn_client bar,foo -alpn_server foo ^
-alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server foo,bar ^
%ssltest% -bio_pair -alpn_client bar,foo -alpn_server foo,bar ^
-alpn_expected foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client bar,foo -alpn_server bar,foo ^
%ssltest% -bio_pair -alpn_client bar,foo -alpn_server bar,foo ^
-alpn_expected bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client foo,bar -alpn_server bar,foo ^
%ssltest% -bio_pair -alpn_client foo,bar -alpn_server bar,foo ^
-alpn_expected bar & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -tls1 -alpn_client baz -alpn_server bar,foo & if !errorlevel! neq 0 exit /b 1
%ssltest% -bio_pair -alpn_client baz -alpn_server bar,foo & if !errorlevel! neq 0 exit /b 1
endlocal

39
tls/CMakeLists.txt
View File

@@ -22,6 +22,8 @@ if(WIN32)
compat/pread.c
compat/pwrite.c
)
set(LIBTLS_EXTRA_EXPORT ${LIBTLS_EXTRA_EXPORT} ftruncate)
endif()
if(NOT "${OPENSSLDIR}" STREQUAL "")
@@ -45,7 +47,8 @@ target_include_directories(tls_obj
.
../include/compat
PUBLIC
../include)
../include
${CMAKE_BINARY_DIR}/include)
add_library(tls $<TARGET_OBJECTS:tls_obj> $<TARGET_OBJECTS:ssl_obj>
$<TARGET_OBJECTS:crypto_obj> empty.c)
@@ -53,13 +56,33 @@ add_library(tls $<TARGET_OBJECTS:tls_obj> $<TARGET_OBJECTS:ssl_obj>
export_symbol(tls ${CMAKE_CURRENT_BINARY_DIR}/tls.sym)
target_link_libraries(tls ${PLATFORM_LIBS})
if (WIN32)
set(TLS_POSTFIX -${TLS_MAJOR_VERSION})
set(TLS_POSTFIX -${TLS_MAJOR_VERSION} PARENT_SCOPE)
endif()
set_target_properties(tls PROPERTIES
OUTPUT_NAME tls${TLS_POSTFIX}
ARCHIVE_OUTPUT_NAME tls${TLS_POSTFIX})
set_target_properties(tls PROPERTIES VERSION ${TLS_VERSION}
SOVERSION ${TLS_MAJOR_VERSION})
ARCHIVE_OUTPUT_NAME tls${TLS_POSTFIX}
EXPORT_NAME TLS
VERSION ${TLS_VERSION}
SOVERSION ${TLS_MAJOR_VERSION}
)
target_include_directories(
tls
PUBLIC
$<BUILD_INTERFACE:${CMAKE_BINARY_DIR}/include>
$<INSTALL_INTERFACE:${CMAKE_INSTALL_INCLUDEDIR}>
)
install(
TARGETS tls
EXPORT TLS-target
)
export(
EXPORT TLS-target
FILE "${LibreSSL_BINARY_DIR}/LibreSSL-TLS.cmake"
NAMESPACE LibreSSL::
)
if(ENABLE_LIBRESSL_INSTALL)
install(
@@ -68,6 +91,12 @@ if(ENABLE_LIBRESSL_INSTALL)
LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR}
RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR}
)
install(
EXPORT TLS-target
FILE "LibreSSL-TLS.cmake"
NAMESPACE LibreSSL::
DESTINATION "${LIBRESSL_INSTALL_CMAKEDIR}"
)
endif(ENABLE_LIBRESSL_INSTALL)
# build static library for regression test

9
tls/Makefile.am
View File

@@ -20,10 +20,17 @@ libtls_la_objects.mk: Makefile
> libtls_la_objects.mk
libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym
if ENABLE_LIBTLS_ONLY
libtls_la_LIBADD = $(libcrypto_la_objects)
libtls_la_LIBADD += $(libssl_la_objects)
else
libtls_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la
libtls_la_LIBADD += $(abs_top_builddir)/ssl/libssl.la
endif
libtls_la_LIBADD += $(libcompat_la_objects)
libtls_la_LIBADD += $(libcompatnoopt_la_objects)
libtls_la_LIBADD += $(libssl_la_objects)
libtls_la_LIBADD += $(PLATFORM_LDADD)
libtls_la_CPPFLAGS = $(AM_CPPFLAGS)

36
update.sh
View File

@@ -18,7 +18,7 @@ set +e
tag=`git describe --exact-match --tags HEAD 2>/dev/null`
is_tag=$?
# adjust for 9 hour time delta between trees
release_ts=$((`git show -s --format=%ct $tag|tail -n1` + 32400))
release_ts=$((`git show -s --format=%ct $tag|tail -1` + 32400))
commit=`git -C openbsd rev-list -n 1 --before=$release_ts $openbsd_branch`
git -C openbsd fetch
if [ $is_tag -eq 0 ]; then
@@ -133,7 +133,7 @@ copy_hdrs $libcrypto_src "stack/stack.h lhash/lhash.h stack/safestack.h
ecdh/ecdh.h rsa/rsa.h sha/sha.h x509/x509_vfy.h pkcs7/pkcs7.h pem/pem.h
pem/pem2.h hkdf/hkdf.h hmac/hmac.h rand/rand.h md5/md5.h
x509/x509v3.h conf/conf.h ocsp/ocsp.h
aes/aes.h modes/modes.h asn1/asn1t.h dso/dso.h bf/blowfish.h
aes/aes.h modes/modes.h asn1/asn1t.h bf/blowfish.h
bio/bio.h cast/cast.h cmac/cmac.h cms/cms.h conf/conf_api.h des/des.h dh/dh.h
dsa/dsa.h engine/engine.h ui/ui.h pkcs12/pkcs12.h ts/ts.h
md4/md4.h ripemd/ripemd.h whrlpool/whrlpool.h idea/idea.h
@@ -194,13 +194,21 @@ fixup_masm() {
> $2
}
fixup_macosx() {
echo Fixing up $2
sed -e 's/endbr64//' $1 > $2
# generate assembly crypto algorithms
asm_src=$CWD/asm
setup_asm_generator() {
rm -fr $asm_src
cp -a $libcrypto_src $asm_src
}
setup_asm_generator_patched() {
setup_asm_generator
for i in `ls -1 patches/asm/*.patch | sort -n`; do
patch -d $asm_src -p 4 < $i 1> /dev/null 2>/dev/null ;
done
}
# generate assembly crypto algorithms
asm_src=$libcrypto_src
gen_asm_stdout() {
CC=true perl $asm_src/$2 $1 > crypto/$3.tmp
[ $1 = "elf" ] && cat <<-EOF >> crypto/$3.tmp
@@ -210,8 +218,6 @@ gen_asm_stdout() {
EOF
if [ $1 = "masm" ]; then
fixup_masm crypto/$3.tmp crypto/$3
elif [ $1 = "macosx" ]; then
fixup_macosx crypto/$3.tmp crypto/$3
else
$MV crypto/$3.tmp crypto/$3
fi
@@ -238,13 +244,13 @@ gen_asm() {
EOF
if [ $1 = "masm" ]; then
fixup_masm crypto/$3.tmp crypto/$3
elif [ $1 = "macosx" ]; then
fixup_macosx crypto/$3.tmp crypto/$3
else
$MV crypto/$3.tmp crypto/$3
fi
}
setup_asm_generator
echo generating mips ASM source for elf
gen_asm_mips o32 aes aes-mips aes-mips
gen_asm_mips o32 bn mips bn-mips
@@ -274,6 +280,14 @@ $CP $libcrypto_src/arch/arm/arm_arch.h crypto
for abi in elf macosx masm mingw64; do
echo generating x86_64 ASM source for $abi
# use patched generators for non-elf targets
if [ $abi = "elf" ]; then
setup_asm_generator
else
setup_asm_generator_patched
fi
gen_asm_stdout $abi aes/asm/aes-x86_64.pl aes/aes-$abi-x86_64.S
gen_asm_stdout $abi aes/asm/vpaes-x86_64.pl aes/vpaes-$abi-x86_64.S
gen_asm_stdout $abi aes/asm/bsaes-x86_64.pl aes/bsaes-$abi-x86_64.S