├── .github ├── scripts │ └── changelog.sh └── workflows │ ├── android.yml │ ├── cifuzz.yml │ ├── cmake-config.yml │ ├── coverity.yml │ ├── emscripten.yml │ ├── fedora-rawhide.yml │ ├── freebsd.yml │ ├── linux.yml │ ├── macos.yml │ ├── release.yml │ ├── rust-openssl.yml │ ├── solaris.yml │ └── windows.yml ├── .gitignore ├── CMakeLists.txt ├── COPYING ├── ChangeLog ├── FindLibreSSL.cmake ├── LibreSSLConfig.cmake.in ├── Makefile.am ├── Makefile.am.common ├── OPENBSD_BRANCH ├── README.md ├── README.mingw.md ├── apps ├── CMakeLists.txt ├── Makefile.am ├── nc │ ├── CMakeLists.txt │ ├── Makefile.am │ └── compat │ │ ├── accept4.c │ │ ├── readpassphrase.c │ │ ├── socket.c │ │ └── sys │ │ └── socket.h ├── ocspcheck │ ├── CMakeLists.txt │ ├── Makefile.am │ └── compat │ │ └── .gitignore └── openssl │ ├── CMakeLists.txt │ ├── Makefile.am │ ├── apps_win.c │ ├── certhash_win.c │ └── compat │ ├── clock_gettime_osx.c │ └── poll_win.c ├── appveyor.yml ├── autogen.sh ├── check-release.sh ├── cmake_export_symbol.cmake ├── cmake_uninstall.cmake.in ├── config ├── configure.ac ├── crypto ├── CMakeLists.txt ├── Makefile.am ├── Makefile.am.arc4random ├── Makefile.am.elf-mips ├── Makefile.am.elf-mips64 ├── Makefile.am.elf-x86_64 ├── Makefile.am.macosx-x86_64 ├── Makefile.am.masm-x86_64 ├── Makefile.am.mingw64-x86_64 ├── arch │ ├── aarch64 │ │ ├── crypto_cpu_caps_darwin.c │ │ ├── crypto_cpu_caps_linux.c │ │ ├── crypto_cpu_caps_none.c │ │ └── crypto_cpu_caps_windows.c │ ├── loongarch64 │ │ └── crypto_arch.h │ └── mips │ │ └── crypto_arch.h ├── bn │ └── arch │ │ ├── loongarch64 │ │ └── bn_arch.h │ │ └── mips │ │ └── bn_arch.h └── compat │ ├── .gitignore │ ├── arc4random.h │ ├── b_win.c │ ├── bsd-asprintf.c │ ├── crypto_lock_win.c │ ├── explicit_bzero_win.c │ ├── freezero.c │ ├── getdelim.c │ ├── getline.c │ ├── getopt_long.c │ ├── getpagesize.c │ ├── getprogname_linux.c │ ├── getprogname_unimpl.c │ ├── getprogname_windows.c │ ├── posix_win.c │ ├── syslog_r.c │ └── ui_openssl_win.c ├── dist.sh ├── gen-coverage-report.sh ├── gen-openbsd-tags.sh ├── include ├── CMakeLists.txt ├── Makefile.am ├── arch │ ├── loongarch64 │ │ └── opensslconf.h │ └── mips │ │ └── opensslconf.h ├── compat │ ├── arpa │ │ ├── inet.h │ │ └── nameser.h │ ├── cet.h │ ├── dirent.h │ ├── dirent_msvc.h │ ├── endian.h │ ├── err.h │ ├── fcntl.h │ ├── getopt.h │ ├── limits.h │ ├── netdb.h │ ├── netinet │ │ ├── in.h │ │ ├── ip.h │ │ └── tcp.h │ ├── poll.h │ ├── pthread.h │ ├── readpassphrase.h │ ├── resolv.h │ ├── stdint.h │ ├── stdio.h │ ├── stdlib.h │ ├── string.h │ ├── sys │ │ ├── _null.h │ │ ├── ioctl.h │ │ ├── mman.h │ │ ├── param.h │ │ ├── queue.h │ │ ├── select.h │ │ ├── socket.h │ │ ├── stat.h │ │ ├── time.h │ │ ├── tree.h │ │ ├── types.h │ │ └── uio.h │ ├── syslog.h │ ├── time.h │ ├── unistd.h │ └── win32netcompat.h └── openssl │ └── Makefile.am.tpl ├── libcrypto.pc.in ├── libressl.pub ├── libssl.pc.in ├── libtls.pc.in ├── m4 ├── ax_add_fortify_source.m4 ├── ax_check_compile_flag.m4 ├── check-hardening-options.m4 ├── check-libc.m4 ├── check-os-options.m4 └── disable-compiler-warnings.m4 ├── man ├── CMakeLists.txt ├── links └── update_links.sh ├── openssl.pc.in ├── patches ├── bn_shift.patch ├── crypto_arch.h.patch ├── crypto_namespace.h.patch ├── netcat.c.patch ├── openssl.c.patch ├── opensslfeatures.h.patch ├── patch-amd64-crypto-cpu-caps.c.patch ├── patch-i386-crypto-cpu-caps.c.patch ├── speed.c.patch ├── ssl_namespace.h.patch ├── tls.h.patch ├── tls_config.c.patch ├── win32_amd64_bn_arch.h.patch └── windows_headers.patch ├── scripts ├── config.guess ├── config.sub ├── i686-w64-mingw32.cmake ├── test ├── wrap-compiler-for-flag-check └── x86_64-w64-mingw32.cmake ├── ssl ├── CMakeLists.txt └── Makefile.am ├── tests ├── CMakeLists.txt ├── Makefile.am ├── aeadtest.sh ├── arc4randomforktest.sh ├── asn1time_small.test ├── cmake │ ├── CMakeLists.txt │ ├── crypto.c │ ├── ssl.c │ └── tls.c ├── compat │ └── pipe2.c ├── dtlstest.sh ├── evptest.sh ├── keypairtest.sh ├── mlkem_tests.sh ├── ocsptest.bat ├── ocsptest.sh ├── openssl.cnf ├── optionstest.c ├── pidwraptest.c ├── pidwraptest.sh ├── quictest.bat ├── quictest.sh ├── renegotiation_test.bat ├── renegotiation_test.sh ├── rfc5280time_small.test ├── servertest.bat ├── servertest.sh ├── shutdowntest.bat ├── shutdowntest.sh ├── ssltest.bat ├── ssltest.sh ├── testdsa.bat ├── testdsa.sh ├── testenc.bat ├── testenc.sh ├── testrsa.bat ├── testrsa.sh ├── testssl.bat ├── tlstest.bat └── tlstest.sh ├── tls ├── CMakeLists.txt ├── Makefile.am └── compat │ ├── ftruncate.c │ ├── pread.c │ └── pwrite.c └── update.sh /.github/scripts/changelog.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # Copyright (c) 2023 Joshua Sing 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | # 17 | # Usage: changelog.sh 18 | # Reads the changelog for the specified version from the changelog file. 19 | # The output will be reformatted for use in GitHub releases. 20 | # 21 | # The changelog file defaults to "ChangeLog", but can be changed by setting 22 | # the environment variable $CHANGELOG_FILE 23 | # 24 | 25 | set -e 26 | 27 | # Check if the version argument is provided 28 | if [ "$#" -ne 1 ]; then 29 | echo "Usage: $0 " 1>&2 30 | exit 1 31 | fi 32 | 33 | version="${1#v}" 34 | changelog_file="${CHANGELOG_FILE:-ChangeLog}" 35 | found_version=false 36 | changelog="" 37 | 38 | # Check if the specified changelog file exists 39 | if [ ! -f "$changelog_file" ]; then 40 | echo "Error: Changelog file '$changelog_file' not found" 1>&2 41 | exit 1 42 | fi 43 | 44 | # Read the changelog file line by line 45 | while IFS= read -r line; do 46 | # Check for the version line 47 | if echo "$line" | grep -Eq "^${version} - "; then 48 | found_version=true 49 | continue 50 | fi 51 | 52 | # Continue reading the changelog until the next version or end of file, 53 | # skipping empty lines 54 | if $found_version; then 55 | echo "$line" | grep -Eq "^\s*$" && continue 56 | echo "$line" | grep -Eq "^[0-9]+\.[0-9]+\.[0-9]+ - " && break 57 | changelog="${changelog}${line}\n" 58 | fi 59 | done < "$changelog_file" 60 | 61 | # If the specified version was not found, print an error 62 | if ! $found_version; then 63 | echo "Error: Version $version was not found in changelog" 1>&2 64 | exit 1 65 | fi 66 | 67 | # Tidy up the changelog for displaying on GitHub 68 | changelog=$(echo "$changelog" | sed -e 's/^\t\*/###/' -e 's/^\t//') 69 | 70 | # Print the changelog for the specified version 71 | echo "$changelog" 72 | echo 73 | echo "Full changelog: https://github.com/libressl/portable/blob/master/ChangeLog" 74 | exit 0 75 | -------------------------------------------------------------------------------- /.github/workflows/android.yml: -------------------------------------------------------------------------------- 1 | # GitHub Actions workflow to run tests on Android. 2 | name: "Android" 3 | 4 | on: [push, pull_request] 5 | 6 | concurrency: 7 | group: "${{ github.workflow }}-${{ github.event.number || github.ref }}" 8 | cancel-in-progress: true 9 | 10 | jobs: 11 | test: 12 | name: "Test ${{ matrix.name }}" 13 | runs-on: ubuntu-24.04 14 | permissions: 15 | contents: read 16 | strategy: 17 | fail-fast: false 18 | matrix: 19 | include: 20 | - name: "Android 8-9" 21 | min-nal: 26 22 | max-nal: 28 23 | - name: "Android 10-11" 24 | min-nal: 29 25 | max-nal: 30 26 | steps: 27 | - name: "Checkout repository" 28 | uses: actions/checkout@v4 29 | 30 | - name: "Run CI script" 31 | run: ./scripts/test 32 | env: 33 | ARCH: "android" 34 | MIN_NAL: "${{ matrix.min-nal }}" 35 | MAX_NAL: "${{ matrix.max-nal }}" 36 | -------------------------------------------------------------------------------- /.github/workflows/cifuzz.yml: -------------------------------------------------------------------------------- 1 | name: CIFuzz 2 | 3 | on: 4 | workflow_dispatch: 5 | 6 | concurrency: 7 | group: "${{ github.workflow }}-${{ github.event.number || github.ref }}" 8 | cancel-in-progress: true 9 | 10 | jobs: 11 | Fuzzing: 12 | runs-on: ubuntu-24.04 13 | steps: 14 | - name: Build Fuzzers 15 | id: build 16 | uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master 17 | with: 18 | oss-fuzz-project-name: 'libressl' 19 | dry-run: false 20 | language: c++ 21 | - name: Run Fuzzers 22 | uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master 23 | with: 24 | oss-fuzz-project-name: 'libressl' 25 | fuzz-seconds: 300 26 | dry-run: false 27 | language: c++ 28 | - name: Upload Crash 29 | uses: actions/upload-artifact@v4 30 | if: failure() && steps.build.outcome == 'success' 31 | with: 32 | name: artifacts 33 | path: ./out/artifacts 34 | -------------------------------------------------------------------------------- /.github/workflows/cmake-config.yml: -------------------------------------------------------------------------------- 1 | # GitHub Actions workflow to check CMake config. 2 | name: "CMake Check" 3 | 4 | on: 5 | push: {} 6 | pull_request: {} 7 | 8 | concurrency: 9 | group: "${{ github.workflow }}-${{ github.event.number || github.ref }}" 10 | cancel-in-progress: true 11 | 12 | jobs: 13 | check: 14 | name: "${{ matrix.os }}" 15 | runs-on: "${{ matrix.os }}" 16 | strategy: 17 | fail-fast: true 18 | matrix: 19 | os: [ "windows-2022", "macos-14", "ubuntu-24.04" ] 20 | defaults: 21 | run: 22 | shell: "bash" 23 | permissions: 24 | contents: read 25 | steps: 26 | - name: "Checkout repository" 27 | uses: actions/checkout@v4 28 | 29 | - name: "Setup Windows dependencies" 30 | if: runner.os == 'Windows' 31 | uses: msys2/setup-msys2@v2 32 | with: 33 | update: true 34 | install: >- 35 | autoconf 36 | automake 37 | diffutils 38 | libtool 39 | gcc 40 | git 41 | patch 42 | perl 43 | 44 | - name: "Setup macOS dependencies" 45 | if: runner.os == 'macOS' 46 | run: brew install automake libtool 47 | 48 | - name: "Prepare source tree for build (Windows)" 49 | if: runner.os == 'Windows' 50 | shell: "msys2 {0}" 51 | run: ./autogen.sh 52 | 53 | - name: "Prepare source tree for build (Unix)" 54 | if: runner.os != 'Windows' 55 | run: ./autogen.sh 56 | 57 | - name: "Configure" 58 | run: | 59 | cmake -S . \ 60 | -B build \ 61 | -D CMAKE_BUILD_TYPE=Release \ 62 | -D CMAKE_INSTALL_PREFIX=$GITHUB_WORKSPACE/../local 63 | 64 | - name: "Build" 65 | run: cmake --build build --config Release --verbose 66 | 67 | - name: "Install" 68 | run: cmake --install build --config Release 69 | 70 | - name: "Consume from the build directory - Configure" 71 | run: | 72 | cmake -S tests/cmake \ 73 | -B consumer-build \ 74 | -D CMAKE_BUILD_TYPE=Release \ 75 | -D LibreSSL_DIR=$GITHUB_WORKSPACE/build 76 | 77 | - name: "Consume from the build directory - Build" 78 | run: cmake --build consumer-build --config Release --verbose 79 | 80 | - name: "Consume from the install directory (CMAKE_PREFIX_PATH) - Configure" 81 | run: | 82 | cmake -S tests/cmake \ 83 | -B consumer-install-prefix \ 84 | -D CMAKE_BUILD_TYPE=Release \ 85 | -D CMAKE_PREFIX_PATH=$GITHUB_WORKSPACE/../local 86 | 87 | - name: "Consume from the install directory (CMAKE_PREFIX_PATH) - Build" 88 | run: cmake --build consumer-install-prefix --config Release --verbose 89 | 90 | - name: "Consume from the install directory (LibreSSL_DIR) - Configure" 91 | run: | 92 | cmake -S tests/cmake \ 93 | -B consumer-install-dir \ 94 | -D CMAKE_BUILD_TYPE=Release \ 95 | -D LibreSSL_DIR=$GITHUB_WORKSPACE/../local/lib/cmake/LibreSSL 96 | 97 | - name: "Consume from the install directory (LibreSSL_DIR) - Build" 98 | run: cmake --build consumer-install-dir --config Release --verbose 99 | -------------------------------------------------------------------------------- /.github/workflows/coverity.yml: -------------------------------------------------------------------------------- 1 | # GitHub Actions workflow to run Coverity scans. 2 | name: "Coverity" 3 | 4 | on: 5 | workflow_dispatch: 6 | schedule: 7 | - cron: "0 0 * * *" # At 00:00 daily. 8 | 9 | concurrency: 10 | group: "${{ github.workflow }}-${{ github.event.number || github.ref }}" 11 | cancel-in-progress: true 12 | 13 | jobs: 14 | scan: 15 | name: "Scan" 16 | runs-on: "ubuntu-24.04" 17 | if: github.repository_owner == 'libressl' # Prevent running on forks 18 | permissions: 19 | contents: read 20 | steps: 21 | - name: "Checkout repository" 22 | uses: actions/checkout@v4 23 | 24 | - name: "Install dependencies" 25 | run: | 26 | sudo apt-get update 27 | sudo apt-get install -y cmake ninja-build 28 | 29 | - name: "Download Coverity build tool" 30 | env: 31 | PROJECT: "libressl-portable%2Fportable" 32 | COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}" 33 | run: | 34 | wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$PROJECT" -O coverity_tool.tar.gz 35 | mkdir coverity_tool 36 | tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool 37 | 38 | - name: "Setup" 39 | run: | 40 | ./autogen.sh 41 | ./configure 42 | make dist 43 | tar zxf libressl-*.tar.gz 44 | rm libressl-*.tar.gz 45 | cd libressl-* 46 | mkdir build-static 47 | mkdir build-shared 48 | cmake -GNinja -DBUILD_SHARED_LIBS=ON .. 49 | 50 | - name: "Build with Coverity build tool" 51 | run: | 52 | export PATH=`pwd`/coverity_tool/bin:$PATH 53 | cd libressl-* 54 | cov-build --dir cov-int ninja 55 | 56 | - name: "Submit build result to Coverity Scan" 57 | env: 58 | EMAIL: "libressl-security@openbsd.org" 59 | PROJECT: "libressl-portable%2Fportable" 60 | COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}" 61 | run: | 62 | cd libressl-* 63 | tar czvf cov.tar.gz cov-int 64 | curl --form token=$COVERITY_SCAN_TOKEN \ 65 | --form email=$EMAIL \ 66 | --form file=@cov.tar.gz \ 67 | --form version="Commit $GITHUB_SHA" \ 68 | --form description="Build submitted via CI" \ 69 | https://scan.coverity.com/builds?project=$PROJECT 70 | -------------------------------------------------------------------------------- /.github/workflows/emscripten.yml: -------------------------------------------------------------------------------- 1 | # GitHub Actions workflow to run for Emscripten. 2 | name: "Emscripten" 3 | 4 | on: 5 | push: {} 6 | pull_request: {} 7 | schedule: 8 | - cron: "0 0 * * *" # At 00:00 daily. 9 | 10 | concurrency: 11 | group: "${{ github.workflow }}-${{ github.ref }}" 12 | cancel-in-progress: true 13 | 14 | jobs: 15 | test: 16 | name: "Emscripten" 17 | runs-on: "ubuntu-24.04" 18 | if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }} 19 | permissions: 20 | contents: read 21 | steps: 22 | - name: "Checkout repository" 23 | uses: actions/checkout@v4 24 | 25 | - name: "Setup emsdk" 26 | uses: mymindstorm/setup-emsdk@v14 27 | with: 28 | version: "3.1.60" 29 | 30 | - name: "Prepare repository" 31 | run: ./autogen.sh 32 | 33 | - name: "Configure CMake" 34 | run: emcmake cmake -Bbuild 35 | 36 | - name: "Build" 37 | run: cmake --build build --config Release 38 | 39 | - name: "Test" 40 | run: ctest --test-dir build -C Release --output-on-failure 41 | 42 | # Test ASAN with and without ASM enabled. 43 | test-asan: 44 | name: "ASAN (no-asm)" 45 | runs-on: "ubuntu-24.04" 46 | if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }} 47 | permissions: 48 | contents: read 49 | steps: 50 | - name: "Checkout repository" 51 | uses: actions/checkout@v4 52 | 53 | - name: "Setup emsdk" 54 | uses: mymindstorm/setup-emsdk@v14 55 | with: 56 | version: "3.1.60" 57 | 58 | - name: "Prepare repository" 59 | run: ./autogen.sh 60 | 61 | - name: "Configure CMake" 62 | run: emcmake cmake -Bbuild 63 | env: 64 | CFLAGS: "-gsource-map -fsanitize=address" 65 | LDFLAGS: "-fsanitize=address" 66 | 67 | - name: "Build" 68 | run: cmake --build build --config Release 69 | 70 | - name: "Test" 71 | run: ctest --test-dir build -C Release --output-on-failure 72 | -------------------------------------------------------------------------------- /.github/workflows/fedora-rawhide.yml: -------------------------------------------------------------------------------- 1 | name: Fedora/Rawhide 2 | 3 | on: 4 | workflow_dispatch: 5 | schedule: 6 | - cron: "0 0 * * *" 7 | 8 | concurrency: 9 | group: "${{ github.workflow }}-${{ github.event.number || github.ref }}" 10 | cancel-in-progress: true 11 | 12 | permissions: 13 | contents: read 14 | 15 | jobs: 16 | build_and_test: 17 | strategy: 18 | matrix: 19 | cc: [ gcc, clang ] 20 | name: ${{ matrix.cc }} 21 | runs-on: ubuntu-24.04 22 | if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }} 23 | container: 24 | image: fedora:rawhide 25 | steps: 26 | - uses: actions/checkout@v4 27 | - name: Install dependencies 28 | run: | 29 | dnf -y install git make clang cmake ninja-build autoconf automake libtool diffutils patch gawk 30 | - name: Pull upstream source 31 | run: | 32 | ./update.sh 33 | - name: Build 34 | run: | 35 | CC=${{ matrix.cc }} cmake -GNinja -DBUILD_SHARED_LIBS=ON . 36 | ninja 37 | - name: Test 38 | run: | 39 | ninja test 40 | -------------------------------------------------------------------------------- /.github/workflows/freebsd.yml: -------------------------------------------------------------------------------- 1 | # GitHub Actions workflow to run tests on a FreeBSD VM. 2 | name: "FreeBSD" 3 | 4 | on: 5 | workflow_dispatch: 6 | schedule: 7 | - cron: "0 0 * * *" # At 00:00 daily. 8 | 9 | concurrency: 10 | group: "${{ github.workflow }}-${{ github.event.number || github.ref }}" 11 | cancel-in-progress: true 12 | 13 | env: 14 | FREEBSD_VERSION: "14.1" 15 | 16 | jobs: 17 | autoconf: 18 | name: "autoconf" 19 | runs-on: ubuntu-24.04 20 | if: github.repository_owner == 'libressl' || github.event_name != 'schedule' 21 | permissions: 22 | contents: read 23 | steps: 24 | - name: "Checkout repository" 25 | uses: actions/checkout@v4 26 | 27 | - name: "Setup" 28 | run: | 29 | sudo apt-get update 30 | sudo apt-get install -y automake autoconf libtool 31 | ./autogen.sh 32 | 33 | - name: "Build on VM" 34 | uses: vmactions/freebsd-vm@v1 35 | with: 36 | release: "${{ env.FREEBSD_VERSION }}" 37 | copyback: false 38 | prepare: | 39 | pkg install -y autoconf automake libtool 40 | run: | 41 | ./configure 42 | make -j2 check || (cat tests/test-suite.log && exit 1) 43 | 44 | cmake: 45 | name: "cmake" 46 | runs-on: ubuntu-24.04 47 | if: github.repository_owner == 'libressl' || github.event_name != 'schedule' 48 | permissions: 49 | contents: read 50 | steps: 51 | - name: "Checkout repository" 52 | uses: actions/checkout@v4 53 | 54 | - name: "Setup" 55 | run: | 56 | sudo apt-get update 57 | sudo apt-get install -y automake autoconf libtool 58 | ./autogen.sh 59 | 60 | - name: "Build on VM" 61 | uses: vmactions/freebsd-vm@v1 62 | with: 63 | release: "${{ env.FREEBSD_VERSION }}" 64 | copyback: false 65 | prepare: | 66 | pkg install -y cmake ninja 67 | run: | 68 | export CTEST_OUTPUT_ON_FAILURE=1 69 | cmake -G Ninja -B build 70 | ninja -C build 71 | ninja -C build test 72 | -------------------------------------------------------------------------------- /.github/workflows/linux.yml: -------------------------------------------------------------------------------- 1 | # GitHub Actions workflow to run tests on Linux. 2 | name: "Linux" 3 | 4 | on: 5 | push: {} 6 | pull_request: {} 7 | schedule: 8 | - cron: "0 0 * * *" # At 00:00 daily. 9 | 10 | concurrency: 11 | group: "${{ github.workflow }}-${{ github.event.number || github.ref }}" 12 | cancel-in-progress: true 13 | 14 | jobs: 15 | # Test against all supported architectures. 16 | test: 17 | name: "${{ matrix.os }}/${{ matrix.arch }} (${{ matrix.compiler }})" 18 | runs-on: "${{ matrix.os }}" 19 | if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }} 20 | permissions: 21 | contents: read 22 | strategy: 23 | fail-fast: false 24 | matrix: 25 | os: ["ubuntu-22.04", "ubuntu-24.04"] 26 | arch: ["native", "arm32", "arm64", "mingw32", "mingw64", "mips32", "mips64"] 27 | compiler: ["gcc"] 28 | include: 29 | - os: "ubuntu-22.04" 30 | arch: "native" 31 | compiler: "clang" 32 | - os: "ubuntu-24.04" 33 | arch: "native" 34 | compiler: "clang" 35 | - os: "ubuntu-24.04" # loong64 36 | arch: "loong64" 37 | compiler: "gcc" 38 | steps: 39 | - name: "Checkout repository" 40 | uses: actions/checkout@v4 41 | 42 | - name: "Run tests" 43 | run: ./scripts/test || (status=$?; cat tests/test-suite.log; exit $status) 44 | env: 45 | ARCH: "${{ matrix.arch }}" 46 | CC: "${{ matrix.compiler }}" 47 | 48 | # Test ASAN with and without ASM enabled. 49 | test-asan: 50 | name: "ASAN (${{ matrix.asm == 'ON' && 'asm' || 'no-asm' }})" 51 | runs-on: "ubuntu-24.04" 52 | if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }} 53 | permissions: 54 | contents: read 55 | strategy: 56 | fail-fast: false 57 | matrix: 58 | asm: [ON, OFF] 59 | steps: 60 | - name: "Checkout repository" 61 | uses: actions/checkout@v4 62 | 63 | - name: "Run tests" 64 | run: ./scripts/test 65 | env: 66 | ARCH: "native" 67 | CC: "clang" 68 | CFLAGS: "-ggdb -fsanitize=address" 69 | LDFLAGS: "-fsanitize=address" 70 | ENABLE_ASM: "${{ matrix.asm }}" 71 | CTEST_OUTPUT_ON_FAILURE: 1 72 | -------------------------------------------------------------------------------- /.github/workflows/macos.yml: -------------------------------------------------------------------------------- 1 | # GitHub Actions workflow to run tests on macOS. 2 | name: "macOS" 3 | 4 | on: 5 | push: {} 6 | pull_request: {} 7 | schedule: 8 | - cron: "0 0 * * 0" # At 00:00 weekly on Sunday. 9 | 10 | concurrency: 11 | group: "${{ github.workflow }}-${{ github.event.number || github.ref }}" 12 | cancel-in-progress: true 13 | 14 | jobs: 15 | test: 16 | name: "${{ matrix.os }}/${{ matrix.arch }}" 17 | runs-on: "${{ matrix.os }}" 18 | if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }} 19 | permissions: 20 | contents: read 21 | strategy: 22 | fail-fast: false 23 | matrix: 24 | os: ["macos-15", "macos-14", "macos-13"] 25 | arch: ["arm64", "x86_64"] 26 | steps: 27 | - name: "Install required packages" 28 | run: brew install automake libtool 29 | 30 | - name: "Checkout repository" 31 | uses: actions/checkout@v4 32 | 33 | - name: "Run tests" 34 | run: ./scripts/test 35 | env: 36 | ARCH: "${{ matrix.arch }}" 37 | OS: "${{ matrix.os }}" 38 | -------------------------------------------------------------------------------- /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | # GitHub Actions workflow to create releases from tags. 2 | name: "Release" 3 | 4 | on: 5 | push: 6 | tags: [ "v*" ] 7 | 8 | concurrency: 9 | group: "${{ github.workflow }}-${{ github.event.number || github.ref }}" 10 | cancel-in-progress: true 11 | 12 | permissions: 13 | contents: write 14 | 15 | jobs: 16 | release: 17 | name: "Release" 18 | runs-on: "ubuntu-24.04" 19 | outputs: 20 | upload_url: "${{ steps.create_release.outputs.upload_url }}" 21 | steps: 22 | - name: "Checkout repository" 23 | uses: actions/checkout@v4 24 | 25 | - name: "Generate version changelog" 26 | run: .github/scripts/changelog.sh "$VERSION" > release-changelog.txt 27 | env: 28 | VERSION: "${{ github.ref_name }}" 29 | 30 | - name: "Create GitHub release" 31 | id: create_release 32 | uses: softprops/action-gh-release@v2 33 | with: 34 | body_path: "${{ github.workspace }}/release-changelog.txt" 35 | 36 | build-windows: 37 | name: "${{ matrix.os }}/${{ matrix.arch }}" 38 | runs-on: "${{ matrix.os }}" 39 | needs: ["release"] 40 | strategy: 41 | matrix: 42 | os: [ "windows-2022" ] 43 | arch: [ "Win32", "x64", "ARM64" ] 44 | steps: 45 | - name: "Checkout repository" 46 | uses: actions/checkout@v4 47 | 48 | - name: "Setup MSYS2" 49 | uses: msys2/setup-msys2@v2 50 | with: 51 | update: true 52 | install: >- 53 | autoconf 54 | automake 55 | diffutils 56 | libtool 57 | gcc 58 | git 59 | patch 60 | perl 61 | 62 | - shell: msys2 {0} 63 | run: ./autogen.sh 64 | 65 | - shell: cmd 66 | run: cmake -Bbuild -G "Visual Studio 17 2022" -A ${{ matrix.arch }} -DCMAKE_INSTALL_PREFIX=local 67 | 68 | - shell: cmd 69 | run: cmake --build build --config Release 70 | 71 | - shell: cmd 72 | run: cmake --install build --config Release 73 | 74 | - shell: pwsh 75 | run: Compress-Archive -Path local\* "libressl_${{ github.ref_name }}_windows_${{ matrix.arch }}.zip" 76 | 77 | - name: "Upload release artifact" 78 | uses: softprops/action-gh-release@v2 79 | with: 80 | files: | 81 | libressl_${{ github.ref_name }}_windows_${{ matrix.arch }}.zip 82 | -------------------------------------------------------------------------------- /.github/workflows/rust-openssl.yml: -------------------------------------------------------------------------------- 1 | # GitHub Actions workflow to run rust-openssl regress tests. 2 | name: "rust-openssl" 3 | 4 | on: 5 | workflow_dispatch: 6 | schedule: 7 | - cron: "0 0 * * *" # At 00:00 daily. 8 | 9 | concurrency: 10 | group: "${{ github.workflow }}-${{ github.event.number || github.ref }}" 11 | cancel-in-progress: true 12 | 13 | jobs: 14 | test: 15 | name: "Test" 16 | runs-on: "ubuntu-24.04" 17 | if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }} 18 | permissions: 19 | contents: read 20 | steps: 21 | - name: "Checkout repository" 22 | uses: actions/checkout@v4 23 | 24 | - name: "Build LibreSSL" 25 | run: | 26 | ./autogen.sh 27 | ./configure --prefix="${HOME}/opt" 28 | make all install 29 | 30 | - name: "Clone rust-openssl" 31 | run: | 32 | git clone https://github.com/sfackler/rust-openssl.git 33 | 34 | - name: "Run rust-openssl tests" 35 | run: | 36 | cd rust-openssl 37 | # instead of erroring use the last supported version 38 | ed -s openssl-sys/build/main.rs <<-EOF 39 | /_ => version_error/-1 40 | .t. 41 | s/(.*=/_ = 42 | +1d 43 | w 44 | q 45 | EOF 46 | export OPENSSL_DIR=${HOME}/opt LD_LIBRARY_PATH=${HOME}/opt/lib 47 | cargo test --verbose 48 | -------------------------------------------------------------------------------- /.github/workflows/solaris.yml: -------------------------------------------------------------------------------- 1 | # GitHub Actions workflow to run tests on a Solaris VM. 2 | name: "Solaris" 3 | 4 | on: 5 | workflow_dispatch: 6 | schedule: 7 | - cron: "0 0 * * *" # At 00:00 daily. 8 | 9 | concurrency: 10 | group: "${{ github.workflow }}-${{ github.event.number || github.ref }}" 11 | cancel-in-progress: true 12 | 13 | jobs: 14 | test: 15 | name: "Solaris" 16 | runs-on: ubuntu-24.04 17 | if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }} 18 | permissions: 19 | contents: read 20 | steps: 21 | - name: "Checkout repository" 22 | uses: actions/checkout@v4 23 | 24 | - name: "Setup" 25 | run: | 26 | sudo apt-get update 27 | sudo apt-get install -y automake autoconf libtool 28 | ./autogen.sh 29 | 30 | - name: "Build on VM" 31 | uses: vmactions/solaris-vm@v1 32 | with: 33 | prepare: | 34 | pkg install gcc make 35 | run: | 36 | MAKE=gmake ./configure 37 | gmake -j2 check || (cat tests/test-suite.log && exit 1) 38 | -------------------------------------------------------------------------------- /.github/workflows/windows.yml: -------------------------------------------------------------------------------- 1 | # GitHub Actions workflow to run tests on Windows. 2 | name: "Windows" 3 | 4 | on: 5 | push: {} 6 | pull_request: {} 7 | schedule: 8 | - cron: "0 0 * * 0" # At 00:00 weekly on Sunday. 9 | 10 | concurrency: 11 | group: "${{ github.workflow }}-${{ github.event.number || github.ref }}" 12 | cancel-in-progress: true 13 | 14 | jobs: 15 | test: 16 | name: "${{ matrix.os }}/${{ matrix.arch }} (${{ matrix.generator }}${{ matrix.shared == 'ON' && ', shared' || '' }})" 17 | runs-on: "${{ matrix.os }}" 18 | if: ${{ github.repository_owner == 'libressl' || github.event_name != 'schedule' }} 19 | permissions: 20 | contents: read 21 | strategy: 22 | fail-fast: false 23 | matrix: 24 | os: ["windows-2022", "windows-2025"] 25 | arch: ["ARM64", "x64", "Win32"] 26 | shared: ["ON", "OFF"] 27 | include: 28 | - os: "windows-2022" 29 | generator: "Visual Studio 17 2022" 30 | - os: "windows-2025" 31 | # XXX - use appropriate value 32 | generator: "Visual Studio 17 2022" 33 | steps: 34 | - name: "Checkout repository" 35 | uses: actions/checkout@v4 36 | 37 | - name: "Setup MSYS2" 38 | uses: msys2/setup-msys2@v2 39 | with: 40 | update: true 41 | install: >- 42 | diffutils 43 | gcc 44 | git 45 | patch 46 | perl 47 | 48 | - name: "Update" 49 | shell: msys2 {0} 50 | run: ./update.sh 51 | 52 | - name: "Configure CMake" 53 | shell: cmd 54 | run: cmake -Bbuild -G "${{ matrix.generator }}" -A ${{ matrix.arch }} -D BUILD_SHARED_LIBS=${{ matrix.shared }} -D CMAKE_INSTALL_PREFIX=../local 55 | 56 | - name: "Build" 57 | shell: cmd 58 | run: cmake --build build --config Release 59 | 60 | - name: "Test" 61 | if: matrix.arch != 'ARM64' 62 | shell: cmd 63 | run: ctest --test-dir build -C Release --output-on-failure 64 | 65 | - name: "Upload build artifacts" 66 | if: always() 67 | uses: actions/upload-artifact@v4 68 | with: 69 | name: "${{ matrix.os }}-${{ matrix.arch }}${{ matrix.shared == 'ON' && '-shared' || '' }}-build-results" 70 | path: "build" 71 | -------------------------------------------------------------------------------- /LibreSSLConfig.cmake.in: -------------------------------------------------------------------------------- 1 | @PACKAGE_INIT@ 2 | 3 | set(LIBRESSL_VERSION @VERSION@) 4 | set_and_check(LIBRESSL_INCLUDE_DIR @PACKAGE_INCLUDE_DIRECTORY@) 5 | 6 | if(EXISTS "${CMAKE_CURRENT_LIST_DIR}/LibreSSL-Crypto.cmake") 7 | include("${CMAKE_CURRENT_LIST_DIR}/LibreSSL-Crypto.cmake") 8 | set(LIBRESSL_CRYPTO_LIBRARY LibreSSL::Crypto) 9 | set(LibreSSL_Crypto_FOUND TRUE) 10 | endif() 11 | 12 | if(EXISTS "${CMAKE_CURRENT_LIST_DIR}/LibreSSL-SSL.cmake") 13 | include("${CMAKE_CURRENT_LIST_DIR}/LibreSSL-SSL.cmake") 14 | set(LIBRESSL_SSL_LIBRARY LibreSSL::SSL) 15 | set(LibreSSL_SSL_FOUND TRUE) 16 | endif() 17 | 18 | if(EXISTS "${CMAKE_CURRENT_LIST_DIR}/LibreSSL-TLS.cmake") 19 | include("${CMAKE_CURRENT_LIST_DIR}/LibreSSL-TLS.cmake") 20 | set(LIBRESSL_TLS_LIBRARY LibreSSL::TLS) 21 | set(LibreSSL_TLS_FOUND TRUE) 22 | endif() 23 | 24 | set(LIBRESSL_LIBRARIES 25 | ${LIBRESSL_CRYPTO_LIBRARY} 26 | ${LIBRESSL_SSL_LIBRARY} 27 | ${LIBRESSL_TLS_LIBRARY} 28 | ) 29 | 30 | check_required_components(LibreSSL) 31 | 32 | if(DEFINED LibreSSL_FOUND) 33 | set(LIBRESSL_FOUND ${LibreSSL_FOUND}) 34 | else() 35 | set(LIBRESSL_FOUND TRUE) 36 | endif() 37 | -------------------------------------------------------------------------------- /Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2014 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | SUBDIRS = include crypto ssl tls apps man 17 | if ENABLE_TESTS 18 | SUBDIRS += tests 19 | endif 20 | ACLOCAL_AMFLAGS = -I m4 21 | 22 | pkgconfigdir = $(libdir)/pkgconfig 23 | pkgconfig_DATA = libtls.pc 24 | if !ENABLE_LIBTLS_ONLY 25 | pkgconfig_DATA += libcrypto.pc libssl.pc openssl.pc 26 | endif 27 | 28 | EXTRA_DIST = README.md README.mingw.md VERSION config scripts 29 | EXTRA_DIST += CMakeLists.txt cmake_export_symbol.cmake cmake_uninstall.cmake.in FindLibreSSL.cmake LibreSSLConfig.cmake.in 30 | EXTRA_DIST += cert.pem openssl.cnf x509v3.cnf 31 | 32 | .PHONY: install_sw 33 | install_sw: install 34 | 35 | install-exec-hook: 36 | @if [ "@OPENSSLDIR@x" != "x" ]; then \ 37 | OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \ 38 | else \ 39 | OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ 40 | fi; \ 41 | mkdir -p "$$OPENSSLDIR/certs"; \ 42 | for i in cert.pem openssl.cnf x509v3.cnf; do \ 43 | if [ ! -f "$$OPENSSLDIR/$i" ]; then \ 44 | $(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \ 45 | else \ 46 | echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \ 47 | fi \ 48 | done 49 | 50 | uninstall-local: 51 | @if [ "@OPENSSLDIR@x" != "x" ]; then \ 52 | OPENSSLDIR="$(DESTDIR)@OPENSSLDIR@"; \ 53 | else \ 54 | OPENSSLDIR="$(DESTDIR)$(sysconfdir)/ssl"; \ 55 | fi; \ 56 | for i in cert.pem openssl.cnf x509v3.cnf; do \ 57 | if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \ 58 | rm -f "$$OPENSSLDIR/$$i"; \ 59 | fi \ 60 | done 61 | -------------------------------------------------------------------------------- /Makefile.am.common: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2014 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | AM_CFLAGS = 17 | AM_CPPFLAGS = -I$(top_srcdir)/include 18 | AM_CPPFLAGS += -I$(abs_top_builddir)/include 19 | AM_CPPFLAGS += -I$(top_srcdir)/include/compat -DLIBRESSL_INTERNAL 20 | AM_CPPFLAGS += -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= 21 | -------------------------------------------------------------------------------- /OPENBSD_BRANCH: -------------------------------------------------------------------------------- 1 | master 2 | -------------------------------------------------------------------------------- /README.mingw.md: -------------------------------------------------------------------------------- 1 | ## Building with MinGW-w64 for 32- and 64-bit 2 | 3 | For Windows systems, LibreSSL supports the MinGW-w64 toolchain, which can use 4 | GCC or Clang as the compiler. Contrary to its name, MinGW-w64 supports both 5 | 32-bit and 64-bit build environments. If your project already uses MinGW-w64, 6 | then LibreSSL should integrate very nicely. Old versions of the MinGW-w64 7 | toolchain, such as the one packaged with Ubuntu 12.04, may have trouble 8 | building LibreSSL. Please try it with a recent toolchain if you encounter 9 | troubles. Cygwin provides an easy method of installing the latest MinGW-w64 10 | cross-compilers on Windows. 11 | 12 | To configure and build LibreSSL for a 32-bit system, use the following 13 | build steps: 14 | 15 | CC=i686-w64-mingw32-gcc CPPFLAGS=-D__MINGW_USE_VC2005_COMPAT \ 16 | ./configure --host=i686-w64-mingw32 17 | make 18 | make check 19 | 20 | For 64-bit builds, use these instead: 21 | 22 | CC=x86_64-w64-mingw32-gcc ./configure --host=x86_64-w64-mingw32 23 | make 24 | make check 25 | 26 | ### Why the -D__MINGW_USE_VC2005_COMPAT flag on 32-bit systems? 27 | 28 | An ABI change introduced with Microsoft Visual C++ 2005 (also known as 29 | Visual C++ 8.0) switched time_t from 32-bit to 64-bit. It is important to 30 | build LibreSSL with 64-bit time_t whenever possible, because 32-bit time_t 31 | is unable to represent times past 2038 (this is commonly known as the 32 | Y2K38 problem). 33 | 34 | If LibreSSL is built with 32-bit time_t, when verifying a certificate whose 35 | expiry date is set past 19 January 2038, it will be unable to tell if the 36 | certificate has expired or not, and thus take the safe stance and reject it. 37 | 38 | In order to avoid this, you need to build LibreSSL (and everything that links 39 | with it) with the -D__MINGW_USE_VC2005_COMPAT flag. This tells MinGW-w64 to 40 | use the new ABI. 41 | 42 | 64-bit systems always have a 64-bit time_t and are not affected by this 43 | problem. 44 | -------------------------------------------------------------------------------- /apps/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2014 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | add_subdirectory(ocspcheck) 17 | add_subdirectory(openssl) 18 | add_subdirectory(nc) 19 | -------------------------------------------------------------------------------- /apps/Makefile.am: -------------------------------------------------------------------------------- 1 | include $(top_srcdir)/Makefile.am.common 2 | 3 | SUBDIRS = ocspcheck openssl nc 4 | 5 | EXTRA_DIST = CMakeLists.txt 6 | -------------------------------------------------------------------------------- /apps/nc/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016 Kinichiro Inoguchi 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | if(BUILD_NC) 17 | 18 | set( 19 | NC_SRC 20 | atomicio.c 21 | netcat.c 22 | socks.c 23 | compat/socket.c 24 | ) 25 | 26 | check_function_exists(b64_ntop HAVE_B64_NTOP) 27 | if(HAVE_B64_NTOP) 28 | add_definitions(-DHAVE_B64_NTOP) 29 | else() 30 | set(NC_SRC ${NC_SRC} compat/base64.c) 31 | endif() 32 | 33 | check_function_exists(accept4 HAVE_ACCEPT4) 34 | if(HAVE_ACCEPT4) 35 | add_definitions(-DHAVE_ACCEPT4) 36 | else() 37 | set(NC_SRC ${NC_SRC} compat/accept4.c) 38 | endif() 39 | 40 | check_symbol_exists(readpassphrase "readpassphrase.h" HAVE_READPASSPHRASE) 41 | if(HAVE_READPASSPHRASE) 42 | add_definitions(-DHAVE_READPASSPHRASE) 43 | else() 44 | set(NC_SRC ${NC_SRC} compat/readpassphrase.c) 45 | endif() 46 | 47 | add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") 48 | 49 | add_executable(nc ${NC_SRC}) 50 | target_include_directories(nc 51 | PRIVATE 52 | . 53 | ./compat 54 | ../../include/compat 55 | PUBLIC 56 | ../../include 57 | ${CMAKE_BINARY_DIR}/include) 58 | target_link_libraries(nc ${LIBTLS_LIBS} compat_obj) 59 | 60 | if(ENABLE_NC) 61 | if(ENABLE_LIBRESSL_INSTALL) 62 | install(TARGETS nc DESTINATION ${CMAKE_INSTALL_BINDIR}) 63 | install(FILES nc.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) 64 | endif(ENABLE_LIBRESSL_INSTALL) 65 | endif() 66 | 67 | endif() 68 | -------------------------------------------------------------------------------- /apps/nc/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2015 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | include $(top_srcdir)/Makefile.am.common 17 | 18 | -include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk 19 | -include $(abs_top_builddir)/ssl/libssl_la_objects.mk 20 | -include $(abs_top_builddir)/tls/libtls_la_objects.mk 21 | 22 | if BUILD_NC 23 | 24 | if ENABLE_NC 25 | bin_PROGRAMS = nc 26 | dist_man_MANS = nc.1 27 | else 28 | noinst_PROGRAMS = nc 29 | endif 30 | 31 | EXTRA_DIST = nc.1 32 | EXTRA_DIST += CMakeLists.txt 33 | 34 | nc_LDADD = $(libcrypto_la_objects) 35 | nc_LDADD += $(libcompat_la_objects) 36 | nc_LDADD += $(libcompatnoopt_la_objects) 37 | nc_LDADD += $(libssl_la_objects) 38 | nc_LDADD += $(libtls_la_objects) 39 | 40 | nc_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD) 41 | 42 | AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat 43 | 44 | nc_SOURCES = atomicio.c 45 | nc_SOURCES += netcat.c 46 | nc_SOURCES += socks.c 47 | noinst_HEADERS = atomicio.h 48 | noinst_HEADERS += compat/sys/socket.h 49 | 50 | nc_SOURCES += compat/socket.c 51 | 52 | if !HAVE_B64_NTOP 53 | nc_SOURCES += compat/base64.c 54 | endif 55 | 56 | if !HAVE_ACCEPT4 57 | nc_SOURCES += compat/accept4.c 58 | endif 59 | 60 | if !HAVE_READPASSPHRASE 61 | nc_SOURCES += compat/readpassphrase.c 62 | endif 63 | 64 | endif 65 | -------------------------------------------------------------------------------- /apps/nc/compat/accept4.c: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | int 5 | accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags) 6 | { 7 | int rets = accept(s, addr, addrlen); 8 | if (rets == -1) 9 | return s; 10 | 11 | if (flags & SOCK_CLOEXEC) { 12 | flags = fcntl(s, F_GETFD); 13 | fcntl(rets, F_SETFD, flags | FD_CLOEXEC); 14 | } 15 | 16 | return rets; 17 | } 18 | -------------------------------------------------------------------------------- /apps/nc/compat/socket.c: -------------------------------------------------------------------------------- 1 | #define SOCKET_FLAGS_PRIV 2 | 3 | #include 4 | 5 | #ifdef NEED_SOCKET_FLAGS 6 | 7 | #include 8 | 9 | int 10 | _socket(int domain, int type, int protocol) 11 | { 12 | int s = socket(domain, type & ~(SOCK_CLOEXEC | SOCK_NONBLOCK), protocol); 13 | int flags; 14 | if (s == -1) 15 | return s; 16 | 17 | if (type & SOCK_CLOEXEC) { 18 | flags = fcntl(s, F_GETFD); 19 | fcntl(s, F_SETFD, flags | FD_CLOEXEC); 20 | } 21 | 22 | if (type & SOCK_NONBLOCK) { 23 | flags = fcntl(s, F_GETFL); 24 | fcntl(s, F_SETFL, flags | O_NONBLOCK); 25 | } 26 | return s; 27 | } 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /apps/nc/compat/sys/socket.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/socket.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | 9 | #if defined(NEED_SOCKET_FLAGS) 10 | int _socket(int domain, int type, int protocol); 11 | #ifndef SOCKET_FLAGS_PRIV 12 | #define socket(d, t, p) _socket(d, t, p) 13 | #endif 14 | #endif 15 | 16 | #ifndef SOCK_NONBLOCK 17 | #define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */ 18 | #endif 19 | 20 | #ifndef SOCK_CLOEXEC 21 | #define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */ 22 | #endif 23 | 24 | #ifndef HAVE_ACCEPT4 25 | int accept4(int s, struct sockaddr *addr, socklen_t *addrlen, int flags); 26 | #endif 27 | 28 | #else 29 | #include 30 | #endif 31 | -------------------------------------------------------------------------------- /apps/ocspcheck/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2017 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | set( 17 | OCSPCHECK_SRC 18 | http.c 19 | ocspcheck.c 20 | ) 21 | 22 | check_function_exists(memmem HAVE_MEMMEM) 23 | if(HAVE_MEMMEM) 24 | add_definitions(-DHAVE_MEMMEM) 25 | else() 26 | set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/memmem.c) 27 | endif() 28 | 29 | add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") 30 | 31 | add_executable(ocspcheck ${OCSPCHECK_SRC}) 32 | target_include_directories(ocspcheck 33 | PRIVATE 34 | ../../include/compat 35 | PUBLIC 36 | ../../include 37 | ${CMAKE_BINARY_DIR}/include) 38 | target_link_libraries(ocspcheck tls ${OPENSSL_LIBS} compat_obj tls_compat_obj) 39 | 40 | if(ENABLE_LIBRESSL_INSTALL) 41 | install(TARGETS ocspcheck DESTINATION ${CMAKE_INSTALL_BINDIR}) 42 | install(FILES ocspcheck.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8) 43 | 44 | endif(ENABLE_LIBRESSL_INSTALL) 45 | -------------------------------------------------------------------------------- /apps/ocspcheck/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2017 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | include $(top_srcdir)/Makefile.am.common 17 | 18 | -include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk 19 | -include $(abs_top_builddir)/ssl/libssl_la_objects.mk 20 | -include $(abs_top_builddir)/tls/libtls_la_objects.mk 21 | 22 | if !ENABLE_LIBTLS_ONLY 23 | bin_PROGRAMS = ocspcheck 24 | dist_man_MANS = ocspcheck.8 25 | else 26 | noinst_PROGRAMS = ocspcheck 27 | endif 28 | 29 | EXTRA_DIST = ocspcheck.8 30 | EXTRA_DIST += CMakeLists.txt 31 | 32 | ocspcheck_LDADD = $(libcrypto_la_objects) 33 | ocspcheck_LDADD += $(libcompat_la_objects) 34 | ocspcheck_LDADD += $(libcompatnoopt_la_objects) 35 | ocspcheck_LDADD += $(libssl_la_objects) 36 | ocspcheck_LDADD += $(libtls_la_objects) 37 | ocspcheck_LDADD += $(PLATFORM_LDADD) $(PROG_LDADD) 38 | 39 | ocspcheck_SOURCES = http.c 40 | ocspcheck_SOURCES += ocspcheck.c 41 | noinst_HEADERS = http.h 42 | 43 | if !HAVE_MEMMEM 44 | ocspcheck_SOURCES += compat/memmem.c 45 | endif 46 | -------------------------------------------------------------------------------- /apps/ocspcheck/compat/.gitignore: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/libressl/portable/167c18a522915bbb34c0e41c6bfac507a0b4ccd9/apps/ocspcheck/compat/.gitignore -------------------------------------------------------------------------------- /apps/openssl/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016 Kinichiro Inoguchi 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | set( 17 | OPENSSL_SRC 18 | apps.c 19 | asn1pars.c 20 | ca.c 21 | ciphers.c 22 | crl.c 23 | crl2p7.c 24 | cms.c 25 | dgst.c 26 | dh.c 27 | dhparam.c 28 | dsa.c 29 | dsaparam.c 30 | ec.c 31 | ecparam.c 32 | enc.c 33 | errstr.c 34 | gendh.c 35 | gendsa.c 36 | genpkey.c 37 | genrsa.c 38 | ocsp.c 39 | openssl.c 40 | passwd.c 41 | pkcs12.c 42 | pkcs7.c 43 | pkcs8.c 44 | pkey.c 45 | pkeyparam.c 46 | pkeyutl.c 47 | prime.c 48 | rand.c 49 | req.c 50 | rsa.c 51 | rsautl.c 52 | s_cb.c 53 | s_client.c 54 | s_server.c 55 | s_socket.c 56 | s_time.c 57 | sess_id.c 58 | smime.c 59 | speed.c 60 | ts.c 61 | verify.c 62 | version.c 63 | x509.c 64 | ) 65 | 66 | if(UNIX) 67 | set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c) 68 | set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c) 69 | endif() 70 | 71 | if(WIN32) 72 | set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c) 73 | set(OPENSSL_SRC ${OPENSSL_SRC} certhash_win.c) 74 | set(OPENSSL_SRC ${OPENSSL_SRC} compat/poll_win.c) 75 | endif() 76 | 77 | if(CMAKE_SYSTEM_NAME MATCHES "Darwin") 78 | check_function_exists(clock_gettime HAVE_CLOCK_GETTIME) 79 | if(NOT HAVE_CLOCK_GETTIME) 80 | set(OPENSSL_SRC ${OPENSSL_SRC} compat/clock_gettime_osx.c) 81 | endif() 82 | endif() 83 | 84 | add_executable(openssl ${OPENSSL_SRC}) 85 | target_include_directories(openssl 86 | PRIVATE 87 | . 88 | ../../include/compat 89 | PUBLIC 90 | ../../include 91 | ${CMAKE_BINARY_DIR}/include) 92 | target_link_libraries(openssl ${OPENSSL_LIBS} compat_obj) 93 | 94 | if(ENABLE_LIBRESSL_INSTALL) 95 | install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR}) 96 | install(FILES openssl.1 DESTINATION ${CMAKE_INSTALL_MANDIR}/man1) 97 | endif(ENABLE_LIBRESSL_INSTALL) 98 | -------------------------------------------------------------------------------- /apps/openssl/apps_win.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * 4 | * Dongsheng Song 5 | * Brent Cook 6 | */ 7 | 8 | #include 9 | 10 | #include 11 | #include 12 | 13 | #include "apps.h" 14 | 15 | double 16 | app_timer_real(int get) 17 | { 18 | static __int64 start; 19 | __int64 now; 20 | 21 | now = GetTickCount64(); 22 | if (get) { 23 | return (now - start) / 1000.0; 24 | } 25 | start = now; 26 | return 0.0; 27 | } 28 | 29 | double 30 | app_timer_user(int stop) 31 | { 32 | static unsigned __int64 tmstart; 33 | union { 34 | unsigned __int64 u64; 35 | FILETIME ft; 36 | } ct, et, kt, ut; 37 | 38 | GetProcessTimes(GetCurrentProcess(), &ct.ft, &et.ft, &kt.ft, &ut.ft); 39 | if (stop) 40 | return (ut.u64 + kt.u64 - tmstart) / (double) 10000000; 41 | 42 | tmstart = ut.u64 + kt.u64; 43 | return 0.0; 44 | } 45 | 46 | int 47 | setup_ui(void) 48 | { 49 | ui_method = UI_create_method("OpenSSL application user interface"); 50 | UI_method_set_opener(ui_method, ui_open); 51 | UI_method_set_reader(ui_method, ui_read); 52 | UI_method_set_writer(ui_method, ui_write); 53 | UI_method_set_closer(ui_method, ui_close); 54 | 55 | /* 56 | * Set STDIO to binary 57 | */ 58 | _setmode(_fileno(stdin), _O_BINARY); 59 | _setmode(_fileno(stdout), _O_BINARY); 60 | _setmode(_fileno(stderr), _O_BINARY); 61 | 62 | return 0; 63 | } 64 | 65 | void 66 | destroy_ui(void) 67 | { 68 | if (ui_method) { 69 | UI_destroy_method(ui_method); 70 | ui_method = NULL; 71 | } 72 | } 73 | 74 | static void (*speed_alarm_handler)(int); 75 | static HANDLE speed_thread; 76 | static unsigned int speed_lapse; 77 | static volatile unsigned int speed_schlock; 78 | 79 | void 80 | speed_signal(int sigcatch, void (*func)(int sigraised)) 81 | { 82 | speed_alarm_handler = func; 83 | } 84 | 85 | static DWORD WINAPI 86 | speed_timer(VOID * arg) 87 | { 88 | speed_schlock = 1; 89 | Sleep(speed_lapse); 90 | (*speed_alarm_handler)(0); 91 | return (0); 92 | } 93 | 94 | unsigned int 95 | speed_alarm(unsigned int seconds) 96 | { 97 | DWORD err; 98 | 99 | speed_lapse = seconds * 1000; 100 | speed_schlock = 0; 101 | 102 | speed_thread = CreateThread(NULL, 4096, speed_timer, NULL, 0, NULL); 103 | if (speed_thread == NULL) { 104 | err = GetLastError(); 105 | BIO_printf(bio_err, "CreateThread failed (%lu)", err); 106 | ExitProcess(err); 107 | } 108 | 109 | while (!speed_schlock) 110 | Sleep(0); 111 | 112 | return (seconds); 113 | } 114 | 115 | void 116 | speed_alarm_free(int run) 117 | { 118 | DWORD err; 119 | 120 | if (run) { 121 | if (TerminateThread(speed_thread, 0) == 0) { 122 | err = GetLastError(); 123 | BIO_printf(bio_err, "TerminateThread failed (%lu)", 124 | err); 125 | ExitProcess(err); 126 | } 127 | } 128 | 129 | if (CloseHandle(speed_thread) == 0) { 130 | err = GetLastError(); 131 | BIO_printf(bio_err, "CloseHandle failed (%lu)", err); 132 | ExitProcess(err); 133 | } 134 | 135 | speed_thread = NULL; 136 | speed_lapse = 0; 137 | speed_schlock = 0; 138 | } 139 | -------------------------------------------------------------------------------- /apps/openssl/certhash_win.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * certhash dummy implementation for platforms without symlinks 4 | */ 5 | 6 | #include "apps.h" 7 | 8 | int 9 | certhash_main(int argc, char **argv) 10 | { 11 | fprintf(stderr, "certhash is not enabled on this platform\n"); 12 | return (1); 13 | } 14 | -------------------------------------------------------------------------------- /apps/openssl/compat/clock_gettime_osx.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | #define ORWL_NANO (+1.0E-9) 5 | #define ORWL_GIGA UINT64_C(1000000000) 6 | 7 | int 8 | clock_gettime(clockid_t clock_id, struct timespec *tp) 9 | { 10 | static double orwl_timebase = 0.0; 11 | static uint64_t orwl_timestart = 0; 12 | 13 | if (!orwl_timestart) { 14 | mach_timebase_info_data_t tb = { 0 }; 15 | mach_timebase_info(&tb); 16 | orwl_timebase = tb.numer; 17 | orwl_timebase /= tb.denom; 18 | orwl_timestart = mach_absolute_time(); 19 | } 20 | 21 | double diff = (mach_absolute_time() - orwl_timestart) * orwl_timebase; 22 | tp->tv_sec = diff * ORWL_NANO; 23 | tp->tv_nsec = diff - (tp->tv_sec * ORWL_GIGA); 24 | 25 | return 0; 26 | } 27 | -------------------------------------------------------------------------------- /appveyor.yml: -------------------------------------------------------------------------------- 1 | image: 2 | - Visual Studio 2019 3 | 4 | environment: 5 | PATH: C:\msys64\usr\bin;C:\msys64\mingw64\bin;C:\Windows\System32;C:\Windows;%PATH% 6 | 7 | matrix: 8 | - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019 9 | GENERATOR: Visual Studio 16 2019 10 | ARCHITECTURE: Win32 11 | CONFIG: Release 12 | SHARED_LIBS: ON 13 | - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019 14 | GENERATOR: Visual Studio 16 2019 15 | ARCHITECTURE: Win32 16 | CONFIG: Release 17 | SHARED_LIBS: OFF 18 | - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019 19 | GENERATOR: Visual Studio 16 2019 20 | ARCHITECTURE: x64 21 | CONFIG: Release 22 | SHARED_LIBS: ON 23 | - APPVEYOR_BUILD_WORKER_IMAGE: Visual Studio 2019 24 | GENERATOR: Visual Studio 16 2019 25 | ARCHITECTURE: x64 26 | CONFIG: Release 27 | SHARED_LIBS: OFF 28 | 29 | init: 30 | # update mysy2 31 | - C:\msys64\usr\bin\bash -lc "pacman --needed --noconfirm -Sy pacman-mirrors" 32 | - C:\msys64\usr\bin\bash -lc "pacman --noconfirm -Syu" 33 | - C:\msys64\usr\bin\bash -lc "pacman --noconfirm -Sy autoconf perl git automake libtool" 34 | 35 | before_build: 36 | - bash autogen.sh 37 | - mkdir build 38 | - cd build 39 | - cmake .. -G "%GENERATOR%" -A "%ARCHITECTURE%" -DBUILD_SHARED_LIBS=%SHARED_LIBS% -DCMAKE_INSTALL_PREFIX=../local 40 | 41 | build_script: 42 | - cmake --build . --config %CONFIG% 43 | 44 | test_script: 45 | - ctest -C %CONFIG% --timeout 150 --output-on-failure 46 | 47 | on_failure: 48 | - 7z a Testing.zip Testing 49 | - appveyor PushArtifact Testing.zip 50 | 51 | artifacts: 52 | - path: build 53 | type: zip 54 | -------------------------------------------------------------------------------- /autogen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | ./update.sh 5 | mkdir -p m4 6 | autoreconf -i -f 7 | 8 | # Patch libtool 2.4.2 to pass -fstack-protector as a linker argument 9 | sed 's/-fuse-linker-plugin)/-fuse-linker-plugin|-fstack-protector*)/' \ 10 | ltmain.sh > ltmain.sh.fixed 11 | mv -f ltmain.sh.fixed ltmain.sh 12 | 13 | # Update config scripts and fixup permissions 14 | find . ! -perm -u=w -exec chmod u+w {} \; 15 | cp scripts/config.* . 16 | -------------------------------------------------------------------------------- /check-release.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2014 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | 19 | ver=$1 20 | dir=libressl-$ver 21 | tarball=$dir.tar.gz 22 | tag=v$ver 23 | 24 | if [ -z "$LIBRESSL_SSH" ]; then 25 | if ! curl -v 1>/dev/null 2>&1; then 26 | download="curl -O" 27 | elif echo quit | ftp 1>/dev/null 2>&1; then 28 | download=ftp 29 | else 30 | echo "need 'ftp' or 'curl' to verify" 31 | exit 32 | fi 33 | fi 34 | 35 | if [ "$ver" = "" ]; then 36 | echo "please specify a version to check, e.g. $0 2.1.2" 37 | exit 38 | fi 39 | 40 | if [ ! -e releases/$tarball ]; then 41 | mkdir -p releases 42 | rm -f $tarball 43 | if [ -z "$LIBRESSL_SSH" ]; then 44 | $download https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/$tarball releases/ 45 | mv $tarball releases 46 | else 47 | scp $LIBRESSL_SSH/$tarball releases 48 | fi 49 | (cd releases; tar zxvf $tarball) 50 | fi 51 | 52 | if [ ! -e gen-releases/$tarball ]; then 53 | rm -fr tests man include ssl crypto libtls-standalone/VERSION INSTALL 54 | git checkout OPENBSD_BRANCH update.sh tests man include ssl crypto 55 | git checkout $tag 56 | echo "libressl-$tag" > OPENBSD_BRANCH 57 | sed -i 's/git pull --rebase//' update.sh 58 | ./autogen.sh 59 | ./configure --enable-libtls 60 | make dist 61 | 62 | mkdir -p gen-releases 63 | mv $tarball gen-releases 64 | 65 | git checkout OPENBSD_BRANCH update.sh 66 | git checkout master 67 | fi 68 | 69 | (cd gen-releases; rm -fr $dir; tar zxf $tarball) 70 | (cd releases; rm -fr $dir; tar zxf $tarball) 71 | 72 | echo "differences between release and regenerated release tag:" 73 | diff -urN \ 74 | -x *.3 \ 75 | -x *.5 \ 76 | -x Makefile.in \ 77 | -x aclocal.m4 \ 78 | -x compile \ 79 | -x config.guess \ 80 | -x config.sub \ 81 | -x configure \ 82 | -x depcomp \ 83 | -x install-sh \ 84 | -x missing \ 85 | -x test-driver \ 86 | releases/$dir gen-releases/$dir 87 | -------------------------------------------------------------------------------- /cmake_uninstall.cmake.in: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016 Kinichiro Inoguchi 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") 17 | message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") 18 | endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt") 19 | 20 | file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files) 21 | string(REGEX REPLACE "\n" ";" files "${files}") 22 | foreach(file ${files}) 23 | message(STATUS "Uninstalling $ENV{DESTDIR}${file}") 24 | if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") 25 | exec_program( 26 | "@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\"" 27 | OUTPUT_VARIABLE rm_out 28 | RETURN_VALUE rm_retval 29 | ) 30 | if(NOT "${rm_retval}" STREQUAL 0) 31 | message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}") 32 | endif(NOT "${rm_retval}" STREQUAL 0) 33 | else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") 34 | message(STATUS "File $ENV{DESTDIR}${file} does not exist.") 35 | endif(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}") 36 | endforeach(file) 37 | -------------------------------------------------------------------------------- /config: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This file exists for backwards-compatibility with build systems that expect a 4 | # config script similar to OpenSSL's. 5 | 6 | # New software should prefer the native configure script over this one. 7 | 8 | ARGS="" 9 | for var in "$@"; do 10 | case $var in 11 | no-shared ) ARGS="$ARGS --disable-shared";; 12 | no-asm ) ARGS="$ARGS --disable-asm";; 13 | --prefix* ) ARGS="$ARGS $var";; 14 | esac 15 | done 16 | 17 | ./configure $ARGS 18 | -------------------------------------------------------------------------------- /crypto/Makefile.am.arc4random: -------------------------------------------------------------------------------- 1 | if !HAVE_ARC4RANDOM_BUF 2 | libcompat_la_SOURCES += compat/arc4random.c 3 | libcompat_la_SOURCES += compat/arc4random_uniform.c 4 | 5 | if !HAVE_GETENTROPY 6 | if HOST_AIX 7 | libcompat_la_SOURCES += compat/getentropy_aix.c 8 | endif 9 | if HOST_FREEBSD 10 | libcompat_la_SOURCES += compat/getentropy_freebsd.c 11 | endif 12 | if HOST_HPUX 13 | libcompat_la_SOURCES += compat/getentropy_hpux.c 14 | endif 15 | if HOST_LINUX 16 | libcompat_la_SOURCES += compat/getentropy_linux.c 17 | endif 18 | if HOST_NETBSD 19 | libcompat_la_SOURCES += compat/getentropy_netbsd.c 20 | endif 21 | if HOST_DARWIN 22 | libcompat_la_SOURCES += compat/getentropy_osx.c 23 | endif 24 | if HOST_SOLARIS 25 | libcompat_la_SOURCES += compat/getentropy_solaris.c 26 | endif 27 | if HOST_WIN 28 | libcompat_la_SOURCES += compat/getentropy_win.c 29 | endif 30 | endif 31 | 32 | endif 33 | 34 | noinst_HEADERS = 35 | noinst_HEADERS += compat/arc4random.h 36 | noinst_HEADERS += compat/arc4random_aix.h 37 | noinst_HEADERS += compat/arc4random_freebsd.h 38 | noinst_HEADERS += compat/arc4random_hpux.h 39 | noinst_HEADERS += compat/arc4random_linux.h 40 | noinst_HEADERS += compat/arc4random_netbsd.h 41 | noinst_HEADERS += compat/arc4random_osx.h 42 | noinst_HEADERS += compat/arc4random_solaris.h 43 | noinst_HEADERS += compat/arc4random_win.h 44 | noinst_HEADERS += compat/chacha_private.h 45 | 46 | 47 | -------------------------------------------------------------------------------- /crypto/Makefile.am.elf-mips: -------------------------------------------------------------------------------- 1 | ASM_MIPS_ELF = aes/aes-mips.S 2 | ASM_MIPS_ELF += bn/bn-mips.S 3 | ASM_MIPS_ELF += bn/mont-mips.S 4 | ASM_MIPS_ELF += sha/sha1-mips.S 5 | ASM_MIPS_ELF += sha/sha512-mips.S 6 | ASM_MIPS_ELF += sha/sha256-mips.S 7 | 8 | EXTRA_DIST += $(ASM_MIPS_ELF) 9 | 10 | if HOST_ASM_ELF_MIPS 11 | libcrypto_la_CPPFLAGS += -DAES_ASM 12 | libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT 13 | libcrypto_la_SOURCES += $(ASM_MIPS_ELF) 14 | endif 15 | -------------------------------------------------------------------------------- /crypto/Makefile.am.elf-mips64: -------------------------------------------------------------------------------- 1 | ASM_MIPS64_ELF = aes/aes-mips.S 2 | ASM_MIPS64_ELF += bn/bn-mips.S 3 | ASM_MIPS64_ELF += bn/mont-mips.S 4 | ASM_MIPS64_ELF += sha/sha1-mips.S 5 | ASM_MIPS64_ELF += sha/sha512-mips.S 6 | ASM_MIPS64_ELF += sha/sha256-mips.S 7 | 8 | EXTRA_DIST += $(ASM_MIPS64_ELF) 9 | 10 | if HOST_ASM_ELF_MIPS64 11 | libcrypto_la_CPPFLAGS += -DAES_ASM 12 | libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT 13 | libcrypto_la_SOURCES += $(ASM_MIPS64_ELF) 14 | endif 15 | -------------------------------------------------------------------------------- /crypto/Makefile.am.elf-x86_64: -------------------------------------------------------------------------------- 1 | 2 | ASM_X86_64_ELF = aes/aes-elf-x86_64.S 3 | ASM_X86_64_ELF += aes/aesni-elf-x86_64.S 4 | ASM_X86_64_ELF += bn/modexp512-elf-x86_64.S 5 | ASM_X86_64_ELF += bn/mont-elf-x86_64.S 6 | ASM_X86_64_ELF += bn/mont5-elf-x86_64.S 7 | ASM_X86_64_ELF += modes/ghash-elf-x86_64.S 8 | ASM_X86_64_ELF += rc4/rc4-elf-x86_64.S 9 | 10 | ASM_X86_64_ELF += bn/arch/amd64/bignum_add.S 11 | ASM_X86_64_ELF += bn/arch/amd64/bignum_cmadd.S 12 | ASM_X86_64_ELF += bn/arch/amd64/bignum_cmul.S 13 | ASM_X86_64_ELF += bn/arch/amd64/bignum_mul.S 14 | ASM_X86_64_ELF += bn/arch/amd64/bignum_mul_4_8_alt.S 15 | ASM_X86_64_ELF += bn/arch/amd64/bignum_mul_8_16_alt.S 16 | ASM_X86_64_ELF += bn/arch/amd64/bignum_sqr.S 17 | ASM_X86_64_ELF += bn/arch/amd64/bignum_sqr_4_8_alt.S 18 | ASM_X86_64_ELF += bn/arch/amd64/bignum_sqr_8_16_alt.S 19 | ASM_X86_64_ELF += bn/arch/amd64/bignum_sub.S 20 | ASM_X86_64_ELF += bn/arch/amd64/word_clz.S 21 | ASM_X86_64_ELF += bn/arch/amd64/bn_arch.c 22 | 23 | EXTRA_DIST += $(ASM_X86_64_ELF) 24 | 25 | if HOST_ASM_ELF_X86_64 26 | libcrypto_la_CPPFLAGS += -DAES_ASM 27 | libcrypto_la_CPPFLAGS += -DBSAES_ASM 28 | libcrypto_la_CPPFLAGS += -DVPAES_ASM 29 | libcrypto_la_CPPFLAGS += -DOPENSSL_IA32_SSE2 30 | libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT 31 | libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT5 32 | libcrypto_la_CPPFLAGS += -DGHASH_ASM 33 | libcrypto_la_CPPFLAGS += -DRSA_ASM 34 | libcrypto_la_SOURCES += $(ASM_X86_64_ELF) 35 | endif 36 | -------------------------------------------------------------------------------- /crypto/Makefile.am.macosx-x86_64: -------------------------------------------------------------------------------- 1 | 2 | ASM_X86_64_MACOSX = aes/aes-macosx-x86_64.S 3 | ASM_X86_64_MACOSX += aes/aesni-macosx-x86_64.S 4 | ASM_X86_64_MACOSX += bn/modexp512-macosx-x86_64.S 5 | ASM_X86_64_MACOSX += bn/mont-macosx-x86_64.S 6 | ASM_X86_64_MACOSX += bn/mont5-macosx-x86_64.S 7 | ASM_X86_64_MACOSX += modes/ghash-macosx-x86_64.S 8 | ASM_X86_64_MACOSX += rc4/rc4-macosx-x86_64.S 9 | 10 | ASM_X86_64_MACOSX += bn/arch/amd64/bignum_add.S 11 | ASM_X86_64_MACOSX += bn/arch/amd64/bignum_cmadd.S 12 | ASM_X86_64_MACOSX += bn/arch/amd64/bignum_cmul.S 13 | ASM_X86_64_MACOSX += bn/arch/amd64/bignum_mul.S 14 | ASM_X86_64_MACOSX += bn/arch/amd64/bignum_mul_4_8_alt.S 15 | ASM_X86_64_MACOSX += bn/arch/amd64/bignum_mul_8_16_alt.S 16 | ASM_X86_64_MACOSX += bn/arch/amd64/bignum_sqr.S 17 | ASM_X86_64_MACOSX += bn/arch/amd64/bignum_sqr_4_8_alt.S 18 | ASM_X86_64_MACOSX += bn/arch/amd64/bignum_sqr_8_16_alt.S 19 | ASM_X86_64_MACOSX += bn/arch/amd64/bignum_sub.S 20 | ASM_X86_64_MACOSX += bn/arch/amd64/word_clz.S 21 | ASM_X86_64_MACOSX += bn/arch/amd64/bn_arch.c 22 | 23 | EXTRA_DIST += $(ASM_X86_64_MACOSX) 24 | 25 | if HOST_ASM_MACOSX_X86_64 26 | libcrypto_la_CPPFLAGS += -DAES_ASM 27 | libcrypto_la_CPPFLAGS += -DBSAES_ASM 28 | libcrypto_la_CPPFLAGS += -DVPAES_ASM 29 | libcrypto_la_CPPFLAGS += -DOPENSSL_IA32_SSE2 30 | libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT 31 | libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT5 32 | libcrypto_la_CPPFLAGS += -DGHASH_ASM 33 | libcrypto_la_CPPFLAGS += -DRSA_ASM 34 | libcrypto_la_SOURCES += $(ASM_X86_64_MACOSX) 35 | endif 36 | -------------------------------------------------------------------------------- /crypto/Makefile.am.masm-x86_64: -------------------------------------------------------------------------------- 1 | 2 | ASM_X86_64_MASM = aes/aes-masm-x86_64.S 3 | ASM_X86_64_MASM += aes/aesni-masm-x86_64.S 4 | ASM_X86_64_MASM += bn/modexp512-masm-x86_64.S 5 | ASM_X86_64_MASM += bn/mont-masm-x86_64.S 6 | ASM_X86_64_MASM += bn/mont5-masm-x86_64.S 7 | ASM_X86_64_MASM += modes/ghash-masm-x86_64.S 8 | ASM_X86_64_MASM += rc4/rc4-masm-x86_64.S 9 | 10 | EXTRA_DIST += $(ASM_X86_64_MASM) 11 | 12 | if HOST_ASM_MASM_X86_64 13 | libcrypto_la_CPPFLAGS += -DAES_ASM 14 | libcrypto_la_CPPFLAGS += -DBSAES_ASM 15 | libcrypto_la_CPPFLAGS += -DVPAES_ASM 16 | libcrypto_la_CPPFLAGS += -DOPENSSL_IA32_SSE2 17 | libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT 18 | libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT5 19 | libcrypto_la_CPPFLAGS += -DGHASH_ASM 20 | libcrypto_la_CPPFLAGS += -DRSA_ASM 21 | libcrypto_la_SOURCES += $(ASM_X86_64_MASM) 22 | endif 23 | -------------------------------------------------------------------------------- /crypto/Makefile.am.mingw64-x86_64: -------------------------------------------------------------------------------- 1 | 2 | ASM_X86_64_MINGW64 = aes/aes-mingw64-x86_64.S 3 | ASM_X86_64_MINGW64 += aes/aesni-mingw64-x86_64.S 4 | #ASM_X86_64_MINGW64 += bn/modexp512-mingw64-x86_64.S 5 | #ASM_X86_64_MINGW64 += bn/mont-mingw64-x86_64.S 6 | #ASM_X86_64_MINGW64 += bn/mont5-mingw64-x86_64.S 7 | ASM_X86_64_MINGW64 += modes/ghash-mingw64-x86_64.S 8 | ASM_X86_64_MINGW64 += rc4/rc4-mingw64-x86_64.S 9 | 10 | EXTRA_DIST += $(ASM_X86_64_MINGW64) 11 | 12 | if HOST_ASM_MINGW64_X86_64 13 | libcrypto_la_CPPFLAGS += -Dendbr32=endbr64 14 | libcrypto_la_CPPFLAGS += -DAES_ASM 15 | libcrypto_la_CPPFLAGS += -DBSAES_ASM 16 | libcrypto_la_CPPFLAGS += -DVPAES_ASM 17 | libcrypto_la_CPPFLAGS += -DOPENSSL_IA32_SSE2 18 | #libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT 19 | #libcrypto_la_CPPFLAGS += -DOPENSSL_BN_ASM_MONT5 20 | libcrypto_la_CPPFLAGS += -DGHASH_ASM 21 | libcrypto_la_CPPFLAGS += -DRSA_ASM 22 | libcrypto_la_SOURCES += $(ASM_X86_64_MINGW64) 23 | endif 24 | -------------------------------------------------------------------------------- /crypto/arch/aarch64/crypto_cpu_caps_darwin.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: crypto_cpu_caps.c,v 1.2 2024/11/12 13:52:31 jsing Exp $ */ 2 | /* 3 | * Copyright (c) 2025 Brent Cook 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include 19 | 20 | #include "crypto_arch.h" 21 | 22 | /* Machine dependent CPU capabilities. */ 23 | uint64_t crypto_cpu_caps_aarch64; 24 | 25 | static uint64_t 26 | check_cpu_cap(const char *cap_name, uint64_t cap_flag) 27 | { 28 | int has_cap = 0; 29 | size_t len = sizeof(has_cap); 30 | 31 | sysctlbyname(cap_name, &has_cap, &len, NULL, 0); 32 | 33 | return has_cap ? cap_flag : 0; 34 | } 35 | 36 | void 37 | crypto_cpu_caps_init(void) 38 | { 39 | crypto_cpu_caps_aarch64 = 0; 40 | 41 | /* from https://developer.apple.com/documentation/kernel/1387446-sysctlbyname/determining_instruction_set_characteristics#3918855 */ 42 | 43 | crypto_cpu_caps_aarch64 |= check_cpu_cap("hw.optional.arm.FEAT_AES", 44 | CRYPTO_CPU_CAPS_AARCH64_AES); 45 | 46 | crypto_cpu_caps_aarch64 |= check_cpu_cap("hw.optional.arm.FEAT_PMULL", 47 | CRYPTO_CPU_CAPS_AARCH64_PMULL); 48 | 49 | crypto_cpu_caps_aarch64 |= check_cpu_cap("hw.optional.arm.FEAT_SHA1", 50 | CRYPTO_CPU_CAPS_AARCH64_SHA1); 51 | 52 | crypto_cpu_caps_aarch64 |= check_cpu_cap("hw.optional.arm.FEAT_SHA256", 53 | CRYPTO_CPU_CAPS_AARCH64_SHA2); 54 | 55 | crypto_cpu_caps_aarch64 |= check_cpu_cap("hw.optional.arm.FEAT_SHA512", 56 | CRYPTO_CPU_CAPS_AARCH64_SHA512); 57 | 58 | crypto_cpu_caps_aarch64 |= check_cpu_cap("hw.optional.arm.FEAT_SHA3", 59 | CRYPTO_CPU_CAPS_AARCH64_SHA3); 60 | } 61 | -------------------------------------------------------------------------------- /crypto/arch/aarch64/crypto_cpu_caps_linux.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: crypto_cpu_caps.c,v 1.2 2024/11/12 13:52:31 jsing Exp $ */ 2 | /* 3 | * Copyright (c) 2025 Brent Cook 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include 19 | 20 | /* from arch/arm64/include/uapi/asm/hwcap.h */ 21 | #define HWCAP_AES (1 << 3) 22 | #define HWCAP_PMULL (1 << 4) 23 | #define HWCAP_SHA1 (1 << 5) 24 | #define HWCAP_SHA2 (1 << 6) 25 | #define HWCAP_CRC32 (1 << 7) 26 | #define HWCAP_SHA3 (1 << 17) 27 | #define HWCAP_SHA512 (1 << 21) 28 | 29 | #include "crypto_arch.h" 30 | 31 | /* Machine dependent CPU capabilities. */ 32 | uint64_t crypto_cpu_caps_aarch64; 33 | 34 | static uint64_t 35 | check_cpu_cap(unsigned long hwcap, uint64_t cap_flag) 36 | { 37 | return (getauxval(AT_HWCAP) & hwcap) ? cap_flag : 0; 38 | } 39 | 40 | void 41 | crypto_cpu_caps_init(void) 42 | { 43 | crypto_cpu_caps_aarch64 = 0; 44 | 45 | crypto_cpu_caps_aarch64 |= check_cpu_cap(HWCAP_AES, 46 | CRYPTO_CPU_CAPS_AARCH64_AES); 47 | 48 | crypto_cpu_caps_aarch64 |= check_cpu_cap(HWCAP_PMULL, 49 | CRYPTO_CPU_CAPS_AARCH64_PMULL); 50 | 51 | crypto_cpu_caps_aarch64 |= check_cpu_cap(HWCAP_SHA1, 52 | CRYPTO_CPU_CAPS_AARCH64_SHA1); 53 | 54 | crypto_cpu_caps_aarch64 |= check_cpu_cap(HWCAP_SHA2, 55 | CRYPTO_CPU_CAPS_AARCH64_SHA2); 56 | 57 | crypto_cpu_caps_aarch64 |= check_cpu_cap(HWCAP_SHA512, 58 | CRYPTO_CPU_CAPS_AARCH64_SHA512); 59 | 60 | crypto_cpu_caps_aarch64 |= check_cpu_cap(HWCAP_SHA3, 61 | CRYPTO_CPU_CAPS_AARCH64_SHA3); 62 | } 63 | -------------------------------------------------------------------------------- /crypto/arch/aarch64/crypto_cpu_caps_none.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2025 Brent Cook 3 | * 4 | * Permission to use, copy, modify, and distribute this software for any 5 | * purpose with or without fee is hereby granted, provided that the above 6 | * copyright notice and this permission notice appear in all copies. 7 | * 8 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | */ 16 | 17 | #include "crypto_arch.h" 18 | 19 | /* Machine dependent CPU capabilities. */ 20 | uint64_t crypto_cpu_caps_aarch64; 21 | 22 | void 23 | crypto_cpu_caps_init(void) 24 | { 25 | crypto_cpu_caps_aarch64 = 0; 26 | } 27 | -------------------------------------------------------------------------------- /crypto/arch/aarch64/crypto_cpu_caps_windows.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: crypto_cpu_caps.c,v 1.2 2024/11/12 13:52:31 jsing Exp $ */ 2 | /* 3 | * Copyright (c) 2025 Brent Cook 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include 19 | 20 | #include "crypto_arch.h" 21 | 22 | /* Machine dependent CPU capabilities. */ 23 | uint64_t crypto_cpu_caps_aarch64; 24 | 25 | void 26 | crypto_cpu_caps_init(void) 27 | { 28 | crypto_cpu_caps_aarch64 = 0; 29 | 30 | if (IsProcessorFeaturePresent(PF_ARM_V8_CRYPTO_INSTRUCTIONS_AVAILABLE)) { 31 | crypto_cpu_caps_aarch64 |= CRYPTO_CPU_CAPS_AARCH64_AES; 32 | crypto_cpu_caps_aarch64 |= CRYPTO_CPU_CAPS_AARCH64_PMULL; 33 | crypto_cpu_caps_aarch64 |= CRYPTO_CPU_CAPS_AARCH64_SHA1; 34 | crypto_cpu_caps_aarch64 |= CRYPTO_CPU_CAPS_AARCH64_SHA2; 35 | } 36 | } 37 | -------------------------------------------------------------------------------- /crypto/arch/loongarch64/crypto_arch.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: crypto_arch.h,v 1.1 2024/08/11 13:02:39 jsing Exp $ */ 2 | /* 3 | * Copyright (c) 2024 Joel Sing 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #ifndef HEADER_CRYPTO_ARCH_H 19 | #define HEADER_CRYPTO_ARCH_H 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /crypto/arch/mips/crypto_arch.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD$ */ 2 | /* 3 | * Copyright (c) 2024 Joel Sing 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #ifndef HEADER_CRYPTO_ARCH_H 19 | #define HEADER_CRYPTO_ARCH_H 20 | 21 | #endif 22 | -------------------------------------------------------------------------------- /crypto/bn/arch/loongarch64/bn_arch.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: bn_arch.h,v 1.7 2023/07/09 10:37:32 jsing Exp $ */ 2 | /* 3 | * Copyright (c) 2023 Joel Sing 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #include 19 | 20 | #ifndef HEADER_BN_ARCH_H 21 | #define HEADER_BN_ARCH_H 22 | 23 | #endif 24 | -------------------------------------------------------------------------------- /crypto/bn/arch/mips/bn_arch.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: bn_arch.h,v 1.1 2023/01/20 10:04:34 jsing Exp $ */ 2 | /* 3 | * Copyright (c) 2023 Joel Sing 4 | * 5 | * Permission to use, copy, modify, and distribute this software for any 6 | * purpose with or without fee is hereby granted, provided that the above 7 | * copyright notice and this permission notice appear in all copies. 8 | * 9 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | */ 17 | 18 | #ifndef HEADER_BN_ARCH_H 19 | #define HEADER_BN_ARCH_H 20 | 21 | #ifndef OPENSSL_NO_ASM 22 | 23 | #endif 24 | #endif 25 | -------------------------------------------------------------------------------- /crypto/compat/.gitignore: -------------------------------------------------------------------------------- 1 | arc4random.c 2 | arc4random_aix.h 3 | arc4random_freebsd.h 4 | arc4random_hpux.h 5 | arc4random_linux.h 6 | arc4random_netbsd.h 7 | arc4random_osx.h 8 | arc4random_solaris.h 9 | arc4random_uniform.c 10 | arc4random_win.h 11 | chacha_private.h 12 | explicit_bzero.c 13 | getentropy_aix.c 14 | getentropy_freebsd.c 15 | getentropy_hpux.c 16 | getentropy_linux.c 17 | getentropy_netbsd.c 18 | getentropy_osx.c 19 | getentropy_solaris.c 20 | getentropy_win.c 21 | reallocarray.c 22 | recallocarray.c 23 | strcasecmp.c 24 | strlcat.c 25 | strlcpy.c 26 | strndup.c 27 | strnlen.c 28 | strsep.c 29 | strtonum.c 30 | timingsafe_bcmp.c 31 | timingsafe_memcmp.c 32 | -------------------------------------------------------------------------------- /crypto/compat/arc4random.h: -------------------------------------------------------------------------------- 1 | #ifndef LIBCRYPTOCOMPAT_ARC4RANDOM_H 2 | #define LIBCRYPTOCOMPAT_ARC4RANDOM_H 3 | 4 | #include 5 | 6 | #if defined(_AIX) 7 | #include "arc4random_aix.h" 8 | 9 | #elif defined(__FreeBSD__) 10 | #include "arc4random_freebsd.h" 11 | 12 | #elif defined(__hpux) 13 | #include "arc4random_hpux.h" 14 | 15 | #elif defined(__linux__) 16 | #include "arc4random_linux.h" 17 | 18 | #elif defined(__midipix__) 19 | #include "arc4random_linux.h" 20 | 21 | #elif defined(__NetBSD__) 22 | #include "arc4random_netbsd.h" 23 | 24 | #elif defined(__APPLE__) 25 | #include "arc4random_osx.h" 26 | 27 | #elif defined(__sun) 28 | #include "arc4random_solaris.h" 29 | 30 | #elif defined(_WIN32) 31 | #include "arc4random_win.h" 32 | 33 | #elif defined(__EMSCRIPTEN__) 34 | #include "arc4random_linux.h" 35 | 36 | #else 37 | #error "No arc4random hooks defined for this platform." 38 | 39 | #endif 40 | 41 | #endif 42 | -------------------------------------------------------------------------------- /crypto/compat/b_win.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * 4 | * Dongsheng Song 5 | * Brent Cook 6 | */ 7 | 8 | #include 9 | 10 | #include 11 | 12 | #include "err_local.h" 13 | 14 | int 15 | BIO_sock_init(void) 16 | { 17 | /* 18 | * WSAStartup loads the winsock .dll and initializes the networking 19 | * stack on Windows, or simply increases the reference count. 20 | */ 21 | static struct WSAData wsa_state = {0}; 22 | WORD version_requested = MAKEWORD(2, 2); 23 | static int wsa_init_done = 0; 24 | if (!wsa_init_done) { 25 | if (WSAStartup(version_requested, &wsa_state) != 0) { 26 | int err = WSAGetLastError(); 27 | SYSerror(err); 28 | BIOerror(BIO_R_WSASTARTUP); 29 | return (-1); 30 | } 31 | wsa_init_done = 1; 32 | } 33 | return (1); 34 | } 35 | 36 | void 37 | BIO_sock_cleanup(void) 38 | { 39 | /* 40 | * We could call WSACleanup here, but it is easy to get it wrong. Since 41 | * this API provides no way to even tell if it failed, there is no safe 42 | * way to expose that functionality here. 43 | * 44 | * The cost of leaving the networking DLLs loaded may have been large 45 | * during the Windows 3.1/win32s era, but it is small in modern 46 | * contexts, so don't bother. 47 | */ 48 | } 49 | 50 | int 51 | BIO_socket_nbio(int s, int mode) 52 | { 53 | u_long value = mode; 54 | return ioctlsocket(s, FIONBIO, &value) != SOCKET_ERROR; 55 | } 56 | -------------------------------------------------------------------------------- /crypto/compat/bsd-asprintf.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2004 Darren Tucker. 3 | * 4 | * Based originally on asprintf.c from OpenBSD: 5 | * Copyright (c) 1997 Todd C. Miller 6 | * 7 | * Permission to use, copy, modify, and distribute this software for any 8 | * purpose with or without fee is hereby granted, provided that the above 9 | * copyright notice and this permission notice appear in all copies. 10 | * 11 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | */ 19 | 20 | #ifndef HAVE_ASPRINTF 21 | 22 | #include 23 | #include /* for INT_MAX */ 24 | #include 25 | #include /* for vsnprintf */ 26 | #include 27 | 28 | #ifndef VA_COPY 29 | # ifdef HAVE_VA_COPY 30 | # define VA_COPY(dest, src) va_copy(dest, src) 31 | # else 32 | # ifdef HAVE___VA_COPY 33 | # define VA_COPY(dest, src) __va_copy(dest, src) 34 | # else 35 | # define VA_COPY(dest, src) (dest) = (src) 36 | # endif 37 | # endif 38 | #endif 39 | 40 | #define INIT_SZ 128 41 | 42 | int 43 | vasprintf(char **str, const char *fmt, va_list ap) 44 | { 45 | int ret; 46 | va_list ap2; 47 | char *string, *newstr; 48 | size_t len; 49 | 50 | if ((string = malloc(INIT_SZ)) == NULL) 51 | goto fail; 52 | 53 | VA_COPY(ap2, ap); 54 | ret = vsnprintf(string, INIT_SZ, fmt, ap2); 55 | va_end(ap2); 56 | if (ret >= 0 && ret < INIT_SZ) { /* succeeded with initial alloc */ 57 | *str = string; 58 | } else if (ret == INT_MAX || ret < 0) { /* Bad length */ 59 | free(string); 60 | goto fail; 61 | } else { /* bigger than initial, realloc allowing for nul */ 62 | len = (size_t)ret + 1; 63 | if ((newstr = realloc(string, len)) == NULL) { 64 | free(string); 65 | goto fail; 66 | } 67 | VA_COPY(ap2, ap); 68 | ret = vsnprintf(newstr, len, fmt, ap2); 69 | va_end(ap2); 70 | if (ret < 0 || (size_t)ret >= len) { /* failed with realloc'ed string */ 71 | free(newstr); 72 | goto fail; 73 | } 74 | *str = newstr; 75 | } 76 | return (ret); 77 | 78 | fail: 79 | *str = NULL; 80 | errno = ENOMEM; 81 | return (-1); 82 | } 83 | 84 | int asprintf(char **str, const char *fmt, ...) 85 | { 86 | va_list ap; 87 | int ret; 88 | 89 | *str = NULL; 90 | va_start(ap, fmt); 91 | ret = vasprintf(str, fmt, ap); 92 | va_end(ap); 93 | 94 | return ret; 95 | } 96 | #endif 97 | -------------------------------------------------------------------------------- /crypto/compat/crypto_lock_win.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: crypto_lock.c,v 1.1 2018/11/11 06:41:28 bcook Exp $ */ 2 | /* 3 | * Copyright (c) 2019 Brent Cook 4 | * Copyright (c) 2019 John Norrbin 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | */ 18 | 19 | #include 20 | 21 | #include 22 | 23 | static volatile LPCRITICAL_SECTION locks[CRYPTO_NUM_LOCKS] = { NULL }; 24 | 25 | void 26 | CRYPTO_lock(int mode, int type, const char *file, int line) 27 | { 28 | if (type < 0 || type >= CRYPTO_NUM_LOCKS) 29 | return; 30 | 31 | if (locks[type] == NULL) { 32 | LPCRITICAL_SECTION lcs = malloc(sizeof(CRITICAL_SECTION)); 33 | if (lcs == NULL) exit(ENOMEM); 34 | InitializeCriticalSection(lcs); 35 | if (InterlockedCompareExchangePointer((PVOID*)&locks[type], (PVOID)lcs, NULL) != NULL) { 36 | DeleteCriticalSection(lcs); 37 | free(lcs); 38 | } 39 | } 40 | 41 | if (mode & CRYPTO_LOCK) 42 | EnterCriticalSection(locks[type]); 43 | else 44 | LeaveCriticalSection(locks[type]); 45 | } 46 | 47 | int 48 | CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, 49 | int line) 50 | { 51 | /* 52 | * Windows is LLP64. sizeof(LONG) == sizeof(int) on 32-bit and 64-bit. 53 | */ 54 | int ret = InterlockedExchangeAdd((LONG *)pointer, (LONG)amount); 55 | return ret + amount; 56 | } 57 | -------------------------------------------------------------------------------- /crypto/compat/explicit_bzero_win.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain. 3 | * Win32 explicit_bzero compatibility shim. 4 | */ 5 | 6 | #include 7 | #include 8 | 9 | void 10 | explicit_bzero(void *buf, size_t len) 11 | { 12 | SecureZeroMemory(buf, len); 13 | } 14 | -------------------------------------------------------------------------------- /crypto/compat/freezero.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2008, 2010, 2011, 2016 Otto Moerbeek 3 | * Copyright (c) 2012 Matthew Dempsky 4 | * Copyright (c) 2008 Damien Miller 5 | * Copyright (c) 2000 Poul-Henning Kamp 6 | * 7 | * Permission to use, copy, modify, and distribute this software for any 8 | * purpose with or without fee is hereby granted, provided that the above 9 | * copyright notice and this permission notice appear in all copies. 10 | * 11 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 12 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 13 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 14 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 15 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 16 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 17 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 18 | */ 19 | 20 | #include 21 | #include 22 | 23 | void 24 | freezero(void *ptr, size_t sz) 25 | { 26 | /* This is legal. */ 27 | if (ptr == NULL) 28 | return; 29 | 30 | explicit_bzero(ptr, sz); 31 | free(ptr); 32 | } 33 | -------------------------------------------------------------------------------- /crypto/compat/getdelim.c: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright (c) 2011 The NetBSD Foundation, Inc. 3 | * All rights reserved. 4 | * 5 | * This code is derived from software contributed to The NetBSD Foundation 6 | * by Christos Zoulas. 7 | * 8 | * Redistribution and use in source and binary forms, with or without 9 | * modification, are permitted provided that the following conditions 10 | * are met: 11 | * 1. Redistributions of source code must retain the above copyright 12 | * notice, this list of conditions and the following disclaimer. 13 | * 2. Redistributions in binary form must reproduce the above copyright 14 | * notice, this list of conditions and the following disclaimer in the 15 | * documentation and/or other materials provided with the distribution. 16 | * 17 | * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 | * POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include 31 | #include 32 | 33 | #ifndef HAVE_GETDELIM 34 | 35 | ssize_t 36 | getdelim(char **buf, size_t *bufsiz, int delimiter, FILE *fp) 37 | { 38 | char *ptr, *eptr; 39 | 40 | 41 | if (*buf == NULL || *bufsiz == 0) { 42 | *bufsiz = BUFSIZ; 43 | if ((*buf = malloc(*bufsiz)) == NULL) 44 | return -1; 45 | } 46 | 47 | for (ptr = *buf, eptr = *buf + *bufsiz;;) { 48 | int c = fgetc(fp); 49 | if (c == -1) { 50 | if (feof(fp)) { 51 | ssize_t diff = (ssize_t)(ptr - *buf); 52 | if (diff != 0) { 53 | *ptr = '\0'; 54 | return diff; 55 | } 56 | } 57 | return -1; 58 | } 59 | *ptr++ = c; 60 | if (c == delimiter) { 61 | *ptr = '\0'; 62 | return ptr - *buf; 63 | } 64 | if (ptr + 2 >= eptr) { 65 | char *nbuf; 66 | size_t nbufsiz = *bufsiz * 2; 67 | ssize_t d = ptr - *buf; 68 | if ((nbuf = realloc(*buf, nbufsiz)) == NULL) 69 | return -1; 70 | *buf = nbuf; 71 | *bufsiz = nbufsiz; 72 | eptr = nbuf + nbufsiz; 73 | ptr = nbuf + d; 74 | } 75 | } 76 | } 77 | 78 | #endif /* HAVE_GETDELIM */ 79 | -------------------------------------------------------------------------------- /crypto/compat/getline.c: -------------------------------------------------------------------------------- 1 | /*- 2 | * Copyright (c) 2011 The NetBSD Foundation, Inc. 3 | * All rights reserved. 4 | * 5 | * This code is derived from software contributed to The NetBSD Foundation 6 | * by Christos Zoulas. 7 | * 8 | * Redistribution and use in source and binary forms, with or without 9 | * modification, are permitted provided that the following conditions 10 | * are met: 11 | * 1. Redistributions of source code must retain the above copyright 12 | * notice, this list of conditions and the following disclaimer. 13 | * 2. Redistributions in binary form must reproduce the above copyright 14 | * notice, this list of conditions and the following disclaimer in the 15 | * documentation and/or other materials provided with the distribution. 16 | * 17 | * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 18 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 19 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 20 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 21 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 22 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 23 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 24 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 25 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 26 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 27 | * POSSIBILITY OF SUCH DAMAGE. 28 | */ 29 | 30 | #include 31 | 32 | #ifndef HAVE_GETLINE 33 | 34 | ssize_t 35 | getline(char **buf, size_t *bufsiz, FILE *fp) 36 | { 37 | return getdelim(buf, bufsiz, '\n', fp); 38 | } 39 | 40 | #endif /* HAVE_GETLINE */ 41 | -------------------------------------------------------------------------------- /crypto/compat/getpagesize.c: -------------------------------------------------------------------------------- 1 | /* $OpenBSD$ */ 2 | 3 | #include 4 | 5 | #ifdef _WIN32 6 | #include 7 | #endif 8 | 9 | int 10 | getpagesize(void) { 11 | #ifdef _WIN32 12 | SYSTEM_INFO system_info; 13 | GetSystemInfo(&system_info); 14 | return system_info.dwPageSize; 15 | #else 16 | return sysconf(_SC_PAGESIZE); 17 | #endif 18 | } 19 | -------------------------------------------------------------------------------- /crypto/compat/getprogname_linux.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | 5 | const char * 6 | getprogname(void) 7 | { 8 | #if defined(__ANDROID_API__) && __ANDROID_API__ < 21 9 | /* 10 | * Android added getprogname with API 21, so we should not end up here 11 | * with APIs newer than 21. 12 | * https://github.com/aosp-mirror/platform_bionic/blob/1eb6d3/libc/include/stdlib.h#L160 13 | * 14 | * Since Android is using portions of OpenBSD libc, it should have 15 | * a symbol called __progname. 16 | * https://github.com/aosp-mirror/platform_bionic/commit/692207 17 | */ 18 | extern const char *__progname; 19 | return __progname; 20 | #else 21 | return program_invocation_short_name; 22 | #endif 23 | } 24 | -------------------------------------------------------------------------------- /crypto/compat/getprogname_unimpl.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | const char * 4 | getprogname(void) 5 | { 6 | return "?"; 7 | } 8 | -------------------------------------------------------------------------------- /crypto/compat/getprogname_windows.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | 5 | const char * 6 | getprogname(void) 7 | { 8 | static char progname[MAX_PATH + 1]; 9 | DWORD length = GetModuleFileName(NULL, progname, sizeof (progname) - 1); 10 | if (length < 0) 11 | return "?"; 12 | return progname; 13 | } 14 | -------------------------------------------------------------------------------- /crypto/compat/syslog_r.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | void 4 | syslog_r(int pri, struct syslog_data *data, const char *fmt, ...) 5 | { 6 | va_list ap; 7 | 8 | va_start(ap, fmt); 9 | vsyslog_r(pri, data, fmt, ap); 10 | va_end(ap); 11 | } 12 | 13 | void 14 | vsyslog_r(int pri, struct syslog_data *data, const char *fmt, va_list ap) 15 | { 16 | #ifdef HAVE_SYSLOG 17 | vsyslog(pri, fmt, ap); 18 | #endif 19 | } 20 | -------------------------------------------------------------------------------- /dist.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2014 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | # 17 | set -e 18 | 19 | rm -f man/*.[35] include/openssl/*.h 20 | ./autogen.sh 21 | ./configure 22 | make -j4 distcheck 23 | -------------------------------------------------------------------------------- /gen-coverage-report.sh: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2014 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | # 16 | #!/bin/sh 17 | 18 | VERSION=$(cat VERSION) 19 | DESTDIR=libressl-coverage-$VERSION 20 | 21 | echo "This will generate a code coverage report under $DESTDIR" 22 | echo 23 | 24 | if [ "x$(which lcov)" = "x" ]; then 25 | echo "'lcov' is required but not found!" 26 | exit 1 27 | fi 28 | 29 | if [ "x$(which genhtml)" = "x" ]; then 30 | echo "'genhtml' is required but not found!" 31 | exit 1 32 | fi 33 | 34 | find -name '*.gcda' -o -name '*.gcno' -delete 35 | rm -fr $DESTDIR 36 | 37 | echo "Configuring to build with code coverage support" 38 | ./configure CFLAGS='-O0 -fprofile-arcs -ftest-coverage' 39 | 40 | echo "Running all code paths" 41 | make clean 42 | make check 43 | 44 | echo "Generating report" 45 | mkdir -p $DESTDIR 46 | find tests -name '*.gcda' -o -name '*.gcno' -delete 47 | lcov --capture --output-file $DESTDIR/coverage.tmp \ 48 | --rc lcov_branch_coverage=1 \ 49 | --directory crypto \ 50 | --directory ssl \ 51 | --directory tls \ 52 | --test-name "LibreSSL $VERSION" 53 | genhtml --prefix . --output-directory $DESTDIR \ 54 | --branch-coverage --function-coverage \ 55 | --rc lcov_branch_coverage=1 \ 56 | --title "LibreSSL $VERSION" --legend --show-detail $DESTDIR/coverage.tmp 57 | 58 | echo "Code coverage report is available under $DESTDIR" 59 | -------------------------------------------------------------------------------- /gen-openbsd-tags.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | set -e 3 | 4 | for tag in `git tag`; do 5 | branch=master 6 | if [[ $tag = v2.0* ]]; then 7 | branch=OPENBSD_5_6 8 | elif [[ $tag = v2.1* ]]; then 9 | branch=OPENBSD_5_7 10 | elif [[ $tag = v2.2* ]]; then 11 | branch=OPENBSD_5_8 12 | elif [[ $tag = v2.3* ]]; then 13 | branch=OPENBSD_5_9 14 | fi 15 | # adjust for 9 hour timezone delta between trees 16 | release_ts=$((`git show -s --format=%ct $tag|tail -n1` + 32400)) 17 | commit=`git -C openbsd rev-list -n 1 --before=$release_ts $branch` 18 | git -C openbsd tag -f libressl-$tag $commit 19 | echo Tagged $tag as $commit in openbsd 20 | done 21 | -------------------------------------------------------------------------------- /include/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2016 Jeff Davey 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | if(ENABLE_LIBRESSL_INSTALL) 17 | install(DIRECTORY . 18 | DESTINATION ${CMAKE_INSTALL_INCLUDEDIR} 19 | PATTERN "CMakeLists.txt" EXCLUDE 20 | PATTERN "compat" EXCLUDE 21 | PATTERN "pqueue.h" EXCLUDE 22 | PATTERN "Makefile*" EXCLUDE 23 | PATTERN "arch" EXCLUDE) 24 | install(FILES ${CMAKE_BINARY_DIR}/include/openssl/opensslconf.h 25 | DESTINATION "${CMAKE_INSTALL_INCLUDEDIR}/openssl") 26 | endif(ENABLE_LIBRESSL_INSTALL) 27 | 28 | file(COPY . 29 | DESTINATION "${CMAKE_BINARY_DIR}/include" 30 | PATTERN "CMakeLists.txt" EXCLUDE 31 | PATTERN "compat" EXCLUDE 32 | PATTERN "pqueue.h" EXCLUDE 33 | PATTERN "Makefile*" EXCLUDE 34 | PATTERN "arch" EXCLUDE) 35 | 36 | if(HOST_AARCH64) 37 | file(READ arch/aarch64/opensslconf.h OPENSSLCONF) 38 | elseif(HOST_ARM) 39 | file(READ arch/arm/opensslconf.h OPENSSLCONF) 40 | elseif(HOST_I386) 41 | file(READ arch/i386/opensslconf.h OPENSSLCONF) 42 | elseif(HOST_LOONGARCH64) 43 | file(READ arch/loongarch64/opensslconf.h OPENSSLCONF) 44 | elseif(HOST_MIPS) 45 | file(READ arch/mips/opensslconf.h OPENSSLCONF) 46 | elseif(HOST_MIPS64) 47 | file(READ arch/mips64/opensslconf.h OPENSSLCONF) 48 | elseif(HOST_POWERPC) 49 | file(READ arch/powerpc/opensslconf.h OPENSSLCONF) 50 | elseif(HOST_POWERPC64) 51 | file(READ arch/powerpc64/opensslconf.h OPENSSLCONF) 52 | elseif(HOST_RISCV64) 53 | file(READ arch/riscv64/opensslconf.h OPENSSLCONF) 54 | elseif(HOST_SPARC64) 55 | file(READ arch/sparc64/opensslconf.h OPENSSLCONF) 56 | elseif(HOST_X86_64) 57 | file(READ arch/amd64/opensslconf.h OPENSSLCONF) 58 | else() 59 | message(FATAL_ERROR "Architecture not supported") 60 | endif() 61 | file(WRITE ${CMAKE_BINARY_DIR}/include/openssl/opensslconf.h "${OPENSSLCONF}") 62 | -------------------------------------------------------------------------------- /include/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2014 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | include $(top_srcdir)/Makefile.am.common 17 | 18 | EXTRA_DIST = CMakeLists.txt 19 | 20 | SUBDIRS = openssl 21 | 22 | noinst_HEADERS = pqueue.h 23 | noinst_HEADERS += compat/dirent.h 24 | noinst_HEADERS += compat/dirent_msvc.h 25 | noinst_HEADERS += compat/endian.h 26 | noinst_HEADERS += compat/err.h 27 | noinst_HEADERS += compat/fcntl.h 28 | noinst_HEADERS += compat/getopt.h 29 | noinst_HEADERS += compat/limits.h 30 | noinst_HEADERS += compat/netdb.h 31 | noinst_HEADERS += compat/poll.h 32 | noinst_HEADERS += compat/pthread.h 33 | noinst_HEADERS += compat/readpassphrase.h 34 | noinst_HEADERS += compat/resolv.h 35 | noinst_HEADERS += compat/stdint.h 36 | noinst_HEADERS += compat/stdio.h 37 | noinst_HEADERS += compat/stdlib.h 38 | noinst_HEADERS += compat/string.h 39 | noinst_HEADERS += compat/syslog.h 40 | noinst_HEADERS += compat/time.h 41 | noinst_HEADERS += compat/unistd.h 42 | noinst_HEADERS += compat/win32netcompat.h 43 | 44 | noinst_HEADERS += compat/arpa/inet.h 45 | noinst_HEADERS += compat/arpa/nameser.h 46 | 47 | noinst_HEADERS += compat/netinet/in.h 48 | noinst_HEADERS += compat/netinet/ip.h 49 | noinst_HEADERS += compat/netinet/tcp.h 50 | 51 | noinst_HEADERS += compat/sys/_null.h 52 | noinst_HEADERS += compat/sys/ioctl.h 53 | noinst_HEADERS += compat/sys/mman.h 54 | noinst_HEADERS += compat/sys/param.h 55 | noinst_HEADERS += compat/sys/queue.h 56 | noinst_HEADERS += compat/sys/select.h 57 | noinst_HEADERS += compat/sys/socket.h 58 | noinst_HEADERS += compat/sys/stat.h 59 | noinst_HEADERS += compat/sys/tree.h 60 | noinst_HEADERS += compat/sys/time.h 61 | noinst_HEADERS += compat/sys/types.h 62 | noinst_HEADERS += compat/sys/uio.h 63 | 64 | noinst_HEADERS += arch/aarch64/opensslconf.h 65 | noinst_HEADERS += arch/alpha/opensslconf.h 66 | noinst_HEADERS += arch/amd64/opensslconf.h 67 | noinst_HEADERS += arch/arm/opensslconf.h 68 | noinst_HEADERS += arch/hppa/opensslconf.h 69 | noinst_HEADERS += arch/i386/opensslconf.h 70 | noinst_HEADERS += arch/m88k/opensslconf.h 71 | noinst_HEADERS += arch/mips/opensslconf.h 72 | noinst_HEADERS += arch/mips64/opensslconf.h 73 | noinst_HEADERS += arch/powerpc/opensslconf.h 74 | noinst_HEADERS += arch/powerpc64/opensslconf.h 75 | noinst_HEADERS += arch/riscv64/opensslconf.h 76 | noinst_HEADERS += arch/sh/opensslconf.h 77 | noinst_HEADERS += arch/sparc64/opensslconf.h 78 | 79 | include_HEADERS = tls.h 80 | -------------------------------------------------------------------------------- /include/arch/loongarch64/opensslconf.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #undef OPENSSL_EXPORT_VAR_AS_FUNCTION 4 | 5 | #ifndef OPENSSL_FILE 6 | #ifdef OPENSSL_NO_FILENAMES 7 | #define OPENSSL_FILE "" 8 | #define OPENSSL_LINE 0 9 | #else 10 | #define OPENSSL_FILE __FILE__ 11 | #define OPENSSL_LINE __LINE__ 12 | #endif 13 | #endif 14 | 15 | #if defined(HEADER_RC4_H) 16 | #if !defined(RC4_CHUNK) 17 | /* 18 | * This enables code handling data aligned at natural CPU word 19 | * boundary. See crypto/rc4/rc4_enc.c for further details. 20 | */ 21 | #define RC4_CHUNK unsigned long 22 | #endif 23 | #endif 24 | 25 | #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) 26 | #define CONFIG_HEADER_BN_H 27 | #undef BN_LLONG 28 | #endif 29 | 30 | #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) 31 | #define CONFIG_HEADER_BF_LOCL_H 32 | #undef BF_PTR 33 | #endif /* HEADER_BF_LOCL_H */ 34 | 35 | #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) 36 | #define CONFIG_HEADER_DES_LOCL_H 37 | #ifndef DES_DEFAULT_OPTIONS 38 | /* Unroll the inner loop, this sometimes helps, sometimes hinders. 39 | * Very much CPU dependent */ 40 | #ifndef DES_UNROLL 41 | #define DES_UNROLL 42 | #endif 43 | 44 | #endif /* DES_DEFAULT_OPTIONS */ 45 | #endif /* HEADER_DES_LOCL_H */ 46 | -------------------------------------------------------------------------------- /include/arch/mips/opensslconf.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #undef OPENSSL_EXPORT_VAR_AS_FUNCTION 4 | 5 | #ifndef OPENSSL_FILE 6 | #ifdef OPENSSL_NO_FILENAMES 7 | #define OPENSSL_FILE "" 8 | #define OPENSSL_LINE 0 9 | #else 10 | #define OPENSSL_FILE __FILE__ 11 | #define OPENSSL_LINE __LINE__ 12 | #endif 13 | #endif 14 | 15 | #if defined(HEADER_RC4_H) 16 | #if !defined(RC4_CHUNK) 17 | /* 18 | * This enables code handling data aligned at natural CPU word 19 | * boundary. See crypto/rc4/rc4_enc.c for further details. 20 | */ 21 | #undef RC4_CHUNK 22 | #endif 23 | #endif 24 | 25 | #if defined(HEADER_BN_H) && !defined(CONFIG_HEADER_BN_H) 26 | #define CONFIG_HEADER_BN_H 27 | #define BN_LLONG 28 | #endif 29 | 30 | #if defined(HEADER_BF_LOCL_H) && !defined(CONFIG_HEADER_BF_LOCL_H) 31 | #define CONFIG_HEADER_BF_LOCL_H 32 | #undef BF_PTR 33 | #endif /* HEADER_BF_LOCL_H */ 34 | 35 | #if defined(HEADER_DES_LOCL_H) && !defined(CONFIG_HEADER_DES_LOCL_H) 36 | #define CONFIG_HEADER_DES_LOCL_H 37 | #ifndef DES_DEFAULT_OPTIONS 38 | /* Unroll the inner loop, this sometimes helps, sometimes hinders. 39 | * Very much CPU dependent */ 40 | #ifndef DES_UNROLL 41 | #define DES_UNROLL 42 | #endif 43 | 44 | #endif /* DES_DEFAULT_OPTIONS */ 45 | #endif /* HEADER_DES_LOCL_H */ 46 | -------------------------------------------------------------------------------- /include/compat/arpa/inet.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * arpa/inet.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | 11 | #ifndef AI_ADDRCONFIG 12 | #define AI_ADDRCONFIG 0x00000400 13 | #endif 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /include/compat/arpa/nameser.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * arpa/inet.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #ifdef HAVE_ARPA_NAMESER_H 8 | #include_next 9 | #endif 10 | #else 11 | #include 12 | 13 | #ifndef INADDRSZ 14 | #define INADDRSZ 4 15 | #endif 16 | 17 | #ifndef IN6ADDRSZ 18 | #define IN6ADDRSZ 16 19 | #endif 20 | 21 | #ifndef INT16SZ 22 | #define INT16SZ 2 23 | #endif 24 | 25 | #endif 26 | -------------------------------------------------------------------------------- /include/compat/cet.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * cet.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCOMPAT_CET_H 7 | #define LIBCOMPAT_CET_H 8 | 9 | #ifndef _MSC_VER 10 | 11 | #ifdef __CET__ 12 | # include_next 13 | #else 14 | # define _CET_ENDBR 15 | #endif 16 | 17 | #endif 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /include/compat/dirent.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * dirent.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_DIRENT_H 7 | #define LIBCRYPTOCOMPAT_DIRENT_H 8 | 9 | #ifdef _MSC_VER 10 | #include 11 | #include 12 | #else 13 | #include_next 14 | #endif 15 | 16 | #endif 17 | 18 | -------------------------------------------------------------------------------- /include/compat/err.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * err.h compatibility shim 4 | */ 5 | 6 | #ifdef HAVE_ERR_H 7 | 8 | #include_next 9 | 10 | #else 11 | 12 | #ifndef LIBCRYPTOCOMPAT_ERR_H 13 | #define LIBCRYPTOCOMPAT_ERR_H 14 | 15 | #include 16 | #include 17 | #include 18 | #include 19 | #include 20 | 21 | #if defined(_MSC_VER) 22 | __declspec(noreturn) 23 | #else 24 | __attribute__((noreturn)) 25 | #endif 26 | static inline void 27 | err(int eval, const char *fmt, ...) 28 | { 29 | int sverrno = errno; 30 | va_list ap; 31 | 32 | va_start(ap, fmt); 33 | if (fmt != NULL) { 34 | vfprintf(stderr, fmt, ap); 35 | fprintf(stderr, ": "); 36 | } 37 | va_end(ap); 38 | fprintf(stderr, "%s\n", strerror(sverrno)); 39 | exit(eval); 40 | } 41 | 42 | #if defined(_MSC_VER) 43 | __declspec(noreturn) 44 | #else 45 | __attribute__((noreturn)) 46 | #endif 47 | static inline void 48 | errx(int eval, const char *fmt, ...) 49 | { 50 | va_list ap; 51 | 52 | va_start(ap, fmt); 53 | if (fmt != NULL) 54 | vfprintf(stderr, fmt, ap); 55 | va_end(ap); 56 | fprintf(stderr, "\n"); 57 | exit(eval); 58 | } 59 | 60 | static inline void 61 | warn(const char *fmt, ...) 62 | { 63 | int sverrno = errno; 64 | va_list ap; 65 | 66 | va_start(ap, fmt); 67 | if (fmt != NULL) { 68 | vfprintf(stderr, fmt, ap); 69 | fprintf(stderr, ": "); 70 | } 71 | va_end(ap); 72 | fprintf(stderr, "%s\n", strerror(sverrno)); 73 | } 74 | 75 | static inline void 76 | vwarnx(const char *fmt, va_list args) 77 | { 78 | if (fmt != NULL) 79 | vfprintf(stderr, fmt, args); 80 | fprintf(stderr, "\n"); 81 | } 82 | 83 | static inline void 84 | warnx(const char *fmt, ...) 85 | { 86 | va_list ap; 87 | 88 | va_start(ap, fmt); 89 | vwarnx(fmt, ap); 90 | va_end(ap); 91 | } 92 | 93 | #endif 94 | 95 | #endif 96 | -------------------------------------------------------------------------------- /include/compat/fcntl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * fcntl.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | 10 | #ifdef _MSC_VER 11 | #if _MSC_VER >= 1900 12 | #include <../ucrt/fcntl.h> 13 | #else 14 | #include <../include/fcntl.h> 15 | #endif 16 | #else 17 | #include_next 18 | #endif 19 | 20 | #endif 21 | 22 | #ifndef O_NONBLOCK 23 | #define O_NONBLOCK 0x100000 24 | #endif 25 | 26 | #ifndef O_CLOEXEC 27 | #define O_CLOEXEC 0x200000 28 | #endif 29 | 30 | #ifndef FD_CLOEXEC 31 | #define FD_CLOEXEC 1 32 | #endif 33 | -------------------------------------------------------------------------------- /include/compat/getopt.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: getopt.h,v 1.3 2013/11/22 21:32:49 millert Exp $ */ 2 | /* $NetBSD: getopt.h,v 1.4 2000/07/07 10:43:54 ad Exp $ */ 3 | 4 | /*- 5 | * Copyright (c) 2000 The NetBSD Foundation, Inc. 6 | * All rights reserved. 7 | * 8 | * This code is derived from software contributed to The NetBSD Foundation 9 | * by Dieter Baron and Thomas Klausner. 10 | * 11 | * Redistribution and use in source and binary forms, with or without 12 | * modification, are permitted provided that the following conditions 13 | * are met: 14 | * 1. Redistributions of source code must retain the above copyright 15 | * notice, this list of conditions and the following disclaimer. 16 | * 2. Redistributions in binary form must reproduce the above copyright 17 | * notice, this list of conditions and the following disclaimer in the 18 | * documentation and/or other materials provided with the distribution. 19 | * 20 | * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 | * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 | * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 | * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 | * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 | * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 | * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 | * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 | * POSSIBILITY OF SUCH DAMAGE. 31 | */ 32 | 33 | #ifdef HAVE_GETOPT 34 | 35 | #include_next 36 | 37 | #else 38 | 39 | #ifndef _GETOPT_DEFINED_ 40 | #define _GETOPT_DEFINED_ 41 | int getopt(int, char * const *, const char *); 42 | 43 | extern char *optarg; /* getopt(3) external variables */ 44 | extern int opterr; 45 | extern int optind; 46 | extern int optopt; 47 | extern int optreset; 48 | #endif 49 | 50 | #endif /* HAVE_GETOPT */ 51 | -------------------------------------------------------------------------------- /include/compat/limits.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * limits.h compatibility shim 4 | */ 5 | 6 | #ifdef _MSC_VER 7 | #include <../include/limits.h> 8 | #if _MSC_VER >= 1900 9 | #include <../ucrt/stdlib.h> 10 | #else 11 | #include <../include/stdlib.h> 12 | #endif 13 | #ifndef PATH_MAX 14 | #define PATH_MAX _MAX_PATH 15 | #endif 16 | #else 17 | #include_next 18 | #endif 19 | 20 | #ifdef __hpux 21 | #include 22 | #ifndef PATH_MAX 23 | #define PATH_MAX MAXPATHLEN 24 | #endif 25 | #endif 26 | -------------------------------------------------------------------------------- /include/compat/netdb.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * netdb.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | #endif 11 | -------------------------------------------------------------------------------- /include/compat/netinet/in.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * netinet/in.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | #endif 11 | 12 | #ifndef LIBCRYPTOCOMPAT_NETINET_IN_H 13 | #define LIBCRYPTOCOMPAT_NETINET_IN_H 14 | 15 | #ifdef __ANDROID__ 16 | typedef uint16_t in_port_t; 17 | #endif 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /include/compat/netinet/ip.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * netinet/ip.h compatibility shim 4 | */ 5 | 6 | #if defined(__hpux) 7 | #include 8 | #endif 9 | 10 | #ifndef _WIN32 11 | #ifdef HAVE_NETINET_IP_H 12 | #include_next 13 | #endif 14 | #else 15 | #include 16 | #endif 17 | 18 | /* 19 | * Definitions for DiffServ Codepoints as per RFC2474 20 | */ 21 | #ifndef IPTOS_DSCP_CS0 22 | #define IPTOS_DSCP_CS0 0x00 23 | #define IPTOS_DSCP_CS1 0x20 24 | #define IPTOS_DSCP_CS2 0x40 25 | #define IPTOS_DSCP_CS3 0x60 26 | #define IPTOS_DSCP_CS4 0x80 27 | #define IPTOS_DSCP_CS5 0xa0 28 | #define IPTOS_DSCP_CS6 0xc0 29 | #define IPTOS_DSCP_CS7 0xe0 30 | #endif 31 | 32 | #ifndef IPTOS_DSCP_AF11 33 | #define IPTOS_DSCP_AF11 0x28 34 | #define IPTOS_DSCP_AF12 0x30 35 | #define IPTOS_DSCP_AF13 0x38 36 | #define IPTOS_DSCP_AF21 0x48 37 | #define IPTOS_DSCP_AF22 0x50 38 | #define IPTOS_DSCP_AF23 0x58 39 | #define IPTOS_DSCP_AF31 0x68 40 | #define IPTOS_DSCP_AF32 0x70 41 | #define IPTOS_DSCP_AF33 0x78 42 | #define IPTOS_DSCP_AF41 0x88 43 | #define IPTOS_DSCP_AF42 0x90 44 | #define IPTOS_DSCP_AF43 0x98 45 | #endif 46 | 47 | #ifndef IPTOS_DSCP_EF 48 | #define IPTOS_DSCP_EF 0xb8 49 | #endif 50 | -------------------------------------------------------------------------------- /include/compat/netinet/tcp.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * netinet/tcp.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | #endif 11 | -------------------------------------------------------------------------------- /include/compat/poll.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * 4 | * poll(2) emulation for Windows 5 | * 6 | * This emulates just-enough poll functionality on Windows to work in the 7 | * context of the openssl(1) program. This is not a replacement for 8 | * POSIX.1-2001 poll(2). 9 | * 10 | * Dongsheng Song 11 | * Brent Cook 12 | */ 13 | 14 | #ifndef LIBCRYPTOCOMPAT_POLL_H 15 | #define LIBCRYPTOCOMPAT_POLL_H 16 | 17 | #ifndef _WIN32 18 | #include_next 19 | #else 20 | 21 | #include 22 | 23 | /* Type used for the number of file descriptors. */ 24 | typedef unsigned long int nfds_t; 25 | 26 | #if !defined(_WIN32_WINNT) || (_WIN32_WINNT < 0x0600) 27 | /* Data structure describing a polling request. */ 28 | struct pollfd { 29 | int fd; /* file descriptor */ 30 | short events; /* requested events */ 31 | short revents; /* returned events */ 32 | }; 33 | 34 | /* Event types that can be polled */ 35 | #define POLLIN 0x001 /* There is data to read. */ 36 | #define POLLPRI 0x002 /* There is urgent data to read. */ 37 | #define POLLOUT 0x004 /* Writing now will not block. */ 38 | 39 | # define POLLRDNORM 0x040 /* Normal data may be read. */ 40 | # define POLLRDBAND 0x080 /* Priority data may be read. */ 41 | # define POLLWRNORM 0x100 /* Writing now will not block. */ 42 | # define POLLWRBAND 0x200 /* Priority data may be written. */ 43 | 44 | /* Event types always implicitly polled. */ 45 | #define POLLERR 0x008 /* Error condition. */ 46 | #define POLLHUP 0x010 /* Hung up. */ 47 | #define POLLNVAL 0x020 /* Invalid polling request. */ 48 | 49 | #endif 50 | 51 | #ifdef __cplusplus 52 | extern "C" { 53 | #endif 54 | 55 | int poll(struct pollfd *pfds, nfds_t nfds, int timeout); 56 | 57 | #ifdef __cplusplus 58 | } 59 | #endif 60 | 61 | #endif /* HAVE_POLL */ 62 | 63 | #endif /* LIBCRYPTOCOMPAT_POLL_H */ 64 | -------------------------------------------------------------------------------- /include/compat/pthread.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * pthread.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_PTHREAD_H 7 | #define LIBCRYPTOCOMPAT_PTHREAD_H 8 | 9 | #ifdef _WIN32 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | /* 16 | * Static once initialization values. 17 | */ 18 | #define PTHREAD_ONCE_INIT { INIT_ONCE_STATIC_INIT } 19 | 20 | /* 21 | * Static mutex initialization values. 22 | */ 23 | #define PTHREAD_MUTEX_INITIALIZER { .lock = NULL } 24 | 25 | /* 26 | * Once definitions. 27 | */ 28 | struct pthread_once { 29 | INIT_ONCE once; 30 | }; 31 | typedef struct pthread_once pthread_once_t; 32 | 33 | struct _pthread_win32_cb_arg { 34 | void (*cb)(void); 35 | }; 36 | 37 | static inline BOOL CALLBACK 38 | _pthread_once_win32_cb(PINIT_ONCE once, PVOID param, PVOID *context) 39 | { 40 | struct _pthread_win32_cb_arg *arg = param; 41 | arg->cb(); 42 | return TRUE; 43 | } 44 | 45 | static inline int 46 | pthread_once(pthread_once_t *once, void (*cb) (void)) 47 | { 48 | struct _pthread_win32_cb_arg arg = { .cb = cb }; 49 | BOOL rc = InitOnceExecuteOnce(&once->once, _pthread_once_win32_cb, &arg, NULL); 50 | if (rc == 0) 51 | return EINVAL; 52 | else 53 | return 0; 54 | } 55 | 56 | typedef DWORD pthread_t; 57 | 58 | static inline pthread_t 59 | pthread_self(void) 60 | { 61 | return GetCurrentThreadId(); 62 | } 63 | 64 | static inline int 65 | pthread_equal(pthread_t t1, pthread_t t2) 66 | { 67 | return t1 == t2; 68 | } 69 | 70 | struct pthread_mutex { 71 | volatile LPCRITICAL_SECTION lock; 72 | }; 73 | typedef struct pthread_mutex pthread_mutex_t; 74 | typedef void pthread_mutexattr_t; 75 | 76 | static inline int 77 | pthread_mutex_init(pthread_mutex_t *mutex, const pthread_mutexattr_t *attr) 78 | { 79 | if ((mutex->lock = malloc(sizeof(CRITICAL_SECTION))) == NULL) 80 | exit(ENOMEM); 81 | InitializeCriticalSection(mutex->lock); 82 | return 0; 83 | } 84 | 85 | static inline int 86 | pthread_mutex_lock(pthread_mutex_t *mutex) 87 | { 88 | if (mutex->lock == NULL) { 89 | LPCRITICAL_SECTION lcs; 90 | 91 | if ((lcs = malloc(sizeof(CRITICAL_SECTION))) == NULL) 92 | exit(ENOMEM); 93 | InitializeCriticalSection(lcs); 94 | if (InterlockedCompareExchangePointer((PVOID*)&mutex->lock, (PVOID)lcs, NULL) != NULL) { 95 | DeleteCriticalSection(lcs); 96 | free(lcs); 97 | } 98 | } 99 | EnterCriticalSection(mutex->lock); 100 | return 0; 101 | } 102 | 103 | static inline int 104 | pthread_mutex_unlock(pthread_mutex_t *mutex) 105 | { 106 | LeaveCriticalSection(mutex->lock); 107 | return 0; 108 | } 109 | 110 | static inline int 111 | pthread_mutex_destroy(pthread_mutex_t *mutex) 112 | { 113 | DeleteCriticalSection(mutex->lock); 114 | free(mutex->lock); 115 | return 0; 116 | } 117 | 118 | #else 119 | #include_next 120 | #endif 121 | 122 | #endif 123 | -------------------------------------------------------------------------------- /include/compat/readpassphrase.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: readpassphrase.h,v 1.5 2003/06/17 21:56:23 millert Exp $ */ 2 | 3 | /* 4 | * Copyright (c) 2000, 2002 Todd C. Miller 5 | * 6 | * Permission to use, copy, modify, and distribute this software for any 7 | * purpose with or without fee is hereby granted, provided that the above 8 | * copyright notice and this permission notice appear in all copies. 9 | * 10 | * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | * 18 | * Sponsored in part by the Defense Advanced Research Projects 19 | * Agency (DARPA) and Air Force Research Laboratory, Air Force 20 | * Materiel Command, USAF, under agreement number F39502-99-1-0512. 21 | */ 22 | 23 | #ifdef HAVE_READPASSPHRASE_H 24 | 25 | #include_next 26 | 27 | #else 28 | 29 | #ifndef _READPASSPHRASE_H_ 30 | #define _READPASSPHRASE_H_ 31 | 32 | #define RPP_ECHO_OFF 0x00 /* Turn off echo (default). */ 33 | #define RPP_ECHO_ON 0x01 /* Leave echo on. */ 34 | #define RPP_REQUIRE_TTY 0x02 /* Fail if there is no tty. */ 35 | #define RPP_FORCELOWER 0x04 /* Force input to lower case. */ 36 | #define RPP_FORCEUPPER 0x08 /* Force input to upper case. */ 37 | #define RPP_SEVENBIT 0x10 /* Strip the high bit from input. */ 38 | #define RPP_STDIN 0x20 /* Read from stdin, not /dev/tty */ 39 | 40 | char * readpassphrase(const char *, char *, size_t, int); 41 | 42 | #endif /* !_READPASSPHRASE_H_ */ 43 | 44 | #endif 45 | -------------------------------------------------------------------------------- /include/compat/resolv.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * resolv.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_RESOLV_H 7 | #define LIBCRYPTOCOMPAT_RESOLV_H 8 | 9 | #ifdef _MSC_VER 10 | #if _MSC_VER >= 1900 11 | #include <../ucrt/resolv.h> 12 | #else 13 | #include <../include/resolv.h> 14 | #endif 15 | #elif defined(HAVE_RESOLV_H) 16 | #include_next 17 | #endif 18 | 19 | #ifndef HAVE_B64_NTOP 20 | int b64_ntop(unsigned char const *, size_t, char *, size_t); 21 | int b64_pton(char const *, unsigned char *, size_t); 22 | #endif 23 | 24 | #endif 25 | -------------------------------------------------------------------------------- /include/compat/stdint.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * stdint.h compatibility shim 4 | */ 5 | 6 | #ifdef _MSC_VER 7 | #include <../include/stdint.h> 8 | #else 9 | #include_next 10 | #endif 11 | 12 | #ifndef LIBCRYPTOCOMPAT_STDINT_H 13 | #define LIBCRYPTOCOMPAT_STDINT_H 14 | 15 | #ifndef SIZE_MAX 16 | #include 17 | #endif 18 | 19 | #if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__) 20 | # define __bounded__(x, y, z) 21 | #endif 22 | 23 | #if !defined(HAVE_ATTRIBUTE__DEAD) && !defined(__dead) 24 | #ifdef _MSC_VER 25 | #define __dead __declspec(noreturn) 26 | #else 27 | #define __dead __attribute__((__noreturn__)) 28 | #endif 29 | #endif 30 | 31 | #endif 32 | -------------------------------------------------------------------------------- /include/compat/stdio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * stdio.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_STDIO_H 7 | #define LIBCRYPTOCOMPAT_STDIO_H 8 | 9 | #ifdef _MSC_VER 10 | #if _MSC_VER >= 1900 11 | #include <../ucrt/stdlib.h> 12 | #include <../ucrt/corecrt_io.h> 13 | #include <../ucrt/stdio.h> 14 | #else 15 | #include <../include/stdio.h> 16 | #endif 17 | #else 18 | #include_next 19 | #endif 20 | 21 | #ifndef HAVE_GETDELIM 22 | #include 23 | #define getdelim libressl_getdelim 24 | ssize_t getdelim(char **buf, size_t *bufsiz, int delimiter, FILE *fp); 25 | #endif 26 | 27 | #ifndef HAVE_GETLINE 28 | #include 29 | #define getline libressl_getline 30 | ssize_t getline(char **buf, size_t *bufsiz, FILE *fp); 31 | #endif 32 | 33 | #ifndef HAVE_ASPRINTF 34 | #include 35 | #define vasprintf libressl_vasprintf 36 | int vasprintf(char **str, const char *fmt, va_list ap); 37 | #define asprintf libressl_asprintf 38 | int asprintf(char **str, const char *fmt, ...); 39 | #endif 40 | 41 | #ifdef _WIN32 42 | 43 | #if defined(_MSC_VER) 44 | #define __func__ __FUNCTION__ 45 | #endif 46 | 47 | void posix_perror(const char *s); 48 | FILE * posix_fopen(const char *path, const char *mode); 49 | char * posix_fgets(char *s, int size, FILE *stream); 50 | int posix_rename(const char *oldpath, const char *newpath); 51 | 52 | #ifndef NO_REDEF_POSIX_FUNCTIONS 53 | #define perror(errnum) posix_perror(errnum) 54 | #define fopen(path, mode) posix_fopen(path, mode) 55 | #define fgets(s, size, stream) posix_fgets(s, size, stream) 56 | #define rename(oldpath, newpath) posix_rename(oldpath, newpath) 57 | #endif 58 | 59 | #if defined(_MSC_VER) && _MSC_VER < 1900 60 | #define snprintf _snprintf 61 | #endif 62 | 63 | #endif 64 | 65 | #endif 66 | -------------------------------------------------------------------------------- /include/compat/stdlib.h: -------------------------------------------------------------------------------- 1 | /* 2 | * stdlib.h compatibility shim 3 | * Public domain 4 | */ 5 | 6 | #ifdef _MSC_VER 7 | #if _MSC_VER >= 1900 8 | #include <../ucrt/stdlib.h> 9 | #else 10 | #include <../include/stdlib.h> 11 | #endif 12 | #else 13 | #include_next 14 | #endif 15 | 16 | #ifndef LIBCRYPTOCOMPAT_STDLIB_H 17 | #define LIBCRYPTOCOMPAT_STDLIB_H 18 | 19 | #include 20 | #include 21 | 22 | #ifndef HAVE_ARC4RANDOM_BUF 23 | #define arc4random libressl_arc4random 24 | uint32_t arc4random(void); 25 | #define arc4random_buf libressl_arc4random_buf 26 | void arc4random_buf(void *_buf, size_t n); 27 | #define arc4random_uniform libressl_arc4random_uniform 28 | uint32_t arc4random_uniform(uint32_t upper_bound); 29 | #endif 30 | 31 | #ifndef HAVE_FREEZERO 32 | #define freezero libressl_freezero 33 | void freezero(void *ptr, size_t sz); 34 | #endif 35 | 36 | #ifndef HAVE_GETPROGNAME 37 | #define getprogname libressl_getprogname 38 | const char * getprogname(void); 39 | #endif 40 | 41 | #ifndef HAVE_REALLOCARRAY 42 | #define reallocarray libressl_reallocarray 43 | void *reallocarray(void *, size_t, size_t); 44 | #endif 45 | 46 | #ifndef HAVE_RECALLOCARRAY 47 | #define recallocarray libressl_recallocarray 48 | void *recallocarray(void *, size_t, size_t, size_t); 49 | #endif 50 | 51 | #ifndef HAVE_STRTONUM 52 | #define strtonum libressl_strtonum 53 | long long strtonum(const char *nptr, long long minval, 54 | long long maxval, const char **errstr); 55 | #endif 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /include/compat/string.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * string.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_STRING_H 7 | #define LIBCRYPTOCOMPAT_STRING_H 8 | 9 | #ifdef _MSC_VER 10 | #if _MSC_VER >= 1900 11 | #include <../ucrt/string.h> 12 | #else 13 | #include <../include/string.h> 14 | #endif 15 | #else 16 | #include_next 17 | #endif 18 | 19 | #include 20 | 21 | #if defined(__sun) || defined(_AIX) || defined(__hpux) 22 | /* Some functions historically defined in string.h were placed in strings.h by 23 | * SUS. Use the same hack as OS X and FreeBSD use to work around on AIX, 24 | * Solaris, and HPUX. 25 | */ 26 | #include 27 | #endif 28 | 29 | #ifndef HAVE_STRCASECMP 30 | #define strcasecmp libressl_strcasecmp 31 | int strcasecmp(const char *s1, const char *s2); 32 | #define strncasecmp libressl_strncasecmp 33 | int strncasecmp(const char *s1, const char *s2, size_t len); 34 | #endif 35 | 36 | #ifndef HAVE_STRLCPY 37 | #define strlcpy libressl_strlcpy 38 | size_t strlcpy(char *dst, const char *src, size_t siz); 39 | #endif 40 | 41 | #ifndef HAVE_STRLCAT 42 | #define strlcat libressl_strlcat 43 | size_t strlcat(char *dst, const char *src, size_t siz); 44 | #endif 45 | 46 | #ifndef HAVE_STRNDUP 47 | #define strndup libressl_strndup 48 | char * strndup(const char *str, size_t maxlen); 49 | /* the only user of strnlen is strndup, so only build it if needed */ 50 | #ifndef HAVE_STRNLEN 51 | #define strnlen libressl_strnlen 52 | size_t strnlen(const char *str, size_t maxlen); 53 | #endif 54 | #endif 55 | 56 | #ifndef HAVE_STRSEP 57 | #define strsep libressl_strsep 58 | char *strsep(char **stringp, const char *delim); 59 | #endif 60 | 61 | #ifndef HAVE_EXPLICIT_BZERO 62 | #define explicit_bzero libressl_explicit_bzero 63 | void explicit_bzero(void *, size_t); 64 | #endif 65 | 66 | #ifndef HAVE_TIMINGSAFE_BCMP 67 | #define timingsafe_bcmp libressl_timingsafe_bcmp 68 | int timingsafe_bcmp(const void *b1, const void *b2, size_t n); 69 | #endif 70 | 71 | #ifndef HAVE_TIMINGSAFE_MEMCMP 72 | #define timingsafe_memcmp libressl_timingsafe_memcmp 73 | int timingsafe_memcmp(const void *b1, const void *b2, size_t len); 74 | #endif 75 | 76 | #ifndef HAVE_MEMMEM 77 | #define memmem libressl_memmem 78 | void * memmem(const void *big, size_t big_len, const void *little, 79 | size_t little_len); 80 | #endif 81 | 82 | #ifdef _WIN32 83 | #include 84 | 85 | static inline char * 86 | posix_strerror(int errnum) 87 | { 88 | if (errnum == ECONNREFUSED) { 89 | return "Connection refused"; 90 | } 91 | return strerror(errnum); 92 | } 93 | 94 | #define strerror(errnum) posix_strerror(errnum) 95 | 96 | #endif 97 | 98 | #endif 99 | -------------------------------------------------------------------------------- /include/compat/sys/_null.h: -------------------------------------------------------------------------------- 1 | /* $OpenBSD: _null.h,v 1.2 2016/09/09 22:07:58 millert Exp $ */ 2 | 3 | /* 4 | * Written by Todd C. Miller, September 9, 2016 5 | * Public domain. 6 | */ 7 | 8 | #ifndef NULL 9 | #if !defined(__cplusplus) 10 | #define NULL ((void *)0) 11 | #elif __cplusplus >= 201103L 12 | #define NULL nullptr 13 | #elif defined(__GNUG__) 14 | #define NULL __null 15 | #else 16 | #define NULL 0L 17 | #endif 18 | #endif 19 | -------------------------------------------------------------------------------- /include/compat/sys/ioctl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/ioctl.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | #define ioctl(fd, type, arg) ioctlsocket(fd, type, arg) 11 | #endif 12 | -------------------------------------------------------------------------------- /include/compat/sys/mman.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/mman.h compatibility shim 4 | */ 5 | 6 | #include_next 7 | 8 | #ifndef LIBCRYPTOCOMPAT_MMAN_H 9 | #define LIBCRYPTOCOMPAT_MMAN_H 10 | 11 | #ifndef MAP_ANON 12 | #ifdef MAP_ANONYMOUS 13 | #define MAP_ANON MAP_ANONYMOUS 14 | #else 15 | #error "System does not support mapping anonymous pages?" 16 | #endif 17 | #endif 18 | 19 | #endif 20 | -------------------------------------------------------------------------------- /include/compat/sys/param.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/param.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_SYS_PARAM_H 7 | #define LIBCRYPTOCOMPAT_SYS_PARAM_H 8 | 9 | #ifdef _MSC_VER 10 | #include 11 | #else 12 | #include_next 13 | #endif 14 | 15 | #endif 16 | -------------------------------------------------------------------------------- /include/compat/sys/select.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/select.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | #endif 11 | -------------------------------------------------------------------------------- /include/compat/sys/socket.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/socket.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | #include 10 | #endif 11 | 12 | #if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC) 13 | #define NEED_SOCKET_FLAGS 14 | #define SOCK_CLOEXEC 0x8000 /* set FD_CLOEXEC */ 15 | #define SOCK_NONBLOCK 0x4000 /* set O_NONBLOCK */ 16 | int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]); 17 | #define socketpair(d,t,p,sv) bsd_socketpair(d,t,p,sv) 18 | #endif 19 | -------------------------------------------------------------------------------- /include/compat/sys/time.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/time.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_SYS_TIME_H 7 | #define LIBCRYPTOCOMPAT_SYS_TIME_H 8 | 9 | #ifdef _MSC_VER 10 | #include 11 | 12 | #define timeval libressl_timeval 13 | #define gettimeofday libressl_gettimeofday 14 | 15 | struct timeval { 16 | long long tv_sec; 17 | long tv_usec; 18 | }; 19 | 20 | int gettimeofday(struct timeval *tp, void *tzp); 21 | #else 22 | #include_next 23 | #endif 24 | 25 | #ifndef timersub 26 | #define timersub(tvp, uvp, vvp) \ 27 | do { \ 28 | (vvp)->tv_sec = (tvp)->tv_sec - (uvp)->tv_sec; \ 29 | (vvp)->tv_usec = (tvp)->tv_usec - (uvp)->tv_usec; \ 30 | if ((vvp)->tv_usec < 0) { \ 31 | (vvp)->tv_sec--; \ 32 | (vvp)->tv_usec += 1000000; \ 33 | } \ 34 | } while (0) 35 | #endif 36 | 37 | #endif 38 | -------------------------------------------------------------------------------- /include/compat/sys/types.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/types.h compatibility shim 4 | */ 5 | 6 | #ifdef _MSC_VER 7 | #if _MSC_VER >= 1900 8 | #include <../ucrt/sys/types.h> 9 | #else 10 | #include <../include/sys/types.h> 11 | #endif 12 | #else 13 | #include_next 14 | #endif 15 | 16 | #ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H 17 | #define LIBCRYPTOCOMPAT_SYS_TYPES_H 18 | 19 | #include 20 | 21 | #ifdef __MINGW32__ 22 | #include <_bsd_types.h> 23 | typedef uint32_t in_addr_t; 24 | typedef uint32_t uid_t; 25 | #endif 26 | 27 | #ifdef _MSC_VER 28 | typedef unsigned char u_char; 29 | typedef unsigned short u_short; 30 | typedef unsigned int u_int; 31 | typedef uint32_t in_addr_t; 32 | typedef uint32_t mode_t; 33 | typedef uint32_t uid_t; 34 | 35 | #include 36 | typedef SSIZE_T ssize_t; 37 | 38 | #ifndef SSIZE_MAX 39 | #ifdef _WIN64 40 | #define SSIZE_MAX _I64_MAX 41 | #else 42 | #define SSIZE_MAX INT_MAX 43 | #endif 44 | #endif 45 | 46 | #endif 47 | 48 | #ifdef _WIN32 49 | #define __warn_references(sym,msg) 50 | #else 51 | 52 | #ifndef __warn_references 53 | 54 | #ifndef __STRING 55 | #define __STRING(x) #x 56 | #endif 57 | 58 | #if defined(__GNUC__) && defined (HAS_GNU_WARNING_LONG) 59 | #define __warn_references(sym,msg) \ 60 | __asm__(".section .gnu.warning." __STRING(sym) \ 61 | "\n\t.ascii \"" msg "\"\n\t.text"); 62 | #else 63 | #define __warn_references(sym,msg) 64 | #endif 65 | 66 | #endif /* __warn_references */ 67 | #endif /* _WIN32 */ 68 | 69 | #endif 70 | -------------------------------------------------------------------------------- /include/compat/sys/uio.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/select.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #else 9 | 10 | #include 11 | 12 | struct iovec { 13 | void *iov_base; 14 | size_t iov_len; 15 | }; 16 | 17 | #endif 18 | -------------------------------------------------------------------------------- /include/compat/syslog.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * syslog.h compatibility shim 4 | */ 5 | 6 | #ifndef _WIN32 7 | #include_next 8 | #endif 9 | 10 | #ifndef LIBCRYPTOCOMPAT_SYSLOG_H 11 | #define LIBCRYPTOCOMPAT_SYSLOG_H 12 | 13 | #ifndef HAVE_SYSLOG_R 14 | 15 | #include 16 | 17 | #ifdef _WIN32 18 | #define LOG_CONS LOG_INFO 19 | #define LOG_INFO 6 /* informational */ 20 | #define LOG_USER (1<<3) /* random user-level messages */ 21 | #define LOG_LOCAL2 (18<<3) /* reserved for local use */ 22 | #endif 23 | 24 | struct syslog_data { 25 | int log_stat; 26 | const char *log_tag; 27 | int log_fac; 28 | int log_mask; 29 | }; 30 | 31 | #define SYSLOG_DATA_INIT {0, (const char *)0, LOG_USER, 0xff} 32 | 33 | void syslog_r(int, struct syslog_data *, const char *, ...); 34 | void vsyslog_r(int, struct syslog_data *, const char *, va_list); 35 | 36 | #endif 37 | 38 | #endif 39 | -------------------------------------------------------------------------------- /include/compat/time.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * sys/time.h compatibility shim 4 | */ 5 | 6 | #ifndef SIZEOF_TIME_T 7 | #ifdef SMALL_TIME_T 8 | #define SIZEOF_TIME_T 4 9 | #else 10 | #define SIZEOF_TIME_T 8 11 | #endif 12 | #endif 13 | 14 | #ifdef _MSC_VER 15 | #if _MSC_VER >= 1900 16 | #include <../ucrt/time.h> 17 | #else 18 | #include <../include/time.h> 19 | #endif 20 | #else 21 | #include_next 22 | #endif 23 | 24 | #ifndef LIBCRYPTOCOMPAT_TIME_H 25 | #define LIBCRYPTOCOMPAT_TIME_H 26 | 27 | #ifndef CLOCK_MONOTONIC 28 | #define CLOCK_MONOTONIC CLOCK_REALTIME 29 | #endif 30 | 31 | #ifndef CLOCK_REALTIME 32 | #define CLOCK_REALTIME 0 33 | #endif 34 | 35 | #ifndef _WIN32 36 | #ifndef HAVE_CLOCK_GETTIME 37 | typedef int clockid_t; 38 | int clock_gettime(clockid_t clock_id, struct timespec *tp); 39 | #endif 40 | 41 | #ifdef timespecsub 42 | #define HAVE_TIMESPECSUB 43 | #endif 44 | 45 | #ifndef HAVE_TIMESPECSUB 46 | #define timespecsub(tsp, usp, vsp) \ 47 | do { \ 48 | (vsp)->tv_sec = (tsp)->tv_sec - (usp)->tv_sec; \ 49 | (vsp)->tv_nsec = (tsp)->tv_nsec - (usp)->tv_nsec; \ 50 | if ((vsp)->tv_nsec < 0) { \ 51 | (vsp)->tv_sec--; \ 52 | (vsp)->tv_nsec += 1000000000L; \ 53 | } \ 54 | } while (0) 55 | #endif 56 | 57 | #endif 58 | 59 | #endif 60 | -------------------------------------------------------------------------------- /include/compat/unistd.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * unistd.h compatibility shim 4 | */ 5 | 6 | #ifndef LIBCRYPTOCOMPAT_UNISTD_H 7 | #define LIBCRYPTOCOMPAT_UNISTD_H 8 | 9 | #ifndef _MSC_VER 10 | 11 | #include_next 12 | 13 | #ifdef __MINGW32__ 14 | int ftruncate(int fd, off_t length); 15 | uid_t getuid(void); 16 | ssize_t pread(int d, void *buf, size_t nbytes, off_t offset); 17 | ssize_t pwrite(int d, const void *buf, size_t nbytes, off_t offset); 18 | #endif 19 | 20 | #else 21 | 22 | #include 23 | #include 24 | #include 25 | 26 | #define STDIN_FILENO 0 27 | #define STDOUT_FILENO 1 28 | #define STDERR_FILENO 2 29 | 30 | #define R_OK 4 31 | #define W_OK 2 32 | #define X_OK 0 33 | #define F_OK 0 34 | 35 | #define SEEK_SET 0 36 | #define SEEK_CUR 1 37 | #define SEEK_END 2 38 | 39 | #define access _access 40 | 41 | #ifdef _MSC_VER 42 | #include 43 | static inline unsigned int sleep(unsigned int seconds) 44 | { 45 | Sleep(seconds * 1000); 46 | return seconds; 47 | } 48 | #endif 49 | 50 | int ftruncate(int fd, off_t length); 51 | uid_t getuid(void); 52 | ssize_t pread(int d, void *buf, size_t nbytes, off_t offset); 53 | ssize_t pwrite(int d, const void *buf, size_t nbytes, off_t offset); 54 | 55 | #endif 56 | 57 | #ifndef HAVE_GETENTROPY 58 | int getentropy(void *buf, size_t buflen); 59 | #else 60 | /* 61 | * Solaris 11.3 adds getentropy(2), but defines the function in sys/random.h 62 | */ 63 | #if defined(__sun) 64 | #include 65 | #endif 66 | #endif 67 | 68 | #ifndef HAVE_GETOPT 69 | #include "getopt.h" 70 | #endif 71 | 72 | #ifndef HAVE_GETPAGESIZE 73 | int getpagesize(void); 74 | #endif 75 | 76 | #define pledge(request, paths) 0 77 | #define unveil(path, permissions) 0 78 | 79 | #ifndef HAVE_PIPE2 80 | int pipe2(int fildes[2], int flags); 81 | #endif 82 | 83 | #endif 84 | -------------------------------------------------------------------------------- /include/compat/win32netcompat.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * 4 | * BSD socket emulation code for Winsock2 5 | * Brent Cook 6 | */ 7 | 8 | #ifndef LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H 9 | #define LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H 10 | 11 | #ifdef _WIN32 12 | 13 | #include 14 | #include 15 | #include 16 | 17 | #ifndef SHUT_RDWR 18 | #define SHUT_RDWR SD_BOTH 19 | #endif 20 | #ifndef SHUT_RD 21 | #define SHUT_RD SD_RECEIVE 22 | #endif 23 | #ifndef SHUT_WR 24 | #define SHUT_WR SD_SEND 25 | #endif 26 | 27 | int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen); 28 | 29 | int posix_open(const char *path, ...); 30 | 31 | int posix_close(int fd); 32 | 33 | ssize_t posix_read(int fd, void *buf, size_t count); 34 | 35 | ssize_t posix_write(int fd, const void *buf, size_t count); 36 | 37 | int posix_getsockopt(int sockfd, int level, int optname, 38 | void *optval, socklen_t *optlen); 39 | 40 | int posix_setsockopt(int sockfd, int level, int optname, 41 | const void *optval, socklen_t optlen); 42 | 43 | #ifndef NO_REDEF_POSIX_FUNCTIONS 44 | #define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen) 45 | #define open(path, ...) posix_open(path, __VA_ARGS__) 46 | #define close(fd) posix_close(fd) 47 | #define read(fd, buf, count) posix_read(fd, buf, count) 48 | #define write(fd, buf, count) posix_write(fd, buf, count) 49 | #define getsockopt(sockfd, level, optname, optval, optlen) \ 50 | posix_getsockopt(sockfd, level, optname, optval, optlen) 51 | #define setsockopt(sockfd, level, optname, optval, optlen) \ 52 | posix_setsockopt(sockfd, level, optname, optval, optlen) 53 | #endif 54 | 55 | #endif 56 | 57 | #endif 58 | -------------------------------------------------------------------------------- /include/openssl/Makefile.am.tpl: -------------------------------------------------------------------------------- 1 | include $(top_srcdir)/Makefile.am.common 2 | 3 | if !ENABLE_LIBTLS_ONLY 4 | opensslincludedir=$(includedir)/openssl 5 | 6 | BUILT_SOURCES = opensslconf.h 7 | CLEANFILES = opensslconf.h 8 | 9 | opensslconf.h: Makefile 10 | -echo "generating opensslconf.h ..." 11 | if HOST_AARCH64 12 | -cp $(top_srcdir)/include/arch/aarch64/opensslconf.h opensslconf.h 13 | endif 14 | if HOST_ARM 15 | -cp $(top_srcdir)/include/arch/arm/opensslconf.h opensslconf.h 16 | endif 17 | if HOST_I386 18 | -cp $(top_srcdir)/include/arch/i386/opensslconf.h opensslconf.h 19 | endif 20 | if HOST_LOONGARCH64 21 | -cp $(top_srcdir)/include/arch/loongarch64/opensslconf.h opensslconf.h 22 | endif 23 | if HOST_MIPS 24 | -cp $(top_srcdir)/include/arch/mips/opensslconf.h opensslconf.h 25 | endif 26 | if HOST_MIPS64 27 | -cp $(top_srcdir)/include/arch/mips64/opensslconf.h opensslconf.h 28 | endif 29 | if HOST_POWERPC 30 | -cp $(top_srcdir)/include/arch/powerpc/opensslconf.h opensslconf.h 31 | endif 32 | if HOST_POWERPC64 33 | -cp $(top_srcdir)/include/arch/powerpc64/opensslconf.h opensslconf.h 34 | endif 35 | if HOST_RISCV64 36 | -cp $(top_srcdir)/include/arch/riscv64/opensslconf.h opensslconf.h 37 | endif 38 | if HOST_SPARC64 39 | -cp $(top_srcdir)/include/arch/sparc64/opensslconf.h opensslconf.h 40 | endif 41 | if HOST_X86_64 42 | -cp $(top_srcdir)/include/arch/amd64/opensslconf.h opensslconf.h 43 | endif 44 | 45 | opensslinclude_HEADERS = opensslconf.h 46 | -------------------------------------------------------------------------------- /libcrypto.pc.in: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2014 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | # 16 | #libcrypto pkg-config source file 17 | 18 | prefix=@prefix@ 19 | exec_prefix=@exec_prefix@ 20 | libdir=@libdir@ 21 | includedir=@includedir@ 22 | 23 | Name: LibreSSL-libcrypto 24 | Description: LibreSSL cryptography library 25 | Version: @VERSION@ 26 | Libs: -L${libdir} -lcrypto 27 | Libs.private: @LIBS@ @PLATFORM_LDADD@ 28 | Cflags: -I${includedir} 29 | -------------------------------------------------------------------------------- /libressl.pub: -------------------------------------------------------------------------------- 1 | untrusted comment: LibreSSL portable signify key, April 8 2020 public key 2 | RWT44PcJDPu8ZDd5GfXWW2vuE+xq4M3haXXfYohnEnWoEYCKHNFut6W8 3 | -------------------------------------------------------------------------------- /libssl.pc.in: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2014 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | # 16 | #libssl pkg-config source file 17 | 18 | prefix=@prefix@ 19 | exec_prefix=@exec_prefix@ 20 | libdir=@libdir@ 21 | includedir=@includedir@ 22 | 23 | Name: LibreSSL-libssl 24 | Description: Secure Sockets Layer and cryptography libraries 25 | Version: @VERSION@ 26 | Requires.private: libcrypto 27 | Libs: -L${libdir} -lssl 28 | Cflags: -I${includedir} 29 | -------------------------------------------------------------------------------- /libtls.pc.in: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2014 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | # 16 | #libtls pkg-config source file 17 | 18 | prefix=@prefix@ 19 | exec_prefix=@exec_prefix@ 20 | libdir=@libdir@ 21 | includedir=@includedir@ 22 | 23 | Name: LibreSSL-libtls 24 | Description: Secure communications using the TLS socket protocol. 25 | Version: @VERSION@ 26 | Libs: -L${libdir} -ltls 27 | Libs.private: @LIBS@ @PLATFORM_LDADD@ -lssl -lcrypto 28 | Cflags: -I${includedir} 29 | -------------------------------------------------------------------------------- /m4/ax_add_fortify_source.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://www.gnu.org/software/autoconf-archive/ax_add_fortify_source.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_ADD_FORTIFY_SOURCE 8 | # 9 | # DESCRIPTION 10 | # 11 | # Check whether -D_FORTIFY_SOURCE=2 can be added to CPPFLAGS without macro 12 | # redefinition warnings, other cpp warnings or linker. Some distributions 13 | # (such as Gentoo Linux) enable _FORTIFY_SOURCE globally in their 14 | # compilers, leading to unnecessary warnings in the form of 15 | # 16 | # :0:0: error: "_FORTIFY_SOURCE" redefined [-Werror] 17 | # : note: this is the location of the previous definition 18 | # 19 | # which is a problem if -Werror is enabled. This macro checks whether 20 | # _FORTIFY_SOURCE is already defined, and if not, adds -D_FORTIFY_SOURCE=2 21 | # to CPPFLAGS. 22 | # 23 | # Newer mingw-w64 msys2 package comes with a bug in 24 | # headers-git-7.0.0.5546.d200317d-1. It broke -D_FORTIFY_SOURCE support, 25 | # and would need -lssp or -fstack-protector. See 26 | # https://github.com/msys2/MINGW-packages/issues/5803. Try to actually 27 | # link it. 28 | # 29 | # LICENSE 30 | # 31 | # Copyright (c) 2017 David Seifert 32 | # Copyright (c) 2019 Reini Urban 33 | # 34 | # Copying and distribution of this file, with or without modification, are 35 | # permitted in any medium without royalty provided the copyright notice 36 | # and this notice are preserved. This file is offered as-is, without any 37 | # warranty. 38 | 39 | #serial 4 40 | 41 | AC_DEFUN([AX_ADD_FORTIFY_SOURCE],[ 42 | ac_save_cflags=$CFLAGS 43 | ac_cwerror_flag=yes 44 | AX_CHECK_COMPILE_FLAG([-Werror],[CFLAGS="$CFLAGS -Werror"]) 45 | AC_MSG_CHECKING([whether to add -D_FORTIFY_SOURCE=2 to CPPFLAGS]) 46 | AC_LINK_IFELSE([ 47 | AC_LANG_PROGRAM([], 48 | [[ 49 | #ifndef _FORTIFY_SOURCE 50 | return 0; 51 | #else 52 | this_is_an_error; 53 | #endif 54 | ]] 55 | )], 56 | AC_LINK_IFELSE([ 57 | AC_LANG_SOURCE([[ 58 | #define _FORTIFY_SOURCE 2 59 | #include 60 | int main() { 61 | char *s = " "; 62 | strcpy(s, "x"); 63 | return strlen(s)-1; 64 | } 65 | ]] 66 | )], 67 | [ 68 | AC_MSG_RESULT([yes]) 69 | CFLAGS=$ac_save_cflags 70 | CPPFLAGS="$CPPFLAGS -D_FORTIFY_SOURCE=2" 71 | ], [ 72 | AC_MSG_RESULT([no]) 73 | CFLAGS=$ac_save_cflags 74 | ], 75 | ), 76 | [ 77 | AC_MSG_RESULT([no]) 78 | CFLAGS=$ac_save_cflags 79 | ]) 80 | ]) 81 | -------------------------------------------------------------------------------- /m4/ax_check_compile_flag.m4: -------------------------------------------------------------------------------- 1 | # =========================================================================== 2 | # https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html 3 | # =========================================================================== 4 | # 5 | # SYNOPSIS 6 | # 7 | # AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) 8 | # 9 | # DESCRIPTION 10 | # 11 | # Check whether the given FLAG works with the current language's compiler 12 | # or gives an error. (Warnings, however, are ignored) 13 | # 14 | # ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on 15 | # success/failure. 16 | # 17 | # If EXTRA-FLAGS is defined, it is added to the current language's default 18 | # flags (e.g. CFLAGS) when the check is done. The check is thus made with 19 | # the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to 20 | # force the compiler to issue an error when a bad flag is given. 21 | # 22 | # INPUT gives an alternative input source to AC_COMPILE_IFELSE. 23 | # 24 | # NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this 25 | # macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. 26 | # 27 | # LICENSE 28 | # 29 | # Copyright (c) 2008 Guido U. Draheim 30 | # Copyright (c) 2011 Maarten Bosmans 31 | # 32 | # Copying and distribution of this file, with or without modification, are 33 | # permitted in any medium without royalty provided the copyright notice 34 | # and this notice are preserved. This file is offered as-is, without any 35 | # warranty. 36 | 37 | #serial 6 38 | 39 | AC_DEFUN([AX_CHECK_COMPILE_FLAG], 40 | [AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF 41 | AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl 42 | AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ 43 | ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS 44 | _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" 45 | AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], 46 | [AS_VAR_SET(CACHEVAR,[yes])], 47 | [AS_VAR_SET(CACHEVAR,[no])]) 48 | _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) 49 | AS_VAR_IF(CACHEVAR,yes, 50 | [m4_default([$2], :)], 51 | [m4_default([$3], :)]) 52 | AS_VAR_POPDEF([CACHEVAR])dnl 53 | ])dnl AX_CHECK_COMPILE_FLAGS 54 | -------------------------------------------------------------------------------- /m4/disable-compiler-warnings.m4: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2014 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | AC_DEFUN([DISABLE_COMPILER_WARNINGS], [ 17 | # Clang throws a lot of warnings when it does not understand a flag. Disable 18 | # this warning for now so other warnings are visible. 19 | AC_MSG_CHECKING([if compiling with clang]) 20 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[ 21 | #ifndef __clang__ 22 | not clang 23 | #endif 24 | ]])], 25 | [CLANG=yes], 26 | [CLANG=no] 27 | ) 28 | AC_MSG_RESULT([$CLANG]) 29 | AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments]) 30 | CFLAGS="$CFLAGS $CLANG_FLAGS" 31 | LDFLAGS="$LDFLAGS $CLANG_FLAGS" 32 | 33 | # Removing the dependency on -Wno-pointer-sign should be a goal. These are 34 | # largely unsigned char */char* mismatches in asn1 functions. 35 | save_cflags="$CFLAGS" 36 | CFLAGS=-Wno-pointer-sign 37 | AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign]) 38 | AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])], 39 | [AC_MSG_RESULT([yes])] 40 | [AM_CFLAGS=-Wno-pointer-sign], 41 | [AC_MSG_RESULT([no])] 42 | ) 43 | CFLAGS="$save_cflags $AM_CFLAGS" 44 | ]) 45 | -------------------------------------------------------------------------------- /man/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2015 Jeff Davey 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | if(ENABLE_LIBRESSL_INSTALL) 17 | install(DIRECTORY . 18 | DESTINATION ${CMAKE_INSTALL_MANDIR}/man3 19 | FILES_MATCHING PATTERN "*.3" 20 | ) 21 | 22 | install(DIRECTORY . 23 | DESTINATION ${CMAKE_INSTALL_MANDIR}/man5 24 | FILES_MATCHING PATTERN "*.5" 25 | ) 26 | endif(ENABLE_LIBRESSL_INSTALL) 27 | -------------------------------------------------------------------------------- /man/update_links.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # Run this periodically to ensure that the manpage links are up to date 4 | ( 5 | cd /usr/src/usr.bin/mandoc/ 6 | make obj 7 | make cleandir 8 | make depend 9 | make 10 | cd /usr/src/regress/usr.bin/mandoc/db/mlinks/ 11 | make obj 12 | make cleandir 13 | make 14 | ) 15 | 16 | makewhatis -a . 17 | 18 | # We have to filter out some links that fail on case-insensitive filesystems 19 | # Running makewhatis with the right arguments should work on mandoc systems. 20 | echo "# This is an auto-generated file by $0" > links 21 | /usr/src/regress/usr.bin/mandoc/db/mlinks/obj/mlinks mandoc.db | \ 22 | grep -v OCSP_crlID_new | \ 23 | grep -v bn_print | \ 24 | grep -v "" | \ 25 | sort >> links 26 | -------------------------------------------------------------------------------- /openssl.pc.in: -------------------------------------------------------------------------------- 1 | #openssl pkg-config source file 2 | 3 | prefix=@prefix@ 4 | exec_prefix=@exec_prefix@ 5 | libdir=@libdir@ 6 | includedir=@includedir@ 7 | 8 | Name: LibreSSL 9 | Description: Secure Sockets Layer and cryptography libraries and tools 10 | Version: @VERSION@ 11 | Requires: libssl libcrypto 12 | -------------------------------------------------------------------------------- /patches/bn_shift.patch: -------------------------------------------------------------------------------- 1 | --- tests/bn_shift.c.orig 2023-02-13 20:06:27.295678033 -0600 2 | +++ tests/bn_shift.c 2023-02-13 20:08:08.335677654 -0600 3 | @@ -355,6 +355,8 @@ 4 | return failed; 5 | } 6 | 7 | +#if 0 8 | + 9 | static void 10 | benchmark_bn_lshift1(BIGNUM *bn) 11 | { 12 | @@ -620,9 +622,12 @@ 13 | BN_free(bn); 14 | } 15 | 16 | +#endif 17 | + 18 | static void 19 | benchmark_bn_shift(void) 20 | { 21 | +#if 0 22 | const struct benchmark *bm; 23 | size_t i; 24 | 25 | @@ -630,6 +635,9 @@ 26 | bm = &benchmarks[i]; 27 | benchmark_run(bm, 5); 28 | } 29 | +#else 30 | + return; 31 | +#endif 32 | } 33 | 34 | int 35 | -------------------------------------------------------------------------------- /patches/crypto_arch.h.patch: -------------------------------------------------------------------------------- 1 | --- crypto/arch/amd64/crypto_arch.h.orig Fri Feb 14 06:00:43 2025 2 | +++ crypto/arch/amd64/crypto_arch.h Fri Feb 14 06:01:13 2025 3 | @@ -40,6 +40,7 @@ extern uint64_t crypto_cpu_caps_amd64; 4 | #define HAVE_RC4_INTERNAL 5 | #define HAVE_RC4_SET_KEY_INTERNAL 6 | 7 | +#if 0 8 | #define HAVE_SHA1_BLOCK_DATA_ORDER 9 | #define HAVE_SHA1_BLOCK_GENERIC 10 | 11 | @@ -48,6 +49,7 @@ extern uint64_t crypto_cpu_caps_amd64; 12 | 13 | #define HAVE_SHA512_BLOCK_DATA_ORDER 14 | #define HAVE_SHA512_BLOCK_GENERIC 15 | +#endif 16 | 17 | #endif 18 | 19 | --- crypto/arch/aarch64/crypto_arch.h.orig Thu Mar 13 05:42:37 2025 20 | +++ crypto/arch/aarch64/crypto_arch.h Thu Mar 13 05:47:39 2025 21 | @@ -33,11 +33,13 @@ 22 | #define CRYPTO_CPU_CAPS_AARCH64_SHA512 (1ULL << 4) 23 | #define CRYPTO_CPU_CAPS_AARCH64_SHA3 (1ULL << 5) 24 | 25 | +#if 0 26 | #ifndef OPENSSL_NO_ASM 27 | 28 | #define HAVE_SHA256_BLOCK_DATA_ORDER 29 | #define HAVE_SHA512_BLOCK_DATA_ORDER 30 | 31 | +#endif 32 | #endif 33 | 34 | #endif 35 | -------------------------------------------------------------------------------- /patches/crypto_namespace.h.patch: -------------------------------------------------------------------------------- 1 | --- crypto/hidden/crypto_namespace.h.orig Fri Aug 2 23:52:55 2024 2 | +++ crypto/hidden/crypto_namespace.h Fri Aug 2 23:53:17 2024 3 | @@ -24,6 +24,12 @@ 4 | * external calls use the latter name. 5 | */ 6 | 7 | +#ifdef _MSC_VER 8 | +# define LCRYPTO_UNUSED(x) 9 | +# define LCRYPTO_USED(x) 10 | +# define LCRYPTO_ALIAS1(pre, x) 11 | +# define LCRYPTO_ALIAS(x) 12 | +#else 13 | #ifdef LIBRESSL_NAMESPACE 14 | #ifdef LIBRESSL_CRYPTO_NAMESPACE 15 | # define LCRYPTO_UNUSED(x) __attribute__((deprecated)) \ 16 | @@ -47,5 +53,6 @@ 17 | # define LCRYPTO_ALIAS1(pre,x) 18 | # define LCRYPTO_ALIAS(x) asm("") 19 | #endif 20 | +#endif /* _MSC_VER */ 21 | 22 | #endif /* _LIBCRYPTO_CRYPTO_NAMESPACE_H_ */ 23 | -------------------------------------------------------------------------------- /patches/openssl.c.patch: -------------------------------------------------------------------------------- 1 | --- apps/openssl/openssl.c.orig Sat May 31 03:18:05 2025 2 | +++ apps/openssl/openssl.c Sat May 31 03:18:17 2025 3 | @@ -341,7 +341,9 @@ BIO *bio_err = NULL; 4 | static void 5 | openssl_startup(void) 6 | { 7 | +#ifndef _WIN32 8 | signal(SIGPIPE, SIG_IGN); 9 | +#endif 10 | 11 | OpenSSL_add_all_algorithms(); 12 | SSL_library_init(); 13 | -------------------------------------------------------------------------------- /patches/opensslfeatures.h.patch: -------------------------------------------------------------------------------- 1 | --- include/openssl/opensslfeatures.h.orig Fri Jul 28 06:04:42 2023 2 | +++ include/openssl/opensslfeatures.h Fri Jul 28 06:09:00 2023 3 | @@ -8,6 +8,13 @@ 4 | #define LIBRESSL_HAS_TLS1_3 5 | #define LIBRESSL_HAS_DTLS1_2 6 | 7 | +/* 8 | + * Used for compatibility with compilers lacking __attribute__ 9 | + */ 10 | +#if defined(_MSC_VER) && !defined(__clang__) && !defined(__attribute__) 11 | +#define __attribute__(a) 12 | +#endif 13 | + 14 | #define OPENSSL_THREADS 15 | 16 | #define OPENSSL_NO_BUF_FREELISTS 17 | --- crypto/crypto_internal.h.orig Sat Dec 14 14:15:39 2024 18 | +++ crypto/crypto_internal.h Sat Dec 14 14:15:52 2024 19 | @@ -15,6 +15,8 @@ 20 | * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 21 | */ 22 | 23 | +#include 24 | + 25 | #include 26 | #include 27 | #include 28 | --- tests/parse_test_file.h.orig Thu Dec 26 01:13:00 2024 29 | +++ tests/parse_test_file.h Thu Dec 26 01:13:27 2024 30 | @@ -22,6 +22,8 @@ 31 | #include 32 | #include 33 | 34 | +#include 35 | + 36 | #include "bytestring.h" 37 | 38 | #if defined(__cplusplus) 39 | --- tests/test.h.orig Sat May 31 04:48:09 2025 40 | +++ tests/test.h Sat May 31 04:48:31 2025 41 | @@ -18,6 +18,8 @@ 42 | #ifndef HEADER_TEST_H 43 | #define HEADER_TEST_H 44 | 45 | +#include 46 | + 47 | #include 48 | #include 49 | 50 | -------------------------------------------------------------------------------- /patches/patch-amd64-crypto-cpu-caps.c.patch: -------------------------------------------------------------------------------- 1 | --- crypto/arch/amd64/crypto_cpu_caps.c.orig Sat Dec 14 13:45:16 2024 2 | +++ crypto/arch/amd64/crypto_cpu_caps.c Sat Dec 14 13:54:06 2024 3 | @@ -37,7 +37,7 @@ cpuid(uint32_t eax, uint32_t *out_eax, uint32_t *out_e 4 | { 5 | uint32_t ebx = 0, ecx = 0, edx = 0; 6 | 7 | -#ifndef OPENSSL_NO_ASM 8 | +#if defined(__GNUC__) && !defined(OPENSSL_NO_ASM) 9 | __asm__ ("cpuid": "+a"(eax), "+b"(ebx), "+c"(ecx), "+d"(edx)); 10 | #else 11 | eax = 0; 12 | @@ -58,7 +58,7 @@ xgetbv(uint32_t ecx, uint32_t *out_eax, uint32_t *out_ 13 | { 14 | uint32_t eax = 0, edx = 0; 15 | 16 | -#ifndef OPENSSL_NO_ASM 17 | +#if defined(__GNUC__) && !defined(OPENSSL_NO_ASM) 18 | __asm__ ("xgetbv": "+a"(eax), "+c"(ecx), "+d"(edx)); 19 | #endif 20 | 21 | -------------------------------------------------------------------------------- /patches/patch-i386-crypto-cpu-caps.c.patch: -------------------------------------------------------------------------------- 1 | --- crypto/arch/i386/crypto_cpu_caps.c.orig Fri Oct 18 17:35:20 2024 2 | +++ crypto/arch/i386/crypto_cpu_caps.c Fri Oct 18 17:39:13 2024 3 | @@ -33,7 +33,7 @@ cpuid(uint32_t eax, uint32_t *out_eax, uint32_t *out_e 4 | { 5 | uint32_t ebx = 0, ecx = 0, edx = 0; 6 | 7 | -#ifndef OPENSSL_NO_ASM 8 | +#if defined(__GNUC__) && !defined(OPENSSL_NO_ASM) 9 | __asm__ ("cpuid": "+a"(eax), "+b"(ebx), "+c"(ecx), "+d"(edx)); 10 | #else 11 | eax = 0; 12 | @@ -54,7 +54,7 @@ xgetbv(uint32_t ecx, uint32_t *out_eax, uint32_t *out_ 13 | { 14 | uint32_t eax = 0, edx = 0; 15 | 16 | -#ifndef OPENSSL_NO_ASM 17 | +#if defined(__GNUC__) && !defined(OPENSSL_NO_ASM) 18 | __asm__ ("xgetbv": "+a"(eax), "+c"(ecx), "+d"(edx)); 19 | #endif 20 | 21 | -------------------------------------------------------------------------------- /patches/ssl_namespace.h.patch: -------------------------------------------------------------------------------- 1 | --- ssl/hidden/ssl_namespace.h.orig Fri Aug 2 23:52:55 2024 2 | +++ ssl/hidden/ssl_namespace.h Fri Aug 2 23:53:17 2024 3 | @@ -23,6 +23,11 @@ 4 | * and we alias that to the normal name. 5 | */ 6 | 7 | +#ifdef _MSC_VER 8 | +#define LSSL_UNUSED(x) 9 | +#define LSSL_USED(x) 10 | +#define LSSL_ALIAS(x) 11 | +#else 12 | #ifdef LIBRESSL_NAMESPACE 13 | #define LSSL_UNUSED(x) typeof(x) x __attribute__((deprecated)) 14 | #define LSSL_USED(x) __attribute__((visibility("hidden"))) \ 15 | @@ -37,5 +42,6 @@ 16 | #define LSSL_USED(x) 17 | #define LSSL_ALIAS(x) asm("") 18 | #endif 19 | +#endif /* _MSC_VER */ 20 | 21 | #endif /* _LIBSSL_SSL_NAMESPACE_H_ */ 22 | -------------------------------------------------------------------------------- /patches/tls.h.patch: -------------------------------------------------------------------------------- 1 | --- include/tls.h.orig 2017-02-13 20:19:55.918636579 +0900 2 | +++ include/tls.h 2017-02-13 20:21:18.313073161 +0900 3 | @@ -22,6 +22,13 @@ 4 | extern "C" { 5 | #endif 6 | 7 | +#ifdef _MSC_VER 8 | +#ifndef LIBRESSL_INTERNAL 9 | +#include 10 | +typedef SSIZE_T ssize_t; 11 | +#endif 12 | +#endif 13 | + 14 | #include 15 | 16 | #include 17 | -------------------------------------------------------------------------------- /patches/tls_config.c.patch: -------------------------------------------------------------------------------- 1 | uid_t can be 64-bit 2 | 3 | --- tls/tls_config.c.orig 2024-11-02 21:19:47.090322191 +0100 4 | +++ tls/tls_config.c 2024-11-02 21:38:22.527071689 +0100 5 | @@ -742,8 +742,8 @@ 6 | 7 | if (sb.st_uid != getuid()) { 8 | tls_config_set_errorx(config, TLS_ERROR_UNKNOWN, 9 | - "session file has incorrect owner (uid %u != %u)", 10 | - sb.st_uid, getuid()); 11 | + "session file has incorrect owner (uid %llu != %llu)", 12 | + (unsigned long long)sb.st_uid, (unsigned long long)getuid()); 13 | return (-1); 14 | } 15 | mugo = sb.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO); 16 | -------------------------------------------------------------------------------- /patches/win32_amd64_bn_arch.h.patch: -------------------------------------------------------------------------------- 1 | We should consider a OPENSSL_NO_BN_ASM if we can't figure 2 | out how to fix BIGNUM on this OS 3 | 4 | --- crypto/bn/arch/amd64/bn_arch.h.orig Wed Mar 27 22:17:03 2024 5 | +++ crypto/bn/arch/amd64/bn_arch.h Wed Mar 27 22:17:31 2024 6 | @@ -20,8 +20,14 @@ 7 | #ifndef HEADER_BN_ARCH_H 8 | #define HEADER_BN_ARCH_H 9 | 10 | +#ifdef _WIN32 11 | #ifndef OPENSSL_NO_ASM 12 | +#define OPENSSL_NO_ASM 13 | +#endif 14 | +#else 15 | 16 | +#ifndef OPENSSL_NO_ASM 17 | + 18 | #define HAVE_BN_ADD 19 | #define HAVE_BN_ADD_WORDS 20 | 21 | @@ -104,6 +110,7 @@ bn_subw(BN_ULONG a, BN_ULONG b, BN_ULONG *out_borrow, 22 | } 23 | 24 | #endif /* __GNUC__ */ 25 | +#endif /* _WIN32 */ 26 | 27 | #endif 28 | #endif 29 | -------------------------------------------------------------------------------- /patches/windows_headers.patch: -------------------------------------------------------------------------------- 1 | --- include/openssl/dtls1.h.orig Wed Nov 1 13:15:36 2023 2 | +++ include/openssl/dtls1.h Wed Nov 1 13:15:54 2023 3 | @@ -60,7 +60,11 @@ 4 | #ifndef HEADER_DTLS1_H 5 | #define HEADER_DTLS1_H 6 | 7 | +#if defined(_WIN32) 8 | +#include 9 | +#else 10 | #include 11 | +#endif 12 | 13 | #include 14 | #include 15 | --- include/openssl/ossl_typ.h.orig Wed Nov 1 13:15:36 2023 16 | +++ include/openssl/ossl_typ.h Wed Nov 1 13:18:23 2023 17 | @@ -82,6 +82,21 @@ typedef struct asn1_object_st ASN1_OBJECT; 18 | typedef struct ASN1_ITEM_st ASN1_ITEM; 19 | typedef struct asn1_pctx_st ASN1_PCTX; 20 | 21 | +#if defined(_WIN32) && defined(__WINCRYPT_H__) 22 | +#if !defined(LIBRESSL_INTERNAL) && !defined(LIBRESSL_DISABLE_OVERRIDE_WINCRYPT_DEFINES_WARNING) 23 | +#ifdef _MSC_VER 24 | +#pragma message("Warning, overriding WinCrypt defines") 25 | +#else 26 | +#warning overriding WinCrypt defines 27 | +#endif 28 | +#endif 29 | +#undef X509_NAME 30 | +#undef X509_EXTENSIONS 31 | +#undef OCSP_REQUEST 32 | +#undef OCSP_RESPONSE 33 | +#undef PKCS7_ISSUER_AND_SERIAL 34 | +#endif 35 | + 36 | #ifdef BIGNUM 37 | #undef BIGNUM 38 | #endif 39 | --- include/openssl/pkcs7.h.orig Wed Nov 1 13:15:36 2023 40 | +++ include/openssl/pkcs7.h Wed Nov 1 13:17:58 2023 41 | @@ -69,6 +69,18 @@ 42 | extern "C" { 43 | #endif 44 | 45 | +#if defined(_WIN32) && defined(__WINCRYPT_H__) 46 | +#if !defined(LIBRESSL_INTERNAL) && !defined(LIBRESSL_DISABLE_OVERRIDE_WINCRYPT_DEFINES_WARNING) 47 | +#ifdef _MSC_VER 48 | +#pragma message("Warning, overriding WinCrypt defines") 49 | +#else 50 | +#warning overriding WinCrypt defines 51 | +#endif 52 | +#endif 53 | +#undef PKCS7_ISSUER_AND_SERIAL 54 | +#undef PKCS7_SIGNER_INFO 55 | +#endif 56 | + 57 | /* 58 | Encryption_ID DES-CBC 59 | Digest_ID MD5 60 | --- include/openssl/x509.h.orig Wed Nov 1 13:15:36 2023 61 | +++ include/openssl/x509.h Wed Nov 1 13:18:44 2023 62 | @@ -100,6 +100,18 @@ 63 | extern "C" { 64 | #endif 65 | 66 | +#if defined(_WIN32) && defined(__WINCRYPT_H__) 67 | +#if !defined(LIBRESSL_INTERNAL) && !defined(LIBRESSL_DISABLE_OVERRIDE_WINCRYPT_DEFINES_WARNING) 68 | +#ifdef _MSC_VER 69 | +#pragma message("Warning, overriding WinCrypt defines") 70 | +#else 71 | +#warning overriding WinCrypt defines 72 | +#endif 73 | +#endif 74 | +#undef X509_NAME 75 | +#undef X509_EXTENSIONS 76 | +#endif 77 | + 78 | #define X509_FILETYPE_PEM 1 79 | #define X509_FILETYPE_ASN1 2 80 | #define X509_FILETYPE_DEFAULT 3 81 | -------------------------------------------------------------------------------- /scripts/i686-w64-mingw32.cmake: -------------------------------------------------------------------------------- 1 | SET(CMAKE_SYSTEM_NAME Windows) 2 | SET(CMAKE_SYSTEM_PROCESSOR i386) 3 | SET(CMAKE_C_COMPILER i686-w64-mingw32-gcc) 4 | SET(CMAKE_CXX_COMPILER i686-w64-mingw32-g++) 5 | SET(CMAKE_RC_COMPILER i686-w64-mingw32-windres) 6 | set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) 7 | set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) 8 | set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) 9 | 10 | -------------------------------------------------------------------------------- /scripts/wrap-compiler-for-flag-check: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | # This file is in the public domain. 4 | # https://github.com/kmcallister/autoharden/blob/c5c7842f39c2f8d19836bb5427d6479db4436d62/LICENSE 5 | # 6 | # From kmcallister: 7 | # https://github.com/kmcallister/autoharden/blob/efaf5a16612589808c276a11536ea9a47071f74b/scripts/wrap-compiler-for-flag-check 8 | 9 | # Prior to clang v5.1, there was no way to make 10 | # clang's "argument unused" warning fatal. This 11 | # wrapper script that greps for this warning message. Newer clang's have no issues. 12 | # 13 | # Ideally the search string would also include 'clang: ' but this output might 14 | # depend on clang's argv[0]. 15 | # 16 | set -o errexit 17 | set -o nounset 18 | 19 | if out=`"$@" 2>&1`; then 20 | echo "$out" 21 | if echo "$out" | grep 'warning: argument unused' >/dev/null; then 22 | echo "$0: found clang warning" 23 | exit 1 24 | else 25 | exit 0 26 | fi 27 | else 28 | code=$? 29 | echo "$out" 30 | exit $code 31 | fi 32 | -------------------------------------------------------------------------------- /scripts/x86_64-w64-mingw32.cmake: -------------------------------------------------------------------------------- 1 | SET(CMAKE_SYSTEM_NAME Windows) 2 | SET(CMAKE_SYSTEM_PROCESSOR amd64) 3 | SET(CMAKE_C_COMPILER x86_64-w64-mingw32-gcc) 4 | SET(CMAKE_CXX_COMPILER x86_64-w64-mingw32-g++) 5 | SET(CMAKE_RC_COMPILER x86_64-w64-mingw32-windres) 6 | set(CMAKE_FIND_ROOT_PATH_MODE_PROGRAM NEVER) 7 | set(CMAKE_FIND_ROOT_PATH_MODE_LIBRARY ONLY) 8 | set(CMAKE_FIND_ROOT_PATH_MODE_INCLUDE ONLY) 9 | 10 | -------------------------------------------------------------------------------- /tests/aeadtest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2014 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | TEST=./aeadtest 19 | if [ -e ./aeadtest.exe ]; then 20 | TEST=./aeadtest.exe 21 | elif [ -e ./aeadtest.js ]; then 22 | TEST="node ./aeadtest.js" 23 | fi 24 | $TEST aead $srcdir/aeadtests.txt 25 | $TEST aes-128-gcm $srcdir/aes_128_gcm_tests.txt 26 | $TEST aes-192-gcm $srcdir/aes_192_gcm_tests.txt 27 | $TEST aes-256-gcm $srcdir/aes_256_gcm_tests.txt 28 | $TEST chacha20-poly1305 $srcdir/chacha20_poly1305_tests.txt 29 | $TEST xchacha20-poly1305 $srcdir/xchacha20_poly1305_tests.txt 30 | 31 | -------------------------------------------------------------------------------- /tests/arc4randomforktest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2014 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | ./arc4randomforktest 19 | ./arc4randomforktest -b 20 | ./arc4randomforktest -p 21 | ./arc4randomforktest -bp 22 | -------------------------------------------------------------------------------- /tests/asn1time_small.test: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | echo 1..1 3 | TEST=./asn1time 4 | if [ -e ./asn1time.exe ]; then 5 | TEST=./asn1time.exe 6 | fi 7 | 8 | # map test failure to XFAIL and success to XPASS 9 | $TEST || echo -n "not " 10 | echo "ok # this system is unable to represent times past 2038" 11 | -------------------------------------------------------------------------------- /tests/cmake/CMakeLists.txt: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2023 Pierre Wendling 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | cmake_minimum_required(VERSION 3.5) 17 | 18 | project(LibreSSL_Consumer LANGUAGES C) 19 | 20 | find_package( 21 | LibreSSL 22 | CONFIG 23 | REQUIRED 24 | COMPONENTS Crypto SSL TLS 25 | ) 26 | 27 | set(RESULTS_TO_CHECK 28 | "LIBRESSL_VERSION" 29 | "LIBRESSL_FOUND" 30 | "LIBRESSL_INCLUDE_DIR" 31 | "LIBRESSL_LIBRARIES" 32 | "LIBRESSL_CRYPTO_LIBRARY" 33 | "LIBRESSL_SSL_LIBRARY" 34 | "LIBRESSL_TLS_LIBRARY" 35 | ) 36 | 37 | foreach(RESULT_VAR IN LISTS RESULTS_TO_CHECK) 38 | if(${RESULT_VAR}) 39 | message(STATUS "${RESULT_VAR}: ${${RESULT_VAR}}") 40 | else() 41 | message(FATAL_ERROR "${RESULT_VAR} was not set by the package.") 42 | endif() 43 | endforeach() 44 | 45 | add_executable(crypto crypto.c) 46 | target_link_libraries(crypto PRIVATE LibreSSL::Crypto) 47 | 48 | add_executable(ssl ssl.c) 49 | target_link_libraries(ssl PRIVATE LibreSSL::SSL) 50 | 51 | add_executable(tls tls.c) 52 | target_link_libraries(tls PRIVATE LibreSSL::TLS) 53 | -------------------------------------------------------------------------------- /tests/cmake/crypto.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(void) { 4 | OPENSSL_init_crypto(0, NULL); 5 | OPENSSL_cleanup(); 6 | return 0; 7 | } 8 | -------------------------------------------------------------------------------- /tests/cmake/ssl.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(void) { 4 | SSL_library_init(); 5 | return 0; 6 | } 7 | -------------------------------------------------------------------------------- /tests/cmake/tls.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | int main(void) { 4 | tls_init(); 5 | return 0; 6 | } 7 | -------------------------------------------------------------------------------- /tests/dtlstest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2021 Kinichiro Inoguchi 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | 19 | dtlstest_bin=./dtlstest 20 | if [ -e ./dtlstest.exe ]; then 21 | dtlstest_bin=./dtlstest.exe 22 | fi 23 | 24 | if [ -z $srcdir ]; then 25 | srcdir=. 26 | fi 27 | 28 | $dtlstest_bin $srcdir/server1-rsa.pem $srcdir/server1-rsa.pem $srcdir/ca-int-rsa.pem 29 | -------------------------------------------------------------------------------- /tests/evptest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2014 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | TEST=./evptest 19 | if [ -e ./evptest.exe ]; then 20 | TEST=./evptest.exe 21 | fi 22 | $TEST $srcdir/evptests.txt 23 | -------------------------------------------------------------------------------- /tests/keypairtest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2018 Kinichiro Inoguchi 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | TEST=./keypairtest 19 | if [ -e ./keypairtest.exe ]; then 20 | TEST=./keypairtest.exe 21 | fi 22 | 23 | if [ -z $srcdir ]; then 24 | srcdir=. 25 | fi 26 | 27 | $TEST $srcdir/ca-root-rsa.pem $srcdir/server1-rsa.pem $srcdir/server1-rsa.pem 28 | -------------------------------------------------------------------------------- /tests/mlkem_tests.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2024 Theo Buehler 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | 19 | TEST=./mlkem_tests 20 | if [ -e ./mlkem_tests.exe ]; then 21 | TEST=./mlkem_tests.exe 22 | elif [ -e ./mlkem_tests.js ]; then 23 | TEST="node ./mlkem_tests.js" 24 | fi 25 | 26 | if [ -z $srcdir ]; then 27 | srcdir=. 28 | fi 29 | 30 | $TEST mlkem768_decap_tests $srcdir/mlkem768_decap_tests.txt 31 | $TEST mlkem768_encap_tests $srcdir/mlkem768_encap_tests.txt 32 | $TEST mlkem768_keygen_tests $srcdir/mlkem768_keygen_tests.txt 33 | $TEST mlkem768_nist_decap_tests $srcdir/mlkem768_nist_decap_tests.txt 34 | $TEST mlkem768_nist_keygen_tests $srcdir/mlkem768_nist_keygen_tests.txt 35 | $TEST mlkem1024_decap_tests $srcdir/mlkem1024_decap_tests.txt 36 | $TEST mlkem1024_encap_tests $srcdir/mlkem1024_encap_tests.txt 37 | $TEST mlkem1024_keygen_tests $srcdir/mlkem1024_keygen_tests.txt 38 | $TEST mlkem1024_nist_decap_tests $srcdir/mlkem1024_nist_decap_tests.txt 39 | $TEST mlkem1024_nist_keygen_tests $srcdir/mlkem1024_nist_keygen_tests.txt 40 | -------------------------------------------------------------------------------- /tests/ocsptest.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion 3 | 4 | :: Copyright (c) 2016 Kinichiro Inoguchi 5 | :: 6 | :: Permission to use, copy, modify, and distribute this software for any 7 | :: purpose with or without fee is hereby granted, provided that the above 8 | :: copyright notice and this permission notice appear in all copies. 9 | :: 10 | :: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | :: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | :: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | :: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | :: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | :: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | :: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | 18 | set ocsp_test_bin=%1 19 | set ocsp_test_bin=%ocsp_test_bin:/=\% 20 | if not exist %ocsp_test_bin% exit /b 1 21 | 22 | %ocsp_test_bin% www.amazon.com 443 & if !errorlevel! neq 0 exit /b 1 23 | %ocsp_test_bin% cloudflare.com 443 & if !errorlevel! neq 0 exit /b 1 24 | 25 | endlocal 26 | -------------------------------------------------------------------------------- /tests/ocsptest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2016 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | TEST=./ocsp_test 19 | if [ -e ./ocsp_test.exe ]; then 20 | TEST=./ocsp_test.exe 21 | fi 22 | $TEST www.amazon.com 443 23 | $TEST cloudflare.com 443 24 | -------------------------------------------------------------------------------- /tests/openssl.cnf: -------------------------------------------------------------------------------- 1 | # $OpenBSD: openssl.cnf,v 1.1 2014/08/26 17:50:07 jsing Exp $ 2 | 3 | # 4 | # SSLeay example configuration file. 5 | # This is mostly being used for generation of certificate requests. 6 | # 7 | # hacked by iang to do DSA certs - Server 8 | 9 | RANDFILE = ./.rnd 10 | 11 | #################################################################### 12 | [ req ] 13 | distinguished_name = req_distinguished_name 14 | encrypt_rsa_key = no 15 | 16 | [ req_distinguished_name ] 17 | countryName = Country Name (2 letter code) 18 | countryName_default = CA 19 | countryName_value = CA 20 | 21 | organizationName = Organization Name (eg, company) 22 | organizationName_value = Shake it Vera 23 | 24 | 0.commonName = Common Name (eg, YOUR name) 25 | 0.commonName_value = Wastelandus 26 | 27 | 1.commonName = Common Name (eg, YOUR name) 28 | 1.commonName_value = Maximus 29 | 30 | -------------------------------------------------------------------------------- /tests/pidwraptest.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Checks if LibreSSL's PRNG is fork-safe. 3 | * From https://www.agwa.name/blog/post/libressls_prng_is_unsafe_on_linux 4 | * This code is in the public domain. 5 | * 6 | * Original source: https://gist.github.com/AGWA/eb84e55ca25a7da1deb0 7 | */ 8 | 9 | #undef LIBRESSL_INTERNAL 10 | #include 11 | #include 12 | #include 13 | #include 14 | #include 15 | 16 | static void random_bytes (unsigned char* p, size_t len) 17 | { 18 | if (RAND_bytes(p, len) != 1) { 19 | fprintf(stderr, "RAND_bytes failed\n"); 20 | abort(); 21 | } 22 | } 23 | 24 | static void random_stir (void) 25 | { 26 | if (RAND_poll() != 1) { 27 | fprintf(stderr, "RAND_poll failed\n"); 28 | abort(); 29 | } 30 | } 31 | 32 | static void print_buffer (unsigned char* p, size_t len) 33 | { 34 | while (len--) { 35 | printf("%02x", (unsigned int)*p++); 36 | } 37 | } 38 | 39 | int main () 40 | { 41 | char c = 0; 42 | int pipefd[2]; 43 | pipe(pipefd); 44 | setbuf(stdout, NULL); 45 | 46 | if (fork() == 0) { 47 | unsigned char buffer[32]; 48 | pid_t grandparent_pid = getpid(); 49 | 50 | random_bytes(buffer, sizeof(buffer)); 51 | 52 | if (fork() == 0) { 53 | random_stir(); 54 | setsid(); 55 | while (1) { 56 | pid_t grandchild_pid = fork(); 57 | if (grandchild_pid == 0) { 58 | random_stir(); 59 | if (getpid() == grandparent_pid) { 60 | random_bytes(buffer, sizeof(buffer)); 61 | print_buffer(buffer, sizeof(buffer)); 62 | printf("\n"); 63 | } 64 | _exit(0); 65 | } 66 | wait(NULL); 67 | if (grandchild_pid == grandparent_pid) { 68 | break; 69 | } 70 | } 71 | write(pipefd[1], &c, 1); 72 | _exit(0); 73 | } 74 | 75 | random_bytes(buffer, sizeof(buffer)); 76 | print_buffer(buffer, sizeof(buffer)); 77 | printf(" "); 78 | _exit(0); 79 | } 80 | wait(NULL); 81 | close(pipefd[1]); 82 | read(pipefd[0], &c, 1); 83 | return 0; 84 | } 85 | 86 | -------------------------------------------------------------------------------- /tests/pidwraptest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2014 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | ./pidwraptest > pidwraptest.txt 18 | while read a b; 19 | do 20 | if [ "$a" = "$b" ]; then 21 | echo "FAIL: $a = $b" 22 | return 2 23 | else 24 | echo "PASS: $a != $b" 25 | fi 26 | done < pidwraptest.txt 27 | -------------------------------------------------------------------------------- /tests/quictest.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion 3 | 4 | :: Copyright (c) 2022 Brent Cook 5 | :: 6 | :: Permission to use, copy, modify, and distribute this software for any 7 | :: purpose with or without fee is hereby granted, provided that the above 8 | :: copyright notice and this permission notice appear in all copies. 9 | :: 10 | :: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | :: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | :: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | :: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | :: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | :: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | :: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | 18 | set quictest_bin=%1 19 | set quictest_bin=%quictest_bin:/=\% 20 | if not exist %quictest_bin% exit /b 1 21 | 22 | %quictest_bin% %srcdir%\server1-rsa.pem %srcdir%\server1-rsa-chain.pem %srcdir%\ca-root-rsa.pem 23 | if !errorlevel! neq 0 ( 24 | exit /b 1 25 | ) 26 | 27 | endlocal 28 | -------------------------------------------------------------------------------- /tests/quictest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2022 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | 19 | quictest_bin=./quictest 20 | if [ -e ./quictest.exe ]; then 21 | quictest_bin=./quictest.exe 22 | elif [ -e ./quictest.js ]; then 23 | quictest_bin="node ./quictest.js" 24 | fi 25 | 26 | if [ -z $srcdir ]; then 27 | srcdir=. 28 | fi 29 | 30 | $quictest_bin $srcdir/server1-rsa.pem $srcdir/server1-rsa-chain.pem $srcdir/ca-root-rsa.pem 31 | -------------------------------------------------------------------------------- /tests/renegotiation_test.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion 3 | 4 | :: Copyright (c) 2025 Theo Beuhler 5 | :: 6 | :: Permission to use, copy, modify, and distribute this software for any 7 | :: purpose with or without fee is hereby granted, provided that the above 8 | :: copyright notice and this permission notice appear in all copies. 9 | :: 10 | :: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | :: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | :: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | :: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | :: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | :: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | :: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | 18 | set renegotiation_test_bin=%1 19 | set renegotiation_test_bin=%renegotiation_test_bin:/=\% 20 | if not exist %renegotiation_test_bin% exit /b 1 21 | 22 | %renegotiation_test_bin% %srcdir%\server1-rsa.pem %srcdir%\server1-rsa-chain.pem %srcdir%\ca-root-rsa.pem 23 | if !errorlevel! neq 0 ( 24 | exit /b 1 25 | ) 26 | 27 | endlocal 28 | -------------------------------------------------------------------------------- /tests/renegotiation_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2025 Theo Buehler 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | 19 | renegotiation_test_bin=./renegotiation_test 20 | if [ -e ./renegotiation_test.exe ]; then 21 | renegotiation_test_bin=./renegotiation_test.exe 22 | elif [ -e ./renegotiation_test.js ]; then 23 | renegotiation_test_bin="node ./renegotiation_test.js" 24 | fi 25 | 26 | if [ -z $srcdir ]; then 27 | srcdir=. 28 | fi 29 | 30 | $renegotiation_test_bin $srcdir/server1-rsa.pem $srcdir/server1-rsa-chain.pem $srcdir/ca-root-rsa.pem 31 | -------------------------------------------------------------------------------- /tests/rfc5280time_small.test: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | echo 1..1 3 | TEST=./rfc5280 4 | if [ -e ./rfc5280.exe ]; then 5 | TEST=./rfc5280.exe 6 | fi 7 | 8 | # map test failure to XFAIL and success to XPASS 9 | $TEST || echo -n "not " 10 | echo "ok # this system is unable to represent times past 2038" 11 | -------------------------------------------------------------------------------- /tests/servertest.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion 3 | 4 | :: Copyright (c) 2017 Kinichiro Inoguchi 5 | :: 6 | :: Permission to use, copy, modify, and distribute this software for any 7 | :: purpose with or without fee is hereby granted, provided that the above 8 | :: copyright notice and this permission notice appear in all copies. 9 | :: 10 | :: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | :: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | :: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | :: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | :: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | :: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | :: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | 18 | set servertest_bin=%1 19 | set servertest_bin=%servertest_bin:/=\% 20 | if not exist %servertest_bin% exit /b 1 21 | 22 | %servertest_bin% %srcdir%\server1-rsa.pem %srcdir%\server1-rsa-chain.pem %srcdir%\ca-root.pem 23 | if !errorlevel! neq 0 ( 24 | exit /b 1 25 | ) 26 | 27 | endlocal 28 | -------------------------------------------------------------------------------- /tests/servertest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2017 Kinichiro Inoguchi 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | 19 | servertest_bin=./servertest 20 | if [ -e ./servertest.exe ]; then 21 | servertest_bin=./servertest.exe 22 | elif [ -e ./servertest.js ]; then 23 | servertest_bin="node ./servertest.js" 24 | fi 25 | 26 | if [ -z $srcdir ]; then 27 | srcdir=. 28 | fi 29 | 30 | $servertest_bin $srcdir/server1-rsa.pem $srcdir/server1-rsa-chain.pem $srcdir/ca-root-rsa.pem 31 | -------------------------------------------------------------------------------- /tests/shutdowntest.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion 3 | 4 | :: Copyright (c) 2024 Theo Beuhler 5 | :: 6 | :: Permission to use, copy, modify, and distribute this software for any 7 | :: purpose with or without fee is hereby granted, provided that the above 8 | :: copyright notice and this permission notice appear in all copies. 9 | :: 10 | :: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | :: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | :: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | :: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | :: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | :: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | :: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | 18 | set shutdowntest_bin=%1 19 | set shutdowntest_bin=%shutdowntest_bin:/=\% 20 | if not exist %shutdowntest_bin% exit /b 1 21 | 22 | %shutdowntest_bin% %srcdir%\server1-rsa.pem %srcdir%\server1-rsa-chain.pem %srcdir%\ca-root-rsa.pem 23 | if !errorlevel! neq 0 ( 24 | exit /b 1 25 | ) 26 | 27 | endlocal 28 | -------------------------------------------------------------------------------- /tests/shutdowntest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2024 Theo Buehler 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | 19 | shutdowntest_bin=./shutdowntest 20 | if [ -e ./shutdowntest.exe ]; then 21 | shutdowntest_bin=./shutdowntest.exe 22 | elif [ -e ./shutdowntest.js ]; then 23 | shutdowntest_bin="node ./shutdowntest.js" 24 | fi 25 | 26 | if [ -z $srcdir ]; then 27 | srcdir=. 28 | fi 29 | 30 | $shutdowntest_bin $srcdir/server1-rsa.pem $srcdir/server1-rsa-chain.pem $srcdir/ca-root-rsa.pem 31 | -------------------------------------------------------------------------------- /tests/ssltest.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion 3 | 4 | :: Copyright (c) 2016 Kinichiro Inoguchi 5 | :: 6 | :: Permission to use, copy, modify, and distribute this software for any 7 | :: purpose with or without fee is hereby granted, provided that the above 8 | :: copyright notice and this permission notice appear in all copies. 9 | :: 10 | :: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | :: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | :: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | :: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | :: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | :: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | :: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | 18 | set ssltest_bin=%1 19 | set ssltest_bin=%ssltest_bin:/=\% 20 | if not exist %ssltest_bin% exit /b 1 21 | 22 | set openssl_bin=%2 23 | set openssl_bin=%openssl_bin:/=\% 24 | if not exist %openssl_bin% exit /b 1 25 | 26 | %srcdir%\testssl.bat %srcdir%\server1-rsa.pem %srcdir%\server1-rsa-chain.pem ^ 27 | %srcdir%\ca-root-rsa.pem %ssltest_bin% %openssl_bin% 28 | if !errorlevel! neq 0 ( 29 | exit /b 1 30 | ) 31 | 32 | endlocal 33 | -------------------------------------------------------------------------------- /tests/ssltest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2014 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | 19 | ssltest_bin=./ssltest 20 | if [ -e ./ssltest.exe ]; then 21 | ssltest_bin=./ssltest.exe 22 | elif [ -e ./ssltest.js ]; then 23 | ssltest_bin="node ./ssltest.js" 24 | fi 25 | 26 | if [ -d ../apps/openssl ]; then 27 | openssl_bin=../apps/openssl/openssl 28 | if [ -e ../apps/openssl/openssl.exe ]; then 29 | openssl_bin=../apps/openssl/openssl.exe 30 | elif [ -e ../apps/openssl/openssl.js ]; then 31 | openssl_bin="node ../apps/openssl/openssl.js" 32 | fi 33 | else 34 | openssl_bin=../apps/openssl 35 | if [ -e ../apps/openssl.exe ]; then 36 | openssl_bin=../apps/openssl.exe 37 | elif [ -e ../apps/openssl.js ]; then 38 | openssl_bin="node ../apps/openssl.js" 39 | fi 40 | fi 41 | 42 | if [ -z $srcdir ]; then 43 | srcdir=. 44 | fi 45 | 46 | $srcdir/testssl $srcdir/server1-rsa.pem $srcdir/server1-rsa-chain.pem \ 47 | $srcdir/ca-root-rsa.pem \ 48 | "$ssltest_bin" "$openssl_bin" 49 | -------------------------------------------------------------------------------- /tests/testdsa.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion 3 | 4 | :: Copyright (c) 2016 Kinichiro Inoguchi 5 | :: 6 | :: Permission to use, copy, modify, and distribute this software for any 7 | :: purpose with or without fee is hereby granted, provided that the above 8 | :: copyright notice and this permission notice appear in all copies. 9 | :: 10 | :: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | :: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | :: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | :: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | :: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | :: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | :: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | 18 | :: Test DSA certificate generation of openssl 19 | 20 | set openssl_bin=%1 21 | set openssl_bin=%openssl_bin:/=\% 22 | if not exist %openssl_bin% exit /b 1 23 | 24 | REM # Generate DSA paramter set 25 | %openssl_bin% dsaparam 512 -out dsa512.pem 26 | if !errorlevel! neq 0 ( 27 | exit /b 1 28 | ) 29 | 30 | 31 | REM # Generate a DSA certificate 32 | %openssl_bin% req -config %srcdir%\openssl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key 33 | if !errorlevel! neq 0 ( 34 | exit /b 1 35 | ) 36 | 37 | 38 | REM # Now check the certificate 39 | %openssl_bin% x509 -text -in testdsa.pem 40 | if !errorlevel! neq 0 ( 41 | exit /b 1 42 | ) 43 | 44 | del testdsa.key dsa512.pem testdsa.pem 45 | 46 | exit /b 0 47 | endlocal 48 | -------------------------------------------------------------------------------- /tests/testdsa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2015 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | #Test DSA certificate generation of openssl 18 | 19 | if [ -d ../apps/openssl ]; then 20 | cmd=../apps/openssl/openssl 21 | if [ -e ../apps/openssl/openssl.exe ]; then 22 | cmd=../apps/openssl/openssl.exe 23 | fi 24 | else 25 | cmd=../apps/openssl 26 | if [ -e ../apps/openssl.exe ]; then 27 | cmd=../apps/openssl.exe 28 | fi 29 | fi 30 | 31 | if [ -z $srcdir ]; then 32 | srcdir=. 33 | fi 34 | 35 | # Generate DSA paramter set 36 | $cmd dsaparam 512 -out dsa512.pem 37 | if [ $? != 0 ]; then 38 | exit 1; 39 | fi 40 | 41 | 42 | # Denerate a DSA certificate 43 | $cmd req -config $srcdir/openssl.cnf -x509 -newkey dsa:dsa512.pem -out testdsa.pem -keyout testdsa.key 44 | if [ $? != 0 ]; then 45 | exit 1; 46 | fi 47 | 48 | 49 | # Now check the certificate 50 | $cmd x509 -text -in testdsa.pem 51 | if [ $? != 0 ]; then 52 | exit 1; 53 | fi 54 | 55 | rm testdsa.key dsa512.pem testdsa.pem 56 | 57 | exit 0 58 | -------------------------------------------------------------------------------- /tests/testenc.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion 3 | 4 | :: Copyright (c) 2016 Kinichiro Inoguchi 5 | :: 6 | :: Permission to use, copy, modify, and distribute this software for any 7 | :: purpose with or without fee is hereby granted, provided that the above 8 | :: copyright notice and this permission notice appear in all copies. 9 | :: 10 | :: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | :: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | :: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | :: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | :: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | :: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | :: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | 18 | set test=P 19 | 20 | set openssl_bin=%1 21 | set openssl_bin=%openssl_bin:/=\% 22 | if not exist %openssl_bin% exit /b 1 23 | 24 | echo copy %srcdir%\openssl.cnf %test% 25 | copy %srcdir%\openssl.cnf %test% 26 | 27 | echo cat 28 | echo %openssl_bin% enc -in %test% -out %test%.CIPHER 29 | %openssl_bin% enc -in %test% -out %test%.CIPHER 30 | %openssl_bin% enc -in %test%.CIPHER -out %test%.CLEAR 31 | fc /b %test% %test%.CLEAR 32 | if !errorlevel! neq 0 ( 33 | exit /b 1 34 | ) else ( 35 | del %test%.CIPHER %test%.CLEAR 36 | ) 37 | 38 | echo base64 39 | %openssl_bin% enc -a -e -in %test% -out %test%.CIPHER 40 | %openssl_bin% enc -a -d -in %test%.CIPHER -out %test%.CLEAR 41 | dir 42 | fc /b %test% %test%.CLEAR 43 | if !errorlevel! neq 0 ( 44 | exit /b 1 45 | ) else ( 46 | del %test%.CIPHER %test%.CLEAR 47 | ) 48 | 49 | for %%i in ( 50 | aes-128-cbc aes-128-cfb aes-128-cfb1 aes-128-cfb8 51 | aes-128-ecb aes-128-ofb aes-192-cbc aes-192-cfb 52 | aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb 53 | aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8 54 | aes-256-ecb aes-256-ofb 55 | bf-cbc bf-cfb bf-ecb bf-ofb 56 | cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb 57 | des-cbc des-cfb des-cfb8 des-ecb des-ede 58 | des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 59 | des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb desx-cbc 60 | rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb 61 | rc4 rc4-40 62 | ) do ( 63 | echo %%i 64 | %openssl_bin% %%i -e -k test -in %test% -out %test%.%%i.CIPHER 65 | %openssl_bin% %%i -d -k test -in %test%.%%i.CIPHER -out %test%.%%i.CLEAR 66 | fc /b %test% %test%.%%i.CLEAR 67 | if !errorlevel! neq 0 ( 68 | exit /b 1 69 | ) else ( 70 | del %test%.%%i.CIPHER %test%.%%i.CLEAR 71 | ) 72 | 73 | echo %%i base64 74 | %openssl_bin% %%i -a -e -k test -in %test% -out %test%.%%i.CIPHER 75 | %openssl_bin% %%i -a -d -k test -in %test%.%%i.CIPHER -out %test%.%%i.CLEAR 76 | fc /b %test% %test%.%%i.CLEAR 77 | if !errorlevel! neq 0 ( 78 | exit /b 1 79 | ) else ( 80 | del %test%.%%i.CIPHER %test%.%%i.CLEAR 81 | ) 82 | ) 83 | 84 | del %test% 85 | endlocal 86 | -------------------------------------------------------------------------------- /tests/testenc.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2015 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | test=p 18 | if [ -d ../apps/openssl ]; then 19 | cmd=../apps/openssl/openssl 20 | if [ -e ../apps/openssl/openssl.exe ]; then 21 | cmd=../apps/openssl/openssl.exe 22 | fi 23 | else 24 | cmd=../apps/openssl 25 | if [ -e ../apps/openssl.exe ]; then 26 | cmd=../apps/openssl.exe 27 | fi 28 | fi 29 | 30 | if [ -z $srcdir ]; then 31 | srcdir=. 32 | fi 33 | 34 | cat $srcdir/openssl.cnf >$test; 35 | 36 | echo cat 37 | $cmd enc < $test > $test.cipher 38 | $cmd enc < $test.cipher >$test.clear 39 | cmp $test $test.clear 40 | if [ $? != 0 ] 41 | then 42 | exit 1 43 | else 44 | /bin/rm $test.cipher $test.clear 45 | fi 46 | echo base64 47 | $cmd enc -a -e < $test > $test.cipher 48 | $cmd enc -a -d < $test.cipher >$test.clear 49 | cmp $test $test.clear 50 | if [ $? != 0 ] 51 | then 52 | exit 1 53 | else 54 | /bin/rm $test.cipher $test.clear 55 | fi 56 | 57 | for i in \ 58 | aes-128-cbc aes-128-cfb aes-128-cfb1 aes-128-cfb8 \ 59 | aes-128-ecb aes-128-ofb aes-192-cbc aes-192-cfb \ 60 | aes-192-cfb1 aes-192-cfb8 aes-192-ecb aes-192-ofb \ 61 | aes-256-cbc aes-256-cfb aes-256-cfb1 aes-256-cfb8 \ 62 | aes-256-ecb aes-256-ofb \ 63 | bf-cbc bf-cfb bf-ecb bf-ofb \ 64 | cast-cbc cast5-cbc cast5-cfb cast5-ecb cast5-ofb \ 65 | des-cbc des-cfb des-cfb8 des-ecb des-ede \ 66 | des-ede-cbc des-ede-cfb des-ede-ofb des-ede3 \ 67 | des-ede3-cbc des-ede3-cfb des-ede3-ofb des-ofb desx-cbc \ 68 | rc2-40-cbc rc2-64-cbc rc2-cbc rc2-cfb rc2-ecb rc2-ofb \ 69 | rc4 rc4-40 70 | do 71 | echo $i 72 | $cmd $i -e -k test < $test > $test.$i.cipher 73 | $cmd $i -d -k test < $test.$i.cipher >$test.$i.clear 74 | cmp $test $test.$i.clear 75 | if [ $? != 0 ] 76 | then 77 | exit 1 78 | else 79 | /bin/rm $test.$i.cipher $test.$i.clear 80 | fi 81 | 82 | echo $i base64 83 | $cmd $i -a -e -k test < $test > $test.$i.cipher 84 | $cmd $i -a -d -k test < $test.$i.cipher >$test.$i.clear 85 | cmp $test $test.$i.clear 86 | if [ $? != 0 ] 87 | then 88 | exit 1 89 | else 90 | /bin/rm $test.$i.cipher $test.$i.clear 91 | fi 92 | done 93 | rm -f $test 94 | -------------------------------------------------------------------------------- /tests/testrsa.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion 3 | 4 | :: Copyright (c) 2016 Kinichiro Inoguchi 5 | :: 6 | :: Permission to use, copy, modify, and distribute this software for any 7 | :: purpose with or without fee is hereby granted, provided that the above 8 | :: copyright notice and this permission notice appear in all copies. 9 | :: 10 | :: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | :: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | :: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | :: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | :: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | :: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | :: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | 18 | :: Test RSA certificate generation of openssl 19 | 20 | set openssl_bin=%1 21 | set openssl_bin=%openssl_bin:/=\% 22 | if not exist %openssl_bin% exit /b 1 23 | 24 | REM # Generate RSA private key 25 | %openssl_bin% genrsa -out rsakey.pem 26 | if !errorlevel! neq 0 ( 27 | exit /b 1 28 | ) 29 | 30 | 31 | REM # Generate an RSA certificate 32 | %openssl_bin% req -config %srcdir%\openssl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem 33 | if !errorlevel! neq 0 ( 34 | exit /b 1 35 | ) 36 | 37 | 38 | REM # Now check the certificate 39 | %openssl_bin% x509 -text -in rsacert.pem 40 | if !errorlevel! neq 0 ( 41 | exit /b 1 42 | ) 43 | 44 | del rsacert.pem rsakey.pem 45 | 46 | exit /b 0 47 | endlocal 48 | -------------------------------------------------------------------------------- /tests/testrsa.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2015 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | #Test RSA certificate generation of openssl 18 | 19 | if [ -d ../apps/openssl ]; then 20 | cmd=../apps/openssl/openssl 21 | if [ -e ../apps/openssl/openssl.exe ]; then 22 | cmd=../apps/openssl/openssl.exe 23 | fi 24 | else 25 | cmd=../apps/openssl 26 | if [ -e ../apps/openssl.exe ]; then 27 | cmd=../apps/openssl.exe 28 | fi 29 | fi 30 | 31 | if [ -z $srcdir ]; then 32 | srcdir=. 33 | fi 34 | 35 | # Generate RSA private key 36 | $cmd genrsa -out rsakey.pem 37 | if [ $? != 0 ]; then 38 | exit 1; 39 | fi 40 | 41 | 42 | # Generate an RSA certificate 43 | $cmd req -config $srcdir/openssl.cnf -key rsakey.pem -new -x509 -days 365 -out rsacert.pem 44 | if [ $? != 0 ]; then 45 | exit 1; 46 | fi 47 | 48 | 49 | # Now check the certificate 50 | $cmd x509 -text -in rsacert.pem 51 | if [ $? != 0 ]; then 52 | exit 1; 53 | fi 54 | 55 | rm -f rsacert.pem rsakey.pem 56 | 57 | exit 0 58 | -------------------------------------------------------------------------------- /tests/tlstest.bat: -------------------------------------------------------------------------------- 1 | @echo off 2 | setlocal enabledelayedexpansion 3 | 4 | :: Copyright (c) 2017 Brent Cook 5 | :: 6 | :: Permission to use, copy, modify, and distribute this software for any 7 | :: purpose with or without fee is hereby granted, provided that the above 8 | :: copyright notice and this permission notice appear in all copies. 9 | :: 10 | :: THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 11 | :: WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 12 | :: MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 13 | :: ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 14 | :: WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 15 | :: ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 16 | :: OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 17 | 18 | set tlstest_bin=%1 19 | set tlstest_bin=%tlstest_bin:/=\% 20 | if not exist %tlstest_bin% exit /b 1 21 | 22 | %tlstest_bin% %srcdir%\ca-root-rsa.pem %srcdir%\server1-rsa-chain.pem %srcdir%\server1-rsa.pem 23 | if !errorlevel! neq 0 ( 24 | exit /b 1 25 | ) 26 | 27 | endlocal 28 | -------------------------------------------------------------------------------- /tests/tlstest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | # 3 | # Copyright (c) 2015 Brent Cook 4 | # 5 | # Permission to use, copy, modify, and distribute this software for any 6 | # purpose with or without fee is hereby granted, provided that the above 7 | # copyright notice and this permission notice appear in all copies. 8 | # 9 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16 | 17 | set -e 18 | 19 | tlstest_bin=./tlstest 20 | if [ -e ./tlstest.exe ]; then 21 | tlstest_bin=./tlstest.exe 22 | fi 23 | 24 | if [ -z $srcdir ]; then 25 | srcdir=. 26 | fi 27 | 28 | $tlstest_bin $srcdir/ca-root-rsa.pem $srcdir/server1-rsa-chain.pem $srcdir/server1-rsa.pem 29 | -------------------------------------------------------------------------------- /tls/Makefile.am: -------------------------------------------------------------------------------- 1 | # 2 | # Copyright (c) 2014 Brent Cook 3 | # 4 | # Permission to use, copy, modify, and distribute this software for any 5 | # purpose with or without fee is hereby granted, provided that the above 6 | # copyright notice and this permission notice appear in all copies. 7 | # 8 | # THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 9 | # WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 10 | # MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 11 | # ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 12 | # WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 13 | # ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 14 | # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15 | 16 | include $(top_srcdir)/Makefile.am.common 17 | 18 | -include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk 19 | -include $(abs_top_builddir)/ssl/libssl_la_objects.mk 20 | 21 | lib_LTLIBRARIES = libtls.la 22 | 23 | EXTRA_DIST = VERSION 24 | EXTRA_DIST += CMakeLists.txt 25 | EXTRA_DIST += tls.sym 26 | EXTRA_DIST += empty.c 27 | 28 | CLEANFILES = libtls_la_objects.mk 29 | 30 | EXTRA_libtls_la_DEPENDENCIES = libtls_la_objects.mk 31 | 32 | libtls_la_objects.mk: Makefile 33 | @echo "libtls_la_objects= $(libtls_la_OBJECTS)" \ 34 | | sed -e 's/ *$$//' -e 's/ */ $$\(top_builddir\)\/tls\//g' \ 35 | > libtls_la_objects.mk 36 | 37 | libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym 38 | 39 | if ENABLE_LIBTLS_ONLY 40 | libtls_la_LIBADD = $(libcrypto_la_objects) 41 | libtls_la_LIBADD += $(libssl_la_objects) 42 | else 43 | libtls_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la 44 | libtls_la_LIBADD += $(abs_top_builddir)/ssl/libssl.la 45 | endif 46 | 47 | libtls_la_LIBADD += $(libcompat_la_objects) 48 | libtls_la_LIBADD += $(libcompatnoopt_la_objects) 49 | libtls_la_LIBADD += $(PLATFORM_LDADD) 50 | 51 | libtls_la_CPPFLAGS = $(AM_CPPFLAGS) 52 | if OPENSSLDIR_DEFINED 53 | libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\" 54 | else 55 | libtls_la_CPPFLAGS += -DTLS_DEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\" 56 | endif 57 | 58 | libtls_la_SOURCES = tls.c 59 | libtls_la_SOURCES += tls_client.c 60 | libtls_la_SOURCES += tls_bio_cb.c 61 | libtls_la_SOURCES += tls_config.c 62 | libtls_la_SOURCES += tls_conninfo.c 63 | libtls_la_SOURCES += tls_keypair.c 64 | libtls_la_SOURCES += tls_server.c 65 | libtls_la_SOURCES += tls_signer.c 66 | libtls_la_SOURCES += tls_ocsp.c 67 | libtls_la_SOURCES += tls_peer.c 68 | libtls_la_SOURCES += tls_util.c 69 | libtls_la_SOURCES += tls_verify.c 70 | noinst_HEADERS = tls_internal.h 71 | 72 | if HOST_WIN 73 | libtls_la_SOURCES += compat/ftruncate.c 74 | libtls_la_SOURCES += compat/pread.c 75 | libtls_la_SOURCES += compat/pwrite.c 76 | endif 77 | -------------------------------------------------------------------------------- /tls/compat/ftruncate.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * 4 | * Kinichiro Inoguchi 5 | */ 6 | 7 | #ifdef _WIN32 8 | 9 | #include 10 | 11 | int 12 | ftruncate(int fd, off_t length) 13 | { 14 | return _chsize(fd, length); 15 | } 16 | 17 | #endif 18 | -------------------------------------------------------------------------------- /tls/compat/pread.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * 4 | * Kinichiro Inoguchi 5 | */ 6 | 7 | #ifdef _WIN32 8 | 9 | #define NO_REDEF_POSIX_FUNCTIONS 10 | 11 | #include 12 | 13 | ssize_t 14 | pread(int d, void *buf, size_t nbytes, off_t offset) 15 | { 16 | off_t cpos, opos, rpos; 17 | ssize_t bytes; 18 | if((cpos = lseek(d, 0, SEEK_CUR)) == -1) 19 | return -1; 20 | if((opos = lseek(d, offset, SEEK_SET)) == -1) 21 | return -1; 22 | if((bytes = read(d, buf, nbytes)) == -1) 23 | return -1; 24 | if((rpos = lseek(d, cpos, SEEK_SET)) == -1) 25 | return -1; 26 | return bytes; 27 | } 28 | 29 | #endif 30 | -------------------------------------------------------------------------------- /tls/compat/pwrite.c: -------------------------------------------------------------------------------- 1 | /* 2 | * Public domain 3 | * 4 | * Kinichiro Inoguchi 5 | */ 6 | 7 | #ifdef _WIN32 8 | 9 | #define NO_REDEF_POSIX_FUNCTIONS 10 | 11 | #include 12 | 13 | ssize_t 14 | pwrite(int d, const void *buf, size_t nbytes, off_t offset) 15 | { 16 | off_t cpos, opos, rpos; 17 | ssize_t bytes; 18 | if((cpos = lseek(d, 0, SEEK_CUR)) == -1) 19 | return -1; 20 | if((opos = lseek(d, offset, SEEK_SET)) == -1) 21 | return -1; 22 | if((bytes = write(d, buf, nbytes)) == -1) 23 | return -1; 24 | if((rpos = lseek(d, cpos, SEEK_SET)) == -1) 25 | return -1; 26 | return bytes; 27 | } 28 | 29 | #endif 30 | --------------------------------------------------------------------------------