about summary refs log tree commit diff
diff options
context:
space:
mode:
authorC. McEnroe <june@causal.agency>2020-10-22 03:03:56 -0400
committerC. McEnroe <june@causal.agency>2020-10-22 03:03:56 -0400
commit0e138b6a3d3fb41c5915ddf1b327fc6f28e074a6 (patch)
tree2133edef0cf2bd07c19192ded29d6ffaff21f85d
parentImport LibreSSL 3.2.1 (diff)
Import LibreSSL 3.2.2
-rw-r--r--Makefile.am9
-rw-r--r--VERSION2
-rw-r--r--configure.ac17
-rw-r--r--include/Makefile.am3
-rwxr-xr-x[-rw-r--r--]include/compat/pthread.h31
-rw-r--r--libtls.pc.in3
-rw-r--r--man/Makefile.am40
7 files changed, 80 insertions, 25 deletions
diff --git a/Makefile.am b/Makefile.am
index 942abf9..4cea3a2 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,5 +1,8 @@
 include $(top_srcdir)/Makefile.am.common
 
+-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk
+-include $(abs_top_builddir)/ssl/libssl_la_objects.mk
+
 lib_LTLIBRARIES = libtls.la
 
 EXTRA_DIST = VERSION
@@ -7,8 +10,10 @@ EXTRA_DIST += CMakeLists.txt
 EXTRA_DIST += tls.sym
 
 libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym
-libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la
-libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la
+libtls_la_LIBADD = $(libcrypto_la_objects)
+libtls_la_LIBADD += $(libcompat_la_objects)
+libtls_la_LIBADD += $(libcompatnoopt_la_objects)
+libtls_la_LIBADD += $(libssl_la_objects)
 libtls_la_LIBADD += $(PLATFORM_LDADD)
 
 libtls_la_CPPFLAGS = $(AM_CPPFLAGS)
diff --git a/VERSION b/VERSION
index 667b8b1..19ef286 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-3.2.1
+3.2.2
 
diff --git a/configure.ac b/configure.ac
index 888ca19..3aca617 100644
--- a/configure.ac
+++ b/configure.ac
@@ -29,8 +29,7 @@ USER_CFLAGS="$CFLAGS"
 AC_PROG_CC([cc gcc])
 AC_PROG_CC_STDC
 AM_PROG_CC_C_O
-AC_PROG_LIBTOOL
-LT_INIT
+LT_INIT([pic-only])
 
 CHECK_OS_OPTIONS
 
@@ -75,26 +74,12 @@ AC_ARG_ENABLE([tests],
        [enable_tests="yes"])
 AM_CONDITIONAL([ENABLE_TESTS], [test "x$enable_tests" = xyes])
 
-# Add CPU-specific alignment flags
-old_cflags=$CFLAGS
-CFLAGS="$CFLAGS -I$srcdir/include"
-AC_MSG_CHECKING([if BSWAP4 builds without __STRICT_ALIGNMENT])
-AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"],
-	       [int a = 0; BSWAP4(a);],
-	       AC_MSG_RESULT([yes])
-	       BSWAP4=yes,
-	       AC_MSG_RESULT([no])
-	       BSWAP4=no)
-CFLAGS="$old_cflags"
-
 AS_CASE([$host_cpu],
-	[*sparc*], [CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT"],
 	[*arm*], [host_cpu=arm],
 	[*amd64*], [host_cpu=x86_64 HOSTARCH=intel],
 	[i?86], [HOSTARCH=intel],
 	[x86_64], [HOSTARCH=intel]
 )
-AS_IF([test "x$BSWAP4" = "xyes" -a "$host_cpu" = "arm" ],,CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT")
 AM_CONDITIONAL([HOST_CPU_IS_INTEL], [test "x$HOSTARCH" = "xintel"])
 
 AC_MSG_CHECKING([if .gnu.warning accepts long strings])
diff --git a/include/Makefile.am b/include/Makefile.am
index 6d808cc..4184cf8 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -32,12 +32,15 @@ noinst_HEADERS += compat/netinet/in.h
 noinst_HEADERS += compat/netinet/ip.h
 noinst_HEADERS += compat/netinet/tcp.h
 
+noinst_HEADERS += compat/sys/_null.h
 noinst_HEADERS += compat/sys/ioctl.h
 noinst_HEADERS += compat/sys/mman.h
 noinst_HEADERS += compat/sys/param.h
+noinst_HEADERS += compat/sys/queue.h
 noinst_HEADERS += compat/sys/select.h
 noinst_HEADERS += compat/sys/socket.h
 noinst_HEADERS += compat/sys/stat.h
+noinst_HEADERS += compat/sys/tree.h
 noinst_HEADERS += compat/sys/time.h
 noinst_HEADERS += compat/sys/types.h
 noinst_HEADERS += compat/sys/uio.h
diff --git a/include/compat/pthread.h b/include/compat/pthread.h
index 8b8c3c6..1527d3c 100644..100755
--- a/include/compat/pthread.h
+++ b/include/compat/pthread.h
@@ -8,6 +8,8 @@
 
 #ifdef _WIN32
 
+#include <malloc.h>
+#include <stdlib.h>
 #include <windows.h>
 
 /*
@@ -16,6 +18,11 @@
 #define PTHREAD_ONCE_INIT   { INIT_ONCE_STATIC_INIT }
 
 /*
+ * Static mutex initialization values.
+ */
+#define PTHREAD_MUTEX_INITIALIZER	{ .lock = NULL }
+
+/*
  * Once definitions.
  */
 struct pthread_once {
@@ -55,27 +62,43 @@ pthread_equal(pthread_t t1, pthread_t t2)
 	return t1 == t2;
 }
 
-typedef CRITICAL_SECTION pthread_mutex_t;
+struct pthread_mutex {
+	volatile LPCRITICAL_SECTION lock;
+};
+typedef struct pthread_mutex pthread_mutex_t;
 typedef void pthread_mutexattr_t;
 
 static inline int
 pthread_mutex_init(pthread_mutex_t *mutex, const pthread_mutexattr_t *attr)
 {
-	InitializeCriticalSection(mutex);
+	if ((mutex->lock = malloc(sizeof(CRITICAL_SECTION))) == NULL)
+		exit(ENOMEM);
+	InitializeCriticalSection(mutex->lock);
 	return 0;
 }
 
 static inline int
 pthread_mutex_lock(pthread_mutex_t *mutex)
 {
-	EnterCriticalSection(mutex);
+	if (mutex->lock == NULL) {
+		LPCRITICAL_SECTION lcs;
+
+		if ((lcs = malloc(sizeof(CRITICAL_SECTION))) == NULL)
+			exit(ENOMEM);
+		InitializeCriticalSection(lcs);
+		if (InterlockedCompareExchangePointer((PVOID*)&mutex->lock, (PVOID)lcs, NULL) != NULL) {
+			DeleteCriticalSection(lcs);
+			free(lcs);
+		}
+	}
+	EnterCriticalSection(mutex->lock);
 	return 0;
 }
 
 static inline int
 pthread_mutex_unlock(pthread_mutex_t *mutex)
 {
-	LeaveCriticalSection(mutex);
+	LeaveCriticalSection(mutex->lock);
 	return 0;
 }
 
diff --git a/libtls.pc.in b/libtls.pc.in
index 82a6a71..0d4e625 100644
--- a/libtls.pc.in
+++ b/libtls.pc.in
@@ -9,8 +9,7 @@ Name: LibreSSL-libtls
 Description: Secure communications using the TLS socket protocol.
 Version: @VERSION@
 Requires:
-Requires.private: libcrypto libssl
 Conflicts:
 Libs: -L${libdir} -ltls
-Libs.private: @LIBS@ -lcrypto -lssl @PLATFORM_LDADD@
+Libs.private: @LIBS@ @PLATFORM_LDADD@
 Cflags: -I${includedir}
diff --git a/man/Makefile.am b/man/Makefile.am
index f1c6f77..c2f2697 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -98,10 +98,13 @@ dist_man3_MANS += SSL_new.3
 dist_man3_MANS += SSL_num_renegotiations.3
 dist_man3_MANS += SSL_pending.3
 dist_man3_MANS += SSL_read.3
+dist_man3_MANS += SSL_read_early_data.3
 dist_man3_MANS += SSL_renegotiate.3
 dist_man3_MANS += SSL_rstate_string.3
 dist_man3_MANS += SSL_session_reused.3
+dist_man3_MANS += SSL_set1_host.3
 dist_man3_MANS += SSL_set1_param.3
+dist_man3_MANS += SSL_set_SSL_CTX.3
 dist_man3_MANS += SSL_set_bio.3
 dist_man3_MANS += SSL_set_connect_state.3
 dist_man3_MANS += SSL_set_fd.3
@@ -473,6 +476,7 @@ dist_man3_MANS += i2d_CMS_bio_stream.3
 dist_man3_MANS += i2d_PKCS7_bio_stream.3
 dist_man3_MANS += lh_new.3
 dist_man3_MANS += lh_stats.3
+dist_man3_MANS += x509_verify.3
 dist_man3_MANS += tls_accept_socket.3
 dist_man3_MANS += tls_client.3
 dist_man3_MANS += tls_config_ocsp_require_stapling.3
@@ -2278,6 +2282,14 @@ install-data-hook:
 	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
 	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
 	ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_max_early_data.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_get_early_data_status.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_early_data.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_early_data.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_write_early_data.3"
 	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
 	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
 	ln -sf "SSL_rstate_string.3" "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
@@ -3089,6 +3101,16 @@ install-data-hook:
 	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
 	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_reset.3"
 	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_write.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_chain.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_depth.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_string.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_free.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_new.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_intermediates.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_chains.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_depth.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_signatures.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_purpose.3"
 
 uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3"
@@ -4881,6 +4903,14 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_max_early_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_early_data_status.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_early_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_early_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_write_early_data.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
@@ -5692,3 +5722,13 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_reset.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_write.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_chain.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_intermediates.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_chains.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_signatures.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_purpose.3"