From 0e138b6a3d3fb41c5915ddf1b327fc6f28e074a6 Mon Sep 17 00:00:00 2001
From: "C. McEnroe" <june@causal.agency>
Date: Thu, 22 Oct 2020 03:03:56 -0400
Subject: Import LibreSSL 3.2.2

---
 Makefile.am              |  9 +++++++--
 VERSION                  |  2 +-
 configure.ac             | 17 +----------------
 include/Makefile.am      |  3 +++
 include/compat/pthread.h | 31 +++++++++++++++++++++++++++----
 libtls.pc.in             |  3 +--
 man/Makefile.am          | 40 ++++++++++++++++++++++++++++++++++++++++
 7 files changed, 80 insertions(+), 25 deletions(-)
 mode change 100644 => 100755 include/compat/pthread.h

diff --git a/Makefile.am b/Makefile.am
index 942abf9..4cea3a2 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,5 +1,8 @@
 include $(top_srcdir)/Makefile.am.common
 
+-include $(abs_top_builddir)/crypto/libcrypto_la_objects.mk
+-include $(abs_top_builddir)/ssl/libssl_la_objects.mk
+
 lib_LTLIBRARIES = libtls.la
 
 EXTRA_DIST = VERSION
@@ -7,8 +10,10 @@ EXTRA_DIST += CMakeLists.txt
 EXTRA_DIST += tls.sym
 
 libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined -export-symbols $(top_srcdir)/tls/tls.sym
-libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la
-libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la
+libtls_la_LIBADD = $(libcrypto_la_objects)
+libtls_la_LIBADD += $(libcompat_la_objects)
+libtls_la_LIBADD += $(libcompatnoopt_la_objects)
+libtls_la_LIBADD += $(libssl_la_objects)
 libtls_la_LIBADD += $(PLATFORM_LDADD)
 
 libtls_la_CPPFLAGS = $(AM_CPPFLAGS)
diff --git a/VERSION b/VERSION
index 667b8b1..19ef286 100644
--- a/VERSION
+++ b/VERSION
@@ -1,2 +1,2 @@
-3.2.1
+3.2.2
 
diff --git a/configure.ac b/configure.ac
index 888ca19..3aca617 100644
--- a/configure.ac
+++ b/configure.ac
@@ -29,8 +29,7 @@ USER_CFLAGS="$CFLAGS"
 AC_PROG_CC([cc gcc])
 AC_PROG_CC_STDC
 AM_PROG_CC_C_O
-AC_PROG_LIBTOOL
-LT_INIT
+LT_INIT([pic-only])
 
 CHECK_OS_OPTIONS
 
@@ -75,26 +74,12 @@ AC_ARG_ENABLE([tests],
        [enable_tests="yes"])
 AM_CONDITIONAL([ENABLE_TESTS], [test "x$enable_tests" = xyes])
 
-# Add CPU-specific alignment flags
-old_cflags=$CFLAGS
-CFLAGS="$CFLAGS -I$srcdir/include"
-AC_MSG_CHECKING([if BSWAP4 builds without __STRICT_ALIGNMENT])
-AC_TRY_COMPILE([#include "$srcdir/crypto/modes/modes_lcl.h"],
-	       [int a = 0; BSWAP4(a);],
-	       AC_MSG_RESULT([yes])
-	       BSWAP4=yes,
-	       AC_MSG_RESULT([no])
-	       BSWAP4=no)
-CFLAGS="$old_cflags"
-
 AS_CASE([$host_cpu],
-	[*sparc*], [CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT"],
 	[*arm*], [host_cpu=arm],
 	[*amd64*], [host_cpu=x86_64 HOSTARCH=intel],
 	[i?86], [HOSTARCH=intel],
 	[x86_64], [HOSTARCH=intel]
 )
-AS_IF([test "x$BSWAP4" = "xyes" -a "$host_cpu" = "arm" ],,CPPFLAGS="$CPPFLAGS -D__STRICT_ALIGNMENT")
 AM_CONDITIONAL([HOST_CPU_IS_INTEL], [test "x$HOSTARCH" = "xintel"])
 
 AC_MSG_CHECKING([if .gnu.warning accepts long strings])
diff --git a/include/Makefile.am b/include/Makefile.am
index 6d808cc..4184cf8 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -32,12 +32,15 @@ noinst_HEADERS += compat/netinet/in.h
 noinst_HEADERS += compat/netinet/ip.h
 noinst_HEADERS += compat/netinet/tcp.h
 
+noinst_HEADERS += compat/sys/_null.h
 noinst_HEADERS += compat/sys/ioctl.h
 noinst_HEADERS += compat/sys/mman.h
 noinst_HEADERS += compat/sys/param.h
+noinst_HEADERS += compat/sys/queue.h
 noinst_HEADERS += compat/sys/select.h
 noinst_HEADERS += compat/sys/socket.h
 noinst_HEADERS += compat/sys/stat.h
+noinst_HEADERS += compat/sys/tree.h
 noinst_HEADERS += compat/sys/time.h
 noinst_HEADERS += compat/sys/types.h
 noinst_HEADERS += compat/sys/uio.h
diff --git a/include/compat/pthread.h b/include/compat/pthread.h
old mode 100644
new mode 100755
index 8b8c3c6..1527d3c
--- a/include/compat/pthread.h
+++ b/include/compat/pthread.h
@@ -8,6 +8,8 @@
 
 #ifdef _WIN32
 
+#include <malloc.h>
+#include <stdlib.h>
 #include <windows.h>
 
 /*
@@ -15,6 +17,11 @@
  */
 #define PTHREAD_ONCE_INIT   { INIT_ONCE_STATIC_INIT }
 
+/*
+ * Static mutex initialization values.
+ */
+#define PTHREAD_MUTEX_INITIALIZER	{ .lock = NULL }
+
 /*
  * Once definitions.
  */
@@ -55,27 +62,43 @@ pthread_equal(pthread_t t1, pthread_t t2)
 	return t1 == t2;
 }
 
-typedef CRITICAL_SECTION pthread_mutex_t;
+struct pthread_mutex {
+	volatile LPCRITICAL_SECTION lock;
+};
+typedef struct pthread_mutex pthread_mutex_t;
 typedef void pthread_mutexattr_t;
 
 static inline int
 pthread_mutex_init(pthread_mutex_t *mutex, const pthread_mutexattr_t *attr)
 {
-	InitializeCriticalSection(mutex);
+	if ((mutex->lock = malloc(sizeof(CRITICAL_SECTION))) == NULL)
+		exit(ENOMEM);
+	InitializeCriticalSection(mutex->lock);
 	return 0;
 }
 
 static inline int
 pthread_mutex_lock(pthread_mutex_t *mutex)
 {
-	EnterCriticalSection(mutex);
+	if (mutex->lock == NULL) {
+		LPCRITICAL_SECTION lcs;
+
+		if ((lcs = malloc(sizeof(CRITICAL_SECTION))) == NULL)
+			exit(ENOMEM);
+		InitializeCriticalSection(lcs);
+		if (InterlockedCompareExchangePointer((PVOID*)&mutex->lock, (PVOID)lcs, NULL) != NULL) {
+			DeleteCriticalSection(lcs);
+			free(lcs);
+		}
+	}
+	EnterCriticalSection(mutex->lock);
 	return 0;
 }
 
 static inline int
 pthread_mutex_unlock(pthread_mutex_t *mutex)
 {
-	LeaveCriticalSection(mutex);
+	LeaveCriticalSection(mutex->lock);
 	return 0;
 }
 
diff --git a/libtls.pc.in b/libtls.pc.in
index 82a6a71..0d4e625 100644
--- a/libtls.pc.in
+++ b/libtls.pc.in
@@ -9,8 +9,7 @@ Name: LibreSSL-libtls
 Description: Secure communications using the TLS socket protocol.
 Version: @VERSION@
 Requires:
-Requires.private: libcrypto libssl
 Conflicts:
 Libs: -L${libdir} -ltls
-Libs.private: @LIBS@ -lcrypto -lssl @PLATFORM_LDADD@
+Libs.private: @LIBS@ @PLATFORM_LDADD@
 Cflags: -I${includedir}
diff --git a/man/Makefile.am b/man/Makefile.am
index f1c6f77..c2f2697 100644
--- a/man/Makefile.am
+++ b/man/Makefile.am
@@ -98,10 +98,13 @@ dist_man3_MANS += SSL_new.3
 dist_man3_MANS += SSL_num_renegotiations.3
 dist_man3_MANS += SSL_pending.3
 dist_man3_MANS += SSL_read.3
+dist_man3_MANS += SSL_read_early_data.3
 dist_man3_MANS += SSL_renegotiate.3
 dist_man3_MANS += SSL_rstate_string.3
 dist_man3_MANS += SSL_session_reused.3
+dist_man3_MANS += SSL_set1_host.3
 dist_man3_MANS += SSL_set1_param.3
+dist_man3_MANS += SSL_set_SSL_CTX.3
 dist_man3_MANS += SSL_set_bio.3
 dist_man3_MANS += SSL_set_connect_state.3
 dist_man3_MANS += SSL_set_fd.3
@@ -473,6 +476,7 @@ dist_man3_MANS += i2d_CMS_bio_stream.3
 dist_man3_MANS += i2d_PKCS7_bio_stream.3
 dist_man3_MANS += lh_new.3
 dist_man3_MANS += lh_stats.3
+dist_man3_MANS += x509_verify.3
 dist_man3_MANS += tls_accept_socket.3
 dist_man3_MANS += tls_client.3
 dist_man3_MANS += tls_config_ocsp_require_stapling.3
@@ -2278,6 +2282,14 @@ install-data-hook:
 	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
 	ln -sf "SSL_num_renegotiations.3" "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
 	ln -sf "SSL_read.3" "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_max_early_data.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_get_early_data_status.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_get_max_early_data.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_set_max_early_data.3"
+	ln -sf "SSL_read_early_data.3" "$(DESTDIR)$(mandir)/man3/SSL_write_early_data.3"
 	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
 	ln -sf "SSL_renegotiate.3" "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
 	ln -sf "SSL_rstate_string.3" "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
@@ -3089,6 +3101,16 @@ install-data-hook:
 	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
 	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_reset.3"
 	ln -sf "tls_read.3" "$(DESTDIR)$(mandir)/man3/tls_write.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_chain.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_depth.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_string.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_free.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_new.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_intermediates.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_chains.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_depth.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_signatures.3"
+	ln -sf "x509_verify.3" "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_purpose.3"
 
 uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/ACCESS_DESCRIPTION_free.3"
@@ -4881,6 +4903,14 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_clear_num_renegotiations.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_total_renegotiations.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_peek.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_get_max_early_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_CTX_set_max_early_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_get_max_early_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_SESSION_set_max_early_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_early_data_status.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_get_max_early_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_set_max_early_data.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_write_early_data.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_abbreviated.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_renegotiate_pending.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/SSL_rstate_string_long.3"
@@ -5692,3 +5722,13 @@ uninstall-local:
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_handshake.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_reset.3"
 	-rm -f "$(DESTDIR)$(mandir)/man3/tls_write.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_chain.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_error_string.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_free.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_new.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_intermediates.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_chains.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_depth.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_max_signatures.3"
+	-rm -f "$(DESTDIR)$(mandir)/man3/x509_verify_ctx_set_purpose.3"
-- 
cgit 1.4.1

1 02:30:41 +0100'>2018-11-21</span></td><td><a href='/cgit-pink/commit/Makefile?h=1.4.0&amp;id=a22855747e97e55a7b7a2622fe671b8ca9af0981&amp;follow=1'>git: use xz compressed archive for download</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-10-12 23:06:02 +0200'>2018-10-12</span></td><td><a href='/cgit-pink/commit/ui-tree.c?h=1.4.0&amp;id=2c9f56f3e1c754f60ccffbc6c745b9d5a81ea005&amp;follow=1'>git: update to v2.19.1</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-ssdiff.c?h=1.4.0&amp;id=a96f2890f41e0b9b0ffa1bcdb1dddbef28c01662&amp;follow=1'>ui-ssdiff: ban strcat()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-ssdiff.c?h=1.4.0&amp;id=0899eb644fab415e9a3b304f53da9da50aaf91aa&amp;follow=1'>ui-ssdiff: ban strncpy()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-shared.c?h=1.4.0&amp;id=2fc008d6dea2456548825c973a5516b5cdfd9c8c&amp;follow=1'>ui-shared: ban strcat()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-patch.c?h=1.4.0&amp;id=edb3403f00f14ac5cc23b9ba3a122cb4ee8b81fa&amp;follow=1'>ui-patch: ban sprintf()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-log.c?h=1.4.0&amp;id=7f75647b5565076b70d7c619df08e6c64dac9386&amp;follow=1'>ui-log: ban strncpy()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/ui-log.c?h=1.4.0&amp;id=71ba7187e5eeeaf2f66bc27bc3b48a2014d37bb7&amp;follow=1'>ui-log: ban strcpy()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/parsing.c?h=1.4.0&amp;id=60a930044d57faae4fcb84cba9d85310b0c767a7&amp;follow=1'>parsing: ban sprintf()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-09-11 08:47:12 +0200'>2018-09-11</span></td><td><a href='/cgit-pink/commit/parsing.c?h=1.4.0&amp;id=7cde5885d8ce53359ee665bb930b1da956e8369a&amp;follow=1'>parsing: ban strncpy()</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-08-28 14:37:19 +0200'>2018-08-28</span></td><td><a href='/cgit-pink/commit/filters/html-converters/md2html?h=1.4.0&amp;id=b0fc647fe61c19338aec65ffcab513cc84599b18&amp;follow=1'>filters: generate anchor links from markdown</a></td><td>Christian Hesse</td></tr>
<tr><td><span title='2018-08-03 17:04:03 +0200'>2018-08-03</span></td><td><a href='/cgit-pink/commit/Makefile?h=1.4.0&amp;id=824138e59194acaf5efe53690d4ef6eaf38e1549&amp;follow=1'>Bump version.</a></td><td>Jason A. Donenfeld</td></tr>
<tr><td><span title='2018-08-03 17:04:03 +0200'>2018-08-03</span></td><td><a href='/cgit-pink/commit/ui-clone.c?h=1.4.0&amp;id=53efaf30b50f095cad8c160488c74bba3e3b2680&amp;follow=1'>clone: fix directory traversal</a></td><td>Jason A. Donenfeld</td></tr>
<tr><td><span title='2018-08-03 16:12:21 +0200'>2018-08-03</span></td><td><a href='/cgit-pink/commit/cgit.c?h=1.4.0&amp;id=c679d9010451b986bae719a6abe0458af2b2dfb9&amp;follow=1'>config: record repo.snapshot-prefix in the per-repo config</a></td><td>Konstantin Ryabitsev