Add local patches to LibreSSL.
authorzrj <rimvydas.jasinskas@gmail.com>
Fri, 12 Apr 2019 17:33:43 +0000 (20:33 +0300)
committerzrj <zrj@dragonflybsd.org>
Wed, 24 Apr 2019 17:11:01 +0000 (20:11 +0300)
Document local changes.

crypto/README
crypto/libressl/README.DELETED
crypto/libressl/README.DRAGONFLY
crypto/libressl/apps/nc/netcat.c
crypto/libressl/apps/openssl/apps.h
crypto/libressl/crypto/chacha/chacha-merged.c
crypto/libressl/crypto/cryptlib.c
crypto/libressl/crypto/ecdsa/ecs_sign.c
crypto/libressl/crypto/ecdsa/ecs_vrf.c
crypto/libressl/include/openssl/opensslfeatures.h

index c2f0462..552cfb3 100644 (file)
@@ -1,10 +1,9 @@
 $FreeBSD: src/crypto/README,v 1.2.2.2 2001/02/10 04:48:38 kris Exp $
-$DragonFly: src/crypto/README,v 1.3 2006/08/12 22:42:29 swildner Exp $
 
 This directory is for the EXACT same use as src/contrib, except it
 holds crypto sources.  In other words, this holds raw sources obtained
 from various third party vendors, with DragonFly patches applied.  No
 compilation is done from this directory, it is all done from the
-src/secure directory.  The separation between src/contrib and src/crypto
+src/lib directories.  The separation between src/contrib and src/crypto
 is the result of an old USA law, which made these sources export
 controlled, so they had to be kept separate.
index 233b611..146804a 100644 (file)
@@ -1,4 +1,6 @@
 CMakeLists.txt
+FindLibreSSL.cmake
+INSTALL
 Makefile.am
 Makefile.am.common
 Makefile.in
@@ -11,9 +13,15 @@ apps/Makefile.in
 apps/nc/CMakeLists.txt
 apps/nc/Makefile.am
 apps/nc/Makefile.in
+apps/nc/compat/
+apps/ocspcheck/
 apps/openssl/CMakeLists.txt
 apps/openssl/Makefile.am
 apps/openssl/Makefile.in
+apps/openssl/apps_win.c
+apps/openssl/certhash_win.c
+apps/openssl/compat/
+cmake_export_symbol.cmake
 cmake_uninstall.cmake.in
 compile
 config
@@ -24,15 +32,135 @@ configure.ac
 crypto/CMakeLists.txt
 crypto/Makefile.am
 crypto/Makefile.am.arc4random
+crypto/Makefile.am.elf-arm
 crypto/Makefile.am.elf-x86_64
 crypto/Makefile.am.macosx-x86_64
+crypto/Makefile.am.masm-x86_64
+crypto/Makefile.am.mingw64-x86_64
 crypto/Makefile.in
+crypto/aes/aes-elf-armv4.S
+crypto/aes/aes-macosx-x86_64.S
+crypto/aes/aes-masm-x86_64.S
+crypto/aes/aes-mingw64-x86_64.S
+crypto/aes/aes_cfb.c
+crypto/aes/aes_ctr.c
+crypto/aes/aes_ecb.c
+crypto/aes/aes_ofb.c
+crypto/aes/aesni-macosx-x86_64.S
+crypto/aes/aesni-masm-x86_64.S
+crypto/aes/aesni-mingw64-x86_64.S
+crypto/aes/aesni-sha1-macosx-x86_64.S
+crypto/aes/aesni-sha1-masm-x86_64.S
+crypto/aes/aesni-sha1-mingw64-x86_64.S
+crypto/aes/bsaes-macosx-x86_64.S
+crypto/aes/bsaes-masm-x86_64.S
+crypto/aes/bsaes-mingw64-x86_64.S
+crypto/aes/vpaes-macosx-x86_64.S
+crypto/aes/vpaes-masm-x86_64.S
+crypto/aes/vpaes-mingw64-x86_64.S
+crypto/arm_arch.h
+crypto/armcap.c
+crypto/armv4cpuid.S
+crypto/asn1/d2i_pu.c
+crypto/asn1/f_enum.c
+crypto/asn1/i2d_pu.c
+crypto/asn1/t_bitst.c
+crypto/bio/b_win.c
+crypto/bio/bf_null.c
+crypto/bio/bio_meth.c
+crypto/bio/bss_bio.c
+crypto/bio/bss_log.c
+crypto/bn/bn_depr.c
+crypto/bn/bn_mpi.c
+crypto/bn/bn_x931p.c
+crypto/bn/gf2m-elf-armv4.S
+crypto/bn/gf2m-macosx-x86_64.S
+crypto/bn/gf2m-masm-x86_64.S
+crypto/bn/modexp512-macosx-x86_64.S
+crypto/bn/modexp512-masm-x86_64.S
+crypto/bn/mont-elf-armv4.S
+crypto/bn/mont-macosx-x86_64.S
+crypto/bn/mont-masm-x86_64.S
+crypto/bn/mont5-macosx-x86_64.S
+crypto/bn/mont5-masm-x86_64.S
+crypto/buffer/buf_str.c
+crypto/camellia/camellia.h
+crypto/camellia/cmll-macosx-x86_64.S
+crypto/camellia/cmll-masm-x86_64.S
+crypto/camellia/cmll-mingw64-x86_64.S
+crypto/comp/
+crypto/compat/
+crypto/cpuid-macosx-x86_64.S
+crypto/cpuid-masm-x86_64.S
+crypto/cpuid-mingw64-x86_64.S
+crypto/crypto.sym
+crypto/des/cbc_cksm.c
+crypto/des/ede_cbcm_enc.c
+crypto/des/enc_read.c
+crypto/des/enc_writ.c
+crypto/des/ofb_enc.c
+crypto/des/pcbc_enc.c
+crypto/des/qud_cksm.c
+crypto/des/str2key.c
+crypto/dh/dh_depr.c
+crypto/dso/dso_dlfcn.c
+crypto/engine/
+crypto/evp/e_old.c
+crypto/evp/m_null.c
+crypto/evp/p_dec.c
+crypto/evp/p_enc.c
+crypto/evp/p_open.c
+crypto/evp/p_seal.c
+crypto/gost/gost.h
+crypto/malloc-wrapper.c
+crypto/md5/md5-macosx-x86_64.S
+crypto/md5/md5-masm-x86_64.S
+crypto/md5/md5-mingw64-x86_64.S
+crypto/mem_clr.c
+crypto/modes/cts128.c
+crypto/modes/ghash-elf-armv4.S
+crypto/modes/ghash-macosx-x86_64.S
+crypto/modes/ghash-masm-x86_64.S
+crypto/modes/ghash-mingw64-x86_64.S
+crypto/o_str.c
+crypto/pem/pem_seal.c
+crypto/pem/pem_sign.c
+crypto/pkcs12/p12_npas.c
+crypto/pkcs7/bio_pk7.c
+crypto/rand/randfile.c
+crypto/rc4/rc4-macosx-x86_64.S
+crypto/rc4/rc4-masm-x86_64.S
+crypto/rc4/rc4-md5-macosx-x86_64.S
+crypto/rc4/rc4-md5-masm-x86_64.S
+crypto/rc4/rc4-md5-mingw64-x86_64.S
+crypto/rc4/rc4-mingw64-x86_64.S
+crypto/rsa/rsa_saos.c
+crypto/sha/sha1-elf-armv4.S
+crypto/sha/sha1-macosx-x86_64.S
+crypto/sha/sha1-masm-x86_64.S
+crypto/sha/sha1-mingw64-x86_64.S
+crypto/sha/sha256-elf-armv4.S
+crypto/sha/sha256-macosx-x86_64.S
+crypto/sha/sha256-masm-x86_64.S
+crypto/sha/sha256-mingw64-x86_64.S
+crypto/sha/sha512-elf-armv4.S
+crypto/sha/sha512-macosx-x86_64.S
+crypto/sha/sha512-masm-x86_64.S
+crypto/sha/sha512-mingw64-x86_64.S
+crypto/ui/ui_openssl_win.c
+crypto/ui/ui_util.c
+crypto/whrlpool/wp-macosx-x86_64.S
+crypto/whrlpool/wp-masm-x86_64.S
+crypto/whrlpool/wp-mingw64-x86_64.S
 depcomp
 include/CMakeLists.txt
 include/Makefile.am
 include/Makefile.in
+include/compat/
 include/openssl/Makefile.am
 include/openssl/Makefile.in
+include/openssl/engine.h
+include/openssl/ui_compat.h
 install-sh
 libcrypto.pc.in
 libssl.pc.in
@@ -46,9 +174,23 @@ scripts/
 ssl/CMakeLists.txt
 ssl/Makefile.am
 ssl/Makefile.in
+ssl/bs_ber.c
+ssl/ssl.sym
+ssl/tls13_buffer.c
+ssl/tls13_client.c
+ssl/tls13_handshake.c
+ssl/tls13_handshake.h
+ssl/tls13_handshake_msg.c
+ssl/tls13_lib.c
+ssl/tls13_record.c
+ssl/tls13_record.h
+ssl/tls13_record_layer.c
 tap-driver.sh
 test-driver
 tests/
 tls/CMakeLists.txt
 tls/Makefile.am
 tls/Makefile.in
+tls/VERSION
+tls/compat/
+tls/tls.sym
index be9696c..34f4f8b 100644 (file)
@@ -4,9 +4,31 @@ LIBRESSL
 Original source can be downloaded from:
 http://www.libressl.org
 
-file = libressl-2.4.4.tar.gz
-date = 6 November 2016
-size = 3014463
-sha1 = 5daaf33f5cc382e1c9dd7375a67e26aad1d0b2ed
+file = libressl-2.9.1.tar.gz
+date = 13 April 2019
+size = 3607116
+sha1 = 46f33e42a307d53e17e11f105a4403b9ccfdcc76
 
 The file README.DELETED contains a list of deleted files and directories.
+
+These sources are used in:
+       lib/librecrypto
+       lib/libressl
+       usr.bin/openssl
+       usr.bin/nc
+
+NOTE: The configure script misdetects HOST_ABI=elf and disables ASM versions.
+Configured with
+===============
+  --enable-nc ac_cv_header_dlfcn_h=no ac_cv_lib_dl_dlopen=no
+
+The following files have been patched (* planned)
+=================================================
+  apps/nc/netcat.c                     pledge dummies
+  apps/openssl/apps.h                  pledge dummies
+  crypto/chacha/chacha-merged.c                __bounded__ dummy
+  crypto/cryptlib.c                    WARNS nested externs, vsyslog()
+  crypto/ecdsa/ecs_sign.c              missing defs ECDSAerror() and
+  crypto/ecdsa/ecs_vrf.c               EVP_R_METHOD_NOT_SUPPORTED
+  include/openssl/md5.h                        exclude <opensslconf.h> for kernel
+  include/openssl/opensslfeatures.h    disable engine and hw_padlock
index 25b767c..4fe3a02 100644 (file)
 
 #include "atomicio.h"
 
+#if !defined(OpenBSD)
+#define pledge(request, paths) 0
+#define unveil(path, permissions) 0
+#endif
+
 #define PORT_MAX       65535
 #define UNIX_DG_TMP_SOCKET_SIZE        19
 
index bb2340a..c8bcca3 100644 (file)
 #endif
 
 #include <unistd.h>
+
+#if !defined(OpenBSD)
+#define pledge(request, paths) 0
+#define unveil(path, permissions) 0
+#endif
+
 extern int single_execution;
 
 extern CONF *config;
index 67508f2..f72dc96 100644 (file)
@@ -9,6 +9,10 @@ Public domain.
 
 #include <stdint.h>
 
+#if !defined(__OpenBSD__)
+#define __bounded__(x, y, z)
+#endif
+
 #define CHACHA_MINKEYLEN       16
 #define CHACHA_NONCELEN                8
 #define CHACHA_CTRLEN          8
index 38d31e7..8f3f8ea 100644 (file)
@@ -314,11 +314,17 @@ OPENSSL_cpu_caps(void)
 
 #if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM)
 #define OPENSSL_CPUID_SETUP
+#ifdef __DragonFly__
+extern uint64_t OPENSSL_ia32_cpuid(void);
+#endif
 void
 OPENSSL_cpuid_setup(void)
 {
        static int trigger = 0;
+#ifndef __DragonFly__
+       /* -Werror=nested-externs */
        uint64_t OPENSSL_ia32_cpuid(void);
+#endif
 
        if (trigger)
                return;
@@ -345,11 +351,18 @@ OPENSSL_cpuid_setup(void)
 static void
 OPENSSL_showfatal(const char *fmta, ...)
 {
+#ifndef __DragonFly__
        struct syslog_data sdata = SYSLOG_DATA_INIT;
+#endif
        va_list ap;
 
        va_start(ap, fmta);
+#ifndef __DragonFly__
+       /* syslog abusing? */
        vsyslog_r(LOG_INFO|LOG_LOCAL2, &sdata, fmta, ap);
+#else
+       vsyslog(LOG_INFO|LOG_LOCAL2, fmta, ap);
+#endif
        va_end(ap);
 }
 
index 5beb853..249dd28 100644 (file)
@@ -54,6 +54,8 @@
  */
 
 #include <openssl/opensslconf.h>
+#include <openssl/err.h>       /* for EVP_R_METHOD_NOT_SUPPORTED */
+#include <openssl/evp.h>       /* for ECDSAerror() */
 
 #ifndef OPENSSL_NO_ENGINE
 #include <openssl/engine.h>
index 4c1bc85..055b2f0 100644 (file)
@@ -57,6 +57,8 @@
  */
 
 #include <openssl/opensslconf.h>
+#include <openssl/err.h>       /* for EVP_R_METHOD_NOT_SUPPORTED */
+#include <openssl/evp.h>       /* for ECDSAerror() */
 
 #include "ecs_locl.h"
 #include "ec_lcl.h"
index 688d478..aef1f04 100644 (file)
 /* #define OPENSSL_NO_EC2M */
 #define OPENSSL_NO_EC_NISTP_64_GCC_128
 #define OPENSSL_NO_EGD
-/* #define OPENSSL_NO_ENGINE */
+#define OPENSSL_NO_ENGINE
 /* #define OPENSSL_NO_ERR */
 /* #define OPENSSL_NO_FUZZ_LIBFUZZER */
 /* #define OPENSSL_NO_GOST */
 #define OPENSSL_NO_HEARTBEATS
 /* #define OPENSSL_NO_HW */
-/* #define OPENSSL_NO_HW_PADLOCK */
+#define OPENSSL_NO_HW_PADLOCK
 /* #define OPENSSL_NO_IDEA */
 #define OPENSSL_NO_MD2
 /* #define OPENSSL_NO_MD4 */