From 40945e55fe6da5062fa7e31a6066c866926c682a Mon Sep 17 00:00:00 2001 From: zrj Date: Fri, 12 Apr 2019 20:33:43 +0300 Subject: [PATCH] Add local patches to LibreSSL. Document local changes. --- crypto/README | 3 +- crypto/libressl/README.DELETED | 142 ++++++++++++++++++ crypto/libressl/README.DRAGONFLY | 30 +++- crypto/libressl/apps/nc/netcat.c | 5 + crypto/libressl/apps/openssl/apps.h | 6 + crypto/libressl/crypto/chacha/chacha-merged.c | 4 + crypto/libressl/crypto/cryptlib.c | 13 ++ crypto/libressl/crypto/ecdsa/ecs_sign.c | 2 + crypto/libressl/crypto/ecdsa/ecs_vrf.c | 2 + .../include/openssl/opensslfeatures.h | 4 +- 10 files changed, 203 insertions(+), 8 deletions(-) diff --git a/crypto/README b/crypto/README index c2f046256d..552cfb3164 100644 --- a/crypto/README +++ b/crypto/README @@ -1,10 +1,9 @@ $FreeBSD: src/crypto/README,v 1.2.2.2 2001/02/10 04:48:38 kris Exp $ -$DragonFly: src/crypto/README,v 1.3 2006/08/12 22:42:29 swildner Exp $ This directory is for the EXACT same use as src/contrib, except it holds crypto sources. In other words, this holds raw sources obtained from various third party vendors, with DragonFly patches applied. No compilation is done from this directory, it is all done from the -src/secure directory. The separation between src/contrib and src/crypto +src/lib directories. The separation between src/contrib and src/crypto is the result of an old USA law, which made these sources export controlled, so they had to be kept separate. diff --git a/crypto/libressl/README.DELETED b/crypto/libressl/README.DELETED index 233b6110fc..146804a916 100644 --- a/crypto/libressl/README.DELETED +++ b/crypto/libressl/README.DELETED @@ -1,4 +1,6 @@ CMakeLists.txt +FindLibreSSL.cmake +INSTALL Makefile.am Makefile.am.common Makefile.in @@ -11,9 +13,15 @@ apps/Makefile.in apps/nc/CMakeLists.txt apps/nc/Makefile.am apps/nc/Makefile.in +apps/nc/compat/ +apps/ocspcheck/ apps/openssl/CMakeLists.txt apps/openssl/Makefile.am apps/openssl/Makefile.in +apps/openssl/apps_win.c +apps/openssl/certhash_win.c +apps/openssl/compat/ +cmake_export_symbol.cmake cmake_uninstall.cmake.in compile config @@ -24,15 +32,135 @@ configure.ac crypto/CMakeLists.txt crypto/Makefile.am crypto/Makefile.am.arc4random +crypto/Makefile.am.elf-arm crypto/Makefile.am.elf-x86_64 crypto/Makefile.am.macosx-x86_64 +crypto/Makefile.am.masm-x86_64 +crypto/Makefile.am.mingw64-x86_64 crypto/Makefile.in +crypto/aes/aes-elf-armv4.S +crypto/aes/aes-macosx-x86_64.S +crypto/aes/aes-masm-x86_64.S +crypto/aes/aes-mingw64-x86_64.S +crypto/aes/aes_cfb.c +crypto/aes/aes_ctr.c +crypto/aes/aes_ecb.c +crypto/aes/aes_ofb.c +crypto/aes/aesni-macosx-x86_64.S +crypto/aes/aesni-masm-x86_64.S +crypto/aes/aesni-mingw64-x86_64.S +crypto/aes/aesni-sha1-macosx-x86_64.S +crypto/aes/aesni-sha1-masm-x86_64.S +crypto/aes/aesni-sha1-mingw64-x86_64.S +crypto/aes/bsaes-macosx-x86_64.S +crypto/aes/bsaes-masm-x86_64.S +crypto/aes/bsaes-mingw64-x86_64.S +crypto/aes/vpaes-macosx-x86_64.S +crypto/aes/vpaes-masm-x86_64.S +crypto/aes/vpaes-mingw64-x86_64.S +crypto/arm_arch.h +crypto/armcap.c +crypto/armv4cpuid.S +crypto/asn1/d2i_pu.c +crypto/asn1/f_enum.c +crypto/asn1/i2d_pu.c +crypto/asn1/t_bitst.c +crypto/bio/b_win.c +crypto/bio/bf_null.c +crypto/bio/bio_meth.c +crypto/bio/bss_bio.c +crypto/bio/bss_log.c +crypto/bn/bn_depr.c +crypto/bn/bn_mpi.c +crypto/bn/bn_x931p.c +crypto/bn/gf2m-elf-armv4.S +crypto/bn/gf2m-macosx-x86_64.S +crypto/bn/gf2m-masm-x86_64.S +crypto/bn/modexp512-macosx-x86_64.S +crypto/bn/modexp512-masm-x86_64.S +crypto/bn/mont-elf-armv4.S +crypto/bn/mont-macosx-x86_64.S +crypto/bn/mont-masm-x86_64.S +crypto/bn/mont5-macosx-x86_64.S +crypto/bn/mont5-masm-x86_64.S +crypto/buffer/buf_str.c +crypto/camellia/camellia.h +crypto/camellia/cmll-macosx-x86_64.S +crypto/camellia/cmll-masm-x86_64.S +crypto/camellia/cmll-mingw64-x86_64.S +crypto/comp/ +crypto/compat/ +crypto/cpuid-macosx-x86_64.S +crypto/cpuid-masm-x86_64.S +crypto/cpuid-mingw64-x86_64.S +crypto/crypto.sym +crypto/des/cbc_cksm.c +crypto/des/ede_cbcm_enc.c +crypto/des/enc_read.c +crypto/des/enc_writ.c +crypto/des/ofb_enc.c +crypto/des/pcbc_enc.c +crypto/des/qud_cksm.c +crypto/des/str2key.c +crypto/dh/dh_depr.c +crypto/dso/dso_dlfcn.c +crypto/engine/ +crypto/evp/e_old.c +crypto/evp/m_null.c +crypto/evp/p_dec.c +crypto/evp/p_enc.c +crypto/evp/p_open.c +crypto/evp/p_seal.c +crypto/gost/gost.h +crypto/malloc-wrapper.c +crypto/md5/md5-macosx-x86_64.S +crypto/md5/md5-masm-x86_64.S +crypto/md5/md5-mingw64-x86_64.S +crypto/mem_clr.c +crypto/modes/cts128.c +crypto/modes/ghash-elf-armv4.S +crypto/modes/ghash-macosx-x86_64.S +crypto/modes/ghash-masm-x86_64.S +crypto/modes/ghash-mingw64-x86_64.S +crypto/o_str.c +crypto/pem/pem_seal.c +crypto/pem/pem_sign.c +crypto/pkcs12/p12_npas.c +crypto/pkcs7/bio_pk7.c +crypto/rand/randfile.c +crypto/rc4/rc4-macosx-x86_64.S +crypto/rc4/rc4-masm-x86_64.S +crypto/rc4/rc4-md5-macosx-x86_64.S +crypto/rc4/rc4-md5-masm-x86_64.S +crypto/rc4/rc4-md5-mingw64-x86_64.S +crypto/rc4/rc4-mingw64-x86_64.S +crypto/rsa/rsa_saos.c +crypto/sha/sha1-elf-armv4.S +crypto/sha/sha1-macosx-x86_64.S +crypto/sha/sha1-masm-x86_64.S +crypto/sha/sha1-mingw64-x86_64.S +crypto/sha/sha256-elf-armv4.S +crypto/sha/sha256-macosx-x86_64.S +crypto/sha/sha256-masm-x86_64.S +crypto/sha/sha256-mingw64-x86_64.S +crypto/sha/sha512-elf-armv4.S +crypto/sha/sha512-macosx-x86_64.S +crypto/sha/sha512-masm-x86_64.S +crypto/sha/sha512-mingw64-x86_64.S +crypto/ui/ui_openssl_win.c +crypto/ui/ui_util.c +crypto/whrlpool/wp-macosx-x86_64.S +crypto/whrlpool/wp-masm-x86_64.S +crypto/whrlpool/wp-mingw64-x86_64.S depcomp include/CMakeLists.txt include/Makefile.am include/Makefile.in +include/compat/ include/openssl/Makefile.am include/openssl/Makefile.in +include/openssl/engine.h +include/openssl/ui_compat.h install-sh libcrypto.pc.in libssl.pc.in @@ -46,9 +174,23 @@ scripts/ ssl/CMakeLists.txt ssl/Makefile.am ssl/Makefile.in +ssl/bs_ber.c +ssl/ssl.sym +ssl/tls13_buffer.c +ssl/tls13_client.c +ssl/tls13_handshake.c +ssl/tls13_handshake.h +ssl/tls13_handshake_msg.c +ssl/tls13_lib.c +ssl/tls13_record.c +ssl/tls13_record.h +ssl/tls13_record_layer.c tap-driver.sh test-driver tests/ tls/CMakeLists.txt tls/Makefile.am tls/Makefile.in +tls/VERSION +tls/compat/ +tls/tls.sym diff --git a/crypto/libressl/README.DRAGONFLY b/crypto/libressl/README.DRAGONFLY index be9696c75f..34f4f8b9e5 100644 --- a/crypto/libressl/README.DRAGONFLY +++ b/crypto/libressl/README.DRAGONFLY @@ -4,9 +4,31 @@ LIBRESSL Original source can be downloaded from: http://www.libressl.org -file = libressl-2.4.4.tar.gz -date = 6 November 2016 -size = 3014463 -sha1 = 5daaf33f5cc382e1c9dd7375a67e26aad1d0b2ed +file = libressl-2.9.1.tar.gz +date = 13 April 2019 +size = 3607116 +sha1 = 46f33e42a307d53e17e11f105a4403b9ccfdcc76 The file README.DELETED contains a list of deleted files and directories. + +These sources are used in: + lib/librecrypto + lib/libressl + usr.bin/openssl + usr.bin/nc + +NOTE: The configure script misdetects HOST_ABI=elf and disables ASM versions. +Configured with +=============== + --enable-nc ac_cv_header_dlfcn_h=no ac_cv_lib_dl_dlopen=no + +The following files have been patched (* planned) +================================================= + apps/nc/netcat.c pledge dummies + apps/openssl/apps.h pledge dummies + crypto/chacha/chacha-merged.c __bounded__ dummy + crypto/cryptlib.c WARNS nested externs, vsyslog() + crypto/ecdsa/ecs_sign.c missing defs ECDSAerror() and + crypto/ecdsa/ecs_vrf.c EVP_R_METHOD_NOT_SUPPORTED + include/openssl/md5.h exclude for kernel + include/openssl/opensslfeatures.h disable engine and hw_padlock diff --git a/crypto/libressl/apps/nc/netcat.c b/crypto/libressl/apps/nc/netcat.c index 25b767c7f1..4fe3a020b8 100644 --- a/crypto/libressl/apps/nc/netcat.c +++ b/crypto/libressl/apps/nc/netcat.c @@ -59,6 +59,11 @@ #include "atomicio.h" +#if !defined(OpenBSD) +#define pledge(request, paths) 0 +#define unveil(path, permissions) 0 +#endif + #define PORT_MAX 65535 #define UNIX_DG_TMP_SOCKET_SIZE 19 diff --git a/crypto/libressl/apps/openssl/apps.h b/crypto/libressl/apps/openssl/apps.h index bb2340a545..c8bcca3797 100644 --- a/crypto/libressl/apps/openssl/apps.h +++ b/crypto/libressl/apps/openssl/apps.h @@ -127,6 +127,12 @@ #endif #include + +#if !defined(OpenBSD) +#define pledge(request, paths) 0 +#define unveil(path, permissions) 0 +#endif + extern int single_execution; extern CONF *config; diff --git a/crypto/libressl/crypto/chacha/chacha-merged.c b/crypto/libressl/crypto/chacha/chacha-merged.c index 67508f208d..f72dc966bd 100644 --- a/crypto/libressl/crypto/chacha/chacha-merged.c +++ b/crypto/libressl/crypto/chacha/chacha-merged.c @@ -9,6 +9,10 @@ Public domain. #include +#if !defined(__OpenBSD__) +#define __bounded__(x, y, z) +#endif + #define CHACHA_MINKEYLEN 16 #define CHACHA_NONCELEN 8 #define CHACHA_CTRLEN 8 diff --git a/crypto/libressl/crypto/cryptlib.c b/crypto/libressl/crypto/cryptlib.c index 38d31e7ac2..8f3f8ea6b3 100644 --- a/crypto/libressl/crypto/cryptlib.c +++ b/crypto/libressl/crypto/cryptlib.c @@ -314,11 +314,17 @@ OPENSSL_cpu_caps(void) #if defined(OPENSSL_CPUID_OBJ) && !defined(OPENSSL_NO_ASM) #define OPENSSL_CPUID_SETUP +#ifdef __DragonFly__ +extern uint64_t OPENSSL_ia32_cpuid(void); +#endif void OPENSSL_cpuid_setup(void) { static int trigger = 0; +#ifndef __DragonFly__ + /* -Werror=nested-externs */ uint64_t OPENSSL_ia32_cpuid(void); +#endif if (trigger) return; @@ -345,11 +351,18 @@ OPENSSL_cpuid_setup(void) static void OPENSSL_showfatal(const char *fmta, ...) { +#ifndef __DragonFly__ struct syslog_data sdata = SYSLOG_DATA_INIT; +#endif va_list ap; va_start(ap, fmta); +#ifndef __DragonFly__ + /* syslog abusing? */ vsyslog_r(LOG_INFO|LOG_LOCAL2, &sdata, fmta, ap); +#else + vsyslog(LOG_INFO|LOG_LOCAL2, fmta, ap); +#endif va_end(ap); } diff --git a/crypto/libressl/crypto/ecdsa/ecs_sign.c b/crypto/libressl/crypto/ecdsa/ecs_sign.c index 5beb853b94..249dd28502 100644 --- a/crypto/libressl/crypto/ecdsa/ecs_sign.c +++ b/crypto/libressl/crypto/ecdsa/ecs_sign.c @@ -54,6 +54,8 @@ */ #include +#include /* for EVP_R_METHOD_NOT_SUPPORTED */ +#include /* for ECDSAerror() */ #ifndef OPENSSL_NO_ENGINE #include diff --git a/crypto/libressl/crypto/ecdsa/ecs_vrf.c b/crypto/libressl/crypto/ecdsa/ecs_vrf.c index 4c1bc85e06..055b2f0795 100644 --- a/crypto/libressl/crypto/ecdsa/ecs_vrf.c +++ b/crypto/libressl/crypto/ecdsa/ecs_vrf.c @@ -57,6 +57,8 @@ */ #include +#include /* for EVP_R_METHOD_NOT_SUPPORTED */ +#include /* for ECDSAerror() */ #include "ecs_locl.h" #include "ec_lcl.h" diff --git a/crypto/libressl/include/openssl/opensslfeatures.h b/crypto/libressl/include/openssl/opensslfeatures.h index 688d478dfd..aef1f04a61 100644 --- a/crypto/libressl/include/openssl/opensslfeatures.h +++ b/crypto/libressl/include/openssl/opensslfeatures.h @@ -55,13 +55,13 @@ /* #define OPENSSL_NO_EC2M */ #define OPENSSL_NO_EC_NISTP_64_GCC_128 #define OPENSSL_NO_EGD -/* #define OPENSSL_NO_ENGINE */ +#define OPENSSL_NO_ENGINE /* #define OPENSSL_NO_ERR */ /* #define OPENSSL_NO_FUZZ_LIBFUZZER */ /* #define OPENSSL_NO_GOST */ #define OPENSSL_NO_HEARTBEATS /* #define OPENSSL_NO_HW */ -/* #define OPENSSL_NO_HW_PADLOCK */ +#define OPENSSL_NO_HW_PADLOCK /* #define OPENSSL_NO_IDEA */ #define OPENSSL_NO_MD2 /* #define OPENSSL_NO_MD4 */ -- 2.41.0