diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2018-10-31 09:38:37 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2018-11-07 16:46:12 +0000 |
| commit | e0c4bf32c3423530abb4919dd2fd0f20ae7df2e8 (patch) | |
| tree | 3a677ab8f9ff99193de6cc1a9b9157a09290fbf6 /testing | |
| parent | ca6964abf88ba5441e9a23f0005fafd4485a39a4 (diff) | |
| download | aports-e0c4bf32c3423530abb4919dd2fd0f20ae7df2e8.tar.bz2 aports-e0c4bf32c3423530abb4919dd2fd0f20ae7df2e8.tar.xz | |
main/libtls-standalone: move from testing
needed by busybox
Diffstat (limited to 'testing')
| -rw-r--r-- | testing/libtls-standalone/APKBUILD | 66 | ||||
| -rw-r--r-- | testing/libtls-standalone/Makefile | 86 | ||||
| -rw-r--r-- | testing/libtls-standalone/libtls-ciphers.patch | 17 | ||||
| -rw-r--r-- | testing/libtls-standalone/openssl-1.1.0-asn1-string.patch | 31 | ||||
| -rw-r--r-- | testing/libtls-standalone/openssl-1.1.0-bio-method.patch | 107 | ||||
| -rw-r--r-- | testing/libtls-standalone/openssl-1.1.0-verify-param.patch | 50 | ||||
| -rw-r--r-- | testing/libtls-standalone/openssl-1.1.0-x509-object.patch | 40 | ||||
| -rw-r--r-- | testing/libtls-standalone/test_program.c | 11 | ||||
| -rw-r--r-- | testing/libtls-standalone/tls_compat.c | 369 | ||||
| -rw-r--r-- | testing/libtls-standalone/tls_compat.h | 23 |
10 files changed, 0 insertions, 800 deletions
diff --git a/testing/libtls-standalone/APKBUILD b/testing/libtls-standalone/APKBUILD deleted file mode 100644 index ea80990b44..0000000000 --- a/testing/libtls-standalone/APKBUILD +++ /dev/null @@ -1,66 +0,0 @@ -# Maintainer: William Pitcock <nenolod@dereferenced.org> -pkgname=libtls-standalone -pkgver=2.7.4 -_namever=${pkgname}${pkgver%.*} -pkgrel=4 -pkgdesc="libtls extricated from libressl sources" -url="http://www.libressl.org/" -arch="all" -license="ISC" -depends="" -makedepends="libbsd-dev openssl-dev" -subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc" -source="https://ftp.openbsd.org/pub/OpenBSD/libressl/libressl-$pkgver.tar.gz - Makefile - tls_compat.c - tls_compat.h - test_program.c - libtls-ciphers.patch - openssl-1.1.0-bio-method.patch - openssl-1.1.0-verify-param.patch - openssl-1.1.0-asn1-string.patch - openssl-1.1.0-x509-object.patch - " -libressl_src="$srcdir/libressl-$pkgver" -builddir="$srcdir" - -prepare() { - cd "$builddir" - rm -rf "$libressl_src"/include/openssl - - cd "$libressl_src" - patch -p1 < "$srcdir"/libtls-ciphers.patch - patch -p1 < "$srcdir"/openssl-1.1.0-bio-method.patch - patch -p1 < "$srcdir"/openssl-1.1.0-verify-param.patch - patch -p1 < "$srcdir"/openssl-1.1.0-asn1-string.patch - patch -p1 < "$srcdir"/openssl-1.1.0-x509-object.patch -} - -build() { - cd "$builddir" - - make PREFIX=/usr LIBRESSL_SRCDIR="${libressl_src}" LIBRESSL_VERSION="${pkgver}" -} - -check() { - cd "$builddir" - make PREFIX=/usr LIBRESSL_SRCDIR="${libressl_src}" LIBRESSL_VERSION="${pkgver}" check -} - -package() { - cd "$builddir" - - make PREFIX=/usr LIBRESSL_SRCDIR="${libressl_src}" LIBRESSL_VERSION="${pkgver}" DESTDIR="${pkgdir}" install - install -Dm644 "${libressl_src}"/COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING -} - -sha512sums="1cd82a1bff4f655251b5feb0c850f4164e0fd548e4b404407370f74dcc75c205f42efc7787a157eecac84cbbe46af48cb63f46b3fef75f4a0a9ea19a5863a691 libressl-2.7.4.tar.gz -75292dcd0321a3cb00b30715f537cd35f2375922aac3ad5445f3d7b9eff16ab934926b1605f3330032f8455378c89f41bd1ed83f5a027fc967adff7006ed9486 Makefile -be8216d08a6992ca65a8e3f1e010645833899465090179f269a62de5fcfe2711d463fe1aa57e408492648878fa2ee53377c4509ef48a2aafe3f267cce73e9209 tls_compat.c -0b8fca899e1f7b51979d69458be23c77c1b7f265ed60de76cf5cfb9eb5742111cf50813bd35384831301523a6a0562a20acf1aec22dc0d9ad653271d45ede915 tls_compat.h -71d36fe25c95a0a45497e3f699b01dddcaae9053dd1b1e2419df94272c47024cf6516c51c902129201061601b04a72551904b15a332a4cf53358983b5db73618 test_program.c -8da41dc7f3a3e94c7c26c20b88e649eeaa556064c6b45deb4604fb0b5738109344bf2d9e5c37dc963634db1761370aa5ed4dfe085cae2a21e74535b5b98f4a43 libtls-ciphers.patch -90244db67d2f5a2b4679cd4b905f6e58105e20e5a4648dd0781dee3f3d1ce87350eee9683f2e6e554949a390ee45d2247e7588e75668e82feb68213178905d3d openssl-1.1.0-bio-method.patch -b0c6c0b32d6ea30b7161ae75e36b8102b3c00268723dec15464318bae8f77a386dba9ef0537d47018b385b16f57132b5c893e494b8853d51b638b4d270e1f9d6 openssl-1.1.0-verify-param.patch -e0b7ce674269714cd63f628c332ed3420086c973f6e763a9a5d57991738370759d437b59edff5349ce4213725588f58e196c479b372a702833fcae75da9d71a1 openssl-1.1.0-asn1-string.patch -7d88088240f78dc3656e71d67f2222b4562bbcfacfaac77e7d8d3ace50ae7f02fac15cea0df2d9990b8d30f6cfd0b4ffd92ea97191181f0b00b1d34c050ef130 openssl-1.1.0-x509-object.patch" diff --git a/testing/libtls-standalone/Makefile b/testing/libtls-standalone/Makefile deleted file mode 100644 index 781a15a7d1..0000000000 --- a/testing/libtls-standalone/Makefile +++ /dev/null @@ -1,86 +0,0 @@ -PREFIX = /usr/local -EXEC_PREFIX = ${PREFIX} -LIBDIR = ${PREFIX}/lib -INCLUDEDIR = ${PREFIX}/include - -LIBRESSL_VERSION = 1.0 -LIBTLS_SOVERSION = 1 -LIBTLS_FULLVERSION = 1.0.0 - -OPENSSL_CFLAGS = $(shell pkgconf openssl --cflags) -OPENSSL_LIBS = $(shell pkgconf openssl --libs) - -CFLAGS = -Wall -Wno-pointer-sign -fPIC -DPIC -shared -include tls_compat.h -isystem ${LIBRESSL_SRCDIR}/include/compat ${OPENSSL_CFLAGS} -I ${LIBRESSL_SRCDIR}/include \ - -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS= -LDFLAGS = -fPIC -DPIC -shared -Wl,-soname,libtls-standalone.so.${LIBTLS_SOVERSION} ${OPENSSL_LIBS} - -SOURCES = \ - tls_compat.c \ - ${LIBRESSL_SRCDIR}/tls/tls.c \ - ${LIBRESSL_SRCDIR}/tls/tls_bio_cb.c \ - ${LIBRESSL_SRCDIR}/tls/tls_client.c \ - ${LIBRESSL_SRCDIR}/tls/tls_config.c \ - ${LIBRESSL_SRCDIR}/tls/tls_conninfo.c \ - ${LIBRESSL_SRCDIR}/tls/tls_keypair.c \ - ${LIBRESSL_SRCDIR}/tls/tls_ocsp.c \ - ${LIBRESSL_SRCDIR}/tls/tls_peer.c \ - ${LIBRESSL_SRCDIR}/tls/tls_server.c \ - ${LIBRESSL_SRCDIR}/tls/tls_util.c \ - ${LIBRESSL_SRCDIR}/tls/tls_verify.c \ - ${LIBRESSL_SRCDIR}/crypto/compat/arc4random.c \ - ${LIBRESSL_SRCDIR}/crypto/compat/arc4random_uniform.c \ - ${LIBRESSL_SRCDIR}/crypto/compat/freezero.c \ - ${LIBRESSL_SRCDIR}/crypto/compat/reallocarray.c \ - ${LIBRESSL_SRCDIR}/crypto/compat/timingsafe_memcmp.c - -OBJECTS = ${SOURCES:.c=.o} - -all: dumpconfig libtls-standalone.so.${LIBTLS_FULLVERSION} libtls-standalone.so.${LIBTLS_SOVERSION} libtls-standalone.pc - -dumpconfig: - @echo "Building with:" - @echo " LIBRESSL_SRCDIR = ${LIBRESSL_SRCDIR}" - @echo " OPENSSL_CFLAGS = ${OPENSSL_CFLAGS}" - @echo " OPENSSL_LIBS = ${OPENSSL_LIBS}" - -.c.o: - ${CC} ${CFLAGS} -o $@ -c $< - -libtls-standalone.so.${LIBTLS_SOVERSION}: libtls-standalone.so.${LIBTLS_FULLVERSION} - ln -s $< $@ - -libtls-standalone.so.${LIBTLS_FULLVERSION}: ${OBJECTS} - ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${OBJECTS} ${OPENSSL_LIBS} - -check: test_program - LD_LIBRARY_PATH=$$PWD ./test_program - -test_program: test_program.c - ${CC} -I${LIBRESSL_SRCDIR}/include -o $@ test_program.c ./libtls-standalone.so.${LIBTLS_FULLVERSION} - -clean: - rm -f ${OBJECTS} - rm -f libtls-standalone.so.${LIBTLS_FULLVERSION} libtls-standalone.so.${LIBTLS_SOVERSION} - rm -f test_program - -install: - install -D -m755 libtls-standalone.so.${LIBTLS_FULLVERSION} ${DESTDIR}${PREFIX}/lib/libtls-standalone.so.${LIBTLS_FULLVERSION} - ln -sf libtls-standalone.so.${LIBTLS_FULLVERSION} ${DESTDIR}${PREFIX}/lib/libtls-standalone.so.${LIBTLS_SOVERSION} - ln -sf libtls-standalone.so.${LIBTLS_FULLVERSION} ${DESTDIR}${PREFIX}/lib/libtls-standalone.so - - install -D -m644 ${LIBRESSL_SRCDIR}/include/tls.h ${DESTDIR}${PREFIX}/include/libtls-standalone/tls.h - - install -D -m644 libtls-standalone.pc ${DESTDIR}${PREFIX}/lib/pkgconfig/libtls-standalone.pc - -libtls-standalone.pc: ${LIBRESSL_SRCDIR}/libtls.pc.in - sed -e s:@prefix@:${PREFIX}:g \ - -e s:@exec_prefix@:${EXEC_PREFIX}:g \ - -e s:@libdir@:${LIBDIR}:g \ - -e s:@includedir@:${INCLUDEDIR}/libtls-standalone:g \ - -e s:@LIBS@:-ltls-standalone:g \ - -e s:@PLATFORM_LDADD@::g \ - -e s:@VERSION@:${LIBRESSL_VERSION}:g \ - -e /^Libs:/s:-ltls:-ltls-standalone:g \ - $< > libtls-standalone.pc - -.DUMMY: check dumpconfig clean install diff --git a/testing/libtls-standalone/libtls-ciphers.patch b/testing/libtls-standalone/libtls-ciphers.patch deleted file mode 100644 index 7b5843b28c..0000000000 --- a/testing/libtls-standalone/libtls-ciphers.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- libressl-2.7.4.orig/tls/tls_internal.h -+++ libressl-2.7.4/tls/tls_internal.h -@@ -30,12 +30,12 @@ - #define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem" - #endif - --#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE" - #define TLS_CIPHERS_COMPAT "HIGH:!aNULL" - #define TLS_CIPHERS_LEGACY "HIGH:MEDIUM:!aNULL" - #define TLS_CIPHERS_ALL "ALL:!aNULL:!eNULL" -+#define TLS_CIPHERS_DEFAULT TLS_CIPHERS_COMPAT - --#define TLS_ECDHE_CURVES "X25519,P-256,P-384" -+#define TLS_ECDHE_CURVES "P-256,P-384" - - union tls_addr { - struct in_addr ip4; diff --git a/testing/libtls-standalone/openssl-1.1.0-asn1-string.patch b/testing/libtls-standalone/openssl-1.1.0-asn1-string.patch deleted file mode 100644 index 258ba60a5d..0000000000 --- a/testing/libtls-standalone/openssl-1.1.0-asn1-string.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- libressl-2.7.4.orig/tls/tls_verify.c -+++ libressl-2.7.4/tls/tls_verify.c -@@ -126,12 +126,12 @@ - continue; - - if (type == GEN_DNS) { -- unsigned char *data; -+ const unsigned char *data; - int format, len; - - format = ASN1_STRING_type(altname->d.dNSName); - if (format == V_ASN1_IA5STRING) { -- data = ASN1_STRING_data(altname->d.dNSName); -+ data = ASN1_STRING_get0_data(altname->d.dNSName); - len = ASN1_STRING_length(altname->d.dNSName); - - if (len < 0 || (size_t)len != strlen(data)) { -@@ -171,11 +171,11 @@ - } - - } else if (type == GEN_IPADD) { -- unsigned char *data; -+ const unsigned char *data; - int datalen; - - datalen = ASN1_STRING_length(altname->d.iPAddress); -- data = ASN1_STRING_data(altname->d.iPAddress); -+ data = ASN1_STRING_get0_data(altname->d.iPAddress); - - if (datalen < 0) { - tls_set_errorx(ctx, diff --git a/testing/libtls-standalone/openssl-1.1.0-bio-method.patch b/testing/libtls-standalone/openssl-1.1.0-bio-method.patch deleted file mode 100644 index 4f4290c3ce..0000000000 --- a/testing/libtls-standalone/openssl-1.1.0-bio-method.patch +++ /dev/null @@ -1,107 +0,0 @@ ---- libressl-2.7.4.orig/tls/tls_bio_cb.c -+++ libressl-2.7.4/tls/tls_bio_cb.c -@@ -18,6 +18,7 @@ - #include <fcntl.h> - #include <stdlib.h> - #include <unistd.h> -+#include <assert.h> - - #include <openssl/bio.h> - -@@ -29,19 +30,36 @@ - static int bio_cb_puts(BIO *bio, const char *str); - static long bio_cb_ctrl(BIO *bio, int cmd, long num, void *ptr); - --static BIO_METHOD bio_cb_method = { -- .type = BIO_TYPE_MEM, -- .name = "libtls_callbacks", -- .bwrite = bio_cb_write, -- .bread = bio_cb_read, -- .bputs = bio_cb_puts, -- .ctrl = bio_cb_ctrl, --}; -+static pthread_once_t bio_cb_init_once = PTHREAD_ONCE_INIT; - -+static BIO_METHOD *bio_cb_method = NULL; -+ -+static void -+bio_s_cb_init(void) -+{ -+ BIO_METHOD *method; -+ -+ method = BIO_meth_new(BIO_TYPE_MEM, "libtls_callbacks"); -+ assert(method != NULL); -+ -+ BIO_meth_set_read(method, bio_cb_read); -+ BIO_meth_set_write(method, bio_cb_write); -+ BIO_meth_set_puts(method, bio_cb_puts); -+ BIO_meth_set_ctrl(method, bio_cb_ctrl); -+ -+ bio_cb_method = method; -+} -+ - static BIO_METHOD * - bio_s_cb(void) - { -- return (&bio_cb_method); -+ if (bio_cb_method != NULL) { -+ return bio_cb_method; -+ } -+ -+ (void) pthread_once(&bio_cb_init_once, bio_s_cb_init); -+ -+ return bio_cb_method; - } - - static int -@@ -57,10 +75,10 @@ - - switch (cmd) { - case BIO_CTRL_GET_CLOSE: -- ret = (long)bio->shutdown; -+ ret = (long) BIO_get_shutdown(bio); - break; - case BIO_CTRL_SET_CLOSE: -- bio->shutdown = (int)num; -+ BIO_set_shutdown(bio, (int) num); - break; - case BIO_CTRL_DUP: - case BIO_CTRL_FLUSH: -@@ -69,7 +87,7 @@ - case BIO_CTRL_GET: - case BIO_CTRL_SET: - default: -- ret = BIO_ctrl(bio->next_bio, cmd, num, ptr); -+ ret = BIO_ctrl(BIO_next(bio), cmd, num, ptr); - } - - return (ret); -@@ -78,7 +96,7 @@ - static int - bio_cb_write(BIO *bio, const char *buf, int num) - { -- struct tls *ctx = bio->ptr; -+ struct tls *ctx = BIO_get_data(bio); - int rv; - - BIO_clear_retry_flags(bio); -@@ -96,7 +114,7 @@ - static int - bio_cb_read(BIO *bio, char *buf, int size) - { -- struct tls *ctx = bio->ptr; -+ struct tls *ctx = BIO_get_data(bio); - int rv; - - BIO_clear_retry_flags(bio); -@@ -131,8 +149,8 @@ - tls_set_errorx(ctx, "failed to create callback i/o"); - goto err; - } -- bio->ptr = ctx; -- bio->init = 1; -+ BIO_set_data(bio, ctx); -+ BIO_set_init(bio, 1); - - SSL_set_bio(ctx->ssl_conn, bio, bio); - diff --git a/testing/libtls-standalone/openssl-1.1.0-verify-param.patch b/testing/libtls-standalone/openssl-1.1.0-verify-param.patch deleted file mode 100644 index ef3f948e02..0000000000 --- a/testing/libtls-standalone/openssl-1.1.0-verify-param.patch +++ /dev/null @@ -1,50 +0,0 @@ ---- libressl-2.7.4.orig/tls/tls.c -+++ libressl-2.7.4/tls/tls.c -@@ -438,8 +438,16 @@ - } - - if (ctx->config->verify_time == 0) { -- X509_VERIFY_PARAM_set_flags(ssl_ctx->param, -- X509_V_FLAG_NO_CHECK_TIME); -+ X509_VERIFY_PARAM *param = X509_VERIFY_PARAM_new(); -+ -+ if (param == NULL) { -+ goto err; -+ } -+ -+ X509_VERIFY_PARAM_set_flags(param, X509_V_FLAG_NO_CHECK_TIME); -+ SSL_CTX_set1_param(ssl_ctx, param); -+ -+ X509_VERIFY_PARAM_free(param); - } - - /* Disable any form of session caching by default */ -@@ -487,6 +495,7 @@ - STACK_OF(X509_INFO) *xis = NULL; - X509_STORE *store; - X509_INFO *xi; -+ X509_VERIFY_PARAM *param; - BIO *bio = NULL; - int rv = -1; - int i; -@@ -548,8 +557,19 @@ - } - xi->crl = NULL; - } -- X509_VERIFY_PARAM_set_flags(store->param, -+ -+ param = X509_VERIFY_PARAM_new(); -+ -+ if (param == NULL) { -+ goto err; -+ } -+ -+ X509_VERIFY_PARAM_set_flags(param, - X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL); -+ -+ X509_STORE_set1_param(store, param); -+ -+ X509_VERIFY_PARAM_free(param); - } - - done: diff --git a/testing/libtls-standalone/openssl-1.1.0-x509-object.patch b/testing/libtls-standalone/openssl-1.1.0-x509-object.patch deleted file mode 100644 index e90903252f..0000000000 --- a/testing/libtls-standalone/openssl-1.1.0-x509-object.patch +++ /dev/null @@ -1,40 +0,0 @@ ---- libressl-2.7.4.orig/tls/tls_ocsp.c -+++ libressl-2.7.4/tls/tls_ocsp.c -@@ -127,8 +127,8 @@ - { - X509_NAME *issuer_name; - X509 *issuer; -- X509_STORE_CTX storectx; -- X509_OBJECT tmpobj; -+ X509_STORE_CTX *storectx; -+ X509_OBJECT *tmpobj; - OCSP_CERTID *cid = NULL; - X509_STORE *store; - -@@ -143,14 +143,20 @@ - - if ((store = SSL_CTX_get_cert_store(ssl_ctx)) == NULL) - return NULL; -- if (X509_STORE_CTX_init(&storectx, store, main_cert, extra_certs) != 1) -+ if ((storectx = X509_STORE_CTX_new()) == NULL) - return NULL; -- if (X509_STORE_get_by_subject(&storectx, X509_LU_X509, issuer_name, -- &tmpobj) == 1) { -- cid = OCSP_cert_to_id(NULL, main_cert, tmpobj.data.x509); -- X509_OBJECT_free_contents(&tmpobj); -+ if (X509_STORE_CTX_init(storectx, store, main_cert, extra_certs) != 1) -+ goto err; -+ if ((tmpobj = X509_OBJECT_new()) == NULL) -+ goto err; -+ if (X509_STORE_get_by_subject(storectx, X509_LU_X509, issuer_name, -+ tmpobj) == 1) { -+ cid = OCSP_cert_to_id(NULL, main_cert, X509_OBJECT_get0_X509(tmpobj)); -+ X509_OBJECT_free(tmpobj); - } -- X509_STORE_CTX_cleanup(&storectx); -+ -+ err: -+ X509_STORE_CTX_cleanup(storectx); - return cid; - } - diff --git a/testing/libtls-standalone/test_program.c b/testing/libtls-standalone/test_program.c deleted file mode 100644 index f8d7332d72..0000000000 --- a/testing/libtls-standalone/test_program.c +++ /dev/null @@ -1,11 +0,0 @@ -#include <stdlib.h> -#include <assert.h> -#include <tls.h> - -int -main(int argc, const char *argv[]) -{ - assert(tls_init() == 0); - - return EXIT_SUCCESS; -} diff --git a/testing/libtls-standalone/tls_compat.c b/testing/libtls-standalone/tls_compat.c deleted file mode 100644 index 2d184e4020..0000000000 --- a/testing/libtls-standalone/tls_compat.c +++ /dev/null @@ -1,369 +0,0 @@ -/* - * Copyright (c) 2016 Tai Chi Minh Ralph Eastwood <tcmreastwood@gmail.com> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include <openssl/opensslv.h> -#include <openssl/x509_vfy.h> -#include <openssl/ssl.h> -#include <stdlib.h> -#include <string.h> -#include <fcntl.h> -#include <unistd.h> -#include <sys/stat.h> -#include <ctype.h> - -int SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len) -{ - char fname[] = "/tmp/libtlscompatXXXXXX"; - int rc; - int fd; - - fd = mkstemp(fname); - - if (fd < 0) - return -1; - do { - ssize_t wrote = write(fd, buf, len); - if(wrote == -1) { - break; - } else { - buf = (char *)buf + wrote; - len -= wrote; - } - } while(len); - close(fd); - rc = SSL_CTX_load_verify_locations(ctx, fname, NULL); - remove(fname); - return rc; -} - -/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) - * All rights reserved. - * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] - */ - -#include <sys/types.h> - -#include <unistd.h> -#include <stdio.h> - -#include <openssl/err.h> -#include <openssl/bio.h> -#include <openssl/objects.h> -#include <openssl/evp.h> -#include <openssl/x509.h> -#include <openssl/pem.h> -#include <openssl/ssl.h> - -int -SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, char *buf, off_t len) -{ - int ret; - BIO*in; - X509*x; - X509*ca; - unsigned long err; - - ret = 0; - x = ca = NULL; - - if ((in = BIO_new_mem_buf(buf, len)) == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_BUF_LIB); - goto end; - } - - if ((x = PEM_read_bio_X509(in, NULL, - SSL_CTX_get_default_passwd_cb(ctx), - SSL_CTX_get_default_passwd_cb_userdata(ctx))) == NULL) { - SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_FILE, ERR_R_PEM_LIB); - goto end; - } - - if (!SSL_CTX_use_certificate(ctx, x) || ERR_peek_error() != 0) - goto end; - - /* If we could set up our certificate, now proceed to - * the CA certificates. - */ - SSL_CTX_clear_extra_chain_certs(ctx); - - while ((ca = PEM_read_bio_X509(in, NULL, - SSL_CTX_get_default_passwd_cb(ctx), - SSL_CTX_get_default_passwd_cb_userdata(ctx))) != NULL) { - - if (!SSL_CTX_add_extra_chain_cert(ctx, ca)) - goto end; - } - - err = ERR_peek_last_error(); - if (ERR_GET_LIB(err) == ERR_LIB_PEM && - ERR_GET_REASON(err) == PEM_R_NO_START_LINE) - ERR_clear_error(); - else - goto end; - - ret = 1; -end: - if (ca != NULL) - X509_free(ca); - if (x != NULL) - X509_free(x); - if (in != NULL) - BIO_free(in); - return (ret); -} - -/* - * Copyright (c) 2015 Bob Beck <beck@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Parse an RFC 5280 format ASN.1 time string. - * - * mode must be: - * 0 if we expect to parse a time as specified in RFC 5280 from an X509 object. - * V_ASN1_UTCTIME if we wish to parse on RFC5280 format UTC time. - * V_ASN1_GENERALIZEDTIME if we wish to parse an RFC5280 format Generalized time. - * - * Returns: - * -1 if the string was invalid. - * V_ASN1_UTCTIME if the string validated as a UTC time string. - * V_ASN1_GENERALIZEDTIME if the string validated as a Generalized time string. - * - * Fills in *tm with the corresponding time if tm is non NULL. - */ - -#define GENTIME_LENGTH 15 -#define UTCTIME_LENGTH 13 - -#define ATOI2(ar) ((ar) += 2, ((ar)[-2] - '0') * 10 + ((ar)[-1] - '0')) -int -ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode) -{ - size_t i; - int type = 0; - struct tm ltm; - struct tm *lt; - const char *p; - - if (bytes == NULL) - return (-1); - - /* Constrain to valid lengths. */ - if (len != UTCTIME_LENGTH && len != GENTIME_LENGTH) - return (-1); - - lt = tm; - if (lt == NULL) { - memset(<m, 0, sizeof(ltm)); - lt = <m; - } - - /* Timezone is required and must be GMT (Zulu). */ - if (bytes[len - 1] != 'Z') - return (-1); - - /* Make sure everything else is digits. */ - for (i = 0; i < len - 1; i++) { - if (isdigit((unsigned char)bytes[i])) - continue; - return (-1); - } - - /* - * Validate and convert the time - */ - p = bytes; - switch (len) { - case GENTIME_LENGTH: - if (mode == V_ASN1_UTCTIME) - return (-1); - lt->tm_year = (ATOI2(p) * 100) - 1900; /* cc */ - type = V_ASN1_GENERALIZEDTIME; - /* FALLTHROUGH */ - case UTCTIME_LENGTH: - if (type == 0) { - if (mode == V_ASN1_GENERALIZEDTIME) - return (-1); - type = V_ASN1_UTCTIME; - } - lt->tm_year += ATOI2(p); /* yy */ - if (type == V_ASN1_UTCTIME) { - if (lt->tm_year < 50) - lt->tm_year += 100; - } - lt->tm_mon = ATOI2(p) - 1; /* mm */ - if (lt->tm_mon < 0 || lt->tm_mon > 11) - return (-1); - lt->tm_mday = ATOI2(p); /* dd */ - if (lt->tm_mday < 1 || lt->tm_mday > 31) - return (-1); - lt->tm_hour = ATOI2(p); /* HH */ - if (lt->tm_hour < 0 || lt->tm_hour > 23) - return (-1); - lt->tm_min = ATOI2(p); /* MM */ - if (lt->tm_min < 0 || lt->tm_min > 59) - return (-1); - lt->tm_sec = ATOI2(p); /* SS */ - /* Leap second 60 is not accepted. Reconsider later? */ - if (lt->tm_sec < 0 || lt->tm_sec > 59) - return (-1); - break; - default: - return (-1); - } - - return (type); -} - -/* $OpenBSD: a_time_tm.c,v 1.14 2017/08/28 17:42:47 jsing Exp $ */ -/* - * Copyright (c) 2015 Bob Beck <beck@openbsd.org> - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES - * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF - * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR - * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES - * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN - * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF - * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ -#include <ctype.h> -#include <limits.h> -#include <stdio.h> -#include <string.h> -#include <time.h> - -#include <openssl/asn1t.h> -#include <openssl/err.h> - -#define RFC5280 0 -#define GENTIME_LENGTH 15 -#define UTCTIME_LENGTH 13 - -int -ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2) -{ - if (tm1->tm_year < tm2->tm_year) - return (-1); - if (tm1->tm_year > tm2->tm_year) - return (1); - if (tm1->tm_mon < tm2->tm_mon) - return (-1); - if (tm1->tm_mon > tm2->tm_mon) - return (1); - if (tm1->tm_mday < tm2->tm_mday) - return (-1); - if (tm1->tm_mday > tm2->tm_mday) - return (1); - if (tm1->tm_hour < tm2->tm_hour) - return (-1); - if (tm1->tm_hour > tm2->tm_hour) - return (1); - if (tm1->tm_min < tm2->tm_min) - return (-1); - if (tm1->tm_min > tm2->tm_min) - return (1); - if (tm1->tm_sec < tm2->tm_sec) - return (-1); - if (tm1->tm_sec > tm2->tm_sec) - return (1); - return 0; -} - -int -ASN1_time_tm_clamp_notafter(struct tm *tm) -{ - if (sizeof(time_t) < 8) { - struct tm broken_os_epoch_tm; - time_t broken_os_epoch_time = INT_MAX; - - if (gmtime_r(&broken_os_epoch_time, &broken_os_epoch_tm) == NULL) - return 0; - - if (ASN1_time_tm_cmp(tm, &broken_os_epoch_tm) == 1) - memcpy(tm, &broken_os_epoch_tm, sizeof(*tm)); - } - - return 1; -} diff --git a/testing/libtls-standalone/tls_compat.h b/testing/libtls-standalone/tls_compat.h deleted file mode 100644 index 8e4629e35a..0000000000 --- a/testing/libtls-standalone/tls_compat.h +++ /dev/null @@ -1,23 +0,0 @@ -#include <string.h> - -#include <openssl/opensslv.h> -#include <openssl/x509_vfy.h> - -#ifndef LIBTLS_TLS_COMPAT_H -#define LIBTLS_TLS_COMPAT_H - -#ifndef X509_V_FLAG_NO_CHECK_TIME -#define X509_V_FLAG_NO_CHECK_TIME 0 -#endif - -#ifndef SSL_OP_NO_CLIENT_RENEGOTIATION -#define SSL_OP_NO_CLIENT_RENEGOTIATION 0 -#endif - -int SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len); - -int ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode); - -int SSL_CTX_use_certificate_chain_mem(SSL_CTX *, char *buf, off_t); - -#endif |