Check-in [344943e84b]
Not logged in

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:update libressl to version 2.9.2
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 344943e84b906db507804e1173abd379c30cfaa6
User & Date: chw 2019-05-24 18:46:54.830
Context
2019-05-24
22:16
update curl to version 7.65.0 check-in: 64dd8bc483 user: chw tags: trunk
18:46
update libressl to version 2.9.2 check-in: 344943e84b user: chw tags: trunk
09:37
improved topcua example from [2d7bf2f037] check-in: 9dc5a09111 user: chw tags: trunk
Changes
Unified Diff Ignore Whitespace Patch
Changes to jni/libressl/Android.mk.
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
	crypto/compat/timingsafe_bcmp.c \
	crypto/compat/recallocarray.c \
	crypto/compat/arc4random_uniform.c \
	crypto/compat/bsd-asprintf.c \
	crypto/compat/explicit_bzero.c \
	crypto/compat/freezero.c \
	crypto/compat/timegm.c \
	crypto/compat/getprogname_unimpl.c \
	crypto/err/err_all.c \
	crypto/err/err.c \
	crypto/err/err_prn.c \
	crypto/rand/rand_err.c \
	crypto/rand/rand_lib.c \
	crypto/rand/randfile.c \
	crypto/sha/sha1dgst.c \







|







409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
	crypto/compat/timingsafe_bcmp.c \
	crypto/compat/recallocarray.c \
	crypto/compat/arc4random_uniform.c \
	crypto/compat/bsd-asprintf.c \
	crypto/compat/explicit_bzero.c \
	crypto/compat/freezero.c \
	crypto/compat/timegm.c \
	crypto/compat/getprogname_linux.c \
	crypto/err/err_all.c \
	crypto/err/err.c \
	crypto/err/err_prn.c \
	crypto/rand/rand_err.c \
	crypto/rand/rand_lib.c \
	crypto/rand/randfile.c \
	crypto/sha/sha1dgst.c \
Changes to jni/libressl/ChangeLog.
24
25
26
27
28
29
30







31
32
33
34
35
36
37
The portable bits of the project are largely maintained out-of-tree, and their
history is also available from Git.

	https://github.com/libressl-portable/portable

LibreSSL Portable Release Notes:








2.9.1 - Stable release

	* Added support for XChaCha20 and XChaCha20-Poly1305.

	* Added support for AES key wrap constructions via the EVP interface.

	* Partial port of the OpenSSL EC_KEY_METHOD API for use by OpenSSH.







>
>
>
>
>
>
>







24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
The portable bits of the project are largely maintained out-of-tree, and their
history is also available from Git.

	https://github.com/libressl-portable/portable

LibreSSL Portable Release Notes:

2.9.2 - Bug fixes

	* Fixed portable builds with older versions of MacOS,
	  Android targets < API 21, and Solaris 10

	* Fixed SRTP profile advertisement for DTLS servers.

2.9.1 - Stable release

	* Added support for XChaCha20 and XChaCha20-Poly1305.

	* Added support for AES key wrap constructions via the EVP interface.

	* Partial port of the OpenSSL EC_KEY_METHOD API for use by OpenSSH.
Changes to jni/libressl/VERSION.
1
2
2.9.1

|

1
2
2.9.2

Changes to jni/libressl/apps/openssl/CMakeLists.txt.
62
63
64
65
66
67
68







69
70
71
72
73
74
75

check_function_exists(strtonum HAVE_STRTONUM)
if(HAVE_STRTONUM)
	add_definitions(-DHAVE_STRTONUM)
else()
	set(OPENSSL_SRC ${OPENSSL_SRC} compat/strtonum.c)
endif()








add_executable(openssl ${OPENSSL_SRC})
target_include_directories(openssl PRIVATE . ../../include/compat)
target_link_libraries(openssl ${OPENSSL_LIBS})

if(ENABLE_LIBRESSL_INSTALL)
	install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR})







>
>
>
>
>
>
>







62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

check_function_exists(strtonum HAVE_STRTONUM)
if(HAVE_STRTONUM)
	add_definitions(-DHAVE_STRTONUM)
else()
	set(OPENSSL_SRC ${OPENSSL_SRC} compat/strtonum.c)
endif()

if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
        check_function_exists(clock_gettime HAVE_CLOCK_GETTIME)
        if(NOT HAVE_CLOCK_GETTIME)
                set(OPENSSL_SRC ${OPENSSL_SRC} compat/clock_gettime_osx.c)
        endif()
endif()

add_executable(openssl ${OPENSSL_SRC})
target_include_directories(openssl PRIVATE . ../../include/compat)
target_link_libraries(openssl ${OPENSSL_LIBS})

if(ENABLE_LIBRESSL_INSTALL)
	install(TARGETS openssl DESTINATION ${CMAKE_INSTALL_BINDIR})
Changes to jni/libressl/configure.
1
2
3
4
5
6
7
8
9
10
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for libressl 2.9.1.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
#
#
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.


|







1
2
3
4
5
6
7
8
9
10
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.69 for libressl 2.9.2.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
#
#
# This configure script is free software; the Free Software Foundation
# gives unlimited permission to copy, distribute and modify it.
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
subdirs=
MFLAGS=
MAKEFLAGS=

# Identity of this package.
PACKAGE_NAME='libressl'
PACKAGE_TARNAME='libressl'
PACKAGE_VERSION='2.9.1'
PACKAGE_STRING='libressl 2.9.1'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''

# Factoring default headers for most tests.
ac_includes_default="\
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H







|
|







583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
subdirs=
MFLAGS=
MAKEFLAGS=

# Identity of this package.
PACKAGE_NAME='libressl'
PACKAGE_TARNAME='libressl'
PACKAGE_VERSION='2.9.2'
PACKAGE_STRING='libressl 2.9.2'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''

# Factoring default headers for most tests.
ac_includes_default="\
#include <stdio.h>
#ifdef HAVE_SYS_TYPES_H
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
#
# Report the --help message.
#
if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
\`configure' configures libressl 2.9.1 to adapt to many kinds of systems.

Usage: $0 [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.







|







1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
#
# Report the --help message.
#
if test "$ac_init_help" = "long"; then
  # Omit some internal or obsolete options to make the list less imposing.
  # This message is too long to be a string in the A/UX 3.1 sh.
  cat <<_ACEOF
\`configure' configures libressl 2.9.2 to adapt to many kinds of systems.

Usage: $0 [OPTION]... [VAR=VALUE]...

To assign environment variables (e.g., CC, CFLAGS...), specify them as
VAR=VALUE.  See below for descriptions of some of the useful variables.

Defaults for the options are specified in brackets.
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
  --build=BUILD     configure for building on BUILD [guessed]
  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
_ACEOF
fi

if test -n "$ac_init_help"; then
  case $ac_init_help in
     short | recursive ) echo "Configuration of libressl 2.9.1:";;
   esac
  cat <<\_ACEOF

Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]







|







1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
  --build=BUILD     configure for building on BUILD [guessed]
  --host=HOST       cross-compile to build programs to run on HOST [BUILD]
_ACEOF
fi

if test -n "$ac_init_help"; then
  case $ac_init_help in
     short | recursive ) echo "Configuration of libressl 2.9.2:";;
   esac
  cat <<\_ACEOF

Optional Features:
  --disable-option-checking  ignore unrecognized --enable/--with options
  --disable-FEATURE       do not include FEATURE (same as --enable-FEATURE=no)
  --enable-FEATURE[=ARG]  include FEATURE [ARG=yes]
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
    cd "$ac_pwd" || { ac_status=$?; break; }
  done
fi

test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
  cat <<\_ACEOF
libressl configure 2.9.1
generated by GNU Autoconf 2.69

Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
  exit







|







1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
    cd "$ac_pwd" || { ac_status=$?; break; }
  done
fi

test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
  cat <<\_ACEOF
libressl configure 2.9.2
generated by GNU Autoconf 2.69

Copyright (C) 2012 Free Software Foundation, Inc.
This configure script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it.
_ACEOF
  exit
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
  as_fn_set_status $ac_retval

} # ac_fn_c_compute_int
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by libressl $as_me 2.9.1, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  $ $0 $@

_ACEOF
exec 5>>config.log
{







|







2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
  as_fn_set_status $ac_retval

} # ac_fn_c_compute_int
cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.

It was created by libressl $as_me 2.9.2, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  $ $0 $@

_ACEOF
exec 5>>config.log
{
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
    CYGPATH_W=echo
  fi
fi


# Define the identity of the package.
 PACKAGE='libressl'
 VERSION='2.9.1'


cat >>confdefs.h <<_ACEOF
#define PACKAGE "$PACKAGE"
_ACEOF









|







3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
    CYGPATH_W=echo
  fi
fi


# Define the identity of the package.
 PACKAGE='libressl'
 VERSION='2.9.2'


cat >>confdefs.h <<_ACEOF
#define PACKAGE "$PACKAGE"
_ACEOF


12055
12056
12057
12058
12059
12060
12061
12062
12063
12064
12065
12066
12067
12068
12069
		PLATFORM_LDADD='-lws2_32'

		;;
	*solaris*)
		HOST_OS=solaris
		HOST_ABI=elf
		CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
		PLATFORM_LDADD='-lnsl -lsocket'

		;;
	*) ;;
esac

# Check whether --enable-nc was given.
if test "${enable_nc+set}" = set; then :







|







12055
12056
12057
12058
12059
12060
12061
12062
12063
12064
12065
12066
12067
12068
12069
		PLATFORM_LDADD='-lws2_32'

		;;
	*solaris*)
		HOST_OS=solaris
		HOST_ABI=elf
		CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
		PLATFORM_LDADD='-ldl -lnsl -lsocket'

		;;
	*) ;;
esac

# Check whether --enable-nc was given.
if test "${enable_nc+set}" = set; then :
14838
14839
14840
14841
14842
14843
14844
14845
14846
14847
14848
14849
14850
14851
14852
test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1

cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# Save the log message, to keep $0 and so on meaningful, and to
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by libressl $as_me 2.9.1, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
  CONFIG_HEADERS  = $CONFIG_HEADERS
  CONFIG_LINKS    = $CONFIG_LINKS
  CONFIG_COMMANDS = $CONFIG_COMMANDS
  $ $0 $@







|







14838
14839
14840
14841
14842
14843
14844
14845
14846
14847
14848
14849
14850
14851
14852
test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1

cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# Save the log message, to keep $0 and so on meaningful, and to
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by libressl $as_me 2.9.2, which was
generated by GNU Autoconf 2.69.  Invocation command line was

  CONFIG_FILES    = $CONFIG_FILES
  CONFIG_HEADERS  = $CONFIG_HEADERS
  CONFIG_LINKS    = $CONFIG_LINKS
  CONFIG_COMMANDS = $CONFIG_COMMANDS
  $ $0 $@
14895
14896
14897
14898
14899
14900
14901
14902
14903
14904
14905
14906
14907
14908
14909

Report bugs to the package provider."

_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
libressl config.status 2.9.1
configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"

Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."








|







14895
14896
14897
14898
14899
14900
14901
14902
14903
14904
14905
14906
14907
14908
14909

Report bugs to the package provider."

_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
libressl config.status 2.9.2
configured by $0, generated by GNU Autoconf 2.69,
  with options \\"\$ac_cs_config\\"

Copyright (C) 2012 Free Software Foundation, Inc.
This config.status script is free software; the Free Software Foundation
gives unlimited permission to copy, distribute and modify it."

Changes to jni/libressl/crypto/compat/getprogname_linux.c.
1
2
3
4
5
6
7






















8



9
#include <stdlib.h>

#include <errno.h>

const char *
getprogname(void)
{






















	return program_invocation_short_name;



}







>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>

>
>
>

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
#include <stdlib.h>

#include <errno.h>

const char *
getprogname(void)
{
	/*
	 * Android added getprogname with API 21 [0]. We should not end up here
	 * with APIs bigger than 21. Still write a precise check.
	 *
	 * Since Android is using portions of OpenBSD libc, it should have
	 * a symbol called __progname [1].
	 *
	 * Regarding program_invocation_short_name, it is a GNU libc ext [2] and
	 * so make it conditional to __GLIBC__ [3].
	 *
	 * .. [0] https://github.com/aosp-mirror/platform_bionic/blob/1eb6d3/libc/include/stdlib.h#L160
	 *
	 * .. [1] https://github.com/aosp-mirror/platform_bionic/commit/692207
	 *
	 * .. [2] https://linux.die.net/man/3/program_invocation_short_name
	 *
	 * .. [3] https://android.googlesource.com/platform/system/core/+/2819c0/base/logging.cpp#65
	 */
#if defined(__ANDROID_API__) && __ANDROID_API__ < 21
	extern const char *__progname;
	return __progname;
#elif defined(__GLIBC__)
	return program_invocation_short_name;
#else
#error "Cannot emulate getprogname"
#endif
}
Changes to jni/libressl/include/openssl/opensslv.h.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
/* $OpenBSD: opensslv.h,v 1.51 2019/03/27 02:08:24 bcook Exp $ */
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H

/* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x2090100fL
/*                                    ^ Patch starts here   */
#define LIBRESSL_VERSION_TEXT   "LibreSSL 2.9.1"

/* These will never change */
#define OPENSSL_VERSION_NUMBER	0x20000000L
#define OPENSSL_VERSION_TEXT	LIBRESSL_VERSION_TEXT
#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT

#define SHLIB_VERSION_HISTORY ""
|




|

|







1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
/* $OpenBSD: opensslv.h,v 1.51.2.1 2019/05/13 12:05:04 bcook Exp $ */
#ifndef HEADER_OPENSSLV_H
#define HEADER_OPENSSLV_H

/* These will change with each release of LibreSSL-portable */
#define LIBRESSL_VERSION_NUMBER 0x2090200fL
/*                                    ^ Patch starts here   */
#define LIBRESSL_VERSION_TEXT   "LibreSSL 2.9.2"

/* These will never change */
#define OPENSSL_VERSION_NUMBER	0x20000000L
#define OPENSSL_VERSION_TEXT	LIBRESSL_VERSION_TEXT
#define OPENSSL_VERSION_PTEXT	" part of " OPENSSL_VERSION_TEXT

#define SHLIB_VERSION_HISTORY ""
Changes to jni/libressl/m4/check-os-options.m4.
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
		CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED"
		AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
		;;
	*solaris*)
		HOST_OS=solaris
		HOST_ABI=elf
		CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
		AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
		;;
	*) ;;
esac

AC_ARG_ENABLE([nc],
	AS_HELP_STRING([--enable-nc], [Enable installing TLS-enabled nc(1)]))
AM_CONDITIONAL([ENABLE_NC], [test "x$enable_nc" = xyes])







|







110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
		CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED"
		AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
		;;
	*solaris*)
		HOST_OS=solaris
		HOST_ABI=elf
		CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
		AC_SUBST([PLATFORM_LDADD], ['-ldl -lnsl -lsocket'])
		;;
	*) ;;
esac

AC_ARG_ENABLE([nc],
	AS_HELP_STRING([--enable-nc], [Enable installing TLS-enabled nc(1)]))
AM_CONDITIONAL([ENABLE_NC], [test "x$enable_nc" = xyes])
Changes to jni/libressl/ssl/ssl_tlsext.c.
1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_tlsext.c,v 1.44 2019/03/25 17:21:18 jsing Exp $ */
/*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
|







1
2
3
4
5
6
7
8
/* $OpenBSD: ssl_tlsext.c,v 1.44.2.1 2019/05/15 19:25:15 tb Exp $ */
/*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
 * Copyright (c) 2018-2019 Bob Beck <beck@openbsd.org>
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
1818
1819
1820
1821
1822
1823
1824
1825

1826
1827
1828
1829
1830
1831
1832
			.build = tlsext_cookie_server_build,
			.parse = tlsext_cookie_client_parse,
		},
	},
#ifndef OPENSSL_NO_SRTP
	{
		.type = TLSEXT_TYPE_use_srtp,
		.messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_EE,

		.client = {
			.needs = tlsext_srtp_client_needs,
			.build = tlsext_srtp_client_build,
			.parse = tlsext_srtp_server_parse,
		},
		.server = {
			.needs = tlsext_srtp_server_needs,







|
>







1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
			.build = tlsext_cookie_server_build,
			.parse = tlsext_cookie_client_parse,
		},
	},
#ifndef OPENSSL_NO_SRTP
	{
		.type = TLSEXT_TYPE_use_srtp,
		.messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH /* XXX */ |
		    SSL_TLSEXT_MSG_EE,
		.client = {
			.needs = tlsext_srtp_client_needs,
			.build = tlsext_srtp_client_build,
			.parse = tlsext_srtp_server_parse,
		},
		.server = {
			.needs = tlsext_srtp_server_needs,