Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | update libressl to version 3.1.2 |
---|---|
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
fefb351fd9b4591c923f3910acb82a9c |
User & Date: | chw 2020-05-23 09:40:23.987 |
Context
2020-05-24
| ||
10:10 | add tip 574 impl to sdl2tk subdir check-in: 0e7a502a88 user: chw tags: trunk | |
2020-05-23
| ||
11:08 | merge with trunk check-in: 0ec1a1a671 user: chw tags: wtf-8-experiment | |
09:40 | update libressl to version 3.1.2 check-in: fefb351fd9 user: chw tags: trunk | |
09:20 | update sqlite to version 3.32.0 check-in: 5b89190272 user: chw tags: trunk | |
Changes
Changes to jni/libressl/CMakeLists.txt.
︙ | ︙ | |||
295 296 297 298 299 300 301 | elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "arm") set(HOST_ASM_ELF_ARMV4 true) elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386") set(HOST_ASM_ELF_X86_64 true) endif() elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") set(HOST_ASM_MACOSX_X86_64 true) | | | 295 296 297 298 299 300 301 302 303 304 305 306 307 308 309 | elseif("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "arm") set(HOST_ASM_ELF_ARMV4 true) elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386") set(HOST_ASM_ELF_X86_64 true) endif() elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") set(HOST_ASM_MACOSX_X86_64 true) elseif(MSVC AND ("${CMAKE_GENERATOR}" MATCHES "Win64" OR "${CMAKE_GENERATOR_PLATFORM}" STREQUAL "x64")) set(HOST_ASM_MASM_X86_64 true) ENABLE_LANGUAGE(ASM_MASM) elseif(CMAKE_SYSTEM_NAME MATCHES "MINGW" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64") set(HOST_ASM_MINGW64_X86_64 true) endif() endif() |
︙ | ︙ |
Changes to jni/libressl/ChangeLog.
︙ | ︙ | |||
24 25 26 27 28 29 30 31 32 33 34 35 36 37 | The portable bits of the project are largely maintained out-of-tree, and their history is also available from Git. https://github.com/libressl-portable/portable LibreSSL Portable Release Notes: 3.1.1 - Stable release * Improved cipher suite handling to automatically include TLSv1.3 cipher suites when they are not explicitly referred to in the cipher string. * Improved handling of TLSv1.3 HelloRetryRequests, simplifying | > > > > > | 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 | The portable bits of the project are largely maintained out-of-tree, and their history is also available from Git. https://github.com/libressl-portable/portable LibreSSL Portable Release Notes: 3.1.2 - Bug fix * A TLS client with peer verification disabled may crash when contacting a server that sends an empty certificate list. 3.1.1 - Stable release * Improved cipher suite handling to automatically include TLSv1.3 cipher suites when they are not explicitly referred to in the cipher string. * Improved handling of TLSv1.3 HelloRetryRequests, simplifying |
︙ | ︙ |
Changes to jni/libressl/VERSION.
|
| | | 1 2 | 3.1.2 |
Changes to jni/libressl/configure.
1 2 | #! /bin/sh # Guess values for system-dependent variables and create Makefiles. | | | 1 2 3 4 5 6 7 8 9 10 | #! /bin/sh # Guess values for system-dependent variables and create Makefiles. # Generated by GNU Autoconf 2.69 for libressl 3.1.2. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. # # # This configure script is free software; the Free Software Foundation # gives unlimited permission to copy, distribute and modify it. |
︙ | ︙ | |||
583 584 585 586 587 588 589 | subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libressl' PACKAGE_TARNAME='libressl' | | | | 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 | subdirs= MFLAGS= MAKEFLAGS= # Identity of this package. PACKAGE_NAME='libressl' PACKAGE_TARNAME='libressl' PACKAGE_VERSION='3.1.2' PACKAGE_STRING='libressl 3.1.2' PACKAGE_BUGREPORT='' PACKAGE_URL='' # Factoring default headers for most tests. ac_includes_default="\ #include <stdio.h> #ifdef HAVE_SYS_TYPES_H |
︙ | ︙ | |||
1434 1435 1436 1437 1438 1439 1440 | # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF | | | 1434 1435 1436 1437 1438 1439 1440 1441 1442 1443 1444 1445 1446 1447 1448 | # # Report the --help message. # if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF \`configure' configures libressl 3.1.2 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... To assign environment variables (e.g., CC, CFLAGS...), specify them as VAR=VALUE. See below for descriptions of some of the useful variables. Defaults for the options are specified in brackets. |
︙ | ︙ | |||
1504 1505 1506 1507 1508 1509 1510 | --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in | | | 1504 1505 1506 1507 1508 1509 1510 1511 1512 1513 1514 1515 1516 1517 1518 | --build=BUILD configure for building on BUILD [guessed] --host=HOST cross-compile to build programs to run on HOST [BUILD] _ACEOF fi if test -n "$ac_init_help"; then case $ac_init_help in short | recursive ) echo "Configuration of libressl 3.1.2:";; esac cat <<\_ACEOF Optional Features: --disable-option-checking ignore unrecognized --enable/--with options --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) --enable-FEATURE[=ARG] include FEATURE [ARG=yes] |
︙ | ︙ | |||
1621 1622 1623 1624 1625 1626 1627 | cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF | | | 1621 1622 1623 1624 1625 1626 1627 1628 1629 1630 1631 1632 1633 1634 1635 | cd "$ac_pwd" || { ac_status=$?; break; } done fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF libressl configure 3.1.2 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. This configure script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it. _ACEOF exit |
︙ | ︙ | |||
2169 2170 2171 2172 2173 2174 2175 | as_fn_set_status $ac_retval } # ac_fn_c_compute_int cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. | | | 2169 2170 2171 2172 2173 2174 2175 2176 2177 2178 2179 2180 2181 2182 2183 | as_fn_set_status $ac_retval } # ac_fn_c_compute_int cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. It was created by libressl $as_me 3.1.2, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ _ACEOF exec 5>>config.log { |
︙ | ︙ | |||
3110 3111 3112 3113 3114 3115 3116 | CYGPATH_W=echo fi fi # Define the identity of the package. PACKAGE='libressl' | | | 3110 3111 3112 3113 3114 3115 3116 3117 3118 3119 3120 3121 3122 3123 3124 | CYGPATH_W=echo fi fi # Define the identity of the package. PACKAGE='libressl' VERSION='3.1.2' cat >>confdefs.h <<_ACEOF #define PACKAGE "$PACKAGE" _ACEOF |
︙ | ︙ | |||
14883 14884 14885 14886 14887 14888 14889 | test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" | | | 14883 14884 14885 14886 14887 14888 14889 14890 14891 14892 14893 14894 14895 14896 14897 | test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # Save the log message, to keep $0 and so on meaningful, and to # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" This file was extended by libressl $as_me 3.1.2, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES CONFIG_HEADERS = $CONFIG_HEADERS CONFIG_LINKS = $CONFIG_LINKS CONFIG_COMMANDS = $CONFIG_COMMANDS $ $0 $@ |
︙ | ︙ | |||
14940 14941 14942 14943 14944 14945 14946 | Report bugs to the package provider." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ | | | 14940 14941 14942 14943 14944 14945 14946 14947 14948 14949 14950 14951 14952 14953 14954 | Report bugs to the package provider." _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ libressl config.status 3.1.2 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" Copyright (C) 2012 Free Software Foundation, Inc. This config.status script is free software; the Free Software Foundation gives unlimited permission to copy, distribute and modify it." |
︙ | ︙ |
Changes to jni/libressl/crypto/CMakeLists.txt.
︙ | ︙ | |||
932 933 934 935 936 937 938 | set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_memcmp) endif() if(NOT ENABLE_ASM) add_definitions(-DOPENSSL_NO_ASM) else() if(MSVC) | | > | 932 933 934 935 936 937 938 939 940 941 942 943 944 945 946 947 | set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_memcmp) endif() if(NOT ENABLE_ASM) add_definitions(-DOPENSSL_NO_ASM) else() if(MSVC) if((NOT "${CMAKE_GENERATOR}" MATCHES "Win64") AND (NOT "${CMAKE_GENERATOR_PLATFORM}" STREQUAL "x64")) add_definitions(-DOPENSSL_NO_ASM) endif() elseif(WIN32) add_definitions(-DOPENSSL_NO_ASM) endif() endif() |
︙ | ︙ |
Changes to jni/libressl/include/openssl/opensslv.h.
|
| | | | | 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | /* $OpenBSD: opensslv.h,v 1.57.4.1 2020/05/21 02:27:34 bcook Exp $ */ #ifndef HEADER_OPENSSLV_H #define HEADER_OPENSSLV_H /* These will change with each release of LibreSSL-portable */ #define LIBRESSL_VERSION_NUMBER 0x3010200fL /* ^ Patch starts here */ #define LIBRESSL_VERSION_TEXT "LibreSSL 3.1.2" /* These will never change */ #define OPENSSL_VERSION_NUMBER 0x20000000L #define OPENSSL_VERSION_TEXT LIBRESSL_VERSION_TEXT #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT #define SHLIB_VERSION_HISTORY "" |
︙ | ︙ |
Changes to jni/libressl/ssl/Makefile.in.
︙ | ︙ | |||
705 706 707 708 709 710 711 712 713 714 715 716 717 718 | -rm -f ./$(DEPDIR)/ssl_both.Plo -rm -f ./$(DEPDIR)/ssl_cert.Plo -rm -f ./$(DEPDIR)/ssl_ciph.Plo -rm -f ./$(DEPDIR)/ssl_ciphers.Plo -rm -f ./$(DEPDIR)/ssl_clnt.Plo -rm -f ./$(DEPDIR)/ssl_err.Plo -rm -f ./$(DEPDIR)/ssl_init.Plo -rm -f ./$(DEPDIR)/ssl_lib.Plo -rm -f ./$(DEPDIR)/ssl_methods.Plo -rm -f ./$(DEPDIR)/ssl_packet.Plo -rm -f ./$(DEPDIR)/ssl_pkt.Plo -rm -f ./$(DEPDIR)/ssl_rsa.Plo -rm -f ./$(DEPDIR)/ssl_sess.Plo -rm -f ./$(DEPDIR)/ssl_sigalgs.Plo | > | 705 706 707 708 709 710 711 712 713 714 715 716 717 718 719 | -rm -f ./$(DEPDIR)/ssl_both.Plo -rm -f ./$(DEPDIR)/ssl_cert.Plo -rm -f ./$(DEPDIR)/ssl_ciph.Plo -rm -f ./$(DEPDIR)/ssl_ciphers.Plo -rm -f ./$(DEPDIR)/ssl_clnt.Plo -rm -f ./$(DEPDIR)/ssl_err.Plo -rm -f ./$(DEPDIR)/ssl_init.Plo -rm -f ./$(DEPDIR)/ssl_kex.Plo -rm -f ./$(DEPDIR)/ssl_lib.Plo -rm -f ./$(DEPDIR)/ssl_methods.Plo -rm -f ./$(DEPDIR)/ssl_packet.Plo -rm -f ./$(DEPDIR)/ssl_pkt.Plo -rm -f ./$(DEPDIR)/ssl_rsa.Plo -rm -f ./$(DEPDIR)/ssl_sess.Plo -rm -f ./$(DEPDIR)/ssl_sigalgs.Plo |
︙ | ︙ |
Changes to jni/libressl/ssl/tls13_client.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls13_client.c,v 1.54.4.1 2020/05/19 20:22:33 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
︙ | ︙ | |||
582 583 584 585 586 587 588 589 590 591 592 593 594 595 | goto err; if (!sk_X509_push(certs, cert)) goto err; cert = NULL; } /* * At this stage we still have no proof of possession. As such, it would * be preferable to keep the chain and verify once we have successfully * processed the CertificateVerify message. */ if (ssl_verify_cert_chain(s, certs) <= 0 && | > > > > > > > > | 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 | goto err; if (!sk_X509_push(certs, cert)) goto err; cert = NULL; } /* A server must always provide a non-empty certificate list. */ if (sk_X509_num(certs) < 1) { ctx->alert = SSL_AD_DECODE_ERROR; tls13_set_errorx(ctx, TLS13_ERR_NO_PEER_CERTIFICATE, 0, "peer failed to provide a certificate", NULL); goto err; } /* * At this stage we still have no proof of possession. As such, it would * be preferable to keep the chain and verify once we have successfully * processed the CertificateVerify message. */ if (ssl_verify_cert_chain(s, certs) <= 0 && |
︙ | ︙ |
Changes to jni/libressl/ssl/tls13_internal.h.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls13_internal.h,v 1.67.4.1 2020/05/19 20:22:33 tb Exp $ */ /* * Copyright (c) 2018 Bob Beck <beck@openbsd.org> * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above |
︙ | ︙ | |||
39 40 41 42 43 44 45 46 47 48 49 50 51 52 | #define TLS13_IO_WANT_RETRY -5 /* Retry the previous call immediately. */ #define TLS13_IO_USE_LEGACY -6 #define TLS13_ERR_VERIFY_FAILED 16 #define TLS13_ERR_HRR_FAILED 17 #define TLS13_ERR_TRAILING_DATA 18 #define TLS13_ERR_NO_SHARED_CIPHER 19 typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg); typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs); typedef void (*tls13_phh_sent_cb)(void *_cb_arg); typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg); typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen, void *_cb_arg); | > | 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 | #define TLS13_IO_WANT_RETRY -5 /* Retry the previous call immediately. */ #define TLS13_IO_USE_LEGACY -6 #define TLS13_ERR_VERIFY_FAILED 16 #define TLS13_ERR_HRR_FAILED 17 #define TLS13_ERR_TRAILING_DATA 18 #define TLS13_ERR_NO_SHARED_CIPHER 19 #define TLS13_ERR_NO_PEER_CERTIFICATE 21 typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg); typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs); typedef void (*tls13_phh_sent_cb)(void *_cb_arg); typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg); typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen, void *_cb_arg); |
︙ | ︙ |
Changes to jni/libressl/ssl/tls13_legacy.c.
|
| | | 1 2 3 4 5 6 7 8 | /* $OpenBSD: tls13_legacy.c,v 1.3.4.1 2020/05/19 20:22:33 tb Exp $ */ /* * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * |
︙ | ︙ | |||
115 116 117 118 119 120 121 122 123 124 125 126 127 128 | break; case TLS13_ERR_TRAILING_DATA: reason = SSL_R_EXTRA_DATA_IN_MESSAGE; break; case TLS13_ERR_NO_SHARED_CIPHER: reason = SSL_R_NO_SHARED_CIPHER; break; } /* Something (probably libcrypto) already pushed an error on the stack. */ if (reason == SSL_R_UNKNOWN && ERR_peek_error() != 0) return; ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file, | > > > | 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 | break; case TLS13_ERR_TRAILING_DATA: reason = SSL_R_EXTRA_DATA_IN_MESSAGE; break; case TLS13_ERR_NO_SHARED_CIPHER: reason = SSL_R_NO_SHARED_CIPHER; break; case TLS13_ERR_NO_PEER_CERTIFICATE: reason = SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE; break; } /* Something (probably libcrypto) already pushed an error on the stack. */ if (reason == SSL_R_UNKNOWN && ERR_peek_error() != 0) return; ERR_put_error(ERR_LIB_SSL, (0xfff), reason, ctx->error.file, |
︙ | ︙ |