stub in initial libtls standalone tree

author: Brent Cook <busterb@gmail.com> 2015-04-30 04:44:35 -0500
committer: Brent Cook <busterb@gmail.com> 2015-05-23 19:26:51 -0500
commit: 28353c1df15c3d0482a10ffe33fa34c053af2c2e (patch)
tree: 580bf87a6db90c492dd55594f9612d2442331376 /libtls-standalone
parent: 7de7605b95f2cd2d061720376544d511f71dc063 (diff)
download: portable-28353c1df15c3d0482a10ffe33fa34c053af2c2e.tar.gz
portable-28353c1df15c3d0482a10ffe33fa34c053af2c2e.tar.bz2
portable-28353c1df15c3d0482a10ffe33fa34c053af2c2e.zip
11 files changed, 351 insertions, 0 deletions
diff --git a/libtls-standalone/AUTHORS b/libtls-standalone/AUTHORS
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/libtls-standalone/AUTHORS
diff --git a/libtls-standalone/ChangeLog b/libtls-standalone/ChangeLog
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/libtls-standalone/ChangeLog
diff --git a/libtls-standalone/Makefile.am b/libtls-standalone/Makefile.am
new file mode 100644
index 0000000..8881d8c
--- /dev/null
+++ b/libtls-standalone/Makefile.am
@@ -0,0 +1,7 @@
+SUBDIRS = include src
+ACLOCAL_AMFLAGS = -I m4
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = libtls.pc
+EXTRA_DIST = README VERSION
diff --git a/libtls-standalone/NEWS b/libtls-standalone/NEWS
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/libtls-standalone/NEWS
diff --git a/libtls-standalone/README b/libtls-standalone/README
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/libtls-standalone/README
diff --git a/libtls-standalone/VERSION b/libtls-standalone/VERSION
new file mode 100644
index 0000000..81ece01
--- /dev/null
+++ b/libtls-standalone/VERSION
@@ -0,0 +1 @@
+3:1:0
diff --git a/libtls-standalone/configure.ac b/libtls-standalone/configure.ac
new file mode 100644
index 0000000..babb266
--- /dev/null
+++ b/libtls-standalone/configure.ac
@@ -0,0 +1,254 @@
+AC_INIT([libtls], m4_esyscmd([tr -d '\n' < VERSION]))
+AC_CANONICAL_HOST
+AM_INIT_AUTOMAKE([subdir-objects])
+AC_CONFIG_MACRO_DIR([m4])
+m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+# This must be called before AC_PROG_CC
+USER_CFLAGS="$CFLAGS"
+AC_PROG_CC
+AC_PROG_CC_STDC
+AM_PROG_CC_C_O
+AC_PROG_LIBTOOL
+LT_INIT
+CFLAGS="$CFLAGS -Wall -std=gnu99"
+case $host_os in
+        *aix*)
+                HOST_OS=aix
+                if test "`echo $CC | cut -d ' ' -f 1`" != "gcc" ; then
+                        CFLAGS="$USER_CFLAGS"
+                fi
+                ;;
+        *cygwin*)
+                HOST_OS=cygwin
+                ;;
+        *darwin*)
+                HOST_OS=darwin
+                HOST_ABI=macosx
+                ;;
+        *freebsd*)
+                HOST_OS=freebsd
+                HOST_ABI=elf
+                ;;
+        *hpux*)
+                HOST_OS=hpux;
+                if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then
+                        CFLAGS="$CFLAGS -mlp64"
+                else
+                        CFLAGS="-g -O2 +DD64 $USER_CFLAGS"
+                fi
+                CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
+                AC_SUBST([PLATFORM_LDADD], ['-lpthread'])
+                ;;
+        *linux*)
+                HOST_OS=linux
+                HOST_ABI=elf
+                CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
+                ;;
+        *netbsd*)
+                HOST_OS=netbsd
+                CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
+                ;;
+        *openbsd*)
+                HOST_ABI=elf
+                AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
+                ;;
+        *mingw*)
+                HOST_OS=win
+                CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
+                CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
+                CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600"
+                CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG"
+                CFLAGS="$CFLAGS -static-libgcc"
+                LDFLAGS="$LDFLAGS -static-libgcc"
+                AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
+                ;;
+        *solaris*)
+                HOST_OS=solaris
+                HOST_ABI=elf
+                CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
+                AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
+                ;;
+        *) ;;
+esac
+AM_CONDITIONAL([HOST_AIX],     [test x$HOST_OS = xaix])
+AM_CONDITIONAL([HOST_CYGWIN],  [test x$HOST_OS = xcygwin])
+AM_CONDITIONAL([HOST_DARWIN],  [test x$HOST_OS = xdarwin])
+AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
+AM_CONDITIONAL([HOST_HPUX],    [test x$HOST_OS = xhpux])
+AM_CONDITIONAL([HOST_LINUX],   [test x$HOST_OS = xlinux])
+AM_CONDITIONAL([HOST_NETBSD],  [test x$HOST_OS = xnetbsd])
+AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
+AM_CONDITIONAL([HOST_WIN],     [test x$HOST_OS = xwin])
+AC_MSG_CHECKING([if compiling with clang])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
+#ifndef __clang__
+        not clang
+#endif
+        ]])],
+        [CLANG=yes],
+        [CLANG=no]
+)
+AC_MSG_RESULT([$CLANG])
+AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments])
+CFLAGS="$CFLAGS $CLANG_FLAGS"
+LDFLAGS="$LDFLAGS $CLANG_FLAGS"
+# We want to check for compiler flag support. Prior to clang v5.1, there was no
+# way to make clang's "argument unused" warning fatal.  So we invoke the
+# compiler through a wrapper script that greps for this message.
+saved_CC="$CC"
+saved_LD="$LD"
+flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
+CC="$flag_wrap $CC"
+LD="$flag_wrap $LD"
+AC_ARG_ENABLE([hardening],
+        [AS_HELP_STRING([--disable-hardening],
+                        [Disable options to frustrate memory corruption exploits])],
+        [], [enable_hardening=yes])
+AC_ARG_ENABLE([windows-ssp],
+        [AS_HELP_STRING([--enable-windows-ssp],
+                        [Enable building the stack smashing protection on
+                         Windows. This currently distributing libssp-0.dll.])])
+AC_DEFUN([CHECK_CFLAG], [
+         AC_LANG_ASSERT(C)
+         AC_MSG_CHECKING([if $saved_CC supports "$1"])
+         old_cflags="$CFLAGS"
+         CFLAGS="$1 -Wall -Werror"
+         AC_TRY_LINK([
+                      #include <stdio.h>
+                      ],
+                     [printf("Hello")],
+                     AC_MSG_RESULT([yes])
+                     CFLAGS=$old_cflags
+                     HARDEN_CFLAGS="$HARDEN_CFLAGS $1",
+                     AC_MSG_RESULT([no])
+                     CFLAGS=$old_cflags
+                     [$2])
+])
+AC_DEFUN([CHECK_LDFLAG], [
+         AC_LANG_ASSERT(C)
+         AC_MSG_CHECKING([if $saved_LD supports "$1"])
+         old_ldflags="$LDFLAGS"
+         LDFLAGS="$1 -Wall -Werror"
+         AC_TRY_LINK([
+                      #include <stdio.h>
+                      ],
+                     [printf("Hello")],
+                     AC_MSG_RESULT([yes])
+                     LDFLAGS=$old_ldflags
+                     HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1",
+                     AC_MSG_RESULT([no])
+                     LDFLAGS=$old_ldflags
+                     [$2])
+])
+AS_IF([test "x$enable_hardening" = "xyes"], [
+        # Tell GCC to NOT optimize based on signed arithmetic overflow
+        CHECK_CFLAG([[-fno-strict-overflow]])
+        # _FORTIFY_SOURCE replaces builtin functions with safer versions.
+        CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
+        # Enable read only relocations
+        CHECK_LDFLAG([[-Wl,-z,relro]])
+        CHECK_LDFLAG([[-Wl,-z,now]])
+        # Windows security flags
+        AS_IF([test "x$HOST_OS" = "xwin"], [
+                CHECK_LDFLAG([[-Wl,--nxcompat]])
+                CHECK_LDFLAG([[-Wl,--dynamicbase]])
+                CHECK_LDFLAG([[-Wl,--high-entropy-va]])
+        ])
+        # Use stack-protector-strong if available; if not, fallback to
+        # stack-protector-all which is considered to be overkill
+        AS_IF([test "x$enable_windows_ssp" = "xyes" -o "x$HOST_OS" != "xwin"], [
+                CHECK_CFLAG([[-fstack-protector-strong]],
+                        CHECK_CFLAG([[-fstack-protector-all]],
+                                AC_MSG_WARN([compiler does not appear to support stack protection])
+                        )
+                )
+                AS_IF([test "x$HOST_OS" = "xwin"], [
+                        AC_SEARCH_LIBS([__stack_chk_guard],[ssp])
+                ])
+        ])
+])
+# Restore CC, LD
+CC="$saved_CC"
+LD="$saved_LD"
+CFLAGS="$CFLAGS $HARDEN_CFLAGS"
+LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
+# Removing the dependency on -Wno-pointer-sign should be a goal
+save_cflags="$CFLAGS"
+CFLAGS=-Wno-pointer-sign
+AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
+        [AC_MSG_RESULT([yes])]
+        [AM_CFLAGS=-Wno-pointer-sign],
+        [AC_MSG_RESULT([no])]
+)
+CFLAGS="$save_cflags $AM_CFLAGS"
+save_cflags="$CFLAGS"
+CFLAGS=
+AC_MSG_CHECKING([whether AS supports .note.GNU-stack])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
+__asm__(".section .note.GNU-stack,\"\",@progbits");]])],
+        [AC_MSG_RESULT([yes])]
+        [AM_CFLAGS=-DHAVE_GNU_STACK],
+        [AC_MSG_RESULT([no])]
+)
+CFLAGS="$save_cflags $AM_CFLAGS"
+AM_PROG_AS
+AC_CHECK_FUNCS([explicit_bzero strsep])
+AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
+AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
+#AC_CHECK_FUNCS([arc4random_buf asprintf explicit_bzero funopen getauxval])
+#AC_CHECK_FUNCS([getentropy memmem poll reallocarray])
+#AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strtonum])
+#AC_CHECK_FUNCS([symlink])
+#AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
+#
+## Share test results with automake
+#AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
+#AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
+#AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
+#AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
+#AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
+#AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
+#AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
+#AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
+#AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
+#AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
+#AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
+#AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
+#AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
+#AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes])
+AC_CONFIG_FILES([
+        Makefile
+        include/Makefile
+        src/Makefile
+        libtls.pc
+])
+AC_OUTPUT
diff --git a/libtls-standalone/include/Makefile.am b/libtls-standalone/include/Makefile.am
new file mode 100644
index 0000000..7fbefdc
--- /dev/null
+++ b/libtls-standalone/include/Makefile.am
@@ -0,0 +1,27 @@
+#noinst_HEADERS = err.h
+#noinst_HEADERS += netdb.h
+#noinst_HEADERS += poll.h
+#noinst_HEADERS += pqueue.h
+#noinst_HEADERS += stdio.h
+#noinst_HEADERS += stdlib.h
+#noinst_HEADERS += string.h
+#noinst_HEADERS += syslog.h
+#noinst_HEADERS += unistd.h
+#noinst_HEADERS += win32netcompat.h
+#
+#noinst_HEADERS += arpa/inet.h
+#
+#noinst_HEADERS += machine/endian.h
+#
+#noinst_HEADERS += netinet/in.h
+#noinst_HEADERS += netinet/tcp.h
+#
+#noinst_HEADERS += sys/ioctl.h
+#noinst_HEADERS += sys/mman.h
+#noinst_HEADERS += sys/select.h
+#noinst_HEADERS += sys/socket.h
+#noinst_HEADERS += sys/times.h
+#noinst_HEADERS += sys/types.h
+#noinst_HEADERS += sys/uio.h
+include_HEADERS = tls.h
diff --git a/libtls-standalone/include/string.h b/libtls-standalone/include/string.h
new file mode 100644
index 0000000..c42fcba
--- /dev/null
+++ b/libtls-standalone/include/string.h
@@ -0,0 +1,28 @@
+/*
+ * Public domain
+ * string.h compatibility shim
+ */
+#include_next <string.h>
+#ifndef LIBCRYPTOCOMPAT_STRING_H
+#define LIBCRYPTOCOMPAT_STRING_H
+#include <sys/types.h>
+#if defined(__sun) || defined(__hpux)
+/* Some functions historically defined in string.h were placed in strings.h by
+ * SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris and HPUX.
+ */
+#include <strings.h>
+#endif
+#ifndef HAVE_EXPLICIT_BZERO
+void explicit_bzero(void *, size_t);
+#endif
+#ifndef HAVE_STRSEP
+char *strsep(char **stringp, const char *delim);
+#endif
+#endif
diff --git a/libtls-standalone/libtls.pc.in b/libtls-standalone/libtls.pc.in
new file mode 100644
index 0000000..64d7457
--- /dev/null
+++ b/libtls-standalone/libtls.pc.in
@@ -0,0 +1,16 @@
+#libtls pkg-config source file
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+Name: LibreSSL-libtls
+Description: Secure communications using the TLS socket protocol.
+Version: @LIBTLS_VERSION@
+Requires:
+Requires.private: libcrypto libssl
+Conflicts:
+Libs: -L${libdir} -ltls
+Libs.private: @LIBS@ -lcrypto -lssl
+Cflags: -I${includedir}
diff --git a/libtls-standalone/src/Makefile.am b/libtls-standalone/src/Makefile.am
new file mode 100644
index 0000000..d5bcc49
--- /dev/null
+++ b/libtls-standalone/src/Makefile.am
@@ -0,0 +1,18 @@
+AM_CFLAGS = -I$(top_srcdir)/include
+lib_LTLIBRARIES = libtls.la
+libtls_la_LDFLAGS = -no-undefined
+libtls_la_LIBADD = -lcrypto -lssl $(PLATFORM_LDADD)
+libtls_la_SOURCES = tls.c
+libtls_la_SOURCES += tls_client.c
+libtls_la_SOURCES += tls_config.c
+libtls_la_SOURCES += tls_server.c
+libtls_la_SOURCES += tls_util.c
+libtls_la_SOURCES += tls_verify.c
+noinst_HEADERS = tls_internal.h
+if !HAVE_STRSEP
+libtls_la_SOURCES += strsep.c
+endif
author	Brent Cook <busterb@gmail.com>	2015-04-30 04:44:35 -0500
committer	Brent Cook <busterb@gmail.com>	2015-05-23 19:26:51 -0500
commit	28353c1df15c3d0482a10ffe33fa34c053af2c2e (patch)
tree	580bf87a6db90c492dd55594f9612d2442331376 /libtls-standalone
parent	7de7605b95f2cd2d061720376544d511f71dc063 (diff)
download	portable-28353c1df15c3d0482a10ffe33fa34c053af2c2e.tar.gz portable-28353c1df15c3d0482a10ffe33fa34c053af2c2e.tar.bz2 portable-28353c1df15c3d0482a10ffe33fa34c053af2c2e.zip

diff --git a/libtls-standalone/AUTHORS b/libtls-standalone/AUTHORS new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/libtls-standalone/AUTHORS


diff --git a/libtls-standalone/ChangeLog b/libtls-standalone/ChangeLog new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/libtls-standalone/ChangeLog


diff --git a/libtls-standalone/Makefile.am b/libtls-standalone/Makefile.am new file mode 100644 index 0000000..8881d8c --- /dev/null +++ b/libtls-standalone/Makefile.am
@@ -0,0 +1,7 @@
	1	SUBDIRS = include src
	2	ACLOCAL_AMFLAGS = -I m4
	3
	4	pkgconfigdir = $(libdir)/pkgconfig
	5	pkgconfig_DATA = libtls.pc
	6
	7	EXTRA_DIST = README VERSION


diff --git a/libtls-standalone/NEWS b/libtls-standalone/NEWS new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/libtls-standalone/NEWS


diff --git a/libtls-standalone/README b/libtls-standalone/README new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/libtls-standalone/README


diff --git a/libtls-standalone/VERSION b/libtls-standalone/VERSION new file mode 100644 index 0000000..81ece01 --- /dev/null +++ b/libtls-standalone/VERSION
@@ -0,0 +1 @@
		3:1:0


diff --git a/libtls-standalone/configure.ac b/libtls-standalone/configure.ac new file mode 100644 index 0000000..babb266 --- /dev/null +++ b/libtls-standalone/configure.ac
@@ -0,0 +1,254 @@
	1	AC_INIT([libtls], m4_esyscmd([tr -d '\n' < VERSION]))
	2
	3	AC_CANONICAL_HOST
	4	AM_INIT_AUTOMAKE([subdir-objects])
	5	AC_CONFIG_MACRO_DIR([m4])
	6
	7	m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
	8
	9	# This must be called before AC_PROG_CC
	10	USER_CFLAGS="$CFLAGS"
	11
	12	AC_PROG_CC
	13	AC_PROG_CC_STDC
	14	AM_PROG_CC_C_O
	15	AC_PROG_LIBTOOL
	16	LT_INIT
	17
	18	CFLAGS="$CFLAGS -Wall -std=gnu99"
	19
	20	case $host_os in
	21	aix)
	22	HOST_OS=aix
	23	if test "`echo $CC \| cut -d ' ' -f 1`" != "gcc" ; then
	24	CFLAGS="$USER_CFLAGS"
	25	fi
	26	;;
	27	cygwin)
	28	HOST_OS=cygwin
	29	;;
	30	darwin)
	31	HOST_OS=darwin
	32	HOST_ABI=macosx
	33	;;
	34	freebsd)
	35	HOST_OS=freebsd
	36	HOST_ABI=elf
	37	;;
	38	hpux)
	39	HOST_OS=hpux;
	40	if test "`echo $CC \| cut -d ' ' -f 1`" = "gcc" ; then
	41	CFLAGS="$CFLAGS -mlp64"
	42	else
	43	CFLAGS="-g -O2 +DD64 $USER_CFLAGS"
	44	fi
	45	CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
	46	AC_SUBST([PLATFORM_LDADD], ['-lpthread'])
	47	;;
	48	linux)
	49	HOST_OS=linux
	50	HOST_ABI=elf
	51	CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
	52	;;
	53	netbsd)
	54	HOST_OS=netbsd
	55	CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
	56	;;
	57	openbsd)
	58	HOST_ABI=elf
	59	AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
	60	;;
	61	mingw)
	62	HOST_OS=win
	63	CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
	64	CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
	65	CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600"
	66	CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG"
	67	CFLAGS="$CFLAGS -static-libgcc"
	68	LDFLAGS="$LDFLAGS -static-libgcc"
	69	AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
	70	;;
	71	solaris)
	72	HOST_OS=solaris
	73	HOST_ABI=elf
	74	CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
	75	AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
	76	;;
	77	*) ;;
	78	esac
	79
	80	AM_CONDITIONAL([HOST_AIX], [test x$HOST_OS = xaix])
	81	AM_CONDITIONAL([HOST_CYGWIN], [test x$HOST_OS = xcygwin])
	82	AM_CONDITIONAL([HOST_DARWIN], [test x$HOST_OS = xdarwin])
	83	AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
	84	AM_CONDITIONAL([HOST_HPUX], [test x$HOST_OS = xhpux])
	85	AM_CONDITIONAL([HOST_LINUX], [test x$HOST_OS = xlinux])
	86	AM_CONDITIONAL([HOST_NETBSD], [test x$HOST_OS = xnetbsd])
	87	AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
	88	AM_CONDITIONAL([HOST_WIN], [test x$HOST_OS = xwin])
	89
	90	AC_MSG_CHECKING([if compiling with clang])
	91	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
	92	#ifndef __clang__
	93	not clang
	94	#endif
	95	]])],
	96	[CLANG=yes],
	97	[CLANG=no]
	98	)
	99	AC_MSG_RESULT([$CLANG])
	100	AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments])
	101
	102	CFLAGS="$CFLAGS $CLANG_FLAGS"
	103	LDFLAGS="$LDFLAGS $CLANG_FLAGS"
	104
	105	# We want to check for compiler flag support. Prior to clang v5.1, there was no
	106	# way to make clang's "argument unused" warning fatal. So we invoke the
	107	# compiler through a wrapper script that greps for this message.
	108	saved_CC="$CC"
	109	saved_LD="$LD"
	110	flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
	111	CC="$flag_wrap $CC"
	112	LD="$flag_wrap $LD"
	113
	114	AC_ARG_ENABLE([hardening],
	115	[AS_HELP_STRING([--disable-hardening],
	116	[Disable options to frustrate memory corruption exploits])],
	117	[], [enable_hardening=yes])
	118
	119	AC_ARG_ENABLE([windows-ssp],
	120	[AS_HELP_STRING([--enable-windows-ssp],
	121	[Enable building the stack smashing protection on
	122	Windows. This currently distributing libssp-0.dll.])])
	123
	124	AC_DEFUN([CHECK_CFLAG], [
	125	AC_LANG_ASSERT(C)
	126	AC_MSG_CHECKING([if $saved_CC supports "$1"])
	127	old_cflags="$CFLAGS"
	128	CFLAGS="$1 -Wall -Werror"
	129	AC_TRY_LINK([
	130	#include <stdio.h>
	131	],
	132	[printf("Hello")],
	133	AC_MSG_RESULT([yes])
	134	CFLAGS=$old_cflags
	135	HARDEN_CFLAGS="$HARDEN_CFLAGS $1",
	136	AC_MSG_RESULT([no])
	137	CFLAGS=$old_cflags
	138	[$2])
	139	])
	140
	141	AC_DEFUN([CHECK_LDFLAG], [
	142	AC_LANG_ASSERT(C)
	143	AC_MSG_CHECKING([if $saved_LD supports "$1"])
	144	old_ldflags="$LDFLAGS"
	145	LDFLAGS="$1 -Wall -Werror"
	146	AC_TRY_LINK([
	147	#include <stdio.h>
	148	],
	149	[printf("Hello")],
	150	AC_MSG_RESULT([yes])
	151	LDFLAGS=$old_ldflags
	152	HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1",
	153	AC_MSG_RESULT([no])
	154	LDFLAGS=$old_ldflags
	155	[$2])
	156	])
	157
	158	AS_IF([test "x$enable_hardening" = "xyes"], [
	159	# Tell GCC to NOT optimize based on signed arithmetic overflow
	160	CHECK_CFLAG([[-fno-strict-overflow]])
	161
	162	# _FORTIFY_SOURCE replaces builtin functions with safer versions.
	163	CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
	164
	165	# Enable read only relocations
	166	CHECK_LDFLAG([[-Wl,-z,relro]])
	167	CHECK_LDFLAG([[-Wl,-z,now]])
	168
	169	# Windows security flags
	170	AS_IF([test "x$HOST_OS" = "xwin"], [
	171	CHECK_LDFLAG([[-Wl,--nxcompat]])
	172	CHECK_LDFLAG([[-Wl,--dynamicbase]])
	173	CHECK_LDFLAG([[-Wl,--high-entropy-va]])
	174	])
	175
	176	# Use stack-protector-strong if available; if not, fallback to
	177	# stack-protector-all which is considered to be overkill
	178	AS_IF([test "x$enable_windows_ssp" = "xyes" -o "x$HOST_OS" != "xwin"], [
	179	CHECK_CFLAG([[-fstack-protector-strong]],
	180	CHECK_CFLAG([[-fstack-protector-all]],
	181	AC_MSG_WARN([compiler does not appear to support stack protection])
	182	)
	183	)
	184	AS_IF([test "x$HOST_OS" = "xwin"], [
	185	AC_SEARCH_LIBS([__stack_chk_guard],[ssp])
	186	])
	187	])
	188	])
	189
	190
	191	# Restore CC, LD
	192	CC="$saved_CC"
	193	LD="$saved_LD"
	194
	195	CFLAGS="$CFLAGS $HARDEN_CFLAGS"
	196	LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
	197
	198	# Removing the dependency on -Wno-pointer-sign should be a goal
	199	save_cflags="$CFLAGS"
	200	CFLAGS=-Wno-pointer-sign
	201	AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
	202	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
	203	[AC_MSG_RESULT([yes])]
	204	[AM_CFLAGS=-Wno-pointer-sign],
	205	[AC_MSG_RESULT([no])]
	206	)
	207	CFLAGS="$save_cflags $AM_CFLAGS"
	208
	209	save_cflags="$CFLAGS"
	210	CFLAGS=
	211	AC_MSG_CHECKING([whether AS supports .note.GNU-stack])
	212	AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
	213	__asm__(".section .note.GNU-stack,\"\",@progbits");]])],
	214	[AC_MSG_RESULT([yes])]
	215	[AM_CFLAGS=-DHAVE_GNU_STACK],
	216	[AC_MSG_RESULT([no])]
	217	)
	218	CFLAGS="$save_cflags $AM_CFLAGS"
	219	AM_PROG_AS
	220
	221	AC_CHECK_FUNCS([explicit_bzero strsep])
	222	AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
	223	AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
	224
	225	#AC_CHECK_FUNCS([arc4random_buf asprintf explicit_bzero funopen getauxval])
	226	#AC_CHECK_FUNCS([getentropy memmem poll reallocarray])
	227	#AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strtonum])
	228	#AC_CHECK_FUNCS([symlink])
	229	#AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
	230	#
	231	## Share test results with automake
	232	#AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
	233	#AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
	234	#AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
	235	#AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
	236	#AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
	237	#AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
	238	#AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
	239	#AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
	240	#AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
	241	#AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
	242	#AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
	243	#AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
	244	#AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
	245	#AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes])
	246
	247	AC_CONFIG_FILES([
	248	Makefile
	249	include/Makefile
	250	src/Makefile
	251	libtls.pc
	252	])
	253
	254	AC_OUTPUT


diff --git a/libtls-standalone/include/Makefile.am b/libtls-standalone/include/Makefile.am new file mode 100644 index 0000000..7fbefdc --- /dev/null +++ b/libtls-standalone/include/Makefile.am
@@ -0,0 +1,27 @@
	1	#noinst_HEADERS = err.h
	2	#noinst_HEADERS += netdb.h
	3	#noinst_HEADERS += poll.h
	4	#noinst_HEADERS += pqueue.h
	5	#noinst_HEADERS += stdio.h
	6	#noinst_HEADERS += stdlib.h
	7	#noinst_HEADERS += string.h
	8	#noinst_HEADERS += syslog.h
	9	#noinst_HEADERS += unistd.h
	10	#noinst_HEADERS += win32netcompat.h
	11	#
	12	#noinst_HEADERS += arpa/inet.h
	13	#
	14	#noinst_HEADERS += machine/endian.h
	15	#
	16	#noinst_HEADERS += netinet/in.h
	17	#noinst_HEADERS += netinet/tcp.h
	18	#
	19	#noinst_HEADERS += sys/ioctl.h
	20	#noinst_HEADERS += sys/mman.h
	21	#noinst_HEADERS += sys/select.h
	22	#noinst_HEADERS += sys/socket.h
	23	#noinst_HEADERS += sys/times.h
	24	#noinst_HEADERS += sys/types.h
	25	#noinst_HEADERS += sys/uio.h
	26
	27	include_HEADERS = tls.h


diff --git a/libtls-standalone/include/string.h b/libtls-standalone/include/string.h new file mode 100644 index 0000000..c42fcba --- /dev/null +++ b/libtls-standalone/include/string.h
@@ -0,0 +1,28 @@
	1	/*
	2	* Public domain
	3	* string.h compatibility shim
	4	*/
	5
	6	#include_next <string.h>
	7
	8	#ifndef LIBCRYPTOCOMPAT_STRING_H
	9	#define LIBCRYPTOCOMPAT_STRING_H
	10
	11	#include <sys/types.h>
	12
	13	#if defined(__sun) \|\| defined(__hpux)
	14	/* Some functions historically defined in string.h were placed in strings.h by
	15	* SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris and HPUX.
	16	*/
	17	#include <strings.h>
	18	#endif
	19
	20	#ifndef HAVE_EXPLICIT_BZERO
	21	void explicit_bzero(void *, size_t);
	22	#endif
	23
	24	#ifndef HAVE_STRSEP
	25	char strsep(char stringp, const char delim);
	26	#endif
	27
	28	#endif


diff --git a/libtls-standalone/libtls.pc.in b/libtls-standalone/libtls.pc.in new file mode 100644 index 0000000..64d7457 --- /dev/null +++ b/libtls-standalone/libtls.pc.in
@@ -0,0 +1,16 @@
	1	#libtls pkg-config source file
	2
	3	prefix=@prefix@
	4	exec_prefix=@exec_prefix@
	5	libdir=@libdir@
	6	includedir=@includedir@
	7
	8	Name: LibreSSL-libtls
	9	Description: Secure communications using the TLS socket protocol.
	10	Version: @LIBTLS_VERSION@
	11	Requires:
	12	Requires.private: libcrypto libssl
	13	Conflicts:
	14	Libs: -L${libdir} -ltls
	15	Libs.private: @LIBS@ -lcrypto -lssl
	16	Cflags: -I${includedir}


diff --git a/libtls-standalone/src/Makefile.am b/libtls-standalone/src/Makefile.am new file mode 100644 index 0000000..d5bcc49 --- /dev/null +++ b/libtls-standalone/src/Makefile.am
@@ -0,0 +1,18 @@
	1	AM_CFLAGS = -I$(top_srcdir)/include
	2
	3	lib_LTLIBRARIES = libtls.la
	4
	5	libtls_la_LDFLAGS = -no-undefined
	6	libtls_la_LIBADD = -lcrypto -lssl $(PLATFORM_LDADD)
	7
	8	libtls_la_SOURCES = tls.c
	9	libtls_la_SOURCES += tls_client.c
	10	libtls_la_SOURCES += tls_config.c
	11	libtls_la_SOURCES += tls_server.c
	12	libtls_la_SOURCES += tls_util.c
	13	libtls_la_SOURCES += tls_verify.c
	14	noinst_HEADERS = tls_internal.h
	15
	16	if !HAVE_STRSEP
	17	libtls_la_SOURCES += strsep.c
	18	endif