19 files changed, 426 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..01afda2
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,172 @@
+### These files shkuld get ignored no matter where they appear.
+
+# Editors leave these lying around
+\#*\#
+.#*
+*~
+*.swp
+
+# C stuff
+*.o
+
+# Windows stuff
+*.obj
+*.exe
+*.lib
+
+# Patch leaves these lying arround
+*.orig
+*.rej
+
+# gcov stuff
+*.gcno
+*.gcov
+*.gcda
+
+# Autotools stuff
+.deps
+.dirstamp
+Makefile
+Makefile.in
+
+# Libtool stuff
+.libs
+*.lo
+*.la
+
+# tests
+test-driver
+*.log
+*.trs
+tests/aes_wrap*
+tests/arc4random_fork*
+tests/explicit_bzero*
+tests/mont*
+tests/timingsafe*
+tests/*test*.c
+tests/*.pem
+tests/testssl
+tests/*.txt
+
+# ctags stuff
+TAGS
+
+## The initial / makes these files only get ignored in particular directories.
+/autom4te.cache
+
+# Libtool adds these, at least sometimes
+INSTALL
+/m4/libtool.m4
+/m4/ltoptions.m4
+/m4/ltsugar.m4
+/m4/ltversion.m4
+/m4/lt~obsolete.m4
+
+/aclocal.m4
+/compile
+/doxygen
+/config.guess
+/config.log
+/config.status
+/config.sub
+/configure
+/depcomp
+/config.h
+/config.h.in
+/install-sh
+/libtool
+/ltmain.sh
+/missing
+/stamp-h1
+/stamp-h2
+
+crypto/Makefile.am
+include/openssl/Makefile.am
+ssl/Makefile.am
+apps/Makefile.am
+tests/Makefile.am
+
+ssl/*.c
+ssl/*.h
+include/pqueue.h
+include/openssl/*.h
+include/openssl/*.he
+apps/*.c
+apps/*.h
+apps/*.cnf
+apps/openssl
+
+crypto/compat/arc4random.c
+crypto/compat/chacha_private.h
+crypto/compat/explicit_bzero.c
+crypto/compat/getentropy_*.c
+crypto/compat/reallocarray.c
+crypto/compat/strlcat.c
+crypto/compat/strlcpy.c
+crypto/compat/strtonum.c
+crypto/compat/timingsafe_bcmp.c
+crypto/compat/timingsafe_memcmp.c
+
+crypto/aes/
+crypto/asn1/
+crypto/bf/
+crypto/bio/
+crypto/bn/
+crypto/buffer/
+crypto/cast/
+crypto/chacha/
+crypto/cmac/
+crypto/comp/
+crypto/conf/
+crypto/cpt_err.c
+crypto/cryptlib.c
+crypto/cryptlib.h
+crypto/cversion.c
+crypto/des/
+crypto/dh/
+crypto/dsa/
+crypto/dso/
+crypto/ec/
+crypto/ecdh/
+crypto/ecdsa/
+crypto/engine/
+crypto/err/
+crypto/evp/
+crypto/ex_data.c
+crypto/hmac/
+crypto/idea/
+crypto/krb5/
+crypto/lhash/
+crypto/malloc-wrapper.c
+crypto/md32_common.h
+crypto/md4/
+crypto/md5/
+crypto/mdc2/
+crypto/mem_clr.c
+crypto/mem_dbg.c
+crypto/modes/
+crypto/o_init.c
+crypto/o_str.c
+crypto/o_time.c
+crypto/o_time.h
+crypto/objects
+crypto/ocsp/
+crypto/pem/
+crypto/pkcs12/
+crypto/pkcs7/
+crypto/poly1305/
+crypto/pqueue/
+crypto/rand/
+crypto/rc2/
+crypto/rc4/
+crypto/ripemd/
+crypto/rsa/
+crypto/sha/
+crypto/stack/
+crypto/ts/
+crypto/txt_db/
+crypto/ui/
+crypto/whrlpool/
+crypto/x509/
+crypto/x509v3/
+
diff --git a/apps/Makefile.am.tpl b/apps/Makefile.am.tpl
new file mode 100644
index 0000000..ea6174d
--- /dev/null
+++ b/apps/Makefile.am.tpl
@@ -0,0 +1,11 @@
+include $(top_srcdir)/Makefile.am.common
+
+bin_PROGRAMS = openssl
+
+openssl_CFLAGS = $(USER_CFLAGS)
+openssl_LDADD = $(PLATFORM_LDADD)
+openssl_LDADD += $(top_builddir)/crypto/libcrypto.la
+openssl_LDADD += $(top_builddir)/ssl/libssl.la
+
+openssl_SOURCES =
+noinst_HEADERS =
diff --git a/crypto/Makefile.am.tpl b/crypto/Makefile.am.tpl
new file mode 100644
index 0000000..6f94fdf
--- /dev/null
+++ b/crypto/Makefile.am.tpl
@@ -0,0 +1,69 @@
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1
+AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
+AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
+
+lib_LTLIBRARIES = libcrypto.la
+
+libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la
+libcrypto_la_LDFLAGS = -version-info libcrypto-version
+libcrypto_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS) -DOPENSSL_NO_HW_PADLOCK
+
+noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
+
+# compatibility functions that need to be built without optimizations
+libcompatnoopt_la_CFLAGS = -O0
+libcompatnoopt_la_SOURCES = compat/explicit_bzero.c
+
+# other compatibility functions
+libcompat_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
+libcompat_la_SOURCES =
+
+if NO_STRLCAT
+libcompat_la_SOURCES += compat/strlcat.c
+endif
+
+if NO_STRLCPY
+libcompat_la_SOURCES += compat/strlcpy.c
+endif
+
+if NO_REALLOCARRAY
+libcompat_la_SOURCES += compat/reallocarray.c
+endif
+
+if NO_TIMINGSAFE_MEMCMP
+libcompat_la_SOURCES += compat/timingsafe_memcmp.c
+endif
+
+if NO_TIMINGSAFE_BCMP
+libcompat_la_SOURCES += compat/timingsafe_bcmp.c
+endif
+
+if NO_ARC4RANDOM_BUF
+libcompat_la_SOURCES += compat/arc4random.c
+
+if NO_GETENTROPY
+if TARGET_LINUX
+libcompat_la_SOURCES += compat/getentropy_linux.c
+endif
+if TARGET_DARWIN
+libcompat_la_SOURCES += compat/getentropy_osx.c
+endif
+if TARGET_SOLARIS
+libcompat_la_SOURCES += compat/getentropy_solaris.c
+endif
+endif
+
+endif
+
+if NO_ISSETUGID
+libcompat_la_SOURCES += compat/issetugid_linux.c
+endif
+if NO_STRTONUM
+libcompat_la_SOURCES += compat/strtonum.c
+endif
+
+noinst_HEADERS = des/ncbc_enc.c
+libcrypto_la_SOURCES =
+EXTRA_libcrypto_la_SOURCES =
diff --git a/crypto/compat/issetugid_linux.c b/crypto/compat/issetugid_linux.c
new file mode 100644
index 0000000..669edce
--- /dev/null
+++ b/crypto/compat/issetugid_linux.c
@@ -0,0 +1,47 @@
+/*
+ * issetugid implementation for Linux
+ * Public domain
+ */
+
+#include <errno.h>
+#include <gnu/libc-version.h>
+#include <string.h>
+#include <sys/types.h>
+#include <unistd.h>
+
+/*
+ * Linux-specific glibc 2.16+ interface for determining if a process was
+ * launched setuid/setgid or with additional capabilities.
+ */
+#ifdef HAVE_GETAUXVAL
+#include <sys/auxv.h>
+#endif
+
+int issetugid(void)
+{
+#ifdef HAVE_GETAUXVAL
+        /*
+         * The API for glibc < 2.19 does not indicate if there is an error with
+         * getauxval. While it should not be the case that any 2.6 or greater
+         * kernel ever does not supply AT_SECURE, an emulated software environment
+         * might rewrite the aux vector.
+         *
+         * See https://sourceware.org/bugzilla/show_bug.cgi?id=15846
+         *
+         * Perhaps this code should just read the aux vector itself, so we have
+         * backward-compatibility and error handling in older glibc versions.
+         * info: http://lwn.net/Articles/519085/
+         *
+         */
+        const char *glcv = gnu_get_libc_version();
+        if (strverscmp(glcv, "2.19") >= 0) {
+                errno = 0;
+                if (getauxval(AT_SECURE) == 0) {
+                        if (errno != ENOENT) {
+                                return 0;
+                        }
+                }
+        }
+#endif
+        return 1;
+}
diff --git a/crypto/compat/thread_private.h b/crypto/compat/thread_private.h
new file mode 100644
index 0000000..3286a7c
--- /dev/null
+++ b/crypto/compat/thread_private.h
@@ -0,0 +1,6 @@
+#include <pthread.h>
+
+static pthread_mutex_t arc4random_mtx = PTHREAD_MUTEX_INITIALIZER;
+
+#define _ARC4_LOCK()   pthread_mutex_lock(&arc4random_mtx)
+#define _ARC4_UNLOCK() pthread_mutex_unlock(&arc4random_mtx)
diff --git a/include/Makefile.am b/include/Makefile.am
new file mode 100644
index 0000000..f2860a4
--- /dev/null
+++ b/include/Makefile.am
@@ -0,0 +1,3 @@
+SUBDIRS = openssl
+
+noinst_HEADERS = pqueue.h stdlib.h string.h machine/endian.h
diff --git a/include/machine/endian.h b/include/machine/endian.h
new file mode 100644
index 0000000..4d96a6d
--- /dev/null
+++ b/include/machine/endian.h
@@ -0,0 +1,14 @@
+#ifndef _COMPAT_BYTE_ORDER_H_
+#define _COMPAT_BYTE_ORDER_H_
+
+#ifdef __linux__
+#include <endian.h>
+#else
+#ifdef __sun
+#include <arpa/nameser_compat.h>
+#else
+#include_next <machine/endian.h>
+#endif
+#endif
+
+#endif
diff --git a/include/openssl/Makefile.am.tpl b/include/openssl/Makefile.am.tpl
new file mode 100644
index 0000000..1375956
--- /dev/null
+++ b/include/openssl/Makefile.am.tpl
@@ -0,0 +1,5 @@
+include $(top_srcdir)/Makefile.am.common
+
+opensslincludedir=$(includedir)/openssl
+
+opensslinclude_HEADERS =
diff --git a/include/stdlib.h b/include/stdlib.h
new file mode 100644
index 0000000..6c2de93
--- /dev/null
+++ b/include/stdlib.h
@@ -0,0 +1,16 @@
+#include_next <stdlib.h>
+
+#ifndef LIBCRYPTOCOMPAT_STDLIB_H
+#define LIBCRYPTOCOMPAT_STDLIB_H
+
+#include <sys/stat.h>
+#include <sys/time.h>
+#include <stdint.h>
+
+uint32_t arc4random(void);
+void arc4random_buf(void *_buf, size_t n);
+void *reallocarray(void *, size_t, size_t);
+long long strtonum(const char *nptr, long long minval,
+                long long maxval, const char **errstr);
+
+#endif
diff --git a/include/string.h b/include/string.h
new file mode 100644
index 0000000..acdde6c
--- /dev/null
+++ b/include/string.h
@@ -0,0 +1,25 @@
+#include_next <string.h>
+
+#ifndef LIBCRYPTOCOMPAT_STRING_H
+#define LIBCRYPTOCOMPAT_STRING_H
+
+#include <sys/types.h>
+
+#ifdef __sun
+/* Some functions historically defined in string.h were placed in strings.h by
+ * SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris.
+ */
+#include <strings.h>
+#endif
+
+size_t strlcpy(char *dst, const char *src, size_t siz);
+
+size_t strlcat(char *dst, const char *src, size_t siz);
+
+void explicit_bzero(void *, size_t);
+
+int timingsafe_bcmp(const void *b1, const void *b2, size_t n);
+
+int timingsafe_memcmp(const void *b1, const void *b2, size_t len);
+
+#endif
diff --git a/include/sys/types.h b/include/sys/types.h
new file mode 100644
index 0000000..05fc05b
--- /dev/null
+++ b/include/sys/types.h
@@ -0,0 +1,13 @@
+#include_next <sys/types.h>
+
+#ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H
+#define LIBCRYPTOCOMPAT_SYS_TYPES_H
+
+#include <stdint.h>
+
+#ifdef __sun
+typedef uint8_t u_int8_t;
+typedef uint32_t u_int32_t;
+#endif
+
+#endif
diff --git a/include/unistd.h b/include/unistd.h
new file mode 100644
index 0000000..ae82b95
--- /dev/null
+++ b/include/unistd.h
@@ -0,0 +1,9 @@
+#include_next <unistd.h>
+
+#ifndef LIBCRYPTOCOMPAT_UNISTD_H
+#define LIBCRYPTOCOMPAT_UNISTD_H
+
+int getentropy(void *buf, size_t buflen);
+int issetugid(void);
+
+#endif
diff --git a/ssl/Makefile.am.tpl b/ssl/Makefile.am.tpl
new file mode 100644
index 0000000..16caa92
--- /dev/null
+++ b/ssl/Makefile.am.tpl
@@ -0,0 +1,9 @@
+include $(top_srcdir)/Makefile.am.common
+
+lib_LTLIBRARIES = libssl.la
+
+libssl_la_LDFLAGS = -version-info libssl-version
+
+libssl_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
+libssl_la_SOURCES =
+noinst_HEADERS =
diff --git a/tests/Makefile.am.tpl b/tests/Makefile.am.tpl
new file mode 100644
index 0000000..0b9ae4c
--- /dev/null
+++ b/tests/Makefile.am.tpl
@@ -0,0 +1,8 @@
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes
+AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1
+
+TESTS =
+check_PROGRAMS =
+EXTRA_DIST =
diff --git a/tests/aeadtest.sh b/tests/aeadtest.sh
new file mode 100755
index 0000000..d51dd29
--- /dev/null
+++ b/tests/aeadtest.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+set -e
+./aeadtest $srcdir/aeadtests.txt
diff --git a/tests/arc4randomforktest.sh b/tests/arc4randomforktest.sh
new file mode 100755
index 0000000..fe03068
--- /dev/null
+++ b/tests/arc4randomforktest.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+./arc4randomforktest
+./arc4randomforktest -b
+./arc4randomforktest -p
+./arc4randomforktest -bp
diff --git a/tests/evptest.sh b/tests/evptest.sh
new file mode 100755
index 0000000..8e1d106
--- /dev/null
+++ b/tests/evptest.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+set -e
+./evptest $srcdir/evptests.txt
diff --git a/tests/pq_test.sh b/tests/pq_test.sh
new file mode 100755
index 0000000..35c4dcb
--- /dev/null
+++ b/tests/pq_test.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+set -e
+./pq_test | cmp $srcdir/pq_expected.txt /dev/stdin
diff --git a/tests/ssltest.sh b/tests/ssltest.sh
new file mode 100755
index 0000000..90701f5
--- /dev/null
+++ b/tests/ssltest.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+set -e
+export PATH=$srcdir/../apps:$PATH
+$srcdir/testssl $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem