diff -Paur --no-dereference -- libssl.upstream/apps/nc/compat/base64.c libssl/apps/nc/compat/base64.c --- libssl.upstream/apps/nc/compat/base64.c +++ libssl/apps/nc/compat/base64.c @@ -124,14 +124,14 @@ int b64_ntop(src, srclength, target, targsize) - u_char const *src; + unsigned char const *src; size_t srclength; char *target; size_t targsize; { size_t datalength = 0; - u_char input[3]; - u_char output[4]; + unsigned char input[3]; + unsigned char output[4]; int i; while (2 < srclength) { @@ -189,11 +189,11 @@ int b64_pton(src, target, targsize) char const *src; - u_char *target; + unsigned char *target; size_t targsize; { int tarindex, state, ch; - u_char nextbyte; + unsigned char nextbyte; char *pos; state = 0; diff -Paur --no-dereference -- libssl.upstream/apps/nc/netcat.c libssl/apps/nc/netcat.c --- libssl.upstream/apps/nc/netcat.c +++ libssl/apps/nc/netcat.c @@ -40,7 +40,10 @@ #include #include #include +/* PATCH: Sortix doesn't have yet. */ +#if __has_include() #include +#endif #include #include @@ -468,8 +471,12 @@ } else { strlcpy(unix_dg_tmp_socket_buf, "/tmp/nc.XXXXXXXXXX", UNIX_DG_TMP_SOCKET_SIZE); - if (mktemp(unix_dg_tmp_socket_buf) == NULL) + /* PATCH: Sortix doesn't have the obsolete mktemp(3) function. */ + int fd = mkstemp(unix_dg_tmp_socket_buf); + if (fd < 0) err(1, "mktemp"); + unlink(unix_dg_tmp_socket_buf); + close(fd); unix_dg_tmp_socket = unix_dg_tmp_socket_buf; } } @@ -1386,6 +1393,8 @@ void fdpass(int nfd) { +/* PATCH: File descriptor passing is WIP on Sortix. */ +#ifdef CMSG_SPACE struct msghdr mh; union { struct cmsghdr hdr; @@ -1405,7 +1414,8 @@ memset(&cmsgbuf, 0, sizeof(cmsgbuf)); memset(&iov, 0, sizeof(iov)); - mh.msg_control = (caddr_t)&cmsgbuf.buf; + /* PATCH: Sortix doesn't have the non-standard caddr_t type. */ + mh.msg_control = (char*)&cmsgbuf.buf; mh.msg_controllen = sizeof(cmsgbuf.buf); cmsg = CMSG_FIRSTHDR(&mh); cmsg->cmsg_len = CMSG_LEN(sizeof(int)); @@ -1436,12 +1446,16 @@ break; } exit(0); +#else + errx(1, "File descriptor passing is not supported"); +#endif } /* Deal with RFC 854 WILL/WONT DO/DONT negotiation. */ void atelnet(int nfd, unsigned char *buf, unsigned int size) { +#ifdef IAC unsigned char *p, *end; unsigned char obuf[4]; @@ -1467,6 +1481,9 @@ if (atomicio(vwrite, nfd, obuf, 3) != 3) warn("Write Error!"); } +#else + errx(1, "Telnet negotation is not supported"); +#endif } @@ -1581,16 +1598,20 @@ err(1, NULL); } if (Tflag != -1) { +/* PATCH: The Sortix network stack is WIP and doesn't have IP_TOS yet and + likewise with other features. */ +#ifdef IP_TOS if (af == AF_INET && setsockopt(s, IPPROTO_IP, IP_TOS, &Tflag, sizeof(Tflag)) == -1) err(1, "set IP ToS"); +#endif #ifdef IPV6_TCLASS - else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, + if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, IPV6_TCLASS, &Tflag, sizeof(Tflag)) == -1) err(1, "set IPv6 traffic class"); #else - else if (af == AF_INET6) { + if (af == AF_INET6) { errno = ENOPROTOOPT; err(1, "set IPv6 traffic class not supported"); } @@ -1608,13 +1629,16 @@ } if (ttl != -1) { +#ifdef IP_TTL if (af == AF_INET && setsockopt(s, IPPROTO_IP, IP_TTL, &ttl, sizeof(ttl))) err(1, "set IP TTL"); - - else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, +#endif +#ifdef IPV6_UNICAST_HOPS + if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6, IPV6_UNICAST_HOPS, &ttl, sizeof(ttl))) err(1, "set IPv6 unicast hops"); +#endif } if (minttl != -1) { @@ -1652,7 +1676,9 @@ { "af41", IPTOS_DSCP_AF41 }, { "af42", IPTOS_DSCP_AF42 }, { "af43", IPTOS_DSCP_AF43 }, +#ifdef IPTOS_PREC_CRITIC_ECP { "critical", IPTOS_PREC_CRITIC_ECP }, +#endif { "cs0", IPTOS_DSCP_CS0 }, { "cs1", IPTOS_DSCP_CS1 }, { "cs2", IPTOS_DSCP_CS2 }, @@ -1662,11 +1688,21 @@ { "cs6", IPTOS_DSCP_CS6 }, { "cs7", IPTOS_DSCP_CS7 }, { "ef", IPTOS_DSCP_EF }, +#ifdef IPTOS_PREC_INTERNETCONTROL { "inetcontrol", IPTOS_PREC_INTERNETCONTROL }, +#endif +#ifdef IPTOS_LOWDELAY { "lowdelay", IPTOS_LOWDELAY }, +#endif +#ifdef IPTOS_PREC_NETCONTROL { "netcontrol", IPTOS_PREC_NETCONTROL }, +#endif +#ifdef IPTOS_RELIABILITY { "reliability", IPTOS_RELIABILITY }, +#endif +#ifdef IPTOS_THROUGHPUT { "throughput", IPTOS_THROUGHPUT }, +#endif { NULL, -1 }, }; diff -Paur --no-dereference -- libssl.upstream/apps/openssl/apps.c libssl/apps/openssl/apps.c --- libssl.upstream/apps/openssl/apps.c +++ libssl/apps/openssl/apps.c @@ -147,6 +147,11 @@ #include #include +/* PATCH: For snprintf path creation that handles too long paths. */ +#if defined(__sortix__) && !defined(PATH_MAX) +#define PATH_MAX 4096 +#endif + typedef struct { const char *name; unsigned long flag; diff -Paur --no-dereference -- libssl.upstream/apps/openssl/ca.c libssl/apps/openssl/ca.c --- libssl.upstream/apps/openssl/ca.c +++ libssl/apps/openssl/ca.c @@ -81,6 +81,13 @@ #include #include +/* PATCH: Sortix doesn't have a PATH_MAX limit. Provide a simple value for the + below snprintf calls that construct paths and handle overflow if paths + are longer than PATH_MAX. */ +#if defined(__sortix__) && !defined(PATH_MAX) +#define PATH_MAX 4096 +#endif + #define BASE_SECTION "ca" #define ENV_DEFAULT_CA "default_ca" diff -Paur --no-dereference -- libssl.upstream/apps/openssl/certhash.c libssl/apps/openssl/certhash.c --- libssl.upstream/apps/openssl/certhash.c +++ libssl/apps/openssl/certhash.c @@ -33,6 +33,11 @@ #include "apps.h" +/* PATCH: For readlink that handles too long paths. */ +#if defined(__sortix__) && !defined(PATH_MAX) +#define PATH_MAX 4096 +#endif + static struct { int dryrun; int verbose; @@ -490,6 +495,11 @@ fprintf(stderr, "failed to readlink %s\n", dep->d_name); return (-1); } + /* PATCH: Handle symbolic links that are too long. */ + if (n == sizeof(target) - 1) { + fprintf(stderr, "symbolic link is too long %s\n", dep->d_name); + return (-1); + } target[n] = '\0'; hi = hashinfo_from_linkname(dep->d_name, target); diff -Paur --no-dereference -- libssl.upstream/apps/openssl/s_socket.c libssl/apps/openssl/s_socket.c --- libssl.upstream/apps/openssl/s_socket.c +++ libssl/apps/openssl/s_socket.c @@ -73,6 +73,23 @@ #include "s_apps.h" +/* PATCH: The server below only supports IPv4 and only uses the obsolete + gethostbyname and gethostbyaddr instead of the getaddrinfo + replacement. Sortix intentionally does not have gethostbyname, so + simply disable the feature for now. */ +#if defined(__sortix__) +struct hostent +{ + char *h_name; + char **h_aliases; + int h_addrtype; + int h_length; + char **h_addr_list; +}; +#define gethostbyname(a) ((void) a, (struct hostent*) NULL) +#define gethostbyaddr(a, b, c) (((void) a), ((void) b), ((void) c), (struct hostent*) NULL) +#endif + static int init_server(int *sock, int port, int type); static int init_server_long(int *sock, int port, char *ip, int type); static int do_accept(int acc_sock, int *sock, char **host); diff -Paur --no-dereference -- libssl.upstream/configure libssl/configure --- libssl.upstream/configure +++ libssl/configure @@ -13056,10 +13056,11 @@ cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +// PATCH: Sortix builds ports with -Werror=implicit-function-declaration so +// make sure getpageinfo has been forward declared, or it will be +// misdetected as missing when it does exist. // Since Android NDK v16 getpagesize is defined as inline inside unistd.h -#ifdef __ANDROID__ -# include -#endif +#include int main () diff -Paur --no-dereference -- libssl.upstream/crypto/bio/b_sock.c libssl/crypto/bio/b_sock.c --- libssl.upstream/crypto/bio/b_sock.c +++ libssl/crypto/bio/b_sock.c @@ -34,6 +34,21 @@ #include #include +/* PATCH: Sortix intentionally doesn't have the obsolete gethostbyname family + but only the modern getaddrinfo(3) family. Actually none of my ports + use BIO_gethostbyname, maybe it can just be removed. */ +#if defined(__sortix__) +struct hostent +{ + char *h_name; + char **h_aliases; + int h_addrtype; + int h_length; + char **h_addr_list; +}; +#define gethostbyname(a) ((void) a, (struct hostent*) NULL) +#endif + int BIO_get_host_ip(const char *str, unsigned char *ip) { diff -Paur --no-dereference -- libssl.upstream/crypto/bio/bss_bio.c libssl/crypto/bio/bss_bio.c --- libssl.upstream/crypto/bio/bss_bio.c +++ libssl/crypto/bio/bss_bio.c @@ -74,6 +74,11 @@ # endif #endif +/* PATCH: Sortix is buggy and doesn't define SSIZE_MAX right now. */ +#if defined(__sortix__) +#include +#endif + #include #include #include diff -Paur --no-dereference -- libssl.upstream/crypto/chacha/chacha-merged.c libssl/crypto/chacha/chacha-merged.c --- libssl.upstream/crypto/chacha/chacha-merged.c +++ libssl/crypto/chacha/chacha-merged.c @@ -16,20 +16,20 @@ #define CHACHA_BLOCKLEN 64 struct chacha_ctx { - u_int input[16]; + unsigned int input[16]; uint8_t ks[CHACHA_BLOCKLEN]; uint8_t unused; }; -static inline void chacha_keysetup(struct chacha_ctx *x, const u_char *k, - u_int kbits) +static inline void chacha_keysetup(struct chacha_ctx *x, const unsigned char *k, + unsigned int kbits) __attribute__((__bounded__(__minbytes__, 2, CHACHA_MINKEYLEN))); -static inline void chacha_ivsetup(struct chacha_ctx *x, const u_char *iv, - const u_char *ctr) +static inline void chacha_ivsetup(struct chacha_ctx *x, const unsigned char *iv, + const unsigned char *ctr) __attribute__((__bounded__(__minbytes__, 2, CHACHA_NONCELEN))) __attribute__((__bounded__(__minbytes__, 3, CHACHA_CTRLEN))); -static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const u_char *m, - u_char *c, u_int bytes) +static inline void chacha_encrypt_bytes(struct chacha_ctx *x, const unsigned char *m, + unsigned char *c, unsigned int bytes) __attribute__((__bounded__(__buffer__, 2, 4))) __attribute__((__bounded__(__buffer__, 3, 4))); @@ -127,7 +127,7 @@ u32 j8, j9, j10, j11, j12, j13, j14, j15; u8 *ctarget = NULL; u8 tmp[64]; - u_int i; + unsigned int i; if (!bytes) return; diff -Paur --no-dereference -- libssl.upstream/crypto/x509/x509_vpm.c libssl/crypto/x509/x509_vpm.c --- libssl.upstream/crypto/x509/x509_vpm.c +++ libssl/crypto/x509/x509_vpm.c @@ -598,6 +598,10 @@ static const X509_VERIFY_PARAM default_table[] = { { .name = "default", + /* PATCH: OpenBSD 6.9 errata 018, September 30, 2021: + Compensate for the expiry of the DST Root X3 certificate. + https://ftp.openbsd.org/pub/OpenBSD/patches/6.9/common/018_cert.patch.sig */ + .flags = X509_V_FLAG_TRUSTED_FIRST, .depth = 100, .trust = 0, /* XXX This is not the default trust value */ .id = vpm_empty_id diff -Paur --no-dereference -- libssl.upstream/include/compat/arpa/nameser.h libssl/include/compat/arpa/nameser.h --- libssl.upstream/include/compat/arpa/nameser.h +++ libssl/include/compat/arpa/nameser.h @@ -4,7 +4,9 @@ */ #ifndef _WIN32 +#if __has_include_next() #include_next +#endif #else #include diff -Paur --no-dereference -- libssl.upstream/include/compat/machine/endian.h libssl/include/compat/machine/endian.h --- libssl.upstream/include/compat/machine/endian.h +++ libssl/include/compat/machine/endian.h @@ -21,7 +21,10 @@ #define BYTE_ORDER BIG_ENDIAN #endif -#elif defined(__linux__) || defined(__midipix__) +/* PATCH: endian.h is the header being standardized, use it instead if it + exists, that is what Sortix has. This machine/endian.h abstraction + should be renamed to endian.h. */ +#elif defined(__linux__) || defined(__midipix__) || defined(__sortix__) || __has_include() #include #elif defined(__sun) || defined(_AIX) || defined(__hpux) diff -Paur --no-dereference -- libssl.upstream/include/compat/netinet/ip.h libssl/include/compat/netinet/ip.h --- libssl.upstream/include/compat/netinet/ip.h +++ libssl/include/compat/netinet/ip.h @@ -8,7 +8,9 @@ #endif #ifndef _WIN32 +#if __has_include_next() #include_next +#endif #else #include #endif diff -Paur --no-dereference -- libssl.upstream/include/compat/resolv.h libssl/include/compat/resolv.h --- libssl.upstream/include/compat/resolv.h +++ libssl/include/compat/resolv.h @@ -13,8 +13,10 @@ #include <../include/resolv.h> #endif #else +#if __has_include_next() #include_next #endif +#endif #ifndef HAVE_B64_NTOP int b64_ntop(unsigned char const *, size_t, char *, size_t); diff -Paur --no-dereference -- libssl.upstream/include/compat/stdlib.h libssl/include/compat/stdlib.h --- libssl.upstream/include/compat/stdlib.h +++ libssl/include/compat/stdlib.h @@ -16,7 +16,7 @@ #ifndef LIBCRYPTOCOMPAT_STDLIB_H #define LIBCRYPTOCOMPAT_STDLIB_H -#include +/* PATCH: doesn't need to be included. */ #include #ifndef HAVE_ARC4RANDOM_BUF diff -Paur --no-dereference -- libssl.upstream/include/compat/string.h libssl/include/compat/string.h --- libssl.upstream/include/compat/string.h +++ libssl/include/compat/string.h @@ -16,7 +16,7 @@ #include_next #endif -#include +/* PATCH: doesn't need to be included. */ #if defined(__sun) || defined(_AIX) || defined(__hpux) /* Some functions historically defined in string.h were placed in strings.h by diff -Paur --no-dereference -- libssl.upstream/include/compat/sys/types.h libssl/include/compat/sys/types.h --- libssl.upstream/include/compat/sys/types.h +++ libssl/include/compat/sys/types.h @@ -16,7 +16,7 @@ #ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H #define LIBCRYPTOCOMPAT_SYS_TYPES_H -#include +/* PATCH: doesn't need to be included. */ #ifdef __MINGW32__ #include <_bsd_types.h> diff -Paur --no-dereference -- libssl.upstream/include/compat/unistd.h libssl/include/compat/unistd.h --- libssl.upstream/include/compat/unistd.h +++ libssl/include/compat/unistd.h @@ -64,9 +64,10 @@ #endif #endif -#ifndef HAVE_GETPAGESIZE -int getpagesize(void); -#endif +/* PATCH: Somehow HAVE_GETPAGESIZE doesn't get defined even though configure + does detect Sortix has it (with the fix). Sortix getpagesize returns + size_t rather than int, so remove this conflicting forward + declaration. */ #define pledge(request, paths) 0 #define unveil(path, permissions) 0 diff -Paur --no-dereference -- libssl.upstream/tests/handshake_table.c libssl/tests/handshake_table.c --- libssl.upstream/tests/handshake_table.c +++ libssl/tests/handshake_table.c @@ -19,6 +19,8 @@ #include #include #include +/* PATCH: Sortix only has the C11 and does not have __dead. */ +#include #include #include "tls13_handshake.h" @@ -152,7 +154,7 @@ uint8_t flags); void fprint_flags(FILE *stream, uint8_t flags); const char *mt2str(enum tls13_message_type mt); -__dead void usage(void); +noreturn void usage(void); int verify_table(enum tls13_message_type table[MAX_FLAGS][TLS13_NUM_MESSAGE_TYPES], int print); @@ -449,7 +451,7 @@ return success; } -__dead void +noreturn void usage(void) { fprintf(stderr, "usage: handshake_table [-C | -g]\n"); diff -Paur --no-dereference -- libssl.upstream/tests/ssltest.c libssl/tests/ssltest.c --- libssl.upstream/tests/ssltest.c +++ libssl/tests/ssltest.c @@ -143,7 +143,7 @@ #define _BSD_SOURCE 1 /* Or gethostname won't be declared properly on Linux and GNU platforms. */ #include -#include +/* PATCH: Sortix does not have and it's not needed. */ #include #include diff -Paur --no-dereference -- libssl.upstream/tls/tls_config.c libssl/tls/tls_config.c --- libssl.upstream/tls/tls_config.c +++ libssl/tls/tls_config.c @@ -721,8 +721,11 @@ } if (sb.st_uid != getuid()) { + /* PATCH: Sortix has 64-bit uid_t. */ tls_config_set_errorx(config, "session file has incorrect " - "owner (uid %i != %i)", sb.st_uid, getuid()); + "owner (uid %llu != %llu)", + (unsigned long long) sb.st_uid, + (unsigned long long) getuid()); return (-1); } mugo = sb.st_mode & (S_IRWXU|S_IRWXG|S_IRWXO);