diff --git a/ports/libressl/0001-enable-ocspcheck-on-msvc.patch b/ports/libressl/0001-enable-ocspcheck-on-msvc.patch new file mode 100644 index 00000000000..fa1884a2e45 --- /dev/null +++ b/ports/libressl/0001-enable-ocspcheck-on-msvc.patch @@ -0,0 +1,254 @@ +diff --git a/apps/ocspcheck/CMakeLists.txt b/apps/ocspcheck/CMakeLists.txt +index 3c80458..e8d3bf5 100644 +--- a/apps/ocspcheck/CMakeLists.txt ++++ b/apps/ocspcheck/CMakeLists.txt +@@ -1,5 +1,3 @@ +-if(NOT MSVC) +- + set( + OCSPCHECK_SRC + http.c +@@ -13,13 +11,27 @@ else() + set(OCSPCHECK_SRC ${OCSPCHECK_SRC} compat/memmem.c) + endif() + ++check_function_exists(getopt HAVE_GETOPT) ++if(HAVE_GETOPT) ++ add_definitions(-DHAVE_GETOPT) ++else() ++ set(GETOPT_SRC compat/getopt.c) ++endif() ++ ++check_function_exists(ftruncate HAVE_FTRUNCATE) ++if(HAVE_FTRUNCATE) ++ add_definitions(-DHAVE_FTRUNCATE) ++else() ++ set(FTRUNCATE_SRC compat/ftruncate.c) ++endif() ++ + if(NOT "${OPENSSLDIR}" STREQUAL "") + add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\") + else() + add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\") + endif() + +-add_executable(ocspcheck ${OCSPCHECK_SRC}) ++add_executable(ocspcheck ${OCSPCHECK_SRC} ${GETOPT_SRC} ${FTRUNCATE_SRC}) + target_include_directories(ocspcheck PRIVATE . ./compat ../../include/compat) + target_link_libraries(ocspcheck tls ${OPENSSL_LIBS}) + +@@ -28,5 +40,3 @@ if(ENABLE_LIBRESSL_INSTALL) + install(FILES ocspcheck.8 DESTINATION ${CMAKE_INSTALL_MANDIR}/man8) + + endif(ENABLE_LIBRESSL_INSTALL) +- +-endif() +diff --git a/apps/ocspcheck/compat/ftruncate.c b/apps/ocspcheck/compat/ftruncate.c +new file mode 100644 +index 0000000..e825e50 +--- /dev/null ++++ b/apps/ocspcheck/compat/ftruncate.c +@@ -0,0 +1,17 @@ ++/* ++ * Public domain ++ * ++ * Kinichiro Inoguchi ++ */ ++ ++#ifdef _WIN32 ++ ++#include ++ ++int ++ftruncate(int fd, off_t length) ++{ ++ return _chsize(fd, length); ++} ++ ++#endif +diff --git a/apps/ocspcheck/compat/getopt.c b/apps/ocspcheck/compat/getopt.c +new file mode 100644 +index 0000000..ff05743 +--- /dev/null ++++ b/apps/ocspcheck/compat/getopt.c +@@ -0,0 +1,131 @@ ++/* ++ * Public domain ++ * ++ * EternalPhane ++ */ ++ ++#include ++#include ++ ++#include "getopt.h" ++ ++char *optarg = NULL; ++int optind = 0, optopt = '?'; ++ ++typedef int bool; ++#define true 1 ++#define false 0 ++ ++static int nonopt_begin = 0, nonopt_end = 0; ++ ++void clear_buf(); ++ ++void permute(char *const argv[]) ++{ ++ static char* buf = NULL; ++ if (!argv && buf) ++ return free(buf); ++ if (!buf) ++ atexit(clear_buf); ++ if (nonopt_begin == nonopt_end) ++ { ++ nonopt_begin = nonopt_end = optind; ++ return; ++ } ++ int nonopt_size = nonopt_end - nonopt_begin, ++ opt_size = optind - nonopt_end; ++ if (nonopt_size <= opt_size) ++ { ++ if (!realloc(buf, nonopt_size)) ++ free(buf), buf = malloc(nonopt_size); ++ memcpy(buf, nonopt_begin, nonopt_size); ++ memmove(nonopt_begin, nonopt_end, opt_size); ++ memcpy(nonopt_begin + opt_size, buf, nonopt_size); ++ } ++ else ++ { ++ if (!realloc(buf, opt_size)) ++ free(buf), buf = malloc(opt_size); ++ memcpy(buf, nonopt_end, opt_size); ++ memmove(nonopt_begin + opt_size, nonopt_begin, nonopt_size); ++ memcpy(nonopt_begin, buf, opt_size); ++ } ++ nonopt_begin += opt_size; ++ nonopt_end = optind; ++} ++ ++void clear_buf() ++{ ++ permute(NULL); ++} ++ ++int getopt(int argc, char *const argv[], const char *optstring) ++{ ++ static char *nextchar = NULL; ++ static bool posixly_correct = false, always_return_nonopt = false; ++ if (optind >= argc) ++ return -1; ++ if (!optind) ++ { ++ nonopt_begin = nonopt_end = 0; ++ posixly_correct = '+' == optstring[0] || getenv("POSIXLY_CORRECT"); ++ always_return_nonopt = '-' == optstring[0]; ++ if (posixly_correct || always_return_nonopt) ++ optstring++; ++ } ++ if (!nextchar || !*nextchar) ++ { ++ if (!posixly_correct && !always_return_nonopt) ++ { ++ int temp = optind++; ++ for (;;) ++ { ++ if (++temp >= argc || !strcmp("--", argv[temp])) ++ { ++ permute(argv); ++ if (temp < argc) ++ { ++ optind = temp + 1; ++ permute(argv); ++ } ++ optind = nonopt_begin; ++ return -1; ++ } ++ if ('-' == argv[temp][0] && argv[temp][1]) ++ break; ++ } ++ if (temp > optind) ++ { ++ permute(argv); ++ nonopt_end = optind = temp; ++ } ++ nextchar = argv[optind] + 1; ++ } ++ else ++ { ++ if (++optind >= argc || !strcmp("--", argv[optind])) ++ return -1; ++ if ('-' != argv[optind][0] || !argv[optind][1]) ++ return posixly_correct ? -1 : (optarg = argv[optind++], 1); ++ } ++ } ++ const char *temp = strchr(optstring, *nextchar++); ++ if (!temp) ++ return optopt = *(nextchar - 1), '?'; ++ if (':' == temp[1]) ++ { ++ bool err = false; ++ if (':' == temp[2]) ++ optarg = *nextchar ? nextchar : NULL; ++ else if (*nextchar) ++ optarg = nextchar; ++ else if ('-' != argv[++optind][0]) ++ optarg = argv[optind]; ++ else ++ return nextchar = argv[optind] + 1, ++ optopt = *temp, ++ ':' == optstring[0] ? ':' : '?'; ++ nextchar += strlen(nextchar); ++ } ++ return *temp; ++} +diff --git a/apps/ocspcheck/compat/getopt.h b/apps/ocspcheck/compat/getopt.h +new file mode 100644 +index 0000000..ada142e +--- /dev/null ++++ b/apps/ocspcheck/compat/getopt.h +@@ -0,0 +1,15 @@ ++/* ++ * Public domain ++ * ++ * EternalPhane ++ */ ++ ++#ifndef GETOPT_H__ ++#define GETOPT_H__ ++ ++extern char *optarg; ++extern int optind, opterr, optopt; ++ ++int getopt(int argc, char *const argv[], const char *optstring); ++ ++#endif +\ No newline at end of file +diff --git a/apps/ocspcheck/ocspcheck.c b/apps/ocspcheck/ocspcheck.c +index 551a8fa..c608578 100644 +--- a/apps/ocspcheck/ocspcheck.c ++++ b/apps/ocspcheck/ocspcheck.c +@@ -519,6 +519,10 @@ main(int argc, char **argv) + ssize_t written, w; + short port; + ++#ifndef HAVE_GETOPT ++#include "getopt.h" ++#endif ++ + while ((ch = getopt(argc, argv, "C:i:No:v")) != -1) { + switch (ch) { + case 'C': +diff --git a/include/compat/unistd.h b/include/compat/unistd.h +index f521b94..f11db44 100644 +--- a/include/compat/unistd.h ++++ b/include/compat/unistd.h +@@ -23,6 +23,7 @@ ssize_t pwrite(int d, const void *buf, size_t nbytes, off_t offset); + #include + #include + ++#define STDIN_FILENO 0 + #define STDOUT_FILENO 1 + #define STDERR_FILENO 2 + diff --git a/ports/libressl/0002-suppress-msvc-warnings.patch b/ports/libressl/0002-suppress-msvc-warnings.patch new file mode 100644 index 00000000000..7a5bf0038ec --- /dev/null +++ b/ports/libressl/0002-suppress-msvc-warnings.patch @@ -0,0 +1,47 @@ +diff --git a/CMakeLists.txt b/CMakeLists.txt +index a6a7554..b20fd4b 100644 +--- a/CMakeLists.txt ++++ b/CMakeLists.txt +@@ -111,6 +111,11 @@ if(WIN32) + set(PLATFORM_LIBS ${PLATFORM_LIBS} ws2_32) + endif() + ++if(MSVC AND MSVC_VERSION GREATER_EQUAL 1912) ++ message(STATUS "Setting /Qspectre switch") ++ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /Qspectre") ++endif() ++ + if(MSVC) + add_definitions(-Dinline=__inline) + message(STATUS "Using [${CMAKE_C_COMPILER_ID}] compiler") +@@ -123,16 +128,29 @@ if(MSVC) + "C4127" # conditional expression is constant + "C4146" # unary minus operator applied to unsigned type, + # result still unsigned ++ "C4242" # 'identifier' : conversion from 'type1' to 'type2', ++ # possible loss of data + "C4244" # 'argument' : conversion from 'type1' to 'type2', + # possible loss of data + "C4245" # 'conversion' : conversion from 'type1' to 'type2', + # signed/unsigned mismatch ++ "C4255" # 'function' : no function prototype given: ++ # converting '()' to '(void)' + "C4267" # 'var' : conversion from 'size_t' to 'type', + # possible loss of data ++ "C4388" # 'expression': signed/unsigned mismatch + "C4389" # 'operator' : signed/unsigned mismatch ++ "C4464" # relative include path contains '..' ++ "C4668" # 'symbol' is not defined as a preprocessor macro, ++ # replacing with '0' for 'directives' + "C4706" # assignment within conditional expression ++ "C4710" # 'function' : function not inlined ++ "C4711" # function 'function' selected for inline expansion ++ "C4820" # 'bytes' bytes padding added after construct 'member_name' + "C4996" # The POSIX name for this item is deprecated. + # Instead, use the ISO C and C++ conformant name ++ "C5045" # Compiler will insert Spectre mitigation for memory load ++ # if /Qspectre switch specified + ) + elseif(CMAKE_C_COMPILER_ID MATCHES "Intel") + add_definitions(-D_CRT_SUPPRESS_RESTRICT) + diff --git a/ports/libressl/CONTROL b/ports/libressl/CONTROL new file mode 100644 index 00000000000..989dbfdeb99 --- /dev/null +++ b/ports/libressl/CONTROL @@ -0,0 +1,6 @@ +Source: libressl +Version: 2.9.1 +Description: LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes. + +Feature: tools +Description: Build openssl and ocspcheck executables \ No newline at end of file diff --git a/ports/libressl/portfile.cmake b/ports/libressl/portfile.cmake new file mode 100644 index 00000000000..d99ee1b6246 --- /dev/null +++ b/ports/libressl/portfile.cmake @@ -0,0 +1,90 @@ +cmake_minimum_required(VERSION 3.13) + +if(VCPKG_CMAKE_SYSTEM_NAME STREQUAL "WindowsStore") + message(FATAL_ERROR "${PORT} does not currently support UWP") +endif() +if (VCPKG_TARGET_ARCHITECTURE STREQUAL "arm") + message(FATAL_ERROR "${PORT} does not support ARM") +endif() + +include(vcpkg_common_functions) + +set(LIBRESSL_VERSION 2.9.1) +set(LIBRESSL_HASH 7051911e566bb093c48a70da72c9981b870e3bf49a167ba6c934eece873084cc41221fbe3cd0c8baba268d0484070df7164e4b937854e716337540a87c214354) + +vcpkg_download_distfile( + LIBRESSL_SOURCE_ARCHIVE + URLS https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/${PORT}-${LIBRESSL_VERSION}.tar.gz + FILENAME ${PORT}-${LIBRESSL_VERSION}.tar.gz + SHA512 ${LIBRESSL_HASH} +) + +vcpkg_extract_source_archive_ex( + OUT_SOURCE_PATH SOURCE_PATH + ARCHIVE "${LIBRESSL_SOURCE_ARCHIVE}" + REF ${LIBRESSL_VERSION} + PATCHES + 0001-enable-ocspcheck-on-msvc.patch + 0002-suppress-msvc-warnings.patch +) + +set(BUILD_SHARED_LIBS OFF) +if(VCPKG_LIBRARY_LINKAGE STREQUAL dynamic) + set(BUILD_SHARED_LIBS ON) +endif() + +set(LIBRESSL_APPS OFF) +if("tools" IN_LIST FEATURES) + set(LIBRESSL_APPS ON) +endif() + +vcpkg_configure_cmake( + SOURCE_PATH ${SOURCE_PATH} + PREFER_NINJA + OPTIONS + -DLIBRESSL_APPS=${LIBRESSL_APPS} + -DLIBRESSL_TESTS=OFF + -DBUILD_SHARED_LIBS=${BUILD_SHARED_LIBS} + OPTIONS_DEBUG + -DLIBRESSL_APPS=OFF +) + +vcpkg_install_cmake() + +if(LIBRESSL_APPS) + if(NOT VCPKG_CMAKE_SYSTEM_NAME OR VCPKG_CMAKE_SYSTEM_NAME STREQUAL WindowsStore) + set(EXECUTABLE_SUFFIX .exe) + endif() + file(MAKE_DIRECTORY "${CURRENT_PACKAGES_DIR}/tools/openssl") + file(RENAME "${CURRENT_PACKAGES_DIR}/bin/openssl${EXECUTABLE_SUFFIX}" "${CURRENT_PACKAGES_DIR}/tools/openssl/openssl${EXECUTABLE_SUFFIX}") + file(RENAME "${CURRENT_PACKAGES_DIR}/bin/ocspcheck${EXECUTABLE_SUFFIX}" "${CURRENT_PACKAGES_DIR}/tools/openssl/ocspcheck${EXECUTABLE_SUFFIX}") + vcpkg_copy_tool_dependencies("${CURRENT_PACKAGES_DIR}/tools/openssl") +endif() + +if(NOT BUILD_SHARED_LIBS) + file(REMOVE_RECURSE + "${CURRENT_PACKAGES_DIR}/bin" + "${CURRENT_PACKAGES_DIR}/debug/bin" + ) +endif() +file(REMOVE_RECURSE + "${CURRENT_PACKAGES_DIR}/etc/ssl/certs" + "${CURRENT_PACKAGES_DIR}/share/man" + "${CURRENT_PACKAGES_DIR}/debug/include" + "${CURRENT_PACKAGES_DIR}/debug/share" +) +if(VCPKG_CMAKE_SYSTEM_NAME AND NOT VCPKG_CMAKE_SYSTEM_NAME STREQUAL WindowsStore) + file(REMOVE_RECURSE "${CURRENT_PACKAGES_DIR}/debug/lib/pkgconfig") +endif() + +vcpkg_copy_pdbs() + +file(INSTALL "${SOURCE_PATH}/COPYING" DESTINATION "${CURRENT_PACKAGES_DIR}/share/${PORT}" RENAME copyright) + +if((NOT VCPKG_CMAKE_SYSTEM_NAME OR VCPKG_CMAKE_SYSTEM_NAME STREQUAL WindowsStore) AND BUILD_SHARED_LIBS) + file(GLOB_RECURSE LIBS "${CURRENT_PACKAGES_DIR}/*.lib") + foreach(LIB ${LIBS}) + string(REGEX REPLACE "(.+)-[0-9]+\\.lib" "\\1.lib" LINK "${LIB}") + execute_process(COMMAND "${CMAKE_COMMAND}" -E create_symlink "${LIB}" "${LINK}") + endforeach() +endif()