aboutsummaryrefslogtreecommitdiffstats
path: root/testing
diff options
context:
space:
mode:
authorWilliam Pitcock <nenolod@dereferenced.org>2018-10-13 11:34:45 -0500
committerWilliam Pitcock <nenolod@dereferenced.org>2018-10-13 11:38:52 -0500
commitb8e9780813989d6e55cd48ca0b96a2e521a75660 (patch)
tree7fd76adc6162842ff5ed35eeb0cb55359302d6fb /testing
parentaf1db7f2648388315f975cf3b637cb27e423148c (diff)
downloadaports-b8e9780813989d6e55cd48ca0b96a2e521a75660.tar.gz
aports-b8e9780813989d6e55cd48ca0b96a2e521a75660.tar.bz2
aports-b8e9780813989d6e55cd48ca0b96a2e521a75660.tar.xz
testing/libtls-standalone: new aport
libtls extricated from libressl, built against openssl. also, probably one of the ugliest hacks i have ever done.
Diffstat (limited to 'testing')
-rw-r--r--testing/libtls-standalone/APKBUILD55
-rw-r--r--testing/libtls-standalone/Makefile81
-rw-r--r--testing/libtls-standalone/libtls-ciphers.patch25
-rw-r--r--testing/libtls-standalone/test_program.c11
-rw-r--r--testing/libtls-standalone/tls_compat.c379
-rw-r--r--testing/libtls-standalone/tls_compat.h25
6 files changed, 576 insertions, 0 deletions
diff --git a/testing/libtls-standalone/APKBUILD b/testing/libtls-standalone/APKBUILD
new file mode 100644
index 0000000000..8719a73eda
--- /dev/null
+++ b/testing/libtls-standalone/APKBUILD
@@ -0,0 +1,55 @@
+# Maintainer: William Pitcock <nenolod@dereferenced.org>
+pkgname=libtls-standalone
+pkgver=2.7.4
+_namever=${pkgname}${pkgver%.*}
+pkgrel=0
+pkgdesc="libtls extricated from libressl sources"
+url="http://www.libressl.org/"
+arch="all"
+license="ISC"
+depends=""
+makedepends="libbsd-dev openssl-dev"
+replaces="libressl-libtls libressl2.7-libtls"
+subpackages="$pkgname-dbg $pkgname-dev $pkgname-doc"
+source="https://ftp.openbsd.org/pub/OpenBSD/libressl/libressl-$pkgver.tar.gz
+ Makefile
+ tls_compat.c
+ tls_compat.h
+ test_program.c
+ libtls-ciphers.patch
+ "
+libressl_src="$srcdir/libressl-$pkgver"
+builddir="$srcdir"
+
+prepare() {
+ cd "$builddir"
+ rm -rf "$libressl_src"/include/openssl
+
+ cd "$libressl_src"
+ patch -p1 < "$srcdir"/libtls-ciphers.patch
+}
+
+build() {
+ cd "$builddir"
+
+ make PREFIX=/usr LIBRESSL_SRCDIR="${libressl_src}" LIBRESSL_VERSION="${pkgver}"
+}
+
+check() {
+ cd "$builddir"
+ make PREFIX=/usr LIBRESSL_SRCDIR="${libressl_src}" LIBRESSL_VERSION="${pkgver}" check
+}
+
+package() {
+ cd "$builddir"
+
+ make PREFIX=/usr LIBRESSL_SRCDIR="${libressl_src}" LIBRESSL_VERSION="${pkgver}" DESTDIR="${pkgdir}" install
+ install -Dm644 "${libressl_src}"/COPYING "$pkgdir"/usr/share/licenses/$pkgname/COPYING
+}
+
+sha512sums="1cd82a1bff4f655251b5feb0c850f4164e0fd548e4b404407370f74dcc75c205f42efc7787a157eecac84cbbe46af48cb63f46b3fef75f4a0a9ea19a5863a691 libressl-2.7.4.tar.gz
+28e08af50fbcb286d413a2df2b063ee90675561c1501d24d33e17c142b85f404a27c4954644d65e367c925981e514dcaad6d311c768162cd02f3eea0db15d14d Makefile
+b08c24948c18ba85472693f429dc8c7732aeebdea447e9e57a5be19b8c37d18dec0775159236b8b07bd1e40b57e9dc632b838c5d40d96d631f24d713ccd1ae1f tls_compat.c
+c73352962a76ca5cba571f4b8b4decaff86849c737893523198b696ab808934a10df9dc42c4cece7640e007dcc1b4f5778cdf04b498fec5c058a4c9a2206c749 tls_compat.h
+71d36fe25c95a0a45497e3f699b01dddcaae9053dd1b1e2419df94272c47024cf6516c51c902129201061601b04a72551904b15a332a4cf53358983b5db73618 test_program.c
+21a0f62eb76bb7737ebc3fe96de844831a237e09ff46886267c3d1ec4612a5a5de4534e84b2548c640b0f6d19c414d22d6c495b03bee6b437cfa171aa82c3198 libtls-ciphers.patch"
diff --git a/testing/libtls-standalone/Makefile b/testing/libtls-standalone/Makefile
new file mode 100644
index 0000000000..453804d41e
--- /dev/null
+++ b/testing/libtls-standalone/Makefile
@@ -0,0 +1,81 @@
+PREFIX = /usr/local
+EXEC_PREFIX = ${PREFIX}
+LIBDIR = ${PREFIX}/lib
+INCLUDEDIR = ${PREFIX}/include
+
+LIBRESSL_VERSION = 1.0
+LIBTLS_SOVERSION = 17
+LIBTLS_FULLVERSION = 17.0.1
+
+OPENSSL_CFLAGS = $(shell pkgconf openssl --cflags)
+OPENSSL_LIBS = $(shell pkgconf openssl --libs)
+
+CFLAGS = -Wall -Wno-pointer-sign -fPIC -DPIC -shared -include tls_compat.h -isystem ${LIBRESSL_SRCDIR}/include/compat ${OPENSSL_CFLAGS} -I ${LIBRESSL_SRCDIR}/include \
+ -D__BEGIN_HIDDEN_DECLS= -D__END_HIDDEN_DECLS=
+LDFLAGS = -fPIC -DPIC -shared -Wl,-soname,libtls.so.${LIBTLS_SOVERSION} ${OPENSSL_LIBS}
+
+SOURCES = \
+ tls_compat.c \
+ ${LIBRESSL_SRCDIR}/tls/tls.c \
+ ${LIBRESSL_SRCDIR}/tls/tls_bio_cb.c \
+ ${LIBRESSL_SRCDIR}/tls/tls_client.c \
+ ${LIBRESSL_SRCDIR}/tls/tls_config.c \
+ ${LIBRESSL_SRCDIR}/tls/tls_conninfo.c \
+ ${LIBRESSL_SRCDIR}/tls/tls_keypair.c \
+ ${LIBRESSL_SRCDIR}/tls/tls_ocsp.c \
+ ${LIBRESSL_SRCDIR}/tls/tls_peer.c \
+ ${LIBRESSL_SRCDIR}/tls/tls_server.c \
+ ${LIBRESSL_SRCDIR}/tls/tls_util.c \
+ ${LIBRESSL_SRCDIR}/tls/tls_verify.c \
+ ${LIBRESSL_SRCDIR}/crypto/compat/arc4random.c \
+ ${LIBRESSL_SRCDIR}/crypto/compat/arc4random_uniform.c \
+ ${LIBRESSL_SRCDIR}/crypto/compat/freezero.c \
+ ${LIBRESSL_SRCDIR}/crypto/compat/reallocarray.c \
+ ${LIBRESSL_SRCDIR}/crypto/compat/timingsafe_memcmp.c
+
+OBJECTS = ${SOURCES:.c=.o}
+
+all: dumpconfig libtls.so.${LIBTLS_FULLVERSION} libtls.pc
+
+dumpconfig:
+ @echo "Building with:"
+ @echo " LIBRESSL_SRCDIR = ${LIBRESSL_SRCDIR}"
+ @echo " OPENSSL_CFLAGS = ${OPENSSL_CFLAGS}"
+ @echo " OPENSSL_LIBS = ${OPENSSL_LIBS}"
+
+.c.o:
+ ${CC} ${CFLAGS} -o $@ -c $<
+
+libtls.so.${LIBTLS_FULLVERSION}: ${OBJECTS}
+ ${CC} ${CFLAGS} ${LDFLAGS} -o $@ ${OBJECTS} ${OPENSSL_LIBS}
+
+check: test_program
+ LD_PRELOAD=./libtls.so.${LIBTLS_FULLVERSION} ./test_program
+
+test_program: test_program.c
+ ${CC} -I${LIBRESSL_SRCDIR}/include -o $@ test_program.c ./libtls.so.${LIBTLS_FULLVERSION}
+
+clean:
+ rm -f ${OBJECTS}
+ rm -f libtls.so.${LIBTLS_FULLVERSION}
+ rm -f test_program
+
+install:
+ install -D -m755 libtls.so.${LIBTLS_FULLVERSION} ${DESTDIR}${PREFIX}/lib/libtls.so.${LIBTLS_FULLVERSION}
+ ln -sf libtls.so.${LIBTLS_FULLVERSION} ${DESTDIR}${PREFIX}/lib/libtls.so.${LIBTLS_SOVERSION}
+
+ install -D -m644 ${LIBRESSL_SRCDIR}/include/tls.h ${DESTDIR}${PREFIX}/include/tls.h
+
+ install -D -m644 libtls.pc ${DESTDIR}${PREFIX}/lib/pkgconfig/libtls.pc
+
+libtls.pc: ${LIBRESSL_SRCDIR}/libtls.pc.in
+ sed -e s:@prefix@:${PREFIX}:g \
+ -e s:@exec_prefix@:${EXEC_PREFIX}:g \
+ -e s:@libdir@:${LIBDIR}:g \
+ -e s:@includedir@:${INCLUDEDIR}:g \
+ -e s:@LIBS@:-ltls:g \
+ -e s:@PLATFORM_LDADD@::g \
+ -e s:@VERSION@:${LIBRESSL_VERSION}:g \
+ ${LIBRESSL_SRCDIR}/libtls.pc.in > libtls.pc
+
+.DUMMY: check dumpconfig clean install
diff --git a/testing/libtls-standalone/libtls-ciphers.patch b/testing/libtls-standalone/libtls-ciphers.patch
new file mode 100644
index 0000000000..b037944655
--- /dev/null
+++ b/testing/libtls-standalone/libtls-ciphers.patch
@@ -0,0 +1,25 @@
+--- libressl-2.7.4.orig/tls/tls_internal.h
++++ libressl-2.7.4/tls/tls_internal.h
+@@ -30,10 +30,10 @@
+ #define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
+ #endif
+
+-#define TLS_CIPHERS_DEFAULT "TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
+ #define TLS_CIPHERS_COMPAT "HIGH:!aNULL"
+ #define TLS_CIPHERS_LEGACY "HIGH:MEDIUM:!aNULL"
+ #define TLS_CIPHERS_ALL "ALL:!aNULL:!eNULL"
++#define TLS_CIPHERS_DEFAULT TLS_CIPHERS_COMPAT
+
+ #define TLS_ECDHE_CURVES "X25519,P-256,P-384"
+
+--- libressl-2.7.4.orig/tls/tls_internal.h
++++ libressl-2.7.4/tls/tls_internal.h
+@@ -35,7 +35,7 @@
+ #define TLS_CIPHERS_ALL "ALL:!aNULL:!eNULL"
+ #define TLS_CIPHERS_DEFAULT TLS_CIPHERS_COMPAT
+
+-#define TLS_ECDHE_CURVES "X25519,P-256,P-384"
++#define TLS_ECDHE_CURVES "P-256,P-384"
+
+ union tls_addr {
+ struct in_addr ip4;
diff --git a/testing/libtls-standalone/test_program.c b/testing/libtls-standalone/test_program.c
new file mode 100644
index 0000000000..f8d7332d72
--- /dev/null
+++ b/testing/libtls-standalone/test_program.c
@@ -0,0 +1,11 @@
+#include <stdlib.h>
+#include <assert.h>
+#include <tls.h>
+
+int
+main(int argc, const char *argv[])
+{
+ assert(tls_init() == 0);
+
+ return EXIT_SUCCESS;
+}
diff --git a/testing/libtls-standalone/tls_compat.c b/testing/libtls-standalone/tls_compat.c
new file mode 100644
index 0000000000..aeff845237
--- /dev/null
+++ b/testing/libtls-standalone/tls_compat.c
@@ -0,0 +1,379 @@
+/*
+ * Copyright (c) 2016 Tai Chi Minh Ralph Eastwood <tcmreastwood@gmail.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <openssl/opensslv.h>
+#include <openssl/x509_vfy.h>
+#include <openssl/ssl.h>
+#include <stdlib.h>
+#include <string.h>
+#include <fcntl.h>
+#include <unistd.h>
+#include <sys/stat.h>
+#include <ctype.h>
+
+int SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len)
+{
+ char fname[] = "/tmp/libtlscompatXXXXXX";
+ int rc;
+ int fd;
+
+ fd = mkstemp(fname);
+
+ if (fd < 0)
+ return -1;
+ do {
+ ssize_t wrote = write(fd, buf, len);
+ if(wrote == -1) {
+ break;
+ } else {
+ buf = (char *)buf + wrote;
+ len -= wrote;
+ }
+ } while(len);
+ close(fd);
+ rc = SSL_CTX_load_verify_locations(ctx, fname, NULL);
+ remove(fname);
+ return rc;
+}
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <sys/types.h>
+
+#include <unistd.h>
+#include <stdio.h>
+
+#include <openssl/err.h>
+#include <openssl/bio.h>
+#include <openssl/objects.h>
+#include <openssl/evp.h>
+#include <openssl/x509.h>
+#include <openssl/pem.h>
+#include <openssl/ssl.h>
+
+int
+SSL_CTX_use_certificate_chain_mem(SSL_CTX *ctx, char *buf, off_t len)
+{
+ int ret;
+ BIO*in;
+ X509*x;
+ X509*ca;
+ unsigned long err;
+
+ ret = 0;
+ x = ca = NULL;
+
+ if ((in = BIO_new_mem_buf(buf, len)) == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_BUF_LIB);
+ goto end;
+ }
+
+ if ((x = PEM_read_bio_X509(in, NULL,
+ ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata)) == NULL) {
+ SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE, ERR_R_PEM_LIB);
+ goto end;
+ }
+
+ if (!SSL_CTX_use_certificate(ctx, x) || ERR_peek_error() != 0)
+ goto end;
+
+ /* If we could set up our certificate, now proceed to
+ * the CA certificates.
+ */
+
+ if (ctx->extra_certs != NULL) {
+ sk_X509_pop_free(ctx->extra_certs, X509_free);
+ ctx->extra_certs = NULL;
+ }
+
+ while ((ca = PEM_read_bio_X509(in, NULL,
+ ctx->default_passwd_callback,
+ ctx->default_passwd_callback_userdata)) != NULL) {
+
+ if (!SSL_CTX_add_extra_chain_cert(ctx, ca))
+ goto end;
+ }
+
+ err = ERR_peek_last_error();
+ if (ERR_GET_LIB(err) == ERR_LIB_PEM &&
+ ERR_GET_REASON(err) == PEM_R_NO_START_LINE)
+ ERR_clear_error();
+ else
+ goto end;
+
+ ret = 1;
+end:
+ if (ca != NULL)
+ X509_free(ca);
+ if (x != NULL)
+ X509_free(x);
+ if (in != NULL)
+ BIO_free(in);
+ return (ret);
+}
+
+/*
+ * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * Parse an RFC 5280 format ASN.1 time string.
+ *
+ * mode must be:
+ * 0 if we expect to parse a time as specified in RFC 5280 from an X509 object.
+ * V_ASN1_UTCTIME if we wish to parse on RFC5280 format UTC time.
+ * V_ASN1_GENERALIZEDTIME if we wish to parse an RFC5280 format Generalized time.
+ *
+ * Returns:
+ * -1 if the string was invalid.
+ * V_ASN1_UTCTIME if the string validated as a UTC time string.
+ * V_ASN1_GENERALIZEDTIME if the string validated as a Generalized time string.
+ *
+ * Fills in *tm with the corresponding time if tm is non NULL.
+ */
+
+#define GENTIME_LENGTH 15
+#define UTCTIME_LENGTH 13
+
+#define ATOI2(ar) ((ar) += 2, ((ar)[-2] - '0') * 10 + ((ar)[-1] - '0'))
+int
+ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode)
+{
+ size_t i;
+ int type = 0;
+ struct tm ltm;
+ struct tm *lt;
+ const char *p;
+
+ if (bytes == NULL)
+ return (-1);
+
+ /* Constrain to valid lengths. */
+ if (len != UTCTIME_LENGTH && len != GENTIME_LENGTH)
+ return (-1);
+
+ lt = tm;
+ if (lt == NULL) {
+ memset(&ltm, 0, sizeof(ltm));
+ lt = &ltm;
+ }
+
+ /* Timezone is required and must be GMT (Zulu). */
+ if (bytes[len - 1] != 'Z')
+ return (-1);
+
+ /* Make sure everything else is digits. */
+ for (i = 0; i < len - 1; i++) {
+ if (isdigit((unsigned char)bytes[i]))
+ continue;
+ return (-1);
+ }
+
+ /*
+ * Validate and convert the time
+ */
+ p = bytes;
+ switch (len) {
+ case GENTIME_LENGTH:
+ if (mode == V_ASN1_UTCTIME)
+ return (-1);
+ lt->tm_year = (ATOI2(p) * 100) - 1900; /* cc */
+ type = V_ASN1_GENERALIZEDTIME;
+ /* FALLTHROUGH */
+ case UTCTIME_LENGTH:
+ if (type == 0) {
+ if (mode == V_ASN1_GENERALIZEDTIME)
+ return (-1);
+ type = V_ASN1_UTCTIME;
+ }
+ lt->tm_year += ATOI2(p); /* yy */
+ if (type == V_ASN1_UTCTIME) {
+ if (lt->tm_year < 50)
+ lt->tm_year += 100;
+ }
+ lt->tm_mon = ATOI2(p) - 1; /* mm */
+ if (lt->tm_mon < 0 || lt->tm_mon > 11)
+ return (-1);
+ lt->tm_mday = ATOI2(p); /* dd */
+ if (lt->tm_mday < 1 || lt->tm_mday > 31)
+ return (-1);
+ lt->tm_hour = ATOI2(p); /* HH */
+ if (lt->tm_hour < 0 || lt->tm_hour > 23)
+ return (-1);
+ lt->tm_min = ATOI2(p); /* MM */
+ if (lt->tm_min < 0 || lt->tm_min > 59)
+ return (-1);
+ lt->tm_sec = ATOI2(p); /* SS */
+ /* Leap second 60 is not accepted. Reconsider later? */
+ if (lt->tm_sec < 0 || lt->tm_sec > 59)
+ return (-1);
+ break;
+ default:
+ return (-1);
+ }
+
+ return (type);
+}
+
+int
+SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen)
+{
+ return 1;
+}
+
+/* $OpenBSD: a_time_tm.c,v 1.14 2017/08/28 17:42:47 jsing Exp $ */
+/*
+ * Copyright (c) 2015 Bob Beck <beck@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <ctype.h>
+#include <limits.h>
+#include <stdio.h>
+#include <string.h>
+#include <time.h>
+
+#include <openssl/asn1t.h>
+#include <openssl/err.h>
+
+#define RFC5280 0
+#define GENTIME_LENGTH 15
+#define UTCTIME_LENGTH 13
+
+int
+ASN1_time_tm_cmp(struct tm *tm1, struct tm *tm2)
+{
+ if (tm1->tm_year < tm2->tm_year)
+ return (-1);
+ if (tm1->tm_year > tm2->tm_year)
+ return (1);
+ if (tm1->tm_mon < tm2->tm_mon)
+ return (-1);
+ if (tm1->tm_mon > tm2->tm_mon)
+ return (1);
+ if (tm1->tm_mday < tm2->tm_mday)
+ return (-1);
+ if (tm1->tm_mday > tm2->tm_mday)
+ return (1);
+ if (tm1->tm_hour < tm2->tm_hour)
+ return (-1);
+ if (tm1->tm_hour > tm2->tm_hour)
+ return (1);
+ if (tm1->tm_min < tm2->tm_min)
+ return (-1);
+ if (tm1->tm_min > tm2->tm_min)
+ return (1);
+ if (tm1->tm_sec < tm2->tm_sec)
+ return (-1);
+ if (tm1->tm_sec > tm2->tm_sec)
+ return (1);
+ return 0;
+}
+
+int
+ASN1_time_tm_clamp_notafter(struct tm *tm)
+{
+ if (sizeof(time_t) < 8) {
+ struct tm broken_os_epoch_tm;
+ time_t broken_os_epoch_time = INT_MAX;
+
+ if (gmtime_r(&broken_os_epoch_time, &broken_os_epoch_tm) == NULL)
+ return 0;
+
+ if (ASN1_time_tm_cmp(tm, &broken_os_epoch_tm) == 1)
+ memcpy(tm, &broken_os_epoch_tm, sizeof(*tm));
+ }
+
+ return 1;
+}
diff --git a/testing/libtls-standalone/tls_compat.h b/testing/libtls-standalone/tls_compat.h
new file mode 100644
index 0000000000..6f91171cf8
--- /dev/null
+++ b/testing/libtls-standalone/tls_compat.h
@@ -0,0 +1,25 @@
+#include <openssl/opensslv.h>
+#include <openssl/x509_vfy.h>
+
+#ifndef LIBTLS_TLS_COMPAT_H
+#define LIBTLS_TLS_COMPAT_H
+
+#ifndef X509_V_FLAG_NO_CHECK_TIME
+#define X509_V_FLAG_NO_CHECK_TIME 0
+#endif
+
+#ifndef SSL_OP_NO_CLIENT_RENEGOTIATION
+#define SSL_OP_NO_CLIENT_RENEGOTIATION 0
+#endif
+
+int SSL_CTX_load_verify_mem(SSL_CTX *ctx, void *buf, int len);
+
+int ASN1_time_parse(const char *bytes, size_t len, struct tm *tm, int mode);
+
+int SSL_CTX_use_certificate_chain_mem(SSL_CTX *, char *buf, off_t);
+
+int SSL_CTX_set1_groups(SSL_CTX *ctx, int *glist, int glistlen);
+
+#define SSL_CTX_set_dh_auto(...)
+
+#endif