initial top-level import

COPYING

@@ -0,0 +1,127 @@
+
+  LICENSE ISSUES
+  ==============
+
+  The OpenSSL toolkit stays under a dual license, i.e. both the conditions of
+  the OpenSSL License and the original SSLeay license apply to the toolkit.
+  See below for the actual license texts. Actually both licenses are BSD-style
+  Open Source licenses. In case of any license issues related to OpenSSL
+  please contact openssl-core@openssl.org.
+
+  OpenSSL License
+  ---------------
+
+/* ====================================================================
+ * Copyright (c) 1998-2011 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer. 
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+ Original SSLeay License
+ -----------------------
+
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ * 
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ * 
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ * 
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from 
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ * 
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ * 
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+

Makefile.am

@@ -0,0 +1,2 @@
+SUBDIRS = crypto ssl include apps tests
+ACLOCAL_AMFLAGS = -I m4

Makefile.am.common

@@ -0,0 +1,4 @@
+AM_CPPFLAGS = -I$(top_srcdir)/include
+AM_CPPFLAGS += -I$(top_srcdir)/libottery/src
+AM_CPPFLAGS += -DOPENSSL_NO_ASM
+AM_CPPFLAGS += -DLIBBSD_OVERLAY

README

@@ -0,0 +1,47 @@
+This project repackages the OpenBSD (http://www.openbsd.org/) fork of
+OpenSSL (https://www.openssl.org/), LibreSSL (http://www.libressl.org/), so
+it is buildable on other systems.
+
+To build, you need autoconf, automake and libtool installed.
+To run all unit tests, you need python installed as well.
+
+Run 'autogen.sh' followed by './configure; make; make check'
+
+To build a tarball, run 'make dist'
+
+You may need to periodically clean/dist-clean your source tree or rerun
+autogen.sh/update.sh in order to import the latest source from the git
+submodules.
+
+Warning:
+This is an alpha work-in-progress, not ready for general use. It is based on
+semi-regular snapshots of the upstream code with minimal patching (see the
+compat_fixes branches on the upstream import trees for current patches).
+
+Use it this check application compatibility, security research, code auditing,
+or to just see what the LibreSSL team is up to. Just don't use it in
+production!
+
+Please also read Nick Mathewson's warning on libottery. While we are not
+currently incorporating this library for random numbers, the warning is still
+relevant.
+    https://github.com/nmathewson/libottery
+
+Caveat Emptor:
+While this project uses compatibility shims and imports functions from
+OpenBSD's libc, it is a continual challenge to make it work exactly the same as
+if it is running on OpenBSD.  Until there is an official port of LibreSSL (and
+even after), please conduct your own audits and patches are always welcome.
+
+http://insanecoding.blogspot.com/2014/04/common-libressl-porting-mistakes.html
+http://insanecoding.blogspot.com/2014/05/a-good-idea-with-bad-usage-devurandom.html
+
+See crypto/compat for the bulk of the local compatibility code.
+
+It has been tested to build on these platforms:
+ Ubuntu 14.04 amd64 / armhf
+ Centos 6.5 i686
+ FreeBSD 10 amd64
+ Mac OS X 10.9.3
+
+Coverity Scan Status: https://scan.coverity.com/projects/2493

autogen.sh

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+./update.sh
+mkdir -p m4
+autoreconf -i -f

configure.ac

@@ -0,0 +1,95 @@
+AC_INIT([libressl], [1.0.0])
+AC_CANONICAL_TARGET
+AM_INIT_AUTOMAKE([subdir-objects])
+AC_CONFIG_MACRO_DIR([m4])
+
+m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+
+AC_SUBST([USER_CFLAGS], "-O2 $CFLAGS")
+CFLAGS="$CFLAGS -Wall -Werror -std=c99 -g -Wno-pointer-sign -DHAVE_CRYPTODEV -DLIBRESSL_INTERNAL"
+
+case $target_os in
+	*darwin*)
+		TARGET_OS=darwin;
+		LDFLAGS="$LDFLAGS -Qunused-arguments"
+		;;
+	*linux*)
+		TARGET_OS=linux;
+		CFLAGS="$CFLAGS -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
+		;;
+	*solaris*)
+		TARGET_OS=solaris;
+		CFLAGS="$CFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
+		AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
+		;;
+	*) ;;
+esac
+
+AM_CONDITIONAL(TARGET_DARWIN, test x$TARGET_OS = xdarwin)
+AM_CONDITIONAL(TARGET_LINUX, test x$TARGET_OS = xlinux)
+AM_CONDITIONAL(TARGET_SOLARIS, test x$TARGET_OS = xsolaris)
+
+AC_PROG_CC
+AC_PROG_LIBTOOL
+AC_PROG_CC_STDC
+AM_PROG_CC_C_O
+
+AC_CHECK_FUNC(strlcpy,[AC_SEARCH_LIBS(strlcpy,, [NO_STRLCPY=],
+			  [NO_STRLCPY=yes])], [NO_STRLCPY=yes])
+AC_SUBST(NO_STRLCPY)
+AM_CONDITIONAL(NO_STRLCPY, test "x$NO_STRLCPY" = "xyes")
+
+AC_CHECK_FUNC(strlcat,[AC_SEARCH_LIBS(strlcat,, [NO_STRLCAT=],
+			  [NO_STRLCAT=yes])], [NO_STRLCAT=yes])
+AC_SUBST(NO_STRLCAT)
+AM_CONDITIONAL(NO_STRLCAT, test "x$NO_STRLCAT" = "xyes")
+
+AC_CHECK_FUNC(reallocarray,[AC_SEARCH_LIBS(reallocarray,, [NO_REALLOCARRAY=],
+			  [NO_REALLOCARRAY=yes])], [NO_REALLOCARRAY=yes])
+AC_SUBST(NO_REALLOCARRAY)
+AM_CONDITIONAL(NO_REALLOCARRAY, test "x$NO_REALLOCARRAY" = "xyes")
+
+AC_CHECK_FUNC(timingsafe_bcmp,[AC_SEARCH_LIBS(timingsafe_bcmp,, [NO_TIMINGSAFE_BCMP=],
+			  [NO_TIMINGSAFE_BCMP=yes])], [NO_TIMINGSAFE_BCMP=yes])
+AC_SUBST(NO_TIMINGSAFE_BCMP)
+AM_CONDITIONAL(NO_TIMINGSAFE_BCMP, test "x$NO_TIMINGSAFE_BCMP" = "xyes")
+
+AC_CHECK_FUNC(timingsafe_memcmp,[AC_SEARCH_LIBS(timingsafe_memcmp,, [NO_TIMINGSAFE_MEMCMP=],
+			  [NO_TIMINGSAFE_MEMCMP=yes])], [NO_TIMINGSAFE_MEMCMP=yes])
+AC_SUBST(NO_TIMINGSAFE_MEMCMP)
+AM_CONDITIONAL(NO_TIMINGSAFE_MEMCMP, test "x$NO_TIMINGSAFE_MEMCMP" = "xyes")
+
+AC_CHECK_FUNC(arc4random_buf,[AC_SEARCH_LIBS(write,, [NO_ARC4RANDOM_BUF=],
+			  [NO_ARC4RANDOM_BUF=yes])], [NO_ARC4RANDOM_BUF=yes])
+AC_SUBST(NO_ARC4RANDOM_BUF)
+AM_CONDITIONAL(NO_ARC4RANDOM_BUF, test "x$NO_ARC4RANDOM_BUF" = "xyes")
+
+# overrides for arc4random_buf implementations with known issues
+AM_CONDITIONAL(NO_ARC4RANDOM_BUF,
+   test x$TARGET_OS = xdarwin \
+     -o x$TARGET_OS = xsolaris \
+	 -o x$NO_ARC4RANDOM_BUF = xyes)
+
+AC_CHECK_FUNC(getentropy,[AC_SEARCH_LIBS(write,, [NO_GETENTROPY=],
+			  [NO_GETENTROPY=yes])], [NO_GETENTROPY=yes])
+AC_SUBST(NO_GETENTROPY)
+AM_CONDITIONAL(NO_GETENTROPY, test "x$NO_GETENTROPY" = "xyes")
+
+AC_CHECK_FUNC(issetugid,[AC_SEARCH_LIBS(write,, [NO_ISSETUGID=],
+			  [NO_ISSETUGID=yes])], [NO_ISSETUGID=yes])
+AC_SUBST(NO_ISSETUGID)
+AM_CONDITIONAL(NO_ISSETUGID, test "x$NO_ISSETUGID" = "xyes")
+
+AC_CHECK_FUNC(strtonum,[AC_SEARCH_LIBS(write,, [NO_STRTONUM=],
+			  [NO_STRTONUM=yes])], [NO_STRTONUM=yes])
+AC_SUBST(NO_STRTONUM)
+AM_CONDITIONAL(NO_STRTONUM, test "x$NO_STRTONUM" = "xyes")
+
+AC_CHECK_FUNC(getauxval, AC_DEFINE(HAVE_GETAUXVAL))
+
+AC_CHECK_FUNC(funopen, AC_DEFINE(HAVE_FUNOPEN))
+
+LT_INIT
+
+AC_OUTPUT(Makefile include/Makefile include/openssl/Makefile ssl/Makefile
+          crypto/Makefile tests/Makefile apps/Makefile)

update.sh

@@ -0,0 +1,385 @@
+#!/usr/bin/env bash
+set -e
+
+# resync this library with the upstream project, remove old submodule dirs
+git submodule init
+git submodule update
+rm -fr *-openbsd
+
+libssl_src=openbsd/libssl
+libssl_regress=openbsd/libssl-regress
+libc_src=openbsd/libc
+libc_regress=openbsd/libc-regress
+libcrypto_src=openbsd/libcrypto
+libcrypto_regress=openbsd/libcrypto-regress
+
+source $libssl_src/ssl/shlib_version
+libssl_version=$major:$minor:0
+echo libssl version $libssl_version
+
+source $libcrypto_src/crypto/shlib_version
+libcrypto_version=$major:$minor:0
+echo libcrypto version $libcrypto_version
+
+crypto_subdirs=
+
+copy_src() {
+	mkdir -p $1
+	rm -f $1/*.c
+	for file in $2; do
+		cp $libssl_src/src/$1/$file $1
+	done
+}
+
+copy_hdrs() {
+	for file in $2; do
+		cp $libssl_src/src/$1/$file include/openssl
+	done
+}
+
+copy_crypto() {
+	copy_src crypto/$1 "$2"
+	crypto_subdirs="$crypto_subdirs $1"
+}
+
+cp $libssl_src/src/LICENSE COPYING
+cp $libssl_src/src/CHANGES ChangeLog
+
+cp $libcrypto_src/crypto/arch/amd64/opensslconf.h include/openssl
+cp $libssl_src/src/e_os2.h include/openssl
+cp $libssl_src/src/ssl/pqueue.h include
+
+for i in explicit_bzero.c strlcpy.c strlcat.c timingsafe_bcmp.c timingsafe_memcmp.c; do
+	cp $libc_src/string/$i crypto/compat
+done
+cp $libc_src/stdlib/reallocarray.c crypto/compat
+cp $libc_src/stdlib/strtonum.c crypto/compat
+cp $libc_src/crypt/arc4random.c crypto/compat
+cp $libc_src/crypt/chacha_private.h crypto/compat
+cp $libcrypto_src/crypto/getentropy_*.c crypto/compat
+
+(cd ./$libssl_src/src/crypto/objects/;
+	perl objects.pl objects.txt obj_mac.num obj_mac.h;
+	perl obj_dat.pl obj_mac.h obj_dat.h )
+mkdir -p include/openssl crypto/objects
+mv $libssl_src/src/crypto/objects/obj_mac.h ./include/openssl/obj_mac.h
+mv $libssl_src/src/crypto/objects/obj_dat.h ./crypto/objects/obj_dat.h
+
+copy_hdrs crypto "stack/stack.h lhash/lhash.h stack/safestack.h opensslv.h
+	ossl_typ.h err/err.h crypto.h comp/comp.h x509/x509.h buffer/buffer.h
+	objects/objects.h asn1/asn1.h bn/bn.h ec/ec.h ecdsa/ecdsa.h
+	ecdh/ecdh.h rsa/rsa.h sha/sha.h x509/x509_vfy.h pkcs7/pkcs7.h pem/pem.h
+	pem/pem2.h hmac/hmac.h rand/rand.h md5/md5.h
+	krb5/krb5_asn.h asn1/asn1_mac.h x509v3/x509v3.h conf/conf.h ocsp/ocsp.h
+	aes/aes.h modes/modes.h asn1/asn1t.h dso/dso.h bf/blowfish.h
+	bio/bio.h cast/cast.h cmac/cmac.h conf/conf_api.h des/des.h dh/dh.h
+	dsa/dsa.h cms/cms.h engine/engine.h ui/ui.h pkcs12/pkcs12.h ts/ts.h
+	md4/md4.h ripemd/ripemd.h whrlpool/whrlpool.h idea/idea.h mdc2/mdc2.h
+	rc2/rc2.h rc4/rc4.h rc5/rc5.h ui/ui_compat.h txt_db/txt_db.h chacha/chacha.h evp/evp.h
+	poly1305/poly1305.h"
+
+copy_hdrs ssl "srtp.h ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h"
+
+for i in ssl/srtp.h \
+	ssl/ssl_locl.h; do
+	cp $libssl_src/src/$i ssl
+done
+
+copy_src ssl "s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c
+	s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c
+	t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c d1_meth.c d1_srvr.c d1_clnt.c
+	d1_lib.c d1_pkt.c d1_both.c d1_enc.c d1_srtp.c ssl_lib.c ssl_err2.c
+	ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c
+	ssl_algs.c bio_ssl.c ssl_err.c t1_reneg.c s3_cbc.c pqueue.c"
+
+copy_src crypto "cryptlib.h cryptlib.c malloc-wrapper.c mem_clr.c mem_dbg.c cversion.c
+	ex_data.c cpt_err.c o_time.c o_time.h o_str.c o_init.c md32_common.h"
+
+copy_crypto aes "aes_cbc.c aes_core.c aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c aes_ctr.c
+	aes_ige.c aes_wrap.c aes_locl.h"
+
+copy_crypto asn1 "a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c
+	a_int.c a_octet.c a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_enum.c
+	a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c x_algor.c
+	x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c x_long.c x_name.c
+	x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c x_nx509.c d2i_pu.c
+	d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c
+	t_spki.c t_bitst.c tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c
+	tasn_typ.c tasn_prn.c ameth_lib.c f_int.c f_string.c n_pkey.c f_enum.c
+	x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c asn1_gen.c
+	asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c evp_asn1.c asn_pack.c
+	p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c a_set.c asn1_locl.h charmap.h"
+
+copy_crypto bf "bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c bf_locl.h bf_pi.h"
+
+copy_crypto bio "bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c
+	bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_dump.c
+	b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c bss_dgram.c b_print.c"
+
+copy_crypto bn "bn_add.c bn_asm.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c
+	bn_mod.c bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c bn_kron.c
+	bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_recp.c bn_mont.c
+	bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c bn_depr.c bn_const.c bn_x931p.c
+	bn_lcl.h bn_prime.h"
+
+copy_crypto buffer "buffer.c buf_err.c buf_str.c"
+
+copy_crypto cast "c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c cast_lcl.h
+	cast_s.h"
+
+copy_crypto chacha "chacha.c chacha-merged.c"
+
+copy_crypto cmac "cmac.c cm_ameth.c cm_pmeth.c"
+
+#copy_crypto cms "cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c
+#	cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c cms_pwri.c cms.h cms_lcl.h"
+
+copy_crypto comp "comp_lib.c comp_err.c c_rle.c c_zlib.c"
+
+copy_crypto conf "conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c
+	conf_mall.c conf_sap.c conf_def.h"
+
+copy_crypto des "cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c
+	ecb_enc.c  enc_read.c enc_writ.c fcrypt.c fcrypt_b.c ofb64enc.c ofb_enc.c
+	pcbc_enc.c qud_cksm.c rand_key.c set_key.c xcbc_enc.c str2key.c
+	cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_enc.c des_locl.h ncbc_enc.c
+	spr.h"
+
+copy_crypto dh "dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
+	dh_depr.c dh_ameth.c dh_pmeth.c dh_prn.c"
+
+copy_crypto dsa "dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c
+	dsa_sign.c dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c
+	dsa_prn.c dsa_locl.h"
+
+copy_crypto dso "dso_dlfcn.c dso_err.c dso_lib.c dso_null.c dso_openssl.c"
+
+copy_crypto ec "ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c
+	ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c ec2_smpl.c
+	ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c ecp_oct.c ec2_oct.c ec_oct.c
+	ec_lcl.h"
+
+copy_crypto ecdh "ech_lib.c ech_ossl.c ech_key.c ech_err.c ech_locl.h"
+
+copy_crypto ecdsa "ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c
+	ecs_err.c ecs_locl.h"
+
+# Engine interface is disabled
+copy_crypto engine "eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c
+	eng_table.c eng_pkey.c eng_fat.c eng_all.c tb_rsa.c tb_dsa.c tb_ecdsa.c
+	tb_dh.c tb_ecdh.c tb_rand.c tb_store.c tb_cipher.c tb_digest.c tb_pkmeth.c
+	tb_asnmth.c eng_openssl.c eng_cnf.c eng_dyn.c eng_rsax.c eng_int.h"
+
+copy_crypto err "err.c err_all.c err_prn.c"
+
+copy_crypto evp "encode.c digest.c evp_enc.c evp_key.c e_des.c e_bf.c
+	e_idea.c e_des3.c e_rc4.c e_aes.c names.c e_xcbc_d.c e_rc2.c e_cast.c
+	m_null.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c m_dss.c m_dss1.c m_mdc2.c
+	m_ripemd.c m_ecdsa.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c
+	p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c c_allc.c
+	c_alld.c evp_lib.c evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
+	e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c e_aes_cbc_hmac_sha1.c
+	e_rc4_hmac_md5.c evp_locl.h e_chacha.c evp_aead.c e_chacha20poly1305.c"
+
+copy_crypto hmac "hmac.c hm_ameth.c hm_pmeth.c"
+
+copy_crypto idea "i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c idea_lcl.h"
+
+copy_crypto krb5 "krb5_asn.c"
+
+copy_crypto lhash "lhash.c lh_stats.c"
+
+copy_crypto md4 "md4_dgst.c md4_one.c md4_locl.h"
+
+copy_crypto md5 "md5_dgst.c md5_one.c md5_locl.h"
+
+copy_crypto mdc2 "mdc2dgst.c mdc2_one.c"
+
+copy_crypto modes "cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c
+	ccm128.c xts128.c modes_lcl.h"
+
+copy_crypto objects "o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c obj_xref.h"
+
+copy_crypto ocsp "ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c
+	ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c"
+
+copy_crypto pem "pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
+	pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c"
+
+copy_crypto pkcs12 "p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c
+	p12_decr.c p12_init.c p12_key.c p12_kiss.c p12_mutl.c p12_utl.c p12_npas.c
+	pk12err.c p12_p8d.c p12_p8e.c"
+
+copy_crypto pkcs7 "pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c
+	pk7_attr.c pk7_mime.c bio_pk7.c"
+
+copy_crypto poly1305 "poly1305-donna.c poly1305.c"
+
+copy_crypto rand "randfile.c rand_err.c rand_lib.c"
+
+copy_crypto rc2 "rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c rc2_locl.h"
+
+copy_crypto rc4 "rc4_enc.c rc4_skey.c rc4_utl.c rc4_locl.h"
+
+copy_crypto ripemd "rmd_dgst.c rmd_one.c rmd_locl.h rmdconst.h"
+
+copy_crypto rsa "rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
+	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_pss.c
+	rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c rsa_pmeth.c
+	rsa_crpt.c rsa_locl.h"
+
+copy_crypto sha "sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c sha_locl.h"
+
+copy_crypto stack "stack.c"
+
+copy_crypto ts "ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c
+	ts_rsp_print.c ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c
+	ts_conf.c ts_asn1.c"
+
+copy_crypto txt_db "txt_db.c"
+
+copy_crypto ui "ui_err.c ui_lib.c ui_openssl.c ui_util.c ui_locl.h"
+
+copy_crypto whrlpool "wp_block.c wp_dgst.c wp_locl.h"
+
+copy_crypto x509 "x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c
+	x509_req.c x509spki.c x509_vfy.c x509_set.c x509cset.c x509rset.c
+	x509_err.c x509name.c x509_v3.c x509_ext.c x509_att.c x509type.c x509_lu.c
+	x_all.c x509_txt.c x509_trs.c by_file.c by_dir.c x509_vpm.c"
+
+copy_crypto x509v3 "v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c
+	v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c
+	v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c
+	v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c
+	pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c
+	pcy_int.h ext_dat.h"
+
+copy_src apps "apps.c apps.h asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c
+	dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c
+	errstr.c gendh.c gendsa.c genpkey.c genrsa.c nseq.c ocsp.c openssl.c
+	openssl.cnf passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c
+	prime.c progs.h rand.c req.c rsa.c rsautl.c s_apps.h s_cb.c s_client.c
+	s_server.c s_socket.c s_time.c sess_id.c smime.c speed.c spkac.c
+	testdsa.h testrsa.h timeouts.h ts.c verify.c version.c x509.c"
+
+rm -f tests/*.c
+for i in aead/aeadtest.c aeswrap/aes_wrap.c base64/base64test.c bf/bftest.c \
+	bio/biotest.c bn/general/bntest.c bn/mont/mont.c \
+	cast/casttest.c chacha/chachatest.c cts128/cts128test.c \
+	des/destest.c dh/dhtest.c dsa/dsatest.c ec/ectest.c ecdh/ecdhtest.c \
+	ecdsa/ecdsatest.c engine/enginetest.c evp/evptest.c exp/exptest.c \
+	gcm128/gcm128test.c hmac/hmactest.c idea/ideatest.c ige/igetest.c \
+	md4/md4test.c md5/md5test.c mdc2/mdc2test.c poly1305/poly1305test.c \
+	pkcs7/pkcs7test.c pqueue/pq_test.c rand/randtest.c rc2/rc2test.c \
+	rc4/rc4test.c rmd/rmdtest.c sha/shatest.c sha1/sha1test.c \
+	sha256/sha256test.c sha512/sha512test.c utf8/utf8test.c; do
+	 cp $libcrypto_regress/$i tests
+done
+cp $libc_regress/arc4random-fork/arc4random-fork.c tests/arc4randomforktest.c
+cp $libc_regress/explicit_bzero/explicit_bzero.c tests
+cp $libc_regress/timingsafe/timingsafe.c tests
+
+for i in ssl/ssltest.c ssl/testssl certs/ca.pem certs/server.pem; do
+	cp $libssl_regress/$i tests
+done
+
+# do not directly run all test programs
+test_excludes=(aeadtest evptest pq_test ssltest arc4randomforktest)
+(cd tests
+	cp Makefile.am.tpl Makefile.am
+
+	for i in `ls -1 *.c|sort`; do
+		TEST=`echo $i|sed -e "s/\.c//"`
+		if ! [[ ${test_excludes[*]} =~ "$TEST" ]]; then
+			echo "TESTS += $TEST" >> Makefile.am
+		fi
+		echo "check_PROGRAMS += $TEST" >> Makefile.am
+		echo "${TEST}_SOURCES = $i" >> Makefile.am
+		echo "${TEST}_LDADD = \$(PLATFORM_LDADD)" >> Makefile.am
+		echo "${TEST}_LDADD += \$(top_builddir)/ssl/libssl.la" >> Makefile.am
+		echo "${TEST}_LDADD += \$(top_builddir)/crypto/libcrypto.la" >> Makefile.am
+	done
+)
+cp $libcrypto_regress/evp/evptests.txt tests
+cp $libcrypto_regress/aead/aeadtests.txt tests
+cp $libcrypto_regress/pqueue/expected.txt tests/pq_expected.txt
+chmod 755 tests/testssl
+for i in "${test_excludes[@]}"; do
+	echo "TESTS += ${i}.sh" >> tests/Makefile.am
+	echo "EXTRA_DIST += ${i}.sh" >> tests/Makefile.am
+done
+echo "EXTRA_DIST += aeadtests.txt" >> tests/Makefile.am
+echo "EXTRA_DIST += evptests.txt" >> tests/Makefile.am
+echo "EXTRA_DIST += pq_expected.txt" >> tests/Makefile.am
+echo "EXTRA_DIST += testssl ca.pem server.pem" >> tests/Makefile.am
+
+(cd include/openssl
+	cp Makefile.am.tpl Makefile.am
+	for i in `ls -1 *.h|sort`; do
+		echo "opensslinclude_HEADERS += $i" >> Makefile.am
+	done
+)
+
+# remove unsupported __bounded__ attributes
+bounded_excludes=(
+	include/openssl/bio.h
+	include/openssl/buffer.h
+	include/openssl/md5.h
+	include/openssl/sha.h
+	crypto/chacha/chacha-merged.c
+	)
+for i in "${bounded_excludes[@]}"; do
+	sed -ie 's/__attribute__.*((__bounded__.*/;/' $i
+done
+
+(cd ssl
+	sed -e "s/libssl-version/${libssl_version}/" Makefile.am.tpl > Makefile.am
+	for i in `ls -1 *.c|sort`; do
+		echo "libssl_la_SOURCES += $i" >> Makefile.am
+	done
+	for i in `ls -1 *.h|sort`; do
+		echo "noinst_HEADERS += $i" >> Makefile.am
+	done
+)
+
+# do not directly compile C files that are included in other C files
+crypto_excludes=(
+	des/ncbc_enc.c
+	chacha/chacha-merged.c
+	poly1305/poly1305-donna.c
+	)
+(cd crypto
+	sed -e "s/libcrypto-version/${libcrypto_version}/" Makefile.am.tpl > Makefile.am
+	for i in `ls -1 *.c|sort`; do
+		echo "libcrypto_la_SOURCES += $i" >> Makefile.am
+	done
+	for i in `ls -1 *.h|sort`; do
+		echo "noinst_HEADERS += $i" >> Makefile.am
+	done
+	for subdir in $crypto_subdirs; do
+		for i in `ls -1 $subdir/*.c|sort`; do
+			if ! [[ ${crypto_excludes[*]} =~ $i ]]; then
+				echo "libcrypto_la_SOURCES += $i" >> Makefile.am
+			fi
+		done
+		headers=`ls -1 $subdir/*.h 2>/dev/null |sort`
+		if [ "$headers" != "" ]; then
+			for i in $headers; do
+				echo "noinst_HEADERS += $i" >> Makefile.am
+			done
+		fi
+	done
+	for i in "${crypto_excludes[@]}"; do
+		echo "EXTRA_libcrypto_la_SOURCES += ${i}" >> Makefile.am
+	done
+)
+
+(cd apps
+	cp Makefile.am.tpl Makefile.am
+	for i in `ls -1 *.c|sort`; do
+		echo "openssl_SOURCES += $i" >> Makefile.am
+	done
+	for i in `ls -1 *.h|sort`; do
+		echo "noinst_HEADERS += $i" >> Makefile.am
+	done
+)