don't hardcode a fixed # of jobs for make

thanks to gschutijser from github for pointing it out

.gitignore

@@ -9,6 +9,10 @@
 # C stuff
 *.o
 
+# Assembly stuff
+*.S
+*.s
+
 # Windows stuff
 *.obj
 *.exe
@@ -43,6 +47,7 @@ test-driver
 tests/aes_wrap*
 tests/arc4random_fork*
 tests/explicit_bzero*
+tests/gost2814789t*
 tests/mont*
 tests/timingsafe*
 tests/*test
@@ -74,7 +79,6 @@ INSTALL
 /config.status
 /config.sub
 /configure
-/configure.ac
 /depcomp
 /config.h
 /config.h.in
@@ -85,21 +89,27 @@ INSTALL
 /stamp-h1
 /stamp-h2
 
-crypto/Makefile.am
 include/openssl/Makefile.am
-ssl/Makefile.am
-apps/Makefile.am
 tests/Makefile.am
 
+crypto/VERSION
+ssl/VERSION
+tls/VERSION
+
 ssl/*.c
 ssl/*.h
+tls/*.c
+tls/*.h
 include/pqueue.h
+include/tls.h
 include/openssl/*.h
 include/openssl/*.he
-apps/*.c
 apps/*.h
-apps/*.cnf
+apps/*.c
 apps/openssl
+apps/openssl.cnf
+!apps/apps_win.c
+!apps/poll_win.c
 
 crypto/compat/arc4random.c
 crypto/compat/chacha_private.h
@@ -110,7 +120,6 @@ crypto/compat/strlcat.c
 crypto/compat/strlcpy.c
 crypto/compat/strndup.c
 crypto/compat/strnlen.c
-crypto/compat/strtonum.c
 crypto/compat/timingsafe_bcmp.c
 crypto/compat/timingsafe_memcmp.c
 crypto/compat/arc4random_*.h
@@ -121,7 +130,9 @@ crypto/bf/
 crypto/bio/
 crypto/bn/
 crypto/buffer/
+crypto/camellia/
 crypto/cast/
+crypto/camellia/
 crypto/chacha/
 crypto/cmac/
 crypto/comp/
@@ -141,6 +152,7 @@ crypto/engine/
 crypto/err/
 crypto/evp/
 crypto/ex_data.c
+crypto/gost/
 crypto/hmac/
 crypto/idea/
 crypto/krb5/
@@ -178,9 +190,10 @@ crypto/whrlpool/
 crypto/x509/
 crypto/x509v3/
 openbsd/
+*.tar.gz
+apps/*.1*
 man/*.3
 man/*.1
 man/Makefile.am
 .gitmodules
-ChangeLog
 COPYING

ChangeLog

@@ -0,0 +1,101 @@
+Because this project is maintained both in the OpenBSD tree using CVS and in
+Git, it can be confusing following all of the changes.
+
+Most of the libssl and libcrypto source code is is here in OpenBSD CVS:
+
+	http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libssl/
+
+Some of the libcrypto and OS-compatibility files for entropy and random number
+generation are here:
+
+	http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libcrypto/
+
+A new simplified SSL wrapper library is here:
+
+	http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib/libtls/
+
+The LibreSSL Portable project copies these portions of the OpenBSD tree, along
+with relevant portions of the C library, to a Git repository. This makes it
+easier to follow all of the relevant changes to the upstream project in a
+single place:
+
+	https://github.com/libressl-portable/openbsd/commits/master
+
+The portable bits of the project are largely maintained out-of-tree, and their
+history is also available from Git.
+
+	https://github.com/libressl-portable/portable/commits/master
+
+LibreSSL Portable Release Notes:
+
+2.1.2 - Many new features and improvements
+	* Added reworked GOST cipher suite support
+	   thanks to Dmitry Eremin-Solenikov
+
+	* Enabled Camellia ciphers due to improved patent situation
+
+	* Use builtin arc4random implementation on OS X and FreeBSD
+	   this addresses some deficiencies in the native implementations of
+	   these operating systems, see commit logs for more information
+
+	* Added initial Windows mingw-w64 support (32 and 64-bit)
+	   thanks to Song Dongsheng and others for code and feedback
+
+	* Enabled assembly optimizations on x86_64 CPUs
+	   supports Linux, *BSD, Solaris and OS X operating systems
+	   thanks to Wouter Clarie for the initial implementation
+
+	* Added no_ssl3/no_tls1_1/no_tls1_2 options to openssl(1)
+
+	* Improved build infrastructure, 'make distcheck' now passes
+	   this simplifies and speeds developer efficiency
+	   thanks to Dmitry Eremin-Solenikov and Wouter Clarie
+
+	* Allow conditional building of the libtls library
+	   expect the API and ABI of the library to change
+	   feedback is welcome
+
+	* Fixes for more memory leaks, cleanups, etc.
+
+2.1.1 - Security update
+	* Address POODLE attack by disabling SSLv3 by default
+
+	* Fix Eliptical Curve cipher selection bug
+	  (https://github.com/libressl-portable/portable/issues/35)
+
+2.1.0 - First release from the OpenBSD 5.7 tree
+	* Added support for automatic ephemeral EC keys
+
+	* Fixes for many memory leaks and overflows in error handlers
+
+	* The TLS padding extension (that works around bugs in F5 terminators) is
+	  off by default
+
+	* support for getrandom(2) on Linux 3.17
+
+	* the NO_ASM macro is no longer being set, providing the first bits toward
+	  enabling other assembly offloads.
+
+2.0.5 - Fixes for CVEs from OpenSSL 1.0.1i
+	* CVE-2014-3506
+	* CVE-2014-3507
+	* CVE-2014-3508 (partially vulnerable)he
+	* CVE-2014-3509
+	* CVE-2014-3510
+	* CVE-2014-3511
+	* Synced LibreSSL Portable with the release version of OpenBSD 5.6
+
+2.0.4 - Portability fixes, deleted unused SRP code
+
+2.0.3 - Portability fixes, improvements to fork detection
+
+2.0.2 - Address arc4random fork PID wraparound issues with pthread_atfork
+
+2.0.1 - Portability fixes:
+	* Removed -Werror and and other non-portable compiler flags
+
+	* Allow setting OPENSSLDIR and ENGINSDIR
+
+2.0.0 - First release from the OpenBSD 5.6 tree
+	* Removal of many obsolete features and coding conventions from the OpenSSL
+	  1.0.1h source

Makefile.am

@@ -1,5 +1,11 @@
-SUBDIRS = crypto ssl include apps tests man
+SUBDIRS = crypto ssl tls include apps tests man
 ACLOCAL_AMFLAGS = -I m4
 
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcrypto.pc libssl.pc openssl.pc
+
+if ENABLE_LIBTLS
+pkgconfig_DATA += libtls.pc
+endif
+
+EXTRA_DIST = VERSION

Makefile.am.common

@@ -1,4 +1,2 @@
 AM_CPPFLAGS = -I$(top_srcdir)/include
-AM_CPPFLAGS += -DOPENSSL_NO_ASM
-AM_CPPFLAGS += -DHAVE_CRYPTODEV
 AM_CPPFLAGS += -DLIBRESSL_INTERNAL

OPENBSD_BRANCH

@@ -0,0 +1 @@
+master

README

@@ -1,5 +1,5 @@
 This package is the official portable version of LibreSSL
-(http://www.libressl.org).
+	(http://www.libressl.org).
 
 LibreSSL is a fork of OpenSSL developed by the OpenBSD project
 (http://www.openbsd.org). LibreSSL is developed on OpenBSD. This
@@ -7,28 +7,40 @@ package then adds portability shims for other operating systems.
 
 Official release tarballs are available at your friendly neighborhood
 OpenBSD mirror in directory LibreSSL, e.g.:
-http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
-although it is suggested you use a mirror. 
 
-Development is done in the upstream OpenBSD codebase.  A github clone
-of the official repositories is kept at:
-https://github.com/libressl-portable
-We update this repository from the OpenBSD respositories
-semi-frequently, so changes may not show up in GitHub immediately. 
-The GitHub repository should be used for informational purposes
-only.
+	http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
 
-./configure && make check && make install
+although we suggest that you use a mirror:
 
-See crypto/compat for the bulk of the local compatibility code. 
+	http://www.openbsd.org/ftp.html
 
-It will likely build on any reasonably modern version of Linux, Solaris,
-or OSX with a sane compiler and C library.
+The LibreSSL portable build framework is also mirrored in Github:
 
-Note: Our policy is generally to use your system provided intrinsics.
-If your system provides security sensitive functions (such as
-arc4random(), issetugid(), calloc(), getentropy(), and others) we will
-assume they are implemented correctly and securely. If they are
-not please contact your OS provider. 
+	https://github.com/libressl-portable/portable
 
+If you have checked this source using Git, follow these initial steps to
+prepare the source tree for building:
 
+ 1. ensure you have the following packages installed:
+	automake, autoconf, bash, git, libtool, perl, pod2man
+ 2. run './autogen.sh' to prepare the source tree for building
+    or run './dist.sh' to prepare a tarball.
+
+Once you have a source tree from Git or FTP, run these commands to build and
+install the package:
+
+  ./configure   # see ./configure --help for configuration options
+  make check    # runs builtin unit tests
+  make install  # set DESTDIR= to install to an alternate location
+
+The resulting library and 'openssl' utility is largely API-compatible with
+OpenSSL 1.0.1. However, it is not ABI compatible - you will need to relink your
+programs to LibreSSL in order to use it, just as in moving from OpenSSL 0.9.8
+to 1.0.1.
+
+The project attempts to provide working alternatives for operating systems with
+limited or broken security primitives (e.g. arc4random(3), issetugid(2)) and
+assists with improving OS-native implementations where possible.
+
+LibreSSL portable will build on any reasonably modern version of Linux,
+Solaris, or OSX with a standards-compliant compiler and C library.

VERSION

@@ -1 +1 @@
-2.1.0
+2.1.2

apps/Makefile.am

@@ -0,0 +1,82 @@
+include $(top_srcdir)/Makefile.am.common
+
+bin_PROGRAMS = openssl
+
+openssl_CFLAGS = $(USER_CFLAGS)
+openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
+openssl_LDADD += $(top_builddir)/ssl/libssl.la
+openssl_LDADD += $(top_builddir)/crypto/libcrypto.la
+
+openssl_SOURCES = apps.c
+openssl_SOURCES += asn1pars.c
+openssl_SOURCES += ca.c
+openssl_SOURCES += ciphers.c
+openssl_SOURCES += cms.c
+openssl_SOURCES += crl.c
+openssl_SOURCES += crl2p7.c
+openssl_SOURCES += dgst.c
+openssl_SOURCES += dh.c
+openssl_SOURCES += dhparam.c
+openssl_SOURCES += dsa.c
+openssl_SOURCES += dsaparam.c
+openssl_SOURCES += ec.c
+openssl_SOURCES += ecparam.c
+openssl_SOURCES += enc.c
+openssl_SOURCES += engine.c
+openssl_SOURCES += errstr.c
+openssl_SOURCES += gendh.c
+openssl_SOURCES += gendsa.c
+openssl_SOURCES += genpkey.c
+openssl_SOURCES += genrsa.c
+openssl_SOURCES += nseq.c
+openssl_SOURCES += ocsp.c
+openssl_SOURCES += openssl.c
+openssl_SOURCES += passwd.c
+openssl_SOURCES += pkcs12.c
+openssl_SOURCES += pkcs7.c
+openssl_SOURCES += pkcs8.c
+openssl_SOURCES += pkey.c
+openssl_SOURCES += pkeyparam.c
+openssl_SOURCES += pkeyutl.c
+openssl_SOURCES += prime.c
+openssl_SOURCES += rand.c
+openssl_SOURCES += req.c
+openssl_SOURCES += rsa.c
+openssl_SOURCES += rsautl.c
+openssl_SOURCES += s_cb.c
+openssl_SOURCES += s_client.c
+openssl_SOURCES += s_server.c
+openssl_SOURCES += s_socket.c
+openssl_SOURCES += s_time.c
+openssl_SOURCES += sess_id.c
+openssl_SOURCES += smime.c
+openssl_SOURCES += speed.c
+openssl_SOURCES += spkac.c
+openssl_SOURCES += ts.c
+openssl_SOURCES += verify.c
+openssl_SOURCES += version.c
+openssl_SOURCES += x509.c
+
+if HOST_WIN
+openssl_SOURCES += apps_win.c
+else
+openssl_SOURCES += apps_posix.c
+endif
+
+if !HAVE_POLL
+if HOST_WIN
+openssl_SOURCES += poll_win.c
+endif
+endif
+
+if !HAVE_STRTONUM
+openssl_SOURCES += strtonum.c
+endif
+
+noinst_HEADERS = apps.h
+noinst_HEADERS += progs.h
+noinst_HEADERS += s_apps.h
+noinst_HEADERS += testdsa.h
+noinst_HEADERS += testrsa.h
+noinst_HEADERS += timeouts.h
+noinst_HEADERS += openssl.cnf

apps/Makefile.am.tpl

@@ -1,15 +0,0 @@
-include $(top_srcdir)/Makefile.am.common
-
-bin_PROGRAMS = openssl
-
-openssl_CFLAGS = $(USER_CFLAGS)
-openssl_LDADD = $(PLATFORM_LDADD)
-openssl_LDADD += $(top_builddir)/ssl/libssl.la
-openssl_LDADD += $(top_builddir)/crypto/libcrypto.la
-
-openssl_SOURCES =
-noinst_HEADERS =
-
-if NO_STRTONUM
-openssl_SOURCES += strtonum.c
-endif

apps/apps_win.c

@@ -0,0 +1,29 @@
+/*
+ * Public domain
+ *
+ * Dongsheng Song <dongsheng.song@gmail.com>
+ * Brent Cook <bcook@openbsd.org>
+ */
+
+#include <windows.h>
+
+#include "apps.h"
+
+double
+app_tminterval(int stop, int usertime)
+{
+	static unsigned __int64 tmstart;
+	union {
+		unsigned __int64 u64;
+		FILETIME ft;
+	} ct, et, kt, ut;
+
+	GetProcessTimes(GetCurrentProcess(), &ct.ft, &et.ft, &kt.ft, &ut.ft);
+
+	if (stop == TM_START) {
+		tmstart = ut.u64 + kt.u64;
+	} else {
+		return (ut.u64 + kt.u64 - tmstart) / (double) 10000000;
+	}
+	return 0;
+}

apps/poll_win.c

@@ -0,0 +1,334 @@
+/*
+ * Public domain
+ *
+ * poll(2) emulation for Windows
+ *
+ * This emulates just-enough poll functionality on Windows to work in the
+ * context of the openssl(1) program. This is not a replacement for
+ * POSIX.1-2001 poll(2), though it may come closer than I care to admit.
+ *
+ * Dongsheng Song <dongsheng.song@gmail.com>
+ * Brent Cook <bcook@openbsd.org>
+ */
+
+#include <conio.h>
+#include <errno.h>
+#include <io.h>
+#include <poll.h>
+#include <ws2tcpip.h>
+
+static int
+conn_is_closed(int fd)
+{
+	char buf[1];
+	int ret = recv(fd, buf, 1, MSG_PEEK);
+	if (ret == -1) {
+		switch (WSAGetLastError()) {
+		case WSAECONNABORTED:
+		case WSAECONNRESET:
+		case WSAENETRESET:
+		case WSAESHUTDOWN:
+			return 1;
+		}
+	}
+	return 0;
+}
+
+static int
+conn_has_oob_data(int fd)
+{
+	char buf[1];
+	return (recv(fd, buf, 1, MSG_PEEK | MSG_OOB) == 1);
+}
+
+static int
+is_socket(int fd)
+{
+	WSANETWORKEVENTS events;
+	return (WSAEnumNetworkEvents((SOCKET)fd, NULL, &events) == 0);
+}
+
+static int
+compute_select_revents(int fd, short events,
+    fd_set *rfds, fd_set *wfds, fd_set *efds)
+{
+	int rc = 0;
+
+	if ((events & (POLLIN | POLLRDNORM | POLLRDBAND)) &&
+			FD_ISSET(fd, rfds)) {
+		if (conn_is_closed(fd))
+			rc |= POLLHUP;
+		else
+			rc |= POLLIN | POLLRDNORM;
+	}
+
+	if ((events & (POLLOUT | POLLWRNORM | POLLWRBAND)) &&
+			FD_ISSET(fd, wfds))
+		rc |= POLLOUT;
+
+	if (FD_ISSET(fd, efds)) {
+		if (conn_is_closed(fd))
+			rc |= POLLHUP;
+		else if (conn_has_oob_data(fd))
+			rc |= POLLRDBAND | POLLPRI;
+	}
+
+	return rc;
+}
+
+static int
+compute_wait_revents(HANDLE h, short events, int object, int wait_rc)
+{
+	int rc = 0;
+	INPUT_RECORD record;
+	DWORD num_read;
+
+	/*
+	 * Assume we can always write to file handles (probably a bad
+	 * assumption but works for now, at least it doesn't block).
+	 */
+	if (events & (POLLOUT | POLLWRNORM))
+		rc |= POLLOUT;
+
+	/*
+	 * Check if this handle was signaled by WaitForMultipleObjects
+	 */
+	if (wait_rc >= WAIT_OBJECT_0 && (object == (wait_rc - WAIT_OBJECT_0))
+	    && (events & (POLLIN | POLLRDNORM))) {
+
+		/*
+		 * Check if this file is stdin, and if so, if it is a console.
+		 */
+		if (h == GetStdHandle(STD_INPUT_HANDLE) &&
+		    PeekConsoleInput(h, &record, 1, &num_read) == 1) {
+
+			/*
+			 * Handle the input console buffer differently,
+			 * since it can signal on other events like
+			 * window and mouse, but read can still block.
+			 */
+			if (record.EventType == KEY_EVENT &&
+			    record.Event.KeyEvent.bKeyDown) {
+				rc |= POLLIN;
+			} else {
+				/*
+				 * Flush non-character events from the
+				 * console buffer.
+				 */
+				ReadConsoleInput(h, &record, 1, &num_read);
+			}
+		} else {
+			rc |= POLLIN;
+		}
+	}
+
+	return rc;
+}
+
+static int
+wsa_select_errno(int err)
+{
+	switch (err) {
+	case WSAEINTR:
+	case WSAEINPROGRESS:
+		errno = EINTR;
+		break;
+	case WSAEFAULT:
+		/*
+		 * Windows uses WSAEFAULT for both resource allocation failures
+		 * and arguments not being contained in the user's address
+		 * space. So, we have to choose EFAULT or ENOMEM.
+		 */
+		errno = EFAULT;
+		break;
+	case WSAEINVAL:
+		errno = EINVAL;
+		break;
+	case WSANOTINITIALISED:
+		errno = EPERM;
+		break;
+	case WSAENETDOWN:
+		errno = ENOMEM;
+		break;
+	}
+	return -1;
+}
+
+int
+poll(struct pollfd *pfds, nfds_t nfds, int timeout_ms)
+{
+	nfds_t i;
+	int timespent_ms, looptime_ms;
+
+#define FD_IS_SOCKET (1 << 0)
+	int fd_state[FD_SETSIZE];
+	int num_fds;
+
+	/*
+	 * select machinery
+	 */
+	fd_set rfds, wfds, efds;
+	int rc;
+	int num_sockets;
+
+	/*
+	 * wait machinery
+	 */
+	DWORD wait_rc;
+	HANDLE handles[FD_SETSIZE];
+	int num_handles;
+
+	if (pfds == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
+	if (nfds <= 0) {
+		return 0;
+	}
+
+	FD_ZERO(&rfds);
+	FD_ZERO(&wfds);
+	FD_ZERO(&efds);
+	num_fds = 0;
+	num_sockets = 0;
+	num_handles = 0;
+
+	for (i = 0; i < nfds; i++) {
+		if ((int)pfds[i].fd < 0) {
+			continue;
+		}
+
+		if (is_socket(pfds[i].fd)) {
+			if (num_sockets >= FD_SETSIZE) {
+				errno = EINVAL;
+				return -1;
+			}
+
+			fd_state[num_fds] = FD_IS_SOCKET;
+
+			FD_SET(pfds[i].fd, &efds);
+
+			if (pfds[i].events &
+			    (POLLIN | POLLRDNORM | POLLRDBAND)) {
+				FD_SET(pfds[i].fd, &rfds);
+			}
+
+			if (pfds[i].events &
+			    (POLLOUT | POLLWRNORM | POLLWRBAND)) {
+				FD_SET(pfds[i].fd, &wfds);
+			}
+			num_sockets++;
+
+		} else {
+			if (num_handles >= FD_SETSIZE) {
+				errno = EINVAL;
+				return -1;
+			}
+
+			handles[num_handles++] =
+			    (HANDLE)_get_osfhandle(pfds[i].fd);
+		}
+
+		num_fds++;
+	}
+
+	/*
+	 * Determine if the files, pipes, sockets, consoles, etc. have signaled.
+	 *
+	 * Do this by alternating a loop between WaitForMultipleObjects for
+	 * non-sockets and and select for sockets.
+	 *
+	 * I tried to implement this all in terms of WaitForMultipleObjects
+	 * with a select-based 'poll' of the sockets at the end to get extra
+	 * specific socket status.
+	 *
+	 * However, the cost of setting up an event handle for each socket and
+	 * cleaning them up reliably was pretty high. Since the event handle
+	 * associated with a socket is also global, creating a new one here
+	 * cancels one that may exist externally to this function.
+	 *
+	 * At any rate, even if global socket event handles were not an issue,
+	 * the 'FD_WRITE' status of a socket event handle does not behave in an
+	 * expected fashion, being triggered by an edge on a write buffer rather
+	 * than simply triggering if there is space available.
+	 */
+	timespent_ms = 0;
+	wait_rc = 0;
+
+	if (timeout_ms < 0) {
+		timeout_ms = INFINITE;
+	}
+	looptime_ms = timeout_ms > 100 ? 100 : timeout_ms;
+
+	do {
+		struct timeval tv = {0, looptime_ms * 1000};
+
+		/*
+		 * Check if any file handles have signaled
+		 */
+		if (num_handles) {
+			wait_rc = WaitForMultipleObjects(num_handles, handles, FALSE, 0);
+			if (wait_rc == WAIT_FAILED) {
+				/*
+				 * The documentation for WaitForMultipleObjects
+				 * does not specify what values GetLastError
+				 * may return here. Rather than enumerate
+				 * badness like for wsa_select_errno, assume a
+				 * general errno value.
+				 */
+				errno = ENOMEM;
+				return 0;
+			}
+		}
+
+		/*
+		 * If we signaled on a file handle, don't wait on the sockets.
+		 */
+		if (wait_rc >= WAIT_OBJECT_0)
+			tv.tv_usec = 0;
+
+		/*
+		 * Check if any sockets have signaled
+		 */
+		rc = select(0, &rfds, &wfds, &efds, &tv);
+		if (rc == SOCKET_ERROR) {
+			return wsa_select_errno(WSAGetLastError());
+		}
+
+		if (wait_rc >= WAIT_OBJECT_0 || (num_sockets && rc > 0))
+			break;
+
+		timespent_ms += looptime_ms;
+
+	} while (timespent_ms < timeout_ms);
+
+	rc = 0;
+	num_handles = 0;
+	num_fds = 0;
+	for (i = 0; i < nfds; i++) {
+		pfds[i].revents = 0;
+
+		if ((int)pfds[i].fd < 0)
+			continue;
+
+		if (fd_state[num_fds] & FD_IS_SOCKET) {
+			pfds[i].revents = compute_select_revents(pfds[i].fd,
+			    pfds[i].events, &rfds, &wfds, &efds);
+
+		} else {
+			pfds[i].revents = compute_wait_revents(
+			    handles[num_handles], pfds[i].events, num_handles,
+			    wait_rc);
+			num_handles++;
+		}
+
+		num_fds++;
+
+		if (pfds[i].revents)
+			rc++;
+	}
+
+	return rc;
+}
+

config

@@ -0,0 +1,17 @@
+#!/bin/sh
+
+# This file exists for backwards-compatibility with build systems that expect a
+# config script similar to OpenSSL's.
+
+# New software should prefer the native configure script over this one.
+
+ARGS=""
+for var in "$@"; do
+	case $var in
+		no-shared ) ARGS="$ARGS --disable-shared";;
+		no-asm    ) ARGS="$ARGS --disable-asm";;
+		--prefix* ) ARGS="$ARGS $var";;
+	esac
+done
+
+./configure $ARGS

configure.ac

@@ -0,0 +1,185 @@
+AC_INIT([libressl], m4_esyscmd([tr -d '\n' < VERSION]))
+AC_SUBST([LIBCRYPTO_VERSION], m4_esyscmd([tr -d '\n' < crypto/VERSION]))
+AC_SUBST([LIBSSL_VERSION], m4_esyscmd([tr -d '\n' < ssl/VERSION]))
+AC_SUBST([LIBTLS_VERSION], m4_esyscmd([tr -d '\n' < tls/VERSION]))
+
+AC_CANONICAL_HOST
+AM_INIT_AUTOMAKE([subdir-objects])
+AC_CONFIG_MACRO_DIR([m4])
+
+m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
+
+AC_SUBST([USER_CFLAGS], "-O2 $CFLAGS")
+CFLAGS="$CFLAGS -Wall -std=gnu99 -g"
+
+case $host_os in
+	*darwin*)
+		HOST_OS=darwin
+		HOST_ABI=macosx
+		;;
+	*freebsd*)
+		HOST_OS=freebsd
+		HOST_ABI=elf
+		AC_SUBST([PROG_LDADD], ['-lthr'])
+		;;
+	*linux*)
+		HOST_OS=linux
+		HOST_ABI=elf
+		CFLAGS="$CFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
+		;;
+	*openbsd*)
+		HOST_ABI=elf
+		AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
+		;;
+	*mingw*)
+		HOST_OS=win
+		CFLAGS="$CFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600 -DOPENSSL_NO_SPEED -D__USE_MINGW_ANSI_STDIO"
+		AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
+		;;
+	*solaris*)
+		HOST_OS=solaris
+		HOST_ABI=elf
+		CFLAGS="$CFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
+		AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
+		;;
+	*) ;;
+esac
+
+AM_CONDITIONAL([HOST_DARWIN],  [test x$HOST_OS = xdarwin])
+AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
+AM_CONDITIONAL([HOST_LINUX],   [test x$HOST_OS = xlinux])
+AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
+AM_CONDITIONAL([HOST_WIN],     [test x$HOST_OS = xwin])
+
+AC_CHECK_FUNC([clock_gettime],,
+	[AC_SEARCH_LIBS([clock_gettime],[rt posix4])])
+
+AC_CHECK_FUNC([dl_iterate_phdr],,
+	[AC_SEARCH_LIBS([dl_iterate_phdr],[dl])])
+
+AM_PROG_AS
+AC_PROG_CC
+AC_PROG_LIBTOOL
+AC_PROG_CC_STDC
+AM_PROG_CC_C_O
+
+save_cflags="$CFLAGS"
+CFLAGS=-Wno-pointer-sign
+AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
+	[AC_MSG_RESULT([yes])]
+	[AM_CFLAGS=-Wno-pointer-sign],
+	[AC_MSG_RESULT([no])]
+)
+CFLAGS="$save_cflags $AM_CFLAGS"
+
+AC_MSG_CHECKING([if compiling with clang])
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
+#ifndef __clang__
+	not clang
+#endif
+	]])],
+	[AC_MSG_RESULT([yes])]
+	[CLANG_FLAGS=-Qunused-arguments],
+	[AC_MSG_RESULT([no])]
+)
+CFLAGS="$CFLAGS $CLANG_CFLAGS"
+LDFLAGS="$LDFLAGS $CLANG_FLAGS"
+
+AC_CHECK_FUNCS([arc4random_buf asprintf explicit_bzero funopen getauxval])
+AC_CHECK_FUNCS([getentropy issetugid memmem poll reallocarray])
+AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strtonum])
+AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
+
+# Share test results with automake
+AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
+AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
+AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
+AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
+AM_CONDITIONAL([HAVE_ISSETUGID], [test "x$ac_cv_func_issetugid" = xyes])
+AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
+AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
+AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
+AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
+AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
+AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
+AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
+AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
+AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
+AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
+
+# overrides for arc4random_buf implementations with known issues
+AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
+	[test "x$HOST_OS" != xdarwin -a "x$HOST_OS" != xfreebsd -a "x$ac_cv_func_arc4random_buf" = xyes])
+
+AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <stdarg.h>
+va_list x,y;
+		]], [[ va_copy(x,y); ]])],
+	[ ac_cv_have_va_copy="yes" ],
+	[ ac_cv_have_va_copy="no"
+	])
+])
+if test "x$ac_cv_have_va_copy" = "xyes" ; then
+	AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
+fi
+
+AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
+	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
+#include <stdarg.h>
+va_list x,y;
+		]], [[ __va_copy(x,y); ]])],
+	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
+	])
+])
+if test "x$ac_cv_have___va_copy" = "xyes" ; then
+	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
+fi
+
+AC_CHECK_HEADERS([sys/sysctl.h err.h])
+
+AC_ARG_WITH([openssldir],
+	AS_HELP_STRING([--with-openssldir],
+		       [Set the default openssl directory]),
+	AC_DEFINE_UNQUOTED(OPENSSLDIR, "$withval")
+)
+
+AC_ARG_WITH([enginesdir],
+	AS_HELP_STRING([--with-enginesdir],
+		       [Set the default engines directory (use with openssldir)]),
+	AC_DEFINE_UNQUOTED(ENGINESDIR, "$withval")
+)
+
+AC_ARG_ENABLE([asm],
+	AS_HELP_STRING([--disable-asm], [Disable assembly]))
+AM_CONDITIONAL([OPENSSL_NO_ASM], [test "x$enable_asm" = "xno"])
+
+AM_CONDITIONAL([HOST_ASM_ELF_X86_64],
+    [test "x$HOST_ABI" = "xelf" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
+AM_CONDITIONAL([HOST_ASM_MACOSX_X86_64],
+    [test "x$HOST_ABI" = "xmacosx" -a "$host_cpu" = "x86_64" -a "x$enable_asm" != "xno"])
+
+AC_ARG_ENABLE([libtls],
+	AS_HELP_STRING([--enable-libtls], [Enable building the libtls library]))
+AM_CONDITIONAL([ENABLE_LIBTLS], [test "x$enable_libtls" = xyes])
+AM_COND_IF([ENABLE_LIBTLS], [AC_CONFIG_FILES([libtls.pc])])
+
+LT_INIT
+
+AC_CONFIG_FILES([
+	Makefile
+	include/Makefile
+	include/openssl/Makefile
+	crypto/Makefile
+	ssl/Makefile
+	tls/Makefile
+	tests/Makefile
+	apps/Makefile
+	man/Makefile
+	libcrypto.pc
+	libssl.pc
+	openssl.pc
+])
+
+AC_OUTPUT

configure.ac.tpl

@@ -1,179 +0,0 @@
-AC_INIT([libressl], [VERSION])
-AC_CANONICAL_HOST
-AM_INIT_AUTOMAKE([subdir-objects])
-AC_CONFIG_MACRO_DIR([m4])
-
-m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])
-
-AC_SUBST([USER_CFLAGS], "-O2 $CFLAGS")
-CFLAGS="$CFLAGS -Wall -std=c99 -g"
-
-case $host_os in
-	*darwin*)
-		HOST_OS=darwin;
-		LDFLAGS="$LDFLAGS -Qunused-arguments"
-		;;
-	*linux*)
-		HOST_OS=linux;
-		CFLAGS="$CFLAGS -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
-		;;
-	*solaris*)
-		HOST_OS=solaris;
-		CFLAGS="$CFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
-		AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
-		;;
-	*openbsd*)
-		AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
-		;;
-	*mingw*)
-		HOST_OS=win32
-		;;
-	*) ;;
-esac
-
-AM_CONDITIONAL(HOST_DARWIN, test x$HOST_OS = xdarwin)
-AM_CONDITIONAL(HOST_LINUX, test x$HOST_OS = xlinux)
-AM_CONDITIONAL(HOST_SOLARIS, test x$HOST_OS = xsolaris)
-AM_CONDITIONAL(HOST_WIN, test x$HOST_OS = xwin)
-
-AC_CHECK_FUNC([clock_gettime],,
-	[AC_SEARCH_LIBS([clock_gettime],[rt posix4])])
-
-AC_CHECK_FUNC([dl_iterate_phdr],,
-	[AC_SEARCH_LIBS([dl_iterate_phdr],[dl])])
-
-AC_PROG_CC
-AC_PROG_LIBTOOL
-AC_PROG_CC_STDC
-AM_PROG_CC_C_O
-
-save_cflags="$CFLAGS"
-CFLAGS=-Wno-pointer-sign
-AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
-	[AC_MSG_RESULT([yes])]
-	[AM_CFLAGS=-Wno-pointer-sign],
-	[AC_MSG_RESULT([no])]
-)
-CFLAGS="$save_cflags $AM_CFLAGS"
-
-AC_CHECK_FUNC(strlcpy, 
-	AM_CONDITIONAL(NO_STRLCPY, false),
-	AC_DEFINE(NO_STRLCPY)
-	AM_CONDITIONAL(NO_STRLCPY, true))
-
-AC_CHECK_FUNC(strlcat,
-	AM_CONDITIONAL(NO_STRLCAT, false),
-	AC_DEFINE(NO_STRLCAT)
-	AM_CONDITIONAL(NO_STRLCAT, true))
-
-AC_CHECK_FUNC(strndup,
-	AM_CONDITIONAL(NO_STRNDUP, false),
-	AC_DEFINE(NO_STRNDUP)
-	AM_CONDITIONAL(NO_STRNDUP, true))
-
-AC_CHECK_FUNC(asprintf,
-	AM_CONDITIONAL(NO_ASPRINTF, false),
-	AC_DEFINE(NO_ASPRINTF)
-	AM_CONDITIONAL(NO_ASPRINTF, true))
-
-AC_CHECK_FUNC(reallocarray,
-	AM_CONDITIONAL(NO_REALLOCARRAY, false),
-	AC_DEFINE(NO_REALLOCARRAY)
-	AM_CONDITIONAL(NO_REALLOCARRAY, true))
-
-AC_CHECK_FUNC(timingsafe_bcmp,
-	AM_CONDITIONAL(NO_TIMINGSAFE_BCMP, false),
-	AC_DEFINE(NO_TIMINGSAFE_BCMP)
-	AM_CONDITIONAL(NO_TIMINGSAFE_BCMP, true))
-
-AC_CHECK_FUNC(timingsafe_memcmp,
-	AM_CONDITIONAL(NO_TIMINGSAFE_MEMCMP, false),
-	AC_DEFINE(NO_TIMINGSAFE_MEMCMP)
-	AM_CONDITIONAL(NO_TIMINGSAFE_MEMCMP, true))
-
-AC_CHECK_FUNC(arc4random_buf,
-	AM_CONDITIONAL(NO_ARC4RANDOM_BUF, false),
-	AC_DEFINE(NO_ARC4RANDOM_BUF)
-	AM_CONDITIONAL(NO_ARC4RANDOM_BUF, true))
-
-AC_CHECK_FUNC(getentropy,
-	AM_CONDITIONAL(NO_GETENTROPY, false),
-	AC_DEFINE(NO_GETENTROPY)
-	AM_CONDITIONAL(NO_GETENTROPY, true))
-
-AC_CHECK_FUNC(issetugid,
-	AM_CONDITIONAL(NO_ISSETUGID, false),
-	AC_DEFINE(NO_ISSETUGID)
-	AM_CONDITIONAL(NO_ISSETUGID, true))
-
-AC_CHECK_FUNC(strtonum,
-	AM_CONDITIONAL(NO_STRTONUM, false),
-	AC_DEFINE(NO_STRTONUM)
-	AM_CONDITIONAL(NO_STRTONUM, true))
-
-AC_CHECK_FUNC(explicit_bzero,
-	AM_CONDITIONAL(NO_EXPLICIT_BZERO, false),
-	AC_DEFINE(NO_EXPLICIT_BZERO)
-	AM_CONDITIONAL(NO_EXPLICIT_BZERO, true))
-
-AC_CACHE_CHECK([whether va_copy exists], ac_cv_have_va_copy, [
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
-#include <stdarg.h>
-va_list x,y;
-		]], [[ va_copy(x,y); ]])],
-	[ ac_cv_have_va_copy="yes" ],
-	[ ac_cv_have_va_copy="no"
-	])
-])
-if test "x$ac_cv_have_va_copy" = "xyes" ; then
-	AC_DEFINE([HAVE_VA_COPY], [1], [Define if va_copy exists])
-fi
-
-AC_CACHE_CHECK([whether __va_copy exists], ac_cv_have___va_copy, [
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
-#include <stdarg.h>
-va_list x,y;
-		]], [[ __va_copy(x,y); ]])],
-	[ ac_cv_have___va_copy="yes" ], [ ac_cv_have___va_copy="no"
-	])
-])
-if test "x$ac_cv_have___va_copy" = "xyes" ; then
-	AC_DEFINE([HAVE___VA_COPY], [1], [Define if __va_copy exists])
-fi
-
-AC_CHECK_FUNC(getauxval, AC_DEFINE(HAVE_GETAUXVAL))
-
-AC_CHECK_FUNC(funopen, AC_DEFINE(HAVE_FUNOPEN))
-
-AC_CHECK_HEADER(sys/sysctl.h, AC_DEFINE(HAVE_SYS_SYSCTL_H))
-
-AC_CHECK_HEADER(err.h, AC_DEFINE(HAVE_ERR_H))
-
-AC_ARG_WITH([openssldir],
-	AS_HELP_STRING([--with-openssldir], [Set the default openssl directory]),
-	AC_DEFINE_UNQUOTED(OPENSSLDIR, "$withval")
-)
-
-AC_ARG_WITH([enginesdir],
-	AS_HELP_STRING([--with-enginesdir], [Set the default engines directory (use with openssldir)]),
-	AC_DEFINE_UNQUOTED(ENGINESDIR, "$withval")
-)
-
-LT_INIT
-
-AC_CONFIG_FILES([
-	Makefile
-	include/Makefile
-	include/openssl/Makefile
-	ssl/Makefile
-	crypto/Makefile
-	tests/Makefile
-	apps/Makefile
-	man/Makefile
-	libcrypto.pc
-	libssl.pc
-	openssl.pc
-])
-
-AC_OUTPUT

crypto/Makefile.am

@@ -0,0 +1,825 @@
+include $(top_srcdir)/Makefile.am.common
+
+AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1
+AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
+AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
+
+lib_LTLIBRARIES = libcrypto.la
+
+EXTRA_DIST = VERSION
+
+libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@
+libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la
+libcrypto_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
+libcrypto_la_CFLAGS += -DOPENSSL_NO_HW_PADLOCK
+if OPENSSL_NO_ASM
+libcrypto_la_CFLAGS += -DOPENSSL_NO_ASM
+else
+if HOST_WIN
+libcrypto_la_CFLAGS += -DOPENSSL_NO_ASM
+endif
+endif
+
+noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
+
+# compatibility functions that need to be built without optimizations
+libcompatnoopt_la_CFLAGS = -O0
+libcompatnoopt_la_SOURCES =
+
+if !HAVE_EXPLICIT_BZERO
+libcompatnoopt_la_SOURCES += compat/explicit_bzero.c
+endif
+
+# other compatibility functions
+libcompat_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
+libcompat_la_SOURCES =
+libcompat_la_LIBADD = $(PLATFORM_LDADD)
+
+if !HAVE_STRLCAT
+libcompat_la_SOURCES += compat/strlcat.c
+endif
+
+if !HAVE_STRLCPY
+libcompat_la_SOURCES += compat/strlcpy.c
+endif
+
+if !HAVE_STRNDUP
+libcompat_la_SOURCES += compat/strndup.c
+# the only user of strnlen is strndup, so only build it if needed
+if !HAVE_STRNLEN
+libcompat_la_SOURCES += compat/strnlen.c
+endif
+endif
+
+if !HAVE_ASPRINTF
+libcompat_la_SOURCES += compat/bsd-asprintf.c
+endif
+
+if !HAVE_REALLOCARRAY
+libcompat_la_SOURCES += compat/reallocarray.c
+endif
+
+if !HAVE_TIMINGSAFE_MEMCMP
+libcompat_la_SOURCES += compat/timingsafe_memcmp.c
+endif
+
+if !HAVE_TIMINGSAFE_BCMP
+libcompat_la_SOURCES += compat/timingsafe_bcmp.c
+endif
+
+if !HAVE_ARC4RANDOM_BUF
+libcompat_la_SOURCES += compat/arc4random.c
+
+if !HAVE_GETENTROPY
+if HOST_FREEBSD
+libcompat_la_SOURCES += compat/getentropy_freebsd.c
+endif
+if HOST_LINUX
+libcompat_la_SOURCES += compat/getentropy_linux.c
+endif
+if HOST_DARWIN
+libcompat_la_SOURCES += compat/getentropy_osx.c
+endif
+if HOST_SOLARIS
+libcompat_la_SOURCES += compat/getentropy_solaris.c
+endif
+if HOST_WIN
+libcompat_la_SOURCES += compat/getentropy_win.c
+endif
+endif
+
+endif
+
+if !HAVE_ISSETUGID
+if HOST_LINUX
+libcompat_la_SOURCES += compat/issetugid_linux.c
+endif
+if HOST_WIN
+libcompat_la_SOURCES += compat/issetugid_win.c
+endif
+endif
+
+noinst_HEADERS =
+noinst_HEADERS += compat/arc4random.h
+noinst_HEADERS += compat/arc4random_freebsd.h
+noinst_HEADERS += compat/arc4random_linux.h
+noinst_HEADERS += compat/arc4random_osx.h
+noinst_HEADERS += compat/arc4random_solaris.h
+noinst_HEADERS += compat/arc4random_win.h
+noinst_HEADERS += compat/chacha_private.h
+
+libcrypto_la_SOURCES =
+EXTRA_libcrypto_la_SOURCES =
+
+include Makefile.am.elf-x86_64
+include Makefile.am.macosx-x86_64
+
+if !HOST_ASM_ELF_X86_64
+if !HOST_ASM_MACOSX_X86_64
+libcrypto_la_SOURCES += aes/aes_cbc.c
+libcrypto_la_SOURCES += aes/aes_core.c
+libcrypto_la_SOURCES += camellia/camellia.c
+libcrypto_la_SOURCES += camellia/cmll_cbc.c
+libcrypto_la_SOURCES += rc4/rc4_enc.c
+libcrypto_la_SOURCES += rc4/rc4_skey.c
+libcrypto_la_SOURCES += whrlpool/wp_block.c
+endif
+endif
+
+libcrypto_la_SOURCES += cpt_err.c
+libcrypto_la_SOURCES += cryptlib.c
+libcrypto_la_SOURCES += cversion.c
+libcrypto_la_SOURCES += ex_data.c
+libcrypto_la_SOURCES += malloc-wrapper.c
+libcrypto_la_SOURCES += mem_clr.c
+libcrypto_la_SOURCES += mem_dbg.c
+libcrypto_la_SOURCES += o_init.c
+libcrypto_la_SOURCES += o_str.c
+libcrypto_la_SOURCES += o_time.c
+noinst_HEADERS += cryptlib.h
+noinst_HEADERS += md32_common.h
+noinst_HEADERS += o_time.h
+
+# aes
+libcrypto_la_SOURCES += aes/aes_cfb.c
+libcrypto_la_SOURCES += aes/aes_ctr.c
+libcrypto_la_SOURCES += aes/aes_ecb.c
+libcrypto_la_SOURCES += aes/aes_ige.c
+libcrypto_la_SOURCES += aes/aes_misc.c
+libcrypto_la_SOURCES += aes/aes_ofb.c
+libcrypto_la_SOURCES += aes/aes_wrap.c
+noinst_HEADERS += aes/aes_locl.h
+
+# asn1
+libcrypto_la_SOURCES += asn1/a_bitstr.c
+libcrypto_la_SOURCES += asn1/a_bool.c
+libcrypto_la_SOURCES += asn1/a_bytes.c
+libcrypto_la_SOURCES += asn1/a_d2i_fp.c
+libcrypto_la_SOURCES += asn1/a_digest.c
+libcrypto_la_SOURCES += asn1/a_dup.c
+libcrypto_la_SOURCES += asn1/a_enum.c
+libcrypto_la_SOURCES += asn1/a_gentm.c
+libcrypto_la_SOURCES += asn1/a_i2d_fp.c
+libcrypto_la_SOURCES += asn1/a_int.c
+libcrypto_la_SOURCES += asn1/a_mbstr.c
+libcrypto_la_SOURCES += asn1/a_object.c
+libcrypto_la_SOURCES += asn1/a_octet.c
+libcrypto_la_SOURCES += asn1/a_print.c
+libcrypto_la_SOURCES += asn1/a_set.c
+libcrypto_la_SOURCES += asn1/a_sign.c
+libcrypto_la_SOURCES += asn1/a_strex.c
+libcrypto_la_SOURCES += asn1/a_strnid.c
+libcrypto_la_SOURCES += asn1/a_time.c
+libcrypto_la_SOURCES += asn1/a_type.c
+libcrypto_la_SOURCES += asn1/a_utctm.c
+libcrypto_la_SOURCES += asn1/a_utf8.c
+libcrypto_la_SOURCES += asn1/a_verify.c
+libcrypto_la_SOURCES += asn1/ameth_lib.c
+libcrypto_la_SOURCES += asn1/asn1_err.c
+libcrypto_la_SOURCES += asn1/asn1_gen.c
+libcrypto_la_SOURCES += asn1/asn1_lib.c
+libcrypto_la_SOURCES += asn1/asn1_par.c
+libcrypto_la_SOURCES += asn1/asn_mime.c
+libcrypto_la_SOURCES += asn1/asn_moid.c
+libcrypto_la_SOURCES += asn1/asn_pack.c
+libcrypto_la_SOURCES += asn1/bio_asn1.c
+libcrypto_la_SOURCES += asn1/bio_ndef.c
+libcrypto_la_SOURCES += asn1/d2i_pr.c
+libcrypto_la_SOURCES += asn1/d2i_pu.c
+libcrypto_la_SOURCES += asn1/evp_asn1.c
+libcrypto_la_SOURCES += asn1/f_enum.c
+libcrypto_la_SOURCES += asn1/f_int.c
+libcrypto_la_SOURCES += asn1/f_string.c
+libcrypto_la_SOURCES += asn1/i2d_pr.c
+libcrypto_la_SOURCES += asn1/i2d_pu.c
+libcrypto_la_SOURCES += asn1/n_pkey.c
+libcrypto_la_SOURCES += asn1/nsseq.c
+libcrypto_la_SOURCES += asn1/p5_pbe.c
+libcrypto_la_SOURCES += asn1/p5_pbev2.c
+libcrypto_la_SOURCES += asn1/p8_pkey.c
+libcrypto_la_SOURCES += asn1/t_bitst.c
+libcrypto_la_SOURCES += asn1/t_crl.c
+libcrypto_la_SOURCES += asn1/t_pkey.c
+libcrypto_la_SOURCES += asn1/t_req.c
+libcrypto_la_SOURCES += asn1/t_spki.c
+libcrypto_la_SOURCES += asn1/t_x509.c
+libcrypto_la_SOURCES += asn1/t_x509a.c
+libcrypto_la_SOURCES += asn1/tasn_dec.c
+libcrypto_la_SOURCES += asn1/tasn_enc.c
+libcrypto_la_SOURCES += asn1/tasn_fre.c
+libcrypto_la_SOURCES += asn1/tasn_new.c
+libcrypto_la_SOURCES += asn1/tasn_prn.c
+libcrypto_la_SOURCES += asn1/tasn_typ.c
+libcrypto_la_SOURCES += asn1/tasn_utl.c
+libcrypto_la_SOURCES += asn1/x_algor.c
+libcrypto_la_SOURCES += asn1/x_attrib.c
+libcrypto_la_SOURCES += asn1/x_bignum.c
+libcrypto_la_SOURCES += asn1/x_crl.c
+libcrypto_la_SOURCES += asn1/x_exten.c
+libcrypto_la_SOURCES += asn1/x_info.c
+libcrypto_la_SOURCES += asn1/x_long.c
+libcrypto_la_SOURCES += asn1/x_name.c
+libcrypto_la_SOURCES += asn1/x_nx509.c
+libcrypto_la_SOURCES += asn1/x_pkey.c
+libcrypto_la_SOURCES += asn1/x_pubkey.c
+libcrypto_la_SOURCES += asn1/x_req.c
+libcrypto_la_SOURCES += asn1/x_sig.c
+libcrypto_la_SOURCES += asn1/x_spki.c
+libcrypto_la_SOURCES += asn1/x_val.c
+libcrypto_la_SOURCES += asn1/x_x509.c
+libcrypto_la_SOURCES += asn1/x_x509a.c
+noinst_HEADERS += asn1/asn1_locl.h
+noinst_HEADERS += asn1/charmap.h
+
+# bf
+libcrypto_la_SOURCES += bf/bf_cfb64.c
+libcrypto_la_SOURCES += bf/bf_ecb.c
+libcrypto_la_SOURCES += bf/bf_enc.c
+libcrypto_la_SOURCES += bf/bf_ofb64.c
+libcrypto_la_SOURCES += bf/bf_skey.c
+noinst_HEADERS += bf/bf_locl.h
+noinst_HEADERS += bf/bf_pi.h
+
+# bio
+libcrypto_la_SOURCES += bio/b_dump.c
+if !HOST_WIN
+libcrypto_la_SOURCES += bio/b_posix.c
+endif
+libcrypto_la_SOURCES += bio/b_print.c
+libcrypto_la_SOURCES += bio/b_sock.c
+if HOST_WIN
+libcrypto_la_SOURCES += bio/b_win.c
+endif
+libcrypto_la_SOURCES += bio/bf_buff.c
+libcrypto_la_SOURCES += bio/bf_nbio.c
+libcrypto_la_SOURCES += bio/bf_null.c
+libcrypto_la_SOURCES += bio/bio_cb.c
+libcrypto_la_SOURCES += bio/bio_err.c
+libcrypto_la_SOURCES += bio/bio_lib.c
+libcrypto_la_SOURCES += bio/bss_acpt.c
+libcrypto_la_SOURCES += bio/bss_bio.c
+libcrypto_la_SOURCES += bio/bss_conn.c
+libcrypto_la_SOURCES += bio/bss_dgram.c
+libcrypto_la_SOURCES += bio/bss_fd.c
+libcrypto_la_SOURCES += bio/bss_file.c
+libcrypto_la_SOURCES += bio/bss_log.c
+libcrypto_la_SOURCES += bio/bss_mem.c
+libcrypto_la_SOURCES += bio/bss_null.c
+libcrypto_la_SOURCES += bio/bss_sock.c
+
+# bn
+libcrypto_la_SOURCES += bn/bn_add.c
+libcrypto_la_SOURCES += bn/bn_asm.c
+libcrypto_la_SOURCES += bn/bn_blind.c
+libcrypto_la_SOURCES += bn/bn_const.c
+libcrypto_la_SOURCES += bn/bn_ctx.c
+libcrypto_la_SOURCES += bn/bn_depr.c
+libcrypto_la_SOURCES += bn/bn_div.c
+libcrypto_la_SOURCES += bn/bn_err.c
+libcrypto_la_SOURCES += bn/bn_exp.c
+libcrypto_la_SOURCES += bn/bn_exp2.c
+libcrypto_la_SOURCES += bn/bn_gcd.c
+libcrypto_la_SOURCES += bn/bn_gf2m.c
+libcrypto_la_SOURCES += bn/bn_kron.c
+libcrypto_la_SOURCES += bn/bn_lib.c
+libcrypto_la_SOURCES += bn/bn_mod.c
+libcrypto_la_SOURCES += bn/bn_mont.c
+libcrypto_la_SOURCES += bn/bn_mpi.c
+libcrypto_la_SOURCES += bn/bn_mul.c
+libcrypto_la_SOURCES += bn/bn_nist.c
+libcrypto_la_SOURCES += bn/bn_prime.c
+libcrypto_la_SOURCES += bn/bn_print.c
+libcrypto_la_SOURCES += bn/bn_rand.c
+libcrypto_la_SOURCES += bn/bn_recp.c
+libcrypto_la_SOURCES += bn/bn_shift.c
+libcrypto_la_SOURCES += bn/bn_sqr.c
+libcrypto_la_SOURCES += bn/bn_sqrt.c
+libcrypto_la_SOURCES += bn/bn_word.c
+libcrypto_la_SOURCES += bn/bn_x931p.c
+noinst_HEADERS += bn/bn_lcl.h
+noinst_HEADERS += bn/bn_prime.h
+
+# buffer
+libcrypto_la_SOURCES += buffer/buf_err.c
+libcrypto_la_SOURCES += buffer/buf_str.c
+libcrypto_la_SOURCES += buffer/buffer.c
+
+# camellia
+libcrypto_la_SOURCES += camellia/cmll_cfb.c
+libcrypto_la_SOURCES += camellia/cmll_ctr.c
+libcrypto_la_SOURCES += camellia/cmll_ecb.c
+libcrypto_la_SOURCES += camellia/cmll_misc.c
+libcrypto_la_SOURCES += camellia/cmll_ofb.c
+noinst_HEADERS += camellia/camellia.h
+noinst_HEADERS += camellia/cmll_locl.h
+
+# cast
+libcrypto_la_SOURCES += cast/c_cfb64.c
+libcrypto_la_SOURCES += cast/c_ecb.c
+libcrypto_la_SOURCES += cast/c_enc.c
+libcrypto_la_SOURCES += cast/c_ofb64.c
+libcrypto_la_SOURCES += cast/c_skey.c
+noinst_HEADERS += cast/cast_lcl.h
+noinst_HEADERS += cast/cast_s.h
+
+# chacha
+EXTRA_libcrypto_la_SOURCES += chacha/chacha-merged.c
+libcrypto_la_SOURCES += chacha/chacha.c
+
+# cmac
+libcrypto_la_SOURCES += cmac/cm_ameth.c
+libcrypto_la_SOURCES += cmac/cm_pmeth.c
+libcrypto_la_SOURCES += cmac/cmac.c
+
+# comp
+libcrypto_la_SOURCES += comp/c_rle.c
+libcrypto_la_SOURCES += comp/c_zlib.c
+libcrypto_la_SOURCES += comp/comp_err.c
+libcrypto_la_SOURCES += comp/comp_lib.c
+
+# conf
+libcrypto_la_SOURCES += conf/conf_api.c
+libcrypto_la_SOURCES += conf/conf_def.c
+libcrypto_la_SOURCES += conf/conf_err.c
+libcrypto_la_SOURCES += conf/conf_lib.c
+libcrypto_la_SOURCES += conf/conf_mall.c
+libcrypto_la_SOURCES += conf/conf_mod.c
+libcrypto_la_SOURCES += conf/conf_sap.c
+noinst_HEADERS += conf/conf_def.h
+
+# des
+libcrypto_la_SOURCES += des/cbc_cksm.c
+libcrypto_la_SOURCES += des/cbc_enc.c
+libcrypto_la_SOURCES += des/cfb64ede.c
+libcrypto_la_SOURCES += des/cfb64enc.c
+libcrypto_la_SOURCES += des/cfb_enc.c
+libcrypto_la_SOURCES += des/des_enc.c
+libcrypto_la_SOURCES += des/ecb3_enc.c
+libcrypto_la_SOURCES += des/ecb_enc.c
+libcrypto_la_SOURCES += des/ede_cbcm_enc.c
+libcrypto_la_SOURCES += des/enc_read.c
+libcrypto_la_SOURCES += des/enc_writ.c
+libcrypto_la_SOURCES += des/fcrypt.c
+libcrypto_la_SOURCES += des/fcrypt_b.c
+EXTRA_libcrypto_la_SOURCES += des/ncbc_enc.c
+libcrypto_la_SOURCES += des/ofb64ede.c
+libcrypto_la_SOURCES += des/ofb64enc.c
+libcrypto_la_SOURCES += des/ofb_enc.c
+libcrypto_la_SOURCES += des/pcbc_enc.c
+libcrypto_la_SOURCES += des/qud_cksm.c
+libcrypto_la_SOURCES += des/rand_key.c
+libcrypto_la_SOURCES += des/set_key.c
+libcrypto_la_SOURCES += des/str2key.c
+libcrypto_la_SOURCES += des/xcbc_enc.c
+noinst_HEADERS += des/des_locl.h
+noinst_HEADERS += des/spr.h
+
+# dh
+libcrypto_la_SOURCES += dh/dh_ameth.c
+libcrypto_la_SOURCES += dh/dh_asn1.c
+libcrypto_la_SOURCES += dh/dh_check.c
+libcrypto_la_SOURCES += dh/dh_depr.c
+libcrypto_la_SOURCES += dh/dh_err.c
+libcrypto_la_SOURCES += dh/dh_gen.c
+libcrypto_la_SOURCES += dh/dh_key.c
+libcrypto_la_SOURCES += dh/dh_lib.c
+libcrypto_la_SOURCES += dh/dh_pmeth.c
+libcrypto_la_SOURCES += dh/dh_prn.c
+
+# dsa
+libcrypto_la_SOURCES += dsa/dsa_ameth.c
+libcrypto_la_SOURCES += dsa/dsa_asn1.c
+libcrypto_la_SOURCES += dsa/dsa_depr.c
+libcrypto_la_SOURCES += dsa/dsa_err.c
+libcrypto_la_SOURCES += dsa/dsa_gen.c
+libcrypto_la_SOURCES += dsa/dsa_key.c
+libcrypto_la_SOURCES += dsa/dsa_lib.c
+libcrypto_la_SOURCES += dsa/dsa_ossl.c
+libcrypto_la_SOURCES += dsa/dsa_pmeth.c
+libcrypto_la_SOURCES += dsa/dsa_prn.c
+libcrypto_la_SOURCES += dsa/dsa_sign.c
+libcrypto_la_SOURCES += dsa/dsa_vrf.c
+noinst_HEADERS += dsa/dsa_locl.h
+
+# dso
+libcrypto_la_SOURCES += dso/dso_dlfcn.c
+libcrypto_la_SOURCES += dso/dso_err.c
+libcrypto_la_SOURCES += dso/dso_lib.c
+libcrypto_la_SOURCES += dso/dso_null.c
+libcrypto_la_SOURCES += dso/dso_openssl.c
+
+# ec
+libcrypto_la_SOURCES += ec/ec2_mult.c
+libcrypto_la_SOURCES += ec/ec2_oct.c
+libcrypto_la_SOURCES += ec/ec2_smpl.c
+libcrypto_la_SOURCES += ec/ec_ameth.c
+libcrypto_la_SOURCES += ec/ec_asn1.c
+libcrypto_la_SOURCES += ec/ec_check.c
+libcrypto_la_SOURCES += ec/ec_curve.c
+libcrypto_la_SOURCES += ec/ec_cvt.c
+libcrypto_la_SOURCES += ec/ec_err.c
+libcrypto_la_SOURCES += ec/ec_key.c
+libcrypto_la_SOURCES += ec/ec_lib.c
+libcrypto_la_SOURCES += ec/ec_mult.c
+libcrypto_la_SOURCES += ec/ec_oct.c
+libcrypto_la_SOURCES += ec/ec_pmeth.c
+libcrypto_la_SOURCES += ec/ec_print.c
+libcrypto_la_SOURCES += ec/eck_prn.c
+libcrypto_la_SOURCES += ec/ecp_mont.c
+libcrypto_la_SOURCES += ec/ecp_nist.c
+libcrypto_la_SOURCES += ec/ecp_oct.c
+libcrypto_la_SOURCES += ec/ecp_smpl.c
+noinst_HEADERS += ec/ec_lcl.h
+
+# ecdh
+libcrypto_la_SOURCES += ecdh/ech_err.c
+libcrypto_la_SOURCES += ecdh/ech_key.c
+libcrypto_la_SOURCES += ecdh/ech_lib.c
+libcrypto_la_SOURCES += ecdh/ech_ossl.c
+noinst_HEADERS += ecdh/ech_locl.h
+
+# ecdsa
+libcrypto_la_SOURCES += ecdsa/ecs_asn1.c
+libcrypto_la_SOURCES += ecdsa/ecs_err.c
+libcrypto_la_SOURCES += ecdsa/ecs_lib.c
+libcrypto_la_SOURCES += ecdsa/ecs_ossl.c
+libcrypto_la_SOURCES += ecdsa/ecs_sign.c
+libcrypto_la_SOURCES += ecdsa/ecs_vrf.c
+noinst_HEADERS += ecdsa/ecs_locl.h
+
+# engine
+libcrypto_la_SOURCES += engine/eng_all.c
+libcrypto_la_SOURCES += engine/eng_cnf.c
+libcrypto_la_SOURCES += engine/eng_ctrl.c
+libcrypto_la_SOURCES += engine/eng_dyn.c
+libcrypto_la_SOURCES += engine/eng_err.c
+libcrypto_la_SOURCES += engine/eng_fat.c
+libcrypto_la_SOURCES += engine/eng_init.c
+libcrypto_la_SOURCES += engine/eng_lib.c
+libcrypto_la_SOURCES += engine/eng_list.c
+libcrypto_la_SOURCES += engine/eng_openssl.c
+libcrypto_la_SOURCES += engine/eng_pkey.c
+libcrypto_la_SOURCES += engine/eng_rsax.c
+libcrypto_la_SOURCES += engine/eng_table.c
+libcrypto_la_SOURCES += engine/tb_asnmth.c
+libcrypto_la_SOURCES += engine/tb_cipher.c
+libcrypto_la_SOURCES += engine/tb_dh.c
+libcrypto_la_SOURCES += engine/tb_digest.c
+libcrypto_la_SOURCES += engine/tb_dsa.c
+libcrypto_la_SOURCES += engine/tb_ecdh.c
+libcrypto_la_SOURCES += engine/tb_ecdsa.c
+libcrypto_la_SOURCES += engine/tb_pkmeth.c
+libcrypto_la_SOURCES += engine/tb_rand.c
+libcrypto_la_SOURCES += engine/tb_rsa.c
+libcrypto_la_SOURCES += engine/tb_store.c
+noinst_HEADERS += engine/eng_int.h
+
+# err
+libcrypto_la_SOURCES += err/err.c
+libcrypto_la_SOURCES += err/err_all.c
+libcrypto_la_SOURCES += err/err_prn.c
+
+# evp
+libcrypto_la_SOURCES += evp/bio_b64.c
+libcrypto_la_SOURCES += evp/bio_enc.c
+libcrypto_la_SOURCES += evp/bio_md.c
+libcrypto_la_SOURCES += evp/c_all.c
+libcrypto_la_SOURCES += evp/c_allc.c
+libcrypto_la_SOURCES += evp/c_alld.c
+libcrypto_la_SOURCES += evp/digest.c
+libcrypto_la_SOURCES += evp/e_aes.c
+libcrypto_la_SOURCES += evp/e_aes_cbc_hmac_sha1.c
+libcrypto_la_SOURCES += evp/e_bf.c
+libcrypto_la_SOURCES += evp/e_camellia.c
+libcrypto_la_SOURCES += evp/e_cast.c
+libcrypto_la_SOURCES += evp/e_chacha.c
+libcrypto_la_SOURCES += evp/e_chacha20poly1305.c
+libcrypto_la_SOURCES += evp/e_des.c
+libcrypto_la_SOURCES += evp/e_des3.c
+libcrypto_la_SOURCES += evp/e_gost2814789.c
+libcrypto_la_SOURCES += evp/e_idea.c
+libcrypto_la_SOURCES += evp/e_null.c
+libcrypto_la_SOURCES += evp/e_old.c
+libcrypto_la_SOURCES += evp/e_rc2.c
+libcrypto_la_SOURCES += evp/e_rc4.c
+libcrypto_la_SOURCES += evp/e_rc4_hmac_md5.c
+libcrypto_la_SOURCES += evp/e_xcbc_d.c
+libcrypto_la_SOURCES += evp/encode.c
+libcrypto_la_SOURCES += evp/evp_aead.c
+libcrypto_la_SOURCES += evp/evp_enc.c
+libcrypto_la_SOURCES += evp/evp_err.c
+libcrypto_la_SOURCES += evp/evp_key.c
+libcrypto_la_SOURCES += evp/evp_lib.c
+libcrypto_la_SOURCES += evp/evp_pbe.c
+libcrypto_la_SOURCES += evp/evp_pkey.c
+libcrypto_la_SOURCES += evp/m_dss.c
+libcrypto_la_SOURCES += evp/m_dss1.c
+libcrypto_la_SOURCES += evp/m_ecdsa.c
+libcrypto_la_SOURCES += evp/m_gost2814789.c
+libcrypto_la_SOURCES += evp/m_gostr341194.c
+libcrypto_la_SOURCES += evp/m_md4.c
+libcrypto_la_SOURCES += evp/m_md5.c
+libcrypto_la_SOURCES += evp/m_mdc2.c
+libcrypto_la_SOURCES += evp/m_null.c
+libcrypto_la_SOURCES += evp/m_ripemd.c
+libcrypto_la_SOURCES += evp/m_sha.c
+libcrypto_la_SOURCES += evp/m_sha1.c
+libcrypto_la_SOURCES += evp/m_sigver.c
+libcrypto_la_SOURCES += evp/m_streebog.c
+libcrypto_la_SOURCES += evp/m_wp.c
+libcrypto_la_SOURCES += evp/names.c
+libcrypto_la_SOURCES += evp/p5_crpt.c
+libcrypto_la_SOURCES += evp/p5_crpt2.c
+libcrypto_la_SOURCES += evp/p_dec.c
+libcrypto_la_SOURCES += evp/p_enc.c
+libcrypto_la_SOURCES += evp/p_lib.c
+libcrypto_la_SOURCES += evp/p_open.c
+libcrypto_la_SOURCES += evp/p_seal.c
+libcrypto_la_SOURCES += evp/p_sign.c
+libcrypto_la_SOURCES += evp/p_verify.c
+libcrypto_la_SOURCES += evp/pmeth_fn.c
+libcrypto_la_SOURCES += evp/pmeth_gn.c
+libcrypto_la_SOURCES += evp/pmeth_lib.c
+noinst_HEADERS += evp/evp_locl.h
+
+# gost
+libcrypto_la_SOURCES += gost/gost2814789.c
+libcrypto_la_SOURCES += gost/gost89_keywrap.c
+libcrypto_la_SOURCES += gost/gost89_params.c
+libcrypto_la_SOURCES += gost/gost89imit_ameth.c
+libcrypto_la_SOURCES += gost/gost89imit_pmeth.c
+libcrypto_la_SOURCES += gost/gost_asn1.c
+libcrypto_la_SOURCES += gost/gost_err.c
+libcrypto_la_SOURCES += gost/gostr341001.c
+libcrypto_la_SOURCES += gost/gostr341001_ameth.c
+libcrypto_la_SOURCES += gost/gostr341001_key.c
+libcrypto_la_SOURCES += gost/gostr341001_params.c
+libcrypto_la_SOURCES += gost/gostr341001_pmeth.c
+libcrypto_la_SOURCES += gost/gostr341194.c
+libcrypto_la_SOURCES += gost/streebog.c
+noinst_HEADERS += gost/gost.h
+noinst_HEADERS += gost/gost_asn1.h
+noinst_HEADERS += gost/gost_locl.h
+
+# hmac
+libcrypto_la_SOURCES += hmac/hm_ameth.c
+libcrypto_la_SOURCES += hmac/hm_pmeth.c
+libcrypto_la_SOURCES += hmac/hmac.c
+
+# idea
+libcrypto_la_SOURCES += idea/i_cbc.c
+libcrypto_la_SOURCES += idea/i_cfb64.c
+libcrypto_la_SOURCES += idea/i_ecb.c
+libcrypto_la_SOURCES += idea/i_ofb64.c
+libcrypto_la_SOURCES += idea/i_skey.c
+noinst_HEADERS += idea/idea_lcl.h
+
+# krb5
+libcrypto_la_SOURCES += krb5/krb5_asn.c
+
+# lhash
+libcrypto_la_SOURCES += lhash/lh_stats.c
+libcrypto_la_SOURCES += lhash/lhash.c
+
+# md4
+libcrypto_la_SOURCES += md4/md4_dgst.c
+libcrypto_la_SOURCES += md4/md4_one.c
+noinst_HEADERS += md4/md4_locl.h
+
+# md5
+libcrypto_la_SOURCES += md5/md5_dgst.c
+libcrypto_la_SOURCES += md5/md5_one.c
+noinst_HEADERS += md5/md5_locl.h
+
+# mdc2
+libcrypto_la_SOURCES += mdc2/mdc2_one.c
+libcrypto_la_SOURCES += mdc2/mdc2dgst.c
+
+# modes
+libcrypto_la_SOURCES += modes/cbc128.c
+libcrypto_la_SOURCES += modes/ccm128.c
+libcrypto_la_SOURCES += modes/cfb128.c
+libcrypto_la_SOURCES += modes/ctr128.c
+libcrypto_la_SOURCES += modes/cts128.c
+libcrypto_la_SOURCES += modes/gcm128.c
+libcrypto_la_SOURCES += modes/ofb128.c
+libcrypto_la_SOURCES += modes/xts128.c
+noinst_HEADERS += modes/modes_lcl.h
+
+# objects
+libcrypto_la_SOURCES += objects/o_names.c
+libcrypto_la_SOURCES += objects/obj_dat.c
+libcrypto_la_SOURCES += objects/obj_err.c
+libcrypto_la_SOURCES += objects/obj_lib.c
+libcrypto_la_SOURCES += objects/obj_xref.c
+noinst_HEADERS += objects/obj_dat.h
+noinst_HEADERS += objects/obj_xref.h
+
+# ocsp
+libcrypto_la_SOURCES += ocsp/ocsp_asn.c
+libcrypto_la_SOURCES += ocsp/ocsp_cl.c
+libcrypto_la_SOURCES += ocsp/ocsp_err.c
+libcrypto_la_SOURCES += ocsp/ocsp_ext.c
+libcrypto_la_SOURCES += ocsp/ocsp_ht.c
+libcrypto_la_SOURCES += ocsp/ocsp_lib.c
+libcrypto_la_SOURCES += ocsp/ocsp_prn.c
+libcrypto_la_SOURCES += ocsp/ocsp_srv.c
+libcrypto_la_SOURCES += ocsp/ocsp_vfy.c
+
+# pem
+libcrypto_la_SOURCES += pem/pem_all.c
+libcrypto_la_SOURCES += pem/pem_err.c
+libcrypto_la_SOURCES += pem/pem_info.c
+libcrypto_la_SOURCES += pem/pem_lib.c
+libcrypto_la_SOURCES += pem/pem_oth.c
+libcrypto_la_SOURCES += pem/pem_pk8.c
+libcrypto_la_SOURCES += pem/pem_pkey.c
+libcrypto_la_SOURCES += pem/pem_seal.c
+libcrypto_la_SOURCES += pem/pem_sign.c
+libcrypto_la_SOURCES += pem/pem_x509.c
+libcrypto_la_SOURCES += pem/pem_xaux.c
+libcrypto_la_SOURCES += pem/pvkfmt.c
+
+# pkcs12
+libcrypto_la_SOURCES += pkcs12/p12_add.c
+libcrypto_la_SOURCES += pkcs12/p12_asn.c
+libcrypto_la_SOURCES += pkcs12/p12_attr.c
+libcrypto_la_SOURCES += pkcs12/p12_crpt.c
+libcrypto_la_SOURCES += pkcs12/p12_crt.c
+libcrypto_la_SOURCES += pkcs12/p12_decr.c
+libcrypto_la_SOURCES += pkcs12/p12_init.c
+libcrypto_la_SOURCES += pkcs12/p12_key.c
+libcrypto_la_SOURCES += pkcs12/p12_kiss.c
+libcrypto_la_SOURCES += pkcs12/p12_mutl.c
+libcrypto_la_SOURCES += pkcs12/p12_npas.c
+libcrypto_la_SOURCES += pkcs12/p12_p8d.c
+libcrypto_la_SOURCES += pkcs12/p12_p8e.c
+libcrypto_la_SOURCES += pkcs12/p12_utl.c
+libcrypto_la_SOURCES += pkcs12/pk12err.c
+
+# pkcs7
+libcrypto_la_SOURCES += pkcs7/bio_pk7.c
+libcrypto_la_SOURCES += pkcs7/pk7_asn1.c
+libcrypto_la_SOURCES += pkcs7/pk7_attr.c
+libcrypto_la_SOURCES += pkcs7/pk7_doit.c
+libcrypto_la_SOURCES += pkcs7/pk7_lib.c
+libcrypto_la_SOURCES += pkcs7/pk7_mime.c
+libcrypto_la_SOURCES += pkcs7/pk7_smime.c
+libcrypto_la_SOURCES += pkcs7/pkcs7err.c
+
+# poly1305
+EXTRA_libcrypto_la_SOURCES += poly1305/poly1305-donna.c
+libcrypto_la_SOURCES += poly1305/poly1305.c
+
+# rand
+libcrypto_la_SOURCES += rand/rand_err.c
+libcrypto_la_SOURCES += rand/rand_lib.c
+libcrypto_la_SOURCES += rand/randfile.c
+
+# rc2
+libcrypto_la_SOURCES += rc2/rc2_cbc.c
+libcrypto_la_SOURCES += rc2/rc2_ecb.c
+libcrypto_la_SOURCES += rc2/rc2_skey.c
+libcrypto_la_SOURCES += rc2/rc2cfb64.c
+libcrypto_la_SOURCES += rc2/rc2ofb64.c
+noinst_HEADERS += rc2/rc2_locl.h
+
+# rc4
+noinst_HEADERS += rc4/rc4_locl.h
+
+# ripemd
+libcrypto_la_SOURCES += ripemd/rmd_dgst.c
+libcrypto_la_SOURCES += ripemd/rmd_one.c
+noinst_HEADERS += ripemd/rmd_locl.h
+noinst_HEADERS += ripemd/rmdconst.h
+
+# rsa
+libcrypto_la_SOURCES += rsa/rsa_ameth.c
+libcrypto_la_SOURCES += rsa/rsa_asn1.c
+libcrypto_la_SOURCES += rsa/rsa_chk.c
+libcrypto_la_SOURCES += rsa/rsa_crpt.c
+libcrypto_la_SOURCES += rsa/rsa_depr.c
+libcrypto_la_SOURCES += rsa/rsa_eay.c
+libcrypto_la_SOURCES += rsa/rsa_err.c
+libcrypto_la_SOURCES += rsa/rsa_gen.c
+libcrypto_la_SOURCES += rsa/rsa_lib.c
+libcrypto_la_SOURCES += rsa/rsa_none.c
+libcrypto_la_SOURCES += rsa/rsa_oaep.c
+libcrypto_la_SOURCES += rsa/rsa_pk1.c
+libcrypto_la_SOURCES += rsa/rsa_pmeth.c
+libcrypto_la_SOURCES += rsa/rsa_prn.c
+libcrypto_la_SOURCES += rsa/rsa_pss.c
+libcrypto_la_SOURCES += rsa/rsa_saos.c
+libcrypto_la_SOURCES += rsa/rsa_sign.c
+libcrypto_la_SOURCES += rsa/rsa_ssl.c
+libcrypto_la_SOURCES += rsa/rsa_x931.c
+noinst_HEADERS += rsa/rsa_locl.h
+
+# sha
+libcrypto_la_SOURCES += sha/sha1_one.c
+libcrypto_la_SOURCES += sha/sha1dgst.c
+libcrypto_la_SOURCES += sha/sha256.c
+libcrypto_la_SOURCES += sha/sha512.c
+libcrypto_la_SOURCES += sha/sha_dgst.c
+libcrypto_la_SOURCES += sha/sha_one.c
+noinst_HEADERS += sha/sha_locl.h
+
+# stack
+libcrypto_la_SOURCES += stack/stack.c
+
+# ts
+libcrypto_la_SOURCES += ts/ts_asn1.c
+libcrypto_la_SOURCES += ts/ts_conf.c
+libcrypto_la_SOURCES += ts/ts_err.c
+libcrypto_la_SOURCES += ts/ts_lib.c
+libcrypto_la_SOURCES += ts/ts_req_print.c
+libcrypto_la_SOURCES += ts/ts_req_utils.c
+libcrypto_la_SOURCES += ts/ts_rsp_print.c
+libcrypto_la_SOURCES += ts/ts_rsp_sign.c
+libcrypto_la_SOURCES += ts/ts_rsp_utils.c
+libcrypto_la_SOURCES += ts/ts_rsp_verify.c
+libcrypto_la_SOURCES += ts/ts_verify_ctx.c
+
+# txt_db
+libcrypto_la_SOURCES += txt_db/txt_db.c
+
+# ui
+libcrypto_la_SOURCES += ui/ui_err.c
+libcrypto_la_SOURCES += ui/ui_lib.c
+if !HOST_WIN
+libcrypto_la_SOURCES += ui/ui_openssl.c
+endif
+if HOST_WIN
+libcrypto_la_SOURCES += ui/ui_openssl_win.c
+endif
+libcrypto_la_SOURCES += ui/ui_util.c
+noinst_HEADERS += ui/ui_locl.h
+
+# whrlpool
+libcrypto_la_SOURCES += whrlpool/wp_dgst.c
+noinst_HEADERS += whrlpool/wp_locl.h
+
+# x509
+libcrypto_la_SOURCES += x509/by_dir.c
+libcrypto_la_SOURCES += x509/by_file.c
+libcrypto_la_SOURCES += x509/x509_att.c
+libcrypto_la_SOURCES += x509/x509_cmp.c
+libcrypto_la_SOURCES += x509/x509_d2.c
+libcrypto_la_SOURCES += x509/x509_def.c
+libcrypto_la_SOURCES += x509/x509_err.c
+libcrypto_la_SOURCES += x509/x509_ext.c
+libcrypto_la_SOURCES += x509/x509_lu.c
+libcrypto_la_SOURCES += x509/x509_obj.c
+libcrypto_la_SOURCES += x509/x509_r2x.c
+libcrypto_la_SOURCES += x509/x509_req.c
+libcrypto_la_SOURCES += x509/x509_set.c
+libcrypto_la_SOURCES += x509/x509_trs.c
+libcrypto_la_SOURCES += x509/x509_txt.c
+libcrypto_la_SOURCES += x509/x509_v3.c
+libcrypto_la_SOURCES += x509/x509_vfy.c
+libcrypto_la_SOURCES += x509/x509_vpm.c
+libcrypto_la_SOURCES += x509/x509cset.c
+libcrypto_la_SOURCES += x509/x509name.c
+libcrypto_la_SOURCES += x509/x509rset.c
+libcrypto_la_SOURCES += x509/x509spki.c
+libcrypto_la_SOURCES += x509/x509type.c
+libcrypto_la_SOURCES += x509/x_all.c
+noinst_HEADERS += x509/x509_lcl.h
+
+# x509v3
+libcrypto_la_SOURCES += x509v3/pcy_cache.c
+libcrypto_la_SOURCES += x509v3/pcy_data.c
+libcrypto_la_SOURCES += x509v3/pcy_lib.c
+libcrypto_la_SOURCES += x509v3/pcy_map.c
+libcrypto_la_SOURCES += x509v3/pcy_node.c
+libcrypto_la_SOURCES += x509v3/pcy_tree.c
+libcrypto_la_SOURCES += x509v3/v3_akey.c
+libcrypto_la_SOURCES += x509v3/v3_akeya.c
+libcrypto_la_SOURCES += x509v3/v3_alt.c
+libcrypto_la_SOURCES += x509v3/v3_bcons.c
+libcrypto_la_SOURCES += x509v3/v3_bitst.c
+libcrypto_la_SOURCES += x509v3/v3_conf.c
+libcrypto_la_SOURCES += x509v3/v3_cpols.c
+libcrypto_la_SOURCES += x509v3/v3_crld.c
+libcrypto_la_SOURCES += x509v3/v3_enum.c
+libcrypto_la_SOURCES += x509v3/v3_extku.c
+libcrypto_la_SOURCES += x509v3/v3_genn.c
+libcrypto_la_SOURCES += x509v3/v3_ia5.c
+libcrypto_la_SOURCES += x509v3/v3_info.c
+libcrypto_la_SOURCES += x509v3/v3_int.c
+libcrypto_la_SOURCES += x509v3/v3_lib.c
+libcrypto_la_SOURCES += x509v3/v3_ncons.c
+libcrypto_la_SOURCES += x509v3/v3_ocsp.c
+libcrypto_la_SOURCES += x509v3/v3_pci.c
+libcrypto_la_SOURCES += x509v3/v3_pcia.c
+libcrypto_la_SOURCES += x509v3/v3_pcons.c
+libcrypto_la_SOURCES += x509v3/v3_pku.c
+libcrypto_la_SOURCES += x509v3/v3_pmaps.c
+libcrypto_la_SOURCES += x509v3/v3_prn.c
+libcrypto_la_SOURCES += x509v3/v3_purp.c
+libcrypto_la_SOURCES += x509v3/v3_skey.c
+libcrypto_la_SOURCES += x509v3/v3_sxnet.c
+libcrypto_la_SOURCES += x509v3/v3_utl.c
+libcrypto_la_SOURCES += x509v3/v3err.c
+noinst_HEADERS += x509v3/ext_dat.h
+noinst_HEADERS += x509v3/pcy_int.h

crypto/Makefile.am.elf-x86_64

@@ -0,0 +1,41 @@
+
+ASM_X86_64_ELF = aes/aes-elf-x86_64.s
+ASM_X86_64_ELF += aes/bsaes-elf-x86_64.s
+ASM_X86_64_ELF += aes/vpaes-elf-x86_64.s
+ASM_X86_64_ELF += aes/aesni-elf-x86_64.s
+ASM_X86_64_ELF += aes/aesni-sha1-elf-x86_64.s
+ASM_X86_64_ELF += bn/modexp512-elf-x86_64.s
+ASM_X86_64_ELF += bn/mont-elf-x86_64.s
+ASM_X86_64_ELF += bn/mont5-elf-x86_64.s
+ASM_X86_64_ELF += bn/gf2m-elf-x86_64.s
+ASM_X86_64_ELF += camellia/cmll-elf-x86_64.s
+ASM_X86_64_ELF += md5/md5-elf-x86_64.s
+ASM_X86_64_ELF += modes/ghash-elf-x86_64.s
+ASM_X86_64_ELF += rc4/rc4-elf-x86_64.s
+ASM_X86_64_ELF += rc4/rc4-md5-elf-x86_64.s
+ASM_X86_64_ELF += sha/sha1-elf-x86_64.s
+ASM_X86_64_ELF += sha/sha256-elf-x86_64.S
+ASM_X86_64_ELF += sha/sha512-elf-x86_64.S
+ASM_X86_64_ELF += whrlpool/wp-elf-x86_64.s
+ASM_X86_64_ELF += cpuid-elf-x86_64.S
+
+EXTRA_DIST += $(ASM_X86_64_ELF)
+
+if HOST_ASM_ELF_X86_64
+libcrypto_la_CFLAGS += -DAES_ASM
+libcrypto_la_CFLAGS += -DBSAES_ASM
+libcrypto_la_CFLAGS += -DVPAES_ASM
+libcrypto_la_CFLAGS += -DOPENSSL_IA32_SSE2
+libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT
+libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT5
+libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_GF2m
+libcrypto_la_CFLAGS += -DMD5_ASM
+libcrypto_la_CFLAGS += -DGHASH_ASM
+libcrypto_la_CFLAGS += -DRSA_ASM
+libcrypto_la_CFLAGS += -DSHA1_ASM
+libcrypto_la_CFLAGS += -DSHA256_ASM
+libcrypto_la_CFLAGS += -DSHA512_ASM
+libcrypto_la_CFLAGS += -DWHIRLPOOL_ASM
+libcrypto_la_CFLAGS += -DOPENSSL_CPUID_OBJ
+libcrypto_la_SOURCES += $(ASM_X86_64_ELF)
+endif

crypto/Makefile.am.macosx-x86_64

@@ -0,0 +1,41 @@
+
+ASM_X86_64_MACOSX = aes/aes-macosx-x86_64.s
+ASM_X86_64_MACOSX += aes/bsaes-macosx-x86_64.s
+ASM_X86_64_MACOSX += aes/vpaes-macosx-x86_64.s
+ASM_X86_64_MACOSX += aes/aesni-macosx-x86_64.s
+ASM_X86_64_MACOSX += aes/aesni-sha1-macosx-x86_64.s
+ASM_X86_64_MACOSX += bn/modexp512-macosx-x86_64.s
+ASM_X86_64_MACOSX += bn/mont-macosx-x86_64.s
+ASM_X86_64_MACOSX += bn/mont5-macosx-x86_64.s
+ASM_X86_64_MACOSX += bn/gf2m-macosx-x86_64.s
+ASM_X86_64_MACOSX += camellia/cmll-macosx-x86_64.s
+ASM_X86_64_MACOSX += md5/md5-macosx-x86_64.s
+ASM_X86_64_MACOSX += modes/ghash-macosx-x86_64.s
+ASM_X86_64_MACOSX += rc4/rc4-macosx-x86_64.s
+ASM_X86_64_MACOSX += rc4/rc4-md5-macosx-x86_64.s
+ASM_X86_64_MACOSX += sha/sha1-macosx-x86_64.s
+ASM_X86_64_MACOSX += sha/sha256-macosx-x86_64.S
+ASM_X86_64_MACOSX += sha/sha512-macosx-x86_64.S
+ASM_X86_64_MACOSX += whrlpool/wp-macosx-x86_64.s
+ASM_X86_64_MACOSX += cpuid-macosx-x86_64.S
+
+EXTRA_DIST += $(ASM_X86_64_MACOSX)
+
+if HOST_ASM_MACOSX_X86_64
+libcrypto_la_CFLAGS += -DAES_ASM
+libcrypto_la_CFLAGS += -DBSAES_ASM
+libcrypto_la_CFLAGS += -DVPAES_ASM
+libcrypto_la_CFLAGS += -DOPENSSL_IA32_SSE2
+libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT
+libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_MONT5
+libcrypto_la_CFLAGS += -DOPENSSL_BN_ASM_GF2m
+libcrypto_la_CFLAGS += -DMD5_ASM
+libcrypto_la_CFLAGS += -DGHASH_ASM
+libcrypto_la_CFLAGS += -DRSA_ASM
+libcrypto_la_CFLAGS += -DSHA1_ASM
+libcrypto_la_CFLAGS += -DSHA256_ASM
+libcrypto_la_CFLAGS += -DSHA512_ASM
+libcrypto_la_CFLAGS += -DWHIRLPOOL_ASM
+libcrypto_la_CFLAGS += -DOPENSSL_CPUID_OBJ
+libcrypto_la_SOURCES += $(ASM_X86_64_MACOSX)
+endif

crypto/Makefile.am.tpl

@@ -1,94 +0,0 @@
-include $(top_srcdir)/Makefile.am.common
-
-AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1
-AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
-AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
-
-lib_LTLIBRARIES = libcrypto.la
-
-libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la
-libcrypto_la_LDFLAGS = -version-info libcrypto-version
-libcrypto_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS) -DOPENSSL_NO_HW_PADLOCK
-
-noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
-
-# compatibility functions that need to be built without optimizations
-libcompatnoopt_la_CFLAGS = -O0
-libcompatnoopt_la_SOURCES =
-
-if NO_EXPLICIT_BZERO
-libcompatnoopt_la_SOURCES += compat/explicit_bzero.c
-endif
-
-# other compatibility functions
-libcompat_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
-libcompat_la_SOURCES =
-libcompat_la_LIBADD = $(PLATFORM_LDADD)
-
-if NO_STRLCAT
-libcompat_la_SOURCES += compat/strlcat.c
-endif
-
-if NO_STRLCPY
-libcompat_la_SOURCES += compat/strlcpy.c
-endif
-
-if NO_STRNDUP
-libcompat_la_SOURCES += compat/strndup.c
-libcompat_la_SOURCES += compat/strnlen.c
-endif
-
-if NO_ASPRINTF
-libcompat_la_SOURCES += compat/bsd-asprintf.c
-endif
-
-if NO_REALLOCARRAY
-libcompat_la_SOURCES += compat/reallocarray.c
-endif
-
-if NO_TIMINGSAFE_MEMCMP
-libcompat_la_SOURCES += compat/timingsafe_memcmp.c
-endif
-
-if NO_TIMINGSAFE_BCMP
-libcompat_la_SOURCES += compat/timingsafe_bcmp.c
-endif
-
-if NO_ARC4RANDOM_BUF
-libcompat_la_SOURCES += compat/arc4random.c
-
-if NO_GETENTROPY
-if HOST_LINUX
-libcompat_la_SOURCES += compat/getentropy_linux.c
-endif
-if HOST_DARWIN
-libcompat_la_SOURCES += compat/getentropy_osx.c
-endif
-if HOST_SOLARIS
-libcompat_la_SOURCES += compat/getentropy_solaris.c
-endif
-if HOST_WIN
-libcompat_la_SOURCES += compat/getentropy_win.c
-endif
-endif
-
-endif
-
-if NO_ISSETUGID
-if HOST_LINUX
-libcompat_la_SOURCES += compat/issetugid_linux.c
-endif
-if HOST_WIN
-libcompat_la_SOURCES += compat/issetugid_win.c
-endif
-endif
-
-noinst_HEADERS = des/ncbc_enc.c
-noinst_HEADERS += compat/arc4random.h
-noinst_HEADERS += compat/arc4random_linux.h
-noinst_HEADERS += compat/arc4random_osx.h
-noinst_HEADERS += compat/arc4random_solaris.h
-noinst_HEADERS += compat/arc4random_win.h
-noinst_HEADERS += compat/chacha_private.h
-libcrypto_la_SOURCES =
-EXTRA_libcrypto_la_SOURCES =

crypto/compat/arc4random.h

@@ -1,4 +1,12 @@
-#if defined(__linux__)
+#ifndef LIBCRYPTOCOMPAT_ARC4RANDOM_H
+#define LIBCRYPTOCOMPAT_ARC4RANDOM_H
+
+#include <sys/param.h>
+
+#if defined(__FreeBSD__)
+#include "arc4random_freebsd.h"
+
+#elif defined(__linux__)
 #include "arc4random_linux.h"
 
 #elif defined(__APPLE__)
@@ -7,7 +15,7 @@
 #elif defined(__sun)
 #include "arc4random_solaris.h"
 
-#elif defined(__WIN32)
+#elif defined(_WIN32)
 #include "arc4random_win.h"
 
 #else
@@ -15,3 +23,4 @@
 
 #endif
 
+#endif

crypto/compat/b_win.c

@@ -0,0 +1,54 @@
+/*
+ * Public domain
+ *
+ * Dongsheng Song <dongsheng.song@gmail.com>
+ * Brent Cook <bcook@openbsd.org>
+ */
+
+#include <ws2tcpip.h>
+
+#include <openssl/bio.h>
+#include <openssl/err.h>
+
+int
+BIO_sock_init(void)
+{
+	/*
+	 * WSAStartup loads the winsock .dll and initializes the networking
+	 * stack on Windows, or simply increases the reference count.
+	 */
+	static struct WSAData wsa_state = {0};
+	WORD version_requested = MAKEWORD(2, 2);
+	static int wsa_init_done = 0;
+	if (!wsa_init_done) {
+		if (WSAStartup(version_requested, &wsa_state) != 0) {
+			int err = WSAGetLastError();
+			SYSerr(SYS_F_WSASTARTUP, err);
+			BIOerr(BIO_F_BIO_SOCK_INIT, BIO_R_WSASTARTUP);
+			return (-1);
+		}
+		wsa_init_done = 1;
+	}
+ 	return (1);
+}
+
+void
+BIO_sock_cleanup(void)
+{
+	/*
+	 * We could call WSACleanup here, but it is easy to get it wrong. Since
+	 * this API provides no way to even tell if it failed, there is no safe
+	 * way to expose that functionality here.
+	 *
+	 * The cost of leaving the networking DLLs loaded may have been large
+	 * during the Windows 3.1/win32s era, but it is small in modern
+	 * contexts, so don't bother.
+	 */
+}
+
+int
+BIO_socket_nbio(int s, int mode)
+{
+	u_long value = mode;
+	return ioctlsocket(s, FIONBIO, &value) != SOCKET_ERROR;
+}

crypto/compat/bsd-asprintf.c

@@ -17,7 +17,7 @@
  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-#ifndef HAVE_VASPRINTF
+#ifndef HAVE_ASPRINTF
 
 #include <errno.h>
 #include <limits.h> /* for INT_MAX */
@@ -80,9 +80,7 @@ fail:
 	errno = ENOMEM;
 	return (-1);
 }
-#endif
 
-#ifndef HAVE_ASPRINTF
 int asprintf(char **str, const char *fmt, ...)
 {
 	va_list ap;

crypto/compat/ui_openssl_win.c

@@ -0,0 +1,367 @@
+/* $OpenBSD: ui_openssl.c,v 1.22 2014/07/11 08:44:49 jsing Exp $ */
+/* Written by Richard Levitte (richard@levitte.org) and others
+ * for the OpenSSL project 2001.
+ */
+/* ====================================================================
+ * Copyright (c) 2001 The OpenSSL Project.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ *    software must display the following acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ *    endorse or promote products derived from this software without
+ *    prior written permission. For written permission, please contact
+ *    openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ *    nor may "OpenSSL" appear in their names without prior written
+ *    permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ *    acknowledgment:
+ *    "This product includes software developed by the OpenSSL Project
+ *    for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com).  This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/* The lowest level part of this file was previously in crypto/des/read_pwd.c,
+ * Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to.  The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ *    must display the following acknowledgement:
+ *    "This product includes cryptographic software written by
+ *     Eric Young (eay@cryptsoft.com)"
+ *    The word 'cryptographic' can be left out if the rouines from the library
+ *    being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ *    the apps directory (application code) you must include an acknowledgement:
+ *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed.  i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+
+#include <sys/ioctl.h>
+
+#include <openssl/opensslconf.h>
+
+#include <errno.h>
+#include <signal.h>
+#include <stdio.h>
+#include <string.h>
+#include <unistd.h>
+
+#include "ui_locl.h"
+
+#ifndef NX509_SIG
+#define NX509_SIG 32
+#endif
+
+/* Define globals.  They are protected by a lock */
+static void (*savsig[NX509_SIG])(int );
+
+static FILE *tty_in, *tty_out;
+static int is_a_tty;
+
+/* Declare static functions */
+static int read_till_nl(FILE *);
+static void recsig(int);
+static void pushsig(void);
+static void popsig(void);
+static int read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl);
+
+static int read_string(UI *ui, UI_STRING *uis);
+static int write_string(UI *ui, UI_STRING *uis);
+
+static int open_console(UI *ui);
+static int echo_console(UI *ui);
+static int noecho_console(UI *ui);
+static int close_console(UI *ui);
+
+static UI_METHOD ui_openssl = {
+	.name = "OpenSSL default user interface",
+	.ui_open_session = open_console,
+	.ui_write_string = write_string,
+	.ui_read_string = read_string,
+	.ui_close_session = close_console,
+};
+
+/* The method with all the built-in thingies */
+UI_METHOD *
+UI_OpenSSL(void)
+{
+	return &ui_openssl;
+}
+
+/* The following function makes sure that info and error strings are printed
+   before any prompt. */
+static int
+write_string(UI *ui, UI_STRING *uis)
+{
+	switch (UI_get_string_type(uis)) {
+	case UIT_ERROR:
+	case UIT_INFO:
+		fputs(UI_get0_output_string(uis), tty_out);
+		fflush(tty_out);
+		break;
+	default:
+		break;
+	}
+	return 1;
+}
+
+static int
+read_string(UI *ui, UI_STRING *uis)
+{
+	int ok = 0;
+
+	switch (UI_get_string_type(uis)) {
+	case UIT_BOOLEAN:
+		fputs(UI_get0_output_string(uis), tty_out);
+		fputs(UI_get0_action_string(uis), tty_out);
+		fflush(tty_out);
+		return read_string_inner(ui, uis,
+		    UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 0);
+	case UIT_PROMPT:
+		fputs(UI_get0_output_string(uis), tty_out);
+		fflush(tty_out);
+		return read_string_inner(ui, uis,
+		    UI_get_input_flags(uis) & UI_INPUT_FLAG_ECHO, 1);
+	case UIT_VERIFY:
+		fprintf(tty_out, "Verifying - %s",
+		    UI_get0_output_string(uis));
+		fflush(tty_out);
+		if ((ok = read_string_inner(ui, uis, UI_get_input_flags(uis) &
+		    UI_INPUT_FLAG_ECHO, 1)) <= 0)
+			return ok;
+		if (strcmp(UI_get0_result_string(uis),
+		    UI_get0_test_string(uis)) != 0) {
+			fprintf(tty_out, "Verify failure\n");
+			fflush(tty_out);
+			return 0;
+		}
+		break;
+	default:
+		break;
+	}
+	return 1;
+}
+
+
+/* Internal functions to read a string without echoing */
+static int
+read_till_nl(FILE *in)
+{
+#define SIZE 4
+	char buf[SIZE + 1];
+
+	do {
+		if (!fgets(buf, SIZE, in))
+			return 0;
+	} while (strchr(buf, '\n') == NULL);
+	return 1;
+}
+
+static volatile sig_atomic_t intr_signal;
+
+static int
+read_string_inner(UI *ui, UI_STRING *uis, int echo, int strip_nl)
+{
+	static int ps;
+	int ok;
+	char result[BUFSIZ];
+	int maxsize = BUFSIZ - 1;
+	char *p;
+
+	intr_signal = 0;
+	ok = 0;
+	ps = 0;
+
+	pushsig();
+
+	ps = 1;
+
+	if (!echo && !noecho_console(ui))
+		goto error;
+	ps = 2;
+
+	result[0] = '\0';
+	p = fgets(result, maxsize, tty_in);
+	if (!p)
+		goto error;
+	if (feof(tty_in))
+		goto error;
+	if (ferror(tty_in))
+		goto error;
+	if ((p = strchr(result, '\n')) != NULL) {
+		if (strip_nl)
+			*p = '\0';
+	} else if (!read_till_nl(tty_in))
+		goto error;
+	if (UI_set_result(ui, uis, result) >= 0)
+		ok = 1;
+
+error:
+	if (intr_signal == SIGINT)
+		ok = -1;
+	if (!echo)
+		fprintf(tty_out, "\n");
+	if (ps >= 2 && !echo && !echo_console(ui))
+		ok = 0;
+
+	if (ps >= 1)
+		popsig();
+
+	OPENSSL_cleanse(result, BUFSIZ);
+	return ok;
+}
+
+
+/* Internal functions to open, handle and close a channel to the console.  */
+static int
+open_console(UI *ui)
+{
+	CRYPTO_w_lock(CRYPTO_LOCK_UI);
+	is_a_tty = 1;
+
+	tty_in = stdin;
+	tty_out = stderr;
+
+	return 1;
+}
+
+static int
+noecho_console(UI *ui)
+{
+	DWORD mode = 0;
+	HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
+	if (handle != INVALID_HANDLE_VALUE && handle != handle) {
+		return GetConsoleMode(handle, &mode) && SetConsoleMode(handle, mode & (~ENABLE_ECHO_INPUT));
+	}
+	return 0;
+}
+
+static int
+echo_console(UI *ui)
+{
+	DWORD mode = 0;
+	HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
+	if (handle != INVALID_HANDLE_VALUE && handle != handle) {
+		return GetConsoleMode(handle, &mode) && SetConsoleMode(handle, mode | ENABLE_ECHO_INPUT);
+	}
+	return 0;
+}
+
+static int
+close_console(UI *ui)
+{
+	if (tty_in != stdin)
+		fclose(tty_in);
+	if (tty_out != stderr)
+		fclose(tty_out);
+	CRYPTO_w_unlock(CRYPTO_LOCK_UI);
+
+	return 1;
+}
+
+/* Internal functions to handle signals and act on them */
+static void
+pushsig(void)
+{
+	savsig[SIGABRT] = signal(SIGABRT, recsig);
+	savsig[SIGFPE]  = signal(SIGFPE,  recsig);
+	savsig[SIGILL]  = signal(SIGILL,  recsig);
+	savsig[SIGINT]  = signal(SIGINT,  recsig);
+	savsig[SIGSEGV] = signal(SIGSEGV, recsig);
+	savsig[SIGTERM] = signal(SIGTERM, recsig);
+}
+
+static void
+popsig(void)
+{
+	signal(SIGABRT, savsig[SIGABRT]);
+	signal(SIGFPE,  savsig[SIGFPE]);
+	signal(SIGILL,  savsig[SIGILL]);
+	signal(SIGINT,  savsig[SIGINT]);
+	signal(SIGSEGV, savsig[SIGSEGV]);
+	signal(SIGTERM, savsig[SIGTERM]);
+}
+
+static void
+recsig(int i)
+{
+	intr_signal = i;
+}

dist.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 set -e
 
+rm -f man/*.1 man/*.3
 ./autogen.sh
-./configure
-make dist
+./configure --enable-libtls
+make distcheck

include/Makefile.am

@@ -1,11 +1,32 @@
+include $(top_srcdir)/Makefile.am.common
+
 SUBDIRS = openssl
 
 noinst_HEADERS = err.h
+noinst_HEADERS += netdb.h
+noinst_HEADERS += poll.h
 noinst_HEADERS += pqueue.h
 noinst_HEADERS += stdio.h
 noinst_HEADERS += stdlib.h
 noinst_HEADERS += string.h
+noinst_HEADERS += syslog.h
 noinst_HEADERS += unistd.h
+noinst_HEADERS += win32netcompat.h
+
+noinst_HEADERS += arpa/inet.h
+
 noinst_HEADERS += machine/endian.h
+
+noinst_HEADERS += netinet/in.h
+noinst_HEADERS += netinet/tcp.h
+
+noinst_HEADERS += sys/ioctl.h
 noinst_HEADERS += sys/mman.h
+noinst_HEADERS += sys/select.h
+noinst_HEADERS += sys/socket.h
+noinst_HEADERS += sys/times.h
 noinst_HEADERS += sys/types.h
+
+if ENABLE_LIBTLS
+include_HEADERS = tls.h
+endif

include/arpa/inet.h

@@ -0,0 +1,10 @@
+/*
+ * Public domain
+ * arpa/inet.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <arpa/inet.h>
+#else
+#include <win32netcompat.h>
+#endif

include/err.h

@@ -1,3 +1,8 @@
+/*
+ * Public domain
+ * err.h compatibility shim
+ */
+
 #ifdef HAVE_ERR_H
 
 #include_next <err.h>

include/machine/endian.h

@@ -1,7 +1,12 @@
+/*
+ * Public domain
+ * machine/endian.h compatibility shim
+ */
+
 #ifndef LIBCRYPTOCOMPAT_BYTE_ORDER_H_
 #define LIBCRYPTOCOMPAT_BYTE_ORDER_H_
 
-#if defined(__WIN32)
+#if defined(_WIN32)
 
 #define LITTLE_ENDIAN  1234
 #define BIG_ENDIAN 4321

include/netdb.h

@@ -0,0 +1,10 @@
+/*
+ * Public domain
+ * netdb.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <netdb.h>
+#else
+#include <win32netcompat.h>
+#endif

include/netinet/in.h

@@ -0,0 +1,10 @@
+/*
+ * Public domain
+ * netinet/in.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <netinet/in.h>
+#else
+#include <win32netcompat.h>
+#endif

include/netinet/tcp.h

@@ -0,0 +1,10 @@
+/*
+ * Public domain
+ * netinet/tcp.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <netinet/tcp.h>
+#else
+#include <win32netcompat.h>
+#endif

include/poll.h

@@ -0,0 +1,63 @@
+/*
+ * Public domain
+ *
+ * poll(2) emulation for Windows
+ *
+ * This emulates just-enough poll functionality on Windows to work in the
+ * context of the openssl(1) program. This is not a replacement for
+ * POSIX.1-2001 poll(2).
+ *
+ * Dongsheng Song <dongsheng.song@gmail.com>
+ * Brent Cook <bcook@openbsd.org>
+ */
+
+#ifndef LIBCRYPTOCOMPAT_POLL_H
+#define LIBCRYPTOCOMPAT_POLL_H
+
+#ifdef HAVE_POLL
+#include_next <poll.h>
+#else
+
+#include <winsock2.h>
+
+/* Type used for the number of file descriptors. */
+typedef unsigned long int nfds_t;
+
+#if !defined(_WIN32_WINNT) || (_WIN32_WINNT < 0x0600)
+/* Data structure describing a polling request. */
+struct pollfd {
+	int fd; /* file descriptor */
+	short events; /* requested events */
+	short revents; /* returned events */
+};
+
+/* Event types that can be polled */
+#define POLLIN 0x001 /* There is data to read. */
+#define POLLPRI 0x002 /* There is urgent data to read. */
+#define POLLOUT 0x004 /* Writing now will not block. */
+
+# define POLLRDNORM 0x040 /* Normal data may be read. */
+# define POLLRDBAND 0x080 /* Priority data may be read. */
+# define POLLWRNORM 0x100 /* Writing now will not block. */
+# define POLLWRBAND 0x200 /* Priority data may be written. */
+
+/* Event types always implicitly polled. */
+#define POLLERR 0x008 /* Error condition. */
+#define POLLHUP 0x010 /* Hung up. */
+#define POLLNVAL 0x020 /* Invalid polling request. */
+
+#endif
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+int poll(struct pollfd *pfds, nfds_t nfds, int timeout);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HAVE_POLL */
+
+#endif /* LIBCRYPTOCOMPAT_POLL_H */

include/stdio.h

@@ -1,11 +1,30 @@
+/*
+ * Public domain
+ * stdio.h compatibility shim
+ */
+
 #include_next <stdio.h>
 
 #ifndef LIBCRYPTOCOMPAT_STDIO_H
 #define LIBCRYPTOCOMPAT_STDIO_H
 
-#ifdef NO_ASPRINTF
+#ifndef HAVE_ASPRINTF
+#include <stdarg.h>
 int vasprintf(char **str, const char *fmt, va_list ap);
 int asprintf(char **str, const char *fmt, ...);
 #endif
 
+#ifdef _WIN32
+#include <errno.h>
+#include <string.h>
+
+static inline void
+posix_perror(const char *s)
+{
+	fprintf(stderr, "%s: %s\n", s, strerror(errno));
+}
+
+#define perror(errnum) posix_perror(errnum)
+#endif
+
 #endif

include/stdlib.h

@@ -1,3 +1,8 @@
+/*
+ * stdlib.h compatibility shim
+ * Public domain
+ */
+
 #include_next <stdlib.h>
 
 #ifndef LIBCRYPTOCOMPAT_STDLIB_H
@@ -7,16 +12,16 @@
 #include <sys/time.h>
 #include <stdint.h>
 
-#ifdef NO_ARC4RANDOM_BUF
+#ifndef HAVE_ARC4RANDOM_BUF
 uint32_t arc4random(void);
 void arc4random_buf(void *_buf, size_t n);
 #endif
 
-#ifdef NO_REALLOCARRAY
+#ifndef HAVE_REALLOCARRAY
 void *reallocarray(void *, size_t, size_t);
 #endif
 
-#ifdef NO_STRTONUM
+#ifndef HAVE_STRTONUM
 long long strtonum(const char *nptr, long long minval,
 		long long maxval, const char **errstr);
 #endif

include/string.h

@@ -1,3 +1,8 @@
+/*
+ * Public domain
+ * string.h compatibility shim
+ */
+
 #include_next <string.h>
 
 #ifndef LIBCRYPTOCOMPAT_STRING_H
@@ -5,41 +10,60 @@
 
 #include <sys/types.h>
 
-#ifdef __sun
+#if defined(__sun) || defined(__hpux)
 /* Some functions historically defined in string.h were placed in strings.h by
- * SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris.
+ * SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris and HPUX.
  */
 #include <strings.h>
 #endif
 
-#ifdef NO_STRLCPY
+#ifndef HAVE_STRLCPY
 size_t strlcpy(char *dst, const char *src, size_t siz);
 #endif
 
-#ifdef NO_STRLCAT
+#ifndef HAVE_STRLCAT
 size_t strlcat(char *dst, const char *src, size_t siz);
 #endif
 
-#ifdef NO_STRNDUP
+#ifndef HAVE_STRNDUP
 char * strndup(const char *str, size_t maxlen);
+/* the only user of strnlen is strndup, so only build it if needed */
+#ifndef HAVE_STRNLEN
 size_t strnlen(const char *str, size_t maxlen);
 #endif
+#endif
 
-#ifdef NO_EXPLICIT_BZERO
+#ifndef HAVE_EXPLICIT_BZERO
 void explicit_bzero(void *, size_t);
 #endif
 
-#ifdef NO_TIMINGSAFE_BCMP
+#ifndef HAVE_TIMINGSAFE_BCMP
 int timingsafe_bcmp(const void *b1, const void *b2, size_t n);
 #endif
 
-#ifdef NO_TIMINGSAFE_MEMCMP
+#ifndef HAVE_TIMINGSAFE_MEMCMP
 int timingsafe_memcmp(const void *b1, const void *b2, size_t len);
 #endif
 
-#ifdef NO_MEMMEM
+#ifndef HAVE_MEMMEM
 void * memmem(const void *big, size_t big_len, const void *little,
 	size_t little_len);
 #endif
 
+#ifdef _WIN32
+#include <errno.h>
+
+static inline char  *
+posix_strerror(int errnum)
+{
+	if (errnum == ECONNREFUSED) {
+		return "Connection refused";
+	}
+	return strerror(errnum);
+}
+
+#define strerror(errnum) posix_strerror(errnum)
+
+#endif
+
 #endif

include/sys/ioctl.h

@@ -0,0 +1,11 @@
+/*
+ * Public domain
+ * sys/ioctl.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <sys/ioctl.h>
+#else
+#include <win32netcompat.h>
+#define ioctl(fd, type, arg) ioctlsocket(fd, type, arg)
+#endif

include/sys/mman.h

@@ -1,3 +1,8 @@
+/*
+ * Public domain
+ * sys/mman.h compatibility shim
+ */
+
 #include_next <sys/mman.h>
 
 #ifndef LIBCRYPTOCOMPAT_MMAN_H

include/sys/select.h

@@ -0,0 +1,10 @@
+/*
+ * Public domain
+ * sys/select.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <sys/select.h>
+#else
+#include <win32netcompat.h>
+#endif

include/sys/socket.h

@@ -0,0 +1,10 @@
+/*
+ * Public domain
+ * sys/socket.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <sys/socket.h>
+#else
+#include <win32netcompat.h>
+#endif

include/sys/times.h

@@ -0,0 +1,10 @@
+/*
+ * Public domain
+ * sys/times.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <sys/times.h>
+#else
+#include <win32netcompat.h>
+#endif

include/sys/types.h

@@ -1,3 +1,8 @@
+/*
+ * Public domain
+ * sys/types.h compatibility shim
+ */
+
 #include_next <sys/types.h>
 
 #ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H

include/syslog.h

@@ -0,0 +1,38 @@
+/*
+ * Public domain
+ * syslog.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_SYSLOG_H
+#define LIBCRYPTOCOMPAT_SYSLOG_H
+
+#ifndef _WIN32
+#include_next <syslog.h>
+#else
+
+/* priorities */
+#define LOG_EMERG 0
+#define LOG_ALERT 1
+#define LOG_CRIT 2
+#define LOG_ERR 3
+#define LOG_WARNING 4
+#define LOG_NOTICE 5
+#define LOG_INFO 6
+#define LOG_DEBUG 7
+
+/* facility codes */
+#define LOG_KERN (0<<3)
+#define LOG_USER (1<<3)
+#define LOG_DAEMON (3<<3)
+
+/* flags for openlog */
+#define LOG_PID 0x01
+#define LOG_CONS 0x02
+
+extern void openlog(const char *ident, int option, int facility);
+extern void syslog(int priority, const char *fmt, ...)
+	__attribute__ ((__format__ (__printf__, 2, 3)));
+extern void closelog (void);
+#endif
+
+#endif /* LIBCRYPTOCOMPAT_SYSLOG_H */

include/unistd.h

@@ -1,13 +1,18 @@
+/*
+ * Public domain
+ * unistd.h compatibility shim
+ */
+
 #include_next <unistd.h>
 
 #ifndef LIBCRYPTOCOMPAT_UNISTD_H
 #define LIBCRYPTOCOMPAT_UNISTD_H
 
-#ifdef NO_GETENTROPY
+#ifndef HAVE_GETENTROPY
 int getentropy(void *buf, size_t buflen);
 #endif
 
-#ifdef NO_ISSETUGID
+#ifndef HAVE_ISSETUGID
 int issetugid(void);
 #endif
 

include/win32netcompat.h

@@ -0,0 +1,161 @@
+/*
+ * Public domain
+ *
+ * BSD socket emulation code for Winsock2
+ * Brent Cook <bcook@openbsd.org>
+ */
+
+#ifndef LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
+#define LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
+
+#ifdef _WIN32
+
+#include <ws2tcpip.h>
+
+#define SHUT_RDWR SD_BOTH
+#define SHUT_RD   SD_RECEIVE
+#define SHUT_WR   SD_SEND
+
+#include <errno.h>
+#include <unistd.h>
+
+static int
+wsa_errno(int err)
+{
+	switch (err) {
+	case WSAENOBUFS:
+		errno = ENOMEM;
+		break;
+	case WSAEACCES:
+		errno = EACCES;
+		break;
+	case WSANOTINITIALISED:
+		errno = EPERM;
+		break;
+	case WSAEHOSTUNREACH:
+	case WSAENETDOWN:
+		errno = EIO;
+		break;
+	case WSAEFAULT:
+		errno = EFAULT;
+		break;
+	case WSAEINTR:
+		errno = EINTR;
+		break;
+	case WSAEINVAL:
+		errno = EINVAL;
+		break;
+	case WSAEINPROGRESS:
+		errno = EINPROGRESS;
+		break;
+	case WSAEWOULDBLOCK:
+		errno = EAGAIN;
+		break;
+	case WSAEOPNOTSUPP:
+		errno = ENOTSUP;
+		break;
+	case WSAEMSGSIZE:
+		errno = EFBIG;
+		break;
+	case WSAENOTSOCK:
+		errno = ENOTSOCK;
+		break;
+	case WSAENOPROTOOPT:
+		errno = ENOPROTOOPT;
+		break;
+	case WSAECONNREFUSED:
+		errno = ECONNREFUSED;
+		break;
+	case WSAEAFNOSUPPORT:
+		errno = EAFNOSUPPORT;
+		break;
+	case WSAENETRESET:
+	case WSAENOTCONN:
+	case WSAECONNABORTED:
+	case WSAECONNRESET:
+	case WSAESHUTDOWN:
+	case WSAETIMEDOUT:
+		errno = EPIPE;
+		break;
+	}
+	return -1;
+}
+
+static inline int
+posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen)
+{
+	int rc = connect(sockfd, addr, addrlen);
+	if (rc == SOCKET_ERROR)
+		return wsa_errno(WSAGetLastError());
+	return rc;
+}
+
+#define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen)
+
+static inline int
+posix_close(int fd)
+{
+	if (closesocket(fd) == SOCKET_ERROR) {
+		int err = WSAGetLastError();
+		return err == WSAENOTSOCK ?
+			close(fd) : wsa_errno(err);
+	}
+	return 0;
+}
+
+#define close(fd) posix_close(fd)
+
+static inline ssize_t
+posix_read(int fd, void *buf, size_t count)
+{
+	ssize_t rc = recv(fd, buf, count, 0);
+	if (rc == SOCKET_ERROR) {
+		int err = WSAGetLastError();
+		return err == WSAENOTSOCK ?
+			read(fd, buf, count) : wsa_errno(err);
+	}
+	return rc;
+}
+
+#define read(fd, buf, count) posix_read(fd, buf, count)
+
+static inline ssize_t
+posix_write(int fd, const void *buf, size_t count)
+{
+	ssize_t rc = send(fd, buf, count, 0);
+	if (rc == SOCKET_ERROR) {
+		int err = WSAGetLastError();
+		return err == WSAENOTSOCK ?
+			write(fd, buf, count) : wsa_errno(err);
+	}
+	return rc;
+}
+
+#define write(fd, buf, count) posix_write(fd, buf, count)
+
+static inline int
+posix_getsockopt(int sockfd, int level, int optname,
+	void *optval, socklen_t *optlen)
+{
+	int rc = getsockopt(sockfd, level, optname, (char *)optval, optlen);
+	return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
+
+}
+
+#define getsockopt(sockfd, level, optname, optval, optlen) \
+	posix_getsockopt(sockfd, level, optname, optval, optlen)
+
+static inline int
+posix_setsockopt(int sockfd, int level, int optname,
+	const void *optval, socklen_t optlen)
+{
+	int rc = setsockopt(sockfd, level, optname, (char *)optval, optlen);
+	return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
+}
+
+#define setsockopt(sockfd, level, optname, optval, optlen) \
+	posix_setsockopt(sockfd, level, optname, optval, optlen)
+
+#endif
+
+#endif

libtls.pc.in

@@ -0,0 +1,16 @@
+#libtls pkg-config source file
+
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: LibreSSL-libtls
+Description: Secure communications using the TLS socket protocol.
+Version: @VERSION@
+Requires:
+Requires.private: libcrypto libssl
+Conflicts:
+Libs: -L${libdir} -ltls
+Libs.private: @LIBS@ -lcrypto -lssl
+Cflags: -I${includedir}

man/Makefile.am.tpl

@@ -1,3 +1,2 @@
 include $(top_srcdir)/Makefile.am.common
 dist_man_MANS=
-

man/links

@@ -1,4 +1,32 @@
-MLINKS="ASN1_OBJECT_new.3,ASN1_OBJECT_free.3 \
+TLS_MLINKS="tls_init.3,tls_config_new.3
+	tls_init.3,tls_config_free.3
+	tls_init.3,tls_config_set_ca_file.3
+	tls_init.3,tls_config_set_ca_path.3
+	tls_init.3,tls_config_set_cert_file.3
+	tls_init.3,tls_config_set_cert_mem.3
+	tls_init.3,tls_config_set_ciphers.3
+	tls_init.3,tls_config_set_ecdhcurve.3
+	tls_init.3,tls_config_set_key_file.3
+	tls_init.3,tls_config_set_key_mem.3
+	tls_init.3,tls_config_set_protocols.3
+	tls_init.3,tls_config_set_verify_depth.3
+	tls_init.3,tls_config_clear_keys.3
+	tls_init.3,tls_config_insecure_noverifyhost.3
+	tls_init.3,tls_config_insecure_noverifycert.3
+	tls_init.3,tls_config_verify.3
+	tls_init.3,tls_client.3
+	tls_init.3,tls_server.3
+	tls_init.3,tls_configure.3
+	tls_init.3,tls_error.3
+	tls_init.3,tls_reset.3
+	tls_init.3,tls_free.3
+	tls_init.3,tls_close.3
+	tls_init.3,tls_connect.3
+	tls_init.3,tls_connect_socket.3
+	tls_init.3,tls_read.3
+	tls_init.3,tls_write.3"
+
+SSL_MLINKS="ASN1_OBJECT_new.3,ASN1_OBJECT_free.3 \
 	ASN1_STRING_length.3,ASN1_STRING_cmp.3 \
 	ASN1_STRING_length.3,ASN1_STRING_data.3 \
 	ASN1_STRING_length.3,ASN1_STRING_dup.3 \
@@ -393,12 +421,18 @@ MLINKS="ASN1_OBJECT_new.3,ASN1_OBJECT_free.3 \
 	EVP_EncryptInit.3,EVP_CIPHER_param_to_asn1.3 \
 	EVP_EncryptInit.3,EVP_CIPHER_type.3 \
 	EVP_EncryptInit.3,EVP_CipherFinal.3 \
+	EVP_EncryptInit.3,EVP_CipherFinal_ex.3 \
 	EVP_EncryptInit.3,EVP_CipherInit.3 \
+	EVP_EncryptInit.3,EVP_CipherInit_ex.3 \
 	EVP_EncryptInit.3,EVP_CipherUpdate.3 \
 	EVP_EncryptInit.3,EVP_DecryptFinal.3 \
+	EVP_EncryptInit.3,EVP_DecryptFinal_ex.3 \
 	EVP_EncryptInit.3,EVP_DecryptInit.3 \
+	EVP_EncryptInit.3,EVP_DecryptInit_ex.3 \
 	EVP_EncryptInit.3,EVP_DecryptUpdate.3 \
 	EVP_EncryptInit.3,EVP_EncryptFinal.3 \
+	EVP_EncryptInit.3,EVP_EncryptFinal_ex.3 \
+	EVP_EncryptInit.3,EVP_EncryptInit_ex.3 \
 	EVP_EncryptInit.3,EVP_EncryptUpdate.3 \
 	EVP_EncryptInit.3,EVP_aes_128_ccm.3 \
 	EVP_EncryptInit.3,EVP_aes_128_gcm.3 \
@@ -772,10 +806,6 @@ MLINKS="ASN1_OBJECT_new.3,ASN1_OBJECT_free.3 \
 	d2i_X509_REQ.3,i2d_X509_REQ.3 \
 	d2i_X509_REQ.3,i2d_X509_REQ_bio.3 \
 	d2i_X509_REQ.3,i2d_X509_REQ_fp.3 \
-	dsa.3,DSA_SIG_free.3 \
-	dsa.3,DSA_do_verify.3 \
-	dsa.3,DSA_get_ex_data.3 \
-	dsa.3,DSA_set_ex_data.3 \
 	ecdsa.3,ECDSA_OpenSSL.3 \
 	ecdsa.3,ECDSA_SIG_free.3 \
 	ecdsa.3,ECDSA_SIG_new.3 \

ssl/Makefile.am

@@ -0,0 +1,52 @@
+include $(top_srcdir)/Makefile.am.common
+
+lib_LTLIBRARIES = libssl.la
+
+EXTRA_DIST = VERSION
+
+libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@
+libssl_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
+
+libssl_la_SOURCES = bio_ssl.c
+libssl_la_SOURCES += d1_both.c
+libssl_la_SOURCES += d1_clnt.c
+libssl_la_SOURCES += d1_enc.c
+libssl_la_SOURCES += d1_lib.c
+libssl_la_SOURCES += d1_meth.c
+libssl_la_SOURCES += d1_pkt.c
+libssl_la_SOURCES += d1_srtp.c
+libssl_la_SOURCES += d1_srvr.c
+libssl_la_SOURCES += pqueue.c
+libssl_la_SOURCES += s23_clnt.c
+libssl_la_SOURCES += s23_lib.c
+libssl_la_SOURCES += s23_meth.c
+libssl_la_SOURCES += s23_pkt.c
+libssl_la_SOURCES += s23_srvr.c
+libssl_la_SOURCES += s3_both.c
+libssl_la_SOURCES += s3_cbc.c
+libssl_la_SOURCES += s3_clnt.c
+libssl_la_SOURCES += s3_enc.c
+libssl_la_SOURCES += s3_lib.c
+libssl_la_SOURCES += s3_meth.c
+libssl_la_SOURCES += s3_pkt.c
+libssl_la_SOURCES += s3_srvr.c
+libssl_la_SOURCES += ssl_algs.c
+libssl_la_SOURCES += ssl_asn1.c
+libssl_la_SOURCES += ssl_cert.c
+libssl_la_SOURCES += ssl_ciph.c
+libssl_la_SOURCES += ssl_err.c
+libssl_la_SOURCES += ssl_err2.c
+libssl_la_SOURCES += ssl_lib.c
+libssl_la_SOURCES += ssl_rsa.c
+libssl_la_SOURCES += ssl_sess.c
+libssl_la_SOURCES += ssl_stat.c
+libssl_la_SOURCES += ssl_txt.c
+libssl_la_SOURCES += t1_clnt.c
+libssl_la_SOURCES += t1_enc.c
+libssl_la_SOURCES += t1_lib.c
+libssl_la_SOURCES += t1_meth.c
+libssl_la_SOURCES += t1_reneg.c
+libssl_la_SOURCES += t1_srvr.c
+
+noinst_HEADERS = srtp.h
+noinst_HEADERS += ssl_locl.h

ssl/Makefile.am.tpl

@@ -1,9 +0,0 @@
-include $(top_srcdir)/Makefile.am.common
-
-lib_LTLIBRARIES = libssl.la
-
-libssl_la_LDFLAGS = -version-info libssl-version
-
-libssl_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
-libssl_la_SOURCES =
-noinst_HEADERS =

tests/Makefile.am.tpl

@@ -3,10 +3,12 @@ include $(top_srcdir)/Makefile.am.common
 AM_CPPFLAGS += -I $(top_srcdir)/crypto/modes
 AM_CPPFLAGS += -I $(top_srcdir)/crypto/asn1
 
+LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
+LDADD += $(top_builddir)/ssl/libssl.la
+LDADD += $(top_builddir)/crypto/libcrypto.la
+
 TESTS =
 check_PROGRAMS =
 EXTRA_DIST =
+DISTCLEANFILES = pidwraptest.txt
 
-if !NO_ARC4RANDOM_BUF
-TESTS += pidwraptest.sh
-endif

tests/aeadtest.sh

@@ -1,3 +1,7 @@
 #!/bin/sh
 set -e
-./aeadtest $srcdir/aeadtests.txt
+TEST=./aeadtest
+if [ -e ./aeadtest.exe ]; then
+	TEST=./aeadtest.exe
+fi
+$TEST $srcdir/aeadtests.txt

tests/evptest.sh

@@ -1,3 +1,7 @@
 #!/bin/sh
 set -e
-./evptest $srcdir/evptests.txt
+TEST=./evptest
+if [ -e ./evptest.exe ]; then
+	TEST=./evptest.exe
+fi
+$TEST $srcdir/evptests.txt

tests/pidwraptest.c

@@ -6,6 +6,7 @@
  * Original source: https://gist.github.com/AGWA/eb84e55ca25a7da1deb0
  */
 
+#undef LIBRESSL_INTERNAL
 #include <openssl/rand.h>
 #include <stdio.h>
 #include <stdlib.h>

tests/pq_test.sh

@@ -1,3 +1,7 @@
 #!/bin/sh
 set -e
-./pq_test | cmp $srcdir/pq_expected.txt -
+TEST=./pq_test
+if [ -e ./pq_test.exe ]; then
+	TEST=./pq_test.exe
+fi
+$TEST | diff -b $srcdir/pq_expected.txt -

tests/ssltest.sh

@@ -1,5 +1,19 @@
 #!/bin/sh
 set -e
-PATH=../apps:$PATH
-export PATH
-$srcdir/testssl $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem
+
+ssltest_bin=./ssltest
+if [ -e ./ssltest.exe ]; then
+	ssltest_bin=./ssltest.exe
+fi
+
+openssl_bin=../apps/openssl
+if [ -e ../apps/openssl.exe ]; then
+	openssl_bin=../apps/openssl.exe
+fi
+
+if [ -z $srcdir ]; then
+	srcdir=.
+fi
+
+$srcdir/testssl $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem \
+	$ssltest_bin $openssl_bin

tls/Makefile.am

@@ -0,0 +1,18 @@
+include $(top_srcdir)/Makefile.am.common
+
+if ENABLE_LIBTLS
+lib_LTLIBRARIES = libtls.la
+
+EXTRA_DIST = VERSION
+
+libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@
+libtls_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
+
+libtls_la_SOURCES = tls.c
+libtls_la_SOURCES += tls_client.c
+libtls_la_SOURCES += tls_config.c
+libtls_la_SOURCES += tls_server.c
+libtls_la_SOURCES += tls_util.c
+libtls_la_SOURCES += tls_verify.c
+noinst_HEADERS = tls_internal.h
+endif

update.sh

@@ -1,68 +1,67 @@
 #!/usr/bin/env bash
 set -e
 
-# resync this library with the upstream project, remove old submodule dirs
-if [ -d openbsd ]; then
-	(cd openbsd
-	 git checkout master
-	 git pull)
-else
+openbsd_branch=`cat OPENBSD_BRANCH`
+libressl_version=`cat VERSION`
+
+# pull in latest upstream code
+echo "pulling upstream openbsd source"
+if [ ! -d openbsd ]; then
 	if [ -z "$LIBRESSL_GIT" ]; then
 		git clone https://github.com/libressl-portable/openbsd.git
 	else
 		git clone $LIBRESSL_GIT/openbsd
 	fi
 fi
+(cd openbsd
+ git checkout $openbsd_branch
+ git pull --rebase)
 
+# setup source paths
 dir=`pwd`
-libssl_src=$dir/openbsd/src/lib/libssl
-libssl_regress=$dir/openbsd/src/regress/lib/libssl
 libc_src=$dir/openbsd/src/lib/libc
 libc_regress=$dir/openbsd/src/regress/lib/libc
 libcrypto_src=$dir/openbsd/src/lib/libcrypto
-openssl_cmd_src=$dir/openbsd/src/usr.sbin/openssl
 libcrypto_regress=$dir/openbsd/src/regress/lib/libcrypto
+libssl_src=$dir/openbsd/src/lib/libssl
+libssl_regress=$dir/openbsd/src/regress/lib/libssl
+libtls_src=$dir/openbsd/src/lib/libtls
+openssl_app_src=$dir/openbsd/src/usr.bin/openssl
 
-libressl_version=`cat VERSION`
+# load library versions
+source $libcrypto_src/crypto/shlib_version
+libcrypto_version=$major:$minor:0
+echo "libcrypto version $libcrypto_version"
+echo $libcrypto_version > crypto/VERSION
 
 source $libssl_src/ssl/shlib_version
 libssl_version=$major:$minor:0
-echo libssl version $libssl_version
+echo "libssl version $libssl_version"
+echo $libssl_version > ssl/VERSION
 
-source $libcrypto_src/crypto/shlib_version
-libcrypto_version=$major:$minor:0
-echo libcrypto version $libcrypto_version
-
-sed -e "s/VERSION/${libressl_version}/" configure.ac.tpl > configure.ac
+source $libtls_src/shlib_version
+libtls_version=$major:$minor:0
+echo "libtls version $libtls_version"
+echo $libtls_version > tls/VERSION
 
+do_mv() {
+	if ! cmp -s "$1" "$2"
+	then
+		mv "$1" "$2"
+	else
+		rm -f "$1"
+	fi
+}
 CP='cp -p'
-
-copy_src() {
-	mkdir -p $1
-	rm -f $1/*.c
-	for file in $2; do
-		$CP $libssl_src/src/$1/$file $1
-	done
-}
-
-copy_hdrs() {
-	for file in $2; do
-		$CP $libssl_src/src/$1/$file include/openssl
-	done
-}
-
-copy_crypto() {
-	copy_src crypto/$1 "$2"
-	crypto_subdirs="$crypto_subdirs $1"
-}
+MV='do_mv'
 
 $CP $libssl_src/src/LICENSE COPYING
-echo "Please see OpenBSD CVS logs" > ChangeLog
 
 $CP $libcrypto_src/crypto/arch/amd64/opensslconf.h include/openssl
 $CP $libssl_src/src/crypto/opensslfeatures.h include/openssl
 $CP $libssl_src/src/e_os2.h include/openssl
 $CP $libssl_src/src/ssl/pqueue.h include
+$CP $libtls_src/tls.h include
 
 for i in explicit_bzero.c strlcpy.c strlcat.c strndup.c strnlen.c \
 		timingsafe_bcmp.c timingsafe_memcmp.c; do
@@ -78,8 +77,14 @@ $CP $libcrypto_src/crypto/arc4random_*.h crypto/compat
 	perl objects.pl objects.txt obj_mac.num obj_mac.h;
 	perl obj_dat.pl obj_mac.h obj_dat.h )
 mkdir -p include/openssl crypto/objects
-mv $libssl_src/src/crypto/objects/obj_mac.h ./include/openssl/obj_mac.h
-mv $libssl_src/src/crypto/objects/obj_dat.h ./crypto/objects/obj_dat.h
+$MV $libssl_src/src/crypto/objects/obj_mac.h ./include/openssl/obj_mac.h
+$MV $libssl_src/src/crypto/objects/obj_dat.h ./crypto/objects/obj_dat.h
+
+copy_hdrs() {
+	for file in $2; do
+		$CP $libssl_src/src/$1/$file include/openssl
+	done
+}
 
 copy_hdrs crypto "stack/stack.h lhash/lhash.h stack/safestack.h opensslv.h
 	ossl_typ.h err/err.h crypto.h comp/comp.h x509/x509.h buffer/buffer.h
@@ -91,195 +96,89 @@ copy_hdrs crypto "stack/stack.h lhash/lhash.h stack/safestack.h opensslv.h
 	bio/bio.h cast/cast.h cmac/cmac.h conf/conf_api.h des/des.h dh/dh.h
 	dsa/dsa.h cms/cms.h engine/engine.h ui/ui.h pkcs12/pkcs12.h ts/ts.h
 	md4/md4.h ripemd/ripemd.h whrlpool/whrlpool.h idea/idea.h mdc2/mdc2.h
-	rc2/rc2.h rc4/rc4.h rc5/rc5.h ui/ui_compat.h txt_db/txt_db.h chacha/chacha.h evp/evp.h
-	poly1305/poly1305.h"
+	rc2/rc2.h rc4/rc4.h rc5/rc5.h ui/ui_compat.h txt_db/txt_db.h
+	chacha/chacha.h evp/evp.h poly1305/poly1305.h camellia/camellia.h
+	gost/gost.h"
 
 copy_hdrs ssl "srtp.h ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h"
 
-for i in ssl/srtp.h \
-	ssl/ssl_locl.h; do
-	$CP $libssl_src/src/$i ssl
+# copy libcrypto source
+echo copying libcrypto source
+rm -f crypto/*.c crypto/*.h
+for i in `awk '/SOURCES|HEADERS/ { print $3 }' crypto/Makefile.am` ; do
+	dir=`dirname $i`
+	mkdir -p crypto/$dir
+	if [ $dir != "compat" ]; then
+		if [ -e $libssl_src/src/crypto/$i ]; then
+			$CP $libssl_src/src/crypto/$i crypto/$i
+		fi
+	fi
+done
+$CP crypto/compat/b_win.c crypto/bio
+$CP crypto/compat/ui_openssl_win.c crypto/ui
+
+# generate assembly crypto algorithms
+asm_src=$libssl_src/src/crypto
+gen_asm_stdout() {
+	perl $asm_src/$2 $1 > $3.tmp
+	$MV $3.tmp $3
+}
+gen_asm() {
+	perl $asm_src/$2 $1 $3.tmp
+	$MV $3.tmp $3
+}
+for abi in elf macosx; do
+	echo generating ASM source for $abi
+	gen_asm_stdout $abi aes/asm/aes-x86_64.pl        crypto/aes/aes-$abi-x86_64.s
+	gen_asm_stdout $abi aes/asm/vpaes-x86_64.pl      crypto/aes/vpaes-$abi-x86_64.s
+	gen_asm_stdout $abi aes/asm/bsaes-x86_64.pl      crypto/aes/bsaes-$abi-x86_64.s
+	gen_asm_stdout $abi aes/asm/aesni-x86_64.pl      crypto/aes/aesni-$abi-x86_64.s
+	gen_asm_stdout $abi aes/asm/aesni-sha1-x86_64.pl crypto/aes/aesni-sha1-$abi-x86_64.s
+	gen_asm_stdout $abi bn/asm/modexp512-x86_64.pl   crypto/bn/modexp512-$abi-x86_64.s
+	gen_asm_stdout $abi bn/asm/x86_64-mont.pl        crypto/bn/mont-$abi-x86_64.s
+	gen_asm_stdout $abi bn/asm/x86_64-mont5.pl       crypto/bn/mont5-$abi-x86_64.s
+	gen_asm_stdout $abi bn/asm/x86_64-gf2m.pl        crypto/bn/gf2m-$abi-x86_64.s
+	gen_asm_stdout $abi camellia/asm/cmll-x86_64.pl  crypto/camellia/cmll-$abi-x86_64.s
+	gen_asm_stdout $abi md5/asm/md5-x86_64.pl        crypto/md5/md5-$abi-x86_64.s
+	gen_asm_stdout $abi modes/asm/ghash-x86_64.pl    crypto/modes/ghash-$abi-x86_64.s
+	gen_asm_stdout $abi rc4/asm/rc4-x86_64.pl        crypto/rc4/rc4-$abi-x86_64.s
+	gen_asm_stdout $abi rc4/asm/rc4-md5-x86_64.pl    crypto/rc4/rc4-md5-$abi-x86_64.s
+	gen_asm_stdout $abi sha/asm/sha1-x86_64.pl       crypto/sha/sha1-$abi-x86_64.s
+	gen_asm        $abi sha/asm/sha512-x86_64.pl     crypto/sha/sha256-$abi-x86_64.S
+	gen_asm        $abi sha/asm/sha512-x86_64.pl     crypto/sha/sha512-$abi-x86_64.S
+	gen_asm_stdout $abi whrlpool/asm/wp-x86_64.pl    crypto/whrlpool/wp-$abi-x86_64.s
+	gen_asm        $abi x86_64cpuid.pl               crypto/cpuid-$abi-x86_64.S
 done
 
-copy_src ssl "s3_meth.c s3_srvr.c s3_clnt.c s3_lib.c s3_enc.c s3_pkt.c
-	s3_both.c s23_meth.c s23_srvr.c s23_clnt.c s23_lib.c s23_pkt.c t1_meth.c
-	t1_srvr.c t1_clnt.c t1_lib.c t1_enc.c d1_meth.c d1_srvr.c d1_clnt.c
-	d1_lib.c d1_pkt.c d1_both.c d1_enc.c d1_srtp.c ssl_lib.c ssl_err2.c
-	ssl_cert.c ssl_sess.c ssl_ciph.c ssl_stat.c ssl_rsa.c ssl_asn1.c ssl_txt.c
-	ssl_algs.c bio_ssl.c ssl_err.c t1_reneg.c s3_cbc.c pqueue.c"
+# copy libtls source
+echo copying libtls source
+rm -f tls/*.c tls/*.h
+for i in `awk '/SOURCES|HEADERS/ { print $3 }' tls/Makefile.am` ; do
+	$CP $libtls_src/$i tls
+done
 
-copy_src crypto "cryptlib.h cryptlib.c malloc-wrapper.c mem_clr.c mem_dbg.c cversion.c
-	ex_data.c cpt_err.c o_time.c o_time.h o_str.c o_init.c md32_common.h"
+# copy openssl(1) source
+echo "copying openssl(1) source"
+$CP $libc_src/stdlib/strtonum.c apps
+$CP $libcrypto_src/openssl.cnf apps
+for i in `awk '/SOURCES|HEADERS/ { print $3 }' apps/Makefile.am` ; do
+	if [ -e $openssl_app_src/$i ]; then
+		$CP $openssl_app_src/$i apps
+	fi
+done
 
-copy_crypto aes "aes_cbc.c aes_core.c aes_misc.c aes_ecb.c aes_cfb.c aes_ofb.c aes_ctr.c
-	aes_ige.c aes_wrap.c aes_locl.h"
-
-copy_crypto asn1 "a_object.c a_bitstr.c a_utctm.c a_gentm.c a_time.c
-	a_int.c a_octet.c a_print.c a_type.c a_dup.c a_d2i_fp.c a_i2d_fp.c a_enum.c
-	a_utf8.c a_sign.c a_digest.c a_verify.c a_mbstr.c a_strex.c x_algor.c
-	x_val.c x_pubkey.c x_sig.c x_req.c x_attrib.c x_bignum.c x_long.c x_name.c
-	x_x509.c x_x509a.c x_crl.c x_info.c x_spki.c nsseq.c x_nx509.c d2i_pu.c
-	d2i_pr.c i2d_pu.c i2d_pr.c t_req.c t_x509.c t_x509a.c t_crl.c t_pkey.c
-	t_spki.c t_bitst.c tasn_new.c tasn_fre.c tasn_enc.c tasn_dec.c tasn_utl.c
-	tasn_typ.c tasn_prn.c ameth_lib.c f_int.c f_string.c n_pkey.c f_enum.c
-	x_pkey.c a_bool.c x_exten.c bio_asn1.c bio_ndef.c asn_mime.c asn1_gen.c
-	asn1_par.c asn1_lib.c asn1_err.c a_bytes.c a_strnid.c evp_asn1.c asn_pack.c
-	p5_pbe.c p5_pbev2.c p8_pkey.c asn_moid.c a_set.c asn1_locl.h charmap.h"
-
-copy_crypto bf "bf_skey.c bf_ecb.c bf_enc.c bf_cfb64.c bf_ofb64.c bf_locl.h bf_pi.h"
-
-copy_crypto bio "bio_lib.c bio_cb.c bio_err.c bss_mem.c bss_null.c bss_fd.c
-	bss_file.c bss_sock.c bss_conn.c bf_null.c bf_buff.c b_dump.c
-	b_sock.c bss_acpt.c bf_nbio.c bss_log.c bss_bio.c bss_dgram.c b_print.c"
-
-copy_crypto bn "bn_add.c bn_asm.c bn_div.c bn_exp.c bn_lib.c bn_ctx.c bn_mul.c
-	bn_mod.c bn_print.c bn_rand.c bn_shift.c bn_word.c bn_blind.c bn_kron.c
-	bn_sqrt.c bn_gcd.c bn_prime.c bn_err.c bn_sqr.c bn_recp.c bn_mont.c
-	bn_mpi.c bn_exp2.c bn_gf2m.c bn_nist.c bn_depr.c bn_const.c bn_x931p.c
-	bn_lcl.h bn_prime.h"
-
-copy_crypto buffer "buffer.c buf_err.c buf_str.c"
-
-copy_crypto cast "c_skey.c c_ecb.c c_enc.c c_cfb64.c c_ofb64.c cast_lcl.h
-	cast_s.h"
-
-copy_crypto chacha "chacha.c chacha-merged.c"
-
-copy_crypto cmac "cmac.c cm_ameth.c cm_pmeth.c"
-
-#copy_crypto cms "cms_lib.c cms_asn1.c cms_att.c cms_io.c cms_smime.c cms_err.c
-#	cms_sd.c cms_dd.c cms_cd.c cms_env.c cms_enc.c cms_ess.c cms_pwri.c cms.h cms_lcl.h"
-
-copy_crypto comp "comp_lib.c comp_err.c c_rle.c c_zlib.c"
-
-copy_crypto conf "conf_err.c conf_lib.c conf_api.c conf_def.c conf_mod.c
-	conf_mall.c conf_sap.c conf_def.h"
-
-copy_crypto des "cbc_cksm.c cbc_enc.c cfb64enc.c cfb_enc.c ecb3_enc.c
-	ecb_enc.c  enc_read.c enc_writ.c fcrypt.c fcrypt_b.c ofb64enc.c ofb_enc.c
-	pcbc_enc.c qud_cksm.c rand_key.c set_key.c xcbc_enc.c str2key.c
-	cfb64ede.c ofb64ede.c ede_cbcm_enc.c des_enc.c des_locl.h ncbc_enc.c
-	spr.h"
-
-copy_crypto dh "dh_asn1.c dh_gen.c dh_key.c dh_lib.c dh_check.c dh_err.c
-	dh_depr.c dh_ameth.c dh_pmeth.c dh_prn.c"
-
-copy_crypto dsa "dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c
-	dsa_sign.c dsa_err.c dsa_ossl.c dsa_depr.c dsa_ameth.c dsa_pmeth.c
-	dsa_prn.c dsa_locl.h"
-
-copy_crypto dso "dso_dlfcn.c dso_err.c dso_lib.c dso_null.c dso_openssl.c"
-
-copy_crypto ec "ec_lib.c ecp_smpl.c ecp_mont.c ecp_nist.c ec_cvt.c ec_mult.c
-	ec_err.c ec_curve.c ec_check.c ec_print.c ec_asn1.c ec_key.c ec2_smpl.c
-	ec2_mult.c ec_ameth.c ec_pmeth.c eck_prn.c ecp_oct.c ec2_oct.c ec_oct.c
-	ec_lcl.h"
-
-copy_crypto ecdh "ech_lib.c ech_ossl.c ech_key.c ech_err.c ech_locl.h"
-
-copy_crypto ecdsa "ecs_lib.c ecs_asn1.c ecs_ossl.c ecs_sign.c ecs_vrf.c
-	ecs_err.c ecs_locl.h"
-
-# Engine interface is disabled
-copy_crypto engine "eng_err.c eng_lib.c eng_list.c eng_init.c eng_ctrl.c
-	eng_table.c eng_pkey.c eng_fat.c eng_all.c tb_rsa.c tb_dsa.c tb_ecdsa.c
-	tb_dh.c tb_ecdh.c tb_rand.c tb_store.c tb_cipher.c tb_digest.c tb_pkmeth.c
-	tb_asnmth.c eng_openssl.c eng_cnf.c eng_dyn.c eng_rsax.c eng_int.h"
-
-copy_crypto err "err.c err_all.c err_prn.c"
-
-copy_crypto evp "encode.c digest.c evp_enc.c evp_key.c e_des.c e_bf.c
-	e_idea.c e_des3.c e_rc4.c e_aes.c names.c e_xcbc_d.c e_rc2.c e_cast.c
-	m_null.c m_md4.c m_md5.c m_sha.c m_sha1.c m_wp.c m_dss.c m_dss1.c m_mdc2.c
-	m_ripemd.c m_ecdsa.c p_open.c p_seal.c p_sign.c p_verify.c p_lib.c p_enc.c
-	p_dec.c bio_md.c bio_b64.c bio_enc.c evp_err.c e_null.c c_all.c c_allc.c
-	c_alld.c evp_lib.c evp_pkey.c evp_pbe.c p5_crpt.c p5_crpt2.c
-	e_old.c pmeth_lib.c pmeth_fn.c pmeth_gn.c m_sigver.c e_aes_cbc_hmac_sha1.c
-	e_rc4_hmac_md5.c evp_locl.h e_chacha.c evp_aead.c e_chacha20poly1305.c"
-
-copy_crypto hmac "hmac.c hm_ameth.c hm_pmeth.c"
-
-copy_crypto idea "i_cbc.c i_cfb64.c i_ofb64.c i_ecb.c i_skey.c idea_lcl.h"
-
-copy_crypto krb5 "krb5_asn.c"
-
-copy_crypto lhash "lhash.c lh_stats.c"
-
-copy_crypto md4 "md4_dgst.c md4_one.c md4_locl.h"
-
-copy_crypto md5 "md5_dgst.c md5_one.c md5_locl.h"
-
-copy_crypto mdc2 "mdc2dgst.c mdc2_one.c"
-
-copy_crypto modes "cbc128.c ctr128.c cts128.c cfb128.c ofb128.c gcm128.c
-	ccm128.c xts128.c modes_lcl.h"
-
-copy_crypto objects "o_names.c obj_dat.c obj_lib.c obj_err.c obj_xref.c obj_xref.h"
-
-copy_crypto ocsp "ocsp_asn.c ocsp_ext.c ocsp_ht.c ocsp_lib.c ocsp_cl.c
-	ocsp_srv.c ocsp_prn.c ocsp_vfy.c ocsp_err.c"
-
-copy_crypto pem "pem_sign.c pem_seal.c pem_info.c pem_lib.c pem_all.c pem_err.c
-	pem_x509.c pem_xaux.c pem_oth.c pem_pk8.c pem_pkey.c pvkfmt.c"
-
-copy_crypto pkcs12 "p12_add.c p12_asn.c p12_attr.c p12_crpt.c p12_crt.c
-	p12_decr.c p12_init.c p12_key.c p12_kiss.c p12_mutl.c p12_utl.c p12_npas.c
-	pk12err.c p12_p8d.c p12_p8e.c"
-
-copy_crypto pkcs7 "pk7_asn1.c pk7_lib.c pkcs7err.c pk7_doit.c pk7_smime.c
-	pk7_attr.c pk7_mime.c bio_pk7.c"
-
-copy_crypto poly1305 "poly1305-donna.c poly1305.c"
-
-copy_crypto rand "randfile.c rand_err.c rand_lib.c"
-
-copy_crypto rc2 "rc2_ecb.c rc2_skey.c rc2_cbc.c rc2cfb64.c rc2ofb64.c rc2_locl.h"
-
-copy_crypto rc4 "rc4_enc.c rc4_skey.c rc4_locl.h"
-
-copy_crypto ripemd "rmd_dgst.c rmd_one.c rmd_locl.h rmdconst.h"
-
-copy_crypto rsa "rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c
-	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_pss.c
-	rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c rsa_pmeth.c
-	rsa_crpt.c rsa_locl.h"
-
-copy_crypto sha "sha_dgst.c sha1dgst.c sha_one.c sha1_one.c sha256.c sha512.c sha_locl.h"
-
-copy_crypto stack "stack.c"
-
-copy_crypto ts "ts_err.c ts_req_utils.c ts_req_print.c ts_rsp_utils.c
-	ts_rsp_print.c ts_rsp_sign.c ts_rsp_verify.c ts_verify_ctx.c ts_lib.c
-	ts_conf.c ts_asn1.c"
-
-copy_crypto txt_db "txt_db.c"
-
-copy_crypto ui "ui_err.c ui_lib.c ui_openssl.c ui_util.c ui_locl.h"
-
-copy_crypto whrlpool "wp_block.c wp_dgst.c wp_locl.h"
-
-copy_crypto x509 "x509_def.c x509_d2.c x509_r2x.c x509_cmp.c x509_obj.c
-	x509_req.c x509spki.c x509_vfy.c x509_set.c x509cset.c x509rset.c
-	x509_err.c x509name.c x509_v3.c x509_ext.c x509_att.c x509type.c x509_lu.c
-	x_all.c x509_txt.c x509_trs.c by_file.c by_dir.c x509_vpm.c x509_lcl.h"
-
-copy_crypto x509v3 "v3_bcons.c v3_bitst.c v3_conf.c v3_extku.c v3_ia5.c v3_lib.c
-	v3_prn.c v3_utl.c v3err.c v3_genn.c v3_alt.c v3_skey.c v3_akey.c v3_pku.c
-	v3_int.c v3_enum.c v3_sxnet.c v3_cpols.c v3_crld.c v3_purp.c v3_info.c
-	v3_ocsp.c v3_akeya.c v3_pmaps.c v3_pcons.c v3_ncons.c v3_pcia.c v3_pci.c
-	pcy_cache.c pcy_node.c pcy_data.c pcy_map.c pcy_tree.c pcy_lib.c
-	pcy_int.h ext_dat.h"
-
-copy_src apps "apps.c apps.h asn1pars.c ca.c ciphers.c cms.c crl.c crl2p7.c
-	dgst.c dh.c dhparam.c dsa.c dsaparam.c ec.c ecparam.c enc.c engine.c
-	errstr.c gendh.c gendsa.c genpkey.c genrsa.c nseq.c ocsp.c openssl.c
-	openssl.cnf passwd.c pkcs12.c pkcs7.c pkcs8.c pkey.c pkeyparam.c pkeyutl.c
-	prime.c progs.h rand.c req.c rsa.c rsautl.c s_apps.h s_cb.c s_client.c
-	s_server.c s_socket.c s_time.c sess_id.c smime.c speed.c spkac.c
-	testdsa.h testrsa.h timeouts.h ts.c verify.c version.c x509.c"
+# copy libssl source
+echo "copying libssl source"
+rm -f ssl/*.c ssl/*.h
+for i in `awk '/SOURCES|HEADERS/ { print $3 }' ssl/Makefile.am` ; do
+	$CP $libssl_src/src/ssl/$i ssl
+done
 
+# copy libcrypto tests
+echo "copying tests"
+rm -f tests/biotest.c
 for i in aead/aeadtest.c aeswrap/aes_wrap.c base64/base64test.c bf/bftest.c \
-	bio/biotest.c bn/general/bntest.c bn/mont/mont.c \
+	bn/general/bntest.c bn/mont/mont.c \
 	cast/casttest.c chacha/chachatest.c cts128/cts128test.c \
 	des/destest.c dh/dhtest.c dsa/dsatest.c ec/ectest.c ecdh/ecdhtest.c \
 	ecdsa/ecdsatest.c engine/enginetest.c evp/evptest.c exp/exptest.c \
@@ -287,20 +186,26 @@ for i in aead/aeadtest.c aeswrap/aes_wrap.c base64/base64test.c bf/bftest.c \
 	md4/md4test.c md5/md5test.c mdc2/mdc2test.c poly1305/poly1305test.c \
 	pkcs7/pkcs7test.c pqueue/pq_test.c rand/randtest.c rc2/rc2test.c \
 	rc4/rc4test.c rmd/rmdtest.c sha/shatest.c sha1/sha1test.c \
-	sha256/sha256test.c sha512/sha512test.c utf8/utf8test.c; do
+	sha256/sha256test.c sha512/sha512test.c utf8/utf8test.c \
+	gost/gost2814789t.c ; do
 	 $CP $libcrypto_regress/$i tests
 done
+
+# copy libc tests
 $CP $libc_regress/arc4random-fork/arc4random-fork.c tests/arc4randomforktest.c
 $CP $libc_regress/explicit_bzero/explicit_bzero.c tests
 $CP $libc_regress/timingsafe/timingsafe.c tests
 
-for i in asn1/asn1test.c ssl/ssltest.c ssl/testssl certs/ca.pem certs/server.pem; do
-	$CP $libssl_regress/$i tests
-done
+# copy libssl tests
+$CP $libssl_regress/asn1/asn1test.c tests
+$CP $libssl_regress/ssl/testssl tests
+$CP $libssl_regress/ssl/ssltest.c tests
+$CP $libssl_regress/certs/ca.pem tests
+$CP $libssl_regress/certs/server.pem tests
 
+# setup test drivers
 # do not directly run all test programs
 test_drivers=(
-	biotest
 	aeadtest
 	evptest
 	pq_test
@@ -308,9 +213,9 @@ test_drivers=(
 	arc4randomforktest
 	pidwraptest
 )
-# disabled by-default tests
-tests_disabled=(
-	biotest
+tests_posix_only=(
+	arc4randomforktest
+	explicit_bzero
 	pidwraptest
 )
 $CP $libc_src/string/memmem.c tests/
@@ -319,15 +224,23 @@ $CP $libc_src/string/memmem.c tests/
 
 	for i in `ls -1 *.c|sort|grep -v memmem.c`; do
 		TEST=`echo $i|sed -e "s/\.c//"`
+		if [[ ${tests_posix_only[*]} =~ "$TEST" ]]; then
+			echo "if !HOST_WIN" >> Makefile.am
+		fi
 		if ! [[ ${test_drivers[*]} =~ "$TEST" ]]; then
 			echo "TESTS += $TEST" >> Makefile.am
 		fi
 		echo "check_PROGRAMS += $TEST" >> Makefile.am
 		echo "${TEST}_SOURCES = $i" >> Makefile.am
-		echo "${TEST}_LDADD = \$(top_builddir)/ssl/libssl.la" >> Makefile.am
-		echo "${TEST}_LDADD += \$(top_builddir)/crypto/libcrypto.la" >> Makefile.am
-	done
+		if [[ ${TEST} = "explicit_bzero" ]]; then
+			echo "if !HAVE_MEMMEM" >> Makefile.am
 			echo "explicit_bzero_SOURCES += memmem.c" >> Makefile.am
+			echo "endif" >> Makefile.am
+		fi
+		if [[ ${tests_posix_only[*]} =~ "$TEST" ]]; then
+			echo "endif" >> Makefile.am
+		fi
+	done
 )
 $CP $libcrypto_regress/evp/evptests.txt tests
 $CP $libcrypto_regress/aead/aeadtests.txt tests
@@ -335,9 +248,15 @@ $CP $libcrypto_regress/pqueue/expected.txt tests/pq_expected.txt
 chmod 755 tests/testssl
 for i in "${test_drivers[@]}"; do
 	if [ -e tests/${i}.sh ]; then
+		if [[ ${tests_posix_only[*]} =~ "$i" ]]; then
+			echo "if !HOST_WIN" >> tests/Makefile.am
+		fi
 		if ! [[ ${tests_disabled[*]} =~ "$i" ]]; then
 			echo "TESTS += ${i}.sh" >> tests/Makefile.am
 		fi
+		if [[ ${tests_posix_only[*]} =~ "$i" ]]; then
+			echo "endif" >> tests/Makefile.am
+		fi
 		echo "EXTRA_DIST += ${i}.sh" >> tests/Makefile.am
 	fi
 done
@@ -353,89 +272,61 @@ echo "EXTRA_DIST += testssl ca.pem server.pem" >> tests/Makefile.am
 	done
 )
 
-(cd ssl
-	sed -e "s/libssl-version/${libssl_version}/" Makefile.am.tpl > Makefile.am
-	for i in `ls -1 *.c|sort`; do
-		echo "libssl_la_SOURCES += $i" >> Makefile.am
-	done
-	for i in `ls -1 *.h|sort`; do
-		echo "noinst_HEADERS += $i" >> Makefile.am
-	done
-)
-
-# do not directly compile C files that are included in other C files
-crypto_excludes=(
-	des/ncbc_enc.c
-	chacha/chacha-merged.c
-	poly1305/poly1305-donna.c
-	)
-(cd crypto
-	sed -e "s/libcrypto-version/${libcrypto_version}/" Makefile.am.tpl > Makefile.am
-	for i in `ls -1 *.c|sort`; do
-		echo "libcrypto_la_SOURCES += $i" >> Makefile.am
-	done
-	for i in `ls -1 *.h|sort`; do
-		echo "noinst_HEADERS += $i" >> Makefile.am
-	done
-	for subdir in $crypto_subdirs; do
-		for i in `ls -1 $subdir/*.c|sort`; do
-			if ! [[ ${crypto_excludes[*]} =~ $i ]]; then
-				echo "libcrypto_la_SOURCES += $i" >> Makefile.am
-			fi
-		done
-		headers=`ls -1 $subdir/*.h 2>/dev/null |sort`
-		if [ "$headers" != "" ]; then
-			for i in $headers; do
-				echo "noinst_HEADERS += $i" >> Makefile.am
-			done
-		fi
-	done
-	for i in "${crypto_excludes[@]}"; do
-		echo "EXTRA_libcrypto_la_SOURCES += ${i}" >> Makefile.am
-	done
-)
-
-# conditional compiles
-$CP $libc_src/stdlib/strtonum.c apps/
-apps_excludes=(
-	strtonum.c
-	)
-(cd apps
-	$CP Makefile.am.tpl Makefile.am
-	for i in `ls -1 *.c|sort`; do
-		if ! [[ ${apps_excludes[*]} =~ $i ]]; then
-			echo "openssl_SOURCES += $i" >> Makefile.am
-		fi
-	done
-	for i in `ls -1 *.h|sort`; do
-		echo "noinst_HEADERS += $i" >> Makefile.am
-	done
-)
-
+echo "copying manpages"
+# copy manpages
 (cd man
 	$CP Makefile.am.tpl Makefile.am
-	for i in crypto,3 ssl,3 apps,1; do
-		IFS=","; set $i; unset IFS
-		for i in `ls -1 $libssl_src/src/doc/$1/*.pod | sort`; do
+
+	# update new-style manpages
+	for i in `ls -1 $libssl_src/src/doc/ssl/*.3 | sort`; do
+		NAME=`basename "$i"`
+		$CP $i .
+		echo "dist_man_MANS += $NAME" >> Makefile.am
+	done
+	$CP $openssl_app_src/openssl.1 .
+	echo "dist_man_MANS += openssl.1" >> Makefile.am
+	$CP $libtls_src/tls_init.3 .
+	echo "if ENABLE_LIBTLS" >> Makefile.am
+	echo "dist_man_MANS += tls_init.3" >> Makefile.am
+	echo "endif" >> Makefile.am
+
+	# convert remaining POD manpages
+	for i in `ls -1 $libssl_src/src/doc/crypto/*.pod | sort`; do
 		BASE=`echo $i|sed -e "s/\.pod//"`
 		NAME=`basename "$BASE"`
 		# reformat file if new
-			if [ ! -f $NAME.$2 -o $BASE.pod -nt $NAME.$2 -o ../VERSION -nt $NAME.$2 ]; then
+		if [ ! -f $NAME.3 -o $BASE.pod -nt $NAME.3 -o ../VERSION -nt $NAME.3 ]; then
 			echo processing $NAME
 			pod2man --official --release="LibreSSL $VERSION" --center=LibreSSL \
-					--section=$2 $POD2MAN --name=$NAME < $BASE.pod > $NAME.$2
+				--section=3 $POD2MAN --name=$NAME < $BASE.pod > $NAME.3
 		fi
-			echo "dist_man_MANS += $NAME.$2" >> Makefile.am
+		echo "dist_man_MANS += $NAME.3" >> Makefile.am
 	done
-	done
-
-	$CP $openssl_cmd_src/openssl.1 .
-	echo "dist_man_MANS += openssl.1" >> Makefile.am
 
 	echo "install-data-hook:" >> Makefile.am
 	source ./links
-	for i in $MLINKS; do
+	for i in $SSL_MLINKS; do
 		IFS=","; set $i; unset IFS
-		echo "	ln -f \$(DESTDIR)\$(mandir)/man3/$1 \$(DESTDIR)\$(mandir)/man3/$2" >> Makefile.am
+		echo "	ln -f \$(DESTDIR)\$(mandir)/man3/$1 \\" >> Makefile.am
+		echo "    \$(DESTDIR)\$(mandir)/man3/$2" >> Makefile.am
 	done
+	echo "if ENABLE_LIBTLS" >> Makefile.am
+	for i in $TLS_MLINKS; do
+		IFS=","; set $i; unset IFS
+		echo "	ln -f \$(DESTDIR)\$(mandir)/man3/$1 \\" >> Makefile.am
+		echo "    \$(DESTDIR)\$(mandir)/man3/$2" >> Makefile.am
+	done
+	echo "endif" >> Makefile.am
+	echo "" >> Makefile.am
+	echo "uninstall-local:" >> Makefile.am
+	for i in $SSL_MLINKS; do
+		IFS=","; set $i; unset IFS
+		echo "	-rm -f \$(DESTDIR)\$(mandir)/man3/$2" >> Makefile.am
+	done
+	echo "if ENABLE_LIBTLS" >> Makefile.am
+	for i in $TLS_MLINKS; do
+		IFS=","; set $i; unset IFS
+		echo "	rm -f \$(DESTDIR)\$(mandir)/man3/$2" >> Makefile.am
+	done
+	echo "endif" >> Makefile.am
 )