release note update for 2.2.1

Since it's now a foreign project in automake, we can use github markdown
in the README.

.gitignore

@@ -47,11 +47,13 @@ test-driver
 *.trs
 tests/aes_wrap*
 tests/arc4random_fork*
+tests/cipher*
 tests/explicit_bzero*
 tests/gost2814789t*
 tests/mont*
 tests/timingsafe*
 tests/*test
+tests/tests.h
 tests/*test.c
 tests/memmem.c
 tests/pbkdf2*
@@ -118,12 +120,14 @@ include/openssl/*.he
 !/crypto/compat/b_win.c
 !/crypto/compat/posix_win.c
 !/crypto/compat/bsd_asprintf.c
+!/crypto/compat/inet_pton.c
 !/crypto/compat/ui_openssl_win.c
 
 /libtls-standalone/include/*.h
 /libtls-standalone/src/*.c
 /libtls-standalone/src/*.h
 /libtls-standalone/src
+/libtls-standalone/tests/test
 /libtls-standalone/compat
 !/libtls-standalone/compat/Makefile.am
 /libtls-standalone/VERSION

ChangeLog

@@ -31,6 +31,22 @@ LibreSSL Portable Release Notes:
 This release primarily addresses a number of security issues in coordination
 with the OpenSSL project.
 
+2.2.1 - Build fixes, feature added, features removed
+
+	* Assorted build fixes for musl, HP-UX, Mingw, Solaris.
+
+	* Initial support for Windows 2009, 2003, XP
+
+	* Protocol parsing conversions to BoringSSL's CRYPTO ByteString (CBS) API
+
+	* Added EC_curve_nid2nist and EC_curve_nist2nid from OpenSSL
+
+	* Removed Dynamic Engine support
+
+	* Removed unused and obsolete MDC-2DES cipher
+
+	* Removed workarounds for obsolete SSL implementations
+
 2.2.0 - Build cleanups and new OS support, Security Updates
 
 	* AIX Support - thanks to Michael Felt

Makefile.am

@@ -4,4 +4,4 @@ ACLOCAL_AMFLAGS = -I m4
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc
 
-EXTRA_DIST = README README.windows VERSION config scripts
+EXTRA_DIST = README.md README.windows VERSION config scripts

README

@@ -1,87 +0,0 @@
-This package is the official portable version of LibreSSL
-	(http://www.libressl.org).
-
-LibreSSL is a fork of OpenSSL 1.0.1 developed by the OpenBSD project.
-    (http://www.openbsd.org).
-
-Compatibility with OpenSSL:
-
- LibreSSL is API compatible with OpenSSL 1.0.1, but does not yet include all
- new APIs from OpenSSL 1.0.2 and later. LibreSSL also includes APIs not yet
- present in OpenSSL. The current common API subset is OpenSSL 1.0.1.
-
- LibreSSL it is not ABI compatible with any release of OpenSSL, or necessarily
- earlier releases of LibreSSL. You will need to relink your programs to
- LibreSSL in order to use it, just as in moving between major versions of OpenSSL.
- LibreSSL's installed library version numbers are incremented to account for
- ABI and API changes.
-
-Compatibility with other operating systems:
-
- While primarily developed on and taking advantage of APIs available on OpenBSD,
- the LibreSSL portable project attempts to provide working alternatives for
- other operating systems, and assists with improving OS-native implementations
- where possible.
-
-At the time of this writing, LibreSSL is know to build and work on:
-
- - Linux (kernel 3.17 or later recommended)
- - FreeBSD (tested with 9.2 and later)
- - NetBSD (tested with 6.1.5)
- - HP-UX (11i)
- - Solaris (11 and later preferred)
- - Mac OS X (tested with 10.8 and later)
- - AIX (5.3 and later)
-
-LibreSSL also supports the following Windows environments:
- - Microsoft Windows (Vista or higher, x86 and x64)
- - Wine (32-bit and 64-bit)
- - Builds with Mingw-w64 and Cygwin
-
-Official release tarballs are available at your friendly neighborhood
-OpenBSD mirror in directory LibreSSL, e.g.:
-
-	http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/
-
-although we suggest that you use a mirror:
-
-	http://www.openbsd.org/ftp.html
-
-The LibreSSL portable build framework is also mirrored in Github:
-
-	https://github.com/libressl-portable/portable
-
-Please report bugs either to tech@openbsd.org, or to the github issue tracker:
-
-	https://github.com/libressl-portable/portable/issues
-
-If you have checked this source using Git, follow these initial steps to
-prepare the source tree for building:
-
- 1. ensure you have the following packages installed:
-	automake, autoconf, bash, git, libtool, perl, pod2man
- 2. run './autogen.sh' to prepare the source tree for building
-    or run './dist.sh' to prepare a tarball.
-
-Once you have a source tree from Git or FTP, run these commands to build and
-install the package on most systems.
-
-  ./configure   # see ./configure --help for configuration options
-  make check    # runs builtin unit tests
-  make install  # set DESTDIR= to install to an alternate location
-
-OS specific build information:
-
- - HP-UX (11i)
-   Set the UNIX_STD environment variable to '2003' before running 'configure'
-   in order to build with the HP C/aC++ compiler. See the "standards(5)" man
-   page for more details.
-
-    export UNIX_STD=2003
-    ./configure
-    make
-
- - Windows - Mingw-w64
-   LibreSSL builds against relatively recent versions of Mingw-w64, not to be
-   confused with the original mingw.org project.  Mingw-w64 3.2 or later
-   should work. See README.windows for more information

README.md

@@ -0,0 +1,98 @@
+![LibreSSL image](http://www.libressl.org/images/libressl.jpg)
+## Official portable version of [LibreSSL](http://www.libressl.org) ##
+
+LibreSSL is a fork of [OpenSSL](https://www.openssl.org) 1.0.1g developed by the
+[OpenBSD](http://www.openbsd.org) project.  Our goal is to modernize the codebase,
+improve security, and apply best practice development processes from OpenBSD.
+
+## Compatibility with OpenSSL: ##
+
+LibreSSL is API compatible with OpenSSL 1.0.1, but does not yet include all
+new APIs from OpenSSL 1.0.2 and later. LibreSSL also includes APIs not yet
+present in OpenSSL. The current common API subset is OpenSSL 1.0.1.
+
+LibreSSL it is not ABI compatible with any release of OpenSSL, or necessarily
+earlier releases of LibreSSL. You will need to relink your programs to
+LibreSSL in order to use it, just as in moving between major versions of OpenSSL.
+LibreSSL's installed library version numbers are incremented to account for
+ABI and API changes.
+
+## Compatibility with other operating systems: ##
+
+While primarily developed on and taking advantage of APIs available on OpenBSD,
+the LibreSSL portable project attempts to provide working alternatives for
+other operating systems, and assists with improving OS-native implementations
+where possible.
+
+At the time of this writing, LibreSSL is know to build and work on:
+
+* Linux (kernel 3.17 or later recommended)
+* FreeBSD (tested with 9.2 and later)
+* NetBSD (tested with 6.1.5)
+* HP-UX (11i)
+* Solaris (11 and later preferred)
+* Mac OS X (tested with 10.8 and later)
+* AIX (5.3 and later)
+
+LibreSSL also supports the following Windows environments:
+* Microsoft Windows (Vista or higher, x86 and x64)
+* Wine (32-bit and 64-bit)
+* Builds with Mingw-w64 and Cygwin
+
+Official release tarballs are available at your friendly neighborhood
+OpenBSD mirror in directory
+[LibreSSL](http://ftp.openbsd.org/pub/OpenBSD/LibreSSL/),
+although we suggest that you use a [mirror](http://www.openbsd.org/ftp.html).
+
+The LibreSSL portable build framework is also
+[mirrored](https://github.com/libressl-portable/portable) in Github.
+
+Please report bugs either to the public libressl@openbsd.org mailing list,
+or to the github
+[issue tracker](https://github.com/libressl-portable/portable/issues)
+
+Severe vulnerabilities or bugs requiring coordination with OpenSSL can be
+sent to the core team at libressl-security@openbsd.org.
+
+## Prerequisites when building from git ##
+
+If you have checked this source using Git, follow these initial steps to
+prepare the source tree for building:
+
+1. Ensure you have the following packages installed:
+   automake, autoconf, bash, git, libtool, perl, pod2man
+2. Run './autogen.sh' to prepare the source tree for building or
+   run './dist.sh' to prepare a tarball.
+
+## Building LibreSSL ##
+
+Once you have a source tree from Git or FTP, run these commands to build and
+install the package on most systems.
+
+```sh
+./configure   # see ./configure --help for configuration options
+make check    # runs builtin unit tests
+make install  # set DESTDIR= to install to an alternate location
+```
+
+### OS specific build information: ###
+
+#### HP-UX (11i) ####
+
+Set the UNIX_STD environment variable to '2003' before running 'configure'
+in order to build with the HP C/aC++ compiler. See the "standards(5)" man
+page for more details.
+
+```sh
+export UNIX_STD=2003
+./configure
+make
+```
+
+#### Windows - Mingw-w64 ####
+
+LibreSSL builds against relatively recent versions of Mingw-w64, not to be
+confused with the original mingw.org project.  Mingw-w64 3.2 or later
+should work. See README.windows for more information
+
+[![Build Status](https://travis-ci.org/libressl-portable/portable.svg?branch=master)](https://travis-ci.org/libressl-portable/portable)

VERSION

@@ -1 +1 @@
-2.2.0
+2.2.1

autogen.sh

@@ -4,3 +4,8 @@ set -e
 ./update.sh
 mkdir -p m4
 autoreconf -i -f
+
+# Patch libtool 2.4.2 to pass -fstack-protector as a linker argument
+sed 's/-fuse-linker-plugin)/-fuse-linker-plugin|-fstack-protector*)/' \
+  ltmain.sh > ltmain.sh.fixed
+mv -f ltmain.sh.fixed ltmain.sh

configure.ac

@@ -18,7 +18,7 @@ AC_SUBST([LIBSSL_VERSION], m4_esyscmd([tr -d '\n' < ssl/VERSION]))
 AC_SUBST([LIBTLS_VERSION], m4_esyscmd([tr -d '\n' < tls/VERSION]))
 
 AC_CANONICAL_HOST
-AM_INIT_AUTOMAKE([subdir-objects])
+AM_INIT_AUTOMAKE([subdir-objects foreign])
 AC_CONFIG_MACRO_DIR([m4])
 
 m4_ifdef([AM_SILENT_RULES], [AM_SILENT_RULES([yes])])

crypto/Makefile.am

@@ -53,6 +53,10 @@ if !HAVE_ASPRINTF
 libcompat_la_SOURCES += compat/bsd-asprintf.c
 endif
 
+if !HAVE_INET_PTON
+libcompat_la_SOURCES += compat/inet_pton.c
+endif
+
 if !HAVE_REALLOCARRAY
 libcompat_la_SOURCES += compat/reallocarray.c
 endif
@@ -480,7 +484,6 @@ libcrypto_la_SOURCES += evp/m_gost2814789.c
 libcrypto_la_SOURCES += evp/m_gostr341194.c
 libcrypto_la_SOURCES += evp/m_md4.c
 libcrypto_la_SOURCES += evp/m_md5.c
-libcrypto_la_SOURCES += evp/m_mdc2.c
 libcrypto_la_SOURCES += evp/m_null.c
 libcrypto_la_SOURCES += evp/m_ripemd.c
 libcrypto_la_SOURCES += evp/m_sha.c
@@ -552,10 +555,6 @@ libcrypto_la_SOURCES += md5/md5_dgst.c
 libcrypto_la_SOURCES += md5/md5_one.c
 noinst_HEADERS += md5/md5_locl.h
 
-# mdc2
-libcrypto_la_SOURCES += mdc2/mdc2_one.c
-libcrypto_la_SOURCES += mdc2/mdc2dgst.c
-
 # modes
 libcrypto_la_SOURCES += modes/cbc128.c
 libcrypto_la_SOURCES += modes/ccm128.c

crypto/compat/inet_pton.c

@@ -0,0 +1,212 @@
+/*	$OpenBSD: inet_pton.c,v 1.9 2015/01/16 16:48:51 deraadt Exp $	*/
+
+/* Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+#include <sys/types.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <arpa/nameser.h>
+#include <string.h>
+#include <errno.h>
+
+/*
+ * WARNING: Don't even consider trying to compile this on a system where
+ * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
+ */
+
+static int	inet_pton4(const char *src, u_char *dst);
+static int	inet_pton6(const char *src, u_char *dst);
+
+/* int
+ * inet_pton(af, src, dst)
+ *	convert from presentation format (which usually means ASCII printable)
+ *	to network format (which is usually some kind of binary format).
+ * return:
+ *	1 if the address was valid for the specified address family
+ *	0 if the address wasn't valid (`dst' is untouched in this case)
+ *	-1 if some other error occurred (`dst' is untouched in this case, too)
+ * author:
+ *	Paul Vixie, 1996.
+ */
+int
+inet_pton(int af, const char *src, void *dst)
+{
+	switch (af) {
+	case AF_INET:
+		return (inet_pton4(src, dst));
+	case AF_INET6:
+		return (inet_pton6(src, dst));
+	default:
+		errno = EAFNOSUPPORT;
+		return (-1);
+	}
+	/* NOTREACHED */
+}
+
+/* int
+ * inet_pton4(src, dst)
+ *	like inet_aton() but without all the hexadecimal and shorthand.
+ * return:
+ *	1 if `src' is a valid dotted quad, else 0.
+ * notice:
+ *	does not touch `dst' unless it's returning 1.
+ * author:
+ *	Paul Vixie, 1996.
+ */
+static int
+inet_pton4(const char *src, u_char *dst)
+{
+	static const char digits[] = "0123456789";
+	int saw_digit, octets, ch;
+	u_char tmp[INADDRSZ], *tp;
+
+	saw_digit = 0;
+	octets = 0;
+	*(tp = tmp) = 0;
+	while ((ch = *src++) != '\0') {
+		const char *pch;
+
+		if ((pch = strchr(digits, ch)) != NULL) {
+			u_int new = *tp * 10 + (pch - digits);
+
+			if (new > 255)
+				return (0);
+			if (! saw_digit) {
+				if (++octets > 4)
+					return (0);
+				saw_digit = 1;
+			}
+			*tp = new;
+		} else if (ch == '.' && saw_digit) {
+			if (octets == 4)
+				return (0);
+			*++tp = 0;
+			saw_digit = 0;
+		} else
+			return (0);
+	}
+	if (octets < 4)
+		return (0);
+
+	memcpy(dst, tmp, INADDRSZ);
+	return (1);
+}
+
+/* int
+ * inet_pton6(src, dst)
+ *	convert presentation level address to network order binary form.
+ * return:
+ *	1 if `src' is a valid [RFC1884 2.2] address, else 0.
+ * notice:
+ *	does not touch `dst' unless it's returning 1.
+ * credit:
+ *	inspired by Mark Andrews.
+ * author:
+ *	Paul Vixie, 1996.
+ */
+static int
+inet_pton6(const char *src, u_char *dst)
+{
+	static const char xdigits_l[] = "0123456789abcdef",
+			  xdigits_u[] = "0123456789ABCDEF";
+	u_char tmp[IN6ADDRSZ], *tp, *endp, *colonp;
+	const char *xdigits, *curtok;
+	int ch, saw_xdigit, count_xdigit;
+	u_int val;
+
+	memset((tp = tmp), '\0', IN6ADDRSZ);
+	endp = tp + IN6ADDRSZ;
+	colonp = NULL;
+	/* Leading :: requires some special handling. */
+	if (*src == ':')
+		if (*++src != ':')
+			return (0);
+	curtok = src;
+	saw_xdigit = count_xdigit = 0;
+	val = 0;
+	while ((ch = *src++) != '\0') {
+		const char *pch;
+
+		if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL)
+			pch = strchr((xdigits = xdigits_u), ch);
+		if (pch != NULL) {
+			if (count_xdigit >= 4)
+				return (0);
+			val <<= 4;
+			val |= (pch - xdigits);
+			if (val > 0xffff)
+				return (0);
+			saw_xdigit = 1;
+			count_xdigit++;
+			continue;
+		}
+		if (ch == ':') {
+			curtok = src;
+			if (!saw_xdigit) {
+				if (colonp)
+					return (0);
+				colonp = tp;
+				continue;
+			} else if (*src == '\0') {
+				return (0);
+			}
+			if (tp + INT16SZ > endp)
+				return (0);
+			*tp++ = (u_char) (val >> 8) & 0xff;
+			*tp++ = (u_char) val & 0xff;
+			saw_xdigit = 0;
+			count_xdigit = 0;
+			val = 0;
+			continue;
+		}
+		if (ch == '.' && ((tp + INADDRSZ) <= endp) &&
+		    inet_pton4(curtok, tp) > 0) {
+			tp += INADDRSZ;
+			saw_xdigit = 0;
+			count_xdigit = 0;
+			break;	/* '\0' was seen by inet_pton4(). */
+		}
+		return (0);
+	}
+	if (saw_xdigit) {
+		if (tp + INT16SZ > endp)
+			return (0);
+		*tp++ = (u_char) (val >> 8) & 0xff;
+		*tp++ = (u_char) val & 0xff;
+	}
+	if (colonp != NULL) {
+		/*
+		 * Since some memmove()'s erroneously fail to handle
+		 * overlapping regions, we'll do the shift by hand.
+		 */
+		const int n = tp - colonp;
+		int i;
+
+		if (tp == endp)
+			return (0);
+		for (i = 1; i <= n; i++) {
+			endp[- i] = colonp[n - i];
+			colonp[n - i] = 0;
+		}
+		tp = endp;
+	}
+	if (tp != endp)
+		return (0);
+	memcpy(dst, tmp, IN6ADDRSZ);
+	return (1);
+}

crypto/compat/posix_win.c

@@ -13,6 +13,7 @@
 
 #include <errno.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <unistd.h>
 
@@ -40,7 +41,7 @@ posix_fopen(const char *path, const char *mode)
 int
 posix_rename(const char *oldpath, const char *newpath)
 {
-	MoveFileEx(oldpath, newpath, MOVEFILE_REPLACE_EXISTING) ? 0 : -1;
+	return MoveFileEx(oldpath, newpath, MOVEFILE_REPLACE_EXISTING) ? 0 : -1;
 }
 
 static int

include/Makefile.am

@@ -14,6 +14,7 @@ noinst_HEADERS += unistd.h
 noinst_HEADERS += win32netcompat.h
 
 noinst_HEADERS += arpa/inet.h
+noinst_HEADERS += arpa/nameser.h
 
 noinst_HEADERS += machine/endian.h
 

include/arpa/inet.h

@@ -7,4 +7,13 @@
 #include_next <arpa/inet.h>
 #else
 #include <win32netcompat.h>
+
+#ifndef AI_ADDRCONFIG
+#define AI_ADDRCONFIG               0x00000400
+#endif
+
+#endif
+
+#ifndef HAVE_INET_PTON
+int inet_pton(int af, const char * restrict src, void * restrict dst);
 #endif

include/arpa/nameser.h

@@ -0,0 +1,23 @@
+/*
+ * Public domain
+ * arpa/inet.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <arpa/nameser.h>
+#else
+#include <win32netcompat.h>
+
+#ifndef INADDRSZ
+#define INADDRSZ 4
+#endif
+
+#ifndef IN6ADDRSZ
+#define IN6ADDRSZ 16
+#endif
+
+#ifndef INT16SZ
+#define INT16SZ	2
+#endif
+
+#endif

libtls-standalone/VERSION

@@ -1 +1 @@
-3.1.0
+4.0.0

m4/check-hardening-options.m4

@@ -94,7 +94,9 @@ AC_DEFUN([CHECK_C_HARDENING_OPTIONS], [
 					AC_MSG_WARN([compiler does not appear to support stack protection])
 				)
 			)
-			AC_SEARCH_LIBS([__stack_chk_guard],[ssp])
+			AS_IF([test "x$HOST_OS" = "xwin"], [
+				AC_SEARCH_LIBS([__stack_chk_guard],[ssp])
+			])
 		])
 	])
 

m4/check-libc.m4

@@ -1,8 +1,9 @@
 AC_DEFUN([CHECK_LIBC_COMPAT], [
 # Check for general libc functions
-AC_CHECK_FUNCS([asprintf memmem poll reallocarray])
+AC_CHECK_FUNCS([asprintf inet_pton memmem poll reallocarray])
 AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
 AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
+AM_CONDITIONAL([HAVE_INET_PTON], [test "x$ac_cv_func_inet_pton" = xyes])
 AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
 AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
 AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])

m4/check-os-options.m4

@@ -50,7 +50,7 @@ case $host_os in
 		HOST_OS=win
 		CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
 		CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
-		CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600"
+		CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501"
 		CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG"
 		CFLAGS="$CFLAGS -static-libgcc"
 		LDFLAGS="$LDFLAGS -static-libgcc"

patches/tls.h.patch

@@ -1,25 +0,0 @@
---- include/tls.h.orig	2015-05-23 19:18:30.002576267 -0500
-+++ include/tls.h	2015-05-23 19:18:09.830576581 -0500
-@@ -18,6 +18,13 @@
- #ifndef HEADER_TLS_H
- #define HEADER_TLS_H
- 
-+#ifdef __cplusplus
-+extern "C" {
-+#endif
-+
-+#include <stddef.h>
-+#include <stdint.h>
-+
- #define TLS_API	20141031
- 
- #define TLS_PROTOCOL_TLSv1_0	(1 << 1)
-@@ -88,4 +95,8 @@
- 
- uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);
- 
-+#ifdef __cplusplus
-+}
-+#endif
-+
- #endif /* HEADER_TLS_H */

tests/Makefile.am

@@ -78,6 +78,12 @@ TESTS += chachatest
 check_PROGRAMS += chachatest
 chachatest_SOURCES = chachatest.c
 
+# cipher_list
+TESTS += cipher_list
+check_PROGRAMS += cipher_list
+cipher_list_SOURCES = cipher_list.c
+noinst_HEADERS = tests.h
+
 # cipherstest
 TESTS += cipherstest
 check_PROGRAMS += cipherstest
@@ -183,11 +189,6 @@ TESTS += md5test
 check_PROGRAMS += md5test
 md5test_SOURCES = md5test.c
 
-# mdc2test
-TESTS += mdc2test
-check_PROGRAMS += mdc2test
-mdc2test_SOURCES = mdc2test.c
-
 # mont
 TESTS += mont
 check_PROGRAMS += mont

update.sh

@@ -63,9 +63,8 @@ $CP $libssl_src/src/crypto/opensslfeatures.h include/openssl
 $CP $libssl_src/src/e_os2.h include/openssl
 $CP $libssl_src/src/ssl/pqueue.h include
 
-$CP $libtls_src/tls.h include/tls.h
-patch -p0 < patches/tls.h.patch
-$CP include/tls.h libtls-standalone/include
+$CP $libtls_src/tls.h include
+$CP $libtls_src/tls.h libtls-standalone/include
 
 for i in crypto/compat libtls-standalone/compat; do
 	$CP $libc_src/crypt/arc4random.c \
@@ -114,7 +113,7 @@ copy_hdrs crypto "stack/stack.h lhash/lhash.h stack/safestack.h
 	aes/aes.h modes/modes.h asn1/asn1t.h dso/dso.h bf/blowfish.h
 	bio/bio.h cast/cast.h cmac/cmac.h conf/conf_api.h des/des.h dh/dh.h
 	dsa/dsa.h cms/cms.h engine/engine.h ui/ui.h pkcs12/pkcs12.h ts/ts.h
-	md4/md4.h ripemd/ripemd.h whrlpool/whrlpool.h idea/idea.h mdc2/mdc2.h
+	md4/md4.h ripemd/ripemd.h whrlpool/whrlpool.h idea/idea.h
 	rc2/rc2.h rc4/rc4.h ui/ui_compat.h txt_db/txt_db.h
 	chacha/chacha.h evp/evp.h poly1305/poly1305.h camellia/camellia.h
 	gost/gost.h"
@@ -239,6 +238,7 @@ $CP $libssl_regress/ssl/testssl tests
 for i in `find $libssl_regress -name '*.c'`; do
 	 $CP "$i" tests
 done
+$CP $libssl_regress/unit/tests.h tests
 $CP $libssl_regress/certs/ca.pem tests
 $CP $libssl_regress/certs/server.pem tests