disable strict aliasing on HP-UX C/aC++ compiler

to disable strict aliasing on HP-UX C/aC++, `+Otype_safety=off` is right.
`+Otype_safety=strong` forces ANSI aliasing.

.gitignore

@@ -93,9 +93,11 @@ stamp-h2
 
 include/openssl/Makefile.am
 
+VERSION
 crypto/VERSION
 ssl/VERSION
 tls/VERSION
+libtls-standalone/VERSION
 
 ssl/*.c
 ssl/*.h
@@ -118,10 +120,12 @@ include/openssl/*.he
 !/crypto/Makefile.am.*
 !/crypto/compat/arc4random.h
 !/crypto/compat/b_win.c
+!/crypto/compat/explicit_bzero_win.c
 !/crypto/compat/posix_win.c
 !/crypto/compat/bsd_asprintf.c
 !/crypto/compat/inet_pton.c
 !/crypto/compat/ui_openssl_win.c
+!/crypto/CMakeLists.txt
 
 /libtls-standalone/include/*.h
 /libtls-standalone/src/*.c

CMakeLists.txt

@@ -0,0 +1,152 @@
+cmake_minimum_required (VERSION 2.8)
+include(CheckFunctionExists)
+include(CheckIncludeFiles)
+
+project (LibreSSL)
+
+enable_testing()
+
+if(CMAKE_SYSTEM_NAME MATCHES "OpenBSD")
+	add_definitions(-DHAVE_ATTRIBUTE__BOUNDED__)
+endif()
+
+if(CMAKE_SYSTEM_NAME MATCHES "Linux")
+	add_definitions(-D_DEFAULT_SOURCE)
+	add_definitions(-D_BSD_SOURCE)
+	add_definitions(-D_POSIX_SOURCE)
+	add_definitions(-D_GNU_SOURCE)
+endif()
+
+add_definitions(-DLIBRESSL_INTERNAL)
+add_definitions(-DOPENSSL_NO_HW_PADLOCK)
+add_definitions(-DOPENSSL_NO_ASM)
+
+if (CMAKE_COMPILER_IS_GNUCC OR CMAKE_C_COMPILER_ID MATCHES "Clang")
+	add_definitions(-Wno-pointer-sign)
+endif()
+
+if(MSVC)
+	add_definitions(-Dinline=__inline)
+	add_definitions(-Drestrict)
+	add_definitions(-D_CRT_SECURE_NO_WARNINGS)
+	add_definitions(-D_CRT_DEPRECATED_NO_WARNINGS)
+	add_definitions(-D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS)
+	add_definitions(-DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501)
+	add_definitions(-DCPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG -DNO_CRYPT)
+
+	set(MSVC_DISABLED_WARNINGS_LIST
+		"C4057" # C4057: 'initializing' : 'unsigned char *' differs in
+		        # indirection to slightly different base types from 'char [2]'
+		"C4100" # 'exarg' : unreferenced formal parameter
+		"C4127" # conditional expression is constant
+		"C4242" # 'function' : conversion from 'int' to 'uint8_t',
+		        # possible loss of data
+		"C4244" # 'function' : conversion from 'int' to 'uint8_t',
+		        # possible loss of data
+		"C4706" # assignment within conditional expression
+		"C4820" # 'bytes' bytes padding added after construct 'member_name'
+		"C4996" # 'read': The POSIX name for this item is deprecated. Instead,
+		        # use the ISO C++ conformant name: _read.
+	)
+	string(REPLACE "C" " -wd" MSVC_DISABLED_WARNINGS_STR
+		${MSVC_DISABLED_WARNINGS_LIST})
+	set(CMAKE_C_FLAGS  "-MP -W4 ${MSVC_DISABLED_WARNINGS_STR}")
+endif()
+
+check_function_exists(asprintf HAVE_ASPRINTF)
+if(HAVE_ASPRINTF)
+	add_definitions(-DHAVE_ASPRINTF)
+endif()
+
+check_function_exists(inet_pton HAVE_INET_PTON)
+if(HAVE_INET_PTON)
+	add_definitions(-DHAVE_INET_PTON)
+endif()
+
+check_function_exists(reallocarray HAVE_REALLOCARRAY)
+if(HAVE_REALLOCARRAY)
+	add_definitions(-DHAVE_REALLOCARRAY)
+endif()
+
+check_function_exists(strcasecmp HAVE_STRCASECMP)
+if(HAVE_STRCASECMP)
+	add_definitions(-DHAVE_STRCASECMP)
+endif()
+
+check_function_exists(strlcat HAVE_STRLCAT)
+if(HAVE_STRLCAT)
+	add_definitions(-DHAVE_STRLCAT)
+endif()
+
+check_function_exists(strlcat HAVE_STRLCPY)
+if(HAVE_STRLCPY)
+	add_definitions(-DHAVE_STRLCPY)
+endif()
+
+check_function_exists(strndup HAVE_STRNDUP)
+if(HAVE_STRNDUP)
+	add_definitions(-DHAVE_STRNDUP)
+endif()
+
+if(MSVC)
+	set(HAVE_STRNLEN)
+	add_definitions(-DHAVE_STRNLEN)
+else()
+	check_function_exists(strnlen HAVE_STRNLEN)
+	if(HAVE_STRNLEN)
+		add_definitions(-DHAVE_STRNLEN)
+	endif()
+endif()
+
+check_function_exists(strsep HAVE_STRSEP)
+if(HAVE_STRSEP)
+	add_definitions(-DHAVE_STRSEP)
+endif()
+
+check_function_exists(arc4random_buf HAVE_ARC4RANDOM_BUF)
+if(HAVE_ARC4RANDOM_BUF)
+	add_definitions(-DHAVE_ARC4RANDOM_BUF)
+endif()
+
+check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
+if(HAVE_EXPLICIT_BZERO)
+	add_definitions(-DHAVE_EXPLICIT_BZERO)
+endif()
+
+check_function_exists(getauxval HAVE_GETAUXVAL)
+if(HAVE_GETAUXVAL)
+	add_definitions(-DHAVE_GETAUXVAL)
+endif()
+
+check_function_exists(getentropy HAVE_GETENTROPY)
+if(HAVE_GETENTROPY)
+	add_definitions(-DHAVE_GETENTROPY)
+endif()
+
+check_function_exists(timingsafe_bcmp HAVE_TIMINGSAFE_BCMP)
+if(HAVE_TIMINGSAFE_BCMP)
+	add_definitions(-DHAVE_TIMINGSAFE_BCMP)
+endif()
+
+check_function_exists(timingsafe_memcmp HAVE_TIMINGSAFE_MEMCMP)
+if(HAVE_MEMCMP)
+	add_definitions(-DHAVE_MEMCMP)
+endif()
+
+check_include_files(err.h HAVE_ERR_H)
+if(HAVE_ERR_H)
+	add_definitions(-DHAVE_ERR_H)
+endif()
+
+set(OPENSSL_LIBS ssl crypto)
+if(CMAKE_HOST_WIN32)
+	set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
+endif()
+
+add_subdirectory(crypto)
+add_subdirectory(ssl)
+add_subdirectory(apps)
+add_subdirectory(tls)
+if(NOT MSVC)
+	add_subdirectory(tests)
+endif()

ChangeLog

@@ -28,14 +28,63 @@ history is also available from Git.
 
 LibreSSL Portable Release Notes:
 
-This release primarily addresses a number of security issues in coordination
-with the OpenSSL project.
+2.2.2 - More TLS parser rework, bug fixes, expanded portable build support
+
+	* Switched 'openssl dhparam' default from 512 to 2048 bits
+
+	* Reworked openssl(1) option handling
+
+	* More CRYPTO ByteString (CBC) packet parsing conversions
+
+	* Fixed 'openssl pkeyutl -verify' to exit with a 0 on success
+
+	* Fixed dozens of Coverity issues including dead code, memory leaks,
+	  logic errors and more.
+
+	* Ensure that openssl(1) restores terminal echo state after reading a
+	  password.
+
+	* Incorporated fix for OpenSSL Issue #3683
+
+	* LibreSSL version define LIBRESSL_VERSION_NUMBER will now be bumped
+	  for each portable release.
+
+	* Removed workarounds for TLS client padding bugs.
+
+	* No longer disable ECDHE-ECDSA on OS X
+
+	* Removed SSLv3 support from openssl(1)
+
+	* Removed IE 6 SSLv3 workarounds.
+
+	* Modified tls_write in libtls to allow partial writes, clarified with
+	  examples in the documentation.
+
+	* Removed RSAX engine
+
+	* Tested SSLv3 removal with the OpenBSD ports tree and found several
+	  applications that were not ready to build without SSLv3 yet. For
+	  now, building a program that intentionally uses SSLv3 will result in
+	  a linker warning.
+
+	* Added TLS_method, TLS_client_method and TLS_server_method as a
+	  replacement for the SSLv23_*method calls.
+
+	* Added initial cmake build support, including support for building with
+	  Visual Studio, currently tested with Visual Studio 2013 Community
+	  Edition.
+
+	* --with-enginesdir is removed as a configuration parameter
+
+	* Default cert.pem, openssl.cnf, and x509v3.cnf files are now
+	  installed under $sysconfdir/ssl or the directory specified by
+	  --with-openssldir. Previous versions of LibreSSL left these empty.
 
 2.2.1 - Build fixes, feature added, features removed
 
 	* Assorted build fixes for musl, HP-UX, Mingw, Solaris.
 
-	* Initial support for Windows 2009, 2003, XP
+	* Initial support for Windows Embedded 2009, Server 2003, XP
 
 	* Protocol parsing conversions to BoringSSL's CRYPTO ByteString (CBS) API
 

Makefile.am

@@ -5,3 +5,4 @@ pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc
 
 EXTRA_DIST = README.md README.windows VERSION config scripts
+EXTRA_DIST += CMakeLists.txt

Makefile.am.common

@@ -1,2 +1,2 @@
-AM_CFLAGS = -I$(top_srcdir)/include
+AM_CFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/include/compat
 AM_CPPFLAGS = -DLIBRESSL_INTERNAL

README.md

@@ -1,6 +1,8 @@
 ![LibreSSL image](http://www.libressl.org/images/libressl.jpg)
 ## Official portable version of [LibreSSL](http://www.libressl.org) ##
 
+[![Build Status](https://travis-ci.org/libressl-portable/portable.svg?branch=master)](https://travis-ci.org/libressl-portable/portable)
+
 LibreSSL is a fork of [OpenSSL](https://www.openssl.org) 1.0.1g developed by the
 [OpenBSD](http://www.openbsd.org) project.  Our goal is to modernize the codebase,
 improve security, and apply best practice development processes from OpenBSD.
@@ -35,9 +37,9 @@ At the time of this writing, LibreSSL is know to build and work on:
 * AIX (5.3 and later)
 
 LibreSSL also supports the following Windows environments:
-* Microsoft Windows (Vista or higher, x86 and x64)
+* Microsoft Windows (XP or higher, x86 and x64)
 * Wine (32-bit and 64-bit)
-* Builds with Mingw-w64 and Cygwin
+* Builds with Mingw-w64, Cygwin, and Visual Studio
 
 Official release tarballs are available at your friendly neighborhood
 OpenBSD mirror in directory
@@ -67,7 +69,7 @@ prepare the source tree for building:
 ## Building LibreSSL ##
 
 Once you have a source tree from Git or FTP, run these commands to build and
-install the package on most systems.
+install the package on most systems:
 
 ```sh
 ./configure   # see ./configure --help for configuration options
@@ -75,6 +77,26 @@ make check    # runs builtin unit tests
 make install  # set DESTDIR= to install to an alternate location
 ```
 
+If you wish to use the CMake build system, use these commands:
+
+```sh
+mkdir build
+cd build
+cmake ..
+make
+make test
+```
+
+For faster builds, you can use Ninja as well:
+
+```sh
+mkdir build-ninja
+cd build-ninja
+cmake -G"Ninja" ..
+ninja
+ninja test
+```
+
 ### OS specific build information: ###
 
 #### HP-UX (11i) ####
@@ -95,4 +117,17 @@ LibreSSL builds against relatively recent versions of Mingw-w64, not to be
 confused with the original mingw.org project.  Mingw-w64 3.2 or later
 should work. See README.windows for more information
 
-[![Build Status](https://travis-ci.org/libressl-portable/portable.svg?branch=master)](https://travis-ci.org/libressl-portable/portable)
+#### Windows - Visual Studio ####
+
+LibreSSL builds using the CMake target "Visual Studio 12 2013", and may build
+against older/newer targets as well. To generate a Visual Studio project,
+install CMake, enter the LibreSSL source directory and run:
+
+```sh
+ mkdir build-vs2013
+ cd build-vs2013
+ cmake -G"Visual Studio 12 2013" ..
+```
+
+This will generate a LibreSSL.sln file that you can incorporate into other
+projects or build by itself.

README.windows

@@ -40,3 +40,7 @@ Pre-built Windows binaries are available with LibreSSL releases if you do not
 have a mingw-w64 build environment. Mingw-w64 code is largely, but not 100%,
 compatible with code built from Visual Studio. Notably, FILE * pointers cannot
 be shared between code built for Mingw-w64 and Visual Studio.
+
+As of LibreSSL 2.2.2, Visual Studio Native builds can be produced using CMake.
+This produces ABI-compatible libraries for linking with native code generated
+by Visual Studio.

VERSION

@@ -1 +1,2 @@
-2.2.1
+2.2.2
+

apps/CMakeLists.txt

@@ -0,0 +1,79 @@
+include_directories(
+	.
+	../include
+	../include/compat
+)
+
+set(
+	OPENSSL_SRC
+	apps.c
+	asn1pars.c
+	ca.c
+	ciphers.c
+	cms.c
+	crl.c
+	crl2p7.c
+	dgst.c
+	dh.c
+	dhparam.c
+	dsa.c
+	dsaparam.c
+	ec.c
+	ecparam.c
+	enc.c
+	engine.c
+	errstr.c
+	gendh.c
+	gendsa.c
+	genpkey.c
+	genrsa.c
+	nseq.c
+	ocsp.c
+	openssl.c
+	passwd.c
+	pkcs12.c
+	pkcs7.c
+	pkcs8.c
+	pkey.c
+	pkeyparam.c
+	pkeyutl.c
+	prime.c
+	rand.c
+	req.c
+	rsa.c
+	rsautl.c
+	s_cb.c
+	s_client.c
+	s_server.c
+	s_socket.c
+	s_time.c
+	sess_id.c
+	smime.c
+	speed.c
+	spkac.c
+	ts.c
+	verify.c
+	version.c
+	x509.c
+)
+
+if(CMAKE_HOST_UNIX)
+	set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c)
+	set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c)
+endif()
+
+if(CMAKE_HOST_WIN32)
+	set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c)
+	set(OPENSSL_SRC ${OPENSSL_SRC} certhash_disabled.c)
+	set(OPENSSL_SRC ${OPENSSL_SRC} poll_win.c)
+endif()
+
+check_function_exists(strtonum HAVE_STRTONUM)
+if(HAVE_STRTONUM)
+	add_definitions(-DHAVE_STRTONUM)
+else()
+	set(OPENSSL_SRC ${OPENSSL_SRC} strtonum.c)
+endif()
+
+add_executable(openssl ${OPENSSL_SRC})
+target_link_libraries(openssl ${OPENSSL_LIBS})

apps/Makefile.am

@@ -84,4 +84,35 @@ noinst_HEADERS += s_apps.h
 noinst_HEADERS += testdsa.h
 noinst_HEADERS += testrsa.h
 noinst_HEADERS += timeouts.h
-noinst_HEADERS += openssl.cnf
+
+EXTRA_DIST = cert.pem
+EXTRA_DIST += openssl.cnf
+EXTRA_DIST += x509v3.cnf
+EXTRA_DIST += CMakeLists.txt
+
+install-exec-hook:
+	@if [ "@OPENSSLDIR@x" != "x" ]; then \
+		OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
+	else \
+		OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
+	fi; \
+	mkdir -p "$$OPENSSLDIR/certs"; \
+	for i in cert.pem openssl.cnf x509v3.cnf; do \
+		if [ ! -f "$$OPENSSLDIR/$i" ]; then \
+			$(INSTALL) -m 644 "$(srcdir)/$$i" "$$OPENSSLDIR/$$i"; \
+		else \
+			echo " $$OPENSSLDIR/$$i already exists, install will not overwrite"; \
+		fi \
+	done
+
+uninstall-local:
+	@if [ "@OPENSSLDIR@x" != "x" ]; then \
+		OPENSSLDIR="$(DESTDIR)/@OPENSSLDIR@"; \
+	else \
+		OPENSSLDIR="$(DESTDIR)/$(sysconfdir)/ssl"; \
+	fi; \
+	for i in cert.pem openssl.cnf x509v3.cnf; do \
+		if cmp -s "$$OPENSSLDIR/$$i" "$(srcdir)/$$i"; then \
+			rm -f "$$OPENSSLDIR/$$i"; \
+		fi \
+	done

configure.ac

@@ -57,14 +57,10 @@ AC_CHECK_HEADERS([err.h])
 AC_ARG_WITH([openssldir],
 	AS_HELP_STRING([--with-openssldir],
 		       [Set the default openssl directory]),
-	AC_DEFINE_UNQUOTED(OPENSSLDIR, "$withval")
-)
-
-AC_ARG_WITH([enginesdir],
-	AS_HELP_STRING([--with-enginesdir],
-		       [Set the default engines directory (use with openssldir)]),
-	AC_DEFINE_UNQUOTED(ENGINESDIR, "$withval")
+	OPENSSLDIR="$withval"
+	AC_SUBST(OPENSSLDIR)
 )
+AM_CONDITIONAL([OPENSSLDIR_DEFINED], [test x$with_openssldir != x])
 
 AC_ARG_ENABLE([extratests],
 	AS_HELP_STRING([--enable-extratests], [Enable extra tests that may be unreliable on some platforms]))
@@ -92,6 +88,18 @@ case $host_cpu in
 		;;
 esac
 
+AC_MSG_CHECKING([if .gnu.warning accepts long strings])
+AC_LINK_IFELSE([AC_LANG_SOURCE([[
+extern void SSLv3_method();
+__asm__(".section .gnu.warning.SSLv3_method; .ascii \"SSLv3_method is insecure\" ; .text");
+int main() {return 0;}
+]])], [
+    AC_DEFINE(HAS_GNU_WARNING_LONG, 1, [Define if .gnu.warning accepts long strings.])
+    AC_MSG_RESULT(yes)
+], [
+   AC_MSG_RESULT(no)
+])
+
 AC_ARG_ENABLE([asm],
 	AS_HELP_STRING([--disable-asm], [Disable assembly]))
 AM_CONDITIONAL([OPENSSL_NO_ASM], [test "x$enable_asm" = "xno"])

crypto/CMakeLists.txt

@@ -0,0 +1,641 @@
+include_directories(
+	.
+	../include
+	../include/compat
+	asn1
+	dsa
+	evp
+	modes
+)
+
+set(
+	CRYPTO_SRC
+
+	aes/aes_cbc.c
+	aes/aes_core.c
+	camellia/camellia.c
+	camellia/cmll_cbc.c
+	rc4/rc4_enc.c
+	rc4/rc4_skey.c
+	whrlpool/wp_block.c
+	cpt_err.c
+	cryptlib.c
+	cversion.c
+	ex_data.c
+	malloc-wrapper.c
+	mem_clr.c
+	mem_dbg.c
+	o_init.c
+	o_str.c
+	o_time.c
+	aes/aes_cfb.c
+	aes/aes_ctr.c
+	aes/aes_ecb.c
+	aes/aes_ige.c
+	aes/aes_misc.c
+	aes/aes_ofb.c
+	aes/aes_wrap.c
+	asn1/a_bitstr.c
+	asn1/a_bool.c
+	asn1/a_bytes.c
+	asn1/a_d2i_fp.c
+	asn1/a_digest.c
+	asn1/a_dup.c
+	asn1/a_enum.c
+	asn1/a_gentm.c
+	asn1/a_i2d_fp.c
+	asn1/a_int.c
+	asn1/a_mbstr.c
+	asn1/a_object.c
+	asn1/a_octet.c
+	asn1/a_print.c
+	asn1/a_set.c
+	asn1/a_sign.c
+	asn1/a_strex.c
+	asn1/a_strnid.c
+	asn1/a_time.c
+	asn1/a_type.c
+	asn1/a_utctm.c
+	asn1/a_utf8.c
+	asn1/a_verify.c
+	asn1/ameth_lib.c
+	asn1/asn1_err.c
+	asn1/asn1_gen.c
+	asn1/asn1_lib.c
+	asn1/asn1_par.c
+	asn1/asn_mime.c
+	asn1/asn_moid.c
+	asn1/asn_pack.c
+	asn1/bio_asn1.c
+	asn1/bio_ndef.c
+	asn1/d2i_pr.c
+	asn1/d2i_pu.c
+	asn1/evp_asn1.c
+	asn1/f_enum.c
+	asn1/f_int.c
+	asn1/f_string.c
+	asn1/i2d_pr.c
+	asn1/i2d_pu.c
+	asn1/n_pkey.c
+	asn1/nsseq.c
+	asn1/p5_pbe.c
+	asn1/p5_pbev2.c
+	asn1/p8_pkey.c
+	asn1/t_bitst.c
+	asn1/t_crl.c
+	asn1/t_pkey.c
+	asn1/t_req.c
+	asn1/t_spki.c
+	asn1/t_x509.c
+	asn1/t_x509a.c
+	asn1/tasn_dec.c
+	asn1/tasn_enc.c
+	asn1/tasn_fre.c
+	asn1/tasn_new.c
+	asn1/tasn_prn.c
+	asn1/tasn_typ.c
+	asn1/tasn_utl.c
+	asn1/x_algor.c
+	asn1/x_attrib.c
+	asn1/x_bignum.c
+	asn1/x_crl.c
+	asn1/x_exten.c
+	asn1/x_info.c
+	asn1/x_long.c
+	asn1/x_name.c
+	asn1/x_nx509.c
+	asn1/x_pkey.c
+	asn1/x_pubkey.c
+	asn1/x_req.c
+	asn1/x_sig.c
+	asn1/x_spki.c
+	asn1/x_val.c
+	asn1/x_x509.c
+	asn1/x_x509a.c
+	bf/bf_cfb64.c
+	bf/bf_ecb.c
+	bf/bf_enc.c
+	bf/bf_ofb64.c
+	bf/bf_skey.c
+	bio/b_dump.c
+	bio/b_print.c
+	bio/b_sock.c
+	bio/bf_buff.c
+	bio/bf_nbio.c
+	bio/bf_null.c
+	bio/bio_cb.c
+	bio/bio_err.c
+	bio/bio_lib.c
+	bio/bss_acpt.c
+	bio/bss_bio.c
+	bio/bss_conn.c
+	bio/bss_dgram.c
+	bio/bss_fd.c
+	bio/bss_file.c
+	bio/bss_mem.c
+	bio/bss_null.c
+	bio/bss_sock.c
+	bn/bn_add.c
+	bn/bn_asm.c
+	bn/bn_blind.c
+	bn/bn_const.c
+	bn/bn_ctx.c
+	bn/bn_depr.c
+	bn/bn_div.c
+	bn/bn_err.c
+	bn/bn_exp.c
+	bn/bn_exp2.c
+	bn/bn_gcd.c
+	bn/bn_gf2m.c
+	bn/bn_kron.c
+	bn/bn_lib.c
+	bn/bn_mod.c
+	bn/bn_mont.c
+	bn/bn_mpi.c
+	bn/bn_mul.c
+	bn/bn_nist.c
+	bn/bn_prime.c
+	bn/bn_print.c
+	bn/bn_rand.c
+	bn/bn_recp.c
+	bn/bn_shift.c
+	bn/bn_sqr.c
+	bn/bn_sqrt.c
+	bn/bn_word.c
+	bn/bn_x931p.c
+	buffer/buf_err.c
+	buffer/buf_str.c
+	buffer/buffer.c
+	camellia/cmll_cfb.c
+	camellia/cmll_ctr.c
+	camellia/cmll_ecb.c
+	camellia/cmll_misc.c
+	camellia/cmll_ofb.c
+	cast/c_cfb64.c
+	cast/c_ecb.c
+	cast/c_enc.c
+	cast/c_ofb64.c
+	cast/c_skey.c
+	chacha/chacha.c
+	cmac/cm_ameth.c
+	cmac/cm_pmeth.c
+	cmac/cmac.c
+	comp/c_rle.c
+	comp/c_zlib.c
+	comp/comp_err.c
+	comp/comp_lib.c
+	conf/conf_api.c
+	conf/conf_def.c
+	conf/conf_err.c
+	conf/conf_lib.c
+	conf/conf_mall.c
+	conf/conf_mod.c
+	conf/conf_sap.c
+	des/cbc_cksm.c
+	des/cbc_enc.c
+	des/cfb64ede.c
+	des/cfb64enc.c
+	des/cfb_enc.c
+	des/des_enc.c
+	des/ecb3_enc.c
+	des/ecb_enc.c
+	des/ede_cbcm_enc.c
+	des/enc_read.c
+	des/enc_writ.c
+	des/fcrypt.c
+	des/fcrypt_b.c
+	des/ofb64ede.c
+	des/ofb64enc.c
+	des/ofb_enc.c
+	des/pcbc_enc.c
+	des/qud_cksm.c
+	des/rand_key.c
+	des/set_key.c
+	des/str2key.c
+	des/xcbc_enc.c
+	dh/dh_ameth.c
+	dh/dh_asn1.c
+	dh/dh_check.c
+	dh/dh_depr.c
+	dh/dh_err.c
+	dh/dh_gen.c
+	dh/dh_key.c
+	dh/dh_lib.c
+	dh/dh_pmeth.c
+	dh/dh_prn.c
+	dsa/dsa_ameth.c
+	dsa/dsa_asn1.c
+	dsa/dsa_depr.c
+	dsa/dsa_err.c
+	dsa/dsa_gen.c
+	dsa/dsa_key.c
+	dsa/dsa_lib.c
+	dsa/dsa_ossl.c
+	dsa/dsa_pmeth.c
+	dsa/dsa_prn.c
+	dsa/dsa_sign.c
+	dsa/dsa_vrf.c
+	dso/dso_dlfcn.c
+	dso/dso_err.c
+	dso/dso_lib.c
+	dso/dso_null.c
+	dso/dso_openssl.c
+	ec/ec2_mult.c
+	ec/ec2_oct.c
+	ec/ec2_smpl.c
+	ec/ec_ameth.c
+	ec/ec_asn1.c
+	ec/ec_check.c
+	ec/ec_curve.c
+	ec/ec_cvt.c
+	ec/ec_err.c
+	ec/ec_key.c
+	ec/ec_lib.c
+	ec/ec_mult.c
+	ec/ec_oct.c
+	ec/ec_pmeth.c
+	ec/ec_print.c
+	ec/eck_prn.c
+	ec/ecp_mont.c
+	ec/ecp_nist.c
+	ec/ecp_oct.c
+	ec/ecp_smpl.c
+	ecdh/ech_err.c
+	ecdh/ech_key.c
+	ecdh/ech_lib.c
+	ecdh/ech_ossl.c
+	ecdsa/ecs_asn1.c
+	ecdsa/ecs_err.c
+	ecdsa/ecs_lib.c
+	ecdsa/ecs_ossl.c
+	ecdsa/ecs_sign.c
+	ecdsa/ecs_vrf.c
+	engine/eng_all.c
+	engine/eng_cnf.c
+	engine/eng_ctrl.c
+	engine/eng_dyn.c
+	engine/eng_err.c
+	engine/eng_fat.c
+	engine/eng_init.c
+	engine/eng_lib.c
+	engine/eng_list.c
+	engine/eng_openssl.c
+	engine/eng_pkey.c
+	engine/eng_table.c
+	engine/tb_asnmth.c
+	engine/tb_cipher.c
+	engine/tb_dh.c
+	engine/tb_digest.c
+	engine/tb_dsa.c
+	engine/tb_ecdh.c
+	engine/tb_ecdsa.c
+	engine/tb_pkmeth.c
+	engine/tb_rand.c
+	engine/tb_rsa.c
+	engine/tb_store.c
+	err/err.c
+	err/err_all.c
+	err/err_prn.c
+	evp/bio_b64.c
+	evp/bio_enc.c
+	evp/bio_md.c
+	evp/c_all.c
+	evp/digest.c
+	evp/e_aes.c
+	evp/e_aes_cbc_hmac_sha1.c
+	evp/e_bf.c
+	evp/e_camellia.c
+	evp/e_cast.c
+	evp/e_chacha.c
+	evp/e_chacha20poly1305.c
+	evp/e_des.c
+	evp/e_des3.c
+	evp/e_gost2814789.c
+	evp/e_idea.c
+	evp/e_null.c
+	evp/e_old.c
+	evp/e_rc2.c
+	evp/e_rc4.c
+	evp/e_rc4_hmac_md5.c
+	evp/e_xcbc_d.c
+	evp/encode.c
+	evp/evp_aead.c
+	evp/evp_enc.c
+	evp/evp_err.c
+	evp/evp_key.c
+	evp/evp_lib.c
+	evp/evp_pbe.c
+	evp/evp_pkey.c
+	evp/m_dss.c
+	evp/m_dss1.c
+	evp/m_ecdsa.c
+	evp/m_gost2814789.c
+	evp/m_gostr341194.c
+	evp/m_md4.c
+	evp/m_md5.c
+	evp/m_null.c
+	evp/m_ripemd.c
+	evp/m_sha.c
+	evp/m_sha1.c
+	evp/m_sigver.c
+	evp/m_streebog.c
+	evp/m_wp.c
+	evp/names.c
+	evp/p5_crpt.c
+	evp/p5_crpt2.c
+	evp/p_dec.c
+	evp/p_enc.c
+	evp/p_lib.c
+	evp/p_open.c
+	evp/p_seal.c
+	evp/p_sign.c
+	evp/p_verify.c
+	evp/pmeth_fn.c
+	evp/pmeth_gn.c
+	evp/pmeth_lib.c
+	gost/gost2814789.c
+	gost/gost89_keywrap.c
+	gost/gost89_params.c
+	gost/gost89imit_ameth.c
+	gost/gost89imit_pmeth.c
+	gost/gost_asn1.c
+	gost/gost_err.c
+	gost/gostr341001.c
+	gost/gostr341001_ameth.c
+	gost/gostr341001_key.c
+	gost/gostr341001_params.c
+	gost/gostr341001_pmeth.c
+	gost/gostr341194.c
+	gost/streebog.c
+	hmac/hm_ameth.c
+	hmac/hm_pmeth.c
+	hmac/hmac.c
+	idea/i_cbc.c
+	idea/i_cfb64.c
+	idea/i_ecb.c
+	idea/i_ofb64.c
+	idea/i_skey.c
+	krb5/krb5_asn.c
+	lhash/lh_stats.c
+	lhash/lhash.c
+	md4/md4_dgst.c
+	md4/md4_one.c
+	md5/md5_dgst.c
+	md5/md5_one.c
+	modes/cbc128.c
+	modes/ccm128.c
+	modes/cfb128.c
+	modes/ctr128.c
+	modes/cts128.c
+	modes/gcm128.c
+	modes/ofb128.c
+	modes/xts128.c
+	objects/o_names.c
+	objects/obj_dat.c
+	objects/obj_err.c
+	objects/obj_lib.c
+	objects/obj_xref.c
+	ocsp/ocsp_asn.c
+	ocsp/ocsp_cl.c
+	ocsp/ocsp_err.c
+	ocsp/ocsp_ext.c
+	ocsp/ocsp_ht.c
+	ocsp/ocsp_lib.c
+	ocsp/ocsp_prn.c
+	ocsp/ocsp_srv.c
+	ocsp/ocsp_vfy.c
+	pem/pem_all.c
+	pem/pem_err.c
+	pem/pem_info.c
+	pem/pem_lib.c
+	pem/pem_oth.c
+	pem/pem_pk8.c
+	pem/pem_pkey.c
+	pem/pem_seal.c
+	pem/pem_sign.c
+	pem/pem_x509.c
+	pem/pem_xaux.c
+	pem/pvkfmt.c
+	pkcs12/p12_add.c
+	pkcs12/p12_asn.c
+	pkcs12/p12_attr.c
+	pkcs12/p12_crpt.c
+	pkcs12/p12_crt.c
+	pkcs12/p12_decr.c
+	pkcs12/p12_init.c
+	pkcs12/p12_key.c
+	pkcs12/p12_kiss.c
+	pkcs12/p12_mutl.c
+	pkcs12/p12_npas.c
+	pkcs12/p12_p8d.c
+	pkcs12/p12_p8e.c
+	pkcs12/p12_utl.c
+	pkcs12/pk12err.c
+	pkcs7/bio_pk7.c
+	pkcs7/pk7_asn1.c
+	pkcs7/pk7_attr.c
+	pkcs7/pk7_doit.c
+	pkcs7/pk7_lib.c
+	pkcs7/pk7_mime.c
+	pkcs7/pk7_smime.c
+	pkcs7/pkcs7err.c
+	poly1305/poly1305.c
+	rand/rand_err.c
+	rand/rand_lib.c
+	rand/randfile.c
+	rc2/rc2_cbc.c
+	rc2/rc2_ecb.c
+	rc2/rc2_skey.c
+	rc2/rc2cfb64.c
+	rc2/rc2ofb64.c
+	ripemd/rmd_dgst.c
+	ripemd/rmd_one.c
+	rsa/rsa_ameth.c
+	rsa/rsa_asn1.c
+	rsa/rsa_chk.c
+	rsa/rsa_crpt.c
+	rsa/rsa_depr.c
+	rsa/rsa_eay.c
+	rsa/rsa_err.c
+	rsa/rsa_gen.c
+	rsa/rsa_lib.c
+	rsa/rsa_none.c
+	rsa/rsa_oaep.c
+	rsa/rsa_pk1.c
+	rsa/rsa_pmeth.c
+	rsa/rsa_prn.c
+	rsa/rsa_pss.c
+	rsa/rsa_saos.c
+	rsa/rsa_sign.c
+	rsa/rsa_ssl.c
+	rsa/rsa_x931.c
+	sha/sha1_one.c
+	sha/sha1dgst.c
+	sha/sha256.c
+	sha/sha512.c
+	sha/sha_dgst.c
+	sha/sha_one.c
+	stack/stack.c
+	ts/ts_asn1.c
+	ts/ts_conf.c
+	ts/ts_err.c
+	ts/ts_lib.c
+	ts/ts_req_print.c
+	ts/ts_req_utils.c
+	ts/ts_rsp_print.c
+	ts/ts_rsp_sign.c
+	ts/ts_rsp_utils.c
+	ts/ts_rsp_verify.c
+	ts/ts_verify_ctx.c
+	txt_db/txt_db.c
+	ui/ui_err.c
+	ui/ui_lib.c
+	ui/ui_util.c
+	whrlpool/wp_dgst.c
+	x509/by_dir.c
+	x509/by_file.c
+	x509/by_mem.c
+	x509/x509_att.c
+	x509/x509_cmp.c
+	x509/x509_d2.c
+	x509/x509_def.c
+	x509/x509_err.c
+	x509/x509_ext.c
+	x509/x509_lu.c
+	x509/x509_obj.c
+	x509/x509_r2x.c
+	x509/x509_req.c
+	x509/x509_set.c
+	x509/x509_trs.c
+	x509/x509_txt.c
+	x509/x509_v3.c
+	x509/x509_vfy.c
+	x509/x509_vpm.c
+	x509/x509cset.c
+	x509/x509name.c
+	x509/x509rset.c
+	x509/x509spki.c
+	x509/x509type.c
+	x509/x_all.c
+	x509v3/pcy_cache.c
+	x509v3/pcy_data.c
+	x509v3/pcy_lib.c
+	x509v3/pcy_map.c
+	x509v3/pcy_node.c
+	x509v3/pcy_tree.c
+	x509v3/v3_akey.c
+	x509v3/v3_akeya.c
+	x509v3/v3_alt.c
+	x509v3/v3_bcons.c
+	x509v3/v3_bitst.c
+	x509v3/v3_conf.c
+	x509v3/v3_cpols.c
+	x509v3/v3_crld.c
+	x509v3/v3_enum.c
+	x509v3/v3_extku.c
+	x509v3/v3_genn.c
+	x509v3/v3_ia5.c
+	x509v3/v3_info.c
+	x509v3/v3_int.c
+	x509v3/v3_lib.c
+	x509v3/v3_ncons.c
+	x509v3/v3_ocsp.c
+	x509v3/v3_pci.c
+	x509v3/v3_pcia.c
+	x509v3/v3_pcons.c
+	x509v3/v3_pku.c
+	x509v3/v3_pmaps.c
+	x509v3/v3_prn.c
+	x509v3/v3_purp.c
+	x509v3/v3_skey.c
+	x509v3/v3_sxnet.c
+	x509v3/v3_utl.c
+	x509v3/v3err.c
+)
+
+if(CMAKE_HOST_UNIX)
+	set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_posix.c)
+	set(CRYPTO_SRC ${CRYPTO_SRC} bio/bss_log.c)
+	set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl.c)
+endif()
+
+if(CMAKE_HOST_WIN32)
+	set(CRYPTO_SRC ${CRYPTO_SRC} bio/b_win.c)
+	set(CRYPTO_SRC ${CRYPTO_SRC} ui/ui_openssl_win.c)
+endif()
+
+if(CMAKE_HOST_WIN32)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/posix_win.c)
+endif()
+
+if(NOT HAVE_ASPRINTF)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/bsd-asprintf.c)
+endif()
+
+if(NOT HAVE_INET_PTON)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/inet_pton.c)
+endif()
+
+if(NOT HAVE_REALLOCARRAY)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/reallocarray.c)
+endif()
+
+if(NOT HAVE_STRCASECMP)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strcasecmp.c)
+endif()
+
+if(NOT HAVE_STRLCAT)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcat.c)
+endif()
+
+if(NOT HAVE_STRLCPY)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strlcpy.c)
+endif()
+
+if(NOT HAVE_STRNDUP)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strndup.c)
+	if(NOT HAVE_STRNLEN)
+		set(CRYPTO_SRC ${CRYPTO_SRC} compat/strnlen.c)
+	endif()
+endif()
+
+if(NOT HAVE_EXPLICIT_BZERO)
+	if(CMAKE_HOST_WIN32)
+		set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero_win.c)
+	else()
+		set(CRYPTO_SRC ${CRYPTO_SRC} compat/explicit_bzero.c)
+		set_source_files_properties(compat/explicit_bzero.c PROPERTIES COMPILE_FLAGS -O0)
+	endif()
+endif()
+
+if(NOT HAVE_ARC4RANDOM_BUF)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random.c)
+
+	if(NOT HAVE_GETENTROPY)
+		if(CMAKE_HOST_WIN32)
+			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_win.c)
+		elseif(CMAKE_SYSTEM_NAME MATCHES "AIX")
+			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c)
+		elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
+			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c)
+		elseif(CMAKE_SYSTEM_NAME MATCHES "Linux")
+			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c)
+		elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD")
+			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_netbsd.c)
+		elseif(CMAKE_SYSTEM_NAME MATCHES "Darwin")
+			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_darwin.c)
+		elseif(CMAKE_SYSTEM_NAME MATCHES "SunOS")
+			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_solaris.c)
+		endif()
+	endif()
+endif()
+
+if(NOT HAVE_TIMINGSAFE_BCMP)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c)
+endif()
+
+if(NOT HAVE_TIMINGSAFE_MEMCMP)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c)
+endif()
+
+add_library(crypto ${CRYPTO_SRC})

crypto/Makefile.am

@@ -7,10 +7,12 @@ AM_CFLAGS += -I$(top_srcdir)/crypto/modes
 lib_LTLIBRARIES = libcrypto.la
 
 EXTRA_DIST = VERSION
+EXTRA_DIST += CMakeLists.txt
 
 libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
 libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la
-libcrypto_la_CPPFLAGS = -DOPENSSL_NO_HW_PADLOCK
+libcrypto_la_CPPFLAGS = -DLIBRESSL_INTERNAL
+libcrypto_la_CPPFLAGS += -DOPENSSL_NO_HW_PADLOCK
 if OPENSSL_NO_ASM
 libcrypto_la_CPPFLAGS += -DOPENSSL_NO_ASM
 else
@@ -19,6 +21,12 @@ libcrypto_la_CPPFLAGS += -DOPENSSL_NO_ASM
 endif
 endif
 
+if OPENSSLDIR_DEFINED
+libcrypto_la_CPPFLAGS += -DOPENSSLDIR=\"@OPENSSLDIR@\"
+else
+libcrypto_la_CPPFLAGS += -DOPENSSLDIR=\"$(sysconfdir)/ssl\"
+endif
+
 noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
 
 # compatibility functions that need to be built without optimizations
@@ -26,8 +34,12 @@ libcompatnoopt_la_CFLAGS = -O0
 libcompatnoopt_la_SOURCES =
 
 if !HAVE_EXPLICIT_BZERO
+if HOST_WIN
+libcompatnoopt_la_SOURCES += compat/explicit_bzero_win.c
+else
 libcompatnoopt_la_SOURCES += compat/explicit_bzero.c
 endif
+endif
 
 # other compatibility functions
 libcompat_la_SOURCES =
@@ -229,7 +241,9 @@ libcrypto_la_SOURCES += bio/bss_conn.c
 libcrypto_la_SOURCES += bio/bss_dgram.c
 libcrypto_la_SOURCES += bio/bss_fd.c
 libcrypto_la_SOURCES += bio/bss_file.c
+if !HOST_WIN
 libcrypto_la_SOURCES += bio/bss_log.c
+endif
 libcrypto_la_SOURCES += bio/bss_mem.c
 libcrypto_la_SOURCES += bio/bss_null.c
 libcrypto_la_SOURCES += bio/bss_sock.c
@@ -426,7 +440,6 @@ libcrypto_la_SOURCES += engine/eng_lib.c
 libcrypto_la_SOURCES += engine/eng_list.c
 libcrypto_la_SOURCES += engine/eng_openssl.c
 libcrypto_la_SOURCES += engine/eng_pkey.c
-libcrypto_la_SOURCES += engine/eng_rsax.c
 libcrypto_la_SOURCES += engine/eng_table.c
 libcrypto_la_SOURCES += engine/tb_asnmth.c
 libcrypto_la_SOURCES += engine/tb_cipher.c

crypto/compat/explicit_bzero_win.c

@@ -0,0 +1,13 @@
+/*
+ * Public domain.
+ * Win32 explicit_bzero compatibility shim.
+ */
+
+#include <windows.h>
+#include <string.h>
+
+void
+explicit_bzero(void *buf, size_t len)
+{
+	SecureZeroMemory(buf, len);
+}

crypto/compat/posix_win.c

@@ -166,3 +166,34 @@ posix_setsockopt(int sockfd, int level, int optname,
 	int rc = setsockopt(sockfd, level, optname, (char *)optval, optlen);
 	return rc == 0 ? 0 : wsa_errno(WSAGetLastError());
 }
+
+#ifdef _MSC_VER
+int gettimeofday(struct timeval * tp, struct timezone * tzp)
+{
+	/*
+	 * Note: some broken versions only have 8 trailing zero's, the correct
+	 * epoch has 9 trailing zero's
+	 */
+	static const uint64_t EPOCH = ((uint64_t) 116444736000000000ULL);
+
+	SYSTEMTIME  system_time;
+	FILETIME    file_time;
+	uint64_t    time;
+
+	GetSystemTime(&system_time);
+	SystemTimeToFileTime(&system_time, &file_time);
+	time = ((uint64_t)file_time.dwLowDateTime);
+	time += ((uint64_t)file_time.dwHighDateTime) << 32;
+
+	tp->tv_sec = (long)((time - EPOCH) / 10000000L);
+	tp->tv_usec = (long)(system_time.wMilliseconds * 1000);
+	return 0;
+}
+
+unsigned int sleep(unsigned int seconds)
+{
+	Sleep(seconds * 1000);
+	return seconds;
+}
+
+#endif

crypto/compat/ui_openssl_win.c

@@ -133,6 +133,7 @@
 /* Define globals.  They are protected by a lock */
 static void (*savsig[NX509_SIG])(int );
 
+DWORD console_mode;
 static FILE *tty_in, *tty_out;
 static int is_a_tty;
 
@@ -300,28 +301,27 @@ open_console(UI *ui)
 	tty_in = stdin;
 	tty_out = stderr;
 
-	return 1;
+	HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
+	if (handle != INVALID_HANDLE_VALUE)
+		return GetConsoleMode(handle, &console_mode);
+	return 0;
 }
 
 static int
 noecho_console(UI *ui)
 {
-	DWORD mode = 0;
 	HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
-	if (handle != INVALID_HANDLE_VALUE && handle != handle) {
-		return GetConsoleMode(handle, &mode) && SetConsoleMode(handle, mode & (~ENABLE_ECHO_INPUT));
-	}
+	if (handle != INVALID_HANDLE_VALUE)
+		return SetConsoleMode(handle, console_mode & ~ENABLE_ECHO_INPUT);
 	return 0;
 }
 
 static int
 echo_console(UI *ui)
 {
-	DWORD mode = 0;
 	HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
-	if (handle != INVALID_HANDLE_VALUE && handle != handle) {
-		return GetConsoleMode(handle, &mode) && SetConsoleMode(handle, mode | ENABLE_ECHO_INPUT);
-	}
+	if (handle != INVALID_HANDLE_VALUE)
+		return SetConsoleMode(handle, console_mode);
 	return 0;
 }
 

include/Makefile.am

@@ -2,31 +2,36 @@ include $(top_srcdir)/Makefile.am.common
 
 SUBDIRS = openssl
 
-noinst_HEADERS = err.h
-noinst_HEADERS += netdb.h
-noinst_HEADERS += poll.h
-noinst_HEADERS += pqueue.h
-noinst_HEADERS += stdio.h
-noinst_HEADERS += stdlib.h
-noinst_HEADERS += string.h
-noinst_HEADERS += syslog.h
-noinst_HEADERS += unistd.h
-noinst_HEADERS += win32netcompat.h
+noinst_HEADERS = pqueue.h
+noinst_HEADERS += compat/dirent.h
+noinst_HEADERS += compat/dirent_msvc.h
+noinst_HEADERS += compat/err.h
+noinst_HEADERS += compat/netdb.h
+noinst_HEADERS += compat/poll.h
+noinst_HEADERS += compat/stdio.h
+noinst_HEADERS += compat/stdlib.h
+noinst_HEADERS += compat/string.h
+noinst_HEADERS += compat/time.h
+noinst_HEADERS += compat/unistd.h
+noinst_HEADERS += compat/win32netcompat.h
 
-noinst_HEADERS += arpa/inet.h
-noinst_HEADERS += arpa/nameser.h
+noinst_HEADERS += compat/arpa/inet.h
+noinst_HEADERS += compat/arpa/nameser.h
 
-noinst_HEADERS += machine/endian.h
+noinst_HEADERS += compat/machine/endian.h
 
-noinst_HEADERS += netinet/in.h
-noinst_HEADERS += netinet/tcp.h
+noinst_HEADERS += compat/netinet/in.h
+noinst_HEADERS += compat/netinet/tcp.h
 
-noinst_HEADERS += sys/ioctl.h
-noinst_HEADERS += sys/mman.h
-noinst_HEADERS += sys/select.h
-noinst_HEADERS += sys/socket.h
-noinst_HEADERS += sys/times.h
-noinst_HEADERS += sys/types.h
-noinst_HEADERS += sys/uio.h
+noinst_HEADERS += compat/sys/cdefs.h
+noinst_HEADERS += compat/sys/ioctl.h
+noinst_HEADERS += compat/sys/mman.h
+noinst_HEADERS += compat/sys/param.h
+noinst_HEADERS += compat/sys/select.h
+noinst_HEADERS += compat/sys/stat.h
+noinst_HEADERS += compat/sys/socket.h
+noinst_HEADERS += compat/sys/time.h
+noinst_HEADERS += compat/sys/types.h
+noinst_HEADERS += compat/sys/uio.h
 
 include_HEADERS = tls.h

include/compat/arpa/inet.h

@@ -15,5 +15,5 @@
 #endif
 
 #ifndef HAVE_INET_PTON
-int inet_pton(int af, const char * restrict src, void * restrict dst);
+int inet_pton(int af, const char * src, void * dst);
 #endif

include/compat/dirent.h

@@ -0,0 +1,17 @@
+/*
+ * Public domain
+ * dirent.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_DIRENT_H
+#define LIBCRYPTOCOMPAT_DIRENT_H
+
+#ifdef _MSC_VER
+#include <windows.h>
+#include <dirent_msvc.h>
+#else
+#include_next <dirent.h>
+#endif
+
+#endif
+

include/compat/dirent_msvc.h

@@ -0,0 +1,748 @@
+/*
+ * dirent.h - dirent API for Microsoft Visual Studio
+ *
+ * Copyright (C) 2006-2012 Toni Ronkko
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining
+ * a copy of this software and associated documentation files (the
+ * ``Software''), to deal in the Software without restriction, including
+ * without limitation the rights to use, copy, modify, merge, publish,
+ * distribute, sublicense, and/or sell copies of the Software, and to
+ * permit persons to whom the Software is furnished to do so, subject to
+ * the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included
+ * in all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED ``AS IS'', WITHOUT WARRANTY OF ANY KIND, EXPRESS
+ * OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+ * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+ * IN NO EVENT SHALL TONI RONKKO BE LIABLE FOR ANY CLAIM, DAMAGES OR
+ * OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+ * ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+ * OTHER DEALINGS IN THE SOFTWARE.
+ *
+ * $Id: dirent.h,v 1.20 2014/03/19 17:52:23 tronkko Exp $
+ */
+#ifndef DIRENT_MSVC_H
+#define DIRENT_MSVC_H
+
+#include <windows.h>
+
+#include <../include/stdio.h>
+#include <../include/stdarg.h>
+#include <../include/wchar.h>
+#include <../include/string.h>
+#include <../include/stdlib.h>
+#include <../include/malloc.h>
+#include <../include/sys/types.h>
+#include <sys/stat.h>
+#include <../include/errno.h>
+
+/* Indicates that d_type field is available in dirent structure */
+#define _DIRENT_HAVE_D_TYPE
+
+/* Indicates that d_namlen field is available in dirent structure */
+#define _DIRENT_HAVE_D_NAMLEN
+
+/* Entries missing from MSVC 6.0 */
+#if !defined(FILE_ATTRIBUTE_DEVICE)
+#   define FILE_ATTRIBUTE_DEVICE 0x40
+#endif
+
+/* Maximum length of file name */
+#if !defined(PATH_MAX)
+#   define PATH_MAX MAX_PATH
+#endif
+#if !defined(FILENAME_MAX)
+#   define FILENAME_MAX MAX_PATH
+#endif
+#if !defined(NAME_MAX)
+#   define NAME_MAX FILENAME_MAX
+#endif
+
+/* Return the exact length of d_namlen without zero terminator */
+#define _D_EXACT_NAMLEN(p) ((p)->d_namlen)
+
+/* Return number of bytes needed to store d_namlen */
+#define _D_ALLOC_NAMLEN(p) (PATH_MAX)
+
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+
+/* Wide-character version */
+struct _wdirent {
+    long d_ino;                                 /* Always zero */
+    unsigned short d_reclen;                    /* Structure size */
+    size_t d_namlen;                            /* Length of name without \0 */
+    int d_type;                                 /* File type */
+    wchar_t d_name[PATH_MAX];                   /* File name */
+};
+typedef struct _wdirent _wdirent;
+
+struct _WDIR {
+    struct _wdirent ent;                        /* Current directory entry */
+    WIN32_FIND_DATAW data;                      /* Private file data */
+    int cached;                                 /* True if data is valid */
+    HANDLE handle;                              /* Win32 search handle */
+    wchar_t *patt;                              /* Initial directory name */
+};
+typedef struct _WDIR _WDIR;
+
+static _WDIR *_wopendir (const wchar_t *dirname);
+static struct _wdirent *_wreaddir (_WDIR *dirp);
+static int _wclosedir (_WDIR *dirp);
+static void _wrewinddir (_WDIR* dirp);
+
+
+/* For compatibility with Symbian */
+#define wdirent _wdirent
+#define WDIR _WDIR
+#define wopendir _wopendir
+#define wreaddir _wreaddir
+#define wclosedir _wclosedir
+#define wrewinddir _wrewinddir
+
+
+/* Multi-byte character versions */
+struct dirent {
+    long d_ino;                                 /* Always zero */
+    unsigned short d_reclen;                    /* Structure size */
+    size_t d_namlen;                            /* Length of name without \0 */
+    int d_type;                                 /* File type */
+    char d_name[PATH_MAX];                      /* File name */
+};
+typedef struct dirent dirent;
+
+struct DIR {
+    struct dirent ent;
+    struct _WDIR *wdirp;
+};
+typedef struct DIR DIR;
+
+static DIR *opendir (const char *dirname);
+static struct dirent *readdir (DIR *dirp);
+static int closedir (DIR *dirp);
+static void rewinddir (DIR* dirp);
+
+
+/* Internal utility functions */
+static WIN32_FIND_DATAW *dirent_first (_WDIR *dirp);
+static WIN32_FIND_DATAW *dirent_next (_WDIR *dirp);
+
+static int dirent_mbstowcs_s(
+    size_t *pReturnValue,
+    wchar_t *wcstr,
+    size_t sizeInWords,
+    const char *mbstr,
+    size_t count);
+
+static int dirent_wcstombs_s(
+    size_t *pReturnValue,
+    char *mbstr,
+    size_t sizeInBytes,
+    const wchar_t *wcstr,
+    size_t count);
+
+static void dirent_set_errno (int error);
+
+/*
+ * Open directory stream DIRNAME for read and return a pointer to the
+ * internal working area that is used to retrieve individual directory
+ * entries.
+ */
+static _WDIR*
+_wopendir(
+    const wchar_t *dirname)
+{
+    _WDIR *dirp = NULL;
+    int error;
+
+    /* Must have directory name */
+    if (dirname == NULL  ||  dirname[0] == '\0') {
+        dirent_set_errno (ENOENT);
+        return NULL;
+    }
+
+    /* Allocate new _WDIR structure */
+    dirp = (_WDIR*) malloc (sizeof (struct _WDIR));
+    if (dirp != NULL) {
+        DWORD n;
+
+        /* Reset _WDIR structure */
+        dirp->handle = INVALID_HANDLE_VALUE;
+        dirp->patt = NULL;
+        dirp->cached = 0;
+
+        /* Compute the length of full path plus zero terminator */
+        n = GetFullPathNameW (dirname, 0, NULL, NULL);
+
+        /* Allocate room for absolute directory name and search pattern */
+        dirp->patt = (wchar_t*) malloc (sizeof (wchar_t) * n + 16);
+        if (dirp->patt) {
+
+            /*
+             * Convert relative directory name to an absolute one.  This
+             * allows rewinddir() to function correctly even when current
+             * working directory is changed between opendir() and rewinddir().
+             */
+            n = GetFullPathNameW (dirname, n, dirp->patt, NULL);
+            if (n > 0) {
+                wchar_t *p;
+
+                /* Append search pattern \* to the directory name */
+                p = dirp->patt + n;
+                if (dirp->patt < p) {
+                    switch (p[-1]) {
+                    case '\\':
+                    case '/':
+                    case ':':
+                        /* Directory ends in path separator, e.g. c:\temp\ */
+                        /*NOP*/;
+                        break;
+
+                    default:
+                        /* Directory name doesn't end in path separator */
+                        *p++ = '\\';
+                    }
+                }
+                *p++ = '*';
+                *p = '\0';
+
+                /* Open directory stream and retrieve the first entry */
+                if (dirent_first (dirp)) {
+                    /* Directory stream opened successfully */
+                    error = 0;
+                } else {
+                    /* Cannot retrieve first entry */
+                    error = 1;
+                    dirent_set_errno (ENOENT);
+                }
+
+            } else {
+                /* Cannot retrieve full path name */
+                dirent_set_errno (ENOENT);
+                error = 1;
+            }
+
+        } else {
+            /* Cannot allocate memory for search pattern */
+            error = 1;
+        }
+
+    } else {
+        /* Cannot allocate _WDIR structure */
+        error = 1;
+    }
+
+    /* Clean up in case of error */
+    if (error  &&  dirp) {
+        _wclosedir (dirp);
+        dirp = NULL;
+    }
+
+    return dirp;
+}
+
+/*
+ * Read next directory entry.  The directory entry is returned in dirent
+ * structure in the d_name field.  Individual directory entries returned by
+ * this function include regular files, sub-directories, pseudo-directories
+ * "." and ".." as well as volume labels, hidden files and system files.
+ */
+static struct _wdirent*
+_wreaddir(
+    _WDIR *dirp)
+{
+    WIN32_FIND_DATAW *datap;
+    struct _wdirent *entp;
+
+    /* Read next directory entry */
+    datap = dirent_next (dirp);
+    if (datap) {
+        size_t n;
+        DWORD attr;
+
+        /* Pointer to directory entry to return */
+        entp = &dirp->ent;
+
+        /*
+         * Copy file name as wide-character string.  If the file name is too
+         * long to fit in to the destination buffer, then truncate file name
+         * to PATH_MAX characters and zero-terminate the buffer.
+         */
+        n = 0;
+        while (n + 1 < PATH_MAX  &&  datap->cFileName[n] != 0) {
+            entp->d_name[n] = datap->cFileName[n];
+            n++;
+        }
+        dirp->ent.d_name[n] = 0;
+
+        /* Length of file name excluding zero terminator */
+        entp->d_namlen = n;
+
+        /* File type */
+        attr = datap->dwFileAttributes;
+        if ((attr & FILE_ATTRIBUTE_DEVICE) != 0) {
+            entp->d_type = DT_CHR;
+        } else if ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0) {
+            entp->d_type = DT_DIR;
+        } else {
+            entp->d_type = DT_REG;
+        }
+
+        /* Reset dummy fields */
+        entp->d_ino = 0;
+        entp->d_reclen = sizeof (struct _wdirent);
+
+    } else {
+
+        /* Last directory entry read */
+        entp = NULL;
+
+    }
+
+    return entp;
+}
+
+/*
+ * Close directory stream opened by opendir() function.  This invalidates the
+ * DIR structure as well as any directory entry read previously by
+ * _wreaddir().
+ */
+static int
+_wclosedir(
+    _WDIR *dirp)
+{
+    int ok;
+    if (dirp) {
+
+        /* Release search handle */
+        if (dirp->handle != INVALID_HANDLE_VALUE) {
+            FindClose (dirp->handle);
+            dirp->handle = INVALID_HANDLE_VALUE;
+        }
+
+        /* Release search pattern */
+        if (dirp->patt) {
+            free (dirp->patt);
+            dirp->patt = NULL;
+        }
+
+        /* Release directory structure */
+        free (dirp);
+        ok = /*success*/0;
+
+    } else {
+        /* Invalid directory stream */
+        dirent_set_errno (EBADF);
+        ok = /*failure*/-1;
+    }
+    return ok;
+}
+
+/*
+ * Rewind directory stream such that _wreaddir() returns the very first
+ * file name again.
+ */
+static void
+_wrewinddir(
+    _WDIR* dirp)
+{
+    if (dirp) {
+        /* Release existing search handle */
+        if (dirp->handle != INVALID_HANDLE_VALUE) {
+            FindClose (dirp->handle);
+        }
+
+        /* Open new search handle */
+        dirent_first (dirp);
+    }
+}
+
+/* Get first directory entry (internal) */
+static WIN32_FIND_DATAW*
+dirent_first(
+    _WDIR *dirp)
+{
+    WIN32_FIND_DATAW *datap;
+
+    /* Open directory and retrieve the first entry */
+    dirp->handle = FindFirstFileW (dirp->patt, &dirp->data);
+    if (dirp->handle != INVALID_HANDLE_VALUE) {
+
+        /* a directory entry is now waiting in memory */
+        datap = &dirp->data;
+        dirp->cached = 1;
+
+    } else {
+
+        /* Failed to re-open directory: no directory entry in memory */
+        dirp->cached = 0;
+        datap = NULL;
+
+    }
+    return datap;
+}
+
+/* Get next directory entry (internal) */
+static WIN32_FIND_DATAW*
+dirent_next(
+    _WDIR *dirp)
+{
+    WIN32_FIND_DATAW *p;
+
+    /* Get next directory entry */
+    if (dirp->cached != 0) {
+
+        /* A valid directory entry already in memory */
+        p = &dirp->data;
+        dirp->cached = 0;
+
+    } else if (dirp->handle != INVALID_HANDLE_VALUE) {
+
+        /* Get the next directory entry from stream */
+        if (FindNextFileW (dirp->handle, &dirp->data) != FALSE) {
+            /* Got a file */
+            p = &dirp->data;
+        } else {
+            /* The very last entry has been processed or an error occured */
+            FindClose (dirp->handle);
+            dirp->handle = INVALID_HANDLE_VALUE;
+            p = NULL;
+        }
+
+    } else {
+
+        /* End of directory stream reached */
+        p = NULL;
+
+    }
+
+    return p;
+}
+
+/*
+ * Open directory stream using plain old C-string.
+ */
+static DIR*
+opendir(
+    const char *dirname)
+{
+    struct DIR *dirp;
+    int error;
+
+    /* Must have directory name */
+    if (dirname == NULL  ||  dirname[0] == '\0') {
+        dirent_set_errno (ENOENT);
+        return NULL;
+    }
+
+    /* Allocate memory for DIR structure */
+    dirp = (DIR*) malloc (sizeof (struct DIR));
+    if (dirp) {
+        wchar_t wname[PATH_MAX];
+        size_t n;
+
+        /* Convert directory name to wide-character string */
+        error = dirent_mbstowcs_s (&n, wname, PATH_MAX, dirname, PATH_MAX);
+        if (!error) {
+
+            /* Open directory stream using wide-character name */
+            dirp->wdirp = _wopendir (wname);
+            if (dirp->wdirp) {
+                /* Directory stream opened */
+                error = 0;
+            } else {
+                /* Failed to open directory stream */
+                error = 1;
+            }
+
+        } else {
+            /*
+             * Cannot convert file name to wide-character string.  This
+             * occurs if the string contains invalid multi-byte sequences or
+             * the output buffer is too small to contain the resulting
+             * string.
+             */
+            error = 1;
+        }
+
+    } else {
+        /* Cannot allocate DIR structure */
+        error = 1;
+    }
+
+    /* Clean up in case of error */
+    if (error  &&  dirp) {
+        free (dirp);
+        dirp = NULL;
+    }
+
+    return dirp;
+}
+
+/*
+ * Read next directory entry.
+ *
+ * When working with text consoles, please note that file names returned by
+ * readdir() are represented in the default ANSI code page while any output to
+ * console is typically formatted on another code page.  Thus, non-ASCII
+ * characters in file names will not usually display correctly on console.  The
+ * problem can be fixed in two ways: (1) change the character set of console
+ * to 1252 using chcp utility and use Lucida Console font, or (2) use
+ * _cprintf function when writing to console.  The _cprinf() will re-encode
+ * ANSI strings to the console code page so many non-ASCII characters will
+ * display correcly.
+ */
+static struct dirent*
+readdir(
+    DIR *dirp)
+{
+    WIN32_FIND_DATAW *datap;
+    struct dirent *entp;
+
+    /* Read next directory entry */
+    datap = dirent_next (dirp->wdirp);
+    if (datap) {
+        size_t n;
+        int error;
+
+        /* Attempt to convert file name to multi-byte string */
+        error = dirent_wcstombs_s(
+            &n, dirp->ent.d_name, PATH_MAX, datap->cFileName, PATH_MAX);
+
+        /*
+         * If the file name cannot be represented by a multi-byte string,
+         * then attempt to use old 8+3 file name.  This allows traditional
+         * Unix-code to access some file names despite of unicode
+         * characters, although file names may seem unfamiliar to the user.
+         *
+         * Be ware that the code below cannot come up with a short file
+         * name unless the file system provides one.  At least
+         * VirtualBox shared folders fail to do this.
+         */
+        if (error  &&  datap->cAlternateFileName[0] != '\0') {
+            error = dirent_wcstombs_s(
+                &n, dirp->ent.d_name, PATH_MAX,
+                datap->cAlternateFileName, PATH_MAX);
+        }
+
+        if (!error) {
+            DWORD attr;
+
+            /* Initialize directory entry for return */
+            entp = &dirp->ent;
+
+            /* Length of file name excluding zero terminator */
+            entp->d_namlen = n - 1;
+
+            /* File attributes */
+            attr = datap->dwFileAttributes;
+            if ((attr & FILE_ATTRIBUTE_DEVICE) != 0) {
+                entp->d_type = DT_CHR;
+            } else if ((attr & FILE_ATTRIBUTE_DIRECTORY) != 0) {
+                entp->d_type = DT_DIR;
+            } else {
+                entp->d_type = DT_REG;
+            }
+
+            /* Reset dummy fields */
+            entp->d_ino = 0;
+            entp->d_reclen = sizeof (struct dirent);
+
+        } else {
+            /*
+             * Cannot convert file name to multi-byte string so construct
+             * an errornous directory entry and return that.  Note that
+             * we cannot return NULL as that would stop the processing
+             * of directory entries completely.
+             */
+            entp = &dirp->ent;
+            entp->d_name[0] = '?';
+            entp->d_name[1] = '\0';
+            entp->d_namlen = 1;
+            entp->d_type = DT_UNKNOWN;
+            entp->d_ino = 0;
+            entp->d_reclen = 0;
+        }
+
+    } else {
+        /* No more directory entries */
+        entp = NULL;
+    }
+
+    return entp;
+}
+
+/*
+ * Close directory stream.
+ */
+static int
+closedir(
+    DIR *dirp)
+{
+    int ok;
+    if (dirp) {
+
+        /* Close wide-character directory stream */
+        ok = _wclosedir (dirp->wdirp);
+        dirp->wdirp = NULL;
+
+        /* Release multi-byte character version */
+        free (dirp);
+
+    } else {
+
+        /* Invalid directory stream */
+        dirent_set_errno (EBADF);
+        ok = /*failure*/-1;
+
+    }
+    return ok;
+}
+
+/*
+ * Rewind directory stream to beginning.
+ */
+static void
+rewinddir(
+    DIR* dirp)
+{
+    /* Rewind wide-character string directory stream */
+    _wrewinddir (dirp->wdirp);
+}
+
+/* Convert multi-byte string to wide character string */
+static int
+dirent_mbstowcs_s(
+    size_t *pReturnValue,
+    wchar_t *wcstr,
+    size_t sizeInWords,
+    const char *mbstr,
+    size_t count)
+{
+    int error;
+
+#if defined(_MSC_VER)  &&  _MSC_VER >= 1400
+
+    /* Microsoft Visual Studio 2005 or later */
+    error = mbstowcs_s (pReturnValue, wcstr, sizeInWords, mbstr, count);
+
+#else
+
+    /* Older Visual Studio or non-Microsoft compiler */
+    size_t n;
+
+    /* Convert to wide-character string (or count characters) */
+    n = mbstowcs (wcstr, mbstr, sizeInWords);
+    if (!wcstr  ||  n < count) {
+
+        /* Zero-terminate output buffer */
+        if (wcstr  &&  sizeInWords) {
+            if (n >= sizeInWords) {
+                n = sizeInWords - 1;
+            }
+            wcstr[n] = 0;
+        }
+
+        /* Length of resuting multi-byte string WITH zero terminator */
+        if (pReturnValue) {
+            *pReturnValue = n + 1;
+        }
+
+        /* Success */
+        error = 0;
+
+    } else {
+
+        /* Could not convert string */
+        error = 1;
+
+    }
+
+#endif
+
+    return error;
+}
+
+/* Convert wide-character string to multi-byte string */
+static int
+dirent_wcstombs_s(
+    size_t *pReturnValue,
+    char *mbstr,
+    size_t sizeInBytes, /* max size of mbstr */
+    const wchar_t *wcstr,
+    size_t count)
+{
+    int error;
+
+#if defined(_MSC_VER)  &&  _MSC_VER >= 1400
+
+    /* Microsoft Visual Studio 2005 or later */
+    error = wcstombs_s (pReturnValue, mbstr, sizeInBytes, wcstr, count);
+
+#else
+
+    /* Older Visual Studio or non-Microsoft compiler */
+    size_t n;
+
+    /* Convert to multi-byte string (or count the number of bytes needed) */
+    n = wcstombs (mbstr, wcstr, sizeInBytes);
+    if (!mbstr  ||  n < count) {
+
+        /* Zero-terminate output buffer */
+        if (mbstr  &&  sizeInBytes) {
+            if (n >= sizeInBytes) {
+                n = sizeInBytes - 1;
+            }
+            mbstr[n] = '\0';
+        }
+
+        /* Lenght of resulting multi-bytes string WITH zero-terminator */
+        if (pReturnValue) {
+            *pReturnValue = n + 1;
+        }
+
+        /* Success */
+        error = 0;
+
+    } else {
+
+        /* Cannot convert string */
+        error = 1;
+
+    }
+
+#endif
+
+    return error;
+}
+
+/* Set errno variable */
+static void
+dirent_set_errno(
+    int error)
+{
+#if defined(_MSC_VER)  &&  _MSC_VER >= 1400
+
+    /* Microsoft Visual Studio 2005 and later */
+    _set_errno (error);
+
+#else
+
+    /* Non-Microsoft compiler or older Microsoft compiler */
+    errno = error;
+
+#endif
+}
+
+
+#ifdef __cplusplus
+}
+#endif
+#endif /*DIRENT_H*/
+

include/compat/err.h

@@ -0,0 +1,33 @@
+/*
+ * Public domain
+ * err.h compatibility shim
+ */
+
+#ifdef HAVE_ERR_H
+
+#include_next <err.h>
+
+#else
+
+#ifndef LIBCRYPTOCOMPAT_ERR_H
+#define LIBCRYPTOCOMPAT_ERR_H
+
+#include <errno.h>
+#include <stdio.h>
+#include <string.h>
+
+#define err(exitcode, format, ...) \
+  errx(exitcode, format ": %s", ## __VA_ARGS__, strerror(errno))
+
+#define errx(exitcode, format, ...) \
+  do { warnx(format, ## __VA_ARGS__); exit(exitcode); } while (0)
+
+#define warn(format, ...) \
+  warnx(format ": %s", ## __VA_ARGS__, strerror(errno))
+
+#define warnx(format, ...) \
+  fprintf(stderr, format "\n", ## __VA_ARGS__)
+
+#endif
+
+#endif

include/compat/poll.h

@@ -14,7 +14,7 @@
 #ifndef LIBCRYPTOCOMPAT_POLL_H
 #define LIBCRYPTOCOMPAT_POLL_H
 
-#ifdef HAVE_POLL
+#ifndef _WIN32
 #include_next <poll.h>
 #else
 

include/compat/stdio.h

@@ -3,11 +3,15 @@
  * stdio.h compatibility shim
  */
 
-#include_next <stdio.h>
-
 #ifndef LIBCRYPTOCOMPAT_STDIO_H
 #define LIBCRYPTOCOMPAT_STDIO_H
 
+#ifdef _MSC_VER
+#include <../include/stdio.h>
+#else
+#include_next <stdio.h>
+#endif
+
 #ifndef HAVE_ASPRINTF
 #include <stdarg.h>
 int vasprintf(char **str, const char *fmt, va_list ap);
@@ -26,6 +30,10 @@ int posix_rename(const char *oldpath, const char *newpath);
 #define rename(oldpath, newpath) posix_rename(oldpath, newpath)
 #endif
 
+#ifdef _MSC_VER
+#define snprintf _snprintf
+#endif
+
 #endif
 
 #endif

include/compat/stdlib.h

@@ -3,13 +3,16 @@
  * Public domain
  */
 
+#ifdef _MSC_VER
+#include <../include/stdlib.h>
+#else
 #include_next <stdlib.h>
+#endif
 
 #ifndef LIBCRYPTOCOMPAT_STDLIB_H
 #define LIBCRYPTOCOMPAT_STDLIB_H
 
-#include <sys/stat.h>
-#include <sys/time.h>
+#include <sys/types.h>
 #include <stdint.h>
 
 #ifndef HAVE_ARC4RANDOM_BUF

include/compat/string.h

@@ -3,11 +3,15 @@
  * string.h compatibility shim
  */
 
-#include_next <string.h>
-
 #ifndef LIBCRYPTOCOMPAT_STRING_H
 #define LIBCRYPTOCOMPAT_STRING_H
 
+#ifdef _MSC_VER
+#include <../include/string.h>
+#else
+#include_next <string.h>
+#endif
+
 #include <sys/types.h>
 
 #if defined(__sun) || defined(__hpux)
@@ -17,6 +21,11 @@
 #include <strings.h>
 #endif
 
+#ifndef HAVE_STRCASECMP
+int strcasecmp(const char *s1, const char *s2);
+int strncasecmp(const char *s1, const char *s2, size_t len);
+#endif
+
 #ifndef HAVE_STRLCPY
 size_t strlcpy(char *dst, const char *src, size_t siz);
 #endif

include/compat/sys/cdefs.h

@@ -0,0 +1,31 @@
+/*
+ * Public domain
+ * sys/cdefs.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_SYS_CDEFS_H
+#define LIBCRYPTOCOMPAT_SYS_CDEFS_H
+
+#ifdef _WIN32
+
+#define __warn_references(sym,msg)
+
+#else
+
+#include_next <sys/cdefs.h>
+
+#ifndef __warn_references
+
+#if defined(__GNUC__)  && defined (HAS_GNU_WARNING_LONG)
+#define __warn_references(sym,msg)          \
+  __asm__(".section .gnu.warning." __STRING(sym)  \
+         " ; .ascii \"" msg "\" ; .text");
+#else
+#define __warn_references(sym,msg)
+#endif
+
+#endif /* __warn_references */
+
+#endif /* _WIN32 */
+
+#endif /* LIBCRYPTOCOMPAT_SYS_CDEFS_H */

include/compat/sys/param.h

@@ -0,0 +1,15 @@
+/*
+ * Public domain
+ * sys/param.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_SYS_PARAM_H
+#define LIBCRYPTOCOMPAT_SYS_PARAM_H
+
+#ifdef _MSC_VER
+#include <winsock2.h>
+#else
+#include_next <sys/param.h>
+#endif
+
+#endif

include/compat/sys/stat.h

@@ -0,0 +1,96 @@
+/*
+ * Public domain
+ * sys/stat.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_SYS_STAT_H
+#define LIBCRYPTOCOMPAT_SYS_STAT_H
+
+#ifndef _MSC_VER
+#include_next <sys/stat.h>
+#else
+
+#include <windows.h>
+#include <../include/sys/stat.h>
+
+/* File type and permission flags for stat() */
+#if !defined(S_IFMT)
+#   define S_IFMT   _S_IFMT                     /* File type mask */
+#endif
+#if !defined(S_IFDIR)
+#   define S_IFDIR  _S_IFDIR                    /* Directory */
+#endif
+#if !defined(S_IFCHR)
+#   define S_IFCHR  _S_IFCHR                    /* Character device */
+#endif
+#if !defined(S_IFFIFO)
+#   define S_IFFIFO _S_IFFIFO                   /* Pipe */
+#endif
+#if !defined(S_IFREG)
+#   define S_IFREG  _S_IFREG                    /* Regular file */
+#endif
+#if !defined(S_IREAD)
+#   define S_IREAD  _S_IREAD                    /* Read permission */
+#endif
+#if !defined(S_IWRITE)
+#   define S_IWRITE _S_IWRITE                   /* Write permission */
+#endif
+#if !defined(S_IEXEC)
+#   define S_IEXEC  _S_IEXEC                    /* Execute permission */
+#endif
+#if !defined(S_IFIFO)
+#   define S_IFIFO _S_IFIFO                     /* Pipe */
+#endif
+#if !defined(S_IFBLK)
+#   define S_IFBLK   0                          /* Block device */
+#endif
+#if !defined(S_IFLNK)
+#   define S_IFLNK   0                          /* Link */
+#endif
+#if !defined(S_IFSOCK)
+#   define S_IFSOCK  0                          /* Socket */
+#endif
+
+#if defined(_MSC_VER)
+#   define S_IRUSR  S_IREAD                     /* Read user */
+#   define S_IWUSR  S_IWRITE                    /* Write user */
+#   define S_IXUSR  0                           /* Execute user */
+#   define S_IRGRP  0                           /* Read group */
+#   define S_IWGRP  0                           /* Write group */
+#   define S_IXGRP  0                           /* Execute group */
+#   define S_IROTH  0                           /* Read others */
+#   define S_IWOTH  0                           /* Write others */
+#   define S_IXOTH  0                           /* Execute others */
+#endif
+
+/* File type flags for d_type */
+#define DT_UNKNOWN  0
+#define DT_REG      S_IFREG
+#define DT_DIR      S_IFDIR
+#define DT_FIFO     S_IFIFO
+#define DT_SOCK     S_IFSOCK
+#define DT_CHR      S_IFCHR
+#define DT_BLK      S_IFBLK
+#define DT_LNK      S_IFLNK
+
+/* Macros for converting between st_mode and d_type */
+#define IFTODT(mode) ((mode) & S_IFMT)
+#define DTTOIF(type) (type)
+
+/*
+ * File type macros.  Note that block devices, sockets and links cannot be
+ * distinguished on Windows and the macros S_ISBLK, S_ISSOCK and S_ISLNK are
+ * only defined for compatibility.  These macros should always return false
+ * on Windows.
+ */
+#define	S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO)
+#define	S_ISDIR(mode)  (((mode) & S_IFMT) == S_IFDIR)
+#define	S_ISREG(mode)  (((mode) & S_IFMT) == S_IFREG)
+#define	S_ISLNK(mode)  (((mode) & S_IFMT) == S_IFLNK)
+#define	S_ISSOCK(mode) (((mode) & S_IFMT) == S_IFSOCK)
+#define	S_ISCHR(mode)  (((mode) & S_IFMT) == S_IFCHR)
+#define	S_ISBLK(mode)  (((mode) & S_IFMT) == S_IFBLK)
+
+#endif
+
+#endif

include/compat/sys/time.h

@@ -0,0 +1,16 @@
+/*
+ * Public domain
+ * sys/time.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_SYS_TIME_H
+#define LIBCRYPTOCOMPAT_SYS_TIME_H
+
+#ifdef _MSC_VER
+#include <winsock2.h>
+int gettimeofday(struct timeval *tp, void *tzp);
+#else
+#include_next <sys/time.h>
+#endif
+
+#endif

include/compat/sys/types.h

@@ -3,7 +3,11 @@
  * sys/types.h compatibility shim
  */
 
+#ifdef _MSC_VER
+#include <../include/sys/types.h>
+#else
 #include_next <sys/types.h>
+#endif
 
 #ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H
 #define LIBCRYPTOCOMPAT_SYS_TYPES_H
@@ -14,6 +18,24 @@
 #include <_bsd_types.h>
 #endif
 
+#ifdef _MSC_VER
+typedef unsigned char   u_char;
+typedef unsigned short  u_short;
+typedef unsigned int    u_int;
+
+#include <basetsd.h>
+typedef SSIZE_T ssize_t;
+
+#ifndef SSIZE_MAX
+#ifdef _WIN64
+#define SSIZE_MAX _I64_MAX
+#else
+#define SSIZE_MAX INT_MAX
+#endif
+#endif
+
+#endif
+
 #if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
 # define __bounded__(x, y, z)
 #endif

include/compat/time.h

@@ -0,0 +1,11 @@
+/*
+ * Public domain
+ * sys/time.h compatibility shim
+ */
+
+#ifdef _MSC_VER
+#include <../include/time.h>
+#define gmtime_r(tp, tm) ((gmtime_s((tm), (tp)) == 0) ? (tm) : NULL)
+#else
+#include_next <time.h>
+#endif

include/compat/unistd.h

@@ -3,11 +3,28 @@
  * unistd.h compatibility shim
  */
 
-#include_next <unistd.h>
-
 #ifndef LIBCRYPTOCOMPAT_UNISTD_H
 #define LIBCRYPTOCOMPAT_UNISTD_H
 
+#ifndef _MSC_VER
+#include_next <unistd.h>
+#else
+
+#include <stdlib.h>
+#include <io.h>
+#include <process.h>
+
+#define R_OK    4
+#define W_OK    2
+#define X_OK    0
+#define F_OK    0
+
+#define access _access
+
+unsigned int sleep(unsigned int seconds);
+
+#endif
+
 #ifndef HAVE_GETENTROPY
 int getentropy(void *buf, size_t buflen);
 #endif

include/err.h

@@ -1,33 +0,0 @@
-/*
- * Public domain
- * err.h compatibility shim
- */
-
-#ifdef HAVE_ERR_H
-
-#include_next <err.h>
-
-#else
-
-#ifndef LIBCRYPTOCOMPAT_ERR_H
-#define LIBCRYPTOCOMPAT_ERR_H
-
-#include <errno.h>
-#include <stdio.h>
-#include <string.h>
-
-#define err(exitcode, format, args...) \
-  errx(exitcode, format ": %s", ## args, strerror(errno))
-
-#define errx(exitcode, format, args...) \
-  do { warnx(format, ## args); exit(exitcode); } while (0)
-
-#define warn(format, args...) \
-  warnx(format ": %s", ## args, strerror(errno))
-
-#define warnx(format, args...) \
-  fprintf(stderr, format "\n", ## args)
-
-#endif
-
-#endif

include/sys/times.h

@@ -1,10 +0,0 @@
-/*
- * Public domain
- * sys/times.h compatibility shim
- */
-
-#ifndef _WIN32
-#include_next <sys/times.h>
-#else
-#include <win32netcompat.h>
-#endif

include/syslog.h

@@ -1,38 +0,0 @@
-/*
- * Public domain
- * syslog.h compatibility shim
- */
-
-#ifndef LIBCRYPTOCOMPAT_SYSLOG_H
-#define LIBCRYPTOCOMPAT_SYSLOG_H
-
-#ifndef _WIN32
-#include_next <syslog.h>
-#else
-
-/* priorities */
-#define LOG_EMERG 0
-#define LOG_ALERT 1
-#define LOG_CRIT 2
-#define LOG_ERR 3
-#define LOG_WARNING 4
-#define LOG_NOTICE 5
-#define LOG_INFO 6
-#define LOG_DEBUG 7
-
-/* facility codes */
-#define LOG_KERN (0<<3)
-#define LOG_USER (1<<3)
-#define LOG_DAEMON (3<<3)
-
-/* flags for openlog */
-#define LOG_PID 0x01
-#define LOG_CONS 0x02
-
-extern void openlog(const char *ident, int option, int facility);
-extern void syslog(int priority, const char *fmt, ...)
-	__attribute__ ((__format__ (__printf__, 2, 3)));
-extern void closelog (void);
-#endif
-
-#endif /* LIBCRYPTOCOMPAT_SYSLOG_H */

libtls-standalone/VERSION

@@ -1 +0,0 @@
-4.0.0

libtls-standalone/include/string.h

@@ -3,11 +3,15 @@
  * string.h compatibility shim
  */
 
-#include_next <string.h>
-
 #ifndef LIBCRYPTOCOMPAT_STRING_H
 #define LIBCRYPTOCOMPAT_STRING_H
 
+#ifdef _MSC_VER
+#include <../include/string.h>
+#else
+#include_next <string.h>
+#endif
+
 #include <sys/types.h>
 
 #if defined(__sun) || defined(__hpux)
@@ -17,6 +21,11 @@
 #include <strings.h>
 #endif
 
+#ifndef HAVE_STRCASECMP
+int strcasecmp(const char *s1, const char *s2);
+int strncasecmp(const char *s1, const char *s2, size_t len);
+#endif
+
 #ifndef HAVE_STRLCPY
 size_t strlcpy(char *dst, const char *src, size_t siz);
 #endif

m4/check-os-options.m4

@@ -1,13 +1,13 @@
 # This must be called before AC_PROG_CC
 AC_DEFUN([CHECK_OS_OPTIONS], [
 
-CFLAGS="$CFLAGS -Wall -std=gnu99"
+CFLAGS="$CFLAGS -Wall -std=gnu99 -fno-strict-aliasing"
 
 case $host_os in
 	*aix*)
 		HOST_OS=aix
 		if test "`echo $CC | cut -d ' ' -f 1`" != "gcc" ; then
-			CFLAGS="$USER_CFLAGS"
+			CFLAGS="-qnoansialias $USER_CFLAGS"
 		fi
 		AC_SUBST([PLATFORM_LDADD], ['-lperfstat -lpthread'])
 		;;
@@ -28,7 +28,7 @@ case $host_os in
 		if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then
 			CFLAGS="$CFLAGS -mlp64"
 		else
-			CFLAGS="-g -O2 +DD64 $USER_CFLAGS"
+			CFLAGS="-g -O2 +DD64 +Otype_safety=off $USER_CFLAGS"
 		fi
 		CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
 		AC_SUBST([PLATFORM_LDADD], ['-lpthread'])
@@ -51,7 +51,7 @@ case $host_os in
 		CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
 		CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
 		CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501"
-		CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG"
+		CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED"
 		CFLAGS="$CFLAGS -static-libgcc"
 		LDFLAGS="$LDFLAGS -static-libgcc"
 		AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])

man/links

@@ -445,7 +445,6 @@ EVP_DigestInit.3,EVP_get_digestbyobj.3
 EVP_DigestInit.3,EVP_md2.3
 EVP_DigestInit.3,EVP_md5.3
 EVP_DigestInit.3,EVP_md_null.3
-EVP_DigestInit.3,EVP_mdc2.3
 EVP_DigestInit.3,EVP_ripemd160.3
 EVP_DigestInit.3,EVP_sha.3
 EVP_DigestInit.3,EVP_sha1.3

patches/arc4random.c.patch

@@ -0,0 +1,15 @@
+--- crypto/compat/arc4random.c.orig	2015-07-20 07:41:17.000000000 -0600
++++ crypto/compat/arc4random.c	2015-07-20 07:41:58.000000000 -0600
+@@ -36,8 +36,11 @@
+ #define KEYSTREAM_ONLY
+ #include "chacha_private.h"
+ 
++#ifndef min
+ #define min(a, b) ((a) < (b) ? (a) : (b))
+-#ifdef __GNUC__
++#endif
++
++#if defined(__GNUC__) || defined(_MSC_VER)
+ #define inline __inline
+ #else				/* !__GNUC__ */
+ #define inline

patches/openssl.c.patch

@@ -1,10 +1,11 @@
---- apps/openssl.c.orig	2015-06-05 03:42:12.956112944 -0500
-+++ apps/openssl.c	2015-06-05 03:41:54.215381908 -0500
-@@ -130,6 +130,18 @@
+--- apps/openssl.c.orig	2015-07-20 02:01:42.000000000 -0600
++++ apps/openssl.c	2015-07-20 02:02:00.000000000 -0600
+@@ -130,6 +130,19 @@
  #include <openssl/engine.h>
  #endif
- 
+
 +#ifdef _WIN32
++#include <io.h>
 +#include <fcntl.h>
 +static void set_stdio_binary(void)
 +{
@@ -18,12 +19,22 @@
 +
  #include "progs.h"
  #include "s_apps.h"
- 
-@@ -216,6 +228,7 @@
+
+@@ -204,7 +216,9 @@
+ static void
+ openssl_startup(void)
+ {
++#ifndef _WIN32
+ 	signal(SIGPIPE, SIG_IGN);
++#endif
+
+ 	CRYPTO_malloc_init();
+ 	OpenSSL_add_all_algorithms();
+@@ -216,6 +230,7 @@
  #endif
- 
+
  	setup_ui_method();
 +	set_stdio_binary();
  }
- 
+
  static void

patches/opensslconf.h.patch

@@ -0,0 +1,13 @@
+--- include/openssl/opensslconf.h.orig	2015-07-19 23:21:47.000000000 -0600
++++ include/openssl/opensslconf.h	2015-07-19 23:21:17.000000000 -0600
+@@ -1,6 +1,10 @@
+ #include <openssl/opensslfeatures.h>
+ /* crypto/opensslconf.h.in */
+
++#if defined(_MSC_VER) && !defined(__attribute__)
++#define __attribute__(a)
++#endif
++
+ /* Generate 80386 code? */
+ #undef I386_ONLY
+

patches/ossl_typ.h.patch

@@ -0,0 +1,25 @@
+--- include/openssl/ossl_typ.h.orig	2015-07-06 13:21:18.788571423 -0700
++++ include/openssl/ossl_typ.h	2015-07-06 13:24:14.906468003 -0700
+@@ -100,6 +100,22 @@
+ typedef struct ASN1_ITEM_st ASN1_ITEM;
+ typedef struct asn1_pctx_st ASN1_PCTX;
+
++#if defined(_WIN32) && defined(__WINCRYPT_H__)
++#ifndef LIBRESSL_INTERNAL
++#ifdef _MSC_VER
++#pragma message("Warning, overriding WinCrypt defines")
++#else
++#warning overriding WinCrypt defines
++#endif
++#endif
++#undef X509_NAME
++#undef X509_CERT_PAIR
++#undef X509_EXTENSIONS
++#undef OCSP_REQUEST
++#undef OCSP_RESPONSE
++#undef PKCS7_ISSUER_AND_SERIAL
++#endif
++
+ #ifdef BIGNUM
+ #undef BIGNUM
+ #endif

patches/pkcs7.h.patch

@@ -0,0 +1,21 @@
+--- include/openssl/pkcs7.h.orig	2015-07-06 13:26:27.369203527 -0700
++++ include/openssl/pkcs7.h	2015-07-06 13:27:37.637051967 -0700
+@@ -69,6 +69,18 @@
+ extern "C" {
+ #endif
+
++#if defined(_WIN32) && defined(__WINCRYPT_H__)
++#ifndef LIBRESSL_INTERNAL
++#ifdef _MSC_VER
++#pragma message("Warning, overriding WinCrypt defines")
++#else
++#warning overriding WinCrypt defines
++#endif
++#endif
++#undef PKCS7_ISSUER_AND_SERIAL
++#undef PKCS7_SIGNER_INFO
++#endif
++
+ /*
+ Encryption_ID		DES-CBC
+ Digest_ID		MD5

patches/x509.h.patch

@@ -0,0 +1,22 @@
+--- include/openssl/x509.h.orig	2015-07-06 13:15:15.059306046 -0700
++++ include/openssl/x509.h	2015-07-06 13:16:10.506118278 -0700
+@@ -112,6 +112,19 @@
+ extern "C" {
+ #endif
+
++#if defined(_WIN32)
++#ifndef LIBRESSL_INTERNAL
++#ifdef _MSC_VER
++#pragma message("Warning, overriding WinCrypt defines")
++#else
++#warning overriding WinCrypt defines
++#endif
++#endif
++#undef X509_NAME
++#undef X509_CERT_PAIR
++#undef X509_EXTENSIONS
++#endif
++
+ #define X509_FILETYPE_PEM	1
+ #define X509_FILETYPE_ASN1	2
+ #define X509_FILETYPE_DEFAULT	3

ssl/CMakeLists.txt

@@ -0,0 +1,53 @@
+include_directories(
+	.
+	../include
+	../include/compat
+)
+
+add_library(
+	ssl
+
+	bio_ssl.c
+	bs_ber.c
+	bs_cbb.c
+	bs_cbs.c
+	d1_both.c
+	d1_clnt.c
+	d1_enc.c
+	d1_lib.c
+	d1_meth.c
+	d1_pkt.c
+	d1_srtp.c
+	d1_srvr.c
+	pqueue.c
+	s23_clnt.c
+	s23_lib.c
+	s23_meth.c
+	s23_pkt.c
+	s23_srvr.c
+	s3_both.c
+	s3_cbc.c
+	s3_clnt.c
+	s3_enc.c
+	s3_lib.c
+	s3_meth.c
+	s3_pkt.c
+	s3_srvr.c
+	ssl_algs.c
+	ssl_asn1.c
+	ssl_cert.c
+	ssl_ciph.c
+	ssl_err.c
+	ssl_err2.c
+	ssl_lib.c
+	ssl_rsa.c
+	ssl_sess.c
+	ssl_stat.c
+	ssl_txt.c
+	t1_clnt.c
+	t1_enc.c
+	t1_lib.c
+	t1_meth.c
+	t1_reneg.c
+	t1_srvr.c
+)

ssl/Makefile.am

@@ -3,6 +3,7 @@ include $(top_srcdir)/Makefile.am.common
 lib_LTLIBRARIES = libssl.la
 
 EXTRA_DIST = VERSION
+EXTRA_DIST += CMakeLists.txt
 
 libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined
 libssl_la_LIBADD = ../crypto/libcrypto.la

tests/CMakeLists.txt

@@ -0,0 +1,266 @@
+include_directories(
+	.
+	../include
+	../include/compat
+	../crypto/modes
+	../crypto/asn1
+	../ssl
+	../apps
+)
+
+set(ENV{srcdir} ${CMAKE_CURRENT_SOURCE_DIR})
+
+# aeadtest
+#add_executable(aeadtest aeadtest.c)
+#target_link_libraries(aeadtest ${OPENSSL_LIBS})
+#add_test(aeadtest aeadtest.sh)
+#configure_file(aeadtests.txt aeadtests.txt COPYONLY)
+#configure_file(aeadtest.sh aeadtest.sh COPYONLY)
+
+# aes_wrap
+add_executable(aes_wrap aes_wrap.c)
+target_link_libraries(aes_wrap ${OPENSSL_LIBS})
+add_test(aes_wrap aes_wrap)
+
+# arc4randomforktest
+# Windows/mingw does not have fork, but Cygwin does.
+if(NOT CMAKE_HOST_WIN32)
+add_executable(arc4randomforktest arc4randomforktest.c)
+target_link_libraries(arc4randomforktest ${OPENSSL_LIBS})
+add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh)
+endif()
+
+# asn1test
+add_executable(asn1test asn1test.c)
+target_link_libraries(asn1test ${OPENSSL_LIBS})
+add_test(asn1test asn1test)
+
+# base64test
+add_executable(base64test base64test.c)
+target_link_libraries(base64test ${OPENSSL_LIBS})
+add_test(base64test base64test)
+
+# bftest
+add_executable(bftest bftest.c)
+target_link_libraries(bftest ${OPENSSL_LIBS})
+add_test(bftest bftest)
+
+# bntest
+add_executable(bntest bntest.c)
+target_link_libraries(bntest ${OPENSSL_LIBS})
+add_test(bntest bntest)
+
+# bytestringtest
+add_executable(bytestringtest bytestringtest.c)
+target_link_libraries(bytestringtest ${OPENSSL_LIBS})
+add_test(bytestringtest bytestringtest)
+
+# casttest
+add_executable(casttest casttest.c)
+target_link_libraries(casttest ${OPENSSL_LIBS})
+add_test(casttest casttest)
+
+# chachatest
+add_executable(chachatest chachatest.c)
+target_link_libraries(chachatest ${OPENSSL_LIBS})
+add_test(chachatest chachatest)
+
+# cipher_list
+add_executable(cipher_list cipher_list.c)
+target_link_libraries(cipher_list ${OPENSSL_LIBS})
+add_test(cipher_list cipher_list)
+
+# cipherstest
+add_executable(cipherstest cipherstest.c)
+target_link_libraries(cipherstest ${OPENSSL_LIBS})
+add_test(cipherstest cipherstest)
+
+# cts128test
+add_executable(cts128test cts128test.c)
+target_link_libraries(cts128test ${OPENSSL_LIBS})
+add_test(cts128test cts128test)
+
+# destest
+add_executable(destest destest.c)
+target_link_libraries(destest ${OPENSSL_LIBS})
+add_test(destest destest)
+
+# dhtest
+add_executable(dhtest dhtest.c)
+target_link_libraries(dhtest ${OPENSSL_LIBS})
+add_test(dhtest dhtest)
+
+# dsatest
+add_executable(dsatest dsatest.c)
+target_link_libraries(dsatest ${OPENSSL_LIBS})
+add_test(dsatest dsatest)
+
+# ecdhtest
+add_executable(ecdhtest ecdhtest.c)
+target_link_libraries(ecdhtest ${OPENSSL_LIBS})
+add_test(ecdhtest ecdhtest)
+
+# ecdsatest
+add_executable(ecdsatest ecdsatest.c)
+target_link_libraries(ecdsatest ${OPENSSL_LIBS})
+add_test(ecdsatest ecdsatest)
+
+# ectest
+add_executable(ectest ectest.c)
+target_link_libraries(ectest ${OPENSSL_LIBS})
+add_test(ectest ectest)
+
+# enginetest
+add_executable(enginetest enginetest.c)
+target_link_libraries(enginetest ${OPENSSL_LIBS})
+add_test(enginetest enginetest)
+
+# evptest
+#add_executable(evptest evptest.c)
+#target_link_libraries(evptest ${OPENSSL_LIBS})
+#add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh)
+
+# explicit_bzero
+# explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
+if(NOT CMAKE_HOST_WIN32)
+add_executable(explicit_bzero explicit_bzero.c)
+target_link_libraries(explicit_bzero ${OPENSSL_LIBS})
+add_test(explicit_bzero explicit_bzero)
+#if !HAVE_MEMMEM
+#explicit_bzero_SOURCES += memmem.c
+#endif
+endif()
+
+# exptest
+add_executable(exptest exptest.c)
+target_link_libraries(exptest ${OPENSSL_LIBS})
+add_test(exptest exptest)
+
+# gcm128test
+add_executable(gcm128test gcm128test.c)
+target_link_libraries(gcm128test ${OPENSSL_LIBS})
+add_test(gcm128test gcm128test)
+
+# gost2814789t
+add_executable(gost2814789t gost2814789t.c)
+target_link_libraries(gost2814789t ${OPENSSL_LIBS})
+add_test(gost2814789t gost2814789t)
+
+# hmactest
+add_executable(hmactest hmactest.c)
+target_link_libraries(hmactest ${OPENSSL_LIBS})
+add_test(hmactest hmactest)
+
+# ideatest
+add_executable(ideatest ideatest.c)
+target_link_libraries(ideatest ${OPENSSL_LIBS})
+add_test(ideatest ideatest)
+
+# igetest
+add_executable(igetest igetest.c)
+target_link_libraries(igetest ${OPENSSL_LIBS})
+add_test(igetest igetest)
+
+# md4test
+add_executable(md4test md4test.c)
+target_link_libraries(md4test ${OPENSSL_LIBS})
+add_test(md4test md4test)
+
+# md5test
+add_executable(md5test md5test.c)
+target_link_libraries(md5test ${OPENSSL_LIBS})
+add_test(md5test md5test)
+
+# mont
+add_executable(mont mont.c)
+target_link_libraries(mont ${OPENSSL_LIBS})
+add_test(mont mont)
+
+# optionstest
+add_executable(optionstest optionstest.c)
+target_link_libraries(optionstest ${OPENSSL_LIBS})
+add_test(optionstest optionstest)
+
+# pbkdf2
+add_executable(pbkdf2 pbkdf2.c)
+target_link_libraries(pbkdf2 ${OPENSSL_LIBS})
+add_test(pbkdf2 pbkdf2)
+
+# pkcs7test
+add_executable(pkcs7test pkcs7test.c)
+target_link_libraries(pkcs7test ${OPENSSL_LIBS})
+add_test(pkcs7test pkcs7test)
+
+# poly1305test
+add_executable(poly1305test poly1305test.c)
+target_link_libraries(poly1305test ${OPENSSL_LIBS})
+add_test(poly1305test poly1305test)
+
+# pq_test
+#add_executable(pq_test pq_test.c)
+#target_link_libraries(pq_test ${OPENSSL_LIBS})
+#add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
+
+# randtest
+add_executable(randtest randtest.c)
+target_link_libraries(randtest ${OPENSSL_LIBS})
+add_test(randtest randtest)
+
+# rc2test
+add_executable(rc2test rc2test.c)
+target_link_libraries(rc2test ${OPENSSL_LIBS})
+add_test(rc2test rc2test)
+
+# rc4test
+add_executable(rc4test rc4test.c)
+target_link_libraries(rc4test ${OPENSSL_LIBS})
+add_test(rc4test rc4test)
+
+# rmdtest
+add_executable(rmdtest rmdtest.c)
+target_link_libraries(rmdtest ${OPENSSL_LIBS})
+add_test(rmdtest rmdtest)
+
+# sha1test
+add_executable(sha1test sha1test.c)
+target_link_libraries(sha1test ${OPENSSL_LIBS})
+add_test(sha1test sha1test)
+
+# sha256test
+add_executable(sha256test sha256test.c)
+target_link_libraries(sha256test ${OPENSSL_LIBS})
+add_test(sha256test sha256test)
+
+# sha512test
+add_executable(sha512test sha512test.c)
+target_link_libraries(sha512test ${OPENSSL_LIBS})
+add_test(sha512test sha512test)
+
+# shatest
+add_executable(shatest shatest.c)
+target_link_libraries(shatest ${OPENSSL_LIBS})
+add_test(shatest shatest)
+
+# ssltest
+#add_executable(ssltest ssltest.c)
+#target_link_libraries(ssltest ${OPENSSL_LIBS})
+#add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
+
+# testdsa
+#add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
+
+# testenc
+add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh)
+
+# testrsa
+#add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
+
+# timingsafe
+add_executable(timingsafe timingsafe.c)
+target_link_libraries(timingsafe ${OPENSSL_LIBS})
+add_test(timingsafe timingsafe)
+
+# utf8test
+add_executable(utf8test utf8test.c)
+target_link_libraries(utf8test ${OPENSSL_LIBS})
+add_test(utf8test utf8test)

tests/Makefile.am

@@ -11,7 +11,7 @@ LDADD += $(top_builddir)/crypto/libcrypto.la
 
 TESTS =
 check_PROGRAMS =
-EXTRA_DIST =
+EXTRA_DIST = CMakeLists.txt
 DISTCLEANFILES = pidwraptest.txt
 
 # aeadtest

tls/CMakeLists.txt

@@ -0,0 +1,22 @@
+include_directories(
+	.
+	../include
+	../include/compat
+)
+
+set(
+	TLS_SRC
+	tls.c
+	tls_client.c
+	tls_config.c
+	tls_server.c
+	tls_util.c
+	tls_verify.c
+)
+
+
+if(NOT HAVE_STRCASECMP)
+	set(TLS_SRC ${TLS_SRC} strsep.c)
+endif()
+
+add_library(tls ${TLS_SRC})

tls/Makefile.am

@@ -3,6 +3,7 @@ include $(top_srcdir)/Makefile.am.common
 lib_LTLIBRARIES = libtls.la
 
 EXTRA_DIST = VERSION
+EXTRA_DIST += CMakeLists.txt
 
 libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined
 libtls_la_LIBADD = ../crypto/libcrypto.la ../ssl/libssl.la $(PLATFORM_LDADD)

update.sh

@@ -2,7 +2,6 @@
 set -e
 
 openbsd_branch=`cat OPENBSD_BRANCH`
-libressl_version=`cat VERSION`
 
 # pull in latest upstream code
 echo "pulling upstream openbsd source"
@@ -71,6 +70,7 @@ for i in crypto/compat libtls-standalone/compat; do
 		$libc_src/crypt/chacha_private.h \
 		$libc_src/string/explicit_bzero.c \
 		$libc_src/stdlib/reallocarray.c \
+		$libc_src/string/strcasecmp.c \
 		$libc_src/string/strlcpy.c \
 		$libc_src/string/strlcat.c \
 		$libc_src/string/strndup.c \
@@ -82,9 +82,9 @@ for i in crypto/compat libtls-standalone/compat; do
 		$i
 done
 
-$CP include/stdlib.h \
-	include/string.h \
-	include/unistd.h \
+$CP include/compat/stdlib.h \
+	include/compat/string.h \
+	include/compat/unistd.h \
 	libtls-standalone/include
 
 $CP crypto/compat/arc4random*.h \
@@ -120,9 +120,9 @@ copy_hdrs crypto "stack/stack.h lhash/lhash.h stack/safestack.h
 
 copy_hdrs ssl "srtp.h ssl.h ssl2.h ssl3.h ssl23.h tls1.h dtls1.h"
 
-sed -e "s/\"LibreSSL .*\"/\"LibreSSL ${libressl_version}\"/" \
-	$libssl_src/src/crypto/opensslv.h > include/openssl/opensslv.h.lcl
-$MV include/openssl/opensslv.h.lcl include/openssl/opensslv.h
+$CP $libssl_src/src/crypto/opensslv.h include/openssl
+awk '/LIBRESSL_VERSION_TEXT/ {print $4}' < include/openssl/opensslv.h | cut -d\" -f1 > VERSION
+echo "LibreSSL version `cat VERSION`"
 
 # copy libcrypto source
 echo copying libcrypto source
@@ -203,13 +203,14 @@ sed -e "s/compat\///" crypto/Makefile.am.arc4random > \
 # copy openssl(1) source
 echo "copying openssl(1) source"
 $CP $libc_src/stdlib/strtonum.c apps
+$CP $libcrypto_src/cert.pem apps
 $CP $libcrypto_src/openssl.cnf apps
+$CP $libcrypto_src/x509v3.cnf apps
 for i in `awk '/SOURCES|HEADERS/ { print $3 }' apps/Makefile.am` ; do
 	if [ -e $openssl_app_src/$i ]; then
 		$CP $openssl_app_src/$i apps
 	fi
 done
-patch -p0 < patches/openssl.c.patch
 
 # copy libssl source
 echo "copying libssl source"
@@ -272,6 +273,11 @@ add_man_links() {
 	done
 }
 
+# apply local patches (Windows support)
+for i in patches/*.patch; do
+    patch -p0 < $i
+done
+
 # copy manpages
 echo "copying manpages"
 echo dist_man_MANS= > man/Makefile.am
@@ -301,7 +307,7 @@ echo "dist_man_MANS += tls_init.3" >> man/Makefile.am
 		BASE=`echo $i|sed -e "s/\.pod//"`
 		NAME=`basename "$BASE"`
 		# reformat file if new
-		if [ ! -f $NAME.3 -o $BASE.pod -nt $NAME.3 -o ../VERSION -nt $NAME.3 ]; then
+		if [ ! -f $NAME.3 -o $BASE.pod -nt $NAME.3 -o ../include/openssl/opensslv.h -nt $NAME.3 ]; then
 			echo processing $NAME
 			pod2man --official --release="LibreSSL $VERSION" --center=LibreSSL \
 				--section=3 $POD2MAN --name=$NAME < $BASE.pod > $NAME.3