Update changelog

Set _PATH_SSL_CA_FILE to either CMAKE_INSTALL_PREFIX or OPENSSLDIR for the OCSP tests so that OCSP tests can be executed on a system without /etc/ssl/cert.pem
update changelog for 2.4.2
2016-09-23 05:40:01 -05:00 · 2016-08-02 11:02:48 -05:00 · 2016-07-31 17:55:50 -05:00 · 2016-07-31 17:12:35 -05:00 · 2016-07-31 17:12:35 -05:00 · 2016-07-29 07:51:02 -05:00
56 changed files with 4408 additions and 384 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,9 +1,10 @@
-cmake_minimum_required (VERSION 2.8)
+cmake_minimum_required (VERSION 2.8.8)
 include(CheckFunctionExists)
 include(CheckLibraryExists)
 include(CheckIncludeFiles)
 include(CheckTypeSize)
-project (LibreSSL)
+project (LibreSSL C)
 enable_testing()
@@ -22,6 +23,17 @@ string(STRIP ${TLS_VERSION} TLS_VERSION)
 string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION})
 string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})
 option(ENABLE_ASM "Enable assembly" ON)
 option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
 option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
 set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)
 set(BUILD_NC true)
 if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
 	add_definitions(-fno-common)
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "OpenBSD")
 	add_definitions(-DHAVE_ATTRIBUTE__BOUNDED__)
 endif()
@@ -33,9 +45,34 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
 	add_definitions(-D_GNU_SOURCE)
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "MINGW")
 	set(BUILD_NC false)
 endif()
 if(MSVC)
 	set(BUILD_NC false)
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
 	if(CMAKE_C_COMPILER MATCHES "gcc")
 		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
 		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlp64")
 	else()
 		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 +DD64 +Otype_safety=off")
 	endif()
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT")
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__EXTENSIONS__")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBSD_COMP")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic -m64")
 endif()
 add_definitions(-DLIBRESSL_INTERNAL)
 add_definitions(-DOPENSSL_NO_HW_PADLOCK)
 add_definitions(-DOPENSSL_NO_ASM)
 set(CMAKE_POSITION_INDEPENDENT_CODE true)
@@ -96,7 +133,7 @@ if(HAVE_STRLCAT)
 	add_definitions(-DHAVE_STRLCAT)
 endif()
-check_function_exists(strlcat HAVE_STRLCPY)
+check_function_exists(strlcpy HAVE_STRLCPY)
 if(HAVE_STRLCPY)
 	add_definitions(-DHAVE_STRLCPY)
 endif()
@@ -107,7 +144,7 @@ if(HAVE_STRNDUP)
 endif()
 if(MSVC)
-	set(HAVE_STRNLEN)
+	set(HAVE_STRNLEN true)
 	add_definitions(-DHAVE_STRNLEN)
 else()
 	check_function_exists(strnlen HAVE_STRNLEN)
@@ -131,6 +168,11 @@ if(HAVE_ARC4RANDOM_BUF)
 	add_definitions(-DHAVE_ARC4RANDOM_BUF)
 endif()
 check_function_exists(arc4random_uniform HAVE_ARC4RANDOM_UNIFORM)
 if(HAVE_ARC4RANDOM_UNIFORM)
 	add_definitions(-DHAVE_ARC4RANDOM_UNIFORM)
 endif()
 check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
 if(HAVE_EXPLICIT_BZERO)
 	add_definitions(-DHAVE_EXPLICIT_BZERO)
@@ -156,11 +198,28 @@ if(HAVE_MEMCMP)
 	add_definitions(-DHAVE_MEMCMP)
 endif()
 check_function_exists(memmem HAVE_MEMMEM)
 if(HAVE_MEMMEM)
 	add_definitions(-DHAVE_MEMMEM)
 endif()
 check_include_files(err.h HAVE_ERR_H)
 if(HAVE_ERR_H)
 	add_definitions(-DHAVE_ERR_H)
 endif()
 if(ENABLE_ASM)
 	if("${CMAKE_C_COMPILER_ABI}" STREQUAL "ELF")
 		if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)")
 			set(HOST_ASM_ELF_X86_64 true)
 		elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386")
 			set(HOST_ASM_ELF_X86_64 true)
 		endif()
 	elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
 		set(HOST_ASM_MACOSX_X86_64 true)
 	endif()
 endif()
 set(OPENSSL_LIBS ssl crypto)
 if(CMAKE_HOST_WIN32)
 	set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
@@ -171,11 +230,25 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
 		set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
 	endif()
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
 	set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
 	set(OPENSSL_LIBS ${OPENSSL_LIBS} nsl socket)
 endif()
-if(NOT (CMAKE_SYSTEM_NAME MATCHES "Darwin" OR MSVC))
+if(NOT (CMAKE_SYSTEM_NAME MATCHES "(Darwin|MINGW|CYGWIN)" OR MSVC))
 	set(BUILD_SHARED true)
 endif()
 check_type_size(time_t SIZEOF_TIME_T)
 if(SIZEOF_TIME_T STREQUAL "4")
 	set(SMALL_TIME_T true)
 	message(WARNING " ** Warning, this system is unable to represent times past 2038\n"
 	                " ** It will behave incorrectly when handling valid RFC5280 dates")
 endif()
 add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T})
 add_subdirectory(crypto)
 add_subdirectory(ssl)
 add_subdirectory(apps)
@@ -185,3 +258,11 @@ if(NOT MSVC)
 	add_subdirectory(man)
 	add_subdirectory(tests)
 endif()
 configure_file(
 	"${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
 	"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
 	IMMEDIATE @ONLY)
 add_custom_target(uninstall
 	COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)
--- a/165
+++ b/165
@@ -28,6 +28,171 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
 2.4.3 - Bug fixes and reliability improvements
 	* Reverted change that cleans up the EVP cipher context in
 	  EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
 	  previous behaviour.
 	* Avoid unbounded memory growth in libssl, which can be triggered by a
 	  TLS client repeatedly renegotiating and sending OCSP Status Request
 	  TLS extensions.
 	* Avoid falling back to a weak digest for (EC)DH when using SNI with
 	  libssl.
 2.4.2 - Bug fixes and improvements
 	* Fixed loading default certificate locations with openssl s_client.
 	* Ensured OSCP only uses and compares GENERALIZEDTIME values as per
 	  RFC6960. Also added fixes for OCSP to work with intermediate
 	  certificates provided in responses.
 	* Improved behavior of arc4random on Windows to not appear to leak
 	  memory in debug tools, reduced privileges of allocated memory.
 	* Fixed incorrect results from BN_mod_word() when the modulus is too
 	  large, thanks to Brian Smith from BoringSSL.
 	* Correctly handle an EOF prior to completing the TLS handshake in
 	  libtls.
 	* Improved libtls ceritificate loading and cipher string validation.
 	* Updated libtls cipher group suites into four categories:
 	    "secure"   (TLSv1.2+AEAD+PFS)
 	    "compat"   (HIGH:!aNULL)
 	    "legacy"   (HIGH:MEDIUM:!aNULL)
 	    "insecure" (ALL:!aNULL:!eNULL)
 	  This allows for flexibility and finer grained control, rather than
 	  having two extremes.
 	* Limited support for 'backward compatible' SSLv2 handshake packets to
 	  when TLS 1.0 is enabled, providing more restricted compatibility
 	  with TLS 1.0 clients.
 	* openssl(1) and other documentation improvements.
 	* Removed flags for disabling constant-time operations.
 	  This removes support for DSA_FLAG_NO_EXP_CONSTTIME,
 	  DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making
 	  all of these operations unconditionally constant-time.
 2.4.1 - Security fix
 	* Correct a problem that prevents the DSA signing algorithm from
 	  running in constant time even if the flag BN_FLG_CONSTTIME is set.
 	  This issue was reported by Cesar Pereida (Aalto University), Billy
 	  Brumley (Tampere University of Technology), and Yuval Yarom (The
 	  University of Adelaide and NICTA). The fix was developed by Cesar
 	  Pereida.
 2.4.0 - Build improvements, new features
 	* Many improvements to the CMake build infrastructure, including
 	  Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro
 	  Inoguchi for this work.
 	* Added missing error handling around bn_wexpand() calls.
 	* Added explicit_bzero calls for freed ASN.1 objects.
 	* Fixed X509_*set_object functions to return 0 on allocation failure.
 	* Implemented the IETF ChaCha20-Poly1305 cipher suites.
 	* Changed default EVP_aead_chacha20_poly1305() implementation to the
 	  IETF version, which is now the default.
 	* Fixed password prompts from openssl(1) to properly handle ^C.
 	* Reworked error handling in libtls so that configuration errors are
 	  visible.
 	* Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
 	* Manpage fixes and updates
 2.3.5 - Reliability fix
 	* Fixed an error in libcrypto when parsing some ASN.1 elements > 16k.
 2.3.4 - Security Update
 	* Fix multiple vulnerabilities in libcrypto relating to ASN.1 and encoding.
 	From OpenSSL.
 	* Minor build fixes
 2.3.3 - OpenBSD 5.9 release branch tagged
 	* Reworked build scripts to better sync with OpenNTPD-portable
 	* Fixed broken manpage links
 	* Fixed an nginx compatibility issue by adding an 'install_sw' make alias
 	* Fixed HP-UX builds
 	* Changed the default configuration directory to c:\LibreSSL\ssl on Windows
 	  binary builds
 	* cert.pem has been reorganized and synced with Mozilla's certificate store
 2.3.2 - Compatibility and Reliability fixes
 	* Changed format of LIBRESSL_VERSION_NUMBER to match that of
 	  OPENSSL_VERSION_NUMBER, see:
 	  https://wiki.openssl.org/index.php/Manual:OPENSSL_VERSION_NUMBER(3)
 	* Added EVP_aead_chacha20_poly1305_ietf() which matches the AEAD
 	  construction introduced in RFC 7539, which is different than that
 	  already used in TLS with EVP_aead_chacha20_poly1305()
 	* Avoid a potential undefined C99+ behavior due to shift overflow in
 	  AES_decrypt, reported by Pascal Cuoq <cuoq at trust-in-soft.com>
 	* More man pages converted from pod to mdoc format
 	* Added COMODO RSA Certification Authority and QuoVadis
 	  root certificates to cert.pem
 	* Removed Remove "C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification
 	  Authority" (serial 3c:91:31:cb:1f:f6:d0:1b:0e:9a:b8:d0:44:bf:12:be) root
 	  certificate from cert.pem
 	* Added support for building nc(1) on Solaris
 	* Fixed GCC 5.x+ preprocessor checks, reported by Ruslan Babayev
 	* Improved console handling with openssl(1) on Windows
 	* Ensure the network stack is enabled on Windows when running
 	  tls_init()
 	* Fixed incorrect TLS certificate loading by nc(1)
 	* Added support for Solaris 11.3's getentropy(2) system call
 	* Enabled support for using NetBSD 7.0's arc4random(3) implementation
 	* Deprecated the SSL_OP_SINGLE_DH_USE flag by disabling its effect
 	* Fixes from OpenSSL 1.0.1q
 	 - CVE-2015-3194 - NULL pointer dereference in client side certificate
 	                   validation.
 	 - CVE-2015-3195 - Memory leak in PKCS7 - not reachable from TLS/SSL
 	* The following OpenSSL CVEs did not apply to LibreSSL
 	 - CVE-2015-3193 - Carry propagating bug in the x86_64 Montgomery
 	                   squaring procedure.
 	 - CVE-2015-3196 - Double free race condition of the identify hint
 	                   data.
 	 See https://marc.info/?l=openbsd-announce&m=144925068504102
 2.3.1 - ASN.1 and time handling cleanups
 	* ASN.1 cleanups and RFC5280 compliance fixes.
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,4 +5,7 @@ pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc
 EXTRA_DIST = README.md README.windows VERSION config scripts
-EXTRA_DIST += CMakeLists.txt
+EXTRA_DIST += CMakeLists.txt cmake_uninstall.cmake.in
 .PHONY: install_sw
 install_sw: install
--- a/2
+++ b/2
@@ -1 +1 @@
-master
+OPENBSD_6_0
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ At the time of this writing, LibreSSL is know to build and work on:
 * Linux (kernel 3.17 or later recommended)
 * FreeBSD (tested with 9.2 and later)
-* NetBSD (tested with 6.1.5)
+* NetBSD (7.0 or later recommended)
 * HP-UX (11i)
 * Solaris (11 and later preferred)
 * Mac OS X (tested with 10.8 and later)
--- a/apps/CMakeLists.txt
+++ b/apps/CMakeLists.txt
@@ -1,80 +1,2 @@
-include_directories(
+add_subdirectory(openssl)
-	.
+add_subdirectory(nc)
 	../include
 	../include/compat
 )
 set(
 	OPENSSL_SRC
 	openssl/apps.c
 	openssl/asn1pars.c
 	openssl/ca.c
 	openssl/ciphers.c
 	openssl/cms.c
 	openssl/crl.c
 	openssl/crl2p7.c
 	openssl/dgst.c
 	openssl/dh.c
 	openssl/dhparam.c
 	openssl/dsa.c
 	openssl/dsaparam.c
 	openssl/ec.c
 	openssl/ecparam.c
 	openssl/enc.c
 	openssl/errstr.c
 	openssl/gendh.c
 	openssl/gendsa.c
 	openssl/genpkey.c
 	openssl/genrsa.c
 	openssl/nseq.c
 	openssl/ocsp.c
 	openssl/openssl.c
 	openssl/passwd.c
 	openssl/pkcs12.c
 	openssl/pkcs7.c
 	openssl/pkcs8.c
 	openssl/pkey.c
 	openssl/pkeyparam.c
 	openssl/pkeyutl.c
 	openssl/prime.c
 	openssl/rand.c
 	openssl/req.c
 	openssl/rsa.c
 	openssl/rsautl.c
 	openssl/s_cb.c
 	openssl/s_client.c
 	openssl/s_server.c
 	openssl/s_socket.c
 	openssl/s_time.c
 	openssl/sess_id.c
 	openssl/smime.c
 	openssl/speed.c
 	openssl/spkac.c
 	openssl/ts.c
 	openssl/verify.c
 	openssl/version.c
 	openssl/x509.c
 )
 if(CMAKE_HOST_UNIX)
 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_posix.c)
 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash.c)
 endif()
 if(CMAKE_HOST_WIN32)
 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_win.c)
 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash_win.c)
 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/poll_win.c)
 endif()
 check_function_exists(strtonum HAVE_STRTONUM)
 if(HAVE_STRTONUM)
 	add_definitions(-DHAVE_STRTONUM)
 else()
 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/strtonum.c)
 endif()
 add_executable(openssl ${OPENSSL_SRC})
 target_link_libraries(openssl ${OPENSSL_LIBS})
 install(TARGETS openssl DESTINATION bin)
--- a/apps/nc/CMakeLists.txt
+++ b/apps/nc/CMakeLists.txt
@@ -0,0 +1,60 @@
 if(BUILD_NC)
 include_directories(
 	.
 	./compat
 	../../include
 	../../include/compat
 )
 set(
 	NC_SRC
 	atomicio.c
 	netcat.c
 	socks.c
 	compat/socket.c
 )
 check_function_exists(b64_ntop HAVE_B64_NTOP)
 if(HAVE_B64_NTOP)
 	add_definitions(-DHAVE_B64_NTOP)
 else()
 	set(NC_SRC ${NC_SRC} compat/base64.c)
 endif()
 check_function_exists(accept4 HAVE_ACCEPT4)
 if(HAVE_ACCEPT4)
 	add_definitions(-DHAVE_ACCEPT4)
 else()
 	set(NC_SRC ${NC_SRC} compat/accept4.c)
 endif()
 check_function_exists(readpassphrase HAVE_READPASSPHRASE)
 if(HAVE_READPASSPHRASE)
 	add_definitions(-DHAVE_READPASSPHRASE)
 else()
 	set(NC_SRC ${NC_SRC} compat/readpassphrase.c)
 endif()
 check_function_exists(strtonum HAVE_STRTONUM)
 if(HAVE_STRTONUM)
 	add_definitions(-DHAVE_STRTONUM)
 else()
 	set(NC_SRC ${NC_SRC} compat/strtonum.c)
 endif()
 if(NOT "${OPENSSLDIR}" STREQUAL "")
 	add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
 else()
 	add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
 endif()
 add_executable(nc ${NC_SRC})
 target_link_libraries(nc tls ${OPENSSL_LIBS})
 if(ENABLE_NC)
 	install(TARGETS nc DESTINATION bin)
 	install(FILES nc.1 DESTINATION share/man/man1)
 endif()
 endif()
--- a/apps/nc/Makefile.am
+++ b/apps/nc/Makefile.am
@@ -2,16 +2,26 @@ include $(top_srcdir)/Makefile.am.common
 if BUILD_NC
 if ENABLE_NC
 bin_PROGRAMS = nc
 else
 noinst_PROGRAMS = nc
 endif
 EXTRA_DIST = nc.1
 EXTRA_DIST += CMakeLists.txt
 nc_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
-nc_LDADD += $(top_builddir)/crypto/libcrypto.la
+nc_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
-nc_LDADD += $(top_builddir)/ssl/libssl.la
+nc_LDADD += $(abs_top_builddir)/ssl/libssl.la
-nc_LDADD += $(top_builddir)/tls/libtls.la
+nc_LDADD += $(abs_top_builddir)/tls/libtls.la
 AM_CPPFLAGS += -I$(top_srcdir)/apps/nc/compat
 if OPENSSLDIR_DEFINED
 AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
 else
 AM_CPPFLAGS += -DDEFAULT_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"
 endif
 nc_SOURCES = atomicio.c
 nc_SOURCES += netcat.c
--- a/apps/nc/compat/readpassphrase.c
+++ b/apps/nc/compat/readpassphrase.c
@@ -141,11 +141,11 @@ restart:
 			if (p < end) {
 				if ((flags & RPP_SEVENBIT))
 					ch &= 0x7f;
-				if (isalpha(ch)) {
+				if (isalpha((unsigned char)ch)) {
 					if ((flags & RPP_FORCELOWER))
-						ch = (char)tolower(ch);
+						ch = (char)tolower((unsigned char)ch);
 					if ((flags & RPP_FORCEUPPER))
-						ch = (char)toupper(ch);
+						ch = (char)toupper((unsigned char)ch);
 				}
 				*p++ = ch;
 			}
--- a/apps/openssl/CMakeLists.txt
+++ b/apps/openssl/CMakeLists.txt
@@ -0,0 +1,89 @@
 include_directories(
 	.
 	../../include
 	../../include/compat
 )
 set(
 	OPENSSL_SRC
 	apps.c
 	asn1pars.c
 	ca.c
 	ciphers.c
 	cms.c
 	crl.c
 	crl2p7.c
 	dgst.c
 	dh.c
 	dhparam.c
 	dsa.c
 	dsaparam.c
 	ec.c
 	ecparam.c
 	enc.c
 	errstr.c
 	gendh.c
 	gendsa.c
 	genpkey.c
 	genrsa.c
 	nseq.c
 	ocsp.c
 	openssl.c
 	passwd.c
 	pkcs12.c
 	pkcs7.c
 	pkcs8.c
 	pkey.c
 	pkeyparam.c
 	pkeyutl.c
 	prime.c
 	rand.c
 	req.c
 	rsa.c
 	rsautl.c
 	s_cb.c
 	s_client.c
 	s_server.c
 	s_socket.c
 	s_time.c
 	sess_id.c
 	smime.c
 	speed.c
 	spkac.c
 	ts.c
 	verify.c
 	version.c
 	x509.c
 )
 if(CMAKE_HOST_UNIX)
 	set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c)
 	set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c)
 endif()
 if(CMAKE_HOST_WIN32)
 	set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c)
 	set(OPENSSL_SRC ${OPENSSL_SRC} certhash_win.c)
 	set(OPENSSL_SRC ${OPENSSL_SRC} compat/poll_win.c)
 endif()
 check_function_exists(strtonum HAVE_STRTONUM)
 if(HAVE_STRTONUM)
 	add_definitions(-DHAVE_STRTONUM)
 else()
 	set(OPENSSL_SRC ${OPENSSL_SRC} compat/strtonum.c)
 endif()
 add_executable(openssl ${OPENSSL_SRC})
 target_link_libraries(openssl ${OPENSSL_LIBS})
 install(TARGETS openssl DESTINATION bin)
 install(FILES openssl.1 DESTINATION share/man/man1)
 if(NOT "${OPENSSLDIR}" STREQUAL "")
 	set(CONF_DIR "${OPENSSLDIR}")
 else()
 	set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
 endif()
 install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
 install(DIRECTORY DESTINATION ${CONF_DIR}/cert)
--- a/apps/openssl/Makefile.am
+++ b/apps/openssl/Makefile.am
@@ -5,8 +5,8 @@ bin_PROGRAMS = openssl
 dist_man_MANS = openssl.1
 openssl_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
-openssl_LDADD += $(top_builddir)/ssl/libssl.la
+openssl_LDADD += $(abs_top_builddir)/ssl/libssl.la
-openssl_LDADD += $(top_builddir)/crypto/libcrypto.la
+openssl_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
 openssl_SOURCES = apps.c
 openssl_SOURCES += asn1pars.c
@@ -89,6 +89,7 @@ noinst_HEADERS += timeouts.h
 EXTRA_DIST = cert.pem
 EXTRA_DIST += openssl.cnf
 EXTRA_DIST += x509v3.cnf
 EXTRA_DIST += CMakeLists.txt
 install-exec-hook:
 	@if [ "@OPENSSLDIR@x" != "x" ]; then \
--- a/autogen.sh
+++ b/autogen.sh
@@ -9,3 +9,7 @@ autoreconf -i -f
 sed 's/-fuse-linker-plugin)/-fuse-linker-plugin|-fstack-protector*)/' \
  ltmain.sh > ltmain.sh.fixed
 mv -f ltmain.sh.fixed ltmain.sh
 # Update config scripts and fixup permissions
 find . ! -perm -u=w -exec chmod u+w {} \;
 cp scripts/config.* .
--- a/cmake_uninstall.cmake.in
+++ b/cmake_uninstall.cmake.in
@@ -0,0 +1,21 @@
 if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
 	message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
 endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
 file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files)
 string(REGEX REPLACE "\n" ";" files "${files}")
 foreach(file ${files})
 	message(STATUS "Uninstalling $ENV{DESTDIR}${file}")
 	if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
 		exec_program(
 			"@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\""
 			OUTPUT_VARIABLE rm_out
 			RETURN_VALUE rm_retval
 			)
 		if(NOT "${rm_retval}" STREQUAL 0)
 			message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}")
 		endif(NOT "${rm_retval}" STREQUAL 0)
 	else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
 		message(STATUS "File $ENV{DESTDIR}${file} does not exist.")
 	endif(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
 endforeach(file)
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -8,16 +8,107 @@ include_directories(
 	modes
 )
 if(HOST_ASM_ELF_X86_64)
 	set(
 		ASM_X86_64_ELF_SRC
 		aes/aes-elf-x86_64.s
 		aes/bsaes-elf-x86_64.s
 		aes/vpaes-elf-x86_64.s
 		aes/aesni-elf-x86_64.s
 		aes/aesni-sha1-elf-x86_64.s
 		bn/modexp512-elf-x86_64.s
 		bn/mont-elf-x86_64.s
 		bn/mont5-elf-x86_64.s
 		bn/gf2m-elf-x86_64.s
 		camellia/cmll-elf-x86_64.s
 		md5/md5-elf-x86_64.s
 		modes/ghash-elf-x86_64.s
 		rc4/rc4-elf-x86_64.s
 		rc4/rc4-md5-elf-x86_64.s
 		sha/sha1-elf-x86_64.s
 		sha/sha256-elf-x86_64.S
 		sha/sha512-elf-x86_64.S
 		whrlpool/wp-elf-x86_64.s
 		cpuid-elf-x86_64.S
 	)
 	add_definitions(-DAES_ASM)
 	add_definitions(-DBSAES_ASM)
 	add_definitions(-DVPAES_ASM)
 	add_definitions(-DOPENSSL_IA32_SSE2)
 	add_definitions(-DOPENSSL_BN_ASM_MONT)
 	add_definitions(-DOPENSSL_BN_ASM_MONT5)
 	add_definitions(-DOPENSSL_BN_ASM_GF2m)
 	add_definitions(-DMD5_ASM)
 	add_definitions(-DGHASH_ASM)
 	add_definitions(-DRSA_ASM)
 	add_definitions(-DSHA1_ASM)
 	add_definitions(-DSHA256_ASM)
 	add_definitions(-DSHA512_ASM)
 	add_definitions(-DWHIRLPOOL_ASM)
 	add_definitions(-DOPENSSL_CPUID_OBJ)
 	set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_ELF_SRC})
 	set_property(SOURCE ${ASM_X86_64_ELF_SRC} PROPERTY LANGUAGE C)
 endif()
 if(HOST_ASM_MACOSX_X86_64)
 	set(
 		ASM_X86_64_MACOSX_SRC
 		aes/aes-macosx-x86_64.s
 		aes/bsaes-macosx-x86_64.s
 		aes/vpaes-macosx-x86_64.s
 		aes/aesni-macosx-x86_64.s
 		aes/aesni-sha1-macosx-x86_64.s
 		bn/modexp512-macosx-x86_64.s
 		bn/mont-macosx-x86_64.s
 		bn/mont5-macosx-x86_64.s
 		bn/gf2m-macosx-x86_64.s
 		camellia/cmll-macosx-x86_64.s
 		md5/md5-macosx-x86_64.s
 		modes/ghash-macosx-x86_64.s
 		rc4/rc4-macosx-x86_64.s
 		rc4/rc4-md5-macosx-x86_64.s
 		sha/sha1-macosx-x86_64.s
 		sha/sha256-macosx-x86_64.S
 		sha/sha512-macosx-x86_64.S
 		whrlpool/wp-macosx-x86_64.s
 		cpuid-macosx-x86_64.S
 	)
 	add_definitions(-DAES_ASM)
 	add_definitions(-DBSAES_ASM)
 	add_definitions(-DVPAES_ASM)
 	add_definitions(-DOPENSSL_IA32_SSE2)
 	add_definitions(-DOPENSSL_BN_ASM_MONT)
 	add_definitions(-DOPENSSL_BN_ASM_MONT5)
 	add_definitions(-DOPENSSL_BN_ASM_GF2m)
 	add_definitions(-DMD5_ASM)
 	add_definitions(-DGHASH_ASM)
 	add_definitions(-DRSA_ASM)
 	add_definitions(-DSHA1_ASM)
 	add_definitions(-DSHA256_ASM)
 	add_definitions(-DSHA512_ASM)
 	add_definitions(-DWHIRLPOOL_ASM)
 	add_definitions(-DOPENSSL_CPUID_OBJ)
 	set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_MACOSX_SRC})
 	set_property(SOURCE ${ASM_X86_64_MACOSX_SRC} PROPERTY LANGUAGE C)
 endif()
 if((NOT HOST_ASM_ELF_X86_64) AND (NOT HOST_ASM_MACOSX_X86_64))
 	set(
 		CRYPTO_SRC
 		${CRYPTO_SRC}
 		aes/aes_cbc.c
 		aes/aes_core.c
 		camellia/camellia.c
 		camellia/cmll_cbc.c
 		rc4/rc4_enc.c
 		rc4/rc4_skey.c
 		whrlpool/wp_block.c
 	)
 endif()
 set(
 	CRYPTO_SRC
-
+	${CRYPTO_SRC}
 	aes/aes_cbc.c
 	aes/aes_core.c
 	camellia/camellia.c
 	camellia/cmll_cbc.c
 	rc4/rc4_enc.c
 	rc4/rc4_skey.c
 	whrlpool/wp_block.c
 	cpt_err.c
 	cryptlib.c
 	cversion.c
@@ -617,6 +708,8 @@ if(NOT HAVE_ARC4RANDOM_BUF)
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c)
 		elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c)
 		elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_hpux.c)
 		elseif(CMAKE_SYSTEM_NAME MATCHES "Linux")
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c)
 		elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD")
@@ -629,6 +722,10 @@ if(NOT HAVE_ARC4RANDOM_BUF)
 	endif()
 endif()
 if(NOT HAVE_ARC4RANDOM_UNIFORM)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random_uniform.c)
 endif()
 if(NOT HAVE_TIMINGSAFE_BCMP)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c)
 endif()
@@ -637,10 +734,27 @@ if(NOT HAVE_TIMINGSAFE_MEMCMP)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c)
 endif()
 if(NOT ENABLE_ASM)
 	add_definitions(-DOPENSSL_NO_ASM)
 else()
 	if(CMAKE_HOST_WIN32)
 		add_definitions(-DOPENSSL_NO_ASM)
 	endif()
 endif()
 if(NOT "${OPENSSLDIR}" STREQUAL "")
 	add_definitions(-DOPENSSLDIR=\"${OPENSSLDIR}\")
 else()
 	add_definitions(-DOPENSSLDIR=\"${CMAKE_INSTALL_PREFIX}/etc/ssl\")
 endif()
 if (BUILD_SHARED)
 	add_library(crypto-objects OBJECT ${CRYPTO_SRC})
 	add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>)
 	add_library(crypto-shared SHARED $<TARGET_OBJECTS:crypto-objects>)
 	if (MSVC)
 		target_link_libraries(crypto-shared crypto Ws2_32.lib)
 	endif()
 	set_target_properties(crypto-shared PROPERTIES OUTPUT_NAME crypto)
 	set_target_properties(crypto-shared PROPERTIES VERSION
 		${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})
--- a/crypto/Makefile.am
+++ b/crypto/Makefile.am
@@ -3,6 +3,7 @@ include $(top_srcdir)/Makefile.am.common
 AM_CPPFLAGS += -I$(top_srcdir)/crypto/asn1
 AM_CPPFLAGS += -I$(top_srcdir)/crypto/evp
 AM_CPPFLAGS += -I$(top_srcdir)/crypto/modes
 AM_CPPFLAGS += -I$(top_srcdir)/crypto
 lib_LTLIBRARIES = libcrypto.la
@@ -13,7 +14,10 @@ EXTRA_DIST += CMakeLists.txt
 EXTRA_DIST += compat/strcasecmp.c
 libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined
-libcrypto_la_LIBADD = libcompat.la libcompatnoopt.la
+libcrypto_la_LIBADD = libcompat.la
 if !HAVE_EXPLICIT_BZERO
 libcrypto_la_LIBADD += libcompatnoopt.la
 endif
 libcrypto_la_CPPFLAGS = $(AM_CPPFLAGS)
 libcrypto_la_CPPFLAGS += -DLIBRESSL_INTERNAL
 libcrypto_la_CPPFLAGS += -DOPENSSL_NO_HW_PADLOCK
@@ -31,13 +35,15 @@ else
 libcrypto_la_CPPFLAGS += -DOPENSSLDIR=\"$(sysconfdir)/ssl\"
 endif
-noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
+noinst_LTLIBRARIES = libcompat.la
 # compatibility functions that need to be built without optimizations
 if !HAVE_EXPLICIT_BZERO
 noinst_LTLIBRARIES += libcompatnoopt.la
 libcompatnoopt_la_CFLAGS = -O0
 libcompatnoopt_la_SOURCES =
 if !HAVE_EXPLICIT_BZERO
 if HOST_WIN
 libcompatnoopt_la_SOURCES += compat/explicit_bzero_win.c
 else
@@ -123,6 +129,7 @@ libcrypto_la_SOURCES += mem_dbg.c
 libcrypto_la_SOURCES += o_init.c
 libcrypto_la_SOURCES += o_str.c
 libcrypto_la_SOURCES += o_time.c
 noinst_HEADERS += constant_time_locl.h
 noinst_HEADERS += cryptlib.h
 noinst_HEADERS += md32_common.h
 noinst_HEADERS += o_time.h
--- a/crypto/Makefile.am.arc4random
+++ b/crypto/Makefile.am.arc4random
@@ -1,5 +1,6 @@
 if !HAVE_ARC4RANDOM_BUF
 libcompat_la_SOURCES += compat/arc4random.c
 libcompat_la_SOURCES += compat/arc4random_uniform.c
 if !HAVE_GETENTROPY
 if HOST_AIX
--- a/crypto/compat/posix_win.c
+++ b/crypto/compat/posix_win.c
@@ -12,6 +12,7 @@
 #include <ws2tcpip.h>
 #include <errno.h>
 #include <stdint.h>
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -38,6 +39,20 @@ posix_fopen(const char *path, const char *mode)
 	return fopen(path, mode);
 }
 char *
 posix_fgets(char *s, int size, FILE *stream)
 {
 	char *ret = fgets(s, size, stream);
 	if (ret != NULL) {
 		size_t end = strlen(ret);
 		if (end >= 2 && ret[end - 2] == '\r' && ret[end - 1] == '\n') {
 			ret[end - 2] = '\n';
 			ret[end - 1] = '\0';
 		}
 	}
 	return ret;
 }
 int
 posix_rename(const char *oldpath, const char *newpath)
 {
--- a/crypto/compat/ui_openssl_win.c
+++ b/crypto/compat/ui_openssl_win.c
@@ -302,8 +302,12 @@ open_console(UI *ui)
 	tty_out = stderr;
 	HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
-	if (handle != INVALID_HANDLE_VALUE)
+	if (handle != NULL && handle != INVALID_HANDLE_VALUE) {
-		return GetConsoleMode(handle, &console_mode);
+		if (GetFileType(handle) == FILE_TYPE_CHAR)
 			return GetConsoleMode(handle, &console_mode);
 		else
 			return 1;
 	}
 	return 0;
 }
@@ -311,8 +315,12 @@ static int
 noecho_console(UI *ui)
 {
 	HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
-	if (handle != INVALID_HANDLE_VALUE)
+	if (handle != NULL && handle != INVALID_HANDLE_VALUE) {
-		return SetConsoleMode(handle, console_mode & ~ENABLE_ECHO_INPUT);
+		if (GetFileType(handle) == FILE_TYPE_CHAR)
 			return SetConsoleMode(handle, console_mode & ~ENABLE_ECHO_INPUT);
 		else
 			return 1;
 	}
 	return 0;
 }
@@ -320,8 +328,12 @@ static int
 echo_console(UI *ui)
 {
 	HANDLE handle = GetStdHandle(STD_INPUT_HANDLE);
-	if (handle != INVALID_HANDLE_VALUE)
+	if (handle != NULL && handle != INVALID_HANDLE_VALUE) {
-		return SetConsoleMode(handle, console_mode);
+		if (GetFileType(handle) == FILE_TYPE_CHAR)
 			return SetConsoleMode(handle, console_mode);
 		else
 			return 1;
 	}
 	return 0;
 }
--- a/dist-win.sh
+++ b/dist-win.sh
@@ -22,7 +22,7 @@ for ARCH in X86 X64; do
 	echo Building for $HOST
-	CC=$HOST-gcc ./configure --host=$HOST
+	CC=$HOST-gcc ./configure --host=$HOST --with-openssldir=c:/libressl/ssl
 	make clean
 	PATH=$PATH:/usr/$HOST/sys-root/mingw/bin \
 	   make -j 4 check
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -2,4 +2,4 @@ install(DIRECTORY .
        DESTINATION include
        PATTERN "CMakeLists.txt" EXCLUDE
        PATTERN "compat" EXCLUDE
-        PATTERN "Makefile.*" EXCLUDE)
+        PATTERN "Makefile*" EXCLUDE)
--- a/include/compat/err.h
+++ b/include/compat/err.h
@@ -13,20 +13,66 @@
 #define LIBCRYPTOCOMPAT_ERR_H
 #include <errno.h>
 #include <stdarg.h>
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
-#define err(exitcode, format, ...) \
+static inline void
-  errx(exitcode, format ": %s", ## __VA_ARGS__, strerror(errno))
+err(int eval, const char *fmt, ...)
 {
 	int sverrno = errno;
 	va_list ap;
-#define errx(exitcode, format, ...) \
+	va_start(ap, fmt);
-  do { warnx(format, ## __VA_ARGS__); exit(exitcode); } while (0)
+	if (fmt != NULL) {
 		vfprintf(stderr, fmt, ap);
 		fprintf(stderr, ": ");
 	}
 	fprintf(stderr, "%s\n", strerror(sverrno));
 	exit(eval);
 	va_end(ap);
 }
-#define warn(format, ...) \
+static inline void
-  warnx(format ": %s", ## __VA_ARGS__, strerror(errno))
+errx(int eval, const char *fmt, ...)
 {
 	va_list ap;
-#define warnx(format, ...) \
+	va_start(ap, fmt);
-  fprintf(stderr, format "\n", ## __VA_ARGS__)
+	if (fmt != NULL)
 		vfprintf(stderr, fmt, ap);
 	fprintf(stderr, "\n");
 	exit(eval);
 	va_end(ap);
 }
 static inline void
 warn(const char *fmt, ...)
 {
 	int sverrno = errno;
 	va_list ap;
 	va_start(ap, fmt);
 	if (fmt != NULL) {
 		vfprintf(stderr, fmt, ap);
 		fprintf(stderr, ": ");
 	}
 	fprintf(stderr, "%s\n", strerror(sverrno));
 	va_end(ap);
 }
 static inline void
 warnx(const char *fmt, ...)
 {
 	va_list ap;
 	va_start(ap, fmt);
 	if (fmt != NULL)
 		vfprintf(stderr, fmt, ap);
 	fprintf(stderr, "\n");
 	va_end(ap);
 }
 #endif
--- a/include/compat/limits.h
+++ b/include/compat/limits.h
@@ -4,11 +4,7 @@
 */
 #ifdef _MSC_VER
 #if _MSC_VER >= 1900
 #include <../ucrt/limits.h>
 #else
 #include <../include/limits.h>
 #endif
 #else
 #include_next <limits.h>
 #endif
--- a/include/compat/netinet/ip.h
+++ b/include/compat/netinet/ip.h
@@ -3,6 +3,10 @@
 * netinet/ip.h compatibility shim
 */
 #if defined(__hpux)
 #include <netinet/in_systm.h>
 #endif
 #ifndef _WIN32
 #include_next <netinet/ip.h>
 #else
--- a/include/compat/stdio.h
+++ b/include/compat/stdio.h
@@ -28,11 +28,13 @@ int asprintf(char **str, const char *fmt, ...);
 void posix_perror(const char *s);
 FILE * posix_fopen(const char *path, const char *mode);
 char * posix_fgets(char *s, int size, FILE *stream);
 int posix_rename(const char *oldpath, const char *newpath);
 #ifndef NO_REDEF_POSIX_FUNCTIONS
 #define perror(errnum) posix_perror(errnum)
 #define fopen(path, mode) posix_fopen(path, mode)
 #define fgets(s, size, stream) posix_fgets(s, size, stream)
 #define rename(oldpath, newpath) posix_rename(oldpath, newpath)
 #endif
--- a/include/compat/stdlib.h
+++ b/include/compat/stdlib.h
@@ -22,6 +22,7 @@
 #ifndef HAVE_ARC4RANDOM_BUF
 uint32_t arc4random(void);
 void arc4random_buf(void *_buf, size_t n);
 uint32_t arc4random_uniform(uint32_t upper_bound);
 #endif
 #ifndef HAVE_REALLOCARRAY
--- a/include/compat/string.h
+++ b/include/compat/string.h
@@ -18,9 +18,10 @@
 #include <sys/types.h>
-#if defined(__sun) || defined(__hpux)
+#if defined(__sun) || defined(_AIX) || defined(__hpux)
 /* Some functions historically defined in string.h were placed in strings.h by
- * SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris and HPUX.
+ * SUS. Use the same hack as OS X and FreeBSD use to work around on AIX,
 * Solaris, and HPUX.
 */
 #include <strings.h>
 #endif
--- a/include/compat/unistd.h
+++ b/include/compat/unistd.h
@@ -27,6 +27,13 @@ unsigned int sleep(unsigned int seconds);
 #ifndef HAVE_GETENTROPY
 int getentropy(void *buf, size_t buflen);
 #else
 /*
 * Solaris 11.3 adds getentropy(2), but defines the function in sys/random.h
 */
 #if defined(__sun)
 #include <sys/random.h>
 #endif
 #endif
 #define pledge(request, paths) 0
--- a/libcrypto.pc.in
+++ b/libcrypto.pc.in
@@ -11,5 +11,5 @@ Version: @VERSION@
 Requires:
 Conflicts:
 Libs: -L${libdir} -lcrypto
-Libs.private: @LIBS@
+Libs.private: @LIBS@ @PLATFORM_LDADD@
 Cflags: -I${includedir}
--- a/libssl.pc.in
+++ b/libssl.pc.in
@@ -12,5 +12,5 @@ Requires:
 Requires.private: libcrypto
 Conflicts:
 Libs: -L${libdir} -lssl
-Libs.private: @LIBS@ -lcrypto
+Libs.private: @LIBS@ -lcrypto @PLATFORM_LDADD@
 Cflags: -I${includedir}
--- a/libtls-standalone/include/string.h
+++ b/libtls-standalone/include/string.h
@@ -18,9 +18,10 @@
 #include <sys/types.h>
-#if defined(__sun) || defined(__hpux)
+#if defined(__sun) || defined(_AIX) || defined(__hpux)
 /* Some functions historically defined in string.h were placed in strings.h by
- * SUS. Use the same hack as OS X and FreeBSD use to work around on Solaris and HPUX.
+ * SUS. Use the same hack as OS X and FreeBSD use to work around on AIX,
 * Solaris, and HPUX.
 */
 #include <strings.h>
 #endif
--- a/libtls-standalone/tests/test.c
+++ b/libtls-standalone/tests/test.c
@@ -5,7 +5,7 @@ int main()
 {
 	struct tls *tls;
 	struct tls_config *tls_config;
-	size_t written, read;
+	ssize_t written, read;
 	char buf[4096];
 	if (tls_init() != 0) {
@@ -31,10 +31,10 @@ int main()
 	if (tls_connect(tls, "google.com", "443") != 0)
 		goto err;
-	if (tls_write(tls, "GET /\r\n", 7, &written) != 0)
+	if ((written = tls_write(tls, "GET /\r\n", 7)) < 0)
 		goto err;
-	if (tls_read(tls, buf, sizeof(buf), &read) != 0)
+	if ((read = tls_read(tls, buf, sizeof(buf))) < 0)
 		goto err;
 	buf[read - 1] = '\0';
--- a/libtls.pc.in
+++ b/libtls.pc.in
@@ -12,5 +12,5 @@ Requires:
 Requires.private: libcrypto libssl
 Conflicts:
 Libs: -L${libdir} -ltls
-Libs.private: @LIBS@ -lcrypto -lssl
+Libs.private: @LIBS@ -lcrypto -lssl @PLATFORM_LDADD@
 Cflags: -I${includedir}
--- a/m4/check-libc.m4
+++ b/m4/check-libc.m4
@@ -41,14 +41,17 @@ AC_CACHE_CHECK([for b64_ntop], ac_cv_have_b64_ntop_arg, [
 	[ ac_cv_have_b64_ntop_arg="no"
 	])
 ])
-AM_CONDITIONAL([HAVE_B64_NTOP], [test "x$ac_cv_func_b64_ntop" = xyes])
+AM_CONDITIONAL([HAVE_B64_NTOP], [test "x$ac_cv_func_b64_ntop_arg" = xyes])
 ])
 AC_DEFUN([CHECK_CRYPTO_COMPAT], [
 # Check crypto-related libc functions and syscalls
-AC_CHECK_FUNCS([arc4random_buf explicit_bzero getauxval getentropy])
+AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform])
 AC_CHECK_FUNCS([explicit_bzero getauxval getentropy])
 AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
 AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes])
 AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
 AM_CONDITIONAL([HAVE_ARC4RANDOM_UNIFORM], [test "x$ac_cv_func_arc4random_uniform" = xyes])
 AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
 AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
 AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
@@ -56,15 +59,15 @@ AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp"
 # Override arc4random_buf implementations with known issues
 AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
-	[test "x$HOST_OS" != xdarwin \
+	[test "x$USE_BUILTIN_ARC4RANDOM" != xyes \
 	   -a "x$HOST_OS" != xfreebsd \
 	   -a "x$HOST_OS" != xnetbsd \
 	   -a "x$ac_cv_func_arc4random_buf" = xyes])
 # Check for getentropy fallback dependencies
 AC_CHECK_FUNC([getauxval])
-AC_CHECK_FUNC([clock_gettime],, [AC_SEARCH_LIBS([clock_gettime],[rt posix4])])
+AC_SEARCH_LIBS([clock_gettime],[rt posix4])
-AC_CHECK_FUNC([dl_iterate_phdr],, [AC_SEARCH_LIBS([dl_iterate_phdr],[dl])])
+AC_CHECK_FUNC([clock_gettime])
 AC_SEARCH_LIBS([dl_iterate_phdr],[dl])
 AC_CHECK_FUNC([dl_iterate_phdr])
 ])
 AC_DEFUN([CHECK_VA_COPY], [
--- a/m4/check-os-options.m4
+++ b/m4/check-os-options.m4
@@ -1,6 +1,7 @@
 AC_DEFUN([CHECK_OS_OPTIONS], [
 CFLAGS="$CFLAGS -Wall -std=gnu99 -fno-strict-aliasing"
 BUILD_NC=yes
 case $host_os in
 	*aix*)
@@ -14,14 +15,19 @@ case $host_os in
 		HOST_OS=cygwin
 		;;
 	*darwin*)
 		BUILD_NC=yes
 		HOST_OS=darwin
 		HOST_ABI=macosx
 		# weak seed on failure to open /dev/random, based on latest
 		# public source:
 		# http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c
 		USE_BUILTIN_ARC4RANDOM=yes
 		;;
 	*freebsd*)
 		BUILD_NC=yes
 		HOST_OS=freebsd
 		HOST_ABI=elf
 		# fork detection missing, weak seed on failure
 		# https://svnweb.freebsd.org/base/head/lib/libc/gen/arc4random.c?revision=268642&view=markup
 		USE_BUILTIN_ARC4RANDOM=yes
 		AC_SUBST([PROG_LDADD], ['-lthr'])
 		;;
 	*hpux*)
@@ -35,24 +41,32 @@ case $host_os in
 		AC_SUBST([PLATFORM_LDADD], ['-lpthread'])
 		;;
 	*linux*)
 		BUILD_NC=yes
 		HOST_OS=linux
 		HOST_ABI=elf
 		CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
 		;;
 	*netbsd*)
 		BUILD_NC=yes
 		HOST_OS=netbsd
 		HOST_ABI=elf
 		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
 #include <sys/param.h>
 #if __NetBSD_Version__ < 700000001
        undefined
 #endif
                       ]], [[]])],
                       [ USE_BUILTIN_ARC4RANDOM=no ],
                       [ USE_BUILTIN_ARC4RANDOM=yes ]
 		)
 		CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
 		;;
 	*openbsd* | *bitrig*)
 		BUILD_NC=yes
 		HOST_OS=openbsd
 		HOST_ABI=elf
 		AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
 		;;
 	*mingw*)
 		HOST_OS=win
 		BUILD_NC=no
 		CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
 		CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
 		CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0501"
@@ -70,7 +84,11 @@ case $host_os in
 	*) ;;
 esac
-AM_CONDITIONAL([BUILD_NC],     [test x$BUILD_NC = xyes])
+AC_ARG_ENABLE([nc],
 	AS_HELP_STRING([--enable-nc], [Enable installing TLS-enabled nc(1)]))
 AM_CONDITIONAL([ENABLE_NC], [test "x$enable_nc" = xyes])
 AM_CONDITIONAL([BUILD_NC],  [test x$BUILD_NC = xyes -o "x$enable_nc" = xyes])
 AM_CONDITIONAL([HOST_AIX],     [test x$HOST_OS = xaix])
 AM_CONDITIONAL([HOST_CYGWIN],  [test x$HOST_OS = xcygwin])
 AM_CONDITIONAL([HOST_DARWIN],  [test x$HOST_OS = xdarwin])
--- a/man/links
+++ b/man/links
@@ -230,6 +230,8 @@ CRYPTO_set_locking_callback.3,CRYPTO_THREADID_current.3
 CRYPTO_set_locking_callback.3,CRYPTO_THREADID_get_callback.3
 CRYPTO_set_locking_callback.3,CRYPTO_THREADID_hash.3
 CRYPTO_set_locking_callback.3,CRYPTO_THREADID_set_callback.3
 CRYPTO_set_locking_callback.3,CRYPTO_THREADID_set_numeric.3
 CRYPTO_set_locking_callback.3,CRYPTO_THREADID_set_pointer.3
 CRYPTO_set_locking_callback.3,CRYPTO_add.3
 CRYPTO_set_locking_callback.3,CRYPTO_add_lock.3
 CRYPTO_set_locking_callback.3,CRYPTO_destroy_dynlockid.3
@@ -301,6 +303,24 @@ DSA_set_method.3,DSA_set_default_method.3
 DSA_set_method.3,DSA_set_default_openssl_method.3
 DSA_sign.3,DSA_sign_setup.3
 DSA_sign.3,DSA_verify.3
 ECDSA_SIG_new.3,ECDSA_OpenSSL.3
 ECDSA_SIG_new.3,ECDSA_SIG_free.3
 ECDSA_SIG_new.3,ECDSA_do_sign.3
 ECDSA_SIG_new.3,ECDSA_do_sign_ex.3
 ECDSA_SIG_new.3,ECDSA_do_verify.3
 ECDSA_SIG_new.3,ECDSA_get_default_method.3
 ECDSA_SIG_new.3,ECDSA_get_ex_data.3
 ECDSA_SIG_new.3,ECDSA_get_ex_new_index.3
 ECDSA_SIG_new.3,ECDSA_set_default_method.3
 ECDSA_SIG_new.3,ECDSA_set_ex_data.3
 ECDSA_SIG_new.3,ECDSA_set_method.3
 ECDSA_SIG_new.3,ECDSA_sign.3
 ECDSA_SIG_new.3,ECDSA_sign_ex.3
 ECDSA_SIG_new.3,ECDSA_sign_setup.3
 ECDSA_SIG_new.3,ECDSA_size.3
 ECDSA_SIG_new.3,ECDSA_verify.3
 ECDSA_SIG_new.3,d2i_ECDSA_SIG.3
 ECDSA_SIG_new.3,i2d_ECDSA_SIG.3
 EC_GFp_simple_method.3,EC_GF2m_simple_method.3
 EC_GFp_simple_method.3,EC_GFp_mont_method.3
 EC_GFp_simple_method.3,EC_GFp_nist_method.3
@@ -418,6 +438,17 @@ ERR_print_errors.3,ERR_print_errors_fp.3
 ERR_put_error.3,ERR_add_error_data.3
 ERR_remove_state.3,ERR_remove_thread_state.3
 ERR_set_mark.3,ERR_pop_to_mark.3
 EVP_AEAD_CTX_init.3,EVP_AEAD_CTX_cleanup.3
 EVP_AEAD_CTX_init.3,EVP_AEAD_CTX_open.3
 EVP_AEAD_CTX_init.3,EVP_AEAD_CTX_seal.3
 EVP_AEAD_CTX_init.3,EVP_AEAD_key_length.3
 EVP_AEAD_CTX_init.3,EVP_AEAD_max_overhead.3
 EVP_AEAD_CTX_init.3,EVP_AEAD_max_tag_len.3
 EVP_AEAD_CTX_init.3,EVP_AEAD_nonce_length.3
 EVP_AEAD_CTX_init.3,EVP_aead_aes_128_gcm.3
 EVP_AEAD_CTX_init.3,EVP_aead_aes_256_gcm.3
 EVP_AEAD_CTX_init.3,EVP_aead_chacha20_poly1305.3
 EVP_AEAD_CTX_init.3,EVP_aead_chacha20_poly1305_ietf.3
 EVP_DigestInit.3,EVP_DigestFinal.3
 EVP_DigestInit.3,EVP_DigestFinal_ex.3
 EVP_DigestInit.3,EVP_DigestInit_ex.3
@@ -552,7 +583,6 @@ EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_rsa_padding.3
 EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_rsa_pss_saltlen.3
 EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_rsa_rsa_keygen_bits.3
 EVP_PKEY_CTX_ctrl.3,EVP_PKEY_CTX_set_signature_md.3
 EVP_PKEY_CTX_ctrl.3,EVP_PKEY_ctrl_str.3
 EVP_PKEY_CTX_ctrl.3,EVP_PKEY_get_default_digest_nid.3
 EVP_PKEY_CTX_new.3,EVP_PKEY_CTX_dup.3
 EVP_PKEY_CTX_new.3,EVP_PKEY_CTX_free.3
@@ -565,7 +595,6 @@ EVP_PKEY_derive.3,EVP_PKEY_derive_init.3
 EVP_PKEY_derive.3,EVP_PKEY_derive_set_peer.3
 EVP_PKEY_encrypt.3,EVP_PKEY_encrypt_init.3
 EVP_PKEY_get_default_digest.3,EVP_PKEY_get_default_digest_nid.3
 EVP_PKEY_keygen.3,EVP_PKEVP_PKEY_CTX_set_app_data.3
 EVP_PKEY_keygen.3,EVP_PKEY_CTX_get_app_data.3
 EVP_PKEY_keygen.3,EVP_PKEY_CTX_get_cb.3
 EVP_PKEY_keygen.3,EVP_PKEY_CTX_get_keygen_info.3
@@ -736,7 +765,6 @@ RSA_print.3,DSAparams_print_fp.3
 RSA_print.3,RSA_print_fp.3
 RSA_private_encrypt.3,RSA_public_decrypt.3
 RSA_public_encrypt.3,RSA_private_decrypt.3
 RSA_set_method.3,RSA_PKCS1_RSAref.3
 RSA_set_method.3,RSA_PKCS1_SSLeay.3
 RSA_set_method.3,RSA_flags.3
 RSA_set_method.3,RSA_get_default_method.3
@@ -796,7 +824,6 @@ SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_get_get_cb.3
 SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_get_new_cb.3
 SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_get_remove_cb.3
 SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_set_new_cb.3
 SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_set_remove.3
 SSL_CTX_sess_set_get_cb.3,SSL_CTX_sess_set_remove_cb.3
 SSL_CTX_sess_set_get_cb.3,get_session_cb.3
 SSL_CTX_sess_set_get_cb.3,new_session_cb.3
@@ -822,7 +849,6 @@ SSL_CTX_set_mode.3,SSL_CTX_get_mode.3
 SSL_CTX_set_mode.3,SSL_get_mode.3
 SSL_CTX_set_mode.3,SSL_set_mode.3
 SSL_CTX_set_msg_callback.3,SSL_CTX_set_msg_callback_arg.3
 SSL_CTX_set_msg_callback.3,SSL_get_msg_callback_arg.3
 SSL_CTX_set_msg_callback.3,SSL_set_msg_callback.3
 SSL_CTX_set_msg_callback.3,SSL_set_msg_callback_arg.3
 SSL_CTX_set_options.3,SSL_CTX_clear_options.3
@@ -906,7 +932,6 @@ SSL_get_session.3,SSL_get1_session.3
 SSL_library_init.3,OpenSSL_add_ssl_algorithms.3
 SSL_library_init.3,SSLeay_add_ssl_algorithms.3
 SSL_rstate_string.3,SSL_rstate_string_long.3
 SSL_set_connect_state.3,SSL_get_accept_state.3
 SSL_set_connect_state.3,SSL_set_accept_state.3
 SSL_set_fd.3,SSL_set_rfd.3
 SSL_set_fd.3,SSL_set_wfd.3
@@ -916,6 +941,30 @@ SSL_want.3,SSL_want_nothing.3
 SSL_want.3,SSL_want_read.3
 SSL_want.3,SSL_want_write.3
 SSL_want.3,SSL_want_x509_lookup.3
 UI_new.3,ERR_load_UI_strings.3
 UI_new.3,UI_OpenSSL.3
 UI_new.3,UI_add_error_string.3
 UI_new.3,UI_add_info_string.3
 UI_new.3,UI_add_input_boolean.3
 UI_new.3,UI_add_input_string.3
 UI_new.3,UI_add_user_data.3
 UI_new.3,UI_add_verify_string.3
 UI_new.3,UI_construct_prompt.3
 UI_new.3,UI_ctrl.3
 UI_new.3,UI_dup_error_string.3
 UI_new.3,UI_dup_info_string.3
 UI_new.3,UI_dup_input_boolean.3
 UI_new.3,UI_dup_input_string.3
 UI_new.3,UI_dup_verify_string.3
 UI_new.3,UI_free.3
 UI_new.3,UI_get0_result.3
 UI_new.3,UI_get0_user_data.3
 UI_new.3,UI_get_default_method.3
 UI_new.3,UI_get_method.3
 UI_new.3,UI_new_method.3
 UI_new.3,UI_process.3
 UI_new.3,UI_set_default_method.3
 UI_new.3,UI_set_method.3
 X509_NAME_ENTRY_get_object.3,X509_NAME_ENTRY_create_by_NID.3
 X509_NAME_ENTRY_get_object.3,X509_NAME_ENTRY_create_by_OBJ.3
 X509_NAME_ENTRY_get_object.3,X509_NAME_ENTRY_create_by_txt.3
@@ -962,38 +1011,37 @@ X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set_purpose.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set_time.3
 X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set_trust.3
 X509_new.3,X509_free.3
-bn_internal.3,bn_add_words.3
+bn_dump.3,bn_add_words.3
-bn_internal.3,bn_check_top.3
+bn_dump.3,bn_check_top.3
-bn_internal.3,bn_cmp_words.3
+bn_dump.3,bn_cmp_words.3
-bn_internal.3,bn_div_words.3
+bn_dump.3,bn_div_words.3
-bn_internal.3,bn_dump.3
+bn_dump.3,bn_expand.3
-bn_internal.3,bn_expand.3
+bn_dump.3,bn_expand2.3
-bn_internal.3,bn_expand2.3
+bn_dump.3,bn_fix_top.3
-bn_internal.3,bn_fix_top.3
+bn_dump.3,bn_mul_add_words.3
-bn_internal.3,bn_mul_add_words.3
+bn_dump.3,bn_mul_comba4.3
-bn_internal.3,bn_mul_comba4.3
+bn_dump.3,bn_mul_comba8.3
-bn_internal.3,bn_mul_comba8.3
+bn_dump.3,bn_mul_high.3
-bn_internal.3,bn_mul_high.3
+bn_dump.3,bn_mul_low_normal.3
-bn_internal.3,bn_mul_low_normal.3
+bn_dump.3,bn_mul_low_recursive.3
-bn_internal.3,bn_mul_low_recursive.3
+bn_dump.3,bn_mul_normal.3
-bn_internal.3,bn_mul_normal.3
+bn_dump.3,bn_mul_part_recursive.3
-bn_internal.3,bn_mul_part_recursive.3
+bn_dump.3,bn_mul_recursive.3
-bn_internal.3,bn_mul_recursive.3
+bn_dump.3,bn_mul_words.3
-bn_internal.3,bn_mul_words.3
+bn_dump.3,bn_print.3
-bn_internal.3,bn_print.3
+bn_dump.3,bn_set_high.3
-bn_internal.3,bn_set_high.3
+bn_dump.3,bn_set_low.3
-bn_internal.3,bn_set_low.3
+bn_dump.3,bn_set_max.3
-bn_internal.3,bn_set_max.3
+bn_dump.3,bn_sqr_comba4.3
-bn_internal.3,bn_sqr_comba4.3
+bn_dump.3,bn_sqr_comba8.3
-bn_internal.3,bn_sqr_comba8.3
+bn_dump.3,bn_sqr_normal.3
-bn_internal.3,bn_sqr_normal.3
+bn_dump.3,bn_sqr_recursive.3
-bn_internal.3,bn_sqr_recursive.3
+bn_dump.3,bn_sqr_words.3
-bn_internal.3,bn_sqr_words.3
+bn_dump.3,bn_sub_words.3
-bn_internal.3,bn_sub_words.3
+bn_dump.3,bn_wexpand.3
-bn_internal.3,bn_wexpand.3
+bn_dump.3,mul.3
-bn_internal.3,mul.3
+bn_dump.3,mul_add.3
-bn_internal.3,mul_add.3
+bn_dump.3,sqr.3
 bn_internal.3,sqr.3
 crypto.3,crypto_dispatch.3
 crypto.3,crypto_done.3
 crypto.3,crypto_freereq.3
@@ -1021,12 +1069,11 @@ d2i_ECPKParameters.3,d2i_ECPKParameters_fp.3
 d2i_ECPKParameters.3,i2d_ECPKParameters.3
 d2i_ECPKParameters.3,i2d_ECPKParameters_bio.3
 d2i_ECPKParameters.3,i2d_ECPKParameters_fp.3
-d2i_PKCS8PrivateKey.3,d2i_PKCS8PrivateKey_bio.3
+d2i_PKCS8PrivateKey_bio.3,d2i_PKCS8PrivateKey_fp.3
-d2i_PKCS8PrivateKey.3,d2i_PKCS8PrivateKey_fp.3
+d2i_PKCS8PrivateKey_bio.3,i2d_PKCS8PrivateKey_bio.3
-d2i_PKCS8PrivateKey.3,i2d_PKCS8PrivateKey_bio.3
+d2i_PKCS8PrivateKey_bio.3,i2d_PKCS8PrivateKey_fp.3
-d2i_PKCS8PrivateKey.3,i2d_PKCS8PrivateKey_fp.3
+d2i_PKCS8PrivateKey_bio.3,i2d_PKCS8PrivateKey_nid_bio.3
-d2i_PKCS8PrivateKey.3,i2d_PKCS8PrivateKey_nid_bio.3
+d2i_PKCS8PrivateKey_bio.3,i2d_PKCS8PrivateKey_nid_fp.3
 d2i_PKCS8PrivateKey.3,i2d_PKCS8PrivateKey_nid_fp.3
 d2i_RSAPublicKey.3,d2i_Netscape_RSA.3
 d2i_RSAPublicKey.3,d2i_RSAPrivateKey.3
 d2i_RSAPublicKey.3,d2i_RSA_PUBKEY.3
@@ -1053,25 +1100,9 @@ d2i_X509_REQ.3,i2d_X509_REQ.3
 d2i_X509_REQ.3,i2d_X509_REQ_bio.3
 d2i_X509_REQ.3,i2d_X509_REQ_fp.3
 d2i_X509_SIG.3,i2d_X509_SIG.3
-ecdsa.3,ECDSA_OpenSSL.3
+des_read_pw.3,des_read_2passwords.3
-ecdsa.3,ECDSA_SIG_free.3
+des_read_pw.3,des_read_password.3
-ecdsa.3,ECDSA_SIG_new.3
+des_read_pw.3,des_read_pw_string.3
 ecdsa.3,ECDSA_do_sign.3
 ecdsa.3,ECDSA_do_sign_ex.3
 ecdsa.3,ECDSA_do_verify.3
 ecdsa.3,ECDSA_get_default_method.3
 ecdsa.3,ECDSA_get_ex_data.3
 ecdsa.3,ECDSA_get_ex_new_index.3
 ecdsa.3,ECDSA_set_default_method.3
 ecdsa.3,ECDSA_set_ex_data.3
 ecdsa.3,ECDSA_set_method.3
 ecdsa.3,ECDSA_sign.3
 ecdsa.3,ECDSA_sign_ex.3
 ecdsa.3,ECDSA_sign_setup.3
 ecdsa.3,ECDSA_size.3
 ecdsa.3,ECDSA_verify.3
 ecdsa.3,d2i_ECDSA_SIG.3
 ecdsa.3,i2d_ECDSA_SIG.3
 engine.3,ENGINE_add.3
 engine.3,ENGINE_by_id.3
 engine.3,ENGINE_finish.3
@@ -1082,19 +1113,23 @@ engine.3,ENGINE_get_prev.3
 engine.3,ENGINE_init.3
 engine.3,ENGINE_load_builtin_engines.3
 engine.3,ENGINE_remove.3
 lh_new.3,DECLARE_LHASH_OF.3
 lh_new.3,LHASH_COMP_FN_TYPE.3
 lh_new.3,LHASH_DOALL_ARG_FN_TYPE.3
 lh_new.3,LHASH_DOALL_FN_TYPE.3
 lh_new.3,LHASH_HASH_FN_TYPE.3
 lh_new.3,lh_delete.3
 lh_new.3,lh_doall.3
 lh_new.3,lh_doall_arg.3
 lh_new.3,lh_error.3
 lh_new.3,lh_free.3
 lh_new.3,lh_insert.3
 lh_new.3,lh_retrieve.3
 lh_stats.3,lh_node_stats.3
 lh_stats.3,lh_node_stats_bio.3
 lh_stats.3,lh_node_usage_stats.3
 lh_stats.3,lh_node_usage_stats_bio.3
 lh_stats.3,lh_stats_bio.3
 lhash.3,lh_delete.3
 lhash.3,lh_doall.3
 lhash.3,lh_doall_arg.3
 lhash.3,lh_error.3
 lhash.3,lh_free.3
 lhash.3,lh_insert.3
 lhash.3,lh_new.3
 lhash.3,lh_retrieve.3
 tls_init.3,tls_accept_fds.3
 tls_init.3,tls_accept_socket.3
 tls_init.3,tls_client.3
@@ -1145,32 +1180,3 @@ tls_init.3,tls_read.3
 tls_init.3,tls_reset.3
 tls_init.3,tls_server.3
 tls_init.3,tls_write.3
 ui.3,ERR_load_UI_strings.3
 ui.3,UI_OpenSSL.3
 ui.3,UI_add_error_string.3
 ui.3,UI_add_info_string.3
 ui.3,UI_add_input_boolean.3
 ui.3,UI_add_input_string.3
 ui.3,UI_add_user_data.3
 ui.3,UI_add_verify_string.3
 ui.3,UI_construct_prompt.3
 ui.3,UI_ctrl.3
 ui.3,UI_dup_error_string.3
 ui.3,UI_dup_info_string.3
 ui.3,UI_dup_input_boolean.3
 ui.3,UI_dup_input_string.3
 ui.3,UI_dup_verify_string.3
 ui.3,UI_free.3
 ui.3,UI_get0_result.3
 ui.3,UI_get0_user_data.3
 ui.3,UI_get_default_method.3
 ui.3,UI_get_method.3
 ui.3,UI_new.3
 ui.3,UI_new_method.3
 ui.3,UI_process.3
 ui.3,UI_set_default_method.3
 ui.3,UI_set_method.3
 ui_compat.3,des_read_2passwords.3
 ui_compat.3,des_read_password.3
 ui_compat.3,des_read_pw.3
 ui_compat.3,des_read_pw_string.3
--- a/man/update_links.sh
+++ b/man/update_links.sh
@@ -11,7 +11,7 @@ for i in `ls -1 *.3`; do
  for j in $links; do
    a=`echo "x$j" | tr '[:upper:]' '[:lower:]'`
    b=`echo "x$name" | tr '[:upper:]' '[:lower:]'`
-    if [ $a != $b ]; then
+    if [[ $a != $b && $a != *"<type>"* ]]; then
      echo $name.3,$j.3 >> links
    fi
  done
--- a/patches/modes_lcl.h
+++ b/patches/modes_lcl.h
@@ -0,0 +1,21 @@
 --- openbsd/src/lib/libssl/src/crypto/modes/modes_lcl.h	Sat Dec  6 17:15:50 2014
 +++ crypto/modes/modes_lcl.h	Sun Jul 17 17:45:27 2016
@@ -43,14 +43,16 @@
 			asm ("bswapl %0"		\
 			: "+r"(ret));	ret;		})
 # elif (defined(__arm__) || defined(__arm)) && !defined(__STRICT_ALIGNMENT)
 -#  define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
 +#  if (__ARM_ARCH >= 6)
 +#   define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
 			asm ("rev %0,%0; rev %1,%1"	\
 			: "+r"(hi),"+r"(lo));		\
 			(u64)hi<<32|lo;			})
 -#  define BSWAP4(x) ({	u32 ret;			\
 +#   define BSWAP4(x) ({	u32 ret;			\
 			asm ("rev %0,%1"		\
 			: "=r"(ret) : "r"((u32)(x)));	\
 			ret;				})
 +#  endif
 # endif
 #endif
 #endif
--- a/patches/netcat.c.patch
+++ b/patches/netcat.c.patch
@@ -1,17 +1,16 @@
--- apps/nc/netcat.c.orig	2015-10-23 16:01:14.000000000 -0700
+--- apps/nc/netcat.c.orig	Thu Jun 30 19:56:49 2016
-+++ apps/nc/netcat.c	2015-10-23 16:17:08.000000000 -0700
+++ apps/nc/netcat.c	Thu Jun 30 19:59:09 2016
-@@ -57,6 +57,10 @@
+@@ -65,7 +65,9 @@
- #include <tls.h>
+ #define POLL_NETIN 2
- #include "atomicio.h"
+ #define POLL_STDOUT 3
- 
+ #define BUFSIZE 16384
-+#ifndef IPV6_TCLASS
+#ifndef DEFAULT_CA_FILE
-+#define IPV6_TCLASS -1
+ #define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
 +#endif
-+
+ 
- #define PORT_MAX	65535
+ #define TLS_LEGACY	(1 << 1)
- #define PORT_MAX_LEN	6
+ #define TLS_NOVERIFY	(1 << 2)
- #define UNIX_DG_TMP_SOCKET_SIZE	19
+@@ -92,9 +94,13 @@
@@ -93,9 +97,13 @@
 int	Dflag;					/* sodebug */
 int	Iflag;					/* TCP receive buffer size */
 int	Oflag;					/* TCP send buffer size */
@@ -25,7 +24,7 @@
 int	usetls;					/* use TLS */
 char    *Cflag;					/* Public cert file */
-@@ -145,7 +153,7 @@
+@@ -152,7 +158,7 @@
 	struct servent *sv;
 	socklen_t len;
 	struct sockaddr_storage cliaddr;
@@ -34,7 +33,7 @@
 	const char *errstr, *proxyhost = "", *proxyport = NULL;
 	struct addrinfo proxyhints;
 	char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
-@@ -246,12 +254,14 @@
+@@ -262,12 +268,14 @@
 		case 'u':
 			uflag = 1;
 			break;
@@ -49,7 +48,7 @@
 		case 'v':
 			vflag = 1;
 			break;
-@@ -284,9 +294,11 @@
+@@ -300,9 +308,11 @@
 				errx(1, "TCP send window %s: %s",
 				    errstr, optarg);
 			break;
@@ -61,48 +60,43 @@
 		case 'T':
 			errstr = NULL;
 			errno = 0;
-@@ -310,14 +322,16 @@
+@@ -326,9 +336,11 @@
 	argc -= optind;
 	argv += optind;
 +#ifdef SO_RTABLE
- 	if (rtableid >= 0) {
+ 	if (rtableid >= 0)
- 		/*
+ 		if (setrtable(rtableid) == -1)
- 		 * XXX No pledge if doing rtable manipulation!
+ 			err(1, "setrtable");
 		 * XXX the routing table stuff is dangerous and can't be pledged.
 		 * XXX rtable should really have a better interface than sockopt
 		 */
 -	}
 -	else if (family == AF_UNIX) {
 +	} else
 +#endif
-+	if (family == AF_UNIX) {
+ 
 	if (family == AF_UNIX) {
 		if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
- 			err(1, "pledge");
+@@ -480,7 +492,10 @@
 				errx(1, "-H and -T noverify may not be used"
 				    "together");
 			tls_config_insecure_noverifycert(tls_cfg);
 -		}
 +		} else {
 +                        if (Rflag && access(Rflag, R_OK) == -1)
 +                                errx(1, "unable to find root CA file %s", Rflag);
 +                }
 	}
-@@ -797,7 +811,10 @@
+ 	if (lflag) {
 		struct tls *tls_cctx = NULL;
@@ -832,7 +847,10 @@
 remote_connect(const char *host, const char *port, struct addrinfo hints)
 {
 	struct addrinfo *res, *res0;
-	int s, error, on = 1;
+-	int s, error, on = 1, save_errno;
-+	int s, error;
+	int s, error, save_errno;
 +#ifdef SO_BINDANY
 +	int on = 1;
 +#endif
 	if ((error = getaddrinfo(host, port, &hints, &res)))
 		errx(1, "getaddrinfo: %s", gai_strerror(error));
-@@ -808,16 +825,20 @@
+@@ -847,8 +865,10 @@
 		    SOCK_NONBLOCK, res0->ai_protocol)) < 0)
 			continue;
 +#ifdef SO_RTABLE
 		if (rtableid >= 0 && (setsockopt(s, SOL_SOCKET, SO_RTABLE,
 		    &rtableid, sizeof(rtableid)) == -1))
 			err(1, "setsockopt SO_RTABLE");
 +#endif
 		/* Bind to a local port or source address if specified. */
 		if (sflag || pflag) {
 			struct addrinfo ahints, *ares;
@@ -113,28 +107,22 @@
 			memset(&ahints, 0, sizeof(struct addrinfo));
 			ahints.ai_family = res0->ai_family;
 			ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
-@@ -886,7 +907,10 @@
+@@ -919,7 +939,10 @@
 local_listen(char *host, char *port, struct addrinfo hints)
 {
 	struct addrinfo *res, *res0;
-	int s, ret, x = 1;
+-	int s, ret, x = 1, save_errno;
-+	int s;
+	int s, save_errno;
 +#ifdef SO_REUSEPORT
 +	int ret, x = 1;
 +#endif
 	int error;
 	/* Allow nodename to be null. */
-@@ -908,13 +932,17 @@
+@@ -941,9 +964,11 @@
 		    res0->ai_protocol)) < 0)
 			continue;
 +#ifdef SO_RTABLE
 		if (rtableid >= 0 && (setsockopt(s, SOL_SOCKET, SO_RTABLE,
 		    &rtableid, sizeof(rtableid)) == -1))
 			err(1, "setsockopt SO_RTABLE");
 +#endif
 +#ifdef SO_REUSEPORT
 		ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
 		if (ret == -1)
@@ -143,7 +131,7 @@
 		set_common_sockopts(s, res0->ai_family);
-@@ -1358,11 +1386,13 @@
+@@ -1401,11 +1426,13 @@
 {
 	int x = 1;
@@ -157,29 +145,49 @@
 	if (Dflag) {
 		if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
 			&x, sizeof(x)) == -1)
-@@ -1537,15 +1567,19 @@
+@@ -1442,13 +1469,17 @@
 	}
 	if (minttl != -1) {
 +#ifdef IP_MINTTL
 		if (af == AF_INET && setsockopt(s, IPPROTO_IP,
 		    IP_MINTTL, &minttl, sizeof(minttl)))
 			err(1, "set IP min TTL");
 +#endif
 -		else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
 +#ifdef IPV6_MINHOPCOUNT
 +		if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
 		    IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
 			err(1, "set IPv6 min hop count");
 +#endif
 	}
 }
@@ -1605,14 +1636,22 @@
 	\t-P proxyuser\tUsername for proxy authentication\n\
 	\t-p port\t	Specify local port for remote connects\n\
 	\t-R CAfile	CA bundle\n\
 -	\t-r		Randomize remote ports\n\
 -	\t-S		Enable the TCP MD5 signature option\n\
 -	\t-s source	Local source address\n\
 +	\t-r		Randomize remote ports\n"
 +#ifdef TCP_MD5SIG
-+	"\t-S		Enable the TCP MD5 signature option\n"
+        "\
 +	\t-S		Enable the TCP MD5 signature option\n"
 +#endif
-+	"\t-s source	Local source address\n\
+        "\
 	\t-s source	Local source address\n\
 	\t-T keyword	TOS value or TLS options\n\
 	\t-t		Answer TELNET negotiation\n\
 	\t-U		Use UNIX domain socket\n\
 -	\t-u		UDP mode\n\
 -	\t-V rtable	Specify alternate routing table\n\
 -	\t-v		Verbose\n\
 +	\t-u		UDP mode\n"
 +#ifdef SO_RTABLE
-+	"\t-V rtable	Specify alternate routing table\n"
+        "\
 +	\t-V rtable	Specify alternate routing table\n"
 +#endif
-+	"\t-v		Verbose\n\
+        "\
 	\t-v		Verbose\n\
 	\t-w timeout	Timeout for connects and final net reads\n\
 	\t-X proto	Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\
 	\t-x addr[:port]\tSpecify proxy address and port\n\
--- a/patches/rfc5280.c.patch
+++ b/patches/rfc5280.c.patch
@@ -1,5 +1,5 @@
--- tests/rfc5280time.c.orig	Sat Oct 17 22:36:27 2015
+--- tests/rfc5280time.c.orig	Mon Nov  2 20:00:31 2015
-+++ tests/rfc5280time.c	Sat Oct 17 22:44:25 2015
+++ tests/rfc5280time.c	Mon Nov  2 20:03:12 2015
@@ -91,6 +91,7 @@
 		.data = "20150923032700Z",
 		.time = 1442978820,
@@ -10,7 +10,7 @@
 		.str = "00000101000000Z",
@@ -103,6 +104,7 @@
 		.data = "20491231235959Z",
- 		.time = 2524607999,
+ 		.time = 2524607999LL,
 	},
 +#endif
 	{
@@ -18,7 +18,7 @@
 		.str = "19500101000000Z",
@@ -112,6 +114,7 @@
 };
-
+ 
 struct rfc5280_time_test rfc5280_gentime_tests[] = {
 +#if SIZEOF_TIME_T == 8
 	{
@@ -26,7 +26,7 @@
 		.str = "99991231235959Z",
@@ -129,6 +132,7 @@
 		.data = "20500101000000Z",
- 		.time =  2524608000,
+ 		.time =  2524608000LL,
 	},
 +#endif
 };
@@ -40,21 +40,21 @@
 	{
 		.str = "491231235959Z",
 		.data = "491231235959Z",
- 		.time = 2524607999,
+ 		.time = 2524607999LL,
 	},
 +#endif
 	{
 		.str = "700101000000Z",
 		.data = "700101000000Z",
@@ -273,14 +279,14 @@
-
+ 
 	if ((i = X509_cmp_time(gt, &att->time)) != -1) {
 		fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
 -		    test_no, i, att->time);
 +		    test_no, i, (long long)att->time);
 		goto done;
 	}
-
+ 
 	att->time--;
 	if ((i = X509_cmp_time(gt, &att->time)) != 1) {
 		fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
@@ -64,14 +64,14 @@
 	}
 	att->time++;
@@ -325,14 +331,14 @@
-
+ 
 	if ((i = X509_cmp_time(ut, &att->time)) != -1) {
 		fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
 -		    test_no, i, att->time);
 +		    test_no, i, (long long)att->time);
 		goto done;
 	}
-
+ 
 	att->time--;
 	if ((i = X509_cmp_time(ut, &att->time)) != 1) {
 		fprintf(stderr, "FAIL: test %i - X509_cmp_time failed - returned %d compared to %lld\n",
--- a/patches/ssl_txt.c.patch
+++ b/patches/ssl_txt.c.patch
@@ -0,0 +1,19 @@
 --- ssl/ssl_txt.orig	Sun Jul 17 17:26:59 2016
 +++ ssl/ssl_txt.c	Sun Jul 17 17:35:44 2016
@@ -82,6 +82,7 @@
  * OTHERWISE.
  */
 +#include <inttypes.h>
 #include <stdio.h>
 #include <openssl/buffer.h>
@@ -163,7 +164,7 @@
 	}
 	if (x->time != 0) {
 -		if (BIO_printf(bp, "\n    Start Time: %lld", (long long)x->time) <= 0)
 +		if (BIO_printf(bp, "\n    Start Time: %"PRId64, (int64_t)x->time) <= 0)
 			goto err;
 	}
 	if (x->timeout != 0L) {
--- a/patches/tls_internal.h.patch
+++ b/patches/tls_internal.h.patch
@@ -0,0 +1,12 @@
 --- ./openbsd/src/lib/libtls/tls_internal.h	Thu Oct 15 16:12:24 2015
 +++ ./tls/tls_internal.h	Sun Dec  6 20:18:17 2015
@@ -24,7 +24,9 @@
 #include <openssl/ssl.h>
 +#ifndef _PATH_SSL_CA_FILE
 #define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
 +#endif
 #define TLS_CIPHERS_COMPAT	"ALL:!aNULL:!eNULL"
 #define TLS_CIPHERS_DEFAULT	"TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
--- a/patches/windows_headers.patch
+++ b/patches/windows_headers.patch
@@ -1,6 +1,6 @@
-diff -urN include/openssl.orig/dtls1.h include/openssl/dtls1.h
+diff -u include/openssl.orig/dtls1.h include/openssl/dtls1.h
--- include/openssl.orig/dtls1.h	Mon Sep 21 21:45:45 2015
+--- include/openssl.orig/dtls1.h	Mon Dec  7 07:58:32 2015
-+++ include/openssl/dtls1.h	Mon Sep 21 21:58:56 2015
+++ include/openssl/dtls1.h	Mon Dec  7 07:56:14 2015
@@ -60,7 +60,11 @@
 #ifndef HEADER_DTLS1_H
 #define HEADER_DTLS1_H
@@ -13,9 +13,9 @@ diff -urN include/openssl.orig/dtls1.h include/openssl/dtls1.h
 #include <stdio.h>
 #include <stdlib.h>
-diff -urN include/openssl.orig/opensslconf.h include/openssl/opensslconf.h
+diff -u include/openssl.orig/opensslconf.h include/openssl/opensslconf.h
--- include/openssl.orig/opensslconf.h	Mon Sep 21 21:45:45 2015
+--- include/openssl.orig/opensslconf.h	Mon Dec  7 07:58:32 2015
-+++ include/openssl/opensslconf.h	Mon Sep 21 21:56:13 2015
+++ include/openssl/opensslconf.h	Mon Dec  7 07:56:14 2015
@@ -1,6 +1,10 @@
 #include <openssl/opensslfeatures.h>
 /* crypto/opensslconf.h.in */
@@ -27,10 +27,10 @@ diff -urN include/openssl.orig/opensslconf.h include/openssl/opensslconf.h
 /* Generate 80386 code? */
 #undef I386_ONLY
-diff -urN include/openssl.orig/ossl_typ.h include/openssl/ossl_typ.h
+diff -u include/openssl.orig/ossl_typ.h include/openssl/ossl_typ.h
--- include/openssl.orig/ossl_typ.h	Mon Sep 21 21:45:45 2015
+--- include/openssl.orig/ossl_typ.h	Mon Dec  7 07:58:32 2015
-+++ include/openssl/ossl_typ.h	Mon Sep 21 21:56:22 2015
+++ include/openssl/ossl_typ.h	Mon Dec  7 07:56:14 2015
-@@ -100,6 +100,22 @@
+@@ -80,6 +80,22 @@
 typedef struct ASN1_ITEM_st ASN1_ITEM;
 typedef struct asn1_pctx_st ASN1_PCTX;
@@ -53,9 +53,9 @@ diff -urN include/openssl.orig/ossl_typ.h include/openssl/ossl_typ.h
 #ifdef BIGNUM
 #undef BIGNUM
 #endif
-diff -urN include/openssl.orig/pkcs7.h include/openssl/pkcs7.h
+diff -u include/openssl.orig/pkcs7.h include/openssl/pkcs7.h
--- include/openssl.orig/pkcs7.h	Mon Sep 21 21:45:45 2015
+--- include/openssl.orig/pkcs7.h	Mon Dec  7 07:58:32 2015
-+++ include/openssl/pkcs7.h	Mon Sep 21 21:56:29 2015
+++ include/openssl/pkcs7.h	Mon Dec  7 07:56:14 2015
@@ -69,6 +69,18 @@
 extern "C" {
 #endif
@@ -75,9 +75,9 @@ diff -urN include/openssl.orig/pkcs7.h include/openssl/pkcs7.h
 /*
 Encryption_ID		DES-CBC
 Digest_ID		MD5
-diff -urN include/openssl.orig/x509.h include/openssl/x509.h
+diff -u include/openssl.orig/x509.h include/openssl/x509.h
--- include/openssl.orig/x509.h	Mon Sep 21 21:45:45 2015
+--- include/openssl.orig/x509.h	Mon Dec  7 07:58:32 2015
-+++ include/openssl/x509.h	Mon Sep 21 21:56:35 2015
+++ include/openssl/x509.h	Mon Dec  7 07:56:14 2015
@@ -112,6 +112,19 @@
 extern "C" {
 #endif
--- a/scripts/config.guess
+++ b/scripts/config.guess
--- a/scripts/config.sub
+++ b/scripts/config.sub
--- a/ssl/CMakeLists.txt
+++ b/ssl/CMakeLists.txt
@@ -52,6 +52,9 @@ if (BUILD_SHARED)
 	add_library(ssl-objects OBJECT ${SSL_SRC})
 	add_library(ssl STATIC $<TARGET_OBJECTS:ssl-objects>)
 	add_library(ssl-shared SHARED $<TARGET_OBJECTS:ssl-objects>)
 	if (MSVC)
 		target_link_libraries(ssl-shared crypto-shared Ws2_32.lib)
 	endif()
 	set_target_properties(ssl-shared PROPERTIES OUTPUT_NAME ssl)
 	set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION}
 		SOVERSION ${SSL_MAJOR_VERSION})
--- a/ssl/Makefile.am
+++ b/ssl/Makefile.am
@@ -6,7 +6,7 @@ EXTRA_DIST = VERSION
 EXTRA_DIST += CMakeLists.txt
 libssl_la_LDFLAGS = -version-info @LIBSSL_VERSION@ -no-undefined
-libssl_la_LIBADD = ../crypto/libcrypto.la
+libssl_la_LIBADD = $(abs_top_builddir)/crypto/libcrypto.la
 libssl_la_SOURCES = bio_ssl.c
 libssl_la_SOURCES += bs_ber.c
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -9,14 +9,11 @@ include_directories(
 	../apps/openssl/compat
 )
 set(ENV{srcdir} ${CMAKE_CURRENT_SOURCE_DIR})
 # aeadtest
-#add_executable(aeadtest aeadtest.c)
+add_executable(aeadtest aeadtest.c)
-#target_link_libraries(aeadtest ${OPENSSL_LIBS})
+target_link_libraries(aeadtest ${OPENSSL_LIBS})
-#add_test(aeadtest aeadtest.sh)
+add_test(aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtest.sh)
-#configure_file(aeadtests.txt aeadtests.txt COPYONLY)
+set_tests_properties(aeadtest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 #configure_file(aeadtest.sh aeadtest.sh COPYONLY)
 # aes_wrap
 add_executable(aes_wrap aes_wrap.c)
@@ -25,7 +22,7 @@ add_test(aes_wrap aes_wrap)
 # arc4randomforktest
 # Windows/mingw does not have fork, but Cygwin does.
-if(NOT CMAKE_HOST_WIN32)
+if(NOT CMAKE_HOST_WIN32 AND NOT CMAKE_SYSTEM_NAME MATCHES "MINGW")
 add_executable(arc4randomforktest arc4randomforktest.c)
 target_link_libraries(arc4randomforktest ${OPENSSL_LIBS})
 add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh)
@@ -51,6 +48,14 @@ add_executable(bftest bftest.c)
 target_link_libraries(bftest ${OPENSSL_LIBS})
 add_test(bftest bftest)
 # biotest
 # the BIO tests rely on resolver results that are OS and environment-specific
 if(ENABLE_EXTRATESTS)
 	add_executable(biotest biotest.c)
 	target_link_libraries(biotest ${OPENSSL_LIBS})
 	add_test(biotest biotest)
 endif()
 # bntest
 add_executable(bntest bntest.c)
 target_link_libraries(bntest ${OPENSSL_LIBS})
@@ -127,19 +132,21 @@ target_link_libraries(enginetest ${OPENSSL_LIBS})
 add_test(enginetest enginetest)
 # evptest
-#add_executable(evptest evptest.c)
+add_executable(evptest evptest.c)
-#target_link_libraries(evptest ${OPENSSL_LIBS})
+target_link_libraries(evptest ${OPENSSL_LIBS})
-#add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh)
+add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh)
 set_tests_properties(evptest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 # explicit_bzero
 # explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
 if(NOT CMAKE_HOST_WIN32)
-add_executable(explicit_bzero explicit_bzero.c)
+if(HAVE_MEMMEM)
 	add_executable(explicit_bzero explicit_bzero.c)
 else()
 	add_executable(explicit_bzero explicit_bzero.c memmem.c)
 endif()
 target_link_libraries(explicit_bzero ${OPENSSL_LIBS})
 add_test(explicit_bzero explicit_bzero)
 #if !HAVE_MEMMEM
 #explicit_bzero_SOURCES += memmem.c
 #endif
 endif()
 # exptest
@@ -187,6 +194,19 @@ add_executable(mont mont.c)
 target_link_libraries(mont ${OPENSSL_LIBS})
 add_test(mont mont)
 # ocsp_test
 if(ENABLE_EXTRATESTS)
 	if(NOT "${OPENSSLDIR}" STREQUAL "")
 		add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
 	else()
 		add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
 	endif()
 	add_executable(ocsp_test ocsp_test.c)
 	target_link_libraries(ocsp_test ${OPENSSL_LIBS})
 	add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh)
 	set_tests_properties(ocsptest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 endif()
 # optionstest
 add_executable(optionstest optionstest.c)
 target_link_libraries(optionstest ${OPENSSL_LIBS})
@@ -197,6 +217,15 @@ add_executable(pbkdf2 pbkdf2.c)
 target_link_libraries(pbkdf2 ${OPENSSL_LIBS})
 add_test(pbkdf2 pbkdf2)
 # pidwraptest
 # pidwraptest relies on an OS-specific way to give out pids and is generally
 # awkward on systems with slow fork
 if(ENABLE_EXTRATESTS)
 	add_executable(pidwraptest pidwraptest.c)
 	target_link_libraries(pidwraptest ${OPENSSL_LIBS})
 	add_test(pidwraptest ${CMAKE_CURRENT_SOURCE_DIR}/pidwraptest.sh)
 endif()
 # pkcs7test
 add_executable(pkcs7test pkcs7test.c)
 target_link_libraries(pkcs7test ${OPENSSL_LIBS})
@@ -208,9 +237,10 @@ target_link_libraries(poly1305test ${OPENSSL_LIBS})
 add_test(poly1305test poly1305test)
 # pq_test
-#add_executable(pq_test pq_test.c)
+add_executable(pq_test pq_test.c)
-#target_link_libraries(pq_test ${OPENSSL_LIBS})
+target_link_libraries(pq_test ${OPENSSL_LIBS})
-#add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
+add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
 set_tests_properties(pq_test PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 # randtest
 add_executable(randtest randtest.c)
@@ -230,7 +260,11 @@ add_test(rc4test rc4test)
 # rfc5280time
 add_executable(rfc5280time rfc5280time.c)
 target_link_libraries(rfc5280time ${OPENSSL_LIBS})
-add_test(rfc5280time rfc5280time)
+if(SMALL_TIME_T)
 	add_test(rfc5280time ${CMAKE_CURRENT_SOURCE_DIR}/rfc5280time_small.test)
 else()
 	add_test(rfc5280time rfc5280time)
 endif()
 # rmdtest
 add_executable(rmdtest rmdtest.c)
@@ -253,18 +287,22 @@ target_link_libraries(sha512test ${OPENSSL_LIBS})
 add_test(sha512test sha512test)
 # ssltest
-#add_executable(ssltest ssltest.c)
+add_executable(ssltest ssltest.c)
-#target_link_libraries(ssltest ${OPENSSL_LIBS})
+target_link_libraries(ssltest ${OPENSSL_LIBS})
-#add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
+add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
 set_tests_properties(ssltest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 # testdsa
-#add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
+add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
 set_tests_properties(testdsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 # testenc
 add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh)
 set_tests_properties(testenc PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 # testrsa
-#add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
+add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
 set_tests_properties(testrsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 # timingsafe
 add_executable(timingsafe timingsafe.c)
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -7,9 +7,9 @@ AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl
 AM_CPPFLAGS += -I $(top_srcdir)/apps/openssl/compat
 LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
-LDADD += $(top_builddir)/ssl/libssl.la
+LDADD += $(abs_top_builddir)/ssl/libssl.la
-LDADD += $(top_builddir)/crypto/libcrypto.la
+LDADD += $(abs_top_builddir)/crypto/libcrypto.la
-LDADD += $(top_builddir)/tls/libtls.la
+LDADD += $(abs_top_builddir)/tls/libtls.la
 TEST_LOG_DRIVER = env AM_TAP_AWK='$(AWK)' $(SHELL) $(top_srcdir)/tap-driver.sh
@@ -208,6 +208,14 @@ TESTS += mont
 check_PROGRAMS += mont
 mont_SOURCES = mont.c
 # ocsp_test
 if ENABLE_EXTRATESTS
 TESTS += ocsptest.sh
 check_PROGRAMS += ocsp_test
 ocsp_test_SOURCES = ocsp_test.c
 endif
 EXTRA_DIST += ocsptest.sh
 # optionstest
 TESTS += optionstest
 check_PROGRAMS += optionstest
@@ -225,8 +233,8 @@ if ENABLE_EXTRATESTS
 TESTS += pidwraptest.sh
 check_PROGRAMS += pidwraptest
 pidwraptest_SOURCES = pidwraptest.c
 EXTRA_DIST += pidwraptest.sh
 endif
 EXTRA_DIST += pidwraptest.sh
 # pkcs7test
 TESTS += pkcs7test
--- a/tests/ocsptest.sh
+++ b/tests/ocsptest.sh
@@ -0,0 +1,8 @@
 #!/bin/sh
 set -e
 TEST=./ocsp_test
 if [ -e ./ocsp_test.exe ]; then
 	TEST=./ocsp_test.exe
 fi
 $TEST www.amazon.com 443
 $TEST cloudflare.com 443
--- a/tests/ssltest.sh
+++ b/tests/ssltest.sh
@@ -6,9 +6,16 @@ if [ -e ./ssltest.exe ]; then
 	ssltest_bin=./ssltest.exe
 fi
-openssl_bin=../apps/openssl/openssl
+if [ -d ../apps/openssl ]; then
-if [ -e ../apps/openssl/openssl.exe ]; then
+	openssl_bin=../apps/openssl/openssl
-	openssl_bin=../apps/openssl/openssl.exe
+	if [ -e ../apps/openssl/openssl.exe ]; then
 		openssl_bin=../apps/openssl/openssl.exe
 	fi
 else
 	openssl_bin=../apps/openssl
 	if [ -e ../apps/openssl.exe ]; then
 		openssl_bin=../apps/openssl.exe
 	fi
 fi
 if [ -z $srcdir ]; then
--- a/tests/testdsa.sh
+++ b/tests/testdsa.sh
@@ -4,9 +4,16 @@
 #Test DSA certificate generation of openssl
-cmd=../apps/openssl/openssl
+if [ -d ../apps/openssl ]; then
-if [ -e ../apps/openssl/openssl.exe ]; then
+	cmd=../apps/openssl/openssl
-	cmd=../apps/openssl/openssl.exe
+	if [ -e ../apps/openssl/openssl.exe ]; then
 		cmd=../apps/openssl/openssl.exe
 	fi
 else
 	cmd=../apps/openssl
 	if [ -e ../apps/openssl.exe ]; then
 		cmd=../apps/openssl.exe
 	fi
 fi
 if [ -z $srcdir ]; then
--- a/tests/testenc.sh
+++ b/tests/testenc.sh
@@ -2,12 +2,23 @@
 #	$OpenBSD: testenc.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $
 test=p
-cmd=../apps/openssl/openssl
+if [ -d ../apps/openssl ]; then
-if [ -e ../apps/openssl/openssl.exe ]; then
+	cmd=../apps/openssl/openssl
-	cmd=../apps/openssl/openssl.exe
+	if [ -e ../apps/openssl/openssl.exe ]; then
 		cmd=../apps/openssl/openssl.exe
 	fi
 else
 	cmd=../apps/openssl
 	if [ -e ../apps/openssl.exe ]; then
 		cmd=../apps/openssl.exe
 	fi
 fi
-cat openssl.cnf >$test;
+if [ -z $srcdir ]; then
 	srcdir=.
 fi
 cat $srcdir/openssl.cnf >$test;
 echo cat
 $cmd enc < $test > $test.cipher
--- a/tests/testrsa.sh
+++ b/tests/testrsa.sh
@@ -4,9 +4,16 @@
 #Test RSA certificate generation of openssl
-cmd=../apps/openssl/openssl
+if [ -d ../apps/openssl ]; then
-if [ -e ../apps/openssl/openssl.exe ]; then
+	cmd=../apps/openssl/openssl
-	cmd=../apps/openssl/openssl.exe
+	if [ -e ../apps/openssl/openssl.exe ]; then
 		cmd=../apps/openssl/openssl.exe
 	fi
 else
 	cmd=../apps/openssl
 	if [ -e ../apps/openssl.exe ]; then
 		cmd=../apps/openssl.exe
 	fi
 fi
 if [ -z $srcdir ]; then
--- a/tls/CMakeLists.txt
+++ b/tls/CMakeLists.txt
@@ -17,14 +17,23 @@ set(
 )
-if(NOT HAVE_STRCASECMP)
+if(NOT HAVE_STRSEP)
 	set(TLS_SRC ${TLS_SRC} strsep.c)
 endif()
 if(NOT "${OPENSSLDIR}" STREQUAL "")
 	add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
 else()
 	add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
 endif()
 if (BUILD_SHARED)
 	add_library(tls-objects OBJECT ${TLS_SRC})
 	add_library(tls STATIC $<TARGET_OBJECTS:tls-objects>)
 	add_library(tls-shared SHARED $<TARGET_OBJECTS:tls-objects>)
 	if (MSVC)
 		target_link_libraries(tls-shared ssl-shared crypto-shared Ws2_32.lib)
 	endif()
 	set_target_properties(tls-shared PROPERTIES OUTPUT_NAME tls)
 	set_target_properties(tls-shared PROPERTIES VERSION ${TLS_VERSION}
 		SOVERSION ${TLS_MAJOR_VERSION})
--- a/tls/Makefile.am
+++ b/tls/Makefile.am
@@ -6,7 +6,16 @@ EXTRA_DIST = VERSION
 EXTRA_DIST += CMakeLists.txt
 libtls_la_LDFLAGS = -version-info @LIBTLS_VERSION@ -no-undefined
-libtls_la_LIBADD = ../crypto/libcrypto.la ../ssl/libssl.la $(PLATFORM_LDADD)
+libtls_la_LIBADD = $(abs_top_builddir)/ssl/libssl.la
 libtls_la_LIBADD += $(abs_top_builddir)/crypto/libcrypto.la
 libtls_la_LIBADD += $(PLATFORM_LDADD)
 libtls_la_CPPFLAGS = $(AM_CPPFLAGS)
 if OPENSSLDIR_DEFINED
 libtls_la_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"@OPENSSLDIR@/cert.pem\"
 else
 libtls_la_CPPFLAGS += -D_PATH_SSL_CA_FILE=\"$(sysconfdir)/ssl/cert.pem\"
 endif
 libtls_la_SOURCES = tls.c
 libtls_la_SOURCES += tls_client.c
--- a/update.sh
+++ b/update.sh
@@ -13,6 +13,7 @@ if [ ! -d openbsd ]; then
 	fi
 fi
 (cd openbsd
 git fetch
 git checkout $openbsd_branch
 git pull --rebase)
@@ -73,6 +74,7 @@ $CP $libtls_src/tls.h libtls-standalone/include
 for i in crypto/compat libtls-standalone/compat; do
 	for j in $libc_src/crypt/arc4random.c \
 	    $libc_src/crypt/arc4random_uniform.c \
 	    $libc_src/crypt/chacha_private.h \
 	    $libc_src/string/explicit_bzero.c \
 	    $libc_src/stdlib/reallocarray.c \
@@ -300,8 +302,13 @@ add_man_links() {
 }
 # apply local patches
 PATCH=patch
 # Prefer gnu patch on AIX systems, if available
 if [ -x /opt/freeware/bin/patch ]; then
    PATCH=/opt/freeware/bin/patch
 fi
 for i in patches/*.patch; do
-    patch -p0 < $i
+    $PATCH -p0 < $i
 done
 # copy manpages
Author	SHA1	Message	Date
Brent Cook	c4ebe2518c	Update changelog	2016-09-23 05:40:01 -05:00
Geoff Beier	1d36474726	Set _PATH_SSL_CA_FILE to either CMAKE_INSTALL_PREFIX or OPENSSLDIR for the OCSP tests so that OCSP tests can be executed on a system without /etc/ssl/cert.pem	2016-08-02 11:02:48 -05:00
Brent Cook	48ecc2d05d	update changelog for 2.4.2	2016-07-31 17:55:50 -05:00
Brent Cook	7f322bfe7e	set link library dependencies with MSVC, fixes #221	2016-07-31 17:12:35 -05:00
Brent Cook	47d4f7109f	properly enable strnlen checks for MSVC	2016-07-31 17:12:35 -05:00
Brent Cook	12348e6f64	create OPENBSD_6_0 branch	2016-07-29 07:51:02 -05:00
celan69	1b10e48a1f	Fix typo in USE_BUILTIN_ARC4RANDOM check Solaris 11 recently introduced a builtin arc4random in libc which fails the tests in "make check". Found USE_BUILTIN_ARC4RANDOM, but could not get it to work. Apparently, there is a typo in the configure logic rendering USE_BUILTIN_ARC4RANDOM ineffective.	2016-07-19 12:11:28 +02:00
Brent Cook	a9332ccecf	avoid BSWAP assembly for ARM <= v6	2016-07-17 18:12:23 -05:00
Brent Cook	fa435db8df	format 64-bit int portably (windows wants %l64d)	2016-07-17 17:37:16 -05:00
Brent Cook	618c32e4a1	don't build nc with MSVC	2016-07-11 03:14:23 -05:00
Brent Cook	b13529f791	Revert "remove DEFAULT_CA_FILE patch, since libtls handles this by default" This reverts commit `30adf9c06e`.	2016-07-09 12:40:22 -05:00
Brent Cook	30adf9c06e	remove DEFAULT_CA_FILE patch, since libtls handles this by default	2016-07-07 07:27:39 -05:00
kinichiro	23083e7724	include OCSP test script	2016-07-05 20:33:16 +09:00
Brent Cook	aab671088d	add OCSP test	2016-07-04 23:29:39 -05:00
Brent Cook	ccf66c469f	update for netcat changes	2016-06-30 20:00:29 -05:00
Brent Cook	ec4c98718d	refine netcat patch	2016-06-30 08:18:03 -05:00
Brent Cook	13b7ac8ada	update netcat patch	2016-06-30 05:49:38 -05:00
Brent Cook	ddb22413ed	update NetBSD recommendation	2016-06-07 07:10:21 -05:00
Brent Cook	2cbdc049bb	Changelog for 2.4.1	2016-06-06 04:57:01 -05:00
Brent Cook	4a9e42808c	Land #197 , include platform linker flags in the .pc files	2016-06-03 05:14:04 -05:00
Martin Herkt	de4a123930	pc: add platform-specific libs to Libs.private Fixes compilations including libressl static libraries in MinGW. Signed-off-by: Ricardo Constantino (:RiCON) <wiiaboo@gmail.com>	2016-05-31 15:24:22 +01:00
Brent Cook	72ce1e1c9f	Update changelog	2016-05-30 17:19:22 -05:00
Brent Cook	0c4d1b9cef	update changelog	2016-05-30 11:24:10 -05:00
Brent Cook	1f6f1a3527	Update changelog	2016-05-30 11:11:37 -05:00
Brent Cook	7b420734d4	update changelog	2016-05-30 11:11:37 -05:00
Brent Cook	ff021e8abd	rebase netcat patch	2016-05-30 11:08:43 -05:00
Brent Cook	40974784c0	add constant_time_locl.h	2016-05-04 08:47:55 -05:00
Brent Cook	552817b77f	Land #192 , fix fix ld warning "attempted multiple inclusion of file" on Solaris	2016-05-02 02:03:03 -05:00
Brent Cook	5582be55b4	Land #190 , Enable cmake on Solaris	2016-05-02 02:00:55 -05:00
Brent Cook	a653a67a1e	Land #189 , Added extra cmake build options like autotools builds	2016-05-02 01:58:18 -05:00
Brent Cook	466e389d3f	check linker flags before checking for functions	2016-04-24 03:29:14 -05:00
kinichiro	02e1cc4df1	fix ld warning "attempted multiple inclusion of file" on Solaris - To avoid ld warning on Solaris, use abs_top_builddir in Makefile.am	2016-04-21 16:12:47 +09:00
kinichiro	49eabdcb16	organize enabling asm condition in cmake - add amd64 as same as x86_64 - add solaris(i386)	2016-04-15 14:24:00 +09:00
kinichiro	08089a1b20	fix cmake on Solaris - add Solaris specific compiler flags and library - merge message when SMALL_TIME_T is true - confirmed on SunOS Release 5.11 Version 11.3 64-bit Solaris i386	2016-04-15 01:47:20 +09:00
kinichiro	bda62f7fe4	add cmake build options - add cmake build options as configure provides * -DENABLE_ASM (default ON) * -DENABLE_EXTRATESTS (default OFF) * -DENABLE_NC (default OFF) * -DOPENSSLDIR (default ${CMAKE_INSTALL_PREFIX}/etc/ssl) - add biotest and pidwraptest if ENABLE_EXTRATESTS is ON - add compiler flag `-fno-common` if CMAKE_SYSTEM_NAME is Darwin to prevent link error Undefined symbols "_OPENSSL_ia32cap_P"	2016-04-14 15:16:52 +09:00
kinichiro	c94670a8cd	add cmake uninstall functionality - add uninstall functionality * see https://cmake.org/Wiki/CMake_FAQ#Can_I_do_.22make_uninstall.22_with_CMake.3F	2016-04-09 13:37:09 -05:00
Brent Cook	752ad82d33	Land #188 , add ASM support for cmake builds	2016-04-09 12:08:26 -05:00
kinichiro	2510a5e6f9	modify cmake to build nc - modify structure of CMakeLists.txt under apps/ * move apps/CMakeLists.txt to apps/openssl/ since this is for openssl build * create new apps/nc/CMakeLists.txt for nc build * modify apps/CMakeLists.txt just add_subdirectory() - add checking and compile of arc4random_uniform() - add installing man files, openssl.1 and nc.1	2016-04-09 12:06:40 -05:00
Brent Cook	9a98de6c34	Land #185 , fix MINGW and CYGWIN builds with cmake	2016-04-09 11:50:37 -05:00
Brent Cook	34bf322e6e	Land #184 , execute tests that require srcdir environment variable with cmake	2016-04-09 11:49:53 -05:00
Brent Cook	d9b0838432	Land #183 , fix cmake on HP-UX	2016-04-09 11:49:29 -05:00
kinichiro	e1f8a1e160	modify cmake to build ASM - add functionality compiling ASM with cmake - to enable ASM, `cmake -DENABLE_ASM=on ..`	2016-04-08 15:09:07 +09:00
kinichiro	177e13159b	add condition for setting BUILD_SHARED (cmake) - add MINGW and CYGWIN for win build	2016-04-05 15:35:21 +09:00
kinichiro	cf45f2bdfd	execute tests that require srcdir environment variable with cmake - uncomment procedures for aeadtest, evptest, pq_test, ssltest, testdsa and testrsa - add set_tests_properties() for setting environment variable srcdir - tweak openssl path in ssltest.sh, testdsa.sh, testenc.sh and testrsa.sh	2016-04-05 10:02:35 +09:00
kinichiro	3207606f11	fix cmake on HP-UX - CMakeLists.txt * add OS specific compiler flags and library * add checking size of time_t * add checking memmem() - tests/CMakeLists.txt * add if(HAVE_MEMMEM) for explicit_bzero * add checking SMALL_TIME_T for rfc5280time - crypto/CMakeLists.txt * add getentropy_hpux.c - tls/CMakeLists.txt * fix checking strsep	2016-04-04 14:27:43 +09:00
kinichiro	2997b8577c	set project LANGUAGES to C	2016-03-30 16:10:19 +09:00
kinichiro	02b00b5c07	set cmake_minimum_required to 2.8.8 `OBJECT` library type of add_library was introduced by CMake 2.8.8.	2016-03-30 12:52:16 +09:00
Brent Cook	8131b377bf	update changelog	2016-03-21 05:01:12 -05:00
Brent Cook	04ceeb2c75	updated changelog	2016-03-21 04:47:24 -05:00
Brent Cook	9a0f8a424b	set windows binary OPENSSLDIR to something plausible	2016-03-21 04:37:01 -05:00
kinichiro	14aa5f73ab	modify include/compat/netinet/ip.h - add including <netinet/in_systm.h> for n_long on HP-UX	2016-03-13 19:17:24 +09:00
Brent Cook	05f3422a9b	fix check for strlcat fixes #175	2016-03-12 17:10:03 -06:00
Brent Cook	be3b129221	add install_sw alias for latest nginx fixes #174	2016-03-12 17:07:28 -06:00
Brent Cook	2c751b1cf9	update man links	2016-02-29 05:20:58 -06:00
Brent Cook	d4d040c171	add things to minimize diffs with OpenNTPD-portable	2016-02-15 13:39:06 -06:00
Brent Cook	9df51efab0	updated changelog	2016-01-27 12:33:34 -06:00
Brent Cook	8c91563f60	add solaris include for getentropy(2)	2016-01-18 09:50:23 -06:00
Brent Cook	d0ff644edc	package pidwraptest.sh script	2016-01-03 21:29:35 -06:00
Brent Cook	35e669fd1a	whitelist NetBSD 7.0 native arc4random(3) implementation. NetBSD 7 improves arc4random(3) over earlier versions by adding fork detection, stronger assertions on seed failure.	2016-01-03 21:24:05 -06:00
Brent Cook	d0009039de	enable nc on AIX	2016-01-03 21:20:03 -06:00
Brent Cook	07e541cc2e	replace err.h macros with inline functions Passing NULL for the format is just easier with a function.	2016-01-03 21:20:03 -06:00
Brent Cook	cf86bf8581	prefer gnu patch on AIX	2016-01-03 21:20:02 -06:00
Brent Cook	38c577d758	include strings.h in string.h on AIX as well	2016-01-03 21:19:55 -06:00
Brent Cook	07056b2949	-path isn't really needed for perms fixup, and not supported everywhere	2016-01-03 18:55:04 -06:00
Brent Cook	f5a4ee56be	rebase netcat patch	2015-12-28 08:46:59 -06:00
Brent Cook	4a931b58fc	add upstream config.guess/config.sub This adds refreshed OS and CPU detection. https://www.gnu.org/software/gettext/manual/html_node/config_002eguess.html	2015-12-27 22:33:51 -06:00
Brent Cook	53cd105d6e	update check for b64_ntop typo spotted by Jonas 'Sortie' Termansen	2015-12-27 22:12:35 -06:00
Brent Cook	733d581028	note the removed Verisign certificate	2015-12-15 21:38:35 -06:00
Brent Cook	b95c92c62b	update added certs	2015-12-14 19:51:15 -06:00
Brent Cook	3af1387b18	Revert back to GetStdHandle, since it works fine with pipes. Also include the formerly-missing NULL check, since this can fail in two ways.	2015-12-11 09:22:12 -06:00
Brent Cook	bd8fe5868f	include stdint.h uint*_t	2015-12-11 09:21:43 -06:00
Anthony Novatsis	5727d3274e	Replace STDIN_FILENO with _fileno Replace STDIN_FILENO with _fileno as STDIN_FILENO results in compile errors with Visual Studio 2015 (using CMake).	2015-12-11 16:32:00 +11:00
Brent Cook	4db1ad6797	installing nc(1) should imply building, even if not whitelisted	2015-12-07 08:24:41 -06:00
Brent Cook	28aaab4323	allow optionally installing nc(1) with '--enable-nc'	2015-12-07 08:14:51 -06:00
Brent Cook	19f58fdb1b	rebase windows headers patch	2015-12-07 08:03:44 -06:00
Brent Cook	1988b8f65e	fixup cert.pem path override for libtls, add for nc(1) this also fixes the formatting of help for nc(1)	2015-12-07 07:55:05 -06:00
Brent Cook	905e2a3b80	refresh nc(1) support	2015-12-06 23:32:18 -06:00
Brent Cook	5b49c30cbc	override _PATH_SSL_CA_FILE with OPENSSLDIR at build time fix #160	2015-12-06 20:35:09 -06:00
Brent Cook	fabe122b4e	update changelog	2015-12-06 20:34:32 -06:00
Brent Cook	afcc027da7	only set the console mode if stdin is a console (not a pipe) This allows piping commands and running from a cygwin console.	2015-12-06 16:49:01 -06:00
Brent Cook	75ef5bb160	wrap gets on Windows, replacing '\r\n' with '\n'	2015-12-05 13:58:37 -06:00
Brent Cook	d7317353a9	Update 2.3.2 release notes	2015-12-05 13:29:09 -06:00
Brent Cook	585b57b202	no special workaround needed for MSVC2015	2015-12-02 08:39:22 -06:00
Zhicheng Wei	84f0a9dbda	fix libtls-standalone tests for tls_read and tls_write changed api	2015-11-23 02:11:02 -06:00
Brent Cook	7a82b7c0fd	build nc on solaris and cygwin	2015-11-23 02:07:23 -06:00
Brent Cook	7109fb3260	ensure we don't pass a negative int to ctypes functions Some implementations, e.g. cygwin, use a table lookup that can cast a char to a negative array offset.	2015-11-23 02:06:03 -06:00
Brent Cook	9574b6c8ec	do not link libcompatnoopt if it is unneeded/built from andy-js on github, fix #158	2015-11-22 17:31:51 -06:00
Brent Cook	9c5105eeb1	omit <type> links	2015-11-22 06:37:13 -06:00
Brent Cook	fbe05ec826	update manpage links	2015-11-22 04:56:36 -06:00
Brent Cook	d35e8bbeaf	update netcat patch	2015-11-22 04:55:22 -06:00
Brent Cook	1d5dfff695	update patches	2015-11-02 20:22:26 -06:00