update Changelog

Sync getentropy() checks with use-builtin-arc4random checks
Without this, we actually fail to build a library that includes the bultin getentropy when compiling for 10.11 on 10.12.
2017-01-09 03:31:28 -06:00 · 2017-01-07 07:21:47 -06:00 · 2017-01-07 07:21:07 -06:00 · 2017-01-07 07:21:07 -06:00 · 2017-01-07 07:21:07 -06:00 · 2016-11-06 09:22:39 -06:00
26 changed files with 180 additions and 641 deletions
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1,10 +1,9 @@
-cmake_minimum_required (VERSION 2.8.8)
+cmake_minimum_required (VERSION 2.8)
 include(CheckFunctionExists)
 include(CheckLibraryExists)
 include(CheckIncludeFiles)
 include(CheckTypeSize)
-project (LibreSSL C)
+project (LibreSSL)
 enable_testing()
@@ -23,17 +22,6 @@ string(STRIP ${TLS_VERSION} TLS_VERSION)
 string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION})
 string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})
 option(ENABLE_ASM "Enable assembly" ON)
 option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
 option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
 set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)
 set(BUILD_NC true)
 if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
 	add_definitions(-fno-common)
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "OpenBSD")
 	add_definitions(-DHAVE_ATTRIBUTE__BOUNDED__)
 endif()
@@ -45,34 +33,9 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
 	add_definitions(-D_GNU_SOURCE)
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "MINGW")
 	set(BUILD_NC false)
 endif()
 if(MSVC)
 	set(BUILD_NC false)
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
 	if(CMAKE_C_COMPILER MATCHES "gcc")
 		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
 		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlp64")
 	else()
 		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 +DD64 +Otype_safety=off")
 	endif()
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT")
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__EXTENSIONS__")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBSD_COMP")
 	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic -m64")
 endif()
 add_definitions(-DLIBRESSL_INTERNAL)
 add_definitions(-DOPENSSL_NO_HW_PADLOCK)
 add_definitions(-DOPENSSL_NO_ASM)
 set(CMAKE_POSITION_INDEPENDENT_CODE true)
@@ -168,11 +131,6 @@ if(HAVE_ARC4RANDOM_BUF)
 	add_definitions(-DHAVE_ARC4RANDOM_BUF)
 endif()
 check_function_exists(arc4random_uniform HAVE_ARC4RANDOM_UNIFORM)
 if(HAVE_ARC4RANDOM_UNIFORM)
 	add_definitions(-DHAVE_ARC4RANDOM_UNIFORM)
 endif()
 check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
 if(HAVE_EXPLICIT_BZERO)
 	add_definitions(-DHAVE_EXPLICIT_BZERO)
@@ -198,28 +156,11 @@ if(HAVE_MEMCMP)
 	add_definitions(-DHAVE_MEMCMP)
 endif()
 check_function_exists(memmem HAVE_MEMMEM)
 if(HAVE_MEMMEM)
 	add_definitions(-DHAVE_MEMMEM)
 endif()
 check_include_files(err.h HAVE_ERR_H)
 if(HAVE_ERR_H)
 	add_definitions(-DHAVE_ERR_H)
 endif()
 if(ENABLE_ASM)
 	if("${CMAKE_C_COMPILER_ABI}" STREQUAL "ELF")
 		if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)")
 			set(HOST_ASM_ELF_X86_64 true)
 		elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386")
 			set(HOST_ASM_ELF_X86_64 true)
 		endif()
 	elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
 		set(HOST_ASM_MACOSX_X86_64 true)
 	endif()
 endif()
 set(OPENSSL_LIBS ssl crypto)
 if(CMAKE_HOST_WIN32)
 	set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
@@ -230,25 +171,11 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
 		set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
 	endif()
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
 	set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
 endif()
 if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
 	set(OPENSSL_LIBS ${OPENSSL_LIBS} nsl socket)
 endif()
-if(NOT (CMAKE_SYSTEM_NAME MATCHES "(Darwin|MINGW|CYGWIN)" OR MSVC))
+if(NOT (CMAKE_SYSTEM_NAME MATCHES "Darwin" OR MSVC))
 	set(BUILD_SHARED true)
 endif()
 check_type_size(time_t SIZEOF_TIME_T)
 if(SIZEOF_TIME_T STREQUAL "4")
 	set(SMALL_TIME_T true)
 	message(WARNING " ** Warning, this system is unable to represent times past 2038\n"
 	                " ** It will behave incorrectly when handling valid RFC5280 dates")
 endif()
 add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T})
 add_subdirectory(crypto)
 add_subdirectory(ssl)
 add_subdirectory(apps)
@@ -258,11 +185,3 @@ if(NOT MSVC)
 	add_subdirectory(man)
 	add_subdirectory(tests)
 endif()
 configure_file(
 	"${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
 	"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
 	IMMEDIATE @ONLY)
 add_custom_target(uninstall
 	COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)
--- a/100
+++ b/100
@@ -28,7 +28,7 @@ history is also available from Git.
 LibreSSL Portable Release Notes:
-2.4.5  - Security and compatibility fixes
+2.3.10 - Security and compatibility fixes
 	* Avoid a side-channel cache-timing attack that can leak the ECDSA
 	  private keys when signing. This is due to BN_mod_inverse() being
@@ -41,32 +41,12 @@ LibreSSL Portable Release Notes:
 	* iOS and MacOS compatibility updates from Simone Basso and Jacob
 	  Berkman.
-2.4.4 - Reliability improvements
+2.3.9 - Reliability improvements
 	* Avoid continual processing of an unlimited number of TLS records,
 	  which can cause a denial-of-service condition.
-	* In X509_cmp_time(), pass asn1_time_parse() the tag of the field
+2.3.8 - Security and reliability fixes
 	  being parsed so that a malformed GeneralizedTime field is recognized as
 	  an error instead of potentially being interpreted as if it was a valid
 	  UTCTime.
 	* Improve ticket validity checking when tlsext_ticket_key_cb()
 	  callback chooses a different HMAC algorithm.
 	* Check for packets with a truncated DTLS cookie.
 	* Detect zero-length encrypted session data early, instead of when
 	  malloc(0) fails or the HMAC check fails.
 	* Check for and handle failure of HMAC_{Update,Final} or
 	  EVP_DecryptUpdate()
 2.4.3 - Bug fixes and reliability improvements
 	* Reverted change that cleans up the EVP cipher context in
 	  EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
 	  previous behaviour.
 	* Avoid unbounded memory growth in libssl, which can be triggered by a
 	  TLS client repeatedly renegotiating and sending OCSP Status Request
@@ -75,79 +55,25 @@ LibreSSL Portable Release Notes:
 	* Avoid falling back to a weak digest for (EC)DH when using SNI with
 	  libssl.
-2.4.2 - Bug fixes and improvements
+2.3.7 - OCSP fixes
-	* Fixed loading default certificate locations with openssl s_client.
+	* Fix several issues in the OCSP code that could result in the
 	  incorrect generation and parsing of OCSP requests. This remediates a
 	  lack of error checking on time parsing in these functions, and
 	  ensures that only GENERALIZEDTIME formats are accepted for OCSP, as
 	  per RFC 6960.
-	* Ensured OSCP only uses and compares GENERALIZEDTIME values as per
+	  Issues reported, and fixes provided by  Kazuki Yamaguchi <k@rhe.jp>
-	  RFC6960. Also added fixes for OCSP to work with intermediate
+	  and Kinichiro Inoguchi <kinichiro.inoguchi@gmail.com>
 	  certificates provided in responses.
-	* Improved behavior of arc4random on Windows to not appear to leak
+2.3.6 - Security fix
 	  memory in debug tools, reduced privileges of allocated memory.
 	* Fixed incorrect results from BN_mod_word() when the modulus is too
 	  large, thanks to Brian Smith from BoringSSL.
 	* Correctly handle an EOF prior to completing the TLS handshake in
 	  libtls.
 	* Improved libtls ceritificate loading and cipher string validation.
 	* Updated libtls cipher group suites into four categories:
 	    "secure"   (TLSv1.2+AEAD+PFS)
 	    "compat"   (HIGH:!aNULL)
 	    "legacy"   (HIGH:MEDIUM:!aNULL)
 	    "insecure" (ALL:!aNULL:!eNULL)
 	  This allows for flexibility and finer grained control, rather than
 	  having two extremes.
 	* Limited support for 'backward compatible' SSLv2 handshake packets to
 	  when TLS 1.0 is enabled, providing more restricted compatibility
 	  with TLS 1.0 clients.
 	* openssl(1) and other documentation improvements.
 	* Removed flags for disabling constant-time operations.
 	  This removes support for DSA_FLAG_NO_EXP_CONSTTIME,
 	  DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making
 	  all of these operations unconditionally constant-time.
 2.4.1 - Security fix
 	* Correct a problem that prevents the DSA signing algorithm from
 	  running in constant time even if the flag BN_FLG_CONSTTIME is set.
 	  This issue was reported by Cesar Pereida (Aalto University), Billy
 	  Brumley (Tampere University of Technology), and Yuval Yarom (The
 	  University of Adelaide and NICTA). The fix was developed by Cesar
-	  Pereida.
+	  Pereida. See OpenBSD 5.9 errata 11, June 6, 2016
 2.4.0 - Build improvements, new features
 	* Many improvements to the CMake build infrastructure, including
 	  Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro
 	  Inoguchi for this work.
 	* Added missing error handling around bn_wexpand() calls.
 	* Added explicit_bzero calls for freed ASN.1 objects.
 	* Fixed X509_*set_object functions to return 0 on allocation failure.
 	* Implemented the IETF ChaCha20-Poly1305 cipher suites.
 	* Changed default EVP_aead_chacha20_poly1305() implementation to the
 	  IETF version, which is now the default.
 	* Fixed password prompts from openssl(1) to properly handle ^C.
 	* Reworked error handling in libtls so that configuration errors are
 	  visible.
 	* Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
 	* Manpage fixes and updates
 2.3.5 - Reliability fix
--- a/Makefile.am
+++ b/Makefile.am
@@ -5,7 +5,7 @@ pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc
 EXTRA_DIST = README.md README.windows VERSION config scripts
-EXTRA_DIST += CMakeLists.txt cmake_uninstall.cmake.in
+EXTRA_DIST += CMakeLists.txt
 .PHONY: install_sw
 install_sw: install
--- a/2
+++ b/2
@@ -1 +1 @@
-OPENBSD_6_0
+OPENBSD_5_9
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ At the time of this writing, LibreSSL is know to build and work on:
 * Linux (kernel 3.17 or later recommended)
 * FreeBSD (tested with 9.2 and later)
-* NetBSD (7.0 or later recommended)
+* NetBSD (tested with 6.1.5)
 * HP-UX (11i)
 * Solaris (11 and later preferred)
 * Mac OS X (tested with 10.8 and later)
--- a/apps/CMakeLists.txt
+++ b/apps/CMakeLists.txt
@@ -1,2 +1,80 @@
-add_subdirectory(openssl)
+include_directories(
-add_subdirectory(nc)
+	.
 	../include
 	../include/compat
 )
 set(
 	OPENSSL_SRC
 	openssl/apps.c
 	openssl/asn1pars.c
 	openssl/ca.c
 	openssl/ciphers.c
 	openssl/cms.c
 	openssl/crl.c
 	openssl/crl2p7.c
 	openssl/dgst.c
 	openssl/dh.c
 	openssl/dhparam.c
 	openssl/dsa.c
 	openssl/dsaparam.c
 	openssl/ec.c
 	openssl/ecparam.c
 	openssl/enc.c
 	openssl/errstr.c
 	openssl/gendh.c
 	openssl/gendsa.c
 	openssl/genpkey.c
 	openssl/genrsa.c
 	openssl/nseq.c
 	openssl/ocsp.c
 	openssl/openssl.c
 	openssl/passwd.c
 	openssl/pkcs12.c
 	openssl/pkcs7.c
 	openssl/pkcs8.c
 	openssl/pkey.c
 	openssl/pkeyparam.c
 	openssl/pkeyutl.c
 	openssl/prime.c
 	openssl/rand.c
 	openssl/req.c
 	openssl/rsa.c
 	openssl/rsautl.c
 	openssl/s_cb.c
 	openssl/s_client.c
 	openssl/s_server.c
 	openssl/s_socket.c
 	openssl/s_time.c
 	openssl/sess_id.c
 	openssl/smime.c
 	openssl/speed.c
 	openssl/spkac.c
 	openssl/ts.c
 	openssl/verify.c
 	openssl/version.c
 	openssl/x509.c
 )
 if(CMAKE_HOST_UNIX)
 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_posix.c)
 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash.c)
 endif()
 if(CMAKE_HOST_WIN32)
 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_win.c)
 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash_win.c)
 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/poll_win.c)
 endif()
 check_function_exists(strtonum HAVE_STRTONUM)
 if(HAVE_STRTONUM)
 	add_definitions(-DHAVE_STRTONUM)
 else()
 	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/strtonum.c)
 endif()
 add_executable(openssl ${OPENSSL_SRC})
 target_link_libraries(openssl ${OPENSSL_LIBS})
 install(TARGETS openssl DESTINATION bin)
--- a/apps/nc/CMakeLists.txt
+++ b/apps/nc/CMakeLists.txt
@@ -1,60 +0,0 @@
 if(BUILD_NC)
 include_directories(
 	.
 	./compat
 	../../include
 	../../include/compat
 )
 set(
 	NC_SRC
 	atomicio.c
 	netcat.c
 	socks.c
 	compat/socket.c
 )
 check_function_exists(b64_ntop HAVE_B64_NTOP)
 if(HAVE_B64_NTOP)
 	add_definitions(-DHAVE_B64_NTOP)
 else()
 	set(NC_SRC ${NC_SRC} compat/base64.c)
 endif()
 check_function_exists(accept4 HAVE_ACCEPT4)
 if(HAVE_ACCEPT4)
 	add_definitions(-DHAVE_ACCEPT4)
 else()
 	set(NC_SRC ${NC_SRC} compat/accept4.c)
 endif()
 check_function_exists(readpassphrase HAVE_READPASSPHRASE)
 if(HAVE_READPASSPHRASE)
 	add_definitions(-DHAVE_READPASSPHRASE)
 else()
 	set(NC_SRC ${NC_SRC} compat/readpassphrase.c)
 endif()
 check_function_exists(strtonum HAVE_STRTONUM)
 if(HAVE_STRTONUM)
 	add_definitions(-DHAVE_STRTONUM)
 else()
 	set(NC_SRC ${NC_SRC} compat/strtonum.c)
 endif()
 if(NOT "${OPENSSLDIR}" STREQUAL "")
 	add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
 else()
 	add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
 endif()
 add_executable(nc ${NC_SRC})
 target_link_libraries(nc tls ${OPENSSL_LIBS})
 if(ENABLE_NC)
 	install(TARGETS nc DESTINATION bin)
 	install(FILES nc.1 DESTINATION share/man/man1)
 endif()
 endif()
--- a/apps/nc/Makefile.am
+++ b/apps/nc/Makefile.am
@@ -9,7 +9,6 @@ noinst_PROGRAMS = nc
 endif
 EXTRA_DIST = nc.1
 EXTRA_DIST += CMakeLists.txt
 nc_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
 nc_LDADD += $(abs_top_builddir)/crypto/libcrypto.la
--- a/apps/openssl/CMakeLists.txt
+++ b/apps/openssl/CMakeLists.txt
@@ -1,89 +0,0 @@
 include_directories(
 	.
 	../../include
 	../../include/compat
 )
 set(
 	OPENSSL_SRC
 	apps.c
 	asn1pars.c
 	ca.c
 	ciphers.c
 	cms.c
 	crl.c
 	crl2p7.c
 	dgst.c
 	dh.c
 	dhparam.c
 	dsa.c
 	dsaparam.c
 	ec.c
 	ecparam.c
 	enc.c
 	errstr.c
 	gendh.c
 	gendsa.c
 	genpkey.c
 	genrsa.c
 	nseq.c
 	ocsp.c
 	openssl.c
 	passwd.c
 	pkcs12.c
 	pkcs7.c
 	pkcs8.c
 	pkey.c
 	pkeyparam.c
 	pkeyutl.c
 	prime.c
 	rand.c
 	req.c
 	rsa.c
 	rsautl.c
 	s_cb.c
 	s_client.c
 	s_server.c
 	s_socket.c
 	s_time.c
 	sess_id.c
 	smime.c
 	speed.c
 	spkac.c
 	ts.c
 	verify.c
 	version.c
 	x509.c
 )
 if(CMAKE_HOST_UNIX)
 	set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c)
 	set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c)
 endif()
 if(CMAKE_HOST_WIN32)
 	set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c)
 	set(OPENSSL_SRC ${OPENSSL_SRC} certhash_win.c)
 	set(OPENSSL_SRC ${OPENSSL_SRC} compat/poll_win.c)
 endif()
 check_function_exists(strtonum HAVE_STRTONUM)
 if(HAVE_STRTONUM)
 	add_definitions(-DHAVE_STRTONUM)
 else()
 	set(OPENSSL_SRC ${OPENSSL_SRC} compat/strtonum.c)
 endif()
 add_executable(openssl ${OPENSSL_SRC})
 target_link_libraries(openssl ${OPENSSL_LIBS})
 install(TARGETS openssl DESTINATION bin)
 install(FILES openssl.1 DESTINATION share/man/man1)
 if(NOT "${OPENSSLDIR}" STREQUAL "")
 	set(CONF_DIR "${OPENSSLDIR}")
 else()
 	set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
 endif()
 install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
 install(DIRECTORY DESTINATION ${CONF_DIR}/cert)
--- a/apps/openssl/Makefile.am
+++ b/apps/openssl/Makefile.am
@@ -89,7 +89,6 @@ noinst_HEADERS += timeouts.h
 EXTRA_DIST = cert.pem
 EXTRA_DIST += openssl.cnf
 EXTRA_DIST += x509v3.cnf
 EXTRA_DIST += CMakeLists.txt
 install-exec-hook:
 	@if [ "@OPENSSLDIR@x" != "x" ]; then \
--- a/cmake_uninstall.cmake.in
+++ b/cmake_uninstall.cmake.in
@@ -1,21 +0,0 @@
 if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
 	message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
 endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
 file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files)
 string(REGEX REPLACE "\n" ";" files "${files}")
 foreach(file ${files})
 	message(STATUS "Uninstalling $ENV{DESTDIR}${file}")
 	if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
 		exec_program(
 			"@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\""
 			OUTPUT_VARIABLE rm_out
 			RETURN_VALUE rm_retval
 			)
 		if(NOT "${rm_retval}" STREQUAL 0)
 			message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}")
 		endif(NOT "${rm_retval}" STREQUAL 0)
 	else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
 		message(STATUS "File $ENV{DESTDIR}${file} does not exist.")
 	endif(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
 endforeach(file)
--- a/crypto/CMakeLists.txt
+++ b/crypto/CMakeLists.txt
@@ -8,107 +8,16 @@ include_directories(
 	modes
 )
 if(HOST_ASM_ELF_X86_64)
 	set(
 		ASM_X86_64_ELF_SRC
 		aes/aes-elf-x86_64.s
 		aes/bsaes-elf-x86_64.s
 		aes/vpaes-elf-x86_64.s
 		aes/aesni-elf-x86_64.s
 		aes/aesni-sha1-elf-x86_64.s
 		bn/modexp512-elf-x86_64.s
 		bn/mont-elf-x86_64.s
 		bn/mont5-elf-x86_64.s
 		bn/gf2m-elf-x86_64.s
 		camellia/cmll-elf-x86_64.s
 		md5/md5-elf-x86_64.s
 		modes/ghash-elf-x86_64.s
 		rc4/rc4-elf-x86_64.s
 		rc4/rc4-md5-elf-x86_64.s
 		sha/sha1-elf-x86_64.s
 		sha/sha256-elf-x86_64.S
 		sha/sha512-elf-x86_64.S
 		whrlpool/wp-elf-x86_64.s
 		cpuid-elf-x86_64.S
 	)
 	add_definitions(-DAES_ASM)
 	add_definitions(-DBSAES_ASM)
 	add_definitions(-DVPAES_ASM)
 	add_definitions(-DOPENSSL_IA32_SSE2)
 	add_definitions(-DOPENSSL_BN_ASM_MONT)
 	add_definitions(-DOPENSSL_BN_ASM_MONT5)
 	add_definitions(-DOPENSSL_BN_ASM_GF2m)
 	add_definitions(-DMD5_ASM)
 	add_definitions(-DGHASH_ASM)
 	add_definitions(-DRSA_ASM)
 	add_definitions(-DSHA1_ASM)
 	add_definitions(-DSHA256_ASM)
 	add_definitions(-DSHA512_ASM)
 	add_definitions(-DWHIRLPOOL_ASM)
 	add_definitions(-DOPENSSL_CPUID_OBJ)
 	set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_ELF_SRC})
 	set_property(SOURCE ${ASM_X86_64_ELF_SRC} PROPERTY LANGUAGE C)
 endif()
 if(HOST_ASM_MACOSX_X86_64)
 	set(
 		ASM_X86_64_MACOSX_SRC
 		aes/aes-macosx-x86_64.s
 		aes/bsaes-macosx-x86_64.s
 		aes/vpaes-macosx-x86_64.s
 		aes/aesni-macosx-x86_64.s
 		aes/aesni-sha1-macosx-x86_64.s
 		bn/modexp512-macosx-x86_64.s
 		bn/mont-macosx-x86_64.s
 		bn/mont5-macosx-x86_64.s
 		bn/gf2m-macosx-x86_64.s
 		camellia/cmll-macosx-x86_64.s
 		md5/md5-macosx-x86_64.s
 		modes/ghash-macosx-x86_64.s
 		rc4/rc4-macosx-x86_64.s
 		rc4/rc4-md5-macosx-x86_64.s
 		sha/sha1-macosx-x86_64.s
 		sha/sha256-macosx-x86_64.S
 		sha/sha512-macosx-x86_64.S
 		whrlpool/wp-macosx-x86_64.s
 		cpuid-macosx-x86_64.S
 	)
 	add_definitions(-DAES_ASM)
 	add_definitions(-DBSAES_ASM)
 	add_definitions(-DVPAES_ASM)
 	add_definitions(-DOPENSSL_IA32_SSE2)
 	add_definitions(-DOPENSSL_BN_ASM_MONT)
 	add_definitions(-DOPENSSL_BN_ASM_MONT5)
 	add_definitions(-DOPENSSL_BN_ASM_GF2m)
 	add_definitions(-DMD5_ASM)
 	add_definitions(-DGHASH_ASM)
 	add_definitions(-DRSA_ASM)
 	add_definitions(-DSHA1_ASM)
 	add_definitions(-DSHA256_ASM)
 	add_definitions(-DSHA512_ASM)
 	add_definitions(-DWHIRLPOOL_ASM)
 	add_definitions(-DOPENSSL_CPUID_OBJ)
 	set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_MACOSX_SRC})
 	set_property(SOURCE ${ASM_X86_64_MACOSX_SRC} PROPERTY LANGUAGE C)
 endif()
 if((NOT HOST_ASM_ELF_X86_64) AND (NOT HOST_ASM_MACOSX_X86_64))
 	set(
 		CRYPTO_SRC
 		${CRYPTO_SRC}
 		aes/aes_cbc.c
 		aes/aes_core.c
 		camellia/camellia.c
 		camellia/cmll_cbc.c
 		rc4/rc4_enc.c
 		rc4/rc4_skey.c
 		whrlpool/wp_block.c
 	)
 endif()
 set(
 	CRYPTO_SRC
-	${CRYPTO_SRC}
+
 	aes/aes_cbc.c
 	aes/aes_core.c
 	camellia/camellia.c
 	camellia/cmll_cbc.c
 	rc4/rc4_enc.c
 	rc4/rc4_skey.c
 	whrlpool/wp_block.c
 	cpt_err.c
 	cryptlib.c
 	cversion.c
@@ -708,8 +617,6 @@ if(NOT HAVE_ARC4RANDOM_BUF)
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c)
 		elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c)
 		elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_hpux.c)
 		elseif(CMAKE_SYSTEM_NAME MATCHES "Linux")
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c)
 		elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD")
@@ -722,10 +629,6 @@ if(NOT HAVE_ARC4RANDOM_BUF)
 	endif()
 endif()
 if(NOT HAVE_ARC4RANDOM_UNIFORM)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random_uniform.c)
 endif()
 if(NOT HAVE_TIMINGSAFE_BCMP)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c)
 endif()
@@ -734,20 +637,6 @@ if(NOT HAVE_TIMINGSAFE_MEMCMP)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c)
 endif()
 if(NOT ENABLE_ASM)
 	add_definitions(-DOPENSSL_NO_ASM)
 else()
 	if(CMAKE_HOST_WIN32)
 		add_definitions(-DOPENSSL_NO_ASM)
 	endif()
 endif()
 if(NOT "${OPENSSLDIR}" STREQUAL "")
 	add_definitions(-DOPENSSLDIR=\"${OPENSSLDIR}\")
 else()
 	add_definitions(-DOPENSSLDIR=\"${CMAKE_INSTALL_PREFIX}/etc/ssl\")
 endif()
 if (BUILD_SHARED)
 	add_library(crypto-objects OBJECT ${CRYPTO_SRC})
 	add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>)
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -2,4 +2,4 @@ install(DIRECTORY .
        DESTINATION include
        PATTERN "CMakeLists.txt" EXCLUDE
        PATTERN "compat" EXCLUDE
-        PATTERN "Makefile*" EXCLUDE)
+        PATTERN "Makefile.*" EXCLUDE)
--- a/libcrypto.pc.in
+++ b/libcrypto.pc.in
@@ -11,5 +11,5 @@ Version: @VERSION@
 Requires:
 Conflicts:
 Libs: -L${libdir} -lcrypto
-Libs.private: @LIBS@ @PLATFORM_LDADD@
+Libs.private: @LIBS@
 Cflags: -I${includedir}
--- a/libssl.pc.in
+++ b/libssl.pc.in
@@ -12,5 +12,5 @@ Requires:
 Requires.private: libcrypto
 Conflicts:
 Libs: -L${libdir} -lssl
-Libs.private: @LIBS@ -lcrypto @PLATFORM_LDADD@
+Libs.private: @LIBS@ -lcrypto
 Cflags: -I${includedir}
--- a/libtls.pc.in
+++ b/libtls.pc.in
@@ -12,5 +12,5 @@ Requires:
 Requires.private: libcrypto libssl
 Conflicts:
 Libs: -L${libdir} -ltls
-Libs.private: @LIBS@ -lcrypto -lssl @PLATFORM_LDADD@
+Libs.private: @LIBS@ -lcrypto -lssl
 Cflags: -I${includedir}
--- a/patches/netcat.c.patch
+++ b/patches/netcat.c.patch
@@ -1,6 +1,17 @@
--- apps/nc/netcat.c.orig	Thu Jun 30 19:56:49 2016
+--- apps/nc/netcat.c.orig	Mon Dec 28 08:46:10 2015
-+++ apps/nc/netcat.c	Thu Jun 30 19:59:09 2016
+++ apps/nc/netcat.c	Mon Dec 28 08:46:19 2015
-@@ -65,7 +65,9 @@
+@@ -57,6 +57,10 @@
 #include <tls.h>
 #include "atomicio.h"
 +#ifndef IPV6_TCLASS
 +#define IPV6_TCLASS -1
 +#endif
 +
 #define PORT_MAX	65535
 #define UNIX_DG_TMP_SOCKET_SIZE	19
@@ -65,7 +69,9 @@
 #define POLL_NETIN 2
 #define POLL_STDOUT 3
 #define BUFSIZE 16384
@@ -10,7 +21,7 @@
 #define TLS_LEGACY	(1 << 1)
 #define TLS_NOVERIFY	(1 << 2)
-@@ -92,9 +94,13 @@
+@@ -92,9 +98,13 @@
 int	Dflag;					/* sodebug */
 int	Iflag;					/* TCP receive buffer size */
 int	Oflag;					/* TCP send buffer size */
@@ -24,7 +35,7 @@
 int	usetls;					/* use TLS */
 char    *Cflag;					/* Public cert file */
-@@ -152,7 +158,7 @@
+@@ -150,7 +160,7 @@
 	struct servent *sv;
 	socklen_t len;
 	struct sockaddr_storage cliaddr;
@@ -33,7 +44,7 @@
 	const char *errstr, *proxyhost = "", *proxyport = NULL;
 	struct addrinfo proxyhints;
 	char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
-@@ -262,12 +268,14 @@
+@@ -251,12 +261,14 @@
 		case 'u':
 			uflag = 1;
 			break;
@@ -48,7 +59,7 @@
 		case 'v':
 			vflag = 1;
 			break;
-@@ -300,9 +308,11 @@
+@@ -289,9 +301,11 @@
 				errx(1, "TCP send window %s: %s",
 				    errstr, optarg);
 			break;
@@ -60,7 +71,7 @@
 		case 'T':
 			errstr = NULL;
 			errno = 0;
-@@ -326,9 +336,11 @@
+@@ -315,9 +329,11 @@
 	argc -= optind;
 	argv += optind;
@@ -72,7 +83,7 @@
 	if (family == AF_UNIX) {
 		if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
-@@ -480,7 +492,10 @@
+@@ -460,7 +476,10 @@
 				errx(1, "-H and -T noverify may not be used"
 				    "together");
 			tls_config_insecure_noverifycert(tls_cfg);
@@ -84,19 +95,19 @@
 	}
 	if (lflag) {
 		struct tls *tls_cctx = NULL;
-@@ -832,7 +847,10 @@
+@@ -807,7 +826,10 @@
 remote_connect(const char *host, const char *port, struct addrinfo hints)
 {
 	struct addrinfo *res, *res0;
-	int s, error, on = 1, save_errno;
+-	int s, error, on = 1;
-+	int s, error, save_errno;
+	int s, error;
 +#ifdef SO_BINDANY
 +	int on = 1;
 +#endif
 	if ((error = getaddrinfo(host, port, &hints, &res)))
 		errx(1, "getaddrinfo: %s", gai_strerror(error));
-@@ -847,8 +865,10 @@
+@@ -822,8 +844,10 @@
 		if (sflag || pflag) {
 			struct addrinfo ahints, *ares;
@@ -107,19 +118,19 @@
 			memset(&ahints, 0, sizeof(struct addrinfo));
 			ahints.ai_family = res0->ai_family;
 			ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
-@@ -919,7 +939,10 @@
+@@ -892,7 +916,10 @@
 local_listen(char *host, char *port, struct addrinfo hints)
 {
 	struct addrinfo *res, *res0;
-	int s, ret, x = 1, save_errno;
+-	int s, ret, x = 1;
-+	int s, save_errno;
+	int s;
 +#ifdef SO_REUSEPORT
 +	int ret, x = 1;
 +#endif
 	int error;
 	/* Allow nodename to be null. */
-@@ -941,9 +964,11 @@
+@@ -914,9 +941,11 @@
 		    res0->ai_protocol)) < 0)
 			continue;
@@ -131,7 +142,7 @@
 		set_common_sockopts(s, res0->ai_family);
-@@ -1401,11 +1426,13 @@
+@@ -1356,11 +1385,13 @@
 {
 	int x = 1;
@@ -145,26 +156,7 @@
 	if (Dflag) {
 		if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
 			&x, sizeof(x)) == -1)
-@@ -1442,13 +1469,17 @@
+@@ -1538,14 +1569,22 @@
 	}
 	if (minttl != -1) {
 +#ifdef IP_MINTTL
 		if (af == AF_INET && setsockopt(s, IPPROTO_IP,
 		    IP_MINTTL, &minttl, sizeof(minttl)))
 			err(1, "set IP min TTL");
 +#endif
 -		else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
 +#ifdef IPV6_MINHOPCOUNT
 +		if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
 		    IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
 			err(1, "set IPv6 min hop count");
 +#endif
 	}
 }
@@ -1605,14 +1636,22 @@
 	\t-P proxyuser\tUsername for proxy authentication\n\
 	\t-p port\t	Specify local port for remote connects\n\
 	\t-R CAfile	CA bundle\n\
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -9,11 +9,14 @@ include_directories(
 	../apps/openssl/compat
 )
 set(ENV{srcdir} ${CMAKE_CURRENT_SOURCE_DIR})
 # aeadtest
-add_executable(aeadtest aeadtest.c)
+#add_executable(aeadtest aeadtest.c)
-target_link_libraries(aeadtest ${OPENSSL_LIBS})
+#target_link_libraries(aeadtest ${OPENSSL_LIBS})
-add_test(aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtest.sh)
+#add_test(aeadtest aeadtest.sh)
-set_tests_properties(aeadtest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
+#configure_file(aeadtests.txt aeadtests.txt COPYONLY)
 #configure_file(aeadtest.sh aeadtest.sh COPYONLY)
 # aes_wrap
 add_executable(aes_wrap aes_wrap.c)
@@ -22,7 +25,7 @@ add_test(aes_wrap aes_wrap)
 # arc4randomforktest
 # Windows/mingw does not have fork, but Cygwin does.
-if(NOT CMAKE_HOST_WIN32 AND NOT CMAKE_SYSTEM_NAME MATCHES "MINGW")
+if(NOT CMAKE_HOST_WIN32)
 add_executable(arc4randomforktest arc4randomforktest.c)
 target_link_libraries(arc4randomforktest ${OPENSSL_LIBS})
 add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh)
@@ -48,14 +51,6 @@ add_executable(bftest bftest.c)
 target_link_libraries(bftest ${OPENSSL_LIBS})
 add_test(bftest bftest)
 # biotest
 # the BIO tests rely on resolver results that are OS and environment-specific
 if(ENABLE_EXTRATESTS)
 	add_executable(biotest biotest.c)
 	target_link_libraries(biotest ${OPENSSL_LIBS})
 	add_test(biotest biotest)
 endif()
 # bntest
 add_executable(bntest bntest.c)
 target_link_libraries(bntest ${OPENSSL_LIBS})
@@ -132,21 +127,19 @@ target_link_libraries(enginetest ${OPENSSL_LIBS})
 add_test(enginetest enginetest)
 # evptest
-add_executable(evptest evptest.c)
+#add_executable(evptest evptest.c)
-target_link_libraries(evptest ${OPENSSL_LIBS})
+#target_link_libraries(evptest ${OPENSSL_LIBS})
-add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh)
+#add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh)
 set_tests_properties(evptest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 # explicit_bzero
 # explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
 if(NOT CMAKE_HOST_WIN32)
-if(HAVE_MEMMEM)
+add_executable(explicit_bzero explicit_bzero.c)
 	add_executable(explicit_bzero explicit_bzero.c)
 else()
 	add_executable(explicit_bzero explicit_bzero.c memmem.c)
 endif()
 target_link_libraries(explicit_bzero ${OPENSSL_LIBS})
 add_test(explicit_bzero explicit_bzero)
 #if !HAVE_MEMMEM
 #explicit_bzero_SOURCES += memmem.c
 #endif
 endif()
 # exptest
@@ -194,19 +187,6 @@ add_executable(mont mont.c)
 target_link_libraries(mont ${OPENSSL_LIBS})
 add_test(mont mont)
 # ocsp_test
 if(ENABLE_EXTRATESTS)
 	if(NOT "${OPENSSLDIR}" STREQUAL "")
 		add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
 	else()
 		add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
 	endif()
 	add_executable(ocsp_test ocsp_test.c)
 	target_link_libraries(ocsp_test ${OPENSSL_LIBS})
 	add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh)
 	set_tests_properties(ocsptest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 endif()
 # optionstest
 add_executable(optionstest optionstest.c)
 target_link_libraries(optionstest ${OPENSSL_LIBS})
@@ -217,15 +197,6 @@ add_executable(pbkdf2 pbkdf2.c)
 target_link_libraries(pbkdf2 ${OPENSSL_LIBS})
 add_test(pbkdf2 pbkdf2)
 # pidwraptest
 # pidwraptest relies on an OS-specific way to give out pids and is generally
 # awkward on systems with slow fork
 if(ENABLE_EXTRATESTS)
 	add_executable(pidwraptest pidwraptest.c)
 	target_link_libraries(pidwraptest ${OPENSSL_LIBS})
 	add_test(pidwraptest ${CMAKE_CURRENT_SOURCE_DIR}/pidwraptest.sh)
 endif()
 # pkcs7test
 add_executable(pkcs7test pkcs7test.c)
 target_link_libraries(pkcs7test ${OPENSSL_LIBS})
@@ -237,10 +208,9 @@ target_link_libraries(poly1305test ${OPENSSL_LIBS})
 add_test(poly1305test poly1305test)
 # pq_test
-add_executable(pq_test pq_test.c)
+#add_executable(pq_test pq_test.c)
-target_link_libraries(pq_test ${OPENSSL_LIBS})
+#target_link_libraries(pq_test ${OPENSSL_LIBS})
-add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
+#add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
 set_tests_properties(pq_test PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 # randtest
 add_executable(randtest randtest.c)
@@ -260,11 +230,7 @@ add_test(rc4test rc4test)
 # rfc5280time
 add_executable(rfc5280time rfc5280time.c)
 target_link_libraries(rfc5280time ${OPENSSL_LIBS})
-if(SMALL_TIME_T)
+add_test(rfc5280time rfc5280time)
 	add_test(rfc5280time ${CMAKE_CURRENT_SOURCE_DIR}/rfc5280time_small.test)
 else()
 	add_test(rfc5280time rfc5280time)
 endif()
 # rmdtest
 add_executable(rmdtest rmdtest.c)
@@ -287,22 +253,18 @@ target_link_libraries(sha512test ${OPENSSL_LIBS})
 add_test(sha512test sha512test)
 # ssltest
-add_executable(ssltest ssltest.c)
+#add_executable(ssltest ssltest.c)
-target_link_libraries(ssltest ${OPENSSL_LIBS})
+#target_link_libraries(ssltest ${OPENSSL_LIBS})
-add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
+#add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
 set_tests_properties(ssltest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 # testdsa
-add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
+#add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
 set_tests_properties(testdsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 # testenc
 add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh)
 set_tests_properties(testenc PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 # testrsa
-add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
+#add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
 set_tests_properties(testrsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 # timingsafe
 add_executable(timingsafe timingsafe.c)
--- a/tests/Makefile.am
+++ b/tests/Makefile.am
@@ -208,14 +208,6 @@ TESTS += mont
 check_PROGRAMS += mont
 mont_SOURCES = mont.c
 # ocsp_test
 if ENABLE_EXTRATESTS
 TESTS += ocsptest.sh
 check_PROGRAMS += ocsp_test
 ocsp_test_SOURCES = ocsp_test.c
 endif
 EXTRA_DIST += ocsptest.sh
 # optionstest
 TESTS += optionstest
 check_PROGRAMS += optionstest
--- a/tests/ocsptest.sh
+++ b/tests/ocsptest.sh
@@ -1,8 +0,0 @@
 #!/bin/sh
 set -e
 TEST=./ocsp_test
 if [ -e ./ocsp_test.exe ]; then
 	TEST=./ocsp_test.exe
 fi
 $TEST www.amazon.com 443
 $TEST cloudflare.com 443
--- a/tests/ssltest.sh
+++ b/tests/ssltest.sh
@@ -6,16 +6,9 @@ if [ -e ./ssltest.exe ]; then
 	ssltest_bin=./ssltest.exe
 fi
-if [ -d ../apps/openssl ]; then
+openssl_bin=../apps/openssl/openssl
-	openssl_bin=../apps/openssl/openssl
+if [ -e ../apps/openssl/openssl.exe ]; then
-	if [ -e ../apps/openssl/openssl.exe ]; then
+	openssl_bin=../apps/openssl/openssl.exe
 		openssl_bin=../apps/openssl/openssl.exe
 	fi
 else
 	openssl_bin=../apps/openssl
 	if [ -e ../apps/openssl.exe ]; then
 		openssl_bin=../apps/openssl.exe
 	fi
 fi
 if [ -z $srcdir ]; then
--- a/tests/testdsa.sh
+++ b/tests/testdsa.sh
@@ -4,16 +4,9 @@
 #Test DSA certificate generation of openssl
-if [ -d ../apps/openssl ]; then
+cmd=../apps/openssl/openssl
-	cmd=../apps/openssl/openssl
+if [ -e ../apps/openssl/openssl.exe ]; then
-	if [ -e ../apps/openssl/openssl.exe ]; then
+	cmd=../apps/openssl/openssl.exe
 		cmd=../apps/openssl/openssl.exe
 	fi
 else
 	cmd=../apps/openssl
 	if [ -e ../apps/openssl.exe ]; then
 		cmd=../apps/openssl.exe
 	fi
 fi
 if [ -z $srcdir ]; then
--- a/tests/testenc.sh
+++ b/tests/testenc.sh
@@ -2,23 +2,12 @@
 #	$OpenBSD: testenc.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $
 test=p
-if [ -d ../apps/openssl ]; then
+cmd=../apps/openssl/openssl
-	cmd=../apps/openssl/openssl
+if [ -e ../apps/openssl/openssl.exe ]; then
-	if [ -e ../apps/openssl/openssl.exe ]; then
+	cmd=../apps/openssl/openssl.exe
 		cmd=../apps/openssl/openssl.exe
 	fi
 else
 	cmd=../apps/openssl
 	if [ -e ../apps/openssl.exe ]; then
 		cmd=../apps/openssl.exe
 	fi
 fi
-if [ -z $srcdir ]; then
+cat openssl.cnf >$test;
 	srcdir=.
 fi
 cat $srcdir/openssl.cnf >$test;
 echo cat
 $cmd enc < $test > $test.cipher
--- a/tests/testrsa.sh
+++ b/tests/testrsa.sh
@@ -4,16 +4,9 @@
 #Test RSA certificate generation of openssl
-if [ -d ../apps/openssl ]; then
+cmd=../apps/openssl/openssl
-	cmd=../apps/openssl/openssl
+if [ -e ../apps/openssl/openssl.exe ]; then
-	if [ -e ../apps/openssl/openssl.exe ]; then
+	cmd=../apps/openssl/openssl.exe
 		cmd=../apps/openssl/openssl.exe
 	fi
 else
 	cmd=../apps/openssl
 	if [ -e ../apps/openssl.exe ]; then
 		cmd=../apps/openssl.exe
 	fi
 fi
 if [ -z $srcdir ]; then
--- a/tls/CMakeLists.txt
+++ b/tls/CMakeLists.txt
@@ -17,16 +17,10 @@ set(
 )
-if(NOT HAVE_STRSEP)
+if(NOT HAVE_STRCASECMP)
 	set(TLS_SRC ${TLS_SRC} strsep.c)
 endif()
 if(NOT "${OPENSSLDIR}" STREQUAL "")
 	add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
 else()
 	add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
 endif()
 if (BUILD_SHARED)
 	add_library(tls-objects OBJECT ${TLS_SRC})
 	add_library(tls STATIC $<TARGET_OBJECTS:tls-objects>)
--- a/update.sh
+++ b/update.sh
@@ -13,7 +13,6 @@ if [ ! -d openbsd ]; then
 	fi
 fi
 (cd openbsd
 git fetch
 git checkout $openbsd_branch
 git pull --rebase)
Author	SHA1	Message	Date
Brent Cook	3800681201	update Changelog	2017-01-09 03:31:28 -06:00
Simone Basso	730f199c9c	Sync getentropy() checks with use-builtin-arc4random checks Without this, we actually fail to build a library that includes the bultin getentropy when compiling for 10.11 on 10.12.	2017-01-07 07:21:47 -06:00
Simone Basso	c4ee1a6fca	m4/check-libc.m4: improve getentropy check - according to man.openbsd.org getentropy() is in unistd.h - according to macOS sierra's man it's in sys/random.h - since sys/random.h is does not exist for iOS and for linux, do not attempt to include it, rather redeclare the prototype - make sure that `./configure`: - uses getentropy() on macOS sierra - does not use getentropy() if compiling for 10.11 - does not use getentropy() if compiling for ios armv7	2017-01-07 07:21:07 -06:00
Simone Basso	bd53433877	configure: fix getentropy() for sierra and ios This diff changes the logic by which configure detects getentropy() to ensure that we don't use the system wide getentropy - with macOS sierra if the deployment target is lower than sierra as found by tor developers here https://gitweb.torproject.org/tor.git/commit/?id=https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21c963a9a65bf55024680c8323c8b7175d - with iOS unconditionally because an app linking libressl compiled with system wide getentropy has been rejected by the App store as I have documented here https://github.com/measurement-kit/measurement-kit/pull/994 I think something similar could also affect clock_gettime judging from tor's patch, but this diff for now doesn't address that. I do not have macOS < sierra, so I could only verify that configure was not picking up system wide getentropy by compiling libressl using export CFLAGS="-mmacosx-version-min=10.11" As regards iOS, removing the check for getentropy and recompiling (thus using libressl builtin getentropy()) was enough to have another iteration of the app accepted. Otherwise testing should be possible with: export LDFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos` export CPPFLAGS=-arch armv7 -isysroot `xcrun --show-sdk-path --sdk iphoneos` export CFLAGS=-arch armv7 -miphoneos-version-min=7.1 -isysroot `xcrun --show-sdk-path --sdk iphoneos` Related ticket: https://github.com/libressl-portable/portable/issues/230	2017-01-07 07:21:07 -06:00
jacob berkman	7442568456	Disable netcat if arpa/telnet.h is not available (iOS)	2017-01-07 07:21:07 -06:00
Brent Cook	ebeda8bad3	update changelog for 2.3.9	2016-11-06 09:22:39 -06:00
Brent Cook	b67802c2db	update changelog for 2.3.8	2016-09-23 05:43:25 -05:00
Brent Cook	25d8a429c1	update for 2.3.7	2016-07-31 17:59:59 -05:00
Brent Cook	926aa53242	set link library dependencies with MSVC, fixes #221	2016-07-31 17:12:47 -05:00
Brent Cook	950dcb2d07	properly enable strnlen checks for MSVC	2016-07-31 17:12:47 -05:00
Brent Cook	f6582d1d76	avoid BSWAP assembly for ARM <= v6	2016-07-19 05:49:05 -05:00
Brent Cook	3a193a58d4	format 64-bit int portably (windows wants %l64d)	2016-07-19 05:48:49 -05:00
celan69	94532f9619	Fix typo in USE_BUILTIN_ARC4RANDOM check Solaris 11 recently introduced a builtin arc4random in libc which fails the tests in "make check". Found USE_BUILTIN_ARC4RANDOM, but could not get it to work. Apparently, there is a typo in the configure logic rendering USE_BUILTIN_ARC4RANDOM ineffective.	2016-07-19 05:46:16 -05:00
Brent Cook	0ae23dfcc3	bump changelog to sync tags with openbsd source	2016-06-07 07:04:16 -05:00
Brent Cook	bff756ef62	update changelog	2016-06-06 05:03:27 -05:00
Brent Cook	5b39a35bf8	Update changelog	2016-05-30 09:08:29 -05:00
Brent Cook	41d8aa6aef	pushed encode.c change upstream	2016-05-03 09:25:59 -05:00
Brent Cook	b8b8628640	prefer limits.h over sys/limits.h	2016-05-03 02:13:13 -05:00
Brent Cook	6cb804b342	update changelog	2016-05-02 22:51:07 -05:00
Brent Cook	00eb776ee9	add constant_time_locl.h	2016-05-02 22:47:45 -05:00
Brent Cook	534ee348a9	check linker flags before checking for functions	2016-05-02 22:12:53 -05:00
kinichiro	ad914139c4	fix ld warning "attempted multiple inclusion of file" on Solaris - To avoid ld warning on Solaris, use abs_top_builddir in Makefile.am	2016-05-02 22:12:53 -05:00
Brent Cook	6a136f72ff	update changelog	2016-03-21 21:56:24 -05:00
Brent Cook	3b3f213ca5	updated changelog	2016-03-21 21:56:24 -05:00
Brent Cook	4b5daaaf44	set windows binary OPENSSLDIR to something plausible	2016-03-21 21:56:24 -05:00
kinichiro	1ffdb2ae25	modify include/compat/netinet/ip.h - add including <netinet/in_systm.h> for n_long on HP-UX	2016-03-13 13:09:25 -05:00
Brent Cook	ef874034cf	connect to the OPENBSD_5_9 branch	2016-03-12 17:30:33 -06:00