Update changelog

- To avoid ld warning on Solaris, use abs_top_builddir in Makefile.am

CMakeLists.txt

@@ -1,10 +1,9 @@
-cmake_minimum_required (VERSION 2.8.8)
+cmake_minimum_required (VERSION 2.8)
 include(CheckFunctionExists)
 include(CheckLibraryExists)
 include(CheckIncludeFiles)
-include(CheckTypeSize)
 
-project (LibreSSL C)
+project (LibreSSL)
 
 enable_testing()
 
@@ -23,17 +22,6 @@ string(STRIP ${TLS_VERSION} TLS_VERSION)
 string(REPLACE ":" "." TLS_VERSION ${TLS_VERSION})
 string(REGEX REPLACE "\\..*" "" TLS_MAJOR_VERSION ${TLS_VERSION})
 
-option(ENABLE_ASM "Enable assembly" ON)
-option(ENABLE_EXTRATESTS "Enable extra tests that may be unreliable on some platforms" OFF)
-option(ENABLE_NC "Enable installing TLS-enabled nc(1)" OFF)
-set(OPENSSLDIR ${OPENSSLDIR} CACHE PATH "Set the default openssl directory" FORCE)
-
-set(BUILD_NC true)
-
-if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
-	add_definitions(-fno-common)
-endif()
-
 if(CMAKE_SYSTEM_NAME MATCHES "OpenBSD")
 	add_definitions(-DHAVE_ATTRIBUTE__BOUNDED__)
 endif()
@@ -45,34 +33,9 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
 	add_definitions(-D_GNU_SOURCE)
 endif()
 
-if(CMAKE_SYSTEM_NAME MATCHES "MINGW")
-	set(BUILD_NC false)
-endif()
-
-if(MSVC)
-	set(BUILD_NC false)
-endif()
-
-if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
-	if(CMAKE_C_COMPILER MATCHES "gcc")
-		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
-		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -mlp64")
-	else()
-		set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -g -O2 +DD64 +Otype_safety=off")
-	endif()
-	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT")
-endif()
-
-if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
-	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -std=gnu99 -fno-strict-aliasing")
-	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D__EXTENSIONS__")
-	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -D_XOPEN_SOURCE=600")
-	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DBSD_COMP")
-	set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fpic -m64")
-endif()
-
 add_definitions(-DLIBRESSL_INTERNAL)
 add_definitions(-DOPENSSL_NO_HW_PADLOCK)
+add_definitions(-DOPENSSL_NO_ASM)
 
 set(CMAKE_POSITION_INDEPENDENT_CODE true)
 
@@ -144,7 +107,7 @@ if(HAVE_STRNDUP)
 endif()
 
 if(MSVC)
-	set(HAVE_STRNLEN true)
+	set(HAVE_STRNLEN)
 	add_definitions(-DHAVE_STRNLEN)
 else()
 	check_function_exists(strnlen HAVE_STRNLEN)
@@ -168,11 +131,6 @@ if(HAVE_ARC4RANDOM_BUF)
 	add_definitions(-DHAVE_ARC4RANDOM_BUF)
 endif()
 
-check_function_exists(arc4random_uniform HAVE_ARC4RANDOM_UNIFORM)
-if(HAVE_ARC4RANDOM_UNIFORM)
-	add_definitions(-DHAVE_ARC4RANDOM_UNIFORM)
-endif()
-
 check_function_exists(explicit_bzero HAVE_EXPLICIT_BZERO)
 if(HAVE_EXPLICIT_BZERO)
 	add_definitions(-DHAVE_EXPLICIT_BZERO)
@@ -198,28 +156,11 @@ if(HAVE_MEMCMP)
 	add_definitions(-DHAVE_MEMCMP)
 endif()
 
-check_function_exists(memmem HAVE_MEMMEM)
-if(HAVE_MEMMEM)
-	add_definitions(-DHAVE_MEMMEM)
-endif()
-
 check_include_files(err.h HAVE_ERR_H)
 if(HAVE_ERR_H)
 	add_definitions(-DHAVE_ERR_H)
 endif()
 
-if(ENABLE_ASM)
-	if("${CMAKE_C_COMPILER_ABI}" STREQUAL "ELF")
-		if("${CMAKE_SYSTEM_PROCESSOR}" MATCHES "(x86_64|amd64)")
-			set(HOST_ASM_ELF_X86_64 true)
-		elseif(CMAKE_SYSTEM_NAME STREQUAL "SunOS" AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "i386")
-			set(HOST_ASM_ELF_X86_64 true)
-		endif()
-	elseif(APPLE AND "${CMAKE_SYSTEM_PROCESSOR}" STREQUAL "x86_64")
-		set(HOST_ASM_MACOSX_X86_64 true)
-	endif()
-endif()
-
 set(OPENSSL_LIBS ssl crypto)
 if(CMAKE_HOST_WIN32)
 	set(OPENSSL_LIBS ${OPENSSL_LIBS} ws2_32)
@@ -230,25 +171,11 @@ if(CMAKE_SYSTEM_NAME MATCHES "Linux")
 		set(OPENSSL_LIBS ${OPENSSL_LIBS} rt)
 	endif()
 endif()
-if(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
-	set(OPENSSL_LIBS ${OPENSSL_LIBS} pthread)
-endif()
-if(CMAKE_SYSTEM_NAME MATCHES "SunOS")
-	set(OPENSSL_LIBS ${OPENSSL_LIBS} nsl socket)
-endif()
 
-if(NOT (CMAKE_SYSTEM_NAME MATCHES "(Darwin|MINGW|CYGWIN)" OR MSVC))
+if(NOT (CMAKE_SYSTEM_NAME MATCHES "Darwin" OR MSVC))
 	set(BUILD_SHARED true)
 endif()
 
-check_type_size(time_t SIZEOF_TIME_T)
-if(SIZEOF_TIME_T STREQUAL "4")
-	set(SMALL_TIME_T true)
-	message(WARNING " ** Warning, this system is unable to represent times past 2038\n"
-	                " ** It will behave incorrectly when handling valid RFC5280 dates")
-endif()
-add_definitions(-DSIZEOF_TIME_T=${SIZEOF_TIME_T})
-
 add_subdirectory(crypto)
 add_subdirectory(ssl)
 add_subdirectory(apps)
@@ -258,11 +185,3 @@ if(NOT MSVC)
 	add_subdirectory(man)
 	add_subdirectory(tests)
 endif()
-
-configure_file(
-	"${CMAKE_CURRENT_SOURCE_DIR}/cmake_uninstall.cmake.in"
-	"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake"
-	IMMEDIATE @ONLY)
-
-add_custom_target(uninstall
-	COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)

ChangeLog

@@ -28,127 +28,6 @@ history is also available from Git.
 
 LibreSSL Portable Release Notes:
 
-2.4.5  - Security and compatibility fixes
-
-	* Avoid a side-channel cache-timing attack that can leak the ECDSA
-	  private keys when signing. This is due to BN_mod_inverse() being
-	  used without the constant time flag being set.
-
-	  This issue was reported by Cesar Pereida Garcia and Billy Brumley
-	  (Tampere University of Technology). The fix was developed by Cesar
-	  Pereida Garcia.
-
-	* iOS and MacOS compatibility updates from Simone Basso and Jacob
-	  Berkman.
-
-2.4.4 - Reliability improvements
-
-	* Avoid continual processing of an unlimited number of TLS records,
-	  which can cause a denial-of-service condition.
-
-	* In X509_cmp_time(), pass asn1_time_parse() the tag of the field
-	  being parsed so that a malformed GeneralizedTime field is recognized as
-	  an error instead of potentially being interpreted as if it was a valid
-	  UTCTime.
-
-	* Improve ticket validity checking when tlsext_ticket_key_cb()
-	  callback chooses a different HMAC algorithm.
-
-	* Check for packets with a truncated DTLS cookie.
-
-	* Detect zero-length encrypted session data early, instead of when
-	  malloc(0) fails or the HMAC check fails.
-
-	* Check for and handle failure of HMAC_{Update,Final} or
-	  EVP_DecryptUpdate()
-
-2.4.3 - Bug fixes and reliability improvements
-
-	* Reverted change that cleans up the EVP cipher context in
-	  EVP_EncryptFinal() and EVP_DecryptFinal(). Some software relies on the
-	  previous behaviour.
-
-	* Avoid unbounded memory growth in libssl, which can be triggered by a
-	  TLS client repeatedly renegotiating and sending OCSP Status Request
-	  TLS extensions.
-
-	* Avoid falling back to a weak digest for (EC)DH when using SNI with
-	  libssl.
-
-2.4.2 - Bug fixes and improvements
-
-	* Fixed loading default certificate locations with openssl s_client.
-
-	* Ensured OSCP only uses and compares GENERALIZEDTIME values as per
-	  RFC6960. Also added fixes for OCSP to work with intermediate
-	  certificates provided in responses.
-
-	* Improved behavior of arc4random on Windows to not appear to leak
-	  memory in debug tools, reduced privileges of allocated memory.
-
-	* Fixed incorrect results from BN_mod_word() when the modulus is too
-	  large, thanks to Brian Smith from BoringSSL.
-
-	* Correctly handle an EOF prior to completing the TLS handshake in
-	  libtls.
-
-	* Improved libtls ceritificate loading and cipher string validation.
-
-	* Updated libtls cipher group suites into four categories:
-	    "secure"   (TLSv1.2+AEAD+PFS)
-	    "compat"   (HIGH:!aNULL)
-	    "legacy"   (HIGH:MEDIUM:!aNULL)
-	    "insecure" (ALL:!aNULL:!eNULL)
-	  This allows for flexibility and finer grained control, rather than
-	  having two extremes.
-
-	* Limited support for 'backward compatible' SSLv2 handshake packets to
-	  when TLS 1.0 is enabled, providing more restricted compatibility
-	  with TLS 1.0 clients.
-
-	* openssl(1) and other documentation improvements.
-
-	* Removed flags for disabling constant-time operations.
-	  This removes support for DSA_FLAG_NO_EXP_CONSTTIME,
-	  DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making
-	  all of these operations unconditionally constant-time.
-
-
-2.4.1 - Security fix
-
-	* Correct a problem that prevents the DSA signing algorithm from
-	  running in constant time even if the flag BN_FLG_CONSTTIME is set.
-	  This issue was reported by Cesar Pereida (Aalto University), Billy
-	  Brumley (Tampere University of Technology), and Yuval Yarom (The
-	  University of Adelaide and NICTA). The fix was developed by Cesar
-	  Pereida.
-
-2.4.0 - Build improvements, new features
-
-	* Many improvements to the CMake build infrastructure, including
-	  Solaris, mingw-w64, Cygwin, and HP-UX support. Thanks to Kinichiro
-	  Inoguchi for this work.
-
-	* Added missing error handling around bn_wexpand() calls.
-
-	* Added explicit_bzero calls for freed ASN.1 objects.
-
-	* Fixed X509_*set_object functions to return 0 on allocation failure.
-
-	* Implemented the IETF ChaCha20-Poly1305 cipher suites.
-
-	* Changed default EVP_aead_chacha20_poly1305() implementation to the
-	  IETF version, which is now the default.
-
-	* Fixed password prompts from openssl(1) to properly handle ^C.
-
-	* Reworked error handling in libtls so that configuration errors are
-	  visible.
-
-	* Deprecated internal use of EVP_[Cipher|Encrypt|Decrypt]_Final.
-
-	* Manpage fixes and updates
-
 2.3.5 - Reliability fix
 
 	* Fixed an error in libcrypto when parsing some ASN.1 elements > 16k.

Makefile.am

@@ -5,7 +5,7 @@ pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libcrypto.pc libssl.pc libtls.pc openssl.pc
 
 EXTRA_DIST = README.md README.windows VERSION config scripts
-EXTRA_DIST += CMakeLists.txt cmake_uninstall.cmake.in
+EXTRA_DIST += CMakeLists.txt
 
 .PHONY: install_sw
 install_sw: install

OPENBSD_BRANCH

@@ -1 +1 @@
-OPENBSD_6_0
+OPENBSD_5_9

README.md

@@ -30,7 +30,7 @@ At the time of this writing, LibreSSL is know to build and work on:
 
 * Linux (kernel 3.17 or later recommended)
 * FreeBSD (tested with 9.2 and later)
-* NetBSD (7.0 or later recommended)
+* NetBSD (tested with 6.1.5)
 * HP-UX (11i)
 * Solaris (11 and later preferred)
 * Mac OS X (tested with 10.8 and later)

apps/CMakeLists.txt

@@ -1,2 +1,80 @@
-add_subdirectory(openssl)
-add_subdirectory(nc)
+include_directories(
+	.
+	../include
+	../include/compat
+)
+
+set(
+	OPENSSL_SRC
+	openssl/apps.c
+	openssl/asn1pars.c
+	openssl/ca.c
+	openssl/ciphers.c
+	openssl/cms.c
+	openssl/crl.c
+	openssl/crl2p7.c
+	openssl/dgst.c
+	openssl/dh.c
+	openssl/dhparam.c
+	openssl/dsa.c
+	openssl/dsaparam.c
+	openssl/ec.c
+	openssl/ecparam.c
+	openssl/enc.c
+	openssl/errstr.c
+	openssl/gendh.c
+	openssl/gendsa.c
+	openssl/genpkey.c
+	openssl/genrsa.c
+	openssl/nseq.c
+	openssl/ocsp.c
+	openssl/openssl.c
+	openssl/passwd.c
+	openssl/pkcs12.c
+	openssl/pkcs7.c
+	openssl/pkcs8.c
+	openssl/pkey.c
+	openssl/pkeyparam.c
+	openssl/pkeyutl.c
+	openssl/prime.c
+	openssl/rand.c
+	openssl/req.c
+	openssl/rsa.c
+	openssl/rsautl.c
+	openssl/s_cb.c
+	openssl/s_client.c
+	openssl/s_server.c
+	openssl/s_socket.c
+	openssl/s_time.c
+	openssl/sess_id.c
+	openssl/smime.c
+	openssl/speed.c
+	openssl/spkac.c
+	openssl/ts.c
+	openssl/verify.c
+	openssl/version.c
+	openssl/x509.c
+)
+
+if(CMAKE_HOST_UNIX)
+	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_posix.c)
+	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash.c)
+endif()
+
+if(CMAKE_HOST_WIN32)
+	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/apps_win.c)
+	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/certhash_win.c)
+	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/poll_win.c)
+endif()
+
+check_function_exists(strtonum HAVE_STRTONUM)
+if(HAVE_STRTONUM)
+	add_definitions(-DHAVE_STRTONUM)
+else()
+	set(OPENSSL_SRC ${OPENSSL_SRC} openssl/compat/strtonum.c)
+endif()
+
+add_executable(openssl ${OPENSSL_SRC})
+target_link_libraries(openssl ${OPENSSL_LIBS})
+
+install(TARGETS openssl DESTINATION bin)

apps/nc/CMakeLists.txt

@@ -1,60 +0,0 @@
-if(BUILD_NC)
-
-include_directories(
-	.
-	./compat
-	../../include
-	../../include/compat
-)
-
-set(
-	NC_SRC
-	atomicio.c
-	netcat.c
-	socks.c
-	compat/socket.c
-)
-
-check_function_exists(b64_ntop HAVE_B64_NTOP)
-if(HAVE_B64_NTOP)
-	add_definitions(-DHAVE_B64_NTOP)
-else()
-	set(NC_SRC ${NC_SRC} compat/base64.c)
-endif()
-
-check_function_exists(accept4 HAVE_ACCEPT4)
-if(HAVE_ACCEPT4)
-	add_definitions(-DHAVE_ACCEPT4)
-else()
-	set(NC_SRC ${NC_SRC} compat/accept4.c)
-endif()
-
-check_function_exists(readpassphrase HAVE_READPASSPHRASE)
-if(HAVE_READPASSPHRASE)
-	add_definitions(-DHAVE_READPASSPHRASE)
-else()
-	set(NC_SRC ${NC_SRC} compat/readpassphrase.c)
-endif()
-
-check_function_exists(strtonum HAVE_STRTONUM)
-if(HAVE_STRTONUM)
-	add_definitions(-DHAVE_STRTONUM)
-else()
-	set(NC_SRC ${NC_SRC} compat/strtonum.c)
-endif()
-
-if(NOT "${OPENSSLDIR}" STREQUAL "")
-	add_definitions(-DDEFAULT_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
-else()
-	add_definitions(-DDEFAULT_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
-endif()
-
-add_executable(nc ${NC_SRC})
-target_link_libraries(nc tls ${OPENSSL_LIBS})
-
-if(ENABLE_NC)
-	install(TARGETS nc DESTINATION bin)
-	install(FILES nc.1 DESTINATION share/man/man1)
-endif()
-
-endif()

apps/nc/Makefile.am

@@ -9,7 +9,6 @@ noinst_PROGRAMS = nc
 endif
 
 EXTRA_DIST = nc.1
-EXTRA_DIST += CMakeLists.txt
 
 nc_LDADD = $(PLATFORM_LDADD) $(PROG_LDADD)
 nc_LDADD += $(abs_top_builddir)/crypto/libcrypto.la

apps/openssl/CMakeLists.txt

@@ -1,89 +0,0 @@
-include_directories(
-	.
-	../../include
-	../../include/compat
-)
-
-set(
-	OPENSSL_SRC
-	apps.c
-	asn1pars.c
-	ca.c
-	ciphers.c
-	cms.c
-	crl.c
-	crl2p7.c
-	dgst.c
-	dh.c
-	dhparam.c
-	dsa.c
-	dsaparam.c
-	ec.c
-	ecparam.c
-	enc.c
-	errstr.c
-	gendh.c
-	gendsa.c
-	genpkey.c
-	genrsa.c
-	nseq.c
-	ocsp.c
-	openssl.c
-	passwd.c
-	pkcs12.c
-	pkcs7.c
-	pkcs8.c
-	pkey.c
-	pkeyparam.c
-	pkeyutl.c
-	prime.c
-	rand.c
-	req.c
-	rsa.c
-	rsautl.c
-	s_cb.c
-	s_client.c
-	s_server.c
-	s_socket.c
-	s_time.c
-	sess_id.c
-	smime.c
-	speed.c
-	spkac.c
-	ts.c
-	verify.c
-	version.c
-	x509.c
-)
-
-if(CMAKE_HOST_UNIX)
-	set(OPENSSL_SRC ${OPENSSL_SRC} apps_posix.c)
-	set(OPENSSL_SRC ${OPENSSL_SRC} certhash.c)
-endif()
-
-if(CMAKE_HOST_WIN32)
-	set(OPENSSL_SRC ${OPENSSL_SRC} apps_win.c)
-	set(OPENSSL_SRC ${OPENSSL_SRC} certhash_win.c)
-	set(OPENSSL_SRC ${OPENSSL_SRC} compat/poll_win.c)
-endif()
-
-check_function_exists(strtonum HAVE_STRTONUM)
-if(HAVE_STRTONUM)
-	add_definitions(-DHAVE_STRTONUM)
-else()
-	set(OPENSSL_SRC ${OPENSSL_SRC} compat/strtonum.c)
-endif()
-
-add_executable(openssl ${OPENSSL_SRC})
-target_link_libraries(openssl ${OPENSSL_LIBS})
-
-install(TARGETS openssl DESTINATION bin)
-install(FILES openssl.1 DESTINATION share/man/man1)
-
-if(NOT "${OPENSSLDIR}" STREQUAL "")
-	set(CONF_DIR "${OPENSSLDIR}")
-else()
-	set(CONF_DIR "${CMAKE_INSTALL_PREFIX}/etc/ssl")
-endif()
-install(FILES cert.pem openssl.cnf x509v3.cnf DESTINATION ${CONF_DIR})
-install(DIRECTORY DESTINATION ${CONF_DIR}/cert)

apps/openssl/Makefile.am

@@ -89,7 +89,6 @@ noinst_HEADERS += timeouts.h
 EXTRA_DIST = cert.pem
 EXTRA_DIST += openssl.cnf
 EXTRA_DIST += x509v3.cnf
-EXTRA_DIST += CMakeLists.txt
 
 install-exec-hook:
 	@if [ "@OPENSSLDIR@x" != "x" ]; then \

cmake_uninstall.cmake.in

@@ -1,21 +0,0 @@
-if(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
-	message(FATAL_ERROR "Cannot find install manifest: @CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
-endif(NOT EXISTS "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt")
-
-file(READ "@CMAKE_CURRENT_BINARY_DIR@/install_manifest.txt" files)
-string(REGEX REPLACE "\n" ";" files "${files}")
-foreach(file ${files})
-	message(STATUS "Uninstalling $ENV{DESTDIR}${file}")
-	if(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
-		exec_program(
-			"@CMAKE_COMMAND@" ARGS "-E remove \"$ENV{DESTDIR}${file}\""
-			OUTPUT_VARIABLE rm_out
-			RETURN_VALUE rm_retval
-			)
-		if(NOT "${rm_retval}" STREQUAL 0)
-			message(FATAL_ERROR "Problem when removing $ENV{DESTDIR}${file}")
-		endif(NOT "${rm_retval}" STREQUAL 0)
-	else(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
-		message(STATUS "File $ENV{DESTDIR}${file} does not exist.")
-	endif(IS_SYMLINK "$ENV{DESTDIR}${file}" OR EXISTS "$ENV{DESTDIR}${file}")
-endforeach(file)

crypto/CMakeLists.txt

@@ -8,107 +8,16 @@ include_directories(
 	modes
 )
 
-if(HOST_ASM_ELF_X86_64)
-	set(
-		ASM_X86_64_ELF_SRC
-		aes/aes-elf-x86_64.s
-		aes/bsaes-elf-x86_64.s
-		aes/vpaes-elf-x86_64.s
-		aes/aesni-elf-x86_64.s
-		aes/aesni-sha1-elf-x86_64.s
-		bn/modexp512-elf-x86_64.s
-		bn/mont-elf-x86_64.s
-		bn/mont5-elf-x86_64.s
-		bn/gf2m-elf-x86_64.s
-		camellia/cmll-elf-x86_64.s
-		md5/md5-elf-x86_64.s
-		modes/ghash-elf-x86_64.s
-		rc4/rc4-elf-x86_64.s
-		rc4/rc4-md5-elf-x86_64.s
-		sha/sha1-elf-x86_64.s
-		sha/sha256-elf-x86_64.S
-		sha/sha512-elf-x86_64.S
-		whrlpool/wp-elf-x86_64.s
-		cpuid-elf-x86_64.S
-	)
-	add_definitions(-DAES_ASM)
-	add_definitions(-DBSAES_ASM)
-	add_definitions(-DVPAES_ASM)
-	add_definitions(-DOPENSSL_IA32_SSE2)
-	add_definitions(-DOPENSSL_BN_ASM_MONT)
-	add_definitions(-DOPENSSL_BN_ASM_MONT5)
-	add_definitions(-DOPENSSL_BN_ASM_GF2m)
-	add_definitions(-DMD5_ASM)
-	add_definitions(-DGHASH_ASM)
-	add_definitions(-DRSA_ASM)
-	add_definitions(-DSHA1_ASM)
-	add_definitions(-DSHA256_ASM)
-	add_definitions(-DSHA512_ASM)
-	add_definitions(-DWHIRLPOOL_ASM)
-	add_definitions(-DOPENSSL_CPUID_OBJ)
-	set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_ELF_SRC})
-	set_property(SOURCE ${ASM_X86_64_ELF_SRC} PROPERTY LANGUAGE C)
-endif()
-
-if(HOST_ASM_MACOSX_X86_64)
-	set(
-		ASM_X86_64_MACOSX_SRC
-		aes/aes-macosx-x86_64.s
-		aes/bsaes-macosx-x86_64.s
-		aes/vpaes-macosx-x86_64.s
-		aes/aesni-macosx-x86_64.s
-		aes/aesni-sha1-macosx-x86_64.s
-		bn/modexp512-macosx-x86_64.s
-		bn/mont-macosx-x86_64.s
-		bn/mont5-macosx-x86_64.s
-		bn/gf2m-macosx-x86_64.s
-		camellia/cmll-macosx-x86_64.s
-		md5/md5-macosx-x86_64.s
-		modes/ghash-macosx-x86_64.s
-		rc4/rc4-macosx-x86_64.s
-		rc4/rc4-md5-macosx-x86_64.s
-		sha/sha1-macosx-x86_64.s
-		sha/sha256-macosx-x86_64.S
-		sha/sha512-macosx-x86_64.S
-		whrlpool/wp-macosx-x86_64.s
-		cpuid-macosx-x86_64.S
-	)
-	add_definitions(-DAES_ASM)
-	add_definitions(-DBSAES_ASM)
-	add_definitions(-DVPAES_ASM)
-	add_definitions(-DOPENSSL_IA32_SSE2)
-	add_definitions(-DOPENSSL_BN_ASM_MONT)
-	add_definitions(-DOPENSSL_BN_ASM_MONT5)
-	add_definitions(-DOPENSSL_BN_ASM_GF2m)
-	add_definitions(-DMD5_ASM)
-	add_definitions(-DGHASH_ASM)
-	add_definitions(-DRSA_ASM)
-	add_definitions(-DSHA1_ASM)
-	add_definitions(-DSHA256_ASM)
-	add_definitions(-DSHA512_ASM)
-	add_definitions(-DWHIRLPOOL_ASM)
-	add_definitions(-DOPENSSL_CPUID_OBJ)
-	set(CRYPTO_SRC ${CRYPTO_SRC} ${ASM_X86_64_MACOSX_SRC})
-	set_property(SOURCE ${ASM_X86_64_MACOSX_SRC} PROPERTY LANGUAGE C)
-endif()
-
-if((NOT HOST_ASM_ELF_X86_64) AND (NOT HOST_ASM_MACOSX_X86_64))
-	set(
-		CRYPTO_SRC
-		${CRYPTO_SRC}
-		aes/aes_cbc.c
-		aes/aes_core.c
-		camellia/camellia.c
-		camellia/cmll_cbc.c
-		rc4/rc4_enc.c
-		rc4/rc4_skey.c
-		whrlpool/wp_block.c
-	)
-endif()
-
 set(
 	CRYPTO_SRC
-	${CRYPTO_SRC}
+
+	aes/aes_cbc.c
+	aes/aes_core.c
+	camellia/camellia.c
+	camellia/cmll_cbc.c
+	rc4/rc4_enc.c
+	rc4/rc4_skey.c
+	whrlpool/wp_block.c
 	cpt_err.c
 	cryptlib.c
 	cversion.c
@@ -708,8 +617,6 @@ if(NOT HAVE_ARC4RANDOM_BUF)
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_aix.c)
 		elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_freebsd.c)
-		elseif(CMAKE_SYSTEM_NAME MATCHES "HP-UX")
-			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_hpux.c)
 		elseif(CMAKE_SYSTEM_NAME MATCHES "Linux")
 			set(CRYPTO_SRC ${CRYPTO_SRC} compat/getentropy_linux.c)
 		elseif(CMAKE_SYSTEM_NAME MATCHES "NetBSD")
@@ -722,10 +629,6 @@ if(NOT HAVE_ARC4RANDOM_BUF)
 	endif()
 endif()
 
-if(NOT HAVE_ARC4RANDOM_UNIFORM)
-	set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random_uniform.c)
-endif()
-
 if(NOT HAVE_TIMINGSAFE_BCMP)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c)
 endif()
@@ -734,27 +637,10 @@ if(NOT HAVE_TIMINGSAFE_MEMCMP)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_memcmp.c)
 endif()
 
-if(NOT ENABLE_ASM)
-	add_definitions(-DOPENSSL_NO_ASM)
-else()
-	if(CMAKE_HOST_WIN32)
-		add_definitions(-DOPENSSL_NO_ASM)
-	endif()
-endif()
-
-if(NOT "${OPENSSLDIR}" STREQUAL "")
-	add_definitions(-DOPENSSLDIR=\"${OPENSSLDIR}\")
-else()
-	add_definitions(-DOPENSSLDIR=\"${CMAKE_INSTALL_PREFIX}/etc/ssl\")
-endif()
-
 if (BUILD_SHARED)
 	add_library(crypto-objects OBJECT ${CRYPTO_SRC})
 	add_library(crypto STATIC $<TARGET_OBJECTS:crypto-objects>)
 	add_library(crypto-shared SHARED $<TARGET_OBJECTS:crypto-objects>)
-	if (MSVC)
-		target_link_libraries(crypto-shared crypto Ws2_32.lib)
-	endif()
 	set_target_properties(crypto-shared PROPERTIES OUTPUT_NAME crypto)
 	set_target_properties(crypto-shared PROPERTIES VERSION
 		${CRYPTO_VERSION} SOVERSION ${CRYPTO_MAJOR_VERSION})

include/CMakeLists.txt

@@ -2,4 +2,4 @@ install(DIRECTORY .
         DESTINATION include
         PATTERN "CMakeLists.txt" EXCLUDE
         PATTERN "compat" EXCLUDE
-        PATTERN "Makefile*" EXCLUDE)
+        PATTERN "Makefile.*" EXCLUDE)

libcrypto.pc.in

@@ -11,5 +11,5 @@ Version: @VERSION@
 Requires:
 Conflicts:
 Libs: -L${libdir} -lcrypto
-Libs.private: @LIBS@ @PLATFORM_LDADD@
+Libs.private: @LIBS@
 Cflags: -I${includedir}

libssl.pc.in

@@ -12,5 +12,5 @@ Requires:
 Requires.private: libcrypto
 Conflicts:
 Libs: -L${libdir} -lssl
-Libs.private: @LIBS@ -lcrypto @PLATFORM_LDADD@
+Libs.private: @LIBS@ -lcrypto
 Cflags: -I${includedir}

libtls.pc.in

@@ -12,5 +12,5 @@ Requires:
 Requires.private: libcrypto libssl
 Conflicts:
 Libs: -L${libdir} -ltls
-Libs.private: @LIBS@ -lcrypto -lssl @PLATFORM_LDADD@
+Libs.private: @LIBS@ -lcrypto -lssl
 Cflags: -I${includedir}

m4/check-libc.m4

@@ -47,52 +47,7 @@ AM_CONDITIONAL([HAVE_B64_NTOP], [test "x$ac_cv_func_b64_ntop_arg" = xyes])
 AC_DEFUN([CHECK_CRYPTO_COMPAT], [
 # Check crypto-related libc functions and syscalls
 AC_CHECK_FUNCS([arc4random arc4random_buf arc4random_uniform])
-AC_CHECK_FUNCS([explicit_bzero getauxval])
-
-AC_CACHE_CHECK([for getentropy], ac_cv_func_getentropy, [
-	AC_LINK_IFELSE([AC_LANG_PROGRAM([[
-#include <sys/types.h>
-#include <unistd.h>
-
-/*
- * Explanation:
- *
- *   - iOS <= 10.1 fails because of missing sys/random.h
- *
- *   - in macOS 10.12 getentropy is not tagged as introduced in
- *     10.12 so we cannot use it for target < 10.12
- */
-#ifdef __APPLE__
-#  include <AvailabilityMacros.h>
-#  include <TargetConditionals.h>
-
-# if (TARGET_OS_IPHONE || TARGET_OS_SIMULATOR)
-#  include <sys/random.h> /* Not available as of iOS <= 10.1 */
-# else
-
-#  include <sys/random.h> /* Pre 10.12 systems should die here */
-
-/* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */
-#  ifndef MAC_OS_X_VERSION_10_12
-#    define MAC_OS_X_VERSION_10_12 101200 /* Robustness */
-#  endif
-#  if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
-#    if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
-#      error "Targeting on Mac OSX 10.11 or earlier"
-#    endif
-#  endif
-
-# endif
-#endif /* __APPLE__ */
-		]], [[
-	char buffer;
-	(void)getentropy(&buffer, sizeof (buffer));
-]])],
-	[ ac_cv_func_getentropy="yes" ],
-	[ ac_cv_func_getentropy="no"
-	])
-])
-
+AC_CHECK_FUNCS([explicit_bzero getauxval getentropy])
 AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
 AM_CONDITIONAL([HAVE_ARC4RANDOM], [test "x$ac_cv_func_arc4random" = xyes])
 AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
@@ -104,7 +59,7 @@ AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp"
 
 # Override arc4random_buf implementations with known issues
 AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF],
-	[test "x$USE_BUILTIN_ARC4RANDOM" != xyes \
+	[test "x$USE_BUILTIN_ARC4RANDOM" != yes \
 	   -a "x$ac_cv_func_arc4random_buf" = xyes])
 
 # Check for getentropy fallback dependencies

m4/check-os-options.m4

@@ -17,45 +17,10 @@ case $host_os in
 	*darwin*)
 		HOST_OS=darwin
 		HOST_ABI=macosx
-		#
-		# Don't use arc4random on systems before 10.12 because of
 		# weak seed on failure to open /dev/random, based on latest
 		# public source:
 		# http://www.opensource.apple.com/source/Libc/Libc-997.90.3/gen/FreeBSD/arc4random.c
-		#
-		# We use the presence of getentropy() to detect 10.12. The
-		# following check take into account that:
- 		#
-		#   - iOS <= 10.1 fails because of missing getentropy and
-		#     hence they miss sys/random.h
-		#
-		#   - in macOS 10.12 getentropy is not tagged as introduced in
-		#     10.12 so we cannot use it for target < 10.12
-		#
-		AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
-#include <AvailabilityMacros.h>
-#include <unistd.h>
-#include <sys/random.h>  /* Systems without getentropy() should die here */
-
-/* Based on: https://gitweb.torproject.org/tor.git/commit/?id=16fcbd21 */
-#ifndef MAC_OS_X_VERSION_10_12
-#  define MAC_OS_X_VERSION_10_12 101200
-#endif
-#if defined(MAC_OS_X_VERSION_MIN_REQUIRED)
-#  if MAC_OS_X_VERSION_MIN_REQUIRED < MAC_OS_X_VERSION_10_12
-#    error "Running on Mac OSX 10.11 or earlier"
-#  endif
-#endif
-                       ]], [[
-char buf[1]; getentropy(buf, 1);
-					   ]])],
-                       [ USE_BUILTIN_ARC4RANDOM=no ],
-                       [ USE_BUILTIN_ARC4RANDOM=yes ]
-		)
-		AC_MSG_CHECKING([whether to use builtin arc4random])
-		AC_MSG_RESULT([$USE_BUILTIN_ARC4RANDOM])
-		# Not available on iOS
-		AC_CHECK_HEADER([arpa/telnet.h], [], [BUILD_NC=no])
+		USE_BUILTIN_ARC4RANDOM=yes
 		;;
 	*freebsd*)
 		HOST_OS=freebsd

patches/modes_lcl.h

@@ -1,21 +0,0 @@
---- openbsd/src/lib/libssl/src/crypto/modes/modes_lcl.h	Sat Dec  6 17:15:50 2014
-+++ crypto/modes/modes_lcl.h	Sun Jul 17 17:45:27 2016
-@@ -43,14 +43,16 @@
- 			asm ("bswapl %0"		\
- 			: "+r"(ret));	ret;		})
- # elif (defined(__arm__) || defined(__arm)) && !defined(__STRICT_ALIGNMENT)
--#  define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
-+#  if (__ARM_ARCH >= 6)
-+#   define BSWAP8(x) ({	u32 lo=(u64)(x)>>32,hi=(x);	\
- 			asm ("rev %0,%0; rev %1,%1"	\
- 			: "+r"(hi),"+r"(lo));		\
- 			(u64)hi<<32|lo;			})
--#  define BSWAP4(x) ({	u32 ret;			\
-+#   define BSWAP4(x) ({	u32 ret;			\
- 			asm ("rev %0,%1"		\
- 			: "=r"(ret) : "r"((u32)(x)));	\
- 			ret;				})
-+#  endif
- # endif
- #endif
- #endif

patches/netcat.c.patch

@@ -1,6 +1,17 @@
---- apps/nc/netcat.c.orig	Thu Jun 30 19:56:49 2016
-+++ apps/nc/netcat.c	Thu Jun 30 19:59:09 2016
-@@ -65,7 +65,9 @@
+--- apps/nc/netcat.c.orig	Mon Dec 28 08:46:10 2015
++++ apps/nc/netcat.c	Mon Dec 28 08:46:19 2015
+@@ -57,6 +57,10 @@
+ #include <tls.h>
+ #include "atomicio.h"
+ 
++#ifndef IPV6_TCLASS
++#define IPV6_TCLASS -1
++#endif
++
+ #define PORT_MAX	65535
+ #define UNIX_DG_TMP_SOCKET_SIZE	19
+ 
+@@ -65,7 +69,9 @@
  #define POLL_NETIN 2
  #define POLL_STDOUT 3
  #define BUFSIZE 16384
@@ -10,7 +21,7 @@
  
  #define TLS_LEGACY	(1 << 1)
  #define TLS_NOVERIFY	(1 << 2)
-@@ -92,9 +94,13 @@
+@@ -92,9 +98,13 @@
  int	Dflag;					/* sodebug */
  int	Iflag;					/* TCP receive buffer size */
  int	Oflag;					/* TCP send buffer size */
@@ -24,7 +35,7 @@
  
  int	usetls;					/* use TLS */
  char    *Cflag;					/* Public cert file */
-@@ -152,7 +158,7 @@
+@@ -150,7 +160,7 @@
  	struct servent *sv;
  	socklen_t len;
  	struct sockaddr_storage cliaddr;
@@ -33,7 +44,7 @@
  	const char *errstr, *proxyhost = "", *proxyport = NULL;
  	struct addrinfo proxyhints;
  	char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
-@@ -262,12 +268,14 @@
+@@ -251,12 +261,14 @@
  		case 'u':
  			uflag = 1;
  			break;
@@ -48,7 +59,7 @@
  		case 'v':
  			vflag = 1;
  			break;
-@@ -300,9 +308,11 @@
+@@ -289,9 +301,11 @@
  				errx(1, "TCP send window %s: %s",
  				    errstr, optarg);
  			break;
@@ -60,7 +71,7 @@
  		case 'T':
  			errstr = NULL;
  			errno = 0;
-@@ -326,9 +336,11 @@
+@@ -315,9 +329,11 @@
  	argc -= optind;
  	argv += optind;
  
@@ -72,7 +83,7 @@
  
  	if (family == AF_UNIX) {
  		if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
-@@ -480,7 +492,10 @@
+@@ -460,7 +476,10 @@
  				errx(1, "-H and -T noverify may not be used"
  				    "together");
  			tls_config_insecure_noverifycert(tls_cfg);
@@ -84,19 +95,19 @@
  	}
  	if (lflag) {
  		struct tls *tls_cctx = NULL;
-@@ -832,7 +847,10 @@
+@@ -807,7 +826,10 @@
  remote_connect(const char *host, const char *port, struct addrinfo hints)
  {
  	struct addrinfo *res, *res0;
--	int s, error, on = 1, save_errno;
-+	int s, error, save_errno;
+-	int s, error, on = 1;
++	int s, error;
 +#ifdef SO_BINDANY
 +	int on = 1;
 +#endif
  
  	if ((error = getaddrinfo(host, port, &hints, &res)))
  		errx(1, "getaddrinfo: %s", gai_strerror(error));
-@@ -847,8 +865,10 @@
+@@ -822,8 +844,10 @@
  		if (sflag || pflag) {
  			struct addrinfo ahints, *ares;
  
@@ -107,19 +118,19 @@
  			memset(&ahints, 0, sizeof(struct addrinfo));
  			ahints.ai_family = res0->ai_family;
  			ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
-@@ -919,7 +939,10 @@
+@@ -892,7 +916,10 @@
  local_listen(char *host, char *port, struct addrinfo hints)
  {
  	struct addrinfo *res, *res0;
--	int s, ret, x = 1, save_errno;
-+	int s, save_errno;
+-	int s, ret, x = 1;
++	int s;
 +#ifdef SO_REUSEPORT
 +	int ret, x = 1;
 +#endif
  	int error;
  
  	/* Allow nodename to be null. */
-@@ -941,9 +964,11 @@
+@@ -914,9 +941,11 @@
  		    res0->ai_protocol)) < 0)
  			continue;
  
@@ -131,7 +142,7 @@
  
  		set_common_sockopts(s, res0->ai_family);
  
-@@ -1401,11 +1426,13 @@
+@@ -1356,11 +1385,13 @@
  {
  	int x = 1;
  
@@ -145,26 +156,7 @@
  	if (Dflag) {
  		if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
  			&x, sizeof(x)) == -1)
-@@ -1442,13 +1469,17 @@
- 	}
- 
- 	if (minttl != -1) {
-+#ifdef IP_MINTTL
- 		if (af == AF_INET && setsockopt(s, IPPROTO_IP,
- 		    IP_MINTTL, &minttl, sizeof(minttl)))
- 			err(1, "set IP min TTL");
-+#endif
- 
--		else if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
-+#ifdef IPV6_MINHOPCOUNT
-+		if (af == AF_INET6 && setsockopt(s, IPPROTO_IPV6,
- 		    IPV6_MINHOPCOUNT, &minttl, sizeof(minttl)))
- 			err(1, "set IPv6 min hop count");
-+#endif
- 	}
- }
- 
-@@ -1605,14 +1636,22 @@
+@@ -1538,14 +1569,22 @@
  	\t-P proxyuser\tUsername for proxy authentication\n\
  	\t-p port\t	Specify local port for remote connects\n\
  	\t-R CAfile	CA bundle\n\

patches/ssl_txt.c.patch

@@ -1,19 +0,0 @@
---- ssl/ssl_txt.orig	Sun Jul 17 17:26:59 2016
-+++ ssl/ssl_txt.c	Sun Jul 17 17:35:44 2016
-@@ -82,6 +82,7 @@
-  * OTHERWISE.
-  */
- 
-+#include <inttypes.h>
- #include <stdio.h>
- 
- #include <openssl/buffer.h>
-@@ -163,7 +164,7 @@
- 	}
- 
- 	if (x->time != 0) {
--		if (BIO_printf(bp, "\n    Start Time: %lld", (long long)x->time) <= 0)
-+		if (BIO_printf(bp, "\n    Start Time: %"PRId64, (int64_t)x->time) <= 0)
- 			goto err;
- 	}
- 	if (x->timeout != 0L) {

ssl/CMakeLists.txt

@@ -52,9 +52,6 @@ if (BUILD_SHARED)
 	add_library(ssl-objects OBJECT ${SSL_SRC})
 	add_library(ssl STATIC $<TARGET_OBJECTS:ssl-objects>)
 	add_library(ssl-shared SHARED $<TARGET_OBJECTS:ssl-objects>)
-	if (MSVC)
-		target_link_libraries(ssl-shared crypto-shared Ws2_32.lib)
-	endif()
 	set_target_properties(ssl-shared PROPERTIES OUTPUT_NAME ssl)
 	set_target_properties(ssl-shared PROPERTIES VERSION ${SSL_VERSION}
 		SOVERSION ${SSL_MAJOR_VERSION})

tests/CMakeLists.txt

@@ -9,11 +9,14 @@ include_directories(
 	../apps/openssl/compat
 )
 
+set(ENV{srcdir} ${CMAKE_CURRENT_SOURCE_DIR})
+
 # aeadtest
-add_executable(aeadtest aeadtest.c)
-target_link_libraries(aeadtest ${OPENSSL_LIBS})
-add_test(aeadtest ${CMAKE_CURRENT_SOURCE_DIR}/aeadtest.sh)
-set_tests_properties(aeadtest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
+#add_executable(aeadtest aeadtest.c)
+#target_link_libraries(aeadtest ${OPENSSL_LIBS})
+#add_test(aeadtest aeadtest.sh)
+#configure_file(aeadtests.txt aeadtests.txt COPYONLY)
+#configure_file(aeadtest.sh aeadtest.sh COPYONLY)
 
 # aes_wrap
 add_executable(aes_wrap aes_wrap.c)
@@ -22,7 +25,7 @@ add_test(aes_wrap aes_wrap)
 
 # arc4randomforktest
 # Windows/mingw does not have fork, but Cygwin does.
-if(NOT CMAKE_HOST_WIN32 AND NOT CMAKE_SYSTEM_NAME MATCHES "MINGW")
+if(NOT CMAKE_HOST_WIN32)
 add_executable(arc4randomforktest arc4randomforktest.c)
 target_link_libraries(arc4randomforktest ${OPENSSL_LIBS})
 add_test(arc4randomforktest ${CMAKE_CURRENT_SOURCE_DIR}/arc4randomforktest.sh)
@@ -48,14 +51,6 @@ add_executable(bftest bftest.c)
 target_link_libraries(bftest ${OPENSSL_LIBS})
 add_test(bftest bftest)
 
-# biotest
-# the BIO tests rely on resolver results that are OS and environment-specific
-if(ENABLE_EXTRATESTS)
-	add_executable(biotest biotest.c)
-	target_link_libraries(biotest ${OPENSSL_LIBS})
-	add_test(biotest biotest)
-endif()
-
 # bntest
 add_executable(bntest bntest.c)
 target_link_libraries(bntest ${OPENSSL_LIBS})
@@ -132,21 +127,19 @@ target_link_libraries(enginetest ${OPENSSL_LIBS})
 add_test(enginetest enginetest)
 
 # evptest
-add_executable(evptest evptest.c)
-target_link_libraries(evptest ${OPENSSL_LIBS})
-add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh)
-set_tests_properties(evptest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
+#add_executable(evptest evptest.c)
+#target_link_libraries(evptest ${OPENSSL_LIBS})
+#add_test(evptest ${CMAKE_CURRENT_SOURCE_DIR}/evptest.sh)
 
 # explicit_bzero
 # explicit_bzero relies on SA_ONSTACK, which is unavailable on Windows
 if(NOT CMAKE_HOST_WIN32)
-if(HAVE_MEMMEM)
-	add_executable(explicit_bzero explicit_bzero.c)
-else()
-	add_executable(explicit_bzero explicit_bzero.c memmem.c)
-endif()
+add_executable(explicit_bzero explicit_bzero.c)
 target_link_libraries(explicit_bzero ${OPENSSL_LIBS})
 add_test(explicit_bzero explicit_bzero)
+#if !HAVE_MEMMEM
+#explicit_bzero_SOURCES += memmem.c
+#endif
 endif()
 
 # exptest
@@ -194,19 +187,6 @@ add_executable(mont mont.c)
 target_link_libraries(mont ${OPENSSL_LIBS})
 add_test(mont mont)
 
-# ocsp_test
-if(ENABLE_EXTRATESTS)
-	if(NOT "${OPENSSLDIR}" STREQUAL "")
-		add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
-	else()
-		add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
-	endif()
-	add_executable(ocsp_test ocsp_test.c)
-	target_link_libraries(ocsp_test ${OPENSSL_LIBS})
-	add_test(ocsptest ${CMAKE_CURRENT_SOURCE_DIR}/ocsptest.sh)
-	set_tests_properties(ocsptest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
-endif()
-
 # optionstest
 add_executable(optionstest optionstest.c)
 target_link_libraries(optionstest ${OPENSSL_LIBS})
@@ -217,15 +197,6 @@ add_executable(pbkdf2 pbkdf2.c)
 target_link_libraries(pbkdf2 ${OPENSSL_LIBS})
 add_test(pbkdf2 pbkdf2)
 
-# pidwraptest
-# pidwraptest relies on an OS-specific way to give out pids and is generally
-# awkward on systems with slow fork
-if(ENABLE_EXTRATESTS)
-	add_executable(pidwraptest pidwraptest.c)
-	target_link_libraries(pidwraptest ${OPENSSL_LIBS})
-	add_test(pidwraptest ${CMAKE_CURRENT_SOURCE_DIR}/pidwraptest.sh)
-endif()
-
 # pkcs7test
 add_executable(pkcs7test pkcs7test.c)
 target_link_libraries(pkcs7test ${OPENSSL_LIBS})
@@ -237,10 +208,9 @@ target_link_libraries(poly1305test ${OPENSSL_LIBS})
 add_test(poly1305test poly1305test)
 
 # pq_test
-add_executable(pq_test pq_test.c)
-target_link_libraries(pq_test ${OPENSSL_LIBS})
-add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
-set_tests_properties(pq_test PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
+#add_executable(pq_test pq_test.c)
+#target_link_libraries(pq_test ${OPENSSL_LIBS})
+#add_test(pq_test ${CMAKE_CURRENT_SOURCE_DIR}/pq_test.sh)
 
 # randtest
 add_executable(randtest randtest.c)
@@ -260,11 +230,7 @@ add_test(rc4test rc4test)
 # rfc5280time
 add_executable(rfc5280time rfc5280time.c)
 target_link_libraries(rfc5280time ${OPENSSL_LIBS})
-if(SMALL_TIME_T)
-	add_test(rfc5280time ${CMAKE_CURRENT_SOURCE_DIR}/rfc5280time_small.test)
-else()
-	add_test(rfc5280time rfc5280time)
-endif()
+add_test(rfc5280time rfc5280time)
 
 # rmdtest
 add_executable(rmdtest rmdtest.c)
@@ -287,22 +253,18 @@ target_link_libraries(sha512test ${OPENSSL_LIBS})
 add_test(sha512test sha512test)
 
 # ssltest
-add_executable(ssltest ssltest.c)
-target_link_libraries(ssltest ${OPENSSL_LIBS})
-add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
-set_tests_properties(ssltest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
+#add_executable(ssltest ssltest.c)
+#target_link_libraries(ssltest ${OPENSSL_LIBS})
+#add_test(ssltest ${CMAKE_CURRENT_SOURCE_DIR}/ssltest.sh)
 
 # testdsa
-add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
-set_tests_properties(testdsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
+#add_test(testdsa ${CMAKE_CURRENT_SOURCE_DIR}/testdsa.sh)
 
 # testenc
 add_test(testenc ${CMAKE_CURRENT_SOURCE_DIR}/testenc.sh)
-set_tests_properties(testenc PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
 
 # testrsa
-add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
-set_tests_properties(testrsa PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
+#add_test(testrsa ${CMAKE_CURRENT_SOURCE_DIR}/testrsa.sh)
 
 # timingsafe
 add_executable(timingsafe timingsafe.c)

tests/Makefile.am

@@ -208,14 +208,6 @@ TESTS += mont
 check_PROGRAMS += mont
 mont_SOURCES = mont.c
 
-# ocsp_test
-if ENABLE_EXTRATESTS
-TESTS += ocsptest.sh
-check_PROGRAMS += ocsp_test
-ocsp_test_SOURCES = ocsp_test.c
-endif
-EXTRA_DIST += ocsptest.sh
-
 # optionstest
 TESTS += optionstest
 check_PROGRAMS += optionstest

tests/ocsptest.sh

@@ -1,8 +0,0 @@
-#!/bin/sh
-set -e
-TEST=./ocsp_test
-if [ -e ./ocsp_test.exe ]; then
-	TEST=./ocsp_test.exe
-fi
-$TEST www.amazon.com 443
-$TEST cloudflare.com 443

tests/ssltest.sh

@@ -6,16 +6,9 @@ if [ -e ./ssltest.exe ]; then
 	ssltest_bin=./ssltest.exe
 fi
 
-if [ -d ../apps/openssl ]; then
-	openssl_bin=../apps/openssl/openssl
-	if [ -e ../apps/openssl/openssl.exe ]; then
-		openssl_bin=../apps/openssl/openssl.exe
-	fi
-else
-	openssl_bin=../apps/openssl
-	if [ -e ../apps/openssl.exe ]; then
-		openssl_bin=../apps/openssl.exe
-	fi
+openssl_bin=../apps/openssl/openssl
+if [ -e ../apps/openssl/openssl.exe ]; then
+	openssl_bin=../apps/openssl/openssl.exe
 fi
 
 if [ -z $srcdir ]; then

tests/testdsa.sh

@@ -4,16 +4,9 @@
 
 #Test DSA certificate generation of openssl
 
-if [ -d ../apps/openssl ]; then
-	cmd=../apps/openssl/openssl
-	if [ -e ../apps/openssl/openssl.exe ]; then
-		cmd=../apps/openssl/openssl.exe
-	fi
-else
-	cmd=../apps/openssl
-	if [ -e ../apps/openssl.exe ]; then
-		cmd=../apps/openssl.exe
-	fi
+cmd=../apps/openssl/openssl
+if [ -e ../apps/openssl/openssl.exe ]; then
+	cmd=../apps/openssl/openssl.exe
 fi
 
 if [ -z $srcdir ]; then

tests/testenc.sh

@@ -2,23 +2,12 @@
 #	$OpenBSD: testenc.sh,v 1.1 2014/08/26 17:50:07 jsing Exp $
 
 test=p
-if [ -d ../apps/openssl ]; then
-	cmd=../apps/openssl/openssl
-	if [ -e ../apps/openssl/openssl.exe ]; then
-		cmd=../apps/openssl/openssl.exe
-	fi
-else
-	cmd=../apps/openssl
-	if [ -e ../apps/openssl.exe ]; then
-		cmd=../apps/openssl.exe
-	fi
+cmd=../apps/openssl/openssl
+if [ -e ../apps/openssl/openssl.exe ]; then
+	cmd=../apps/openssl/openssl.exe
 fi
 
-if [ -z $srcdir ]; then
-	srcdir=.
-fi
-
-cat $srcdir/openssl.cnf >$test;
+cat openssl.cnf >$test;
 
 echo cat
 $cmd enc < $test > $test.cipher

tests/testrsa.sh

@@ -4,16 +4,9 @@
 
 #Test RSA certificate generation of openssl
 
-if [ -d ../apps/openssl ]; then
-	cmd=../apps/openssl/openssl
-	if [ -e ../apps/openssl/openssl.exe ]; then
-		cmd=../apps/openssl/openssl.exe
-	fi
-else
-	cmd=../apps/openssl
-	if [ -e ../apps/openssl.exe ]; then
-		cmd=../apps/openssl.exe
-	fi
+cmd=../apps/openssl/openssl
+if [ -e ../apps/openssl/openssl.exe ]; then
+	cmd=../apps/openssl/openssl.exe
 fi
 
 if [ -z $srcdir ]; then

tls/CMakeLists.txt

@@ -17,23 +17,14 @@ set(
 )
 
 
-if(NOT HAVE_STRSEP)
+if(NOT HAVE_STRCASECMP)
 	set(TLS_SRC ${TLS_SRC} strsep.c)
 endif()
 
-if(NOT "${OPENSSLDIR}" STREQUAL "")
-	add_definitions(-D_PATH_SSL_CA_FILE=\"${OPENSSLDIR}/cert.pem\")
-else()
-	add_definitions(-D_PATH_SSL_CA_FILE=\"${CMAKE_INSTALL_PREFIX}/etc/ssl/cert.pem\")
-endif()
-
 if (BUILD_SHARED)
 	add_library(tls-objects OBJECT ${TLS_SRC})
 	add_library(tls STATIC $<TARGET_OBJECTS:tls-objects>)
 	add_library(tls-shared SHARED $<TARGET_OBJECTS:tls-objects>)
-	if (MSVC)
-		target_link_libraries(tls-shared ssl-shared crypto-shared Ws2_32.lib)
-	endif()
 	set_target_properties(tls-shared PROPERTIES OUTPUT_NAME tls)
 	set_target_properties(tls-shared PROPERTIES VERSION ${TLS_VERSION}
 		SOVERSION ${TLS_MAJOR_VERSION})

update.sh

@@ -13,7 +13,6 @@ if [ ! -d openbsd ]; then
 	fi
 fi
 (cd openbsd
- git fetch
  git checkout $openbsd_branch
  git pull --rebase)