remove OPENSSL_ia32cap_P from crypto.sym when generated

It looks like this was copied and pasted from libssl.pc.in. This patch
identifies it as libcrypto rather than libssl.

.gitignore

@@ -61,14 +61,15 @@ tests/rfc5280time*
 tests/ssl_versions*
 tests/timingsafe*
 tests/tls_ext_alpn*
+tests/tls_prf*
 tests/*test
 tests/tests.h
 tests/*test.c
-tests/memmem.c
 tests/pbkdf2*
 tests/*.pem
 tests/testssl
 tests/*.txt
+tests/compat/*.c
 !tests/optionstest.c
 !tests/*.test
 
@@ -127,6 +128,7 @@ include/openssl/*.h
 /apps/nc/*.c
 /apps/nc/nc*
 !/apps/nc/readpassphrase.c
+/apps/nc/compat/*.c
 
 /apps/openssl/*.h
 /apps/openssl/*.c
@@ -141,6 +143,7 @@ include/openssl/*.h
 !/crypto/compat/arc4random.h
 !/crypto/compat/b_win.c
 !/crypto/compat/explicit_bzero_win.c
+!/crypto/compat/getpagesize.c
 !/crypto/compat/posix_win.c
 !/crypto/compat/bsd_asprintf.c
 !/crypto/compat/inet_pton.c
@@ -164,3 +167,4 @@ openbsd/
 
 *.tar.gz
 man/Makefile.am
+man/mandoc.db

CMakeLists.txt

@@ -219,6 +219,11 @@ if(HAVE_GETENTROPY)
 	add_definitions(-DHAVE_GETENTROPY)
 endif()
 
+check_function_exists(getpagesize HAVE_GETPAGESIZE)
+if(HAVE_GETPAGESIZE)
+	add_definitions(-DHAVE_GETPAGESIZE)
+endif()
+
 check_function_exists(timingsafe_bcmp HAVE_TIMINGSAFE_BCMP)
 if(HAVE_TIMINGSAFE_BCMP)
 	add_definitions(-DHAVE_TIMINGSAFE_BCMP)

ChangeLog

@@ -28,6 +28,60 @@ history is also available from Git.
 
 LibreSSL Portable Release Notes:
 
+2.5.4 - Security Updates
+
+	* Revert a previous change that forced consistency between return
+	  value and error code when specifing a certificate verification
+	  callback, since this breaks the documented API. When a user supplied
+	  callback always returns 1, and later code checks the error code to
+	  potentially abort post verification, this will result in incorrect
+	  successul certificate verification.
+
+	* Switched Linux getrandom() usage to non-blocking mode, continuing to
+	  use fallback mechanims if unsuccessful. This works around a design
+	  flaw in Linux getrandom(2) where early boot usage in a library makes
+	  it impossible to recover if getrandom(2) is not yet initialized.
+
+	* Fixed a bug caused by the return value being set early to signal
+	  successful DTLS cookie validation. This can mask a later failure and
+	  result in a positive return value being returned from
+	  ssl3_get_client_hello(), when it should return a negative value to
+	  propagate the error.
+
+	* Fixed a build error on non-x86/x86_64 systems running Solaris.
+
+2.5.3 - OpenBSD 6.1 Release
+
+	* Documentation updates
+
+	* Improved ocspcheck(1) error handling
+
+2.5.2 - Security features and bugfixes
+
+	* Added the recallocarray(3) memory allocation function, and converted
+	  various places in the library to use it, such as CBB and BUF_MEM_grow.
+	  recallocarray(3) is similar to reallocarray. Newly allocated memory
+	  is cleared similar to calloc(3). Memory that becomes unallocated
+	  while shrinking or moving existing allocations is explicitly
+	  discarded by unmapping or clearing to 0
+
+	* Added new root CAs from SECOM Trust Systems / Security Communication
+	  of Japan.
+
+	* Added EVP interface for MD5+SHA1 hashes.
+
+	* Fixed DTLS client failures when the server sends a certificate
+	  request.
+
+	* Correct handling of padding when upgrading an SSLv2 challenge into
+	  an SSLv3/TLS connection.
+
+	* Allow protocols and ciphers to be set on a TLS config object in
+	  libtls.
+
+	* Improved nc(1) TLS handshake CPU usage and server-side error
+	  reporting.
+
 2.5.1 - Bug and security fixes, new features, documentation updates
 
 	* X509_cmp_time() now passes a malformed GeneralizedTime field as an
@@ -75,10 +129,10 @@ LibreSSL Portable Release Notes:
 	  SSL{_CTX}_set1_groups{_list}() - also provide defines for the previous
 	  SSL{_CTX}_set1_curves{_list} names. This also changes the default
 	  list of curves to be X25519, P-256 and P-384. All other curves must
-          be manually enabled.
+	  be manually enabled.
 
 	* Added -groups option to openssl(1) s_client for specifying the curves
-          to be used in a colon-separated list.
+	  to be used in a colon-separated list.
 
 	* Merged client/server version negotiation code paths into one,
 	  reducing much duplicate code.

OPENBSD_BRANCH

@@ -1 +1 @@
-master
+OPENBSD_6_1

README.windows

@@ -12,7 +12,8 @@ cross compilers on Windows.
 To configure and build LibreSSL for a 32-bit system, use the following
 build steps:
 
- CC=i686-w64-mingw32-gcc ./configure --host=i686-w64-mingw32
+ CC=i686-w64-mingw32-gcc CPPFLAGS=-D__MINGW_USE_VC2005_COMPAT \
+ ./configure --host=i686-w64-mingw32
  make
  make check
 
@@ -22,6 +23,25 @@ For 64-bit builds, use these instead:
  make
  make check
 
+# Why the -D__MINGW_USE_VC2005_COMPAT flag on 32-bit systems?
+
+An ABI change introduced with Microsoft Visual C++ 2005 (also known as
+Visual C++ 8.0) switched time_t from 32-bit to 64-bit. It is important to
+build LibreSSL with 64-bit time_t whenever possible, because 32-bit time_t
+is unable to represent times past 2038 (this is commonly known as the
+Y2K38 problem).
+
+If LibreSSL is built with 32-bit time_t, when verifying a certificate whose
+expiry date is set past 19 January 2038, it will be unable to tell if the
+certificate has expired or not, and thus take the safe stance and reject it.
+
+In order to avoid this, you need to build LibreSSL (and everything that links
+with it) with the -D__MINGW_USE_VC2005_COMPAT flag. This tells mingw-w64 to
+use the new ABI.
+
+64-bit systems always have a 64-bit time_t and are not affected by this
+problem.
+
 # Using Libressl with Visual Studio
 
 A script for generating ready-to-use .DLL and static .LIB files is included in

apps/nc/Makefile.am

@@ -4,6 +4,7 @@ if BUILD_NC
 
 if ENABLE_NC
 bin_PROGRAMS = nc
+dist_man_MANS = nc.1
 else
 noinst_PROGRAMS = nc
 endif

configure.ac

@@ -142,6 +142,12 @@ AM_CONDITIONAL([SMALL_TIME_T], [test "$ac_cv_sizeof_time_t" = "4"])
 if test "$ac_cv_sizeof_time_t" = "4"; then
     echo " ** Warning, this system is unable to represent times past 2038"
     echo " ** It will behave incorrectly when handling valid RFC5280 dates"
+
+    if test "$host_os" = "mingw32" ; then
+        echo " **"
+        echo " ** You can solve this by adjusting the build flags in your"
+        echo " ** mingw-w64 toolchain. Refer to README.windows for details."
+    fi
 fi
 
 AC_REQUIRE_AUX_FILE([tap-driver.sh])

crypto/CMakeLists.txt

@@ -429,6 +429,7 @@ set(
 	evp/m_gostr341194.c
 	evp/m_md4.c
 	evp/m_md5.c
+	evp/m_md5_sha1.c
 	evp/m_null.c
 	evp/m_ripemd.c
 	evp/m_sha1.c
@@ -680,6 +681,10 @@ if(NOT HAVE_ASPRINTF)
 	set(EXTRA_EXPORT ${EXTRA_EXPORT} vasprintf)
 endif()
 
+if(NOT HAVE_GETPAGESIZE)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/getpagesize.c)
+endif()
+
 if(NOT HAVE_INET_PTON)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/inet_pton.c)
 	set(EXTRA_EXPORT ${EXTRA_EXPORT} inet_pton)
@@ -690,6 +695,11 @@ if(NOT HAVE_REALLOCARRAY)
 	set(EXTRA_EXPORT ${EXTRA_EXPORT} reallocarray)
 endif()
 
+if(NOT HAVE_RECALLOCARRAY)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/recallocarray.c)
+	set(EXTRA_EXPORT ${EXTRA_EXPORT} recallocarray)
+endif()
+
 if(NOT HAVE_STRCASECMP)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/strcasecmp.c)
 	set(EXTRA_EXPORT ${EXTRA_EXPORT} strcasecmp)
@@ -736,8 +746,10 @@ endif()
 
 if(NOT HAVE_ARC4RANDOM_BUF)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random.c)
+	set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random_uniform.c)
 	set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random)
 	set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_buf)
+	set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_uniform)
 
 	if(NOT HAVE_GETENTROPY)
 		if(CMAKE_HOST_WIN32)
@@ -761,11 +773,6 @@ if(NOT HAVE_ARC4RANDOM_BUF)
 	endif()
 endif()
 
-if(NOT HAVE_ARC4RANDOM_UNIFORM)
-	set(CRYPTO_SRC ${CRYPTO_SRC} compat/arc4random_uniform.c)
-	set(EXTRA_EXPORT ${EXTRA_EXPORT} arc4random_uniform)
-endif()
-
 if(NOT HAVE_TIMINGSAFE_BCMP)
 	set(CRYPTO_SRC ${CRYPTO_SRC} compat/timingsafe_bcmp.c)
 	set(EXTRA_EXPORT ${EXTRA_EXPORT} timingsafe_bcmp)

crypto/Makefile.am

@@ -15,7 +15,10 @@ EXTRA_DIST += crypto.sym
 # needed for a CMake target
 EXTRA_DIST += compat/strcasecmp.c
 
-libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols $(top_srcdir)/crypto/crypto_portable.sym
+BUILT_SOURCES = crypto_portable.sym
+CLEANFILES = crypto_portable.sym
+
+libcrypto_la_LDFLAGS = -version-info @LIBCRYPTO_VERSION@ -no-undefined -export-symbols crypto_portable.sym
 libcrypto_la_LIBADD = libcompat.la
 if !HAVE_EXPLICIT_BZERO
 libcrypto_la_LIBADD += libcompatnoopt.la
@@ -81,6 +84,10 @@ if !HAVE_ASPRINTF
 libcompat_la_SOURCES += compat/bsd-asprintf.c
 endif
 
+if !HAVE_GETPAGESIZE
+libcompat_la_SOURCES += compat/getpagesize.c
+endif
+
 if !HAVE_INET_PTON
 libcompat_la_SOURCES += compat/inet_pton.c
 endif
@@ -93,6 +100,10 @@ if !HAVE_REALLOCARRAY
 libcompat_la_SOURCES += compat/reallocarray.c
 endif
 
+if !HAVE_RECALLOCARRAY
+libcompat_la_SOURCES += compat/recallocarray.c
+endif
+
 if !HAVE_TIMINGSAFE_MEMCMP
 libcompat_la_SOURCES += compat/timingsafe_memcmp.c
 endif
@@ -527,6 +538,7 @@ libcrypto_la_SOURCES += evp/m_gost2814789.c
 libcrypto_la_SOURCES += evp/m_gostr341194.c
 libcrypto_la_SOURCES += evp/m_md4.c
 libcrypto_la_SOURCES += evp/m_md5.c
+libcrypto_la_SOURCES += evp/m_md5_sha1.c
 libcrypto_la_SOURCES += evp/m_null.c
 libcrypto_la_SOURCES += evp/m_ripemd.c
 libcrypto_la_SOURCES += evp/m_sha1.c

crypto/compat/getpagesize.c

@@ -0,0 +1,12 @@
+/* $OpenBSD$ */
+
+#include <unistd.h>
+#include <windows.h>
+
+int
+getpagesize(void)
+{
+	SYSTEM_INFO system_info;
+	GetSystemInfo(&system_info);
+	return system_info.dwPageSize;
+}

dist.sh

@@ -4,4 +4,4 @@ set -e
 rm -f man/*.1 man/*.3 include/openssl/*.h
 ./autogen.sh
 ./configure
-make distcheck
+make -j2 distcheck

include/compat/stdlib.h

@@ -29,6 +29,10 @@ uint32_t arc4random_uniform(uint32_t upper_bound);
 void *reallocarray(void *, size_t, size_t);
 #endif
 
+#ifndef HAVE_RECALLOCARRAY
+void *recallocarray(void *, size_t, size_t, size_t);
+#endif
+
 #ifndef HAVE_STRTONUM
 long long strtonum(const char *nptr, long long minval,
 		long long maxval, const char **errstr);

include/compat/unistd.h

@@ -39,6 +39,10 @@ int getentropy(void *buf, size_t buflen);
 #endif
 #endif
 
+#ifndef HAVE_GETPAGESIZE
+int getpagesize(void);
+#endif
+
 #define pledge(request, paths) 0
 
 #ifndef HAVE_PIPE2

libcrypto.pc.in

@@ -5,8 +5,8 @@ exec_prefix=@exec_prefix@
 libdir=@libdir@
 includedir=@includedir@
 
-Name: LibreSSL-libssl
-Description: Secure Sockets Layer and cryptography libraries
+Name: LibreSSL-libcrypto
+Description: LibreSSL cryptography library
 Version: @VERSION@
 Requires:
 Conflicts:

m4/check-libc.m4

@@ -2,15 +2,18 @@ AC_DEFUN([CHECK_LIBC_COMPAT], [
 # Check for libc headers
 AC_CHECK_HEADERS([err.h readpassphrase.h])
 # Check for general libc functions
-AC_CHECK_FUNCS([asprintf inet_ntop inet_pton memmem readpassphrase])
-AC_CHECK_FUNCS([reallocarray strlcat strlcpy strndup strnlen strsep strtonum])
+AC_CHECK_FUNCS([asprintf getpagesize inet_ntop inet_pton memmem readpassphrase])
+AC_CHECK_FUNCS([reallocarray recallocarray])
+AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strsep strtonum])
 AC_CHECK_FUNCS([timegm _mkgmtime])
 AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
+AM_CONDITIONAL([HAVE_GETPAGESIZE], [test "x$ac_cv_func_getpagesize" = xyes])
 AM_CONDITIONAL([HAVE_INET_NTOP], [test "x$ac_cv_func_inet_ntop" = xyes])
 AM_CONDITIONAL([HAVE_INET_PTON], [test "x$ac_cv_func_inet_pton" = xyes])
 AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
 AM_CONDITIONAL([HAVE_READPASSPHRASE], [test "x$ac_cv_func_readpassphrase" = xyes])
 AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
+AM_CONDITIONAL([HAVE_RECALLOCARRAY], [test "x$ac_cv_func_recallocarray" = xyes])
 AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
 AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
 AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
@@ -146,20 +149,25 @@ fi
 ])
 
 AC_DEFUN([GENERATE_CRYPTO_PORTABLE_SYM], [
+AS_CASE([$host_cpu],
+	[i?86], [HOSTARCH=intel],
+	[x86_64], [HOSTARCH=intel],
+	[amd64], [HOSTARCH=intel],
+)
+AC_SUBST([HOSTARCH])
 crypto_sym=$srcdir/crypto/crypto.sym
-crypto_p_sym=$srcdir/crypto/crypto_portable.sym
+crypto_p_sym=./crypto/crypto_portable.sym
 echo "generating $crypto_p_sym ..."
-chmod u+w $srcdir/crypto
+mkdir -p ./crypto
 cp $crypto_sym $crypto_p_sym
 chmod u+w $crypto_p_sym
-if test "x$ac_cv_func_arc4random" = "xno" ; then
-	echo arc4random >> $crypto_p_sym
-fi
 if test "x$ac_cv_func_arc4random_buf" = "xno" ; then
+	echo arc4random >> $crypto_p_sym
 	echo arc4random_buf >> $crypto_p_sym
-fi
-if test "x$ac_cv_func_arc4random_uniform" = "xno" ; then
 	echo arc4random_uniform >> $crypto_p_sym
+	if test "x$ac_cv_func_getentropy" = "xno" ; then
+		echo getentropy >> $crypto_p_sym
+	fi
 fi
 if test "x$ac_cv_func_asprintf" = "xno" ; then
 	echo asprintf >> $crypto_p_sym
@@ -168,15 +176,15 @@ fi
 if test "x$ac_cv_func_explicit_bzero" = "xno" ; then
 	echo explicit_bzero >> $crypto_p_sym
 fi
-if test "x$ac_cv_func_getentropy" = "xno" ; then
-	echo getentropy >> $crypto_p_sym
-fi
 if test "x$ac_cv_func_inet_pton" = "xno" ; then
 	echo inet_pton >> $crypto_p_sym
 fi
 if test "x$ac_cv_func_reallocarray" = "xno" ; then
 	echo reallocarray >> $crypto_p_sym
 fi
+if test "x$ac_cv_func_recallocarray" = "xno" ; then
+	echo recallocarray >> $crypto_p_sym
+fi
 if test "x$ac_cv_func_strlcat" = "xno" ; then
 	echo strlcat >> $crypto_p_sym
 fi
@@ -201,6 +209,9 @@ fi
 if test "x$ac_cv_func_timingsafe_memcmp" = "xno" ; then
 	echo timingsafe_memcmp >> $crypto_p_sym
 fi
+if test "x$HOSTARCH" = "xintel" ; then
+	echo OPENSSL_ia32cap_P >> $crypto_p_sym
+fi
 if test "x$HOST_OS" = "xwin" ; then
 	echo posix_perror >> $crypto_p_sym
 	echo posix_fopen >> $crypto_p_sym

man/links

@@ -50,6 +50,7 @@ ASN1_STRING_new.3,DISPLAYTEXT_free.3
 ASN1_STRING_new.3,DISPLAYTEXT_new.3
 ASN1_STRING_print_ex.3,ASN1_STRING_print.3
 ASN1_STRING_print_ex.3,ASN1_STRING_print_ex_fp.3
+ASN1_STRING_print_ex.3,ASN1_tag2str.3
 ASN1_TIME_set.3,ASN1_TIME_adj.3
 ASN1_TIME_set.3,ASN1_TIME_check.3
 ASN1_TIME_set.3,ASN1_TIME_print.3
@@ -146,6 +147,9 @@ BIO_new.3,BIO_free.3
 BIO_new.3,BIO_free_all.3
 BIO_new.3,BIO_set.3
 BIO_new.3,BIO_vfree.3
+BIO_printf.3,BIO_snprintf.3
+BIO_printf.3,BIO_vprintf.3
+BIO_printf.3,BIO_vsnprintf.3
 BIO_push.3,BIO_pop.3
 BIO_read.3,BIO_gets.3
 BIO_read.3,BIO_puts.3
@@ -298,6 +302,7 @@ BN_set_bit.3,BN_lshift1.3
 BN_set_bit.3,BN_mask_bits.3
 BN_set_bit.3,BN_rshift.3
 BN_set_bit.3,BN_rshift1.3
+BN_set_flags.3,BN_get_flags.3
 BN_set_negative.3,BN_is_negative.3
 BN_zero.3,BN_get_word.3
 BN_zero.3,BN_one.3
@@ -566,6 +571,7 @@ EVP_DigestInit.3,EVP_MD_CTX_cleanup.3
 EVP_DigestInit.3,EVP_MD_CTX_copy.3
 EVP_DigestInit.3,EVP_MD_CTX_copy_ex.3
 EVP_DigestInit.3,EVP_MD_CTX_create.3
+EVP_DigestInit.3,EVP_MD_CTX_ctrl.3
 EVP_DigestInit.3,EVP_MD_CTX_destroy.3
 EVP_DigestInit.3,EVP_MD_CTX_init.3
 EVP_DigestInit.3,EVP_MD_CTX_md.3
@@ -582,6 +588,7 @@ EVP_DigestInit.3,EVP_get_digestbynid.3
 EVP_DigestInit.3,EVP_get_digestbyobj.3
 EVP_DigestInit.3,EVP_md2.3
 EVP_DigestInit.3,EVP_md5.3
+EVP_DigestInit.3,EVP_md5_sha1.3
 EVP_DigestInit.3,EVP_md_null.3
 EVP_DigestInit.3,EVP_ripemd160.3
 EVP_DigestInit.3,EVP_sha1.3
@@ -1263,6 +1270,8 @@ SSL_load_client_CA_file.3,SSL_add_file_cert_subjects_to_stack.3
 SSL_num_renegotiations.3,SSL_clear_num_renegotiations.3
 SSL_num_renegotiations.3,SSL_total_renegotiations.3
 SSL_read.3,SSL_peek.3
+SSL_renegotiate.3,SSL_renegotiate_abbreviated.3
+SSL_renegotiate.3,SSL_renegotiate_pending.3
 SSL_rstate_string.3,SSL_rstate_string_long.3
 SSL_set1_param.3,SSL_CTX_set1_param.3
 SSL_set_connect_state.3,SSL_set_accept_state.3
@@ -1293,6 +1302,28 @@ TS_REQ_new.3,TS_STATUS_INFO_free.3
 TS_REQ_new.3,TS_STATUS_INFO_new.3
 TS_REQ_new.3,TS_TST_INFO_free.3
 TS_REQ_new.3,TS_TST_INFO_new.3
+UI_UTIL_read_pw.3,UI_UTIL_read_pw_string.3
+UI_create_method.3,UI_destroy_method.3
+UI_create_method.3,UI_method_get_closer.3
+UI_create_method.3,UI_method_get_flusher.3
+UI_create_method.3,UI_method_get_opener.3
+UI_create_method.3,UI_method_get_prompt_constructor.3
+UI_create_method.3,UI_method_get_reader.3
+UI_create_method.3,UI_method_get_writer.3
+UI_create_method.3,UI_method_set_closer.3
+UI_create_method.3,UI_method_set_flusher.3
+UI_create_method.3,UI_method_set_opener.3
+UI_create_method.3,UI_method_set_prompt_constructor.3
+UI_create_method.3,UI_method_set_reader.3
+UI_create_method.3,UI_method_set_writer.3
+UI_get_string_type.3,UI_get0_action_string.3
+UI_get_string_type.3,UI_get0_output_string.3
+UI_get_string_type.3,UI_get0_result_string.3
+UI_get_string_type.3,UI_get0_test_string.3
+UI_get_string_type.3,UI_get_input_flags.3
+UI_get_string_type.3,UI_get_result_maxsize.3
+UI_get_string_type.3,UI_get_result_minsize.3
+UI_get_string_type.3,UI_set_result.3
 UI_new.3,UI_OpenSSL.3
 UI_new.3,UI_add_error_string.3
 UI_new.3,UI_add_info_string.3
@@ -1427,6 +1458,11 @@ X509_VERIFY_PARAM_set_flags.3,X509_VERIFY_PARAM_set_trust.3
 X509_check_host.3,X509_check_email.3
 X509_check_host.3,X509_check_ip.3
 X509_check_host.3,X509_check_ip_asc.3
+X509_digest.3,PKCS7_ISSUER_AND_SERIAL_digest.3
+X509_digest.3,X509_CRL_digest.3
+X509_digest.3,X509_NAME_digest.3
+X509_digest.3,X509_REQ_digest.3
+X509_digest.3,X509_pubkey_digest.3
 X509_get_pubkey.3,X509_REQ_get_pubkey.3
 X509_get_pubkey.3,X509_REQ_set_pubkey.3
 X509_get_pubkey.3,X509_get_X509_PUBKEY.3
@@ -1931,6 +1967,13 @@ engine.3,ENGINE_unregister_STORE.3
 engine.3,ENGINE_unregister_ciphers.3
 engine.3,ENGINE_unregister_digests.3
 engine.3,ENGINE_up_ref.3
+get_rfc3526_prime_8192.3,get_rfc2409_prime_1024.3
+get_rfc3526_prime_8192.3,get_rfc2409_prime_768.3
+get_rfc3526_prime_8192.3,get_rfc3526_prime_1536.3
+get_rfc3526_prime_8192.3,get_rfc3526_prime_2048.3
+get_rfc3526_prime_8192.3,get_rfc3526_prime_3072.3
+get_rfc3526_prime_8192.3,get_rfc3526_prime_4096.3
+get_rfc3526_prime_8192.3,get_rfc3526_prime_6144.3
 lh_new.3,DECLARE_LHASH_OF.3
 lh_new.3,LHASH_COMP_FN_TYPE.3
 lh_new.3,LHASH_DOALL_ARG_FN_TYPE.3
@@ -1961,8 +2004,6 @@ tls_accept_socket.3,tls_accept_fds.3
 tls_client.3,tls_configure.3
 tls_client.3,tls_free.3
 tls_client.3,tls_server.3
-tls_config_ocsp_require_stapling.3,tls_config_set_ocsp_staple_file.3
-tls_config_ocsp_require_stapling.3,tls_config_set_ocsp_staple_mem.3
 tls_config_set_protocols.3,tls_config_parse_protocols.3
 tls_config_set_protocols.3,tls_config_prefer_ciphers_client.3
 tls_config_set_protocols.3,tls_config_prefer_ciphers_server.3
@@ -1994,6 +2035,8 @@ tls_init.3,tls_config_free.3
 tls_init.3,tls_config_new.3
 tls_load_file.3,tls_config_add_keypair_file.3
 tls_load_file.3,tls_config_add_keypair_mem.3
+tls_load_file.3,tls_config_add_keypair_ocsp_file.3
+tls_load_file.3,tls_config_add_keypair_ocsp_mem.3
 tls_load_file.3,tls_config_clear_keys.3
 tls_load_file.3,tls_config_set_ca_file.3
 tls_load_file.3,tls_config_set_ca_mem.3
@@ -2004,6 +2047,10 @@ tls_load_file.3,tls_config_set_key_file.3
 tls_load_file.3,tls_config_set_key_mem.3
 tls_load_file.3,tls_config_set_keypair_file.3
 tls_load_file.3,tls_config_set_keypair_mem.3
+tls_load_file.3,tls_config_set_keypair_ocsp_file.3
+tls_load_file.3,tls_config_set_keypair_ocsp_mem.3
+tls_load_file.3,tls_config_set_ocsp_staple_file.3
+tls_load_file.3,tls_config_set_ocsp_staple_mem.3
 tls_load_file.3,tls_config_set_verify_depth.3
 tls_load_file.3,tls_config_verify_client.3
 tls_load_file.3,tls_config_verify_client_optional.3

patches/netcat.c.patch

@@ -1,5 +1,5 @@
---- apps/nc/netcat.c.orig	Sat Nov  5 14:00:01 2016
-+++ apps/nc/netcat.c	Sat Nov  5 15:28:35 2016
+--- apps/nc/netcat.c.orig	Thu Mar 16 19:26:06 2017
++++ apps/nc/netcat.c	Sat Mar 25 11:17:36 2017
 @@ -65,7 +65,9 @@
  #define POLL_NETIN 2
  #define POLL_STDOUT 3
@@ -8,7 +8,7 @@
  #define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
 +#endif
  
- #define TLS_LEGACY	(1 << 1)
+ #define TLS_ALL	(1 << 1)
  #define TLS_NOVERIFY	(1 << 2)
 @@ -93,9 +95,13 @@
  int	Dflag;					/* sodebug */
@@ -24,16 +24,16 @@
  
  int	usetls;					/* use TLS */
  char    *Cflag;					/* Public cert file */
-@@ -148,7 +154,7 @@
+@@ -149,7 +155,7 @@
  	struct servent *sv;
  	socklen_t len;
  	struct sockaddr_storage cliaddr;
--	char *proxy;
-+	char *proxy = NULL;
- 	const char *errstr, *proxyhost = "", *proxyport = NULL;
+-	char *proxy, *proxyport = NULL;
++	char *proxy = NULL, *proxyport = NULL;
+ 	const char *errstr;
  	struct addrinfo proxyhints;
  	char unix_dg_tmp_socket_buf[UNIX_DG_TMP_SOCKET_SIZE];
-@@ -258,12 +264,14 @@
+@@ -259,12 +265,14 @@
  		case 'u':
  			uflag = 1;
  			break;
@@ -48,7 +48,7 @@
  		case 'v':
  			vflag = 1;
  			break;
-@@ -299,9 +307,11 @@
+@@ -300,9 +308,11 @@
  		case 'o':
  			oflag = optarg;
  			break;
@@ -60,7 +60,7 @@
  		case 'T':
  			errstr = NULL;
  			errno = 0;
-@@ -325,9 +335,11 @@
+@@ -326,9 +336,11 @@
  	argc -= optind;
  	argv += optind;
  
@@ -72,7 +72,7 @@
  
  	if (family == AF_UNIX) {
  		if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
-@@ -836,7 +848,10 @@
+@@ -865,7 +877,10 @@
  remote_connect(const char *host, const char *port, struct addrinfo hints)
  {
  	struct addrinfo *res, *res0;
@@ -83,8 +83,8 @@
 +#endif
  
  	if ((error = getaddrinfo(host, port, &hints, &res0)))
- 		errx(1, "getaddrinfo: %s", gai_strerror(error));
-@@ -850,8 +865,10 @@
+ 		errx(1, "getaddrinfo for host \"%s\" port %s: %s", host,
+@@ -880,8 +895,10 @@
  		if (sflag || pflag) {
  			struct addrinfo ahints, *ares;
  
@@ -95,7 +95,7 @@
  			memset(&ahints, 0, sizeof(struct addrinfo));
  			ahints.ai_family = res->ai_family;
  			ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
-@@ -922,7 +939,10 @@
+@@ -952,7 +969,10 @@
  local_listen(char *host, char *port, struct addrinfo hints)
  {
  	struct addrinfo *res, *res0;
@@ -107,7 +107,7 @@
  	int error;
  
  	/* Allow nodename to be null. */
-@@ -943,9 +963,11 @@
+@@ -973,9 +993,11 @@
  		    res->ai_protocol)) < 0)
  			continue;
  
@@ -119,7 +119,7 @@
  
  		set_common_sockopts(s, res->ai_family);
  
-@@ -1403,11 +1425,13 @@
+@@ -1425,11 +1447,13 @@
  {
  	int x = 1;
  
@@ -133,7 +133,7 @@
  	if (Dflag) {
  		if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
  			&x, sizeof(x)) == -1)
-@@ -1444,13 +1468,17 @@
+@@ -1466,13 +1490,17 @@
  	}
  
  	if (minttl != -1) {
@@ -152,7 +152,7 @@
  	}
  }
  
-@@ -1644,14 +1672,22 @@
+@@ -1666,14 +1694,22 @@
  	\t-P proxyuser\tUsername for proxy authentication\n\
  	\t-p port\t	Specify local port for remote connects\n\
  	\t-R CAfile	CA bundle\n\
@@ -160,10 +160,10 @@
 -	\t-S		Enable the TCP MD5 signature option\n\
 +	\t-r		Randomize remote ports\n"
 +#ifdef TCP_MD5SIG
-+        "\
++	"\
 +	\t-S		Enable the TCP MD5 signature option\n"
 +#endif
-+        "\
++	"\
  	\t-s source	Local source address\n\
  	\t-T keyword	TOS value or TLS options\n\
  	\t-t		Answer TELNET negotiation\n\
@@ -172,10 +172,10 @@
 -	\t-V rtable	Specify alternate routing table\n\
 +	\t-u		UDP mode\n"
 +#ifdef SO_RTABLE
-+        "\
++	"\
 +	\t-V rtable	Specify alternate routing table\n"
 +#endif
-+        "\
++	"\
  	\t-v		Verbose\n\
  	\t-w timeout	Timeout for connects and final net reads\n\
  	\t-X proto	Proxy protocol: \"4\", \"5\" (SOCKS) or \"connect\"\n\

patches/tls.h.patch

@@ -0,0 +1,32 @@
+--- include/tls.h.orig	2017-02-13 20:19:55.918636579 +0900
++++ include/tls.h	2017-02-13 20:21:18.313073161 +0900
+@@ -22,6 +22,13 @@
+ extern "C" {
+ #endif
+ 
++#ifdef _MSC_VER
++#ifndef LIBRESSL_INTERNAL
++#include <basetsd.h>
++typedef SSIZE_T ssize_t;
++#endif
++#endif
++
+ #include <sys/types.h>
+ 
+ #include <stddef.h>
+--- libtls-standalone/include/tls.h.orig	2017-02-13 20:21:48.297958529 +0900
++++ libtls-standalone/include/tls.h	2017-02-13 20:21:48.296958502 +0900
+@@ -22,6 +22,13 @@
+ extern "C" {
+ #endif
+ 
++#ifdef _MSC_VER
++#ifndef LIBRESSL_INTERNAL
++#include <basetsd.h>
++typedef SSIZE_T ssize_t;
++#endif
++#endif
++
+ #include <sys/types.h>
+ 
+ #include <stddef.h>

ssl/CMakeLists.txt

@@ -39,6 +39,7 @@ set(
 	ssl_versions.c
 	t1_clnt.c
 	t1_enc.c
+	t1_hash.c
 	t1_lib.c
 	t1_meth.c
 	t1_reneg.c

ssl/Makefile.am

@@ -42,6 +42,7 @@ libssl_la_SOURCES += ssl_txt.c
 libssl_la_SOURCES += ssl_versions.c
 libssl_la_SOURCES += t1_clnt.c
 libssl_la_SOURCES += t1_enc.c
+libssl_la_SOURCES += t1_hash.c
 libssl_la_SOURCES += t1_lib.c
 libssl_la_SOURCES += t1_meth.c
 libssl_la_SOURCES += t1_reneg.c

tests/CMakeLists.txt

@@ -292,6 +292,16 @@ add_executable(rsa_test rsa_test.c)
 target_link_libraries(rsa_test ${TESTS_LIBS})
 add_test(rsa_test rsa_test)
 
+# servertest
+add_executable(servertest servertest.c)
+target_link_libraries(servertest ${TESTS_LIBS})
+if(NOT MSVC)
+	add_test(servertest ${CMAKE_CURRENT_SOURCE_DIR}/servertest.sh)
+else()
+	add_test(servertest ${CMAKE_CURRENT_SOURCE_DIR}/servertest.bat)
+endif()
+set_tests_properties(servertest PROPERTIES ENVIRONMENT "srcdir=${CMAKE_CURRENT_SOURCE_DIR}")
+
 # sha1test
 add_executable(sha1test sha1test.c)
 target_link_libraries(sha1test ${TESTS_LIBS})
@@ -374,6 +384,11 @@ add_executable(tls_ext_alpn tls_ext_alpn.c)
 target_link_libraries(tls_ext_alpn ${TESTS_LIBS})
 add_test(tls_ext_alpn tls_ext_alpn)
 
+# tls_prf
+add_executable(tls_prf tls_prf.c)
+target_link_libraries(tls_prf ${TESTS_LIBS})
+add_test(tls_prf tls_prf)
+
 # utf8test
 add_executable(utf8test utf8test.c)
 target_link_libraries(utf8test ${TESTS_LIBS})

tests/Makefile.am

@@ -294,6 +294,12 @@ TESTS += rsa_test
 check_PROGRAMS += rsa_test
 rsa_test_SOURCES = rsa_test.c
 
+# servertest
+TESTS += servertest.sh
+check_PROGRAMS += servertest
+servertest_SOURCES = servertest.c
+EXTRA_DIST += servertest.sh servertest.bat
+
 # sha1test
 TESTS += sha1test
 check_PROGRAMS += sha1test
@@ -353,6 +359,11 @@ TESTS += tls_ext_alpn
 check_PROGRAMS += tls_ext_alpn
 tls_ext_alpn_SOURCES = tls_ext_alpn.c
 
+# tls_prf
+TESTS += tls_prf
+check_PROGRAMS += tls_prf
+tls_prf_SOURCES = tls_prf.c
+
 # utf8test
 TESTS += utf8test
 check_PROGRAMS += utf8test

tests/servertest.bat

@@ -0,0 +1,17 @@
+@echo off
+setlocal enabledelayedexpansion
+REM	servertest.bat
+
+set servertest_bin=Debug\servertest.exe
+if not exist %servertest_bin% exit /b 1
+
+if "%srcdir%"=="" (
+	set srcdir=.
+)
+
+%servertest_bin% %srcdir%\server.pem %srcdir%\server.pem %srcdir%\ca.pem
+if !errorlevel! neq 0 (
+	exit /b 1
+)
+
+endlocal

tests/servertest.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+set -e
+
+servertest_bin=./servertest
+if [ -e ./servertest.exe ]; then
+	servertest_bin=./servertest.exe
+fi
+
+if [ -z $srcdir ]; then
+	srcdir=.
+fi
+
+$servertest_bin $srcdir/server.pem $srcdir/server.pem $srcdir/ca.pem

update.sh

@@ -78,6 +78,7 @@ for i in crypto/compat libtls-standalone/compat; do
 	    $libc_src/crypt/chacha_private.h \
 	    $libc_src/net/inet_pton.c \
 	    $libc_src/stdlib/reallocarray.c \
+	    $libc_src/stdlib/recallocarray.c \
 	    $libc_src/string/explicit_bzero.c \
 	    $libc_src/string/strcasecmp.c \
 	    $libc_src/string/strlcpy.c \
@@ -150,7 +151,7 @@ done
 $CP crypto/compat/b_win.c crypto/bio
 $CP crypto/compat/ui_openssl_win.c crypto/ui
 # add the libcrypto symbol export list
-grep '^[[:alpha:]]' < $libcrypto_src/Symbols.list > crypto/crypto.sym
+grep -v OPENSSL_ia32cap_P $libcrypto_src/Symbols.list | grep '^[[:alpha:]]' > crypto/crypto.sym
 
 # generate assembly crypto algorithms
 asm_src=$libcrypto_src