Misc fixes to bring portable in line with upstream.

crypto/CMakeLists.txt

@@ -120,7 +120,6 @@ set(
 	aes/aes_wrap.c
 	asn1/a_bitstr.c
 	asn1/a_bool.c
-	asn1/a_bytes.c
 	asn1/a_d2i_fp.c
 	asn1/a_digest.c
 	asn1/a_dup.c
@@ -131,7 +130,6 @@ set(
 	asn1/a_object.c
 	asn1/a_octet.c
 	asn1/a_print.c
-	asn1/a_set.c
 	asn1/a_sign.c
 	asn1/a_strex.c
 	asn1/a_strnid.c

crypto/Makefile.am

@@ -237,7 +237,6 @@ noinst_HEADERS += aes/aes_locl.h
 # asn1
 libcrypto_la_SOURCES += asn1/a_bitstr.c
 libcrypto_la_SOURCES += asn1/a_bool.c
-libcrypto_la_SOURCES += asn1/a_bytes.c
 libcrypto_la_SOURCES += asn1/a_d2i_fp.c
 libcrypto_la_SOURCES += asn1/a_digest.c
 libcrypto_la_SOURCES += asn1/a_dup.c
@@ -248,7 +247,6 @@ libcrypto_la_SOURCES += asn1/a_mbstr.c
 libcrypto_la_SOURCES += asn1/a_object.c
 libcrypto_la_SOURCES += asn1/a_octet.c
 libcrypto_la_SOURCES += asn1/a_print.c
-libcrypto_la_SOURCES += asn1/a_set.c
 libcrypto_la_SOURCES += asn1/a_sign.c
 libcrypto_la_SOURCES += asn1/a_strex.c
 libcrypto_la_SOURCES += asn1/a_strnid.c

patches/aeadtest.c.patch

@@ -1,6 +1,6 @@
 --- tests/aeadtest.c.orig	2016-10-18 17:03:33.845870889 +0900
 +++ tests/aeadtest.c	2016-10-18 17:11:19.880841283 +0900
-@@ -75,6 +75,12 @@
+@@ -76,6 +76,12 @@
  
  #define BUF_MAX 1024
  

patches/bio.h.patch

@@ -1,6 +1,6 @@
 --- include/openssl/bio.h.orig	Mon Oct  3 06:09:28 2016
 +++ include/openssl/bio.h	Sun Nov  6 04:24:57 2016
-@@ -678,8 +678,24 @@
+@@ -713,8 +713,24 @@
 
  /*long BIO_ghbn_ctrl(int cmd,int iarg,char *parg);*/
 
@@ -25,7 +25,7 @@
  	__attribute__((__format__(__printf__, 2, 3), __nonnull__(2)));
  int
  BIO_vprintf(BIO *bio, const char *format, va_list args)
-@@ -692,6 +708,8 @@
+@@ -727,6 +743,8 @@
  BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args)
  	__attribute__((__deprecated__, __format__(__printf__, 3, 0),
  	    __nonnull__(3)));

patches/http.c.patch

@@ -1,12 +0,0 @@
---- apps/ocspcheck/http.c.orig	Sun Jun  4 00:45:29 2017
-+++ apps/ocspcheck/http.c	Sun Jun  4 00:45:57 2017
-@@ -35,7 +35,9 @@
- #include "http.h"
- #include <tls.h>
- 
-+#ifndef DEFAULT_CA_FILE
- #define DEFAULT_CA_FILE "/etc/ssl/cert.pem"
-+#endif
- 
- /*
-  * A buffer for transferring HTTP/S data.

patches/netcat.c.patch

@@ -1,16 +1,6 @@
 --- apps/nc/netcat.c.orig	Mon Jul 17 06:06:51 2017
 +++ apps/nc/netcat.c	Mon Jul 17 06:11:24 2017
-@@ -66,7 +66,9 @@
+@@ -92,9 +92,13 @@
- #define POLL_NETIN	2
- #define POLL_STDOUT	3
- #define BUFSIZE		16384
-+#ifndef DEFAULT_CA_FILE
- #define DEFAULT_CA_FILE	"/etc/ssl/cert.pem"
-+#endif
- 
- #define TLS_ALL	(1 << 1)
- #define TLS_NOVERIFY	(1 << 2)
-@@ -95,9 +97,13 @@
  int	Dflag;					/* sodebug */
  int	Iflag;					/* TCP receive buffer size */
  int	Oflag;					/* TCP send buffer size */
@@ -24,7 +14,7 @@
  
  int	usetls;					/* use TLS */
  char    *Cflag;					/* Public cert file */
-@@ -266,12 +272,14 @@
+@@ -266,12 +270,14 @@
  		case 'u':
  			uflag = 1;
  			break;
@@ -39,7 +29,7 @@
  		case 'v':
  			vflag = 1;
  			break;
-@@ -318,9 +326,11 @@
+@@ -318,9 +324,11 @@
  		case 'o':
  			oflag = optarg;
  			break;
@@ -51,7 +41,7 @@
  		case 'T':
  			errstr = NULL;
  			errno = 0;
-@@ -344,9 +354,11 @@
+@@ -344,9 +352,11 @@
  	argc -= optind;
  	argv += optind;
  
@@ -61,9 +51,9 @@
  			err(1, "setrtable");
 +#endif
  
- 	if (family == AF_UNIX) {
+ 	/* Cruft to make sure options are clean, and used properly. */
- 		if (pledge("stdio rpath wpath cpath tmppath unix", NULL) == -1)
+ 	if (argv[0] && !argv[1] && family == AF_UNIX) {
-@@ -892,7 +904,10 @@
+@@ -909,7 +919,10 @@
  remote_connect(const char *host, const char *port, struct addrinfo hints)
  {
  	struct addrinfo *res, *res0;
@@ -75,7 +65,7 @@
  
  	if ((error = getaddrinfo(host, port, &hints, &res0)))
  		errx(1, "getaddrinfo for host \"%s\" port %s: %s", host,
-@@ -907,8 +922,10 @@
+@@ -924,8 +937,10 @@
  		if (sflag || pflag) {
  			struct addrinfo ahints, *ares;
  
@@ -86,8 +76,8 @@
  			memset(&ahints, 0, sizeof(struct addrinfo));
  			ahints.ai_family = res->ai_family;
  			ahints.ai_socktype = uflag ? SOCK_DGRAM : SOCK_STREAM;
-@@ -979,7 +996,10 @@
+@@ -996,7 +1011,10 @@
- local_listen(char *host, char *port, struct addrinfo hints)
+ local_listen(const char *host, const char *port, struct addrinfo hints)
  {
  	struct addrinfo *res, *res0;
 -	int s = -1, ret, x = 1, save_errno;
@@ -98,7 +88,7 @@
  	int error;
  
  	/* Allow nodename to be null. */
-@@ -1000,9 +1020,11 @@
+@@ -1017,9 +1035,11 @@
  		    res->ai_protocol)) < 0)
  			continue;
  
@@ -110,7 +100,7 @@
  
  		set_common_sockopts(s, res->ai_family);
  
-@@ -1458,11 +1480,13 @@
+@@ -1475,11 +1495,13 @@
  {
  	int x = 1;
  
@@ -124,7 +114,7 @@
  	if (Dflag) {
  		if (setsockopt(s, SOL_SOCKET, SO_DEBUG,
  			&x, sizeof(x)) == -1)
-@@ -1473,9 +1497,16 @@
+@@ -1490,9 +1512,16 @@
  		    IP_TOS, &Tflag, sizeof(Tflag)) == -1)
  			err(1, "set IP ToS");
  
@@ -141,7 +131,7 @@
  	}
  	if (Iflag) {
  		if (setsockopt(s, SOL_SOCKET, SO_RCVBUF,
-@@ -1499,13 +1530,17 @@
+@@ -1516,13 +1545,17 @@
  	}
  
  	if (minttl != -1) {
@@ -160,7 +150,7 @@
  	}
  }
  
-@@ -1714,14 +1749,22 @@
+@@ -1748,14 +1781,22 @@
  	\t-P proxyuser\tUsername for proxy authentication\n\
  	\t-p port\t	Specify local port for remote connects\n\
  	\t-R CAfile	CA bundle\n\

patches/ocsp_test.c.patch

@@ -1,6 +1,6 @@
 --- tests/ocsp_test.c.orig	2016-10-18 18:12:39.854607509 +0900
 +++ tests/ocsp_test.c	2016-10-18 18:14:29.261600559 +0900
-@@ -16,6 +16,11 @@
+@@ -35,6 +35,11 @@
  	hints.ai_family = AF_INET;
  	hints.ai_socktype = SOCK_STREAM;
  

patches/tls_internal.h.patch

@@ -1,12 +0,0 @@
---- tls/tls_internal.h.orig	Sun Jul  9 06:16:17 2017
-+++ tls/tls_internal.h	Mon Jul 17 06:10:01 2017
-@@ -26,7 +26,9 @@
- 
- __BEGIN_HIDDEN_DECLS
- 
-+#ifndef _PATH_SSL_CA_FILE
- #define _PATH_SSL_CA_FILE "/etc/ssl/cert.pem"
-+#endif
- 
- #define TLS_CIPHERS_DEFAULT	"TLSv1.2+AEAD+ECDHE:TLSv1.2+AEAD+DHE"
- #define TLS_CIPHERS_COMPAT	"HIGH:!aNULL"

patches/tlsexttest.c.patch

@@ -1,6 +1,6 @@
 --- tests/tlsexttest.c.orig	2017-12-30 20:03:09.279079726 +0900
 +++ tests/tlsexttest.c	2017-12-30 20:07:21.849939140 +0900
-@@ -1676,7 +1676,9 @@ static unsigned char tlsext_sni_clienthe
+@@ -1676,7 +1676,9 @@
  };
  
  static unsigned char tlsext_sni_serverhello[] = {
@@ -10,7 +10,7 @@
  
  static int
  test_tlsext_sni_clienthello(void)
-@@ -1839,9 +1841,9 @@ test_tlsext_sni_serverhello(void)
+@@ -1841,9 +1843,9 @@
  	if (!CBB_finish(&cbb, &data, &dlen))
  		errx(1, "failed to finish CBB");
  
@@ -22,7 +22,7 @@
  		goto err;
  	}
  
-@@ -1850,14 +1852,14 @@ test_tlsext_sni_serverhello(void)
+@@ -1852,14 +1854,14 @@
  		fprintf(stderr, "received:\n");
  		hexdump(data, dlen);
  		fprintf(stderr, "test data:\n");
@@ -39,7 +39,7 @@
  	if (!tlsext_sni_serverhello_parse(ssl, &cbs, &alert)) {
  		FAIL("failed to parse serverhello SNI\n");
  		goto err;
-@@ -2741,7 +2743,10 @@ unsigned char tlsext_clienthello_default
+@@ -2744,7 +2746,10 @@
  	0x03, 0x01, 0x03, 0x03, 0x02, 0x01, 0x02, 0x03,
  };
  
@@ -51,7 +51,7 @@
  
  static int
  test_tlsext_clienthello_build(void)
-@@ -2806,18 +2811,18 @@ test_tlsext_clienthello_build(void)
+@@ -2811,18 +2816,18 @@
  	if (!CBB_finish(&cbb, &data, &dlen))
  		errx(1, "failed to finish CBB");
  
@@ -74,7 +74,7 @@
  		goto err;
  	}
  
-@@ -2832,7 +2837,10 @@ test_tlsext_clienthello_build(void)
+@@ -2837,7 +2842,10 @@
  	return (failure);
  }
  
@@ -86,7 +86,7 @@
  
  unsigned char tlsext_serverhello_enabled[] = {
  	0x00, 0x13, 0xff, 0x01, 0x00, 0x01, 0x00, 0x00,
-@@ -2872,18 +2880,18 @@ test_tlsext_serverhello_build(void)
+@@ -2877,18 +2885,18 @@
  	if (!CBB_finish(&cbb, &data, &dlen))
  		errx(1, "failed to finish CBB");
  

ssl/CMakeLists.txt

@@ -8,7 +8,6 @@ set(
 	d1_clnt.c
 	d1_enc.c
 	d1_lib.c
-	d1_meth.c
 	d1_pkt.c
 	d1_srtp.c
 	d1_srvr.c
@@ -24,6 +23,7 @@ set(
 	ssl_err.c
 	ssl_init.c
 	ssl_lib.c
+	ssl_methods.c
 	ssl_packet.c
 	ssl_pkt.c
 	ssl_rsa.c
@@ -33,12 +33,9 @@ set(
 	ssl_tlsext.c
 	ssl_txt.c
 	ssl_versions.c
-	t1_clnt.c
 	t1_enc.c
 	t1_hash.c
 	t1_lib.c
-	t1_meth.c
-	t1_srvr.c
 )
 
 add_library(ssl ${SSL_SRC})

ssl/Makefile.am

@@ -17,7 +17,6 @@ libssl_la_SOURCES += d1_both.c
 libssl_la_SOURCES += d1_clnt.c
 libssl_la_SOURCES += d1_enc.c
 libssl_la_SOURCES += d1_lib.c
-libssl_la_SOURCES += d1_meth.c
 libssl_la_SOURCES += d1_pkt.c
 libssl_la_SOURCES += d1_srtp.c
 libssl_la_SOURCES += d1_srvr.c
@@ -33,6 +32,7 @@ libssl_la_SOURCES += ssl_clnt.c
 libssl_la_SOURCES += ssl_err.c
 libssl_la_SOURCES += ssl_init.c
 libssl_la_SOURCES += ssl_lib.c
+libssl_la_SOURCES += ssl_methods.c
 libssl_la_SOURCES += ssl_packet.c
 libssl_la_SOURCES += ssl_pkt.c
 libssl_la_SOURCES += ssl_rsa.c
@@ -42,12 +42,9 @@ libssl_la_SOURCES += ssl_stat.c
 libssl_la_SOURCES += ssl_tlsext.c
 libssl_la_SOURCES += ssl_txt.c
 libssl_la_SOURCES += ssl_versions.c
-libssl_la_SOURCES += t1_clnt.c
 libssl_la_SOURCES += t1_enc.c
 libssl_la_SOURCES += t1_hash.c
 libssl_la_SOURCES += t1_lib.c
-libssl_la_SOURCES += t1_meth.c
-libssl_la_SOURCES += t1_srvr.c
 
 noinst_HEADERS = srtp.h
 noinst_HEADERS += ssl_locl.h

update.sh

@@ -126,7 +126,7 @@ copy_hdrs $libcrypto_src "stack/stack.h lhash/lhash.h stack/safestack.h
 	objects/objects.h asn1/asn1.h bn/bn.h ec/ec.h ecdsa/ecdsa.h
 	ecdh/ecdh.h rsa/rsa.h sha/sha.h x509/x509_vfy.h pkcs7/pkcs7.h pem/pem.h
 	pem/pem2.h hkdf/hkdf.h hmac/hmac.h rand/rand.h md5/md5.h
-	asn1/asn1_mac.h x509v3/x509v3.h conf/conf.h ocsp/ocsp.h
+	x509v3/x509v3.h conf/conf.h ocsp/ocsp.h
 	aes/aes.h modes/modes.h asn1/asn1t.h dso/dso.h bf/blowfish.h
 	bio/bio.h cast/cast.h cmac/cmac.h conf/conf_api.h des/des.h dh/dh.h
 	dsa/dsa.h engine/engine.h ui/ui.h pkcs12/pkcs12.h ts/ts.h