further refactoring, working libtls-standalone

12 files changed, 172 insertions, 316 deletions

diff --git a/.gitignore b/.gitignore
index 290088b..a3071b7 100644
--- a/.gitignore
+++ b/.gitignore
@@ -122,7 +122,11 @@ include/openssl/*.he
 /libtls-standalone/include/*.h
 /libtls-standalone/src/*.c
 /libtls-standalone/src/*.h
-/libtls-standalone/src/compat
+/libtls-standalone/src
+/libtls-standalone/compat
+!/libtls-standalone/compat/Makefile.am
+/libtls-standalone/VERSION
+/libtls-standalone/m4
 
 openbsd/
 
diff --git a/crypto/Makefile.am b/crypto/Makefile.am
index 757197f..ad26168 100644
--- a/crypto/Makefile.am
+++ b/crypto/Makefile.am
@@ -65,49 +65,7 @@ if !HAVE_TIMINGSAFE_BCMP
 libcompat_la_SOURCES += compat/timingsafe_bcmp.c
 endif
 
-if !HAVE_ARC4RANDOM_BUF
-libcompat_la_SOURCES += compat/arc4random.c
-
-if !HAVE_GETENTROPY
-if HOST_AIX
-libcompat_la_SOURCES += compat/getentropy_aix.c
-endif
-if HOST_FREEBSD
-libcompat_la_SOURCES += compat/getentropy_freebsd.c
-endif
-if HOST_HPUX
-libcompat_la_SOURCES += compat/getentropy_hpux.c
-endif
-if HOST_LINUX
-libcompat_la_SOURCES += compat/getentropy_linux.c
-endif
-if HOST_NETBSD
-libcompat_la_SOURCES += compat/getentropy_netbsd.c
-endif
-if HOST_DARWIN
-libcompat_la_SOURCES += compat/getentropy_osx.c
-endif
-if HOST_SOLARIS
-libcompat_la_SOURCES += compat/getentropy_solaris.c
-endif
-if HOST_WIN
-libcompat_la_SOURCES += compat/getentropy_win.c
-endif
-endif
-
-endif
-
-noinst_HEADERS =
-noinst_HEADERS += compat/arc4random.h
-noinst_HEADERS += compat/arc4random_aix.h
-noinst_HEADERS += compat/arc4random_freebsd.h
-noinst_HEADERS += compat/arc4random_hpux.h
-noinst_HEADERS += compat/arc4random_linux.h
-noinst_HEADERS += compat/arc4random_netbsd.h
-noinst_HEADERS += compat/arc4random_osx.h
-noinst_HEADERS += compat/arc4random_solaris.h
-noinst_HEADERS += compat/arc4random_win.h
-noinst_HEADERS += compat/chacha_private.h
+include Makefile.am.arc4random
 
 libcrypto_la_SOURCES =
 EXTRA_libcrypto_la_SOURCES =
diff --git a/libtls-standalone/Makefile.am b/libtls-standalone/Makefile.am
index 8881d8c..a108ada 100644
--- a/libtls-standalone/Makefile.am
+++ b/libtls-standalone/Makefile.am
@@ -1,4 +1,4 @@
-SUBDIRS = include src
+SUBDIRS = include compat src app
 ACLOCAL_AMFLAGS = -I m4
 
 pkgconfigdir = $(libdir)/pkgconfig
diff --git a/libtls-standalone/VERSION b/libtls-standalone/VERSION
index 81ece01..fd2a018 100644
--- a/libtls-standalone/VERSION
+++ b/libtls-standalone/VERSION
@@ -1 +1 @@
-3:1:0
+3.1.0
diff --git a/libtls-standalone/app/Makefile.am b/libtls-standalone/app/Makefile.am
new file mode 100644
index 0000000..75a3dd6
--- /dev/null
+++ b/libtls-standalone/app/Makefile.am
@@ -0,0 +1,6 @@
+AM_CFLAGS = -I$(top_srcdir)/include
+
+bin_PROGRAMS = test
+
+test_SOURCES = test.c
+test_LDADD = -lcrypto -lssl $(top_builddir)/src/libtls.la
diff --git a/libtls-standalone/app/test.c b/libtls-standalone/app/test.c
new file mode 100644
index 0000000..e3c3f76
--- /dev/null
+++ b/libtls-standalone/app/test.c
@@ -0,0 +1,6 @@
+#include <tls.h>
+
+int main()
+{
+        tls_init();
+}
diff --git a/libtls-standalone/compat/Makefile.am b/libtls-standalone/compat/Makefile.am
new file mode 100644
index 0000000..e1ec939
--- /dev/null
+++ b/libtls-standalone/compat/Makefile.am
@@ -0,0 +1,45 @@
+#
+# Copyright (c) 2014-2015 Brent Cook
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
+AM_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src
+
+noinst_LTLIBRARIES = libcompat.la libcompatnoopt.la
+
+# compatibility functions that need to be built without optimizations
+libcompatnoopt_la_CFLAGS = -O0
+libcompatnoopt_la_SOURCES =
+
+if !HAVE_EXPLICIT_BZERO
+libcompatnoopt_la_SOURCES += explicit_bzero.c
+endif
+
+# other compatibility functions
+libcompat_la_CFLAGS = $(CFLAGS) $(USER_CFLAGS)
+libcompat_la_SOURCES =
+libcompat_la_LIBADD = $(PLATFORM_LDADD)
+
+if !HAVE_ASPRINTF
+libcompat_la_SOURCES += bsd-asprintf.c
+endif
+
+if !HAVE_STRLCPY
+libcompat_la_SOURCES += strlcpy.c
+endif
+
+if !HAVE_STRSEP
+libcompat_la_SOURCES += strsep.c
+endif
+
+include Makefile.am.arc4random
diff --git a/libtls-standalone/configure.ac b/libtls-standalone/configure.ac
index babb266..d52e22a 100644
--- a/libtls-standalone/configure.ac
+++ b/libtls-standalone/configure.ac
@@ -1,3 +1,17 @@
+# Copyright (c) 2014-2015 Brent Cook
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+
 AC_INIT([libtls], m4_esyscmd([tr -d '\n' < VERSION]))
 
 AC_CANONICAL_HOST
@@ -15,238 +29,20 @@ AM_PROG_CC_C_O
 AC_PROG_LIBTOOL
 LT_INIT
 
-CFLAGS="$CFLAGS -Wall -std=gnu99"
-
-case $host_os in
-        *aix*)
-                HOST_OS=aix
-                if test "`echo $CC | cut -d ' ' -f 1`" != "gcc" ; then
-                        CFLAGS="$USER_CFLAGS"
-                fi
-                ;;
-        *cygwin*)
-                HOST_OS=cygwin
-                ;;
-        *darwin*)
-                HOST_OS=darwin
-                HOST_ABI=macosx
-                ;;
-        *freebsd*)
-                HOST_OS=freebsd
-                HOST_ABI=elf
-                ;;
-        *hpux*)
-                HOST_OS=hpux;
-                if test "`echo $CC | cut -d ' ' -f 1`" = "gcc" ; then
-                        CFLAGS="$CFLAGS -mlp64"
-                else
-                        CFLAGS="-g -O2 +DD64 $USER_CFLAGS"
-                fi
-                CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D__STRICT_ALIGNMENT"
-                AC_SUBST([PLATFORM_LDADD], ['-lpthread'])
-                ;;
-        *linux*)
-                HOST_OS=linux
-                HOST_ABI=elf
-                CPPFLAGS="$CPPFLAGS -D_DEFAULT_SOURCE -D_BSD_SOURCE -D_POSIX_SOURCE -D_GNU_SOURCE"
-                ;;
-        *netbsd*)
-                HOST_OS=netbsd
-                CPPFLAGS="$CPPFLAGS -D_OPENBSD_SOURCE"
-                ;;
-        *openbsd*)
-                HOST_ABI=elf
-                AC_DEFINE([HAVE_ATTRIBUTE__BOUNDED__], [1], [OpenBSD gcc has bounded])
-                ;;
-        *mingw*)
-                HOST_OS=win
-                CPPFLAGS="$CPPFLAGS -D_GNU_SOURCE -D_POSIX -D_POSIX_SOURCE -D__USE_MINGW_ANSI_STDIO"
-                CPPFLAGS="$CPPFLAGS -D_REENTRANT -D_POSIX_THREAD_SAFE_FUNCTIONS"
-                CPPFLAGS="$CPPFLAGS -DWIN32_LEAN_AND_MEAN -D_WIN32_WINNT=0x0600"
-                CPPFLAGS="$CPPFLAGS -DOPENSSL_NO_SPEED -DNO_SYSLOG"
-                CFLAGS="$CFLAGS -static-libgcc"
-                LDFLAGS="$LDFLAGS -static-libgcc"
-                AC_SUBST([PLATFORM_LDADD], ['-lws2_32'])
-                ;;
-        *solaris*)
-                HOST_OS=solaris
-                HOST_ABI=elf
-                CPPFLAGS="$CPPFLAGS -D__EXTENSIONS__ -D_XOPEN_SOURCE=600 -DBSD_COMP"
-                AC_SUBST([PLATFORM_LDADD], ['-lnsl -lsocket'])
-                ;;
-        *) ;;
-esac
-
-AM_CONDITIONAL([HOST_AIX],     [test x$HOST_OS = xaix])
-AM_CONDITIONAL([HOST_CYGWIN],  [test x$HOST_OS = xcygwin])
-AM_CONDITIONAL([HOST_DARWIN],  [test x$HOST_OS = xdarwin])
-AM_CONDITIONAL([HOST_FREEBSD], [test x$HOST_OS = xfreebsd])
-AM_CONDITIONAL([HOST_HPUX],    [test x$HOST_OS = xhpux])
-AM_CONDITIONAL([HOST_LINUX],   [test x$HOST_OS = xlinux])
-AM_CONDITIONAL([HOST_NETBSD],  [test x$HOST_OS = xnetbsd])
-AM_CONDITIONAL([HOST_SOLARIS], [test x$HOST_OS = xsolaris])
-AM_CONDITIONAL([HOST_WIN],     [test x$HOST_OS = xwin])
-
-AC_MSG_CHECKING([if compiling with clang])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([], [[
-#ifndef __clang__
-        not clang
-#endif
-        ]])],
-        [CLANG=yes],
-        [CLANG=no]
-)
-AC_MSG_RESULT([$CLANG])
-AS_IF([test "x$CLANG" = "xyes"], [CLANG_FLAGS=-Qunused-arguments])
-
-CFLAGS="$CFLAGS $CLANG_FLAGS"
-LDFLAGS="$LDFLAGS $CLANG_FLAGS"
+CHECK_OS_OPTIONS
 
-# We want to check for compiler flag support. Prior to clang v5.1, there was no
-# way to make clang's "argument unused" warning fatal.  So we invoke the
-# compiler through a wrapper script that greps for this message.
-saved_CC="$CC"
-saved_LD="$LD"
-flag_wrap="$srcdir/scripts/wrap-compiler-for-flag-check"
-CC="$flag_wrap $CC"
-LD="$flag_wrap $LD"
-
-AC_ARG_ENABLE([hardening],
-        [AS_HELP_STRING([--disable-hardening],
-                        [Disable options to frustrate memory corruption exploits])],
-        [], [enable_hardening=yes])
-
-AC_ARG_ENABLE([windows-ssp],
-        [AS_HELP_STRING([--enable-windows-ssp],
-                        [Enable building the stack smashing protection on
-                         Windows. This currently distributing libssp-0.dll.])])
-
-AC_DEFUN([CHECK_CFLAG], [
-         AC_LANG_ASSERT(C)
-         AC_MSG_CHECKING([if $saved_CC supports "$1"])
-         old_cflags="$CFLAGS"
-         CFLAGS="$1 -Wall -Werror"
-         AC_TRY_LINK([
-                      #include <stdio.h>
-                      ],
-                     [printf("Hello")],
-                     AC_MSG_RESULT([yes])
-                     CFLAGS=$old_cflags
-                     HARDEN_CFLAGS="$HARDEN_CFLAGS $1",
-                     AC_MSG_RESULT([no])
-                     CFLAGS=$old_cflags
-                     [$2])
-])
-
-AC_DEFUN([CHECK_LDFLAG], [
-         AC_LANG_ASSERT(C)
-         AC_MSG_CHECKING([if $saved_LD supports "$1"])
-         old_ldflags="$LDFLAGS"
-         LDFLAGS="$1 -Wall -Werror"
-         AC_TRY_LINK([
-                      #include <stdio.h>
-                      ],
-                     [printf("Hello")],
-                     AC_MSG_RESULT([yes])
-                     LDFLAGS=$old_ldflags
-                     HARDEN_LDFLAGS="$HARDEN_LDFLAGS $1",
-                     AC_MSG_RESULT([no])
-                     LDFLAGS=$old_ldflags
-                     [$2])
-])
+CHECK_C_HARDENING_OPTIONS
 
-AS_IF([test "x$enable_hardening" = "xyes"], [
-        # Tell GCC to NOT optimize based on signed arithmetic overflow
-        CHECK_CFLAG([[-fno-strict-overflow]])
+DISABLE_COMPILER_WARNINGS
 
-        # _FORTIFY_SOURCE replaces builtin functions with safer versions.
-        CHECK_CFLAG([[-D_FORTIFY_SOURCE=2]])
-
-        # Enable read only relocations
-        CHECK_LDFLAG([[-Wl,-z,relro]])
-        CHECK_LDFLAG([[-Wl,-z,now]])
-
-        # Windows security flags
-        AS_IF([test "x$HOST_OS" = "xwin"], [
-                CHECK_LDFLAG([[-Wl,--nxcompat]])
-                CHECK_LDFLAG([[-Wl,--dynamicbase]])
-                CHECK_LDFLAG([[-Wl,--high-entropy-va]])
-        ])
-
-        # Use stack-protector-strong if available; if not, fallback to
-        # stack-protector-all which is considered to be overkill
-        AS_IF([test "x$enable_windows_ssp" = "xyes" -o "x$HOST_OS" != "xwin"], [
-                CHECK_CFLAG([[-fstack-protector-strong]],
-                        CHECK_CFLAG([[-fstack-protector-all]],
-                                AC_MSG_WARN([compiler does not appear to support stack protection])
-                        )
-                )
-                AS_IF([test "x$HOST_OS" = "xwin"], [
-                        AC_SEARCH_LIBS([__stack_chk_guard],[ssp])
-                ])
-        ])
-])
-
-
-# Restore CC, LD
-CC="$saved_CC"
-LD="$saved_LD"
-
-CFLAGS="$CFLAGS $HARDEN_CFLAGS"
-LDFLAGS="$LDFLAGS $HARDEN_LDFLAGS"
-
-# Removing the dependency on -Wno-pointer-sign should be a goal
-save_cflags="$CFLAGS"
-CFLAGS=-Wno-pointer-sign
-AC_MSG_CHECKING([whether CC supports -Wno-pointer-sign])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([])],
-        [AC_MSG_RESULT([yes])]
-        [AM_CFLAGS=-Wno-pointer-sign],
-        [AC_MSG_RESULT([no])]
-)
-CFLAGS="$save_cflags $AM_CFLAGS"
-
-save_cflags="$CFLAGS"
-CFLAGS=
-AC_MSG_CHECKING([whether AS supports .note.GNU-stack])
-AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[
-__asm__(".section .note.GNU-stack,\"\",@progbits");]])],
-        [AC_MSG_RESULT([yes])]
-        [AM_CFLAGS=-DHAVE_GNU_STACK],
-        [AC_MSG_RESULT([no])]
-)
-CFLAGS="$save_cflags $AM_CFLAGS"
-AM_PROG_AS
-
-AC_CHECK_FUNCS([explicit_bzero strsep])
-AM_CONDITIONAL([HAVE_EXPLICIT_BZERO], [test "x$ac_cv_func_explicit_bzero" = xyes])
-AM_CONDITIONAL([HAVE_STRSEP], [test "x$ac_cv_func_strsep" = xyes])
-
-#AC_CHECK_FUNCS([arc4random_buf asprintf explicit_bzero funopen getauxval])
-#AC_CHECK_FUNCS([getentropy memmem poll reallocarray])
-#AC_CHECK_FUNCS([strlcat strlcpy strndup strnlen strtonum])
-#AC_CHECK_FUNCS([symlink])
-#AC_CHECK_FUNCS([timingsafe_bcmp timingsafe_memcmp])
-#
-## Share test results with automake
-#AM_CONDITIONAL([HAVE_ARC4RANDOM_BUF], [test "x$ac_cv_func_arc4random_buf" = xyes])
-#AM_CONDITIONAL([HAVE_ASPRINTF], [test "x$ac_cv_func_asprintf" = xyes])
-#AM_CONDITIONAL([HAVE_GETENTROPY], [test "x$ac_cv_func_getentropy" = xyes])
-#AM_CONDITIONAL([HAVE_MEMMEM], [test "x$ac_cv_func_memmem" = xyes])
-#AM_CONDITIONAL([HAVE_POLL], [test "x$ac_cv_func_poll" = xyes])
-#AM_CONDITIONAL([HAVE_REALLOCARRAY], [test "x$ac_cv_func_reallocarray" = xyes])
-#AM_CONDITIONAL([HAVE_STRLCAT], [test "x$ac_cv_func_strlcat" = xyes])
-#AM_CONDITIONAL([HAVE_STRLCPY], [test "x$ac_cv_func_strlcpy" = xyes])
-#AM_CONDITIONAL([HAVE_STRNDUP], [test "x$ac_cv_func_strndup" = xyes])
-#AM_CONDITIONAL([HAVE_STRNLEN], [test "x$ac_cv_func_strnlen" = xyes])
-#AM_CONDITIONAL([HAVE_STRTONUM], [test "x$ac_cv_func_strtonum" = xyes])
-#AM_CONDITIONAL([HAVE_TIMINGSAFE_BCMP], [test "x$ac_cv_func_timingsafe_bcmp" = xyes])
-#AM_CONDITIONAL([HAVE_TIMINGSAFE_MEMCMP], [test "x$ac_cv_func_timingsafe_memcmp" = xyes])
-#AM_CONDITIONAL([BUILD_CERTHASH], [test "x$ac_cv_func_symlink" = xyes])
+CHECK_LIBC_COMPAT
+CHECK_LIBC_CRYPTO_COMPAT
 
 AC_CONFIG_FILES([
         Makefile
         include/Makefile
+        app/Makefile
+        compat/Makefile
         src/Makefile
         libtls.pc
 ])
diff --git a/libtls-standalone/include/Makefile.am b/libtls-standalone/include/Makefile.am
index 7fbefdc..0783318 100644
--- a/libtls-standalone/include/Makefile.am
+++ b/libtls-standalone/include/Makefile.am
@@ -1,27 +1,5 @@
-#noinst_HEADERS = err.h
-#noinst_HEADERS += netdb.h
-#noinst_HEADERS += poll.h
-#noinst_HEADERS += pqueue.h
-#noinst_HEADERS += stdio.h
-#noinst_HEADERS += stdlib.h
-#noinst_HEADERS += string.h
-#noinst_HEADERS += syslog.h
-#noinst_HEADERS += unistd.h
-#noinst_HEADERS += win32netcompat.h
-#
-#noinst_HEADERS += arpa/inet.h
-#
-#noinst_HEADERS += machine/endian.h
-#
-#noinst_HEADERS += netinet/in.h
-#noinst_HEADERS += netinet/tcp.h
-#
-#noinst_HEADERS += sys/ioctl.h
-#noinst_HEADERS += sys/mman.h
-#noinst_HEADERS += sys/select.h
-#noinst_HEADERS += sys/socket.h
-#noinst_HEADERS += sys/times.h
-#noinst_HEADERS += sys/types.h
-#noinst_HEADERS += sys/uio.h
+noinst_HEADERS = stdlib.h
+noinst_HEADERS += string.h
+noinst_HEADERS += unistd.h
 
 include_HEADERS = tls.h
diff --git a/libtls-standalone/include/string.h b/libtls-standalone/include/string.h
index c42fcba..05d1ffc 100644
--- a/libtls-standalone/include/string.h
+++ b/libtls-standalone/include/string.h
@@ -17,12 +17,57 @@
 #include <strings.h>
 #endif
 
-#ifndef HAVE_EXPLICIT_BZERO
-void explicit_bzero(void *, size_t);
+#ifndef HAVE_STRLCPY
+size_t strlcpy(char *dst, const char *src, size_t siz);
+#endif
+
+#ifndef HAVE_STRLCAT
+size_t strlcat(char *dst, const char *src, size_t siz);
+#endif
+
+#ifndef HAVE_STRNDUP
+char * strndup(const char *str, size_t maxlen);
+/* the only user of strnlen is strndup, so only build it if needed */
+#ifndef HAVE_STRNLEN
+size_t strnlen(const char *str, size_t maxlen);
+#endif
 #endif
 
 #ifndef HAVE_STRSEP
 char *strsep(char **stringp, const char *delim);
 #endif
 
+#ifndef HAVE_EXPLICIT_BZERO
+void explicit_bzero(void *, size_t);
+#endif
+
+#ifndef HAVE_TIMINGSAFE_BCMP
+int timingsafe_bcmp(const void *b1, const void *b2, size_t n);
+#endif
+
+#ifndef HAVE_TIMINGSAFE_MEMCMP
+int timingsafe_memcmp(const void *b1, const void *b2, size_t len);
+#endif
+
+#ifndef HAVE_MEMMEM
+void * memmem(const void *big, size_t big_len, const void *little,
+        size_t little_len);
+#endif
+
+#ifdef _WIN32
+#include <errno.h>
+
+static inline char  *
+posix_strerror(int errnum)
+{
+        if (errnum == ECONNREFUSED) {
+                return "Connection refused";
+        }
+        return strerror(errnum);
+}
+
+#define strerror(errnum) posix_strerror(errnum)
+
+#endif
+
 #endif
diff --git a/libtls-standalone/src/Makefile.am b/libtls-standalone/src/Makefile.am
index d5bcc49..cb9dd7f 100644
--- a/libtls-standalone/src/Makefile.am
+++ b/libtls-standalone/src/Makefile.am
@@ -4,6 +4,8 @@ lib_LTLIBRARIES = libtls.la
 
 libtls_la_LDFLAGS = -no-undefined
 libtls_la_LIBADD = -lcrypto -lssl $(PLATFORM_LDADD)
+libtls_la_LIBADD += $(top_builddir)/compat/libcompat.la
+libtls_la_LIBADD += $(top_builddir)/compat/libcompatnoopt.la
 
 libtls_la_SOURCES = tls.c
 libtls_la_SOURCES += tls_client.c
@@ -12,7 +14,3 @@ libtls_la_SOURCES += tls_server.c
 libtls_la_SOURCES += tls_util.c
 libtls_la_SOURCES += tls_verify.c
 noinst_HEADERS = tls_internal.h
-
-if !HAVE_STRSEP
-libtls_la_SOURCES += strsep.c
-endif
diff --git a/update.sh b/update.sh
index d2e74c7..06a70d7 100755
--- a/update.sh
+++ b/update.sh
@@ -43,7 +43,7 @@ source $libtls_src/shlib_version
 libtls_version=$major:$minor:0
 echo "libtls version $libtls_version"
 echo $libtls_version > tls/VERSION
-echo $libtls_version > libtls-standalone/VERSION
+echo $major.$minor.0 > libtls-standalone/VERSION
 
 do_mv() {
         if ! cmp -s "$1" "$2"
@@ -62,21 +62,35 @@ $CP $libcrypto_src/crypto/arch/amd64/opensslconf.h include/openssl
 $CP $libssl_src/src/crypto/opensslfeatures.h include/openssl
 $CP $libssl_src/src/e_os2.h include/openssl
 $CP $libssl_src/src/ssl/pqueue.h include
-$CP $libtls_src/tls.h include
-$CP $libtls_src/tls.h libtls-standalone/include
 
-for i in explicit_bzero.c strlcpy.c strlcat.c strndup.c strnlen.c \
-                timingsafe_bcmp.c timingsafe_memcmp.c; do
-        $CP $libc_src/string/$i crypto/compat
+sed -e "s/#define HEADER_TLS_H/#define HEADER_TLS_H\n#include <stddef.h>\n#include <stdint.h>/" \
+        $libtls_src/tls.h > include/tls.h
+$CP include/tls.h libtls-standalone/include
+
+for i in crypto/compat libtls-standalone/compat; do
+        $CP $libc_src/crypt/arc4random.c \
+                $libc_src/crypt/chacha_private.h \
+                $libc_src/string/explicit_bzero.c \
+                $libc_src/stdlib/reallocarray.c \
+                $libc_src/string/strlcpy.c \
+                $libc_src/string/strlcat.c \
+                $libc_src/string/strndup.c \
+                $libc_src/string/strnlen.c \
+                $libc_src/string/timingsafe_bcmp.c \
+                $libc_src/string/timingsafe_memcmp.c \
+                $libcrypto_src/crypto/getentropy_*.c \
+                $libcrypto_src/crypto/arc4random_*.h \
+                $i
 done
-$CP $libc_src/stdlib/reallocarray.c crypto/compat
-$CP $libc_src/crypt/arc4random.c crypto/compat
-$CP $libc_src/crypt/chacha_private.h crypto/compat
-$CP $libcrypto_src/crypto/getentropy_*.c crypto/compat
-$CP $libcrypto_src/crypto/arc4random_*.h crypto/compat
 
-$CP $libcrypto_src/crypto/getentropy_*.c libtls-standalone/src/compat
-$CP $libcrypto_src/crypto/arc4random_*.h libtls-standalone/src/compat
+$CP include/stdlib.h \
+        include/string.h \
+        include/unistd.h \
+        libtls-standalone/include
+
+$CP crypto/compat/arc4random*.h \
+        crypto/compat/bsd-asprintf.c \
+        libtls-standalone/compat
 
 (cd $libssl_src/src/crypto/objects/;
         perl objects.pl objects.txt obj_mac.num obj_mac.h;
@@ -179,7 +193,13 @@ for i in `awk '/SOURCES|HEADERS/ { print $3 }' tls/Makefile.am` ; do
         fi
 done
 $CP $libc_src/string/strsep.c tls
-$CP $libc_src/string/strsep.c libtls-standalone/src/compat
+$CP $libc_src/string/strsep.c libtls-standalone/compat
+mkdir -p libtls-standalone/m4
+$CP m4/check*.m4 \
+        m4/disable*.m4 \
+        libtls-standalone/m4
+sed -e "s/compat\///" crypto/Makefile.am.arc4random > \
+        libtls-standalone/compat/Makefile.am.arc4random
 
 # copy openssl(1) source
 echo "copying openssl(1) source"