summary refs log tree commit diff
path: root/include
diff options
context:
space:
mode:
authorJune McEnroe <june@causal.agency>2020-07-27 21:55:29 -0400
committerJune McEnroe <june@causal.agency>2020-07-30 19:02:22 -0400
commit4bb261b015d382a567563571ae4d399a16caebe2 (patch)
tree19862c3060f67c92df964ed948084e234e7a4952 /include
parentimport: Add script to extract libtls from libressl-portable (diff)
downloadlibretls-4bb261b015d382a567563571ae4d399a16caebe2.tar.gz
libretls-4bb261b015d382a567563571ae4d399a16caebe2.zip
Import LibreSSL 3.2.0
Diffstat (limited to '')
-rw-r--r--include/Makefile.am45
-rw-r--r--include/compat/arpa/inet.h15
-rw-r--r--include/compat/fcntl.h32
-rw-r--r--include/compat/limits.h25
-rw-r--r--include/compat/netdb.h10
-rw-r--r--include/compat/netinet/in.h19
-rw-r--r--include/compat/netinet/ip.h47
-rw-r--r--include/compat/netinet/tcp.h10
-rw-r--r--include/compat/pthread.h86
-rw-r--r--include/compat/stdio.h51
-rw-r--r--include/compat/stdlib.h47
-rw-r--r--include/compat/string.h87
-rw-r--r--include/compat/sys/ioctl.h11
-rw-r--r--include/compat/sys/mman.h19
-rw-r--r--include/compat/sys/param.h15
-rw-r--r--include/compat/sys/socket.h17
-rw-r--r--include/compat/sys/stat.h121
-rw-r--r--include/compat/sys/time.h28
-rw-r--r--include/compat/sys/types.h81
-rw-r--r--include/compat/time.h60
-rw-r--r--include/compat/unistd.h78
-rw-r--r--include/compat/win32netcompat.h57
-rw-r--r--include/tls.h226
23 files changed, 1187 insertions, 0 deletions
diff --git a/include/Makefile.am b/include/Makefile.am
new file mode 100644
index 0000000..6d808cc
--- /dev/null
+++ b/include/Makefile.am
@@ -0,0 +1,45 @@
+include $(top_srcdir)/Makefile.am.common
+
+EXTRA_DIST = CMakeLists.txt
+
+SUBDIRS = openssl
+
+noinst_HEADERS = pqueue.h
+noinst_HEADERS += compat/dirent.h
+noinst_HEADERS += compat/dirent_msvc.h
+noinst_HEADERS += compat/err.h
+noinst_HEADERS += compat/fcntl.h
+noinst_HEADERS += compat/limits.h
+noinst_HEADERS += compat/netdb.h
+noinst_HEADERS += compat/poll.h
+noinst_HEADERS += compat/pthread.h
+noinst_HEADERS += compat/readpassphrase.h
+noinst_HEADERS += compat/resolv.h
+noinst_HEADERS += compat/stdio.h
+noinst_HEADERS += compat/stdlib.h
+noinst_HEADERS += compat/string.h
+noinst_HEADERS += compat/syslog.h
+noinst_HEADERS += compat/time.h
+noinst_HEADERS += compat/unistd.h
+noinst_HEADERS += compat/win32netcompat.h
+
+noinst_HEADERS += compat/arpa/inet.h
+noinst_HEADERS += compat/arpa/nameser.h
+
+noinst_HEADERS += compat/machine/endian.h
+
+noinst_HEADERS += compat/netinet/in.h
+noinst_HEADERS += compat/netinet/ip.h
+noinst_HEADERS += compat/netinet/tcp.h
+
+noinst_HEADERS += compat/sys/ioctl.h
+noinst_HEADERS += compat/sys/mman.h
+noinst_HEADERS += compat/sys/param.h
+noinst_HEADERS += compat/sys/select.h
+noinst_HEADERS += compat/sys/socket.h
+noinst_HEADERS += compat/sys/stat.h
+noinst_HEADERS += compat/sys/time.h
+noinst_HEADERS += compat/sys/types.h
+noinst_HEADERS += compat/sys/uio.h
+
+include_HEADERS = tls.h
diff --git a/include/compat/arpa/inet.h b/include/compat/arpa/inet.h
new file mode 100644
index 0000000..4422f41
--- /dev/null
+++ b/include/compat/arpa/inet.h
@@ -0,0 +1,15 @@
+/*
+ * Public domain
+ * arpa/inet.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <arpa/inet.h>
+#else
+#include <win32netcompat.h>
+
+#ifndef AI_ADDRCONFIG
+#define AI_ADDRCONFIG               0x00000400
+#endif
+
+#endif
diff --git a/include/compat/fcntl.h b/include/compat/fcntl.h
new file mode 100644
index 0000000..7dfedc6
--- /dev/null
+++ b/include/compat/fcntl.h
@@ -0,0 +1,32 @@
+/*
+ * Public domain
+ * fcntl.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <fcntl.h>
+#else
+
+#ifdef _MSC_VER
+#if _MSC_VER >= 1900
+#include <../ucrt/fcntl.h>
+#else
+#include <../include/fcntl.h>
+#endif
+#else
+#include_next <fcntl.h>
+#endif
+
+#endif
+
+#ifndef O_NONBLOCK
+#define O_NONBLOCK      0x100000
+#endif
+
+#ifndef O_CLOEXEC
+#define O_CLOEXEC       0x200000
+#endif
+
+#ifndef FD_CLOEXEC
+#define FD_CLOEXEC      1
+#endif
diff --git a/include/compat/limits.h b/include/compat/limits.h
new file mode 100644
index 0000000..73cccfc
--- /dev/null
+++ b/include/compat/limits.h
@@ -0,0 +1,25 @@
+/*
+ * Public domain
+ * limits.h compatibility shim
+ */
+
+#ifdef _MSC_VER
+#include <../include/limits.h>
+#if _MSC_VER >= 1900
+#include <../ucrt/stdlib.h>
+#else
+#include <../include/stdlib.h>
+#endif
+#ifndef PATH_MAX
+#define PATH_MAX _MAX_PATH
+#endif
+#else
+#include_next <limits.h>
+#endif
+
+#ifdef __hpux
+#include <sys/param.h>
+#ifndef PATH_MAX
+#define PATH_MAX MAXPATHLEN
+#endif
+#endif
diff --git a/include/compat/netdb.h b/include/compat/netdb.h
new file mode 100644
index 0000000..d36b91d
--- /dev/null
+++ b/include/compat/netdb.h
@@ -0,0 +1,10 @@
+/*
+ * Public domain
+ * netdb.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <netdb.h>
+#else
+#include <win32netcompat.h>
+#endif
diff --git a/include/compat/netinet/in.h b/include/compat/netinet/in.h
new file mode 100644
index 0000000..d1afb27
--- /dev/null
+++ b/include/compat/netinet/in.h
@@ -0,0 +1,19 @@
+/*
+ * Public domain
+ * netinet/in.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <netinet/in.h>
+#else
+#include <win32netcompat.h>
+#endif
+
+#ifndef LIBCRYPTOCOMPAT_NETINET_IN_H
+#define LIBCRYPTOCOMPAT_NETINET_IN_H
+
+#ifdef __ANDROID__
+typedef uint16_t in_port_t;
+#endif
+
+#endif
diff --git a/include/compat/netinet/ip.h b/include/compat/netinet/ip.h
new file mode 100644
index 0000000..6019f7d
--- /dev/null
+++ b/include/compat/netinet/ip.h
@@ -0,0 +1,47 @@
+/*
+ * Public domain
+ * netinet/ip.h compatibility shim
+ */
+
+#if defined(__hpux)
+#include <netinet/in_systm.h>
+#endif
+
+#ifndef _WIN32
+#include_next <netinet/ip.h>
+#else
+#include <win32netcompat.h>
+#endif
+
+/*
+ * Definitions for DiffServ Codepoints as per RFC2474
+ */
+#ifndef IPTOS_DSCP_CS0
+#define	IPTOS_DSCP_CS0		0x00
+#define	IPTOS_DSCP_CS1		0x20
+#define	IPTOS_DSCP_CS2		0x40
+#define	IPTOS_DSCP_CS3		0x60
+#define	IPTOS_DSCP_CS4		0x80
+#define	IPTOS_DSCP_CS5		0xa0
+#define	IPTOS_DSCP_CS6		0xc0
+#define	IPTOS_DSCP_CS7		0xe0
+#endif
+
+#ifndef IPTOS_DSCP_AF11
+#define	IPTOS_DSCP_AF11		0x28
+#define	IPTOS_DSCP_AF12		0x30
+#define	IPTOS_DSCP_AF13		0x38
+#define	IPTOS_DSCP_AF21		0x48
+#define	IPTOS_DSCP_AF22		0x50
+#define	IPTOS_DSCP_AF23		0x58
+#define	IPTOS_DSCP_AF31		0x68
+#define	IPTOS_DSCP_AF32		0x70
+#define	IPTOS_DSCP_AF33		0x78
+#define	IPTOS_DSCP_AF41		0x88
+#define	IPTOS_DSCP_AF42		0x90
+#define	IPTOS_DSCP_AF43		0x98
+#endif
+
+#ifndef IPTOS_DSCP_EF
+#define	IPTOS_DSCP_EF		0xb8
+#endif
diff --git a/include/compat/netinet/tcp.h b/include/compat/netinet/tcp.h
new file mode 100644
index 0000000..c98cf74
--- /dev/null
+++ b/include/compat/netinet/tcp.h
@@ -0,0 +1,10 @@
+/*
+ * Public domain
+ * netinet/tcp.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <netinet/tcp.h>
+#else
+#include <win32netcompat.h>
+#endif
diff --git a/include/compat/pthread.h b/include/compat/pthread.h
new file mode 100644
index 0000000..8b8c3c6
--- /dev/null
+++ b/include/compat/pthread.h
@@ -0,0 +1,86 @@
+/*
+ * Public domain
+ * pthread.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_PTHREAD_H
+#define LIBCRYPTOCOMPAT_PTHREAD_H
+
+#ifdef _WIN32
+
+#include <windows.h>
+
+/*
+ * Static once initialization values.
+ */
+#define PTHREAD_ONCE_INIT   { INIT_ONCE_STATIC_INIT }
+
+/*
+ * Once definitions.
+ */
+struct pthread_once {
+	INIT_ONCE once;
+};
+typedef struct pthread_once pthread_once_t;
+
+static inline BOOL CALLBACK
+_pthread_once_win32_cb(PINIT_ONCE once, PVOID param, PVOID *context)
+{
+	void (*cb) (void) = param;
+	cb();
+	return TRUE;
+}
+
+static inline int
+pthread_once(pthread_once_t *once, void (*cb) (void))
+{
+	BOOL rc = InitOnceExecuteOnce(&once->once, _pthread_once_win32_cb, cb, NULL);
+	if (rc == 0)
+		return -1;
+	else
+		return 0;
+}
+
+typedef DWORD pthread_t;
+
+static inline pthread_t
+pthread_self(void)
+{
+	return GetCurrentThreadId();
+}
+
+static inline int
+pthread_equal(pthread_t t1, pthread_t t2)
+{
+	return t1 == t2;
+}
+
+typedef CRITICAL_SECTION pthread_mutex_t;
+typedef void pthread_mutexattr_t;
+
+static inline int
+pthread_mutex_init(pthread_mutex_t *mutex, const pthread_mutexattr_t *attr)
+{
+	InitializeCriticalSection(mutex);
+	return 0;
+}
+
+static inline int
+pthread_mutex_lock(pthread_mutex_t *mutex)
+{
+	EnterCriticalSection(mutex);
+	return 0;
+}
+
+static inline int
+pthread_mutex_unlock(pthread_mutex_t *mutex)
+{
+	LeaveCriticalSection(mutex);
+	return 0;
+}
+
+#else
+#include_next <pthread.h>
+#endif
+
+#endif
diff --git a/include/compat/stdio.h b/include/compat/stdio.h
new file mode 100644
index 0000000..d5725c9
--- /dev/null
+++ b/include/compat/stdio.h
@@ -0,0 +1,51 @@
+/*
+ * Public domain
+ * stdio.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_STDIO_H
+#define LIBCRYPTOCOMPAT_STDIO_H
+
+#ifdef _MSC_VER
+#if _MSC_VER >= 1900
+#include <../ucrt/stdlib.h>
+#include <../ucrt/corecrt_io.h>
+#include <../ucrt/stdio.h>
+#else
+#include <../include/stdio.h>
+#endif
+#else
+#include_next <stdio.h>
+#endif
+
+#ifndef HAVE_ASPRINTF
+#include <stdarg.h>
+int vasprintf(char **str, const char *fmt, va_list ap);
+int asprintf(char **str, const char *fmt, ...);
+#endif
+
+#ifdef _WIN32
+
+#if defined(_MSC_VER)
+#define __func__ __FUNCTION__
+#endif
+
+void posix_perror(const char *s);
+FILE * posix_fopen(const char *path, const char *mode);
+char * posix_fgets(char *s, int size, FILE *stream);
+int posix_rename(const char *oldpath, const char *newpath);
+
+#ifndef NO_REDEF_POSIX_FUNCTIONS
+#define perror(errnum) posix_perror(errnum)
+#define fopen(path, mode) posix_fopen(path, mode)
+#define fgets(s, size, stream) posix_fgets(s, size, stream)
+#define rename(oldpath, newpath) posix_rename(oldpath, newpath)
+#endif
+
+#ifdef _MSC_VER
+#define snprintf _snprintf
+#endif
+
+#endif
+
+#endif
diff --git a/include/compat/stdlib.h b/include/compat/stdlib.h
new file mode 100644
index 0000000..2eaea24
--- /dev/null
+++ b/include/compat/stdlib.h
@@ -0,0 +1,47 @@
+/*
+ * stdlib.h compatibility shim
+ * Public domain
+ */
+
+#ifdef _MSC_VER
+#if _MSC_VER >= 1900
+#include <../ucrt/stdlib.h>
+#else
+#include <../include/stdlib.h>
+#endif
+#else
+#include_next <stdlib.h>
+#endif
+
+#ifndef LIBCRYPTOCOMPAT_STDLIB_H
+#define LIBCRYPTOCOMPAT_STDLIB_H
+
+#include <sys/types.h>
+#include <stdint.h>
+
+#ifndef HAVE_ARC4RANDOM_BUF
+uint32_t arc4random(void);
+void arc4random_buf(void *_buf, size_t n);
+uint32_t arc4random_uniform(uint32_t upper_bound);
+#endif
+
+#ifndef HAVE_FREEZERO
+void freezero(void *ptr, size_t sz);
+#endif
+
+#ifndef HAVE_GETPROGNAME
+const char * getprogname(void);
+#endif
+
+void *reallocarray(void *, size_t, size_t);
+
+#ifndef HAVE_RECALLOCARRAY
+void *recallocarray(void *, size_t, size_t, size_t);
+#endif
+
+#ifndef HAVE_STRTONUM
+long long strtonum(const char *nptr, long long minval,
+		long long maxval, const char **errstr);
+#endif
+
+#endif
diff --git a/include/compat/string.h b/include/compat/string.h
new file mode 100644
index 0000000..4bf7519
--- /dev/null
+++ b/include/compat/string.h
@@ -0,0 +1,87 @@
+/*
+ * Public domain
+ * string.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_STRING_H
+#define LIBCRYPTOCOMPAT_STRING_H
+
+#ifdef _MSC_VER
+#if _MSC_VER >= 1900
+#include <../ucrt/string.h>
+#else
+#include <../include/string.h>
+#endif
+#else
+#include_next <string.h>
+#endif
+
+#include <sys/types.h>
+
+#if defined(__sun) || defined(_AIX) || defined(__hpux)
+/* Some functions historically defined in string.h were placed in strings.h by
+ * SUS. Use the same hack as OS X and FreeBSD use to work around on AIX,
+ * Solaris, and HPUX.
+ */
+#include <strings.h>
+#endif
+
+#ifndef HAVE_STRCASECMP
+int strcasecmp(const char *s1, const char *s2);
+int strncasecmp(const char *s1, const char *s2, size_t len);
+#endif
+
+#ifndef HAVE_STRLCPY
+size_t strlcpy(char *dst, const char *src, size_t siz);
+#endif
+
+#ifndef HAVE_STRLCAT
+size_t strlcat(char *dst, const char *src, size_t siz);
+#endif
+
+#ifndef HAVE_STRNDUP
+char * strndup(const char *str, size_t maxlen);
+/* the only user of strnlen is strndup, so only build it if needed */
+#ifndef HAVE_STRNLEN
+size_t strnlen(const char *str, size_t maxlen);
+#endif
+#endif
+
+#ifndef HAVE_STRSEP
+char *strsep(char **stringp, const char *delim);
+#endif
+
+#ifndef HAVE_EXPLICIT_BZERO
+void explicit_bzero(void *, size_t);
+#endif
+
+#ifndef HAVE_TIMINGSAFE_BCMP
+int timingsafe_bcmp(const void *b1, const void *b2, size_t n);
+#endif
+
+#ifndef HAVE_TIMINGSAFE_MEMCMP
+int timingsafe_memcmp(const void *b1, const void *b2, size_t len);
+#endif
+
+#ifndef HAVE_MEMMEM
+void * memmem(const void *big, size_t big_len, const void *little,
+	size_t little_len);
+#endif
+
+#ifdef _WIN32
+#include <errno.h>
+
+static inline char  *
+posix_strerror(int errnum)
+{
+	if (errnum == ECONNREFUSED) {
+		return "Connection refused";
+	}
+	return strerror(errnum);
+}
+
+#define strerror(errnum) posix_strerror(errnum)
+
+#endif
+
+#endif
diff --git a/include/compat/sys/ioctl.h b/include/compat/sys/ioctl.h
new file mode 100644
index 0000000..a255506
--- /dev/null
+++ b/include/compat/sys/ioctl.h
@@ -0,0 +1,11 @@
+/*
+ * Public domain
+ * sys/ioctl.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <sys/ioctl.h>
+#else
+#include <win32netcompat.h>
+#define ioctl(fd, type, arg) ioctlsocket(fd, type, arg)
+#endif
diff --git a/include/compat/sys/mman.h b/include/compat/sys/mman.h
new file mode 100644
index 0000000..d9eb6a9
--- /dev/null
+++ b/include/compat/sys/mman.h
@@ -0,0 +1,19 @@
+/*
+ * Public domain
+ * sys/mman.h compatibility shim
+ */
+
+#include_next <sys/mman.h>
+
+#ifndef LIBCRYPTOCOMPAT_MMAN_H
+#define LIBCRYPTOCOMPAT_MMAN_H
+
+#ifndef MAP_ANON
+#ifdef MAP_ANONYMOUS
+#define MAP_ANON MAP_ANONYMOUS
+#else
+#error "System does not support mapping anonymous pages?"
+#endif
+#endif
+
+#endif
diff --git a/include/compat/sys/param.h b/include/compat/sys/param.h
new file mode 100644
index 0000000..70488f8
--- /dev/null
+++ b/include/compat/sys/param.h
@@ -0,0 +1,15 @@
+/*
+ * Public domain
+ * sys/param.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_SYS_PARAM_H
+#define LIBCRYPTOCOMPAT_SYS_PARAM_H
+
+#ifdef _MSC_VER
+#include <winsock2.h>
+#else
+#include_next <sys/param.h>
+#endif
+
+#endif
diff --git a/include/compat/sys/socket.h b/include/compat/sys/socket.h
new file mode 100644
index 0000000..10eb05f
--- /dev/null
+++ b/include/compat/sys/socket.h
@@ -0,0 +1,17 @@
+/*
+ * Public domain
+ * sys/socket.h compatibility shim
+ */
+
+#ifndef _WIN32
+#include_next <sys/socket.h>
+#else
+#include <win32netcompat.h>
+#endif
+
+#if !defined(SOCK_NONBLOCK) || !defined(SOCK_CLOEXEC)
+#define SOCK_CLOEXEC            0x8000  /* set FD_CLOEXEC */
+#define SOCK_NONBLOCK           0x4000  /* set O_NONBLOCK */
+int bsd_socketpair(int domain, int type, int protocol, int socket_vector[2]);
+#define socketpair(d,t,p,sv) bsd_socketpair(d,t,p,sv)
+#endif
diff --git a/include/compat/sys/stat.h b/include/compat/sys/stat.h
new file mode 100644
index 0000000..b88da1d
--- /dev/null
+++ b/include/compat/sys/stat.h
@@ -0,0 +1,121 @@
+/*
+ * Public domain
+ * sys/stat.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_SYS_STAT_H
+#define LIBCRYPTOCOMPAT_SYS_STAT_H
+
+#ifndef _MSC_VER
+#include_next <sys/stat.h>
+
+/* for old MinGW */
+#ifndef S_IRWXU
+#define S_IRWXU         0
+#endif
+#ifndef S_IRWXG
+#define S_IRWXG         0
+#endif
+#ifndef S_IRGRP
+#define S_IRGRP         0
+#endif
+#ifndef S_IRWXO
+#define S_IRWXO         0
+#endif
+#ifndef S_IROTH
+#define S_IROTH         0
+#endif
+
+#else
+
+#include <windows.h>
+#if _MSC_VER >= 1900
+#include <../ucrt/sys/stat.h>
+#else
+#include <../include/sys/stat.h>
+#endif
+
+/* File type and permission flags for stat() */
+#if !defined(S_IFMT)
+#   define S_IFMT   _S_IFMT                     /* File type mask */
+#endif
+#if !defined(S_IFDIR)
+#   define S_IFDIR  _S_IFDIR                    /* Directory */
+#endif
+#if !defined(S_IFCHR)
+#   define S_IFCHR  _S_IFCHR                    /* Character device */
+#endif
+#if !defined(S_IFFIFO)
+#   define S_IFFIFO _S_IFFIFO                   /* Pipe */
+#endif
+#if !defined(S_IFREG)
+#   define S_IFREG  _S_IFREG                    /* Regular file */
+#endif
+#if !defined(S_IREAD)
+#   define S_IREAD  _S_IREAD                    /* Read permission */
+#endif
+#if !defined(S_IWRITE)
+#   define S_IWRITE _S_IWRITE                   /* Write permission */
+#endif
+#if !defined(S_IEXEC)
+#   define S_IEXEC  _S_IEXEC                    /* Execute permission */
+#endif
+#if !defined(S_IFIFO)
+#   define S_IFIFO _S_IFIFO                     /* Pipe */
+#endif
+#if !defined(S_IFBLK)
+#   define S_IFBLK   0                          /* Block device */
+#endif
+#if !defined(S_IFLNK)
+#   define S_IFLNK   0                          /* Link */
+#endif
+#if !defined(S_IFSOCK)
+#   define S_IFSOCK  0                          /* Socket */
+#endif
+
+#if defined(_MSC_VER)
+#   define S_IRWXU  0                           /* RWX user */
+#   define S_IRUSR  S_IREAD                     /* Read user */
+#   define S_IWUSR  S_IWRITE                    /* Write user */
+#   define S_IXUSR  0                           /* Execute user */
+#   define S_IRWXG  0                           /* RWX group */
+#   define S_IRGRP  0                           /* Read group */
+#   define S_IWGRP  0                           /* Write group */
+#   define S_IXGRP  0                           /* Execute group */
+#   define S_IRWXO  0                           /* RWX others */
+#   define S_IROTH  0                           /* Read others */
+#   define S_IWOTH  0                           /* Write others */
+#   define S_IXOTH  0                           /* Execute others */
+#endif
+
+/* File type flags for d_type */
+#define DT_UNKNOWN  0
+#define DT_REG      S_IFREG
+#define DT_DIR      S_IFDIR
+#define DT_FIFO     S_IFIFO
+#define DT_SOCK     S_IFSOCK
+#define DT_CHR      S_IFCHR
+#define DT_BLK      S_IFBLK
+#define DT_LNK      S_IFLNK
+
+/* Macros for converting between st_mode and d_type */
+#define IFTODT(mode) ((mode) & S_IFMT)
+#define DTTOIF(type) (type)
+
+/*
+ * File type macros.  Note that block devices, sockets and links cannot be
+ * distinguished on Windows and the macros S_ISBLK, S_ISSOCK and S_ISLNK are
+ * only defined for compatibility.  These macros should always return false
+ * on Windows.
+ */
+#define	S_ISFIFO(mode) (((mode) & S_IFMT) == S_IFIFO)
+#define	S_ISDIR(mode)  (((mode) & S_IFMT) == S_IFDIR)
+#define	S_ISREG(mode)  (((mode) & S_IFMT) == S_IFREG)
+#define	S_ISLNK(mode)  (((mode) & S_IFMT) == S_IFLNK)
+#define	S_ISSOCK(mode) (((mode) & S_IFMT) == S_IFSOCK)
+#define	S_ISCHR(mode)  (((mode) & S_IFMT) == S_IFCHR)
+#define	S_ISBLK(mode)  (((mode) & S_IFMT) == S_IFBLK)
+
+#endif
+
+#endif
diff --git a/include/compat/sys/time.h b/include/compat/sys/time.h
new file mode 100644
index 0000000..76428c1
--- /dev/null
+++ b/include/compat/sys/time.h
@@ -0,0 +1,28 @@
+/*
+ * Public domain
+ * sys/time.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_SYS_TIME_H
+#define LIBCRYPTOCOMPAT_SYS_TIME_H
+
+#ifdef _MSC_VER
+#include <winsock2.h>
+int gettimeofday(struct timeval *tp, void *tzp);
+#else
+#include_next <sys/time.h>
+#endif
+
+#ifndef timersub
+#define timersub(tvp, uvp, vvp)                                         \
+	do {                                                            \
+		(vvp)->tv_sec = (tvp)->tv_sec - (uvp)->tv_sec;          \
+		(vvp)->tv_usec = (tvp)->tv_usec - (uvp)->tv_usec;       \
+		if ((vvp)->tv_usec < 0) {                               \
+			(vvp)->tv_sec--;                                \
+			(vvp)->tv_usec += 1000000;                      \
+		}                                                       \
+	} while (0)
+#endif
+
+#endif
diff --git a/include/compat/sys/types.h b/include/compat/sys/types.h
new file mode 100644
index 0000000..4967843
--- /dev/null
+++ b/include/compat/sys/types.h
@@ -0,0 +1,81 @@
+/*
+ * Public domain
+ * sys/types.h compatibility shim
+ */
+
+#ifdef _MSC_VER
+#if _MSC_VER >= 1900
+#include <../ucrt/sys/types.h>
+#else
+#include <../include/sys/types.h>
+#endif
+#else
+#include_next <sys/types.h>
+#endif
+
+#ifndef LIBCRYPTOCOMPAT_SYS_TYPES_H
+#define LIBCRYPTOCOMPAT_SYS_TYPES_H
+
+#include <stdint.h>
+
+#ifdef __MINGW32__
+#include <_bsd_types.h>
+typedef uint32_t        in_addr_t;
+typedef uint32_t        uid_t;
+#endif
+
+#ifdef _MSC_VER
+typedef unsigned char   u_char;
+typedef unsigned short  u_short;
+typedef unsigned int    u_int;
+typedef uint32_t        in_addr_t;
+typedef uint32_t        mode_t;
+typedef uint32_t        uid_t;
+
+#include <basetsd.h>
+typedef SSIZE_T ssize_t;
+
+#ifndef SSIZE_MAX
+#ifdef _WIN64
+#define SSIZE_MAX _I64_MAX
+#else
+#define SSIZE_MAX INT_MAX
+#endif
+#endif
+
+#endif
+
+#if !defined(HAVE_ATTRIBUTE__BOUNDED__) && !defined(__bounded__)
+# define __bounded__(x, y, z)
+#endif
+
+#if !defined(HAVE_ATTRIBUTE__DEAD) && !defined(__dead)
+#ifdef _MSC_VER
+#define __dead      __declspec(noreturn)
+#else
+#define __dead      __attribute__((__noreturn__))
+#endif
+#endif
+
+#ifdef _WIN32
+#define __warn_references(sym,msg)
+#else
+
+#ifndef __warn_references
+
+#ifndef __STRING
+#define __STRING(x) #x
+#endif
+
+#if defined(__GNUC__)  && defined (HAS_GNU_WARNING_LONG)
+#define __warn_references(sym,msg)          \
+  __asm__(".section .gnu.warning." __STRING(sym)  \
+         "\n\t.ascii \"" msg "\"\n\t.text");
+#else
+#define __warn_references(sym,msg)
+#endif
+
+#endif /* __warn_references */
+#endif /* _WIN32 */
+
+#endif
diff --git a/include/compat/time.h b/include/compat/time.h
new file mode 100644
index 0000000..540807d
--- /dev/null
+++ b/include/compat/time.h
@@ -0,0 +1,60 @@
+/*
+ * Public domain
+ * sys/time.h compatibility shim
+ */
+
+#ifdef _MSC_VER
+#if _MSC_VER >= 1900
+#include <../ucrt/time.h>
+#else
+#include <../include/time.h>
+#endif
+#else
+#include_next <time.h>
+#endif
+
+#ifndef LIBCRYPTOCOMPAT_TIME_H
+#define LIBCRYPTOCOMPAT_TIME_H
+
+#ifdef _WIN32
+struct tm *__gmtime_r(const time_t * t, struct tm * tm);
+#define gmtime_r(tp, tm) __gmtime_r(tp, tm)
+#endif
+
+#ifndef HAVE_TIMEGM
+time_t timegm(struct tm *tm);
+#endif
+
+#ifndef CLOCK_MONOTONIC
+#define CLOCK_MONOTONIC CLOCK_REALTIME
+#endif
+
+#ifndef CLOCK_REALTIME
+#define CLOCK_REALTIME 0
+#endif
+
+#ifndef _WIN32
+#ifndef HAVE_CLOCK_GETTIME
+typedef int clockid_t;
+int clock_gettime(clockid_t clock_id, struct timespec *tp);
+#endif
+
+#ifdef timespecsub
+#define HAVE_TIMESPECSUB
+#endif
+
+#ifndef HAVE_TIMESPECSUB
+#define timespecsub(tsp, usp, vsp)                                      \
+        do {                                                            \
+                (vsp)->tv_sec = (tsp)->tv_sec - (usp)->tv_sec;          \
+                (vsp)->tv_nsec = (tsp)->tv_nsec - (usp)->tv_nsec;       \
+                if ((vsp)->tv_nsec < 0) {                               \
+                        (vsp)->tv_sec--;                                \
+                        (vsp)->tv_nsec += 1000000000L;                  \
+                }                                                       \
+        } while (0)
+#endif
+
+#endif
+
+#endif
diff --git a/include/compat/unistd.h b/include/compat/unistd.h
new file mode 100644
index 0000000..5e6ab1d
--- /dev/null
+++ b/include/compat/unistd.h
@@ -0,0 +1,78 @@
+/*
+ * Public domain
+ * unistd.h compatibility shim
+ */
+
+#ifndef LIBCRYPTOCOMPAT_UNISTD_H
+#define LIBCRYPTOCOMPAT_UNISTD_H
+
+#ifndef _MSC_VER
+
+#include_next <unistd.h>
+
+#ifdef __MINGW32__
+int ftruncate(int fd, off_t length);
+uid_t getuid(void);
+ssize_t pread(int d, void *buf, size_t nbytes, off_t offset);
+ssize_t pwrite(int d, const void *buf, size_t nbytes, off_t offset);
+#endif
+
+#else
+
+#include <stdlib.h>
+#include <io.h>
+#include <process.h>
+
+#define STDOUT_FILENO   1
+#define STDERR_FILENO   2
+
+#define R_OK    4
+#define W_OK    2
+#define X_OK    0
+#define F_OK    0
+
+#define SEEK_SET        0
+#define SEEK_CUR        1
+#define SEEK_END        2
+
+#define access _access
+
+#ifdef _MSC_VER
+#include <windows.h>
+static inline unsigned int sleep(unsigned int seconds)
+{
+       Sleep(seconds * 1000);
+       return seconds;
+}
+#endif
+
+int ftruncate(int fd, off_t length);
+uid_t getuid(void);
+ssize_t pread(int d, void *buf, size_t nbytes, off_t offset);
+ssize_t pwrite(int d, const void *buf, size_t nbytes, off_t offset);
+
+#endif
+
+#ifndef HAVE_GETENTROPY
+int getentropy(void *buf, size_t buflen);
+#else
+/*
+ * Solaris 11.3 adds getentropy(2), but defines the function in sys/random.h
+ */
+#if defined(__sun)
+#include <sys/random.h>
+#endif
+#endif
+
+#ifndef HAVE_GETPAGESIZE
+int getpagesize(void);
+#endif
+
+#define pledge(request, paths) 0
+#define unveil(path, permissions) 0
+
+#ifndef HAVE_PIPE2
+int pipe2(int fildes[2], int flags);
+#endif
+
+#endif
diff --git a/include/compat/win32netcompat.h b/include/compat/win32netcompat.h
new file mode 100644
index 0000000..eabebe9
--- /dev/null
+++ b/include/compat/win32netcompat.h
@@ -0,0 +1,57 @@
+/*
+ * Public domain
+ *
+ * BSD socket emulation code for Winsock2
+ * Brent Cook <bcook@openbsd.org>
+ */
+
+#ifndef LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
+#define LIBCRYPTOCOMPAT_WIN32NETCOMPAT_H
+
+#ifdef _WIN32
+
+#include <ws2tcpip.h>
+#include <errno.h>
+#include <unistd.h>
+
+#ifndef SHUT_RDWR
+#define SHUT_RDWR SD_BOTH
+#endif
+#ifndef SHUT_RD
+#define SHUT_RD   SD_RECEIVE
+#endif
+#ifndef SHUT_WR
+#define SHUT_WR   SD_SEND
+#endif
+
+int posix_connect(int sockfd, const struct sockaddr *addr, socklen_t addrlen);
+
+int posix_open(const char *path, ...);
+
+int posix_close(int fd);
+
+ssize_t posix_read(int fd, void *buf, size_t count);
+
+ssize_t posix_write(int fd, const void *buf, size_t count);
+
+int posix_getsockopt(int sockfd, int level, int optname,
+	void *optval, socklen_t *optlen);
+
+int posix_setsockopt(int sockfd, int level, int optname,
+	const void *optval, socklen_t optlen);
+
+#ifndef NO_REDEF_POSIX_FUNCTIONS
+#define connect(sockfd, addr, addrlen) posix_connect(sockfd, addr, addrlen)
+#define open(path, ...) posix_open(path, __VA_ARGS__)
+#define close(fd) posix_close(fd)
+#define read(fd, buf, count) posix_read(fd, buf, count)
+#define write(fd, buf, count) posix_write(fd, buf, count)
+#define getsockopt(sockfd, level, optname, optval, optlen) \
+	posix_getsockopt(sockfd, level, optname, optval, optlen)
+#define setsockopt(sockfd, level, optname, optval, optlen) \
+	posix_setsockopt(sockfd, level, optname, optval, optlen)
+#endif
+
+#endif
+
+#endif
diff --git a/include/tls.h b/include/tls.h
new file mode 100644
index 0000000..de6d257
--- /dev/null
+++ b/include/tls.h
@@ -0,0 +1,226 @@
+/* $OpenBSD: tls.h,v 1.58 2020/01/22 06:44:02 beck Exp $ */
+/*
+ * Copyright (c) 2014 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#ifndef HEADER_TLS_H
+#define HEADER_TLS_H
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#ifdef _MSC_VER
+#ifndef LIBRESSL_INTERNAL
+#include <basetsd.h>
+typedef SSIZE_T ssize_t;
+#endif
+#endif
+
+#include <sys/types.h>
+
+#include <stddef.h>
+#include <stdint.h>
+
+#define TLS_API	20200120
+
+#define TLS_PROTOCOL_TLSv1_0	(1 << 1)
+#define TLS_PROTOCOL_TLSv1_1	(1 << 2)
+#define TLS_PROTOCOL_TLSv1_2	(1 << 3)
+#define TLS_PROTOCOL_TLSv1_3	(1 << 4)
+
+#define TLS_PROTOCOL_TLSv1 \
+	(TLS_PROTOCOL_TLSv1_0|TLS_PROTOCOL_TLSv1_1|\
+	 TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3)
+
+#define TLS_PROTOCOLS_ALL TLS_PROTOCOL_TLSv1
+#define TLS_PROTOCOLS_DEFAULT (TLS_PROTOCOL_TLSv1_2|TLS_PROTOCOL_TLSv1_3)
+
+#define TLS_WANT_POLLIN		-2
+#define TLS_WANT_POLLOUT	-3
+
+/* RFC 6960 Section 2.3 */
+#define TLS_OCSP_RESPONSE_SUCCESSFUL		0
+#define TLS_OCSP_RESPONSE_MALFORMED		1
+#define TLS_OCSP_RESPONSE_INTERNALERROR		2
+#define TLS_OCSP_RESPONSE_TRYLATER		3
+#define TLS_OCSP_RESPONSE_SIGREQUIRED		4
+#define TLS_OCSP_RESPONSE_UNAUTHORIZED		5
+
+/* RFC 6960 Section 2.2 */
+#define TLS_OCSP_CERT_GOOD			0
+#define TLS_OCSP_CERT_REVOKED			1
+#define TLS_OCSP_CERT_UNKNOWN			2
+
+/* RFC 5280 Section 5.3.1 */
+#define TLS_CRL_REASON_UNSPECIFIED		0
+#define TLS_CRL_REASON_KEY_COMPROMISE		1
+#define TLS_CRL_REASON_CA_COMPROMISE		2
+#define TLS_CRL_REASON_AFFILIATION_CHANGED	3
+#define TLS_CRL_REASON_SUPERSEDED		4
+#define TLS_CRL_REASON_CESSATION_OF_OPERATION	5
+#define TLS_CRL_REASON_CERTIFICATE_HOLD		6
+#define TLS_CRL_REASON_REMOVE_FROM_CRL		8
+#define TLS_CRL_REASON_PRIVILEGE_WITHDRAWN	9
+#define TLS_CRL_REASON_AA_COMPROMISE		10
+
+#define TLS_MAX_SESSION_ID_LENGTH		32
+#define TLS_TICKET_KEY_SIZE			48
+
+struct tls;
+struct tls_config;
+
+typedef ssize_t (*tls_read_cb)(struct tls *_ctx, void *_buf, size_t _buflen,
+    void *_cb_arg);
+typedef ssize_t (*tls_write_cb)(struct tls *_ctx, const void *_buf,
+    size_t _buflen, void *_cb_arg);
+
+int tls_init(void);
+
+const char *tls_config_error(struct tls_config *_config);
+const char *tls_error(struct tls *_ctx);
+
+struct tls_config *tls_config_new(void);
+void tls_config_free(struct tls_config *_config);
+
+const char *tls_default_ca_cert_file(void);
+
+int tls_config_add_keypair_file(struct tls_config *_config,
+    const char *_cert_file, const char *_key_file);
+int tls_config_add_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
+    size_t _cert_len, const uint8_t *_key, size_t _key_len);
+int tls_config_add_keypair_ocsp_file(struct tls_config *_config,
+    const char *_cert_file, const char *_key_file,
+    const char *_ocsp_staple_file);
+int tls_config_add_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert,
+    size_t _cert_len, const uint8_t *_key, size_t _key_len,
+    const uint8_t *_staple, size_t _staple_len);
+int tls_config_set_alpn(struct tls_config *_config, const char *_alpn);
+int tls_config_set_ca_file(struct tls_config *_config, const char *_ca_file);
+int tls_config_set_ca_path(struct tls_config *_config, const char *_ca_path);
+int tls_config_set_ca_mem(struct tls_config *_config, const uint8_t *_ca,
+    size_t _len);
+int tls_config_set_cert_file(struct tls_config *_config,
+    const char *_cert_file);
+int tls_config_set_cert_mem(struct tls_config *_config, const uint8_t *_cert,
+    size_t _len);
+int tls_config_set_ciphers(struct tls_config *_config, const char *_ciphers);
+int tls_config_set_crl_file(struct tls_config *_config, const char *_crl_file);
+int tls_config_set_crl_mem(struct tls_config *_config, const uint8_t *_crl,
+    size_t _len);
+int tls_config_set_dheparams(struct tls_config *_config, const char *_params);
+int tls_config_set_ecdhecurve(struct tls_config *_config, const char *_curve);
+int tls_config_set_ecdhecurves(struct tls_config *_config, const char *_curves);
+int tls_config_set_key_file(struct tls_config *_config, const char *_key_file);
+int tls_config_set_key_mem(struct tls_config *_config, const uint8_t *_key,
+    size_t _len);
+int tls_config_set_keypair_file(struct tls_config *_config,
+    const char *_cert_file, const char *_key_file);
+int tls_config_set_keypair_mem(struct tls_config *_config, const uint8_t *_cert,
+    size_t _cert_len, const uint8_t *_key, size_t _key_len);
+int tls_config_set_keypair_ocsp_file(struct tls_config *_config,
+    const char *_cert_file, const char *_key_file, const char *_staple_file);
+int tls_config_set_keypair_ocsp_mem(struct tls_config *_config, const uint8_t *_cert,
+    size_t _cert_len, const uint8_t *_key, size_t _key_len,
+    const uint8_t *_staple, size_t staple_len);
+int tls_config_set_ocsp_staple_mem(struct tls_config *_config,
+    const uint8_t *_staple, size_t _len);
+int tls_config_set_ocsp_staple_file(struct tls_config *_config,
+    const char *_staple_file);
+int tls_config_set_protocols(struct tls_config *_config, uint32_t _protocols);
+int tls_config_set_session_fd(struct tls_config *_config, int _session_fd);
+int tls_config_set_verify_depth(struct tls_config *_config, int _verify_depth);
+
+void tls_config_prefer_ciphers_client(struct tls_config *_config);
+void tls_config_prefer_ciphers_server(struct tls_config *_config);
+
+void tls_config_insecure_noverifycert(struct tls_config *_config);
+void tls_config_insecure_noverifyname(struct tls_config *_config);
+void tls_config_insecure_noverifytime(struct tls_config *_config);
+void tls_config_verify(struct tls_config *_config);
+
+void tls_config_ocsp_require_stapling(struct tls_config *_config);
+void tls_config_verify_client(struct tls_config *_config);
+void tls_config_verify_client_optional(struct tls_config *_config);
+
+void tls_config_clear_keys(struct tls_config *_config);
+int tls_config_parse_protocols(uint32_t *_protocols, const char *_protostr);
+
+int tls_config_set_session_id(struct tls_config *_config,
+    const unsigned char *_session_id, size_t _len);
+int tls_config_set_session_lifetime(struct tls_config *_config, int _lifetime);
+int tls_config_add_ticket_key(struct tls_config *_config, uint32_t _keyrev,
+    unsigned char *_key, size_t _keylen);
+
+struct tls *tls_client(void);
+struct tls *tls_server(void);
+int tls_configure(struct tls *_ctx, struct tls_config *_config);
+void tls_reset(struct tls *_ctx);
+void tls_free(struct tls *_ctx);
+
+int tls_accept_fds(struct tls *_ctx, struct tls **_cctx, int _fd_read,
+    int _fd_write);
+int tls_accept_socket(struct tls *_ctx, struct tls **_cctx, int _socket);
+int tls_accept_cbs(struct tls *_ctx, struct tls **_cctx,
+    tls_read_cb _read_cb, tls_write_cb _write_cb, void *_cb_arg);
+int tls_connect(struct tls *_ctx, const char *_host, const char *_port);
+int tls_connect_fds(struct tls *_ctx, int _fd_read, int _fd_write,
+    const char *_servername);
+int tls_connect_servername(struct tls *_ctx, const char *_host,
+    const char *_port, const char *_servername);
+int tls_connect_socket(struct tls *_ctx, int _s, const char *_servername);
+int tls_connect_cbs(struct tls *_ctx, tls_read_cb _read_cb,
+    tls_write_cb _write_cb, void *_cb_arg, const char *_servername);
+int tls_handshake(struct tls *_ctx);
+ssize_t tls_read(struct tls *_ctx, void *_buf, size_t _buflen);
+ssize_t tls_write(struct tls *_ctx, const void *_buf, size_t _buflen);
+int tls_close(struct tls *_ctx);
+
+int tls_peer_cert_provided(struct tls *_ctx);
+int tls_peer_cert_contains_name(struct tls *_ctx, const char *_name);
+
+const char *tls_peer_cert_hash(struct tls *_ctx);
+const char *tls_peer_cert_issuer(struct tls *_ctx);
+const char *tls_peer_cert_subject(struct tls *_ctx);
+time_t	tls_peer_cert_notbefore(struct tls *_ctx);
+time_t	tls_peer_cert_notafter(struct tls *_ctx);
+const uint8_t *tls_peer_cert_chain_pem(struct tls *_ctx, size_t *_len);
+
+const char *tls_conn_alpn_selected(struct tls *_ctx);
+const char *tls_conn_cipher(struct tls *_ctx);
+int tls_conn_cipher_strength(struct tls *_ctx);
+const char *tls_conn_servername(struct tls *_ctx);
+int tls_conn_session_resumed(struct tls *_ctx);
+const char *tls_conn_version(struct tls *_ctx);
+
+uint8_t *tls_load_file(const char *_file, size_t *_len, char *_password);
+void tls_unload_file(uint8_t *_buf, size_t len);
+
+int tls_ocsp_process_response(struct tls *_ctx, const unsigned char *_response,
+    size_t _size);
+int tls_peer_ocsp_cert_status(struct tls *_ctx);
+int tls_peer_ocsp_crl_reason(struct tls *_ctx);
+time_t tls_peer_ocsp_next_update(struct tls *_ctx);
+int tls_peer_ocsp_response_status(struct tls *_ctx);
+const char *tls_peer_ocsp_result(struct tls *_ctx);
+time_t tls_peer_ocsp_revocation_time(struct tls *_ctx);
+time_t tls_peer_ocsp_this_update(struct tls *_ctx);
+const char *tls_peer_ocsp_url(struct tls *_ctx);
+
+#ifdef __cplusplus
+}
+#endif
+
+#endif /* HEADER_TLS_H */