* The feature that stopped alpine from saving passwords in the password

     file prevented users from actually saving their passwords in Windows
     and MAC OS. Fix the code so that passwords will be saved. Also,
     update the documentation of this feature.

   * Fix a buffer overflow bug in the XOAUTH2 code (off by one error).

   * Update PC-Alpine to work with Libressl version 3.0.2 instead of
     version 2.5.5 (update build.bat and lib files from the LibreSSL
     build).

   * Erase SSLXXXXXX file.

   * ssl_nt.c actually directs the code to ssl_libressl.c or ssl_win.c.
     The file ssl_libressl.c is the file ssl_unix.c from the unix osdep
     directory. The file ssl_win.c is the native SSL windows code. The
     Unix side provides S/MIME support for Alpine and the latest
     encryption protocols support for Alpine when connecting to a secure
     server, while the windows side provide TLSv1_3 support for Alpine,
     but not S/MIME support.

     In order to provide unix code for TLSv1_3 (once LibreSSL supports it)
     edit the file os_nt.c and remove the comments on the #ifdef section.
     This would provide both TLSv1_3 and S/MIME support with unix code. On
     the other hand, when we provide TLSv1_3 with the Windows code we need
     to undefine DF_ENCRYPTION_RANGE, and this is done in the file
     include/config.wnt.h. The way this is done as of this moment is by
     commenting an #else directive that preceedes this #undefine.

   * Update makefile.nt and friends in the windows side to account for the
     addition of XOAUTH2, and the use of only ssl_nt.c when dealing with
     Alpine.

   * Define SMIME_SSLCERTS as c:\libressl\ssl\certs, so that these
     certificates be considered while checking a digital S/MIME signature.

   * Improvements to the SMARTTIME24 token to account for changes in year.

1 files changed, 58 insertions, 23 deletions

diff --git a/libressl/include/openssl/bio.h b/libressl/include/openssl/bio.h
index 9a9472c7..9fbf3bce 100644
--- a/libressl/include/openssl/bio.h
+++ b/libressl/include/openssl/bio.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bio.h,v 1.29 2015/06/20 01:17:27 doug Exp $ */
+/* $OpenBSD: bio.h,v 1.45 2018/06/02 04:41:12 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -103,6 +103,12 @@ extern "C" {
 #define BIO_TYPE_FILTER		0x0200
 #define BIO_TYPE_SOURCE_SINK	0x0400
 
+/*
+ * BIO_TYPE_START is the first user-allocated BIO type. No pre-defined type,
+ * flag bits aside, may exceed this value.
+ */
+#define BIO_TYPE_START 128
+
 /* BIO_FILENAME_READ|BIO_CLOSE to open or close on free.
  * BIO_set_fp(in,stdin,BIO_NOCLOSE); */
 #define BIO_NOCLOSE		0x00
@@ -264,6 +270,7 @@ const char * BIO_method_name(const BIO *b);
 int BIO_method_type(const BIO *b);
 
 typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long);
+typedef int BIO_info_cb(BIO *, int, int);
 
 typedef struct bio_method_st {
 	int type;
@@ -279,7 +286,7 @@ typedef struct bio_method_st {
 } BIO_METHOD;
 
 struct bio_st {
-	BIO_METHOD *method;
+	const BIO_METHOD *method;
 	/* bio, mode, argp, argi, argl, ret */
 	long (*callback)(struct bio_st *, int, const char *, int, long, long);
 	char *cb_arg; /* first argument for the callback */
@@ -327,6 +334,27 @@ typedef struct bio_f_buffer_ctx_struct {
 /* Prefix and suffix callback in ASN1 BIO */
 typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
 
+/* BIO_METHOD accessors */
+BIO_METHOD *BIO_meth_new(int type, const char *name);
+void BIO_meth_free(BIO_METHOD *biom);
+int (*BIO_meth_get_write(const BIO_METHOD *biom))(BIO *, const char *, int);
+int BIO_meth_set_write(BIO_METHOD *biom,
+    int (*write)(BIO *, const char *, int));
+int (*BIO_meth_get_read(const BIO_METHOD *biom))(BIO *, char *, int);
+int BIO_meth_set_read(BIO_METHOD *biom, int (*read)(BIO *, char *, int));
+int (*BIO_meth_get_puts(const BIO_METHOD *biom))(BIO *, const char *);
+int BIO_meth_set_puts(BIO_METHOD *biom, int (*puts)(BIO *, const char *));
+int (*BIO_meth_get_gets(const BIO_METHOD *biom))(BIO *, char *, int);
+int BIO_meth_set_gets(BIO_METHOD *biom, int (*gets)(BIO *, char *, int));
+long (*BIO_meth_get_ctrl(const BIO_METHOD *biom))(BIO *, int, long, void *);
+int BIO_meth_set_ctrl(BIO_METHOD *biom, long (*ctrl)(BIO *, int, long, void *));
+int (*BIO_meth_get_create(const BIO_METHOD *biom))(BIO *);
+int BIO_meth_set_create(BIO_METHOD *biom, int (*create)(BIO *));
+int (*BIO_meth_get_destroy(const BIO_METHOD *biom))(BIO *);
+int BIO_meth_set_destroy(BIO_METHOD *biom, int (*destroy)(BIO *));
+long (*BIO_meth_get_callback_ctrl(const BIO_METHOD *biom))(BIO *, int, BIO_info_cb *);
+int BIO_meth_set_callback_ctrl(BIO_METHOD *biom,
+    long (*callback_ctrl)(BIO *, int, BIO_info_cb *));
 
 /* connect BIO stuff */
 #define BIO_CONN_S_BEFORE		1
@@ -474,11 +502,11 @@ typedef int asn1_ps_func(BIO *b, unsigned char **pbuf, int *plen, void *parg);
 #define BIO_get_ssl(b,sslp)	BIO_ctrl(b,BIO_C_GET_SSL,0,(char *)sslp)
 #define BIO_set_ssl_mode(b,client)	BIO_ctrl(b,BIO_C_SSL_MODE,client,NULL)
 #define BIO_set_ssl_renegotiate_bytes(b,num) \
-	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL);
+	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL)
 #define BIO_get_num_renegotiates(b) \
-	BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL);
+	BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL)
 #define BIO_set_ssl_renegotiate_timeout(b,seconds) \
-	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL);
+	BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL)
 
 /* defined in evp.h */
 /* #define BIO_set_md(b,md)	BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */
@@ -568,13 +596,20 @@ int
 BIO_asn1_get_suffix(BIO *b, asn1_ps_func **psuffix,
 asn1_ps_func **psuffix_free);
 
-BIO_METHOD *BIO_s_file(void );
+int BIO_get_new_index(void);
+const BIO_METHOD *BIO_s_file(void);
 BIO *BIO_new_file(const char *filename, const char *mode);
 BIO *BIO_new_fp(FILE *stream, int close_flag);
 # define BIO_s_file_internal	BIO_s_file
-BIO *	BIO_new(BIO_METHOD *type);
-int	BIO_set(BIO *a, BIO_METHOD *type);
+BIO	*BIO_new(const BIO_METHOD *type);
+int	BIO_set(BIO *a, const BIO_METHOD *type);
 int	BIO_free(BIO *a);
+int	BIO_up_ref(BIO *bio);
+void 	*BIO_get_data(BIO *a);
+void 	BIO_set_data(BIO *a, void *ptr);
+void 	BIO_set_init(BIO *a, int init);
+int	BIO_get_shutdown(BIO *a);
+void	BIO_set_shutdown(BIO *a, int shut);
 void	BIO_vfree(BIO *a);
 int	BIO_read(BIO *b, void *data, int len)
 		__attribute__((__bounded__(__buffer__,2,3)));
@@ -606,20 +641,20 @@ int BIO_nwrite(BIO *bio, char **buf, int num);
 long BIO_debug_callback(BIO *bio, int cmd, const char *argp, int argi,
     long argl, long ret);
 
-BIO_METHOD *BIO_s_mem(void);
-BIO *BIO_new_mem_buf(void *buf, int len);
-BIO_METHOD *BIO_s_socket(void);
-BIO_METHOD *BIO_s_connect(void);
-BIO_METHOD *BIO_s_accept(void);
-BIO_METHOD *BIO_s_fd(void);
-BIO_METHOD *BIO_s_log(void);
-BIO_METHOD *BIO_s_bio(void);
-BIO_METHOD *BIO_s_null(void);
-BIO_METHOD *BIO_f_null(void);
-BIO_METHOD *BIO_f_buffer(void);
-BIO_METHOD *BIO_f_nbio_test(void);
+const BIO_METHOD *BIO_s_mem(void);
+BIO *BIO_new_mem_buf(const void *buf, int len);
+const BIO_METHOD *BIO_s_socket(void);
+const BIO_METHOD *BIO_s_connect(void);
+const BIO_METHOD *BIO_s_accept(void);
+const BIO_METHOD *BIO_s_fd(void);
+const BIO_METHOD *BIO_s_log(void);
+const BIO_METHOD *BIO_s_bio(void);
+const BIO_METHOD *BIO_s_null(void);
+const BIO_METHOD *BIO_f_null(void);
+const BIO_METHOD *BIO_f_buffer(void);
+const BIO_METHOD *BIO_f_nbio_test(void);
 #ifndef OPENSSL_NO_DGRAM
-BIO_METHOD *BIO_s_datagram(void);
+const BIO_METHOD *BIO_s_datagram(void);
 #endif
 
 /* BIO_METHOD *BIO_f_ber(void); */
@@ -663,8 +698,8 @@ int BIO_set_tcp_ndelay(int sock, int turn_on);
 BIO *BIO_new_socket(int sock, int close_flag);
 BIO *BIO_new_dgram(int fd, int close_flag);
 BIO *BIO_new_fd(int fd, int close_flag);
-BIO *BIO_new_connect(char *host_port);
-BIO *BIO_new_accept(char *host_port);
+BIO *BIO_new_connect(const char *host_port);
+BIO *BIO_new_accept(const char *host_port);
 
 int
 BIO_new_bio_pair(BIO **bio1, size_t writebuf1,